bugtraq 2003/05
By Subject
405 messages sorted by:
[ author ]
[ date ]
[ thread ]
Other mail archives
Starting: Wed Apr 30 2003 - 16:26:44 PDT
Ending: Sat May 31 2003 - 13:44:24 PDT
- [[ TH 026 Inc. ]] SA #4 - Blackmoon FTP Server cleartext passwords and User enumeration
- [AP] Owl Intranet Engine CSS Bug
- [CLA-2003:639] Conectiva Security Announcement - krb5
- [CLA-2003:640] Conectiva Security Announcement - vnc
- [CLA-2003:643] Conectiva Security Announcement - slocate
- [CLA-2003:648] Conectiva Security Announcement - evolution
- [CLA-2003:653] Conectiva Security Announcement - bugzilla
- [CLA-2003:655] Conectiva Security Announcement - BitchX
- [CLA-2003:656] Conectiva Security Announcement - netpbm
- [Drug and Zip] Buffer Overflow
- [ESA-20030515-015] 'sudo' heap corruption vulnerability
- [ESA-20030515-016] 'gnupg' key validation bug.
- [ESA-20030515-017] 'kernel' several bug and security-related fixes.
- [Full-Disclosure] (no subject)
- [Full-Disclosure] [ESA-20030515-015] 'sudo' heap corruption vulnerability
- [Full-Disclosure] [ESA-20030515-016] 'gnupg' key validation bug.
- [Full-Disclosure] [ESA-20030515-017] 'kernel' several bug and security-related fixes.
- [Full-Disclosure] [INetCop Security Advisory] Remote Heap Corruption Overflow vulnerability in WsMp3d.
- [Full-Disclosure] [INetCop Security Advisory] WsMP3d Directory Traversing Vulnerability.
- [Full-Disclosure] [RHSA-2003:002-01] Updated KDE packages fix security issues
- [Full-Disclosure] [RHSA-2003:113-01] Updated mod_auth_any packages available
- [Full-Disclosure] [RHSA-2003:133-01] Updated man packages fix minor vulnerability
- [Full-Disclosure] [RHSA-2003:145-01] Updated kernel fixes security vulnerabilities and updates drivers
- [Full-Disclosure] [RHSA-2003:160-01] Updated xinetd packages fix a denial-of-service attack and other bugs
- [Full-Disclosure] [RHSA-2003:169-01] Updated lv packages fix vulnerability
- [Full-Disclosure] [RHSA-2003:171-01] Updated CUPS packages fix denial of service attack
- [Full-Disclosure] [RHSA-2003:172-00] Updated 2.4 kernel fixes security vulnerabilities and various bugs
- [Full-Disclosure] [RHSA-2003:174-01] Updated tcpdump packages fix privilege dropping error
- [Full-Disclosure] [RHSA-2003:175-01] Updated gnupg packages fix validation bug
- [Full-Disclosure] [RHSA-2003:177-01] Updated up2date and rhn_register clients available
- [Full-Disclosure] [RHSA-2003:181-01] Updated ghostscript packages fix vulnerability
- [Full-Disclosure] [RHSA-2003:186-01] Updated httpd packages fix Apache security vulnerabilities
- [Full-Disclosure] [SECURITY] [ANNOUNCE] Apache 2.0.46 released
- [Full-Disclosure] [VulnWatch] Secunia Research: Opera browser filename extension buffer overflows
- [Full-Disclosure] Additional Details of Apache 2.x Security Flaw (Attack Vectors)
- [Full-Disclosure] ALERT WEBDAV worm on the loose
- [Full-Disclosure] Antigen Path Disclosure
- [Full-Disclosure] BadBlue Remote Administrative Interface Access Vulnerability
- [Full-Disclosure] Buffer overflows in multiple IMAP clients
- [Full-Disclosure] CORE-2003-0403: Axis Network Camera HTTP Authentication Bypass
- [Full-Disclosure] eBay Security Contact
- [Full-Disclosure] Editing Info
- [Full-Disclosure] eServ Memory Leak Enables Denial of Service Attacks
- [Full-Disclosure] eServ Memory Leak Solution
- [Full-Disclosure] Eudora 5.2.1 attachment spoof
- [Full-Disclosure] Eudora 5.2.1 buffer overflow DoS
- [Full-Disclosure] Exploit: Quake 3 engine, con\con and heartbeats (just for fun)
- [Full-Disclosure] Firebird local root compromise
- [Full-Disclosure] HP-
- [Full-Disclosure] HP-UX 11.0 /usr/lbin/rwrite
- [Full-Disclosure] iisPROTECT SQL injection in admin interface
- [Full-Disclosure] ltris-and-slashem-tty possible trouble
- [Full-Disclosure] Maelstrom Local Buffer Overflow Exploit, FreeBSD 4.8 edition
- [Full-Disclosure] Memory leak in 3COM 812 DSL routers
- [Full-Disclosure] Microsoft Biztalk Server DTA vulnerable to SQL injection
- [Full-Disclosure] Microsoft Biztalk Server ISAPI HTTP Receive function buffer overflow
- [Full-Disclosure] Multiple Security Vulnerabilities in OpenSSL on IRIX 6.5.19
- [Full-Disclosure] Multiple Vulnerabilities in Sun-One Application Server
- [Full-Disclosure] nessus NASL scripting engine security issues
- [Full-Disclosure] NII Advisory - Buffer Overflow in Analogx Proxy
- [Full-Disclosure] NSFOCUS SA2003-05: Microsoft IIS ssinc.dll Over-long Filename Buffer Overflow Vulnerability
- [Full-Disclosure] Paper: Spamdoors
- [Full-Disclosure] Proxy - Cookie - PhP - .htaccess Questions
- [Full-Disclosure] QuickTime/Darwin Streaming Server security issues
- [Full-Disclosure] SECNAP Security Advisory: Invalid HTML processing in GoldMine(tm)
- [Full-Disclosure] Secunia Research: Opera browser filename extension buffer overflows
- [Full-Disclosure] Security Vulnerabilities in MediaBase Apache and PHP on IRIX
- [Full-Disclosure] Slow Internet?
- [Full-Disclosure] SRT2003-05-08-1137 - ListProc mailing list ULISTPROC_UMASK overflow
- [Full-Disclosure] Verity/Search'97 ObjectStoreSearch
- [Full-Disclosure] WsMp3d remote exploit.
- [Full-Disclosure] XMB 1.8 Partagium cross site scripting vulnerability
- [Full-Disclosure] youbin local root exploit + advisory
- [Fwd: 127 Research and Development: 127 Day!]
- [INetCop Security Advisory] Remote Heap Corruption Overflow vulnerability in WsMp3d.
- [INetCop Security Advisory] WsMP3d Directory Traversing Vulnerability.
- [OpenPKG-SA-2003.029] OpenPKG Security Advisory (gnupg)
- [Priv8security Advisory] Batalla Naval remote overflow
- [rt-users] [rt-announce] RT 1.0.7 vulnerable to Cross Site Scripting attacks
- [SECURITY] [ANNOUNCE] Apache 2.0.46 released
- [SECURITY] [DSA 297-1] New snort packages fix remote root exploits
- [SECURITY] [DSA 298-1] New EPIC4 packages fix DoS and arbitrary code execution
- [SECURITY] [DSA 299-1] New leksbot packages fix improper setuid-root execution
- [SECURITY] [DSA 300-1] New Balsa packages fix buffer overflow
- [SECURITY] [DSA 306-1] New BitchX packages fix DoS and arbitrary code execution
- [SECURITY] [DSA-301-1] New libgtop packages fix buffer overflow
- [SECURITY] [DSA-302-1] New fuzz packages fix buffer overflow
- [SECURITY] [DSA-303-1] New mysql packages fix multiple vulnerabilities
- [SECURITY] [DSA-304-1] New lv packages fix local privilege escalation
- [SECURITY] [DSA-305-1] New sendmail packages fix insecure temporary file creation
- [SECURITY] [DSA-307-1] New gps packages fix multiple vulnerabilities
- [SNS Advisory No.64] IP Messenger for Win Buffer Overflow Vulnerability
- [VULNERABILITY] PHP 'poster version.two'
- [VulnWatch] [INetCop Security Advisory] Remote Heap Corruption Overflow vulnerability in WsMp3d.
- [VulnWatch] [INetCop Security Advisory] WsMP3d Directory Traversing Vulnerability.
- [VulnWatch] b2 cafelog 0.6.1 remote command execution.
- [VulnWatch] BadBlue Remote Administrative Interface Access Vulnerability
- [VulnWatch] Buffer overflow vulnerability found in MailMax version 5
- [VulnWatch] CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client
- [VulnWatch] CORE-2003-0403: Axis Network Camera HTTP Authentication Bypass
- [VulnWatch] eServ Memory Leak Enables Denial of Service Attacks
- [VulnWatch] Firebird local root compromise
- [VulnWatch] Geeklog 1.3.7sr1 and below multiple vulnerabilities.
- [VulnWatch] Hotmail & Passport (.NET Accounts) Vulnerability
- [VulnWatch] Multiple Buffer Overflow Vulnerabilities Found in CMailServer 4.0
- [VulnWatch] Multiple Buffer Overflow Vulnerabilities in SLMail (#NISR07052003A)
- [VulnWatch] Multiple Vulnerabilities in SLWebmail
- [VulnWatch] Multiple Vulnerabilities in Sun-One Application Server
- [VulnWatch] NII Advisory - Buffer Overflow in Analogx Proxy
- [VulnWatch] NSFOCUS SA2003-05: Microsoft IIS ssinc.dll Over-long Filename Buffer Overflow Vulnerability
- [VulnWatch] OneOrZero Security Problems (PHP)
- [VulnWatch] Plaintext Password in Settings.ini of CesarFTP
- [VulnWatch] SECNAP Security Advisory: Invalid HTML processing in GoldMine(tm)
- [VulnWatch] Secunia Research: Opera browser filename extension buffer overflows
- [VulnWatch] SRT2003-05-08-1137 - ListProc mailing list ULISTPROC_UMASK overflow
- [VulnWatch] Webfroot Shoutbox 2.32 directory traversal and code injection.
- [VulnWatch] youbin local root exploit + advisory
- A Phorum's bug...
- Activity Monitor 2002 remote Denial of Service
- AIX sendmail open relay
- ALERT WEBDAV worm on the loose
- Algorimic Complexity Attacks
- Another ZEUS Server web admin XSS!
- Apple AirPort Administrative Password Obfuscation (a051203-1)
- April appeared to be a month of IE bugs. Here's another one.
- ATM on linux Exploit(les,local)
- Automatic Harvesting of AOL Instant Messenger Screen Names!
- b2 cafelog 0.6.1 remote command execution.
- BadBlue Remote Administrative Interface Access Vulnerability
- Bandmin 1.4 XSS Exploit
- bazarr CALL POLICE
- BAZARR CODE NINER PINK TEAM GO GO GO
- bazarr slocate
- BEA WebLogic
- BEA WebLogic Server and Express 7.x Passwords Disclosure
- BitchX: Crash when channel modes change
- Blue screen in Windows
- BRS WebWeaver: POST and HEAD Overflaws
- bsdbsdftpd-6.0-ssl-0.6.1-1 attack allows remote users identification
- Buffer overflow vulnerability found in MailMax version 5
- Buffer Overflow? Local Malformed URL attack on D-Link 704p router
- Buffer overflows in multiple IMAP clients
- Bug found in: Polymorph 0.4.0
- Cdrecord local root exploit.
- cdrtools2.0 Format String Vulnerability
- Cisco ACL bug when using VPN crypto engine accelerator, PPPoE dialer or ip route-cache
- Cisco Security Advisory: Cisco IOS Software Processing of SAA Packets
- Cisco Security Advisory: Cisco ONS15454, ONS15327, ONS15454SDH, and ONS15600 Nessus Vulnerabilities
- Cisco Security Advisory: Cisco VPN 3000 Concentrator Vulnerabilities
- Code Injection Vulnerabilities in WebcamXP Chat Feature
- CommuniGatePro 4.0.6 [EXPLOIT]
- Compaq Insight Manager - related to Bugtraq ID 2500
- conexant adsl router backdoor
- CORE-2003-0303: Multiple Vulnerabilities in Mirabilis ICQ client
- CORE-2003-0403: Axis Network Camera HTTP Authentication Bypass
- Crash in Internet Explorer 6.0 Sp1
- CSS found in Movable Type
- CSS found in Movable Type -- Nope
- Demarc Puresecure v1.6 - Plaintext password issue -
- Detailed analysis: Buffer overflow in Explorer.exe on Windows XP SP1
- Dynamic DNS "Spoofing" & IRC
- eBay Security Contact
- eServ Memory Leak Enables Denial of Service Attacks
- eServ Memory Leak Solution
- EServ/2.99: problems
- Eudora 5.2.1 attachment spoof
- Eudora 5.2.1 buffer overflow DoS
- EXPLOIT: Buffer overflow in Explorer.exe on Windows XP SP1
- Exploit: Quake 3 engine, con\con and heartbeats (just for fun)
- EzPublish Directory XSS Vulnerability
- fake location bar
- Firebird Local exploit
- Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! - UPDATED
- Flooding Internet Explorer 6.0.2800 (6.x?) security zones ! [CRITICAL]
- gcc (<3.2.3) implicit struct copy exploit
- Geeklog 1.3.7sr1 and below multiple vulnerabilities.
- GLSA: openssh (200305-01)
- Happymall E-Commerce Remote Command Execution
- Hersmen Contact
- Hotmail & Passport (.NET Accounts) Vulnerability
- HP-UX 11.0 /usr/bin/kermit
- HP-UX 11.0 /usr/lbin/rwrite
- ICQLite executable trojaning
- iDEFENSE Security Advisory 05.30.03: Apache Portable Runtime Denial of Service and Arbitrary Code Execution Vulnerability
- II-Labs Advisory: Remote code execution in YaBBse 1.5.2 (php version)
- IIS Web DAV exploit new release
- IIS WEBDAV Denial of Service attacks
- iisCart2000 Administration Security Leak
- iisPROTECT SQL injection in admin interface
- Immunix Secured OS 7+ fileutils update
- Inktomi Traffic-Server XSS: man-in-the-middle XSS !
- Integer Manipulation Attacks
- Internet Explorer URL spoofing threat
- JBOSS 3.2.1: JSP source code disclosure
- kermit buffer overflow on hp-ux
- Key validity bug in GnuPG 1.2.1 and earlier
- Latest MS SQL Server vulnerabilities revealed
- Lot of SQL injection on PHP-Nuke 6.5 (secure weblog!)
- ltris-and-slashem-tty possible trouble
- Maelstrom Buffer Overflow
- Maelstrom bugfix (was Maelstrom Local Buffer Overflow Exploit, FreeBSD 4.8 edition)
- Maelstrom exploit
- Maelstrom Local Buffer Overflow Exploit
- Maelstrom Local Buffer Overflow Exploit, FreeBSD 4.8 edition
- Magic Winmail Server v.2.*: format string
- makeunicode2.py release
- MDKSA-2003:055 - Updated kopete packages fix vulnerability with GnuPG plugin
- MDKSA-2003:056 - Updated xinetd packages fix DoS vulnerability
- MDKSA-2003:057 - Updated MySQL packages fix vulnerability
- MDKSA-2003:058 - Updated cdrecord packages fix local root compromise
- MDKSA-2003:058-1 - Updated cdrecord packages fix local root compromise
- MDKSA-2003:059 - Updated lpr packages fix local root vulnerability
- MDKSA-2003:060 - Updated LPRng packages fix insecure temporary file vulnerability
- MDKSA-2003:061 - Updated gnupg packages fix validation bug
- MDKSA-2003:062 - Updated cups packages fix Denial of Service vulnerability
- MDKSA-2003:063 - Updated apache2 packages fix vulnerabilities
- Memory leak in 3COM 812 DSL routers
- Microsoft Biztalk Server DTA vulnerable to SQL injection
- Microsoft Biztalk Server ISAPI HTTP Receive function buffer overflow
- Microsoft IIS Authentication Manager Account Conformation Vuln?
- Microsoft Solution for Securing Wireless LANs now available
- miniPortail (PHP) : Admin Access
- Mod_Survey SYSBASE vulnerability
- More and More SQL injection on PHP-Nuke 6.5.
- More vulnerabilities in ttForum/ttCMS -> SQL injection
- Multiple Buffer Overflow Vulnerabilities Found in CMailServer 4.0
- Multiple Buffer Overflow Vulnerabilities Found in FTGate Pro Mail Server v. 1.22 (1328)
- Multiple Buffer Overflow Vulnerabilities in SLMail (#NISR07052003A)
- Multiple Vulnerabilities found in Microsoft .Net Passport Services
- Multiple Vulnerabilities In P-Synch Password Management
- Multiple Vulnerabilities in SLWebmail
- Multiple Vulnerabilities in Splatt Forum 4.0
- Multiple Vulnerabilities in Sun-One Application Server
- Netbus 1.x exploit
- New php release with security fixes
- NII Advisory - Buffer Overflow in Analogx Proxy
- NSFOCUS SA2003-05: Microsoft IIS ssinc.dll Over-long Filename Buffer Overflow Vulnerability
- ntoskrnl crashing hard via isqlw.exe
- ntoskrnl.exe and isql.exe hard crash (update) NetWare the root cause
- NuxAcid#002 - Buffer Overflow in UpClient
- One more flaw in Happymall
- OneOrZero Security Problems (PHP)
- OpenSSH/PAM timing attack allows remote users identification
- Opera 7.11 java.util.zip.* Vulnerability
- Options Parsing Tool library buffer overflows.
- Outlook Web Access authentication bypass
- PAFileDB SQL Injection Vulnerability & Ratings Cheat Fix
- PalmOS ICMP flood DoS.
- PalmVNC 1.40 Insecure Records
- Path Disclosure in Turba of Horde
- PDF Available: IIS Security and Programming Countermeasures e-book
- Philboard Forum Vulnerability
- Phorum Vulnerabilities
- PHP source code injection in BLNews
- PHP-Nuke code injection in Yearly Stats at Statistics module
- PHP-Nuke Denial of Service attack and more SQL Injections
- PHP-Nuke module PHP-Banner-Exchange path disclosure
- Php-Nuke:users and admins password hashes vulnerability
- php-proxima Remote File Access Vulnerability
- PHPNuke "Your Account" XSS Vulnerability
- PHRACK MAGAZINE Call for Papers (#61)
- Pi3Web 2.0.1 DoS
- Plaintext Password in Settings.ini of CesarFTP
- Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv)
- Possible XSS on iPlanet Messaging Server
- Postnuke: path disclosure (0.7.2.3 and prior)
- Potential security vulnerability in Nessus
- PowerLink WAN Aggregator - Vunerability
- Prishtina FTP v.1.*: remote DoS
- Problem: Multiple Web Browsers do not do not validate CN on certificates.
- QuickTime/Darwin Streaming Server security issues
- RE : Memory leak in 3COM DSL routers
- Remote code execution in ttCMS <=v2.3
- Remote DoS in Desktop Orbiter
- Remote PC Access Server 2.2 Vulnerability
- Remote Stack Overflow exploit for Personal FTPD
- Restricted Zone: the OUTLOOK EXPRESS
- rwrite buffer overflow in hp-ux
- s0h: Kerio Personal Firewall and Tiny Personal Firewall remote exploit/patch.
- S21SEC-016 - Vignette SSI Injection
- S21SEC-017 - Vignette /vgn/legacy/save SQL access
- S21SEC-018 - Vignette memory leak AIX Platform
- S21SEC-019 - Vignette /vgn/style internal information leak
- S21SEC-020 - Vignette user enumeration
- S21SEC-021 - Vignette License access and modification
- S21SEC-023 - Vignette multiple Cross Site Scripting vulnerabilities
- S21SEC-024 - Vignette TCL Injection
- SAP database local root vulnerability during installation. (fwd)
- Security advisory: LSF 5.1 local root exploit
- Security Update: [CSSA-2003-017.0] OpenLinux: Various serious Samba vulnerabilities
- Security Update: [CSSA-2003-018.0] OpenLinux: file command buffer overflow
- Security Update: [CSSA-2003-019.0] OpenLinux: tcp SYN with FIN packets are not discarded
- Security Update: [CSSA-2003-020.0] OpenLinux: kernel kmod/ptrace root exploit
- Security Update: [CSSA-2003-021.0] OpenLinux: mgetty caller ID buffer overflow and spool perm vulnerabilities
- Security Update: [CSSA-2003-SCO.9] OpenServer 5.0.5 OpenServer 5.0.6 : Buffer overflows and other security vulnerabilities in Squid
- Siemens Mobile Phone - Buffer Overflow
- SILLY BEHAVIOR Part II : Internet Explorer 5.5 - 6.0
- SILLY BEHAVIOR Part III : Internet Explorer 5.5 - 6.0
- Snitz Forum 3.3.03 Remote Command Execution
- Snowblind Web Server: multiple issues
- Some problems in Privatefirewall 3.0
- Son hServer v0.2: directory traversal
- SRT2003-05-08-1137 - ListProc mailing list ULISTPROC_UMASK overflow
- ST FTP Service v3.0: directory traversal
- SuSE Security Announcement: glibc (SuSE-SA:2003:027)
- TextPortal Default Password Vulnerability
- The PACKET 0' DEATH FastTrack network vulnerability
- TOP 75 Security Tools Translated
- Tornado www-server v1.2: directory traversal, buffer overflow
- ttcms and ttforum exploits
- uml_net bug
- Unix Version of the Pi3web DoS
- unzip directory traversal revisited
- UPB: Discussion Board/Web-Site Takeover
- URLScan detection
- UT2003 client passive DoS exploit
- VBulletin Preview Message - XSS Vuln
- Venturi Client 2.1 confirmed as open relay [Verizon Wireless Mobile Office]
- Webfroot Shoutbox 2.32 directory traversal and code injection.
- why i love xs4all + mediaplayer thingie
- Windows Media Player directory traversal vulnerability
- Windows Media Services Remote Command Execution
- WsMp3d remote exploit.
- xmame gain root exploit
- XMB 1.8 Partagium cross site scripting vulnerability
- XSS In Neoteris IVE Allows Session Hijacking
- Yahoo! Security Advisory: Yahoo! Voice Chat
- youbin local root exploit + advisory
Last message date: Sat May 31 2003 - 13:44:24 PDT
Archived on: Fri Jun 20 2003 - 03:43:04 PDT
405 messages sorted by:
[ author ]
[ date ]
[ thread ]
Other mail archives
This archive was generated by hypermail 2b30
: Fri Jun 20 2003 - 03:43:04 PDT