SecurityFocus Bugtraq
By Subject

434 messages sorted by: [ author ] [ date ] [ thread ] [ attachment ]

Starting: 04/01/02
Ending: 04/30/02

(Fwd) Keyservers Cross Site Scripting (When CSS Gets Dangerous)
- Michael Young (04/22/02)
(SRADV00006) Remote command execution vulnerabilities in phpGroupWare
- Dan Kuykendall (04/11/02)
(WSS-Advisories-02003) PHPBB BBcode Process Vulnerability
- Whitecell Security Systems (04/04/02)
@stake advisory: .htr heap overflow in IIS 4.0 and 5.0
- advisories@atstake.com (04/10/02)
[[ TH 026 Inc. ]] SA #1 - Multiple vulnerabilities in PVote 1.5
- Daniel Nyström (04/18/02)
[[ TH 026 Inc. ]] SA #2 - IcrediBB 1.1, Cross Site Scripting vulnerability.
- Daniel Nyström (04/19/02)
[CERT-intexxia] AOLServer DB Proxy Daemon Format String Vulnerability
- Benoît Roussel (04/16/02)
[CLA-2002:471] Conectiva Linux Security Announcement - cups
- secure@conectiva.com.br (04/03/02)
[CLA-2002:474] Conectiva Linux Security Announcement - ethereal
- secure@conectiva.com.br (04/25/02)
[CLA-2002:475] Conectiva Linux Security Announcement - sudo
- secure@conectiva.com.br (04/26/02)
[CLA-2002:476] Conectiva Linux Security Announcement - webalizer
- secure@conectiva.com.br (04/26/02)
[ESA-20020423-009] webalizer contains a potentially exploitable buffer overflow
- EnGarde Secure Linux (04/23/02)
[ESA-20020429-010] 'sudo' heap corruption vulnerability
- EnGarde Secure Linux (04/29/02)
[Global InterSec 2002041701] Sudo Password Prompt Vulnerability.
- Global InterSec Research (04/25/02)
[RHSA-2001:089-08] Updated tcpdump packages available for Red Hat Linux 6.2 and 7.x
- bugzilla@redhat.com (04/09/02)
[RHSA-2002:053-12] Race conditions in logwatch
- bugzilla@redhat.com (04/05/02)
[RHSA-2002:054-09] Race conditions in logwatch
- bugzilla@redhat.com (04/05/02)
[RHSA-2002:063-05] Updated icecast packages are available
- bugzilla@redhat.com (04/26/02)
[RHSA-2002:071-07] Updated sudo packages are available
- Dave Ahmad (04/26/02)
[RHSA-2002:072-07] Updated sudo packages are available
- bugzilla@redhat.com (04/25/02)
[SECURITY] [DSA-126-1] Horde and IMP cross-site scripting attack
- Wichert Akkerman (04/16/02)
[SECURITY] [DSA-127-1] buffer overflow in xpilot-server
- Wichert Akkerman (04/17/02)
[SECURITY] [DSA-128-1] sudo buffer overflow
- Wichert Akkerman (04/26/02)
[slackware-security] sudo upgrade fixes a potential vulnerability
- Slackware Security Team (04/25/02)
[SNS Advisory No.49] A Possibility of Internet Information Server/Services Cross Site Scripting
- snsadv@lac.co.jp (04/11/02)
[SNS Advisory No.50] Compaq Tru64 UNIX dtprintinfo "-session" Buffer Overflow Vulnerability
- snsadv@lac.co.jp (04/17/02)
[SNS Advisory No.51] Compaq Tru64 UNIX libc Buffer Overflow Vulnerability
- snsadv@lac.co.jp (04/17/02)
[VulnWatch] vuln in wwwisis: remote command execution and get files
- Jorge Walters (04/03/02)
A buffer overflow study - generic protections
- Crispin Cowan (04/03/02)
A bug in the Kerberos4 ftp client may cause heap overflow which leads to remote code execution
- Marcell Fodor (04/24/02)
A crash course with Linux Kernel 2.4.x, IP ID values & RFC 791
- Ofir Arkin (04/13/02)
Ability to read buddy list of AIM users
- Eugene Medynskiy (04/16/02)
- emann@questinc.org (04/15/02)
- emann@questinc.org (04/15/02)
- Andrew J. Stackhouse (04/15/02)
- sunny licious (04/15/02)
About: Using the backbutton in IE is dangerous
- Andreas Sandblad (04/15/02)
Abyss Webserver 1.0 Administration password file retrieval exploit
- Jeremy Roberts (04/09/02)
Adivosry + Exploit for Remote Root Hole in Default Installation of Popular Commercial Operating System
- gobbles@hushmail.com (04/30/02)
AIM Remote File Transfer/Direct Connection Vulnerability
- Sil (04/21/02)
AIM's 'Direct Connection' feature could lead to arbitrary file creation
- Noah Johnson (04/16/02)
ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT
- gobbles@hushmail.com (04/11/02)
ALERT! ALERT! ALERT! ALERT! ALERT! hehehehe ;Pppppp
- gobbles@hushmail.com (04/20/02)
Amazon.com Password limit
- jon schatz (04/19/02)
- Vishal Ganeriwala (04/18/02)
Ammendum: A crash course with Linux Kernel 2.4.x, IP ID values & RFC 791
- Ofir Arkin (04/17/02)
An alternative method to check LKM backdoor/rootkit
- Karsten W. Rohrbach (04/18/02)
- Philippe Bourgeois (04/17/02)
- Florian Weimer (04/18/02)
- Paul Starzetz (04/17/02)
- Wang Jian (04/17/02)
ANNOUNCE: RATS 1.4
- RATS Announce (04/23/02)
Announcing Immunix SnackGuard
- Crispin Cowan (04/01/02)
Another Faq-O-Matic XSS Vuln?
- BrainRawt . (04/20/02)
ansi outer join syntax in Oracle allows access to any data
- Pete Finnigan (04/18/02)
- Greg Williamson (04/17/02)
- Pete Finnigan (04/16/02)
- Charles J Wertz (04/16/02)
- Pete Finnigan (04/16/02)
Anthill login and JavaScript vulnerabilities
- Ulf Harnhammar (04/06/02)
arp problem
- dlaumann@suntzu.net (04/24/02)
- Akatosh (04/23/02)
- Bartłomiej (04/21/02)
Back Office Web Administrator Authentication Bypass (#NISR17042002A)
- NGSSoftware Insight Security Research (04/16/02)
Blahz-DNS: Authentication bypass vulnerability
- ppp-design (04/28/02)
Boursorama.com cookie exploit
- Eyrill / Securiteinfo.com (04/01/02)
buffer overflow, using greek characters, AGAIN!
- MegaHz (04/17/02)
Buffer Overrun in Talentsoft's Web+ (3) (#NISR17042002B)
- NGSSoftware Insight Security Research (04/16/02)
Bug in QPopper (All Versions?)
- Tim Jackson (04/20/02)
Bypassing javascript filters - problem N3.
- fozzy@dmpfrance.com (04/02/02)
- Alexander K. Yezhov (04/01/02)
CA security contact
- Phil Froehlich (04/11/02)
- Dustin E. Childers (04/05/02)
- Nick Benigno (04/05/02)
- KF (04/05/02)
- Nicolas Gregoire (04/05/02)
CGIscript.net - csMailto.cgi - Remote Command Execution
- Steve Gustin (04/23/02)
Cgisecurity Advisory #9: Novell Websearch, and Microsoft IIS XSS Issues
- zeno (04/10/02)
cheers
- KF (04/23/02)
Cisco Security Advisory: Aironet Telnet Vulnerability
- Cisco Systems Product Security Incident Response Team (04/09/02)
Cisco Security Advisory: Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
- Cisco Systems Product Security Incident Response Team (04/16/02)
Cisco Security Advisory: Solaris /bin/log vulnerability
- Charles M. Richmond (04/12/02)
- Cisco Systems Product Security Incident Response Team (04/10/02)
Cisco Security Advisory: Vulnerability in zlib library
- Cisco Systems Product Security Incident Response Team (04/03/02)
Cisco Security Advisory: Web interface vulnerabilities in ACS for Windows
- Cisco Systems Product Security Incident Response Team (04/03/02)
Controlling the clipboard with OWC in IE (GM#007-IE)
- GreyMagic Software (04/08/02)
CORE-20020409: Multiple vulnerabilities in stack smashing protection technologies
- Mariusz Woloszyn (04/28/02)
- trial@freemail.hu (04/25/02)
- Iván Arce (04/24/02)
Cross site scripting @verisign.com and @cybercash.com
- KF (04/19/02)
- zeno (04/19/02)
Cross site scripting in almost every mayor website
- GreyMagic Software (04/23/02)
- Berend-Jan Wever (04/21/02)
- FozZy (04/21/02)
- Berend-Jan Wever (04/19/02)
Cross Site Scripting. Many Sites Vulnerable.
- InterWN Labs (04/21/02)
De-anonymizer
- Berend-Jan Wever (04/23/02)
Demarc PureSecure 1.05 may be other (user can bypass login)
- pokleyzz sakamaniaka (04/15/02)
Demarc Security Update Advisory
- Demarc Security Support (04/17/02)
Denial of Service in Mosix 1.5.x
- enrico@wizards-of-source.org (04/23/02)
dnstools: authentication bypass vulnerability
- ppp-design (04/28/02)
DOS for Icq 2001&2002
- Michael (04/19/02)
DoS in debian (potato) proftpd: 1.2.0pre10-2.0potato1
- Alun Jones (04/04/02)
- martin f krafft (03/29/02)
DoS in Multiple IE Versions (Self-Referenced Directives)
- Matthew Murphy (04/20/02)
Dynamic Guestbook V3.0 Cross Site Scripting and Arbitrary Command Execution under certain circumstances
- Florian Hobelsberger / BlueScreen (04/03/02)
Early Reg to Close Soon! (fwd)
- Adam Shostack (04/22/02)
ecartis / listar PoC
- KF (04/26/02)
- John Madden (04/26/02)
- KF (04/25/02)
emumail.cgi
- Randal L. Schwartz (04/09/02)
- MegaHz (04/06/02)
- N|ghtHawk (04/05/02)
- Tom Micklovitch (04/05/02)
- acidneo@altern.org (04/04/02)
emumail.cgi, one more local vulnerability (not verified)
- Leif Jakob (04/10/02)
eSecurityOnline Security Advisories notes
- researchteam5@esecurityonline.com (04/29/02)
eSecurityOnline Security Advisory 2397 - Sun Solaris admintool -d and PRODVERS buffer overflow vulnerabilities
- researchteam5@esecurityonline.com (04/29/02)
eSecurityOnline Security Advisory 2406 - CDE dtprintinfo Help sea rch buffer overflow vulnerability
- researchteam5@esecurityonline.com (04/29/02)
eSecurityOnline Security Advisory 2408 - CIDER SHADOW CGI
- researchteam5@esecurityonline.com (04/29/02)
eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy dis play name buffer overflow vulnerability
- researchteam5@esecurityonline.com (04/29/02)
eSecurityOnline Security Advisory 4123 - Sun Solaris admintool me dia installation path buffer overflow vulnerability
- researchteam5@esecurityonline.com (04/29/02)
eSecurityOnline Security Advisory 4197 - Sun Solaris cachefsd den ial of service vulnerability
- researchteam5@esecurityonline.com (04/29/02)
eSecurityOnline Security Advisory 4198 - Sun Solaris cachefsd mou nt file buffer overflow vulnerability
- researchteam5@esecurityonline.com (04/29/02)
Exploit for Tarantella Enterprise 3 installation (BID 3966)
- Larry W. Cashdollar (04/04/02)
Firewall-1 Identification : port 257 (ie archive : 18701)
- Mariusz Woloszyn (04/03/02)
- Sacha Faust (04/02/02)
Follows: Norton Personal Firewall 2002 vulnerable to SYN/FIN scan
- Alfonso Fiore (04/30/02)
Fragroute and ISS (NetworkICE) products: a brief analysis
- Chris Deibler (04/26/02)
fragroute vs. snort: the tempest in a teacup
- jan@nil.si (04/19/02)
- Ron DuFresne (04/19/02)
- Steven M. Bellovin (04/19/02)
- Brad Powell (04/19/02)
- Darren Reed (04/19/02)
- Dragos Ruiu (04/18/02)
- Dug Song (04/18/02)
Fragroute-NetworkICE follow-up
- Chris Deibler (04/27/02)
FreeBSD Security Advisory FreeBSD-SA-02:18.zlib [REVISED]
- FreeBSD Security Advisories (04/18/02)
FreeBSD Security Advisory FreeBSD-SA-02:20.syncache
- FreeBSD Security Advisories (04/16/02)
FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip
- FreeBSD Security Advisories (04/17/02)
FreeBSD Security Advisory FreeBSD-SA-02:23.stdio
- Steven M. Bellovin (04/23/02)
- bert hubert (04/22/02)
- Theo de Raadt (04/22/02)
- FreeBSD Security Advisories (04/22/02)
FreeBSD Security Advisory FreeBSD-SA-02:23.stdio)
- Steven M. Bellovin (04/25/02)
- Wietse Venema (04/24/02)
- James Ralston (04/24/02)
Full analysis of multiple remotely exploitable bugs in Icecast 1.3.11
- dizznutt@my.security.nl (04/04/02)
Fun With MSN Chat Part I (Cross Scripting)
- John Heasman (03/29/02)
gobbles ntop alert
- Burton M. Strauss III (04/11/02)
Happy Easter / April Fools from Snosoft (Oracle 8.1.5 tnslsnr)
- KF (04/01/02)
HiverCon 2002
- Mark Anderson (04/18/02)
Howto exploit a remote format bug automatically
- Fredrik Widlund (04/19/02)
- Frédéric Raynal (04/18/02)
Huge Privacy Threats in Webmails and How Big Companies Handle them
- FozZy (04/01/02)
IBM Informix Web DataBlade: Auto-decoding HTML entities
- Simon Lodal (04/11/02)
IBM Informix Web DataBlade: Local root by design
- Simon Lodal (04/17/02)
IBM Informix Web DataBlade: SQL injection
- Simon Lodal (04/11/02)
IBM Security Advisory: IBM Tivoli Policy Director WebSEAL
- Michael S Soukup (04/17/02)
icecast 1.3.11 remote shell/root exploit - #temp
- dizznutt@my.security.nl (04/02/02)
Icecast temp patch (OR: Patches? We DO need stinkin' patches!!@$!)
- Neeko Oni (04/03/02)
Identifying Kernel 2.4.x based Linux machines using UDP
- Phil (03/29/02)
IE allows universal Cross Site Scripting (TL#002)
- GreyMagic Software (04/17/02)
- Thor Larholm (04/16/02)
IE DoS and possibly exploitable stack overflow
- Berend-Jan Wever (04/24/02)
IE Word ActiveX DoS Loop
- eflorio@edmaster.it (04/08/02)
IE: Remote webpage can script in local zone
- Andreas Sandblad (03/30/02)
IIS allows universal CrossSiteScripting
- Thor Larholm (04/10/02)
Ikonboard 2.1.9 (possible other versions) Vulnerability when HTML is ON
- Stefan Walk (04/24/02)
IMP 2.2.8 (SECURITY) released
- Brent J. Nordquist (04/06/02)
IndiaTimes.com - Email - Session hijacking and Inbox Blocking
- Giri Sandeep (04/26/02)
Inn (Inter Net News) security problems
- Paul Starzetz (04/11/02)
Intel D845HV/WN/PT series motherboard vulnerability
- Dave Oliver (04/25/02)
invitation to my cam (fwd)
- Johnny J Chin (03/29/02)
IRISconsole icadmin password vulnerability
- SGI Security Coordinator (04/24/02)
IRIX /dev/ipfilter Denial of Service vulnerability
- SGI Security Coordinator (04/30/02)
IRIX cpr vulnerability
- SGI Security Coordinator (04/30/02)
IRIX cron daemon vulnerability
- SGI Security Coordinator (04/17/02)
IRIX FTP Bounce vulnerability
- Christophe Casalegno (03/30/02)
IRIX hpsnmpd vulnerability
- SGI Security Coordinator (04/24/02)
IRIX Mail, mailx, timed and sort vulnerabilities
- SGI Security Coordinator (04/11/02)
IRIX pmcd Denial of Service vulnerability
- SGI Security Coordinator (04/30/02)
IRIX SNMP Vulnerabilities
- SGI Security Coordinator (04/03/02)
IRIX syslogd vulnerability
- SGI Security Coordinator (04/24/02)
IRIX XFS filesystem denial of service attack
- Eric Sandeen (04/16/02)
- H D Moore (04/16/02)
- SGI Security Coordinator (04/15/02)
ITCP Advisory 13: Bypassing of ATGuard Firewall possible
- BlueScreen (04/29/02)
iXsecurity.20020313.nw6remotemanager.a
- Patrik Karlsson (04/03/02)
- Patrik Karlsson (04/02/02)
iXsecurity.20020314.csadmin_fmt.a
- Patrik Karlsson (04/03/02)
iXsecurity.20020316.csadmin_dir.a
- Patrik Karlsson (04/03/02)
iXsecurity.20020327.tivoli_tsm_dsmcad.a
- Patrik Karlsson (04/11/02)
iXsecurity.20020328.tivoli_tsm_dsmsvc.a
- Patrik Karlsson (04/12/02)
Keyservers Cross Site Scripting (When CSS Gets Dangerous)
- Noam Rathaus (04/20/02)
KPMG-2002006: Lotus Domino Physical Path Revealed
- Joe Testa (04/02/02)
- Nicolas Gregoire (03/03/02)
- Peter Gründl (04/02/02)
KPMG-2002007: Watchguard SOHO Denial of Service
- Andreas Sandor (04/08/02)
KPMG-2002008: Watchguard SOHO IP Restrictions Flaw
- Peter Gründl (04/10/02)
KPMG-2002009: Microsoft IIS W3SVC Denial of Service
- Peter Gründl (04/11/02)
KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun
- Peter Gründl (04/11/02)
KPMG-2002011: Windows 2000 microsoft-ds Denial of Service
- Peter Gründl (04/17/02)
KPMG-2002012: (Re-submitted) Sambar Webserver Serverside Fileparse Bypass
- Peter Gründl (04/18/02)
KPMG-2002012: Sambar Webserver Serverside Fileparse Bypass
- Peter Gründl (04/17/02)
KPMG-2002013: Coldfusion Path Disclosure
- Tom Donovan (04/26/02)
- Mike Fetherston (04/19/02)
- Bejon Parsinia (04/19/02)
- Chris Ess (04/18/02)
- Peter Gründl (04/18/02)
KPMG-2002014: Foundstone Fscan Format String Bug
- Peter Gründl (04/19/02)
KPMG-2002015: Microsoft Distributed Transaction Coordinator DoS
- Andrew Kunz (04/26/02)
- Peter Gründl (04/19/02)
KPMG-2002016: Bea Weblogic incorrect URL parsing issues
- Peter Gründl (04/30/02)
LabVIEW Web Server DoS Vulnerability
- Steven Zins (04/24/02)
- Steve Zins (04/23/02)
Lil' HTTP Server Directory Traversal Vulnerability
- Matthew Murphy (04/21/02)
local root compromise in openbsd 3.0 and below
- Brett Glass (04/13/02)
- Manuel Bouyer (04/14/02)
- Manuel Bouyer (04/12/02)
- Solar Designer (04/11/02)
- Przemyslaw Frasunek (04/11/02)
Local Security Vulnerability in Windows NT and Windows 2000
- Alexander K. Yezhov (03/29/02)
LogWatch 2.5 still vulnerable
- Spybreak (04/03/02)
Mailman/Pipermail private mailing list/local user vulnerability
- H. Peter Anvin (04/17/02)
Matu FTP remote buffer overflow vulnerability
- Kanatoko (04/22/02)
MDKSA-2002:024-1 - rsync update
- Mandrake Linux Security Team (04/18/02)
MDKSA-2002:026 - libsafe update
- Mandrake Linux Security Team (04/12/02)
MDKSA-2002:027 - squid update
- Mandrake Linux Security Team (04/17/02)
MDKSA-2002:028 - sudo update
- Mandrake Linux Security Team (04/26/02)
MDKSA-2002:029 - imlib update
- Mandrake Linux Security Team (04/26/02)
Melange Chat POC DOS
- dvdman (04/16/02)
MHonArc v2.5.2 Script Filtering Bypass Vulnerability
- TAKAGI, Hiromitsu (04/18/02)
Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list)
- Deus, Attonbitus (04/25/02)
- Menashe Eliezer (04/25/02)
- 3APA3A (04/25/02)
- Menashe Eliezer (04/25/02)
Microsoft FTP Service STAT Globbing DoS
- H D Moore (04/17/02)
Microsoft IIS 5.0 CodeBrws.asp Source Disclosure
- Chris Anley (04/18/02)
- Randy Hinders (04/17/02)
- H D Moore (04/17/02)
- Joe Testa (04/17/02)
- H D Moore (04/17/02)
Microsoft Security Bulletin - MS02-020
- Bronek Kozicki (04/19/02)
- Chip Andrews (04/19/02)
- Bronek Kozicki (04/18/02)
Microsoft Security Bulletin MS02-019: Unchecked Buffer in Internet Explorer and Office for Mac Can Cause Code to Execute (Q321309)
- Microsoft (04/17/02)
- Microsoft (04/17/02)
Microsoft Security Bulletin MS02-020
- Bronek Kozicki (04/19/02)
- Toni Lassila (04/18/02)
Microsoft Security Bulletin MS02-020:SQL Extended Procedure Functions Contain Unchecked Buffers (Q319507)
- Microsoft (04/18/02)
More Cross site Scripting in PHPNuke
- chkumite chkumite (04/24/02)
- Replugge [ROD] (04/23/02)
More fun with html mail: Outlook Express, Internet Explorer, Other etc
- http-equiv@excite.com (04/14/02)
more info on the iosmash.c exploit
- John Scimone (04/23/02)
More Office XP problems
- Paul Szabo (04/07/02)
- Mary Landesman (04/06/02)
- Kevin Brown (04/06/02)
- Paul Schmehl (04/06/02)
- Leonard Chung (04/05/02)
- Georgi Guninski (04/04/02)
- Ben Schorr (04/03/02)
More Office XP problems (Version 2.0)
- Georgi Guninski (04/03/02)
More Office XP problems (version 3.0)
- Georgi Guninski (04/28/02)
Mp3 file can execute code in Winamp [Sandblad advisory #5]
- Andreas Sandblad (04/26/02)
MS 3/28/02 Security Patch for IE6 - warning!
- the Pull (04/03/02)
- Eric (04/03/02)
- Thor Larholm (04/03/02)
- Phil Dibowitz (04/02/02)
MS02-018
- verbal@mrverbal.com (04/11/02)
- Christian Milow (04/11/02)
- Dave Ahmad (04/10/02)
multiple CGIscript.net scripts - Remote Code Execution
- Steve Gustin (04/08/02)
Multiple CSS/XSS vulnerabilities on directNIC.com
- Alex Lambert (04/27/02)
Multiple local files detection issues with OWC in IE (GM#008-IE)
- GreyMagic Software (04/08/02)
Multiple Vendor "talkd" user validation fault
- 0x90 (04/06/02)
Multiple Vendor "talkd" user validation fault.
- Mike Scher (04/05/02)
- Tekno pHReak (04/03/02)
Multiple Vulnerabilities in PostBoard
- gcsb (04/17/02)
Multiple Vulnerabilties in Sambar Server
- NGSSoftware Insight Security Research Advisory (NISR) (04/01/02)
Multiple Vulnerabilties Sambar Webserver
- Steven M. Christey (04/03/02)
- Tamer Sahin (04/03/02)
NetWare Remote Manager patches
- Patrik Karlsson (04/06/02)
Nortel CVX 1800s will dump all local user names and passwords via SNMP
- Cynthia Brown (04/19/02)
- Michael Rawls (04/13/02)
Norton Personal Firewall 2002 vulnerable to SYN/FIN scan
- Alfonso Fiore (04/16/02)
NSFOCUS SA2002-01: Sun Solaris Xsun "-co" heap overflow
- Nsfocus Security Team (04/02/02)
NSFOCUS SA2002-02 : Microsoft Windows MUP overlong request kernel overflow
- Berend-Jan Wever (04/19/02)
- Nsfocus Security Team (04/04/02)
OpenBSD 3.0: Bug in rshd(8) and rexecd(8) (fwd)
- Jonas Eriksson (04/12/02)
OpenBSD Local Root Compromise
- Dries Schellekens (04/11/02)
- Milos Urbanek (04/11/02)
OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow
- Marcell Fodor (04/20/02)
OpenSSH Security Advisory (adv.token)
- Niels Provos (04/21/02)
Outlook Express Attach Execution Exploit (img tag + innerHTML + TIF dos name)
- Elia Florio (03/29/02)
packet filter fingerprinting(open but closed, closed but filtered)
- Jonas Eriksson (04/03/02)
- Jonas Eriksson (04/03/02)
- Meder Kydyraliev (03/31/02)
Philip Chinery's Guestbook 1.1 fails to filter out js/html
- Markus Arndt (04/21/02)
PHP-Survey Database Access Vulnerability
- Jens Knoell (04/27/02)
- MOD (04/26/02)
PHProjekt multiple vulnerabilities
- Ulf Harnhammar (04/25/02)
Pine Internet Advisory: Setuid application execution may give local root in FreeBSD
- Patrick Oonk (04/22/02)
popper_mod 1.2.1 and previous accounts compromise
- matthew@ectisp.net (03/30/02)
Possible vulnerabilities of ICQ files opened in IE or OE
- N|ghtHawk (04/16/02)
- silentsupporter@poczta.onet.pl (04/14/02)
Progress Setuid patch Installs (Happy Easter or April fools to Progress)
- KF (04/01/02)
psyBNC 2.3 DoS / Bug
- psychoid@rewtbox.de (04/23/02)
- nawok@nawok.org (04/22/02)
PsyBNC Remote Dos POC
- dvdman (04/23/02)
QPopper 4.0.4 buffer overflow
- J Mike Rollins (04/30/02)
- Marcell Fodor (04/28/02)
Quik-Serv Web Server v1.1B Arbitrary File Disclosure
- a b (04/03/02)
R: MS02-018
- Francesco Pacaccio (04/11/02)
Raptor Firewall FTP Bounce vulnerability
- Martin O'Neal (04/17/02)
- William Aguilar (04/17/02)
- Roy Hills (04/17/02)
- Lysel Christian Emre (04/17/02)
- Roy Hills (04/15/02)
Reading local files in Netscape 6 and Mozilla (GM#001-NS)
- Thor Larholm (04/30/02)
- Thor Larholm (04/30/02)
- Jordan K Wiens (04/30/02)
- GreyMagic Software (04/30/02)
Reading local files with OWC in IE (GM#006-IE)
- GreyMagic Software (04/08/02)
Reading portions of local files in IE, depending on structure (GM#004-IE)
- GreyMagic Software (04/02/02)
Redux: NIDS, fragrouter, and off-topic sanity [WAS: Snort exploit]
- Greg Shipley (04/22/02)
regarding SSL issues
- 0x90 (04/08/02)
Remote buffer overflow in Webalizer
- Lars Hecking (04/17/02)
- Bradford L. Barrett (04/17/02)
- Franck Coppola (04/16/02)
- Spybreak (04/15/02)
Remote Timing Techniques over TCP/IP
- stealth (04/20/02)
- Solar Designer (04/19/02)
- Syzop (04/19/02)
- Mauro Lacy (04/18/02)
Response to KF about Listar/Ecartis Vulnerability
- Trish Lynch (04/27/02)
Restricted Shells
- Scott T. Cameron (04/19/02)
- A.Dimitrov (04/18/02)
Revised OpenSSH Security Advisory (adv.token)
- Markus Friedl (04/26/02)
RFC: suggestions for SSL security enhancements in Microsoft Internet Explorer
- dhalterm@csc.com (04/02/02)
SASL (v1/v2) MYSQL/LDAP authentication patch.
- Simon Loader (04/02/02)
Scripting for the scriptless with OWC in IE (GM#005-IE)
- GreyMagic Software (04/08/02)
Security bugs in PhpNuke
- Thiébaut (04/03/02)
Security Update: [CSSA-2002-005.0] Linux - LD_LIBRARY_PATH problem in KDE sessions
- security@caldera.com (03/30/02)
Security Update: [CSSA-2002-011.0] Linux: mod_ssl Buffer Overflow Condition
- security@caldera.com (03/29/02)
Security Update: [CSSA-2002-013.0] Linux: Name Service Cache Daemon (nscd) advisory
- security@caldera.com (03/29/02)
Security Update: [CSSA-2002-014.0] Linux: rsync supplementary groups vulnerability
- security@caldera.com (04/04/02)
Security Update: [CSSA-2002-015.0] Linux: Double free in zlib (libz) vulnerability
- security@caldera.com (04/05/02)
Security Update: [CSSA-2002-016.0] Linux: horde/imp cross scripting vulnerabilities
- security@caldera.com (04/16/02)
Security Update: [CSSA-2002-017.0] Linux: squid compressed DNS answer message boundary failure
- security@caldera.com (04/26/02)
Security Update: [CSSA-2002-018.0] Linux: Race condition in fileutils
- security@caldera.com (04/30/02)
Security Update: [CSSA-2002-SCO.14] Open UNIX 8.0.0 UnixWare 7.1.1 : X server allows access to any shared memory on the system
- security@caldera.com (04/09/02)
Security Update: [CSSA-2002-SCO.15] Open UNIX 8.0.0 UnixWare 7.1.1 : Buffer overflow in libX11 with -xrm
- security@caldera.com (04/11/02)
Security Update: [CSSA-2002-SCO.16] UnixWare 7.1.1 : Multiple Vulnerabilities in BIND
- security@caldera.com (04/13/02)
SECURITY.NNO: FTGate PRO/Office hotfixes
- 3APA3A (04/03/02)
segfault in ntop
- Burton M. Strauss III (04/19/02)
- Craig Humphrey (04/18/02)
- JP (04/17/02)
Several x-dev.de Guestbook and xNewsletter Vulnerabilities ( www.x-dev.de )
- Florian Hobelsberger / BlueScreen (04/14/02)
slrnpull -d PoC
- KF (04/25/02)
Slrnpull Buffer Overflow (-d parameter)
- Bill Nottingham (04/30/02)
- Alex Hernandez (04/22/02)
Snitz Forums 2000 remote SQL query manipulation vulnerability
- acemi (04/19/02)
Snort exploits
- Chris Green (04/24/02)
- Vern Paxson (04/18/02)
- Fyodor (04/18/02)
- Martin Roesch (04/18/02)
- Darren Reed (04/18/02)
- der Mouse (04/18/02)
- Grimes, Roger (04/18/02)
- Dragos Ruiu (04/17/02)
- 0xcafebabe@hushmail.com (04/17/02)
SOAP::Lite hole
- quentyn@fotango.com (04/11/02)
SPIKE version released that detects .HTR and ISAPI overflows (see spike.sourceforge.net)
- Dave Aitel (04/10/02)
SQL injection in PHPGroupware
- Dan Kuykendall (04/11/02)
- Adam McKenna (04/04/02)
- Matthias Jordan (04/03/02)
squirrelmail 1.2.5 email user can execute command
- Konstantin Riabitsev (03/31/02)
Sudo version 1.6.6 now available (fwd)
- Przemyslaw Frasunek (04/25/02)
- Jonas Eriksson (04/25/02)
Summercon 2002 CFP
- Summercon Admin (04/19/02)
SunSop: cross-site-scripting bug
- ppp-design (04/13/02)
SuSE Security Announcement: radiusd-cistron (SuSE-SA:2002:013)
- Sebastian Krahmer (04/29/02)
SuSE Security Announcement: sudo (SuSE-SA:2002:014)
- Sebastian Krahmer (04/30/02)
SuSE Security Announcement: ucdsnmp (SuSE-SA:2002:012)
- Thomas Biege (04/08/02)
SWS Vuln (small but important to those using it.)
- BrainRawt . (04/12/02)
Taxonomies
- Andrew R. Reiter (04/03/02)
- Alex Russell (04/02/02)
- Marco de Vivo [UCV] (04/02/02)
Techniques for Vulneability discovery
- Ivan Arce (04/06/02)
Tomcat 4.1 real path disclosure
- Ian Darwin (04/19/02)
- Joe Testa (04/19/02)
- Wang Yun (04/19/02)
Tomcat real path disclosure (2)
- CHINANSL Security Team (04/22/02)
Trendmicro - Interscan - List of BCC: is revealed when stripping attachments and notifying destination addresses
- mutt@techie.com (04/26/02)
- Rich Lafferty (04/25/02)
- Florent Trupheme (04/25/02)
- Ishay Sommer (04/24/02)
TSLSA-2002-0046 - sudo
- Trustix Secure Linux Advisor (04/29/02)
TSLSA-2002-0047 - openssh
- Trustix Secure Linux Advisor (04/29/02)
Typsoft FTP Server: yet another directory traversal vulnerability
- Kistler Ueli (04/07/02)
Unauthorized remote control access to systems running Funk Softwa re's Proxy v3.x
- Coffin, Chris (04/08/02)
UPDATED: Cisco Security Advisory: LDAP Connection Leak in CTI when User Authentication Fails
- Cisco Systems Product Security Incident Response Team (03/29/02)
Using the backbutton in IE is dangerous
- Martin, Jeffrey (04/15/02)
- Andreas Sandblad (04/14/02)
Various Vulnerabilities in ZoneAlarm MailSafe
- Edvice Security Services (04/02/02)
VNC Security Bulletin - zlib double free issue (multiple vendors and versions)
- Nick Lamb (04/06/02)
- Anthony DeRobertis (04/05/02)
- Anthony DeRobertis (04/05/02)
- Andrew van der Stock (04/05/02)
- Andrew van der Stock (04/03/02)
vqServer Demo Files Cross-Site Scripting
- Matthew Murphy (04/21/02)
Vulnerabilities in the Melange Chat Server
- Leon Harris (04/14/02)
Vulnerability in HP Photosmart/Deskjet Drivers for Mac OS X (root compromise)
- Dr Andreas F Muller (04/15/02)
Vulnerability in PostCalendar
- gcsb (04/20/02)
Vulnerability: Windows2000Server running Terminalservices
- Thor@HammerofGod.com (04/10/02)
- Tom.Unger@gmx.de (04/09/02)
w00w00 on Microsoft IE/Office for Mac OS
- Kevin van Haaren (04/17/02)
- Matt Conover (04/16/02)
wbboard 1.1.1 Cross Site Scripting Vulnerability
- SeazoN (04/13/02)
Webtrends Reporting Center Buffer Overflow (#NISR17042002C)
- NGSSoftware Insight Security Research (04/16/02)
Winamp: Mp3 file can control the minibrowser
- Daniel Lorch (04/03/02)
- Andreas Sandblad (04/03/02)
- Security (04/04/02)
- Andreas Sandblad (04/03/02)
Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow
- Marc Maiffret (04/10/02)
Windows 2000 DCOM clients may leak sensitive information onto the network
- Adcock, Matt (04/02/02)
- Todd Sabin (04/02/02)
Windows 2000 Sec rollup 2 patch -- Ouch!
- krisk@kbeta.com (04/11/02)
XMB cross-scripting vulnerability
- Joe (04/26/02)
Xpede many vulnerabilities
- Cerberus Vulgaris (04/19/02)
Zope security address
- Matt Burleigh (04/02/02)
- Rossen Raykov (04/01/02)
ç”ĺ¤Ť: An alternative method to check LKM backdoor/rootkit
- Wang Jian (04/18/02)

Last message date: 04/30/02
Archived on: 04/30/02 CEST

434 messages sorted by: [ author ] [ date ] [ thread ] [ attachment ]

SecurityFocus BugtraqBy Subject

SecurityFocus Bugtraq
By Subject