SecurityFocus Bugtraq
By Author

434 messages sorted by: [ date ] [ thread ] [ subject ] [ attachment ]

Starting: 04/01/02
Ending: 04/30/02

0x90
- regarding SSL issues (04/08/02)
- RE: Multiple Vendor "talkd" user validation fault (04/06/02)
0xcafebabe@hushmail.com
- Snort exploits (04/17/02)
3APA3A
- Re: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list) (04/25/02)
- SECURITY.NNO: FTGate PRO/Office hotfixes (04/03/02)
a b
- Quik-Serv Web Server v1.1B Arbitrary File Disclosure (04/03/02)
A.Dimitrov
- Restricted Shells (04/18/02)
acemi
- Snitz Forums 2000 remote SQL query manipulation vulnerability (04/19/02)
acidneo@altern.org
- emumail.cgi (04/04/02)
Adam McKenna
- Re: SQL injection in PHPGroupware (04/04/02)
Adam Shostack
- STANFORD CONFERENCE ON VULNERABILITY DISCLOSURE: Early Reg to Close Soon! (fwd) (04/22/02)
Adcock, Matt
- RE: Windows 2000 DCOM clients may leak sensitive information onto the network (04/02/02)
advisories@atstake.com
- @stake advisory: .htr heap overflow in IIS 4.0 and 5.0 (04/10/02)
Akatosh
- Re: arp problem (04/23/02)
Alex Hernandez
- Slrnpull Buffer Overflow (-d parameter) (04/22/02)
Alex Lambert
- Multiple CSS/XSS vulnerabilities on directNIC.com (04/27/02)
Alex Russell
- Re: Taxonomies (04/02/02)
Alexander K. Yezhov
- Bypassing javascript filters - problem N3. (04/01/02)
- Re: Local Security Vulnerability in Windows NT and Windows 2000 (03/29/02)
Alfonso Fiore
- Follows: Norton Personal Firewall 2002 vulnerable to SYN/FIN scan (04/30/02)
- Norton Personal Firewall 2002 vulnerable to SYN/FIN scan (04/16/02)
Alun Jones
- Re: DoS in debian (potato) proftpd: 1.2.0pre10-2.0potato1 (04/04/02)
Andreas Sandblad
- Mp3 file can execute code in Winamp [Sandblad advisory #5] (04/26/02)
- About: Using the backbutton in IE is dangerous (04/15/02)
- Using the backbutton in IE is dangerous (04/14/02)
- Re: Winamp: Mp3 file can control the minibrowser (04/03/02)
- Winamp: Mp3 file can control the minibrowser (04/03/02)
- IE: Remote webpage can script in local zone (03/30/02)
Andreas Sandor
- KPMG-2002007: Watchguard SOHO Denial of Service (04/08/02)
Andrew J. Stackhouse
- Re: Ability to read buddy list of AIM users (04/15/02)
Andrew Kunz
- RE: KPMG-2002015: Microsoft Distributed Transaction Coordinator DoS (04/26/02)
Andrew R. Reiter
- Re: Taxonomies (04/03/02)
Andrew van der Stock
- RE: VNC Security Bulletin - zlib double free issue (multiple vendors and versions) (04/05/02)
- VNC Security Bulletin - zlib double free issue (multiple vendors and versions) (04/03/02)
Anthony DeRobertis
- Re: VNC Security Bulletin - zlib double free issue (multiple vendors and versions) (04/05/02)
- Re: VNC Security Bulletin - zlib double free issue (multiple vendors and versions) (04/05/02)
Bartłomiej
- arp problem (04/21/02)
Bejon Parsinia
- RE: KPMG-2002013: ColdFusion Path Disclosure (04/19/02)
Ben Schorr
- RE: More Office XP problems (04/03/02)
Benoît Roussel
- [CERT-intexxia] AOLServer DB Proxy Daemon Format String Vulnerability (04/16/02)
Berend-Jan Wever
- IE DoS and possibly exploitable stack overflow (04/24/02)
- De-anonymizer (04/23/02)
- Re: Cross site scripting in almost every mayor website (04/21/02)
- Cross site scripting in almost every mayor website (04/19/02)
- Re: NSFOCUS SA2002-02 : Microsoft Windows MUP overlong request kernel overflow (04/19/02)
bert hubert
- Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio (04/22/02)
Bill Nottingham
- Re: Slrnpull Buffer Overflow (-d parameter) (04/30/02)
BlueScreen
- ITCP Advisory 13: Bypassing of ATGuard Firewall possible (04/29/02)
Brad Powell
- Re: fragroute vs. snort: the tempest in a teacup (04/19/02)
Bradford L. Barrett
- Re: Remote buffer overflow in Webalizer (04/17/02)
BrainRawt .
- Another Faq-O-Matic XSS Vuln? (04/20/02)
- SWS Vuln (small but important to those using it.) (04/12/02)
Brent J. Nordquist
- IMP 2.2.8 (SECURITY) released (04/06/02)
Brett Glass
- Re: local root compromise in openbsd 3.0 and below (04/13/02)
Bronek Kozicki
- Re: Microsoft Security Bulletin - MS02-020 (04/19/02)
- Re: List of extended sprocs that are vulnerable? FW: Microsoft Security Bulletin MS02-020 (04/19/02)
- Re: Microsoft Security Bulletin - MS02-020 (04/18/02)
bugzilla@redhat.com
- [RHSA-2002:072-07] Updated sudo packages are available (04/25/02)
- [RHSA-2002:063-05] Updated icecast packages are available (04/26/02)
- [RHSA-2001:089-08] Updated tcpdump packages available for Red Hat Linux 6.2 and 7.x (04/09/02)
- [RHSA-2002:054-09] Race conditions in logwatch (04/05/02)
- [RHSA-2002:053-12] Race conditions in logwatch (04/05/02)
Burton M. Strauss III
- RE: segfault in ntop (04/19/02)
- re: gobbles ntop alert (04/11/02)
Cerberus Vulgaris
- Xpede many vulnerabilities (04/19/02)
Charles J Wertz
- Re: ansi outer join syntax in Oracle allows access to any data (04/16/02)
Charles M. Richmond
- Re: Cisco Security Advisory: Solaris /bin/log vulnerability (04/12/02)
CHINANSL Security Team
- Tomcat real path disclosure (2) (04/22/02)
Chip Andrews
- Re: Microsoft Security Bulletin - MS02-020 (04/19/02)
chkumite chkumite
- Re: More Cross site Scripting in PHPNuke (04/24/02)
Chris Anley
- Re: Microsoft IIS 5.0 CodeBrws.asp Source Disclosure (04/18/02)
Chris Deibler
- Fragroute-NetworkICE follow-up (04/27/02)
- Fragroute and ISS (NetworkICE) products: a brief analysis (04/26/02)
Chris Ess
- Re: KPMG-2002013: Coldfusion Path Disclosure (04/18/02)
Chris Green
- Re: Snort exploits (04/24/02)
Christian Milow
- Re: MS02-018 (04/11/02)
Christophe Casalegno
- Re: IRIX FTP Bounce vulnerability (03/30/02)
Cisco Systems Product Security Incident Response Team
- Cisco Security Advisory: Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 (04/16/02)
- Cisco Security Advisory: Solaris /bin/log vulnerability (04/10/02)
- Cisco Security Advisory: Aironet Telnet Vulnerability (04/09/02)
- Cisco Security Advisory: Vulnerability in zlib library (04/03/02)
- Cisco Security Advisory: Web interface vulnerabilities in ACS for Windows (04/03/02)
- UPDATED: Cisco Security Advisory: LDAP Connection Leak in CTI when User Authentication Fails (03/29/02)
Coffin, Chris
- Unauthorized remote control access to systems running Funk Softwa re's Proxy v3.x (04/08/02)
Craig Humphrey
- RE: segfault in ntop (04/18/02)
Crispin Cowan
- Re: A buffer overflow study - generic protections (04/03/02)
- Announcing Immunix SnackGuard (04/01/02)
Cynthia Brown
- Re: Nortel CVX 1800s will dump all local user names and passwords via SNMP (04/19/02)
Dan Kuykendall
- Re: (SRADV00006) Remote command execution vulnerabilities in phpGroupWare (04/11/02)
- Re: SQL injection in PHPGroupware (04/11/02)
Daniel Lorch
- Re: Winamp: Mp3 file can control the minibrowser (04/03/02)
Daniel Nyström
- [[ TH 026 Inc. ]] SA #2 - IcrediBB 1.1, Cross Site Scripting vulnerability. (04/19/02)
- [[ TH 026 Inc. ]] SA #1 - Multiple vulnerabilities in PVote 1.5 (04/18/02)
Darren Reed
- Re: fragroute vs. snort: the tempest in a teacup (04/19/02)
- Re: Snort exploits (04/18/02)
Dave Ahmad
- [RHSA-2002:071-07] Updated sudo packages are available (04/26/02)
- MS02-018 (04/10/02)
Dave Aitel
- SPIKE version released that detects .HTR and ISAPI overflows (see spike.sourceforge.net) (04/10/02)
Dave Oliver
- Intel D845HV/WN/PT series motherboard vulnerability (04/25/02)
Demarc Security Support
- Demarc Security Update Advisory (04/17/02)
der Mouse
- Re: Snort exploits (04/18/02)
Deus, Attonbitus
- Re: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list) (04/25/02)
dhalterm@csc.com
- RFC: suggestions for SSL security enhancements in Microsoft Internet Explorer (04/02/02)
dizznutt@my.security.nl
- Full analysis of multiple remotely exploitable bugs in Icecast 1.3.11 (04/04/02)
- icecast 1.3.11 remote shell/root exploit - #temp (04/02/02)
dlaumann@suntzu.net
- RE: arp problem (04/24/02)
Dr Andreas F Muller
- Vulnerability in HP Photosmart/Deskjet Drivers for Mac OS X (root compromise) (04/15/02)
Dragos Ruiu
- fragroute vs. snort: the tempest in a teacup (04/18/02)
- Re: Snort exploits (04/17/02)
Dries Schellekens
- Re: OpenBSD Local Root Compromise (04/11/02)
Dug Song
- Re: fragroute vs. snort: the tempest in a teacup (04/18/02)
Dustin E. Childers
- Re: CA security contact (04/05/02)
dvdman
- PsyBNC Remote Dos POC (04/23/02)
- Melange Chat POC DOS (04/16/02)
Edvice Security Services
- Various Vulnerabilities in ZoneAlarm MailSafe (04/02/02)
eflorio@edmaster.it
- IE Word ActiveX DoS Loop (04/08/02)
Elia Florio
- Outlook Express Attach Execution Exploit (img tag + innerHTML + TIF dos name) (03/29/02)
emann@questinc.org
- RE: Ability to read buddy list of AIM users (04/15/02)
- RE: Ability to read buddy list of AIM users (04/15/02)
EnGarde Secure Linux
- [ESA-20020429-010] 'sudo' heap corruption vulnerability (04/29/02)
- [ESA-20020423-009] webalizer contains a potentially exploitable buffer overflow (04/23/02)
enrico@wizards-of-source.org
- Denial of Service in Mosix 1.5.x (04/23/02)
Eric
- RE: MS 3/28/02 Security Patch for IE6 - warning! (04/03/02)
Eric Sandeen
- Re: IRIX XFS filesystem denial of service attack (04/16/02)
Eugene Medynskiy
- Re: Ability to read buddy list of AIM users (04/16/02)
Eyrill / Securiteinfo.com
- Boursorama.com cookie exploit (04/01/02)
Florent Trupheme
- RE: Trendmicro - Interscan - List of BCC: is revealed when stripping attachments and notifying destination addresses (04/25/02)
Florian Hobelsberger / BlueScreen
- Several x-dev.de Guestbook and xNewsletter Vulnerabilities ( www.x-dev.de ) (04/14/02)
- Dynamic Guestbook V3.0 Cross Site Scripting and Arbitrary Command Execution under certain circumstances (04/03/02)
Florian Weimer
- Re: An alternative method to check LKM backdoor/rootkit (04/18/02)
FozZy
- Re: Cross site scripting in almost every mayor website (04/21/02)
- Huge Privacy Threats in Webmails and How Big Companies Handle them (04/01/02)
fozzy@dmpfrance.com
- Re: Bypassing javascript filters - problem N3. (04/02/02)
Francesco Pacaccio
- R: MS02-018 (04/11/02)
Franck Coppola
- Re: Remote buffer overflow in Webalizer (04/16/02)
Fredrik Widlund
- Re: Howto exploit a remote format bug automatically (04/19/02)
FreeBSD Security Advisories
- FreeBSD Security Advisory FreeBSD-SA-02:23.stdio (04/22/02)
- FreeBSD Security Advisory FreeBSD-SA-02:18.zlib [REVISED] (04/18/02)
- FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip (04/17/02)
- FreeBSD Security Advisory FreeBSD-SA-02:20.syncache (04/16/02)
Frédéric Raynal
- Howto exploit a remote format bug automatically (04/18/02)
Fyodor
- Re: [Snort-devel] Re: Re: Snort exploits (04/18/02)
gcsb
- Vulnerability in PostCalendar (04/20/02)
- Multiple Vulnerabilities in PostBoard (04/17/02)
Georgi Guninski
- More Office XP problems (version 3.0) (04/28/02)
- Re: More Office XP problems (04/04/02)
- More Office XP problems (Version 2.0) (04/03/02)
Giri Sandeep
- IndiaTimes.com - Email - Session hijacking and Inbox Blocking (04/26/02)
Global InterSec Research
- [Global InterSec 2002041701] Sudo Password Prompt Vulnerability. (04/25/02)
gobbles@hushmail.com
- Adivosry + Exploit for Remote Root Hole in Default Installation of Popular Commercial Operating System (04/30/02)
- ALERT! ALERT! ALERT! ALERT! ALERT! hehehehe ;Pppppp (04/20/02)
- ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT (04/11/02)
Greg Shipley
- Redux: NIDS, fragrouter, and off-topic sanity [WAS: Snort exploit] (04/22/02)
Greg Williamson
- Re: ansi outer join syntax in Oracle allows access to any data (04/17/02)
GreyMagic Software
- Reading local files in Netscape 6 and Mozilla (GM#001-NS) (04/30/02)
- RE: Cross site scripting in almost every mayor website (04/23/02)
- RE: IE allows universal Cross Site Scripting (TL#002) (04/17/02)
- Multiple local files detection issues with OWC in IE (GM#008-IE) (04/08/02)
- Reading local files with OWC in IE (GM#006-IE) (04/08/02)
- Controlling the clipboard with OWC in IE (GM#007-IE) (04/08/02)
- Scripting for the scriptless with OWC in IE (GM#005-IE) (04/08/02)
- Reading portions of local files in IE, depending on structure (GM#004-IE) (04/02/02)
Grimes, Roger
- RE: Snort exploits (04/18/02)
H D Moore
- Re: Microsoft IIS 5.0 CodeBrws.asp Source Disclosure (04/17/02)
- Microsoft IIS 5.0 CodeBrws.asp Source Disclosure (04/17/02)
- Microsoft FTP Service STAT Globbing DoS (04/17/02)
- Re: IRIX XFS filesystem denial of service attack (04/16/02)
H. Peter Anvin
- Mailman/Pipermail private mailing list/local user vulnerability (04/17/02)
http-equiv@excite.com
- More fun with html mail: Outlook Express, Internet Explorer, Other etc (04/14/02)
Ian Darwin
- Re: Tomcat 4.1 real path disclosure (04/19/02)
InterWN Labs
- Cross Site Scripting. Many Sites Vulnerable. (04/21/02)
Ishay Sommer
- Trendmicro - Interscan - List of BCC: is revealed when stripping attachments and notifying destination addresses (04/24/02)
Ivan Arce
- Re: Techniques for Vulneability discovery (04/06/02)
Iván Arce
- CORE-20020409: Multiple vulnerabilities in stack smashing protection technologies (04/24/02)
J Mike Rollins
- Re: QPopper 4.0.4 buffer overflow (04/30/02)
James Ralston
- trusting user-supplied data (was Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio) (04/24/02)
jan@nil.si
- Re: fragroute vs. snort: the tempest in a teacup (04/19/02)
Jens Knoell
- Re: PHP-Survey Database Access Vulnerability (04/27/02)
Jeremy Roberts
- Abyss Webserver 1.0 Administration password file retrieval exploit (04/09/02)
Joe
- Re: XMB cross-scripting vulnerability (04/26/02)
Joe Testa
- Re: Tomcat 4.1 real path disclosure (04/19/02)
- Re: Microsoft IIS 5.0 CodeBrws.asp Source Disclosure (04/17/02)
- Re: KPMG-2002006: Lotus Domino Physical Path Revealed (04/02/02)
John Heasman
- Fun With MSN Chat Part I (Cross Scripting) (03/29/02)
John Madden
- Re: ecartis / listar PoC (04/26/02)
John Scimone
- more info on the iosmash.c exploit (04/23/02)
Johnny J Chin
- Re: invitation to my cam (fwd) (03/29/02)
jon schatz
- Re: Amazon.com Password limit (04/19/02)
Jonas Eriksson
- Sudo version 1.6.6 now available (fwd) (04/25/02)
- OpenBSD 3.0: Bug in rshd(8) and rexecd(8) (fwd) (04/12/02)
- Re: packet filter fingerprinting(open but closed, closed but filtered) (04/03/02)
- Re: packet filter fingerprinting(open but closed, closed but filtered) (04/03/02)
Jordan K Wiens
- Re: Reading local files in Netscape 6 and Mozilla (GM#001-NS) (04/30/02)
Jorge Walters
- RE: [VulnWatch] vuln in wwwisis: remote command execution and get files (04/03/02)
JP
- segfault in ntop (04/17/02)
Kanatoko
- Matu FTP remote buffer overflow vulnerability (04/22/02)
Karsten W. Rohrbach
- Re: An alternative method to check LKM backdoor/rootkit (04/18/02)
Kevin Brown
- RE: More Office XP problems (04/06/02)
Kevin van Haaren
- Re: w00w00 on Microsoft IE/Office for Mac OS (04/17/02)
KF
- Re: ecartis / listar PoC (04/26/02)
- slrnpull -d PoC (04/25/02)
- ecartis / listar PoC (04/25/02)
- cheers (04/23/02)
- Cross site scripting @verisign.com and @cybercash.com (04/19/02)
- Re: CA security contact (04/05/02)
- Happy Easter / April Fools from Snosoft (Oracle 8.1.5 tnslsnr) (04/01/02)
- Progress Setuid patch Installs (Happy Easter or April fools to Progress) (04/01/02)
Kistler Ueli
- Typsoft FTP Server: yet another directory traversal vulnerability (04/07/02)
Konstantin Riabitsev
- Re: squirrelmail 1.2.5 email user can execute command (03/31/02)
krisk@kbeta.com
- RE: Windows 2000 Sec rollup 2 patch -- Ouch! (04/11/02)
Larry W. Cashdollar
- Exploit for Tarantella Enterprise 3 installation (BID 3966) (04/04/02)
Lars Hecking
- Re: Remote buffer overflow in Webalizer (04/17/02)
Leif Jakob
- Re: emumail.cgi, one more local vulnerability (not verified) (04/10/02)
Leon Harris
- Vulnerabilities in the Melange Chat Server (04/14/02)
Leonard Chung
- RE: More Office XP problems (04/05/02)
Lysel Christian Emre
- RE: Raptor Firewall FTP Bounce vulnerability (04/17/02)
Mandrake Linux Security Team
- MDKSA-2002:029 - imlib update (04/26/02)
- MDKSA-2002:028 - sudo update (04/26/02)
- MDKSA-2002:024-1 - rsync update (04/18/02)
- MDKSA-2002:027 - squid update (04/17/02)
- MDKSA-2002:026 - libsafe update (04/12/02)
Manuel Bouyer
- Re: local root compromise in openbsd 3.0 and below (04/14/02)
- Re: local root compromise in openbsd 3.0 and below (04/12/02)
Marc Maiffret
- Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow (04/10/02)
Marcell Fodor
- QPopper 4.0.4 buffer overflow (04/28/02)
- A bug in the Kerberos4 ftp client may cause heap overflow which leads to remote code execution (04/24/02)
- OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow (04/20/02)
Marco de Vivo [UCV]
- Taxonomies (04/02/02)
Mariusz Woloszyn
- Re: CORE-20020409: Multiple vulnerabilities in stack smashing protection technologies (04/28/02)
- Re: Firewall-1 Identification : port 257 (ie archive : 18701) (04/03/02)
Mark Anderson
- HiverCon 2002 (04/18/02)
Markus Arndt
- Philip Chinery's Guestbook 1.1 fails to filter out js/html (04/21/02)
Markus Friedl
- Revised OpenSSH Security Advisory (adv.token) (04/26/02)
martin f krafft
- Re: DoS in debian (potato) proftpd: 1.2.0pre10-2.0potato1 (03/29/02)
Martin O'Neal
- RE: Raptor Firewall FTP Bounce vulnerability (04/17/02)
Martin Roesch
- Re: Snort exploits (04/18/02)
Martin, Jeffrey
- RE: Using the backbutton in IE is dangerous (04/15/02)
Mary Landesman
- RE: More Office XP problems (04/06/02)
Matt Burleigh
- Re: Zope security address (04/02/02)
Matt Conover
- w00w00 on Microsoft IE/Office for Mac OS (04/16/02)
Matthew Murphy
- Lil' HTTP Server Directory Traversal Vulnerability (04/21/02)
- vqServer Demo Files Cross-Site Scripting (04/21/02)
- DoS in Multiple IE Versions (Self-Referenced Directives) (04/20/02)
matthew@ectisp.net
- popper_mod 1.2.1 and previous accounts compromise (03/30/02)
Matthias Jordan
- SQL injection in PHPGroupware (04/03/02)
Mauro Lacy
- Remote Timing Techniques over TCP/IP (04/18/02)
Meder Kydyraliev
- packet filter fingerprinting(open but closed, closed but filtered) (03/31/02)
MegaHz
- buffer overflow, using greek characters, AGAIN! (04/17/02)
- Re: emumail.cgi (04/06/02)
Menashe Eliezer
- RE: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list) (04/25/02)
- Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list) (04/25/02)
Michael
- DOS for Icq 2001&2002 (04/19/02)
Michael Rawls
- Nortel CVX 1800s will dump all local user names and passwords via SNMP (04/13/02)
Michael S Soukup
- IBM Security Advisory: IBM Tivoli Policy Director WebSEAL (04/17/02)
Michael Young
- Re: (Fwd) Keyservers Cross Site Scripting (When CSS Gets Dangerous) (04/22/02)
Microsoft
- Microsoft Security Bulletin MS02-020:SQL Extended Procedure Functions Contain Unchecked Buffers (Q319507) (04/18/02)
- Microsoft Security Bulletin MS02-019: Unchecked Buffer in Internet Explorer and Office for Mac Can Cause Code to Execute (Q321309) (04/17/02)
- Microsoft Security Bulletin MS02-019: Unchecked Buffer in Internet Explorer and Office for Mac Can Cause Code to Execute (Q321309) (04/17/02)
Mike Fetherston
- Re: KPMG-2002013: Coldfusion Path Disclosure (04/19/02)
Mike Scher
- Re: Multiple Vendor "talkd" user validation fault. (04/05/02)
Milos Urbanek
- OpenBSD Local Root Compromise (04/11/02)
MOD
- PHP-Survey Database Access Vulnerability (04/26/02)
mutt@techie.com
- Re: Trendmicro - Interscan - List of BCC: is revealed when stripping attachments and notifying destination addresses (04/26/02)
nawok@nawok.org
- psyBNC 2.3 DoS / bug (04/22/02)
Neeko Oni
- Icecast temp patch (OR: Patches? We DO need stinkin' patches!!@$!) (04/03/02)
NGSSoftware Insight Security Research
- Buffer Overrun in Talentsoft's Web+ (3) (#NISR17042002B) (04/16/02)
- Back Office Web Administrator Authentication Bypass (#NISR17042002A) (04/16/02)
- Webtrends Reporting Center Buffer Overflow (#NISR17042002C) (04/16/02)
NGSSoftware Insight Security Research Advisory (NISR)
- Fw: Multiple Vulnerabilties in Sambar Server (04/01/02)
Nick Benigno
- RE: CA security contact (04/05/02)
Nick Lamb
- Re: VNC Security Bulletin - zlib double free issue (multiple vendors and versions) (04/06/02)
Nicolas Gregoire
- CA security contact (04/05/02)
- Re: KPMG-2002006: Lotus Domino Physical Path Revealed (03/03/02)
Niels Provos
- OpenSSH Security Advisory (adv.token) (04/21/02)
Noah Johnson
- AIM's 'Direct Connection' feature could lead to arbitrary file creation (04/16/02)
Noam Rathaus
- Keyservers Cross Site Scripting (When CSS Gets Dangerous) (04/20/02)
Nsfocus Security Team
- NSFOCUS SA2002-02 : Microsoft Windows MUP overlong request kernel overflow (04/04/02)
- NSFOCUS SA2002-01: Sun Solaris Xsun "-co" heap overflow (04/02/02)
N|ghtHawk
- Re: Possible vulnerabilities of ICQ files opened in IE or OE (04/16/02)
- Re: emumail.cgi (04/05/02)
Ofir Arkin
- Ammendum: A crash course with Linux Kernel 2.4.x, IP ID values & RFC 791 (04/17/02)
- A crash course with Linux Kernel 2.4.x, IP ID values & RFC 791 (04/13/02)
Patrick Oonk
- Pine Internet Advisory: Setuid application execution may give local root in FreeBSD (04/22/02)
Patrik Karlsson
- iXsecurity.20020328.tivoli_tsm_dsmsvc.a (04/12/02)
- iXsecurity.20020327.tivoli_tsm_dsmcad.a (04/11/02)
- NetWare Remote Manager patches (04/06/02)
- iXsecurity.20020314.csadmin_fmt.a (04/03/02)
- iXsecurity.20020313.nw6remotemanager.a (04/03/02)
- iXsecurity.20020316.csadmin_dir.a (04/03/02)
- iXsecurity.20020313.nw6remotemanager.a (04/02/02)
Paul Schmehl
- RE: More Office XP problems (04/06/02)
Paul Starzetz
- Re: An alternative method to check LKM backdoor/rootkit (04/17/02)
- Inn (Inter Net News) security problems (04/11/02)
Paul Szabo
- RE: More Office XP problems (04/07/02)
Pete Finnigan
- Re: ansi outer join syntax in Oracle allows access to any data (04/18/02)
- Re: ansi outer join syntax in Oracle allows access to any data (04/16/02)
- ansi outer join syntax in Oracle allows access to any data (04/16/02)
Peter Gründl
- KPMG-2002016: Bea Weblogic incorrect URL parsing issues (04/30/02)
- KPMG-2002015: Microsoft Distributed Transaction Coordinator DoS (04/19/02)
- KPMG-2002014: Foundstone Fscan Format String Bug (04/19/02)
- KPMG-2002012: (Re-submitted) Sambar Webserver Serverside Fileparse Bypass (04/18/02)
- KPMG-2002013: Coldfusion Path Disclosure (04/18/02)
- KPMG-2002012: Sambar Webserver Serverside Fileparse Bypass (04/17/02)
- KPMG-2002011: Windows 2000 microsoft-ds Denial of Service (04/17/02)
- KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun (04/11/02)
- KPMG-2002009: Microsoft IIS W3SVC Denial of Service (04/11/02)
- KPMG-2002008: Watchguard SOHO IP Restrictions Flaw (04/10/02)
- KPMG-2002006: Lotus Domino Physical Path Revealed (04/02/02)
Phil
- Re: Identifying Kernel 2.4.x based Linux machines using UDP (03/29/02)
Phil Dibowitz
- MS 3/28/02 Security Patch for IE6 - warning! (04/02/02)
Phil Froehlich
- Re: CA security contact (04/11/02)
Philippe Bourgeois
- RE: An alternative method to check LKM backdoor/rootkit (04/17/02)
pokleyzz sakamaniaka
- Demarc PureSecure 1.05 may be other (user can bypass login) (04/15/02)
ppp-design
- Blahz-DNS: Authentication bypass vulnerability (04/28/02)
- dnstools: authentication bypass vulnerability (04/28/02)
- SunSop: cross-site-scripting bug (04/13/02)
Przemyslaw Frasunek
- Re: Sudo version 1.6.6 now available (fwd) (04/25/02)
- local root compromise in openbsd 3.0 and below (04/11/02)
psychoid@rewtbox.de
- Re: psyBNC 2.3 DoS / Bug (04/23/02)
quentyn@fotango.com
- SOAP::Lite hole (04/11/02)
Randal L. Schwartz
- Re: emumail.cgi (04/09/02)
Randy Hinders
- RE: Microsoft IIS 5.0 CodeBrws.asp Source Disclosure (04/17/02)
RATS Announce
- ANNOUNCE: RATS 1.4 (04/23/02)
Replugge [ROD]
- More Cross site Scripting in PHPNuke (04/23/02)
researchteam5@esecurityonline.com
- eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy dis play name buffer overflow vulnerability (04/29/02)
- eSecurityOnline Security Advisory 2406 - CDE dtprintinfo Help sea rch buffer overflow vulnerability (04/29/02)
- eSecurityOnline Security Advisories notes (04/29/02)
- eSecurityOnline Security Advisory 4123 - Sun Solaris admintool me dia installation path buffer overflow vulnerability (04/29/02)
- eSecurityOnline Security Advisory 4198 - Sun Solaris cachefsd mou nt file buffer overflow vulnerability (04/29/02)
- eSecurityOnline Security Advisory 4197 - Sun Solaris cachefsd den ial of service vulnerability (04/29/02)
- eSecurityOnline Security Advisory 2397 - Sun Solaris admintool -d and PRODVERS buffer overflow vulnerabilities (04/29/02)
- eSecurityOnline Security Advisory 2408 - CIDER SHADOW CGI (04/29/02)
Rich Lafferty
- Re: Trendmicro - Interscan - List of BCC: is revealed when stripping attachments and notifying destination addresses (04/25/02)
Ron DuFresne
- Re: fragroute vs. snort: the tempest in a teacup (04/19/02)
Rossen Raykov
- Zope security address (04/01/02)
Roy Hills
- RE: Raptor Firewall FTP Bounce vulnerability (04/17/02)
- Raptor Firewall FTP Bounce vulnerability (04/15/02)
Sacha Faust
- Firewall-1 Identification : port 257 (ie archive : 18701) (04/02/02)
Scott T. Cameron
- Re: Restricted Shells (04/19/02)
SeazoN
- wbboard 1.1.1 Cross Site Scripting Vulnerability (04/13/02)
Sebastian Krahmer
- SuSE Security Announcement: sudo (SuSE-SA:2002:014) (04/30/02)
- SuSE Security Announcement: radiusd-cistron (SuSE-SA:2002:013) (04/29/02)
secure@conectiva.com.br
- [CLA-2002:476] Conectiva Linux Security Announcement - webalizer (04/26/02)
- [CLA-2002:475] Conectiva Linux Security Announcement - sudo (04/26/02)
- [CLA-2002:474] Conectiva Linux Security Announcement - ethereal (04/25/02)
- [CLA-2002:471] Conectiva Linux Security Announcement - cups (04/03/02)
Security
- Re: Winamp: Mp3 file can control the minibrowser (04/04/02)
security@caldera.com
- Security Update: [CSSA-2002-018.0] Linux: Race condition in fileutils (04/30/02)
- Security Update: [CSSA-2002-017.0] Linux: squid compressed DNS answer message boundary failure (04/26/02)
- Security Update: [CSSA-2002-016.0] Linux: horde/imp cross scripting vulnerabilities (04/16/02)
- Security Update: [CSSA-2002-SCO.16] UnixWare 7.1.1 : Multiple Vulnerabilities in BIND (04/13/02)
- Security Update: [CSSA-2002-SCO.15] Open UNIX 8.0.0 UnixWare 7.1.1 : Buffer overflow in libX11 with -xrm (04/11/02)
- Security Update: [CSSA-2002-SCO.14] Open UNIX 8.0.0 UnixWare 7.1.1 : X server allows access to any shared memory on the system (04/09/02)
- Security Update: [CSSA-2002-015.0] Linux: Double free in zlib (libz) vulnerability (04/05/02)
- Security Update: [CSSA-2002-014.0] Linux: rsync supplementary groups vulnerability (04/04/02)
- Security Update: [CSSA-2002-005.0] Linux - LD_LIBRARY_PATH problem in KDE sessions (03/30/02)
- Security Update: [CSSA-2002-013.0] Linux: Name Service Cache Daemon (nscd) advisory (03/29/02)
- Security Update: [CSSA-2002-011.0] Linux: mod_ssl Buffer Overflow Condition (03/29/02)
SGI Security Coordinator
- IRIX pmcd Denial of Service vulnerability (04/30/02)
- IRIX /dev/ipfilter Denial of Service vulnerability (04/30/02)
- IRIX cpr vulnerability (04/30/02)
- IRIX hpsnmpd vulnerability (04/24/02)
- IRIX syslogd vulnerability (04/24/02)
- IRISconsole icadmin password vulnerability (04/24/02)
- IRIX cron daemon vulnerability (04/17/02)
- IRIX XFS filesystem denial of service attack (04/15/02)
- IRIX Mail, mailx, timed and sort vulnerabilities (04/11/02)
- IRIX SNMP Vulnerabilities (04/03/02)
Sil
- AIM Remote File Transfer/Direct Connection Vulnerability (04/21/02)
silentsupporter@poczta.onet.pl
- Possible vulnerabilities of ICQ files opened in IE or OE (04/14/02)
Simon Loader
- SASL (v1/v2) MYSQL/LDAP authentication patch. (04/02/02)
Simon Lodal
- IBM Informix Web DataBlade: Local root by design (04/17/02)
- IBM Informix Web DataBlade: Auto-decoding HTML entities (04/11/02)
- IBM Informix Web DataBlade: SQL injection (04/11/02)
Slackware Security Team
- [slackware-security] sudo upgrade fixes a potential vulnerability (04/25/02)
snsadv@lac.co.jp
- [SNS Advisory No.51] Compaq Tru64 UNIX libc Buffer Overflow Vulnerability (04/17/02)
- [SNS Advisory No.50] Compaq Tru64 UNIX dtprintinfo "-session" Buffer Overflow Vulnerability (04/17/02)
- [SNS Advisory No.49] A Possibility of Internet Information Server/Services Cross Site Scripting (04/11/02)
Solar Designer
- Re: Remote Timing Techniques over TCP/IP (04/19/02)
- Re: local root compromise in openbsd 3.0 and below (04/11/02)
Spybreak
- Remote buffer overflow in Webalizer (04/15/02)
- LogWatch 2.5 still vulnerable (04/03/02)
stealth
- Re: Remote Timing Techniques over TCP/IP (04/20/02)
Stefan Walk
- Re: Ikonboard 2.1.9 (possible other versions) Vulnerability when HTML is ON (04/24/02)
Steve Gustin
- CGIscript.net - csMailto.cgi - Remote Command Execution (04/23/02)
- multiple CGIscript.net scripts - Remote Code Execution (04/08/02)
Steve Zins
- LabVIEW Web Server DoS Vulnerability (04/23/02)
Steven M. Bellovin
- Re: trusting user-supplied data (was Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio) (04/25/02)
- Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio (04/23/02)
- Re: fragroute vs. snort: the tempest in a teacup (04/19/02)
Steven M. Christey
- Re: Multiple Vulnerabilties Sambar Webserver (04/03/02)
Steven Zins
- Re: LabVIEW Web Server DoS Vulnerability (04/24/02)
Summercon Admin
- Summercon 2002 CFP (04/19/02)
sunny licious
- Ability to read buddy list of AIM users (04/15/02)
Syzop
- Re: Remote Timing Techniques over TCP/IP (04/19/02)
TAKAGI, Hiromitsu
- MHonArc v2.5.2 Script Filtering Bypass Vulnerability (04/18/02)
Tamer Sahin
- Re: Multiple Vulnerabilties Sambar Webserver (04/03/02)
Tekno pHReak
- Multiple Vendor "talkd" user validation fault. (04/03/02)
the Pull
- RE: MS 3/28/02 Security Patch for IE6 - warning! (04/03/02)
Theo de Raadt
- Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio (04/22/02)
Thiébaut
- Security bugs in PhpNuke (04/03/02)
Thomas Biege
- SuSE Security Announcement: ucdsnmp (SuSE-SA:2002:012) (04/08/02)
Thor Larholm
- RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS) (04/30/02)
- RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS) (04/30/02)
- IE allows universal Cross Site Scripting (TL#002) (04/16/02)
- IIS allows universal CrossSiteScripting (04/10/02)
- RE: MS 3/28/02 Security Patch for IE6 - warning! (04/03/02)
Thor@HammerofGod.com
- Re: Vulnerability: Windows2000Server running Terminalservices (04/10/02)
Tim Jackson
- Re: Bug in QPopper (All Versions?) (04/20/02)
Todd Sabin
- Windows 2000 DCOM clients may leak sensitive information onto the network (04/02/02)
Tom Donovan
- Re: KPMG-2002013: Coldfusion Path Disclosure (04/26/02)
Tom Micklovitch
- Re: emumail.cgi (04/05/02)
Tom.Unger@gmx.de
- Vulnerability: Windows2000Server running Terminalservices (04/09/02)
Toni Lassila
- List of extended sprocs that are vulnerable? FW: Microsoft Security Bulletin MS02-020 (04/18/02)
trial@freemail.hu
- Re: CORE-20020409: Multiple vulnerabilities in stack smashing protection technologies (04/25/02)
Trish Lynch
- Response to KF about Listar/Ecartis Vulnerability (04/27/02)
Trustix Secure Linux Advisor
- TSLSA-2002-0047 - openssh (04/29/02)
- TSLSA-2002-0046 - sudo (04/29/02)
Ulf Harnhammar
- PHProjekt multiple vulnerabilities (04/25/02)
- Anthill login and JavaScript vulnerabilities (04/06/02)
verbal@mrverbal.com
- RE: MS02-018 (04/11/02)
Vern Paxson
- Re: Snort exploits (04/18/02)
Vishal Ganeriwala
- Amazon.com Password limit (04/18/02)
Wang Jian
- ç”ĺ¤Ť: An alternative method to check LKM backdoor/rootkit (04/18/02)
- An alternative method to check LKM backdoor/rootkit (04/17/02)
Wang Yun
- Tomcat 4.1 real path disclosure (04/19/02)
Whitecell Security Systems
- (WSS-Advisories-02003) PHPBB BBcode Process Vulnerability (04/04/02)
Wichert Akkerman
- [SECURITY] [DSA-128-1] sudo buffer overflow (04/26/02)
- [SECURITY] [DSA-127-1] buffer overflow in xpilot-server (04/17/02)
- [SECURITY] [DSA-126-1] Horde and IMP cross-site scripting attack (04/16/02)
Wietse Venema
- Re: trusting user-supplied data (was Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio) (04/24/02)
William Aguilar
- Re: Raptor Firewall FTP Bounce vulnerability (04/17/02)
zeno
- Re: Cross site scripting @verisign.com and @cybercash.com (04/19/02)
- Cgisecurity Advisory #9: Novell Websearch, and Microsoft IIS XSS Issues (04/10/02)

Last message date: 04/30/02
Archived on: 04/30/02 CEST

434 messages sorted by: [ date ] [ thread ] [ subject ] [ attachment ]

SecurityFocus BugtraqBy Author

SecurityFocus Bugtraq
By Author