bugtraq 2003/02
By Subject
385 messages sorted by:
[ author ]
[ date ]
[ thread ]
Other mail archives
Starting: Fri Jan 31 2003 - 23:44:22 PST
Ending: Sun Mar 02 2003 - 14:15:55 PST
- ./makeunicode2.py release announcement
- /usr/bin/enq and /usr/bin/X11/aixterm exploit in AIX
- @stake Advisory: MacOS X TruBlueEnvironment Privilege Escalation Attack
- [argv] BitchX-353 Vulnerability
- [CLA-2003:567] Conectiva Linux Security Announcement - mcrypt
- [CLA-2003:568] Conectiva Linux Security Announcement - mozilla
- [CLA-2003:569] Conectiva Linux Security Announcement - kde
- [CLA-2003:570] Conectiva Linux Security Announcement - openssl
- [ESA-20030219-003] Several PHP vulnerabilities
- [ESA-20030220-004] MySQL double free vulnerability
- [ESA-20030220-005] OpenSSL timing-based attack vulnerability
- [ESA-20030225-006] WebTool session ID spoofing vulnerability.
- [Full-Disclosure] [ESA-20030219-003] Several PHP vulnerabilities
- [Full-Disclosure] [ESA-20030220-004] MySQL double free vulnerability
- [Full-Disclosure] [ESA-20030220-005] OpenSSL timing-based attack vulnerability
- [Full-Disclosure] [ESA-20030225-006] WebTool session ID spoofing vulnerability.
- [Full-Disclosure] [RHSA-2003:015-05] Updated fileutils package fixes race condition in recursive operations
- [Full-Disclosure] [RHSA-2003:017-06] Updated PHP packages available
- [Full-Disclosure] [RHSA-2003:025-20] Updated 2.4 kernel fixes various vulnerabilities
- [Full-Disclosure] [RHSA-2003:029-06] Updated lynx packages fix CRLF injection vulnerability
- [Full-Disclosure] [RHSA-2003:035-10] Updated PAM packages fix bug in pam_xauth module
- [Full-Disclosure] [RHSA-2003:037-09] Updated Xpdf packages fix security vulnerability
- [Full-Disclosure] [RHSA-2003:040-07] Updated openldap packages available
- [Full-Disclosure] [RHSA-2003:041-12] Updated VNC packages fix replay and cookie vulnerabilities
- [Full-Disclosure] [RHSA-2003:043-12] Updated WindowMaker packages fix vulnerability in theme-loading
- [Full-Disclosure] [RHSA-2003:044-20] Updated w3m packages fix cross-site scripting issues
- [Full-Disclosure] [RHSA-2003:053-10] Updated vte packages fix gnome-terminal vulnerability
- [Full-Disclosure] [RHSA-2003:056-08] Updated kernel-utils packages fix setuid vulnerability
- [Full-Disclosure] [RHSA-2003:057-06] Updated shadow-utils packages fix exposure
- [Full-Disclosure] AbsoluteTelnet 2.00 buffer overflow.
- [Full-Disclosure] Buffer Overrun Vulnerability in /sbin/ps on IRIX
- [Full-Disclosure] clarkconnect(d) information disclosure
- [Full-Disclosure] Exploit for CVS double free() for Linux pserver
- [Full-Disclosure] f-prot antivirus useless buffer overflow
- [Full-Disclosure] GOnicus System Administrator php injection
- [Full-Disclosure] IRIX IP denial-of-service fixes and tunings
- [Full-Disclosure] locator exploit
- [Full-Disclosure] moxftp arbitrary code execution poc/advisory
- [Full-Disclosure] multiple vulnerabilities in glftpd
- [Full-Disclosure] Rogue buffer overflow
- [Full-Disclosure] Security Update: [CSSA-2003-007.0] Linux: Apache mod_dav module format string vulnerability
- [Full-Disclosure] sircd proof-of-concept / advisory
- [Full-Disclosure] Terminal Emulator Security Issues
- [Full-Disclosure] Unreal engine: results of my research
- [Full-Disclosure] web-erp 0.1.4 database access vulnerability
- [LSD] Codes for Java and JVM security vulnerabilities
- [LSD] Win32 assembly components
- [OpenPKG-SA-2003.009] OpenPKG Security Advisory (w3m)
- [OpenPKG-SA-2003.010] OpenPKG Security Advisory (php)
- [OpenPKG-SA-2003.011] OpenPKG Security Advisory (lynx)
- [OpenPKG-SA-2003.012] OpenPKG Security Advisory (dhcpd)
- [OpenPKG-SA-2003.013] OpenPKG Security Advisory (openssl)
- [saag] Of potential interest -- Citibank tries to gag crypto bug disclosure (fwd)
- [SCSA-006] XSS & Function Execution Vulnerabilities in Nuked-Klan
- [SCSA-007] Cross Site Scripting Vulnerabilities in WWWBoard
- [SECURITY] [DSA 232-2] New CUPS packages fix wrong libPNG dependency
- [SECURITY] [DSA 249-1] New w3mmee packages fix cookie information leak
- [SECURITY] [DSA 250-1] New w3mmee-ssl packages fix cookie information leak
- [SECURITY] [DSA 251-1] New w3m packages fix cookie information leak
- [SECURITY] [DSA 252-1] New slocate packages fix local root exploit
- [SECURITY] [DSA 253-1] New OpenSSL packages fix timing-based attack vulnerability
- [SECURITY] [DSA 254-1] New NANOG traceroute packages fix buffer overflow
- [SECURITY] [DSA 255-1] New tcpdump packages fix denial of service vulnerability
- [SECURITY] [DSA 256-1] New mhc-utils packages fix predictable temporary file
- [SNS Advisory No.61] Symantec Norton AntiVirus 2002 Buffer Overflow Vulnerability
- [SNS Advisory No.62] Webmin/Usermin Session ID Spoofing Vulnerability "Episode 2"
- [sorcerer-spells] ZLIB-SORCERER2003-02-25
- [VSA0307] Battlefield 1942 remote DoS
- [VSA0308] Half-Life AMX-Mod remote (root) hole
- [VulnWatch] Buffer OverFlow in SQLBase 8.1.0 - NII Advisory
- [VulnWatch] D-Forum (PHP)
- [VulnWatch] Domino Advisories UPDATE
- [VulnWatch] DotBr (PHP)
- [VulnWatch] Invision Power Board (PHP)
- [VulnWatch] ISMAIL (All Versions) Remote Buffer Overrun
- [VulnWatch] Java-Applet crashes Opera 6.05 and 7.01
- [VulnWatch] Kietu ( PHP )
- [VulnWatch] Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (#NISR17022003a)
- [VulnWatch] Lotus Domino Web Server iNotes Overflow (#NISR17022003b)
- [VulnWatch] Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c)
- [VulnWatch] More Lotus Domino Advisories
- [VulnWatch] MS-Windows ME IE/Outlook/HelpCenter critical vulnerability
- [VulnWatch] Myguestbook (PHP)
- [VulnWatch] myphpPagetool (php)
- [VulnWatch] Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)
- [VulnWatch] Oracle TO_TIMESTAMP_TZ Remote System Buffer Overrun (#NISR16022003b)
- [VulnWatch] Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)
- [VulnWatch] Oracle unauthenticated remote system compromise (#NISR16022003a)
- [VulnWatch] Oracle9i Application Server Format String Vulnerability (#NISR16022003d)
- [VulnWatch] php-Board (php)
- [VulnWatch] phpMyShop (php)
- [VulnWatch] Rogue buffer overflow
- [VulnWatch] Security bug in CGI::Lite::escape_dangerous_chars() function
- [VulnWatch] Terminal Emulator Security Issues
- [VulnWatch] Unreal engine: results of my research
- [VulnWatch] WihPhoto (PHP)
- AbsoluteTelnet 2.00 buffer overflow.
- Abyss WebServer Brute Force Vulnerability
- Announce: Browser Security Test Released
- ASA-0001: OpenBSD chpass/chfn/chsh file content leak
- Astaro Security Linux Firewall - HTTP Proxy vulnerability
- axis2400 webcams
- Bladeenc 0.94.2 code execution
- Buffer OverFlow in SQLBase 8.1.0 - NII Advisory
- buffer overrun
- buffer overrun in zlib 1.1.4
- Bug in Netgear FM114P Wireless Router firmware
- Bypassing Personal Firewalls
- Call For Papers Announcement: Black Hat Briefings Amsterdam
- Cedric Email Reader (PHP)
- Cisco IOS OSPF exploit
- Cisco Security Advisory: Multiple Product Vulnerabilities found by PROTOS SIP Test Suite
- clarkconnect(d) information disclosure
- Code Red Revisited and Stack-Based Exception Handler Frame Bug
- CodeCon Registration Deadline Approaching
- Cross Site Scripting Advisory.
- CSSA-2003-007.0 Advisory withdrawn.
- CuteFTP 5.0 XP, Buffer Overflow
- D-Forum (PHP)
- Denial of service against Kazaa Media Desktop v2
- Domestic Security Enhancement Act of 2003
- Domino Advisories UPDATE
- DoS against DHCP infrastructure with isc dhcrelay
- DotBr (PHP)
- dynamic and static code injection as well as population concept
- Ecardis Password Reseting Vulnerability
- Eggdrop arbitrary connection vulnerability
- eject 2.0.10 vulnerability
- Epic Games threatens to sue security researchers
- Ericsson HM220dp ADSL modem Insecure Web Administration Vulne rability
- Ericsson HM220dp ADSL modem Insecure Web Administration Vulnerability
- exploit for Cpanel 5 remote command execution.
- Exploit for CVS double free() for Linux pserver
- Field Notice - IOS Accepts ICMP Redirects in Non-default Configuration Settings
- Followup: breakpoint the stack buffer overflow from executing maliciouscode like SQL Slammer worm
- FreeBSD Security Advisory FreeBSD-SA-03:01.cvs
- FreeBSD Security Advisory FreeBSD-SA-03:03.syncookies
- ftp.exe anf tftp.exe buffer overflows
- FW-1 NG FP3 Bug - Data flow problem when transferring large files
- Fwd: CERT Advisory CA-2003-05 Multiple Vulnerabilities in Oracle Servers
- Gallery 1.3.3
- Getting stored passwords in plain text from CheetaChat
- GLSA: (200302-12)
- GLSA: apcupsd (200302-13)
- GLSA: bitchx (200302-11)
- GLSA: bladeenc
- GLSA: Mail-SpamAssasin
- GLSA: mailman
- GLSA: mod_php (200302-09.1)
- GLSA: mod_php php
- GLSA: nethack
- GLSA: openssl (200302-10)
- GLSA: qt-dcgui
- GLSA: slocate
- GLSA: syslinux
- GLSA: tightvnc (200302-15)
- GLSA: usermin (200302-14)
- GLSA: vnc (200302-16)
- GLSA: w3m
- GOnicus System Administrator php injection
- HPUX disable buffer overflow vulnerability
- HPUX Wall Buffer Overflow
- iDEFENSE Security Advisory 02.10.03: Buffer Overflow In NOD32 Antivirus Software for Unix
- iDEFENSE Security Advisory 02.12.03: Buffer Overflow in AIX libIM.a
- iDEFENSE Security Advisory 02.27.03: TCPDUMP Denial of Service Vulnerability in ISAKMP Packet Parsing
- IndyNews - PhpNuke module: several problems
- internet explorer local file reading
- Invision Power Board (PHP)
- ISMAIL (All Versions) Remote Buffer Overrun
- Java-Applet crashes Opera 6.05 and 7.01
- JRun: The Easiness of Session Fixation
- Kietu ( PHP )
- libIM.a buffer overflow vulnerability
- locator exploit
- login_ldap security announcement
- Lotus Domino DOT Bug Allows for Source Code Viewing
- Lotus Domino Web Server Host/Location Buffer Overflow Vulnerability (#NISR17022003a)
- Lotus Domino Web Server iNotes Overflow (#NISR17022003b)
- Lotus iNotes Client ActiveX Control Buffer Overrun (#NISR17022003c)
- Majordomo info leakage, all versions
- Mambo SiteServer exploit gains administrative privileges
- Mandrake 9.0 local root exploit
- Master Servers: yet another DDoS...
- MDKSA-2002:062-1 - Updated postgresql packages fix various buffer overflows
- MDKSA-2003:012 - Updated vim packages fix arbitrary command execution vulnerability
- MDKSA-2003:013 - Updated MySQL packages fix DoS vulnerability
- MDKSA-2003:014 - Updated kernel packages fix a number of bugs
- MDKSA-2003:015 - Updated slocate packages fix buffer overflow
- MDKSA-2003:016 - Updated util-linux packages provide stronger randomness in mcookie
- MDKSA-2003:017 - Updated pam packages fix root authorization handling in pam_xauth module
- MDKSA-2003:018 - Updated apcupsd packages fix buffer overflow and remove vulnerability
- MDKSA-2003:019 - Updated php packages fix buffer overflow vulnerability
- MDKSA-2003:020 - Updated openssl packages fix timing-based attack vulnerability
- MDKSA-2003:021 - Updated krb5 packages fix vulnerability in FTP client
- MDKSA-2003:022 - Updated vnc packages fix cookie vulnerability
- MDKSA-2003:023 - Updated lynx packages fix CRLF injection vulnerability
- MDKSA-2003:025 - Updated webmin packages fix session ID spoofing vulnerability
- MDKSA-2003:026 - Updated shadow-utils packages fix improper mailspool ownership
- Microsoft Security Bulletin MS03-005: Unchecked Buffer in Windows Redirector Could Allow Privilege Elevation (810577)
- moxftp arbitrary code execution poc/advisory
- MS-Windows ME IE/Outlook/HelpCenter critical vulnerability
- MSDE contained in...
- Multiple Vendor FTP pipe Vulnerability
- multiple vulnerabilities in glftpd
- Myguestbook (PHP)
- myphpnuke xss
- myphpPagetool (php)
- nCipher Advisory #7: Unexpected copies of imported software keys
- Nessus 2.0 is out
- NetPBM, multiple vulnerabilities
- Netscape 6/7 crashes by a simple stylesheet...
- Netscape Communicator 4.x sensitive informations in configuration file
- New freeware tools available from WebCohort
- New version of ike-scan (IPsec IKE scanner) available - v1.1
- Nokia 6210 DoS SMS Issue
- NSPW 2003 Call For Papers
- O UT LO OK E XPRE SS 6 .00 : broken
- Observation on randomization/rebiasing...
- OpenSSL 0.9.7a and 0.9.6i released
- Opera Images (GM#004-OP)
- Opera Username Buffer Overflow Vulnerability
- Opera's Security Model is Highly Vulnerable (GM#002-OP)
- Opera: What's Next (GM#005-OP)
- Oracle bfilename function buffer overflow vulnerability (#NISR16022003e)
- Oracle TO_TIMESTAMP_TZ Remote System Buffer Overrun (#NISR16022003b)
- Oracle TZ_OFFSET Remote System Buffer Overrun (#NISR16022003c)
- Oracle unauthenticated remote system compromise (#NISR16022003a)
- Oracle9i Application Server Format String Vulnerability (#NISR16022003d)
- Perl2Exe EXEs Can Be Decompiled (update)
- Phantom of the Opera (GM#003-OP)
- PHP code injection in CuteNews
- php-Board (php)
- PHP-Nuke Avatar Code injection vulnerability
- phpBB Security Bugs
- PHPMyNewsLetter 0.6.11 - customize.php include problem
- phpMyShop (php)
- PHPNuke SQL Injection
- PHPNuke SQL Injection / General SQL Injection
- poc zlib sploit just for fun :)
- Presentation on Writing Secure Programs for Linux and Unix in Maryland
- Preventing /*exploitation with*/ rebasing
- Preventing exploitation with rebasing
- Putting the "NSA Data Overwrite Standard" Legend to Death...
- Quake3 engine autodownload issues.
- QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
- Riched20.DLL attribute label buffer overflow vulnerability
- Rogue buffer overflow
- RTS CryptoBuddy Multiple Encryption Implementation Vulnerabilities
- Secunia Research: Opera browser Cross Site Scripting
- Securing Windows 2000 Server Documentation
- Security bug in CGI::Lite::escape_dangerous_chars() function
- Security contact at SMC
- Security Patchs for PHP Products #2
- Security Update: [CSSA-2003-007.0] Linux: Apache mod_dav module format string vulnerability
- SECURITY.NNOV: Far buffer overflow
- SECURITY.NNOV: Kaspersky Antivirus DoS
- SECURITY.NNOV: Windows NT 4.0/2000 cmd.exe long path buffer overflow/DoS
- Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part II
- showHelp("file:") disables security in IE - Sandblad advisory #11
- sircd proof-of-concept / advisory
- Sniffing Opera's Tracks (GM#006-OP)
- Solaris Signals
- SPRINT ADSL [Zyxel 645 Series Modem]
- SummerCon 2003 Official Announcement
- SuSE Security Announcement: hypermail (SuSE-SA:2003:0012)
- SuSE Security Announcement: imp (SuSE-SA:2003:0008)
- SuSE Security Announcement: libmcrypt (SuSE-SA:2003:0010)
- SuSE Security Announcement: mod_php4 (SuSE-SA:2003:0009)
- SuSE Security Announcement: openssl (SuSE-SA:2003:011)
- Tech Article: HTTP Content Filter Analysis - Finjan SurfinGate V5.6
- Terminal Emulator Security Issues
- The Easiness of Session Fixation
- The First Honeyd Challenge
- To diversify and survive: the application of population biolo gy concept into computer
- TOPo 1.43 and prior - Path Disclosure (in.php, out.php)
- TSLSA-2003-0005 - openssl
- twlc advisory: all versions of php nuke are vulnerable...
- typo3 issues
- Unreal engine: results of my research
- VERITAS Software Technical Advisory (fwd)
- Vulnerability for Platinum FTP version 1.0.11
- Weak Encryption Scheme in Telindus 112x
- Weak password protection in WebSphere 4.0.4 XML configuration export
- web-erp 0.1.4 database access vulnerability
- Webmin 1.050 - 1.060 remote exploit
- WihPhoto (PHP)
- XSS and Path Disclosure in Sage
Last message date: Sun Mar 02 2003 - 14:15:55 PST
Archived on: Sun Mar 02 2003 - 14:15:57 PST
385 messages sorted by:
[ author ]
[ date ]
[ thread ]
Other mail archives
This archive was generated by hypermail 2b30
: Sun Mar 02 2003 - 14:15:57 PST