bugtraq 2002/12
By Subject
301 messages sorted by:
[ author ]
[ date ]
[ thread ]
Other mail archives
Starting: Mon Dec 02 2002 - 07:51:58 PST
Ending: Mon Feb 03 2003 - 15:58:27 PST
- 'printenv' XSS vulnerability
- (MSIE)A rather old trick for web server is now played on MSIE.
- [CLA-2002:551] Conectiva Linux Security Announcement - pine
- [CLA-2002:552] Conectiva Linux Security Announcement - wget
- [CLA-2002:553] Conectiva Linux Security Announcement - kernel 2.4
- [CLA-2002:554] Conectiva Linux Security Announcement - fetchmail
- [CLA-2002:555] Conectiva Linux Security Announcement - MySQL
- [CLA-2002:556] Conectiva Linux Security Announcement - openldap
- [CLA-2002:557] Conectiva Linux Security Announcement - cyrus-imapd
- [ESA-20021213-033] Several MySQL vulnerabilities.
- [Fix] Openwebmail 1.71 remote root compromise
- [Full-Disclosure] [ESA-20021213-033] Several MySQL vulnerabilities.
- [Full-Disclosure] [RAZOR] Problems with mkstemp()
- [Full-Disclosure] [RHSA-2002:196-19] Updated xinetd packages fix denial of service vulnerability
- [Full-Disclosure] [RHSA-2002:220-40] Updated KDE packages fix security issues
- [Full-Disclosure] [RHSA-2002:222-21] Updated apache, httpd, and mod_ssl packages available
- [Full-Disclosure] [RHSA-2002:228-11] Updated Net-SNMP packages fix security and other bugs
- [Full-Disclosure] [RHSA-2002:229-10] Updated wget packages fix directory traversal bug
- [Full-Disclosure] [RHSA-2002:246-18] Updated Canna packages fix vulnerabilities
- [Full-Disclosure] [RHSA-2002:254-05] Updated Webalizer packages fix vulnerability
- [Full-Disclosure] [RHSA-2002:293-09] Updated Fetchmail packages fix security vulnerability
- [Full-Disclosure] [VulnWatch] Advisory 04/2002: Multiple MySQL vulnerabilities
- [Full-Disclosure] [VulnWatch] Advisory 05/2002: Another Fetchmail Remote Vulnerability
- [Full-Disclosure] Advisory 04/2002: Multiple MySQL vulnerabilities
- [Full-Disclosure] Advisory 05/2002: Another Fetchmail Remote Vulnerability
- [Full-Disclosure] BIND Name Server DNS Spoofing Vulnerability on IRIX
- [Full-Disclosure] Buffer Overflow Vulnerability in X Font Server on IRIX
- [Full-Disclosure] Captaris (Infinite) WebMail XSS
- [Full-Disclosure] Directory Traversal Vulnerability in FTP Client on IRIX
- [Full-Disclosure] iDefense Security Advisory
- [Full-Disclosure] Matlab /tmp usage
- [Full-Disclosure] Multiple Vulnerabilities in BIND Name Service Daemon on IRIX
- [Full-Disclosure] Netscape Problems.
- [Full-Disclosure] Password Disclosure in Cryptainer
- [Full-Disclosure] PHP-Nuke code execution and XSS vulnerabilities
- [Full-Disclosure] PHP-Nuke mail CRLF Injection vulnerabilities
- [Full-Disclosure] Potential DOS attack with Web-CyrAdm.
- [Full-Disclosure] RAZOR advisory: Linux 2.2.xx /proc/<pid>/mem mmap() vulnerability
- [Full-Disclosure] Samba Security Vulnerability on IRIX
- [Full-Disclosure] SAP database local root via symlink
- [Full-Disclosure] Security Industry Under Scrutiny: Part 3
- [Full-Disclosure] Security Update: [CSSA-2002-054.0] Linux: exploitable memory leak in ypserv
- [Full-Disclosure] Security Update: [CSSA-2002-055.0] Linux: RPC XDR buffer overflow
- [Full-Disclosure] Security Update: [CSSA-2002-056.0] Linux: apache vulnerabilities in shared memory, DNS, and ApacheBench
- [Full-Disclosure] Security Update: [CSSA-2002-057.0] Linux: groff pic buffer overflow
- [Full-Disclosure] Security Update: [CSSA-2002-058.0] Linux: buffer overflow in nss_ldap DNS SRV
- [Full-Disclosure] Security Update: [CSSA-2002-059.0] Linux: multiple vulnerabilities in BIND (CERT CA-2002-31)
- [Full-Disclosure] Security Update: [CSSA-2002-SCO.43] UnixWare 7.1.1 Open UNIX 8.0.0 : closed file descriptor race vulnerability
- [Full-Disclosure] Security Update: [CSSA-2002-SCO.44] UnixWare 7.1.1 Open UNIX 8.0.0 : uudecode performs inadequate checks on user-specified output files
- [Full-Disclosure] ShopFactory shopping cart price manipulation
- [Fwd: [RHSA-2002:196-09] Updated xinetd packages fix denial of service vulnerability]
- [IPS] PUTTY SSH-Client Exploit
- [OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql)
- [OpenPKG-SA-2002.014] OpenPKG Security Advisory (perl)
- [OpenPKG-SA-2002.015] OpenPKG Security Advisory (tetex)
- [OpenPKG-SA-2002.016] OpenPKG Security Advisory (fetchmail)
- [RAZOR] Problems with mkstemp()
- [SECURITY] [DSA 192-2] New html2ps packages correct fix against arbitrary code execution
- [SECURITY] [DSA 201-1] New Free/SWan packages fix denial of service
- [SECURITY] [DSA 202-1] New IM packages fix insecure temporary file creation
- [SECURITY] [DSA 202-2] New IM packages correct hidden architecture dependency
- [SECURITY] [DSA 203-1] New smb2www packages fix arbitrary command execution
- [SECURITY] [DSA 204-1] New kdlibs packages fix arbitrary program execution
- [SECURITY] [DSA 207-1] New tetex-lib packages fix arbitrary command execution
- [SECURITY] [DSA 208-1] New Perl packages correct Safe handling
- [SECURITY] [DSA 211-1] New mICQ packages fix denial of service
- [SECURITY] [DSA 213-1] New libpng packages fix buffer overflow
- [SECURITY] [DSA 214-1] New kdentwork packages fix buffer overflows
- [SECURITY] [DSA 215-1] New cyrus-imapd packages fix remote command execution
- [SECURITY] [DSA 216-1] New fetchmail packages fix buffer overflow
- [SECURITY] [DSA 217-1] New typespeed packages fix buffer overflow
- [SECURITY] [DSA 218-1] New bugzilla packages fix cross site scripting problem
- [SECURITY] [DSA 219-1] New dhcpcd packages fix remote command execution vulnerability
- [SECURITY] [DSA-205-1] gtetrinet buffer overflows
- [SECURITY] [DSA-206-1] tcpdump BGP decoding error
- [SECURITY] [DSA-209-1] two wget problems
- [SECURITY] [DSA-210-1] lynx CRLF injection
- [SECURITY] [DSA-212-1] Multiple MySQL vulnerabilities
- [securitydigest.org]: Changes for December 2002
- [SecurityOffice] Enceladus Server Suite v3.9 Buffer Overflow Vulnerability
- [SecurityOffice] Polycom Video Conference System Management Server Authentication Bypass Vulnerability
- [SNS Advisory No.60 rev.2] Windows XP Disclosure of Registered AP Information
- [VU#317417] Denial of Service condition in vxworks ftpd/3com nbx
- [VulnWatch] [RAZOR] Problems with mkstemp()
- [VulnWatch] Advisory 04/2002: Multiple MySQL vulnerabilities
- [VulnWatch] Advisory 05/2002: Another Fetchmail Remote Vulnerability
- [VulnWatch] gfxboot allows boot password circumvention, SuSE 8.1 GRUB
- [VulnWatch] Leafnode security announcement SA:2002:01
- [VulnWatch] Password Disclosure in Cryptainer
- [VulnWatch] PFinger 0.7.8 format string vulnerability (#NISR16122002B)
- [VulnWatch] PHP-Nuke code execution and XSS vulnerabilities
- [VulnWatch] PHP-Nuke mail CRLF Injection vulnerabilities
- [VulnWatch] Potential DOS attack with Web-CyrAdm.
- [VulnWatch] proftpd <=1.2.7rc3 DoS
- [VulnWatch] RAZOR advisory: Linux 2.2.xx /proc/<pid>/mem mmap() vulnerability
- [VulnWatch] RealNetworks HELIX Server Buffer Overflow Vulnerabilities (#NISR20122002)
- [VulnWatch] Security Paper: Session Fixation Vulnerability in Web-based Applications
- [VulnWatch] zkfingerd 0.9.1 format string vulnerabilities (#NISR16122002A)
- adelphia vulnerability within subnets
- Advisory Title: iASP Remote Console Applet Allows Remote
- Advisory: Lawson Financials RDBMS Insecurity
- Advisory: Webster HTTP Server
- Antwort: Openwebmail 1.71 remote root compromise
- Anyone can read all XOOPS private messages
- APBoard-Bug
- BDT_AV200212140001: Insecure default: Using pam_xauth for su from sh-utils package
- Buffalo AP Denial of Service)
- Buffer overflow in PHP "wordwrap" function
- Bypassing Integrity Protection Driver (time vulnerability)
- Captaris (Infinite) WebMail XSS
- CERT Advisory CA-2002-34 Buffer Overflow in Solaris X Window Font Service
- CERT Advisory CA-2002-35 Vulnerability in RaQ 4 Servers (fwd)
- Cisco IOS EIGRP Network DoS
- Cisco Security Advisory: Cisco Security Advisory: SSH Malformed Packet Vulnerabilities
- Cisco Security Advisory: OSM Line Card Header Corruption Vulnerability
- CITIBANK [CANADA]: INTERNET EXPLORER BROWSERS
- Cobalt RaQ4 Remote root exploit
- CORE-20021005: Vulnerability Report For Linksys Devices
- Cross-site scripting vulnerability in CF 5.0
- Cross-site Scripting Vulnerability in phpBB 2.0.3
- Cross-site Scripting Vulnerability in YaBB 1 Gold - SP1!
- Cyrus SASL library buffer overflows
- Cyrus Sieve / libSieve buffer overflow
- Denial of Service vulnerability in VisNetic Website
- Directory Traversal Vulnerabilities in FTP Clients
- Directory traversal vulnerabilities in several archivers processing .tar
- Directory traversing bug in 'myServer' webserver.
- Enceladus Server Suite traversal directory vulnerability
- Eserv remote denial of service
- Exploit for traceroute-nanog overflow
- export LD_LIBRARY_PATH in /etc/profile.d/* files
- Foundstone Research Labs Advisory - Exploitable Windows XP Media Files (fwd)
- Foundstone Research Labs Advisory - Multiple Exploitable Buff er Overflows in Winamp (fwd)
- Foundstone Research Labs Advisory - Multiple Exploitable Buffer Overflows in Winamp (fwd)
- Full-Disclosure digest, Vol 1 #433 - 4 msgs
- Fwd: CERT Advisory CA-2002-36 Multiple Vulnerabilities in SSH Implementations
- Gallery v1.3.2 allows remote exploit (fixed in 1.3.3)
- gfxboot allows boot password circumvention, SuSE 8.1 GRUB
- GLSA: canna
- GLSA: cups
- GLSA: cyrus-sasl
- GLSA: exim
- GLSA: fetchmail
- GLSA: kde-3.0.x
- GLSA: mysql
- GLSA: openldap
- GLSA: perl
- GLSA: pine
- GLSA: squirrelmail
- GLSA: wget
- Historic blackhat archives exposed
- Hyperion FTP Server buffer overflow
- iDefense (Immunity Sec) Advisory
- iDefense Security Advisory
- iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
- iDEFENSE Security Advisory 12.23.02: Integer Overflow in pdftops
- Input Validation Error in vbulletin 2.2.x
- junkbuster 2.0-1 proxy relaying spam
- KDE Security Advisory: Multiple vulnerabilities in KDE
- Kerberos login sniffer and cracker for Windows 2000/XP
- KunaniFTP-Server v.1.0.10 allows dictionary traversal
- Leafnode security announcement SA:2002:01
- Local Netfilter / IPTables IP Queue PID Wrap Flaw
- Local root vulnerability found in exim 4.x (and 3.x)
- Macromedia Shockwave Flash Malformed Header Overflow #2
- Matlab /tmp usage
- MDKSA-2002:068-1 - Updated apache packages fix multiple vulnerabilities
- MDKSA-2002:082-1 - Updated python packages fix local arbitrary code execution vulnerability
- MDKSA-2002:084 - Updated pine packages fix buffer overflow vulnerability
- MDKSA-2002:085 - Updated WindowMaker packages fix buffer overflow vulnerability
- MDKSA-2002:086 - Updated wget packages fix directory traversal vulnerability
- MDKSA-2002:087 - Updated MySQL packages fix multiple vulnerabilities
- Missing admin sql password in Okena StormWatch
- MTPSR1-120 Firewall Proxy configuration software
- Multiple Mambo Site Server sec-weaknesses
- Multiple pServ Remote Buffer Overflow Vulnerabilities
- Multiple vendors XML parser (and SOAP/WebServices server) Den ial of Service attack using DTD
- Multiple vendors XML parser (and SOAP/WebServices server) Denial of Service attack using DTD
- Multiple vulnerabilities found in PlatinumFTPserver V1.0.6
- Multiple vulnerabilities in akfingerd
- Multiple vulnerability in Enceladus Server
- MyPHPLinks (PHP) : SQL Injection
- nCipher Advisory #6: Access control defects in PKCS#11 keys
- Notes on MS02-068, extensive downplaying of severity
- Openwebmail 1.71 remote root compromise
- Password Disclosure in Cryptainer
- Password Hole Found In Webshots
- Password Hole Found In Webshots - (Webshots Confirmed)
- PEEL (PHP)
- PFinger 0.7.8 format string vulnerability (#NISR16122002B)
- PHP-Nuke 6.0 : Path Disclosure & Cross Site Scripting
- PHP-Nuke code execution and XSS vulnerabilities
- PHP-Nuke mail CRLF Injection vulnerabilities
- PHPNuke 6.0 path disclosure [again]
- PHRACK #60 HAS BEEN RELEASED
- PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability
- Poisonous Style for Dialog window turns the zone off.
- Potential DOS attack with Web-CyrAdm.
- pre-login buffer overflow in Cyrus IMAP server
- proftpd <=1.2.7rc3 DoS
- Proxy vulnerability in TrendMicro InterScan-VirusWall V3.6
- Proxy vulnerability in TrendMicro InterScan-VirusWall V3.6 - and 3.7 Build 1190
- R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors
- RAZOR advisory: Linux 2.2.xx /proc/<pid>/mem mmap() vulnerability
- RealNetworks HELIX Server Buffer Overflow Vulnerabilities (#NISR20122002)
- Remote multiple vulnerability in apt-www-proxy.
- SAP database local root via symlink
- Security Paper: Session Fixation Vulnerability in Web-based Applications
- Security Patchs for PHP Products
- Security Update: [CSSA-2002-054.0] Linux: exploitable memory leak in ypserv
- Security Update: [CSSA-2002-055.0] Linux: RPC XDR buffer overflow
- Security Update: [CSSA-2002-056.0] Linux: apache vulnerabilities in shared memory, DNS, and ApacheBench
- Security Update: [CSSA-2002-057.0] Linux: groff pic buffer overflow
- Security Update: [CSSA-2002-058.0] Linux: buffer overflow in nss_ldap DNS SRV
- Security Update: [CSSA-2002-059.0] Linux: multiple vulnerabilities in BIND (CERT CA-2002-31)
- Security Update: [CSSA-2002-SCO.43] UnixWare 7.1.1 Open UNIX 8.0.0 : closed file descriptor race vulnerability
- Security Update: [CSSA-2002-SCO.44] UnixWare 7.1.1 Open UNIX 8.0.0 : uudecode performs inadequate checks on user-specified output files
- SECURITY.NNOV: more Ikonboard 3.1.1 crossite scriptings
- ShopFactory shopping cart price manipulation
- Solaris priocntl exploit
- Solaris priocntl exploit - Sol8 patches available
- SPGpartenaires (PHP)
- SQL Injection Solved
- SquirrelMail v1.2.9 XSS bugs
- SuSE Security Announcement: cyrus-imapd (SuSE-SA:2002:048)
- SuSE Security Announcement: OpenLDAP2 (SuSE-SA:2002:047)
- Sygate Personal Firewall can be shut down without a need to s upply a password - although one is required
- Sygate Personal Firewall can be shut down without a need to suppl y
- Sygate Personal Firewall can be shut down without a need to supply
- Sygate Personal Firewall can be shut down without a need to supply a password - although one is required
- Telindus 112x ADSL Router - Weak Password Encryption
- TFTP32 DOS
- Thatware (PHP)
- TSLSA-2002-0083 - kernel
- TSLSA-2002-0084 - tcpdump
- TSLSA-2002-0085 - lynx-ssl
- TSLSA-2002-0086 - mysql
- TSLSA-2002-0087 - perl
- TSLSA-2002-0089 - wget
- Unchecked buffer in PC-cillin
- Updated "Secure Programming for Linux and Unix HOWTO" now available.
- VisNetic WebSite XSS vulnerability through HTTP referer header
- Visual SourceSafe - Preliminary Observations
- WAnewsletter (PHP)
- Web server vulnerability in Axis Network Cameras, Video Servers and DVRs
- WebReflex Directory Traversal Vulnerability
- Windows File Protection Arbitrary Certificate Chain Vulnerability
- Windows File Protection Old Security Catalog Vulnerability
- Windows XP Disclosure of Registered AP Information
- Wired.com: So Many Holes, So Few Hacks
- XSS and Path Disclosure in UPB
- XSS and PHP include bug in W-Agora
- XSS flaw found at "https://www.e-gold.com"
- Zeroo Webserver remote directory traversal exploit
- Zeus Admin Server v4.1r2 index.fcgi XSS bug
- zkfingerd 0.9.1 format string vulnerabilities (#NISR16122002A)
- zkfingerd remote exploit
Last message date: Mon Feb 03 2003 - 15:58:27 PST
Archived on: Mon Feb 03 2003 - 15:58:29 PST
301 messages sorted by:
[ author ]
[ date ]
[ thread ]
Other mail archives
This archive was generated by hypermail 2b30
: Mon Feb 03 2003 - 15:58:29 PST