SecurityFocus Bugtraq
By Date

345 messages sorted by: [ author ] [ thread ] [ subject ] [ attachment ]

---

Starting: 09/02/02
Ending: 09/30/02

• IIL Advisory: Winamp 3 (1.0.0.488) XML parser buffer overflow vulnerability annihilator@inet.hr (09/29/02)
• MyNewsGroups :) XSS patch Ulf Harnhammar (09/30/02)
• SuSE Security Announcement: heimdal (SuSE-SA:2002:034) Sebastian Krahmer (09/30/02)
• QT Assistant leaves port unfiltered Rohit Sharma (09/29/02)
• XSS bug in Monkey (0.5.0) HTTP server DownBload (09/30/02)
• [LoWNOISE] "Get Knowledge" SunONE Starter Kit - Sun Microsystems/Astaware ET LoWNOISE (09/29/02)
• [RHSA-2002:096-24] Updated unzip and tar packages fix vulnerabilities bugzilla@redhat.com (09/29/02)
• Advisory 03/2002: Fetchmail remote vulnerabilities Stefan Esser (09/29/02)
• iDEFENSE Security Advisory 09.30.2002: Buffer Overflow in WN Server David Endler (09/30/02)
• ezmlm warning bugtraq-help@securityfocus.com (09/30/02)
• Re: Xoops RC3 script injection vulnerability RuIezz@aol.com (09/28/02)
• SafeTP coughs up internal server IP addresses Jonathan G. Lampe (09/28/02)
• Jetty jsp/servlet engine xss / uname disclosure vuln skinnay@skinnux.com (09/28/02)
• Re: Yet another XSS vulnerability in PHP NUKE Muhammad Faisal Rauf Danka (09/28/02)
• Software Update Available for Legacy RapidStream Appliances and W atchGuard Firebox Vclass appliances Steve Fallin (09/27/02)
• Re: Xoops RC3 script injection vulnerability Sergio (09/26/02)
• Re: Information Disclosure with Invision Board installation (fwd) Bonemach (09/26/02)
• Re: Hacking Citrix Faq (fwd) Dave Ahmad (09/27/02)
• Allot Netenforcer problems, GNU TAR flaw Bencsath Boldizsar (09/27/02)
• GLSA: glibc (update) Daniel Ahlberg (09/27/02)
• Yet another XSS vulnerability in PHP NUKE ersatz@unixhideout.com (09/27/02)
• Another possible RFC 2046 vulnerability. Jose Marcio Martins da Cruz (09/27/02)
• GLSA: dietlibc Daniel Ahlberg (09/27/02)
• Watchguard firewall appliances security issues Joao Gouveia (09/27/02)
• Re: IIL Advisory: Reverse traversal vulnerability in Monkey (0.1.4) HTTP server Daniel R. Ome (09/26/02)
• remote SYSTEM compromise in WASD OpenVMS http server Jean-loup Gailly (09/26/02)
• Postnuke XSS issues [correction] Mark Grimes (09/26/02)
• PHP-Nuke x.x AND PostNuke SQL Injection Pedro Inacio (09/26/02)
• Postnuke XSS issues Mark Grimes (09/25/02)
• RE: iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv David Endler (09/26/02)
• [SECURITY] [DSA 149-2] New glibc packages fix Martin Schulze (09/26/02)
• Re: iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv Boris Veytsman (09/26/02)
• Errata: iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv David Endler (09/26/02)
• iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv David Endler (09/26/02)
• Microsoft PPTP Server and Client remote vulnerability sh@phion.com (09/26/02)
• Re: Xoops RC3 script injection vulnerability fixed Sergio (09/26/02)
• Borland Interbase local root exploit grazer@digit-labs.org (09/25/02)
• Re: Information Disclosure with Invision Board installation (fwd) Ka (09/25/02)
• Fwd: QuickTime for Windows ActiveX security advisory Marc Bejarano (09/25/02)
• Not a bug: IIL Advisory: Format String bug in Null Webmail (0.6.3) Andrew Church (09/25/02)
• PHP-Nuke x.x SQL Injection Pedro Inacio (09/25/02)
• ECHU Alert #2: IMG Attack in the news : 6 CMS vulnerables das@hush.com (09/25/02)
• GLSA: tomcat Daniel Ahlberg (09/25/02)
• OpenVMS POP server local vulnerability Mike Riley (09/27/02)
• IIL Advisory: Vulnerabilities in acWEB HTTP server DownBload (09/25/02)
• IIL Advisory: Format String bug in Null Webmail (0.6.3) DownBload (09/25/02)
• Shana Informed 3.05 information disclosure sullo (09/25/02)
• RE: JSP source code exposure in Tomcat 4.x Martin Robson (09/25/02)
• [RHSA-2002:060-17] Updated Zope packages are available bugzilla@redhat.com (09/25/02)
• IIL Advisory: Reverse traversal vulnerability in Monkey (0.1.4) HTTP server DownBload (09/25/02)
• Re: Information Disclosure with Invision Board installation (fwd) Gossi The Dog (09/25/02)
• Information Disclosure with Invision Board installation (fwd) Gossi The Dog (09/25/02)
• RE: Trillian Remote DoS Attack - AIM Eric Stevens (09/24/02)
• Re: JSP source code exposure in Tomcat 4.x Marcin Jackowski (09/24/02)
• Re: JSP source code exposure in Tomcat 4.x DominusQ (09/24/02)
• PHPNUKE 6 XSS Vulnerabilities Mark Grimes (09/24/02)
• Re: PHP source injection in phpWebSite Matthias Bauer (09/24/02)
• Re: IE6 SSL Certificate Chain Verification Jason (09/24/02)
• RE: Trillian Remote DoS Attack - AIM Joshua Wright (09/24/02)
• Apache 2.0.(39|40) DOS (PHP!) shaddup@hush.com (09/23/02)
• JSP source code exposure in Tomcat 4.x Rossen Raykov (09/24/02)
• Xoops RC3 script injection vulnerability das@hush.com (09/24/02)
• Slapper worm redux; Ron DuFresne (09/24/02)
• HP Procurve 4000M Stacked Switch HTTP Reset Vulnerability Brook Powers (09/24/02)
• PHP source injection in phpWebSite Tim Vandermeersch (09/23/02)
• Kondara MNU/Linux Kurt Seifried (09/23/02)
• Trillian Remote DoS Attack - AIM Spikeman (09/23/02)
• Now Online: OWASP Guide to Building Secure Web Applications v1.1 David Endler (09/23/02)
• Wireless Networking Frailty gregh (09/23/02)
• [CLA-2002:526] Conectiva Linux Security Announcement - xchat secure@conectiva.com.br (09/23/02)
• iDEFENSE Security Advisory 09.23.2002: Directory Traversal in Dino's Webserver David Endler (09/23/02)
• [security bulletin] SSRT2362 WEBES Service Tools (HP Tru64 UNIX, HP OpenVMS, Windows) Potential File Access Vulnerability (fwd) Dave Ahmad (09/23/02)
• IE6 SSL Certificate Chain Verification Zoltán Nochta (09/23/02)
• Technical information about the vulnerabilities fixed by MS-02-52 Jouko Pynnonen (09/23/02)
• RE: NetMeeting 3.01 Local RDS Session Hijacking Adcock, Matt (09/20/02)
• NetBSD Security Advisory YYYY-NNN: {brief description of SA} NetBSD Security Officer (09/23/02)
• ToorCon 2002 This Weekend h1kari (09/23/02)
• JAWmail XSS Ulf Harnhammar (09/23/02)
• remote exploitable heap overflow in Null HTTPd 0.5.0 Bert Vanmanshoven (09/23/02)
• *sigh* Trillian multiple DoS's flaws. Lance Fitz-Herbert (09/22/02)
• And Again. Trillian 'raw 221' Overflow. Lance Fitz-Herbert (09/21/02)
• Re: [UPDATED] Advisory: Multiple 602Pro LAN SUITE 2002 Denial of Service Attacks Brandon Sturgeon (09/20/02)
• RE: The Trivial Cisco IP Phones Compromise Ofir Arkin (09/20/02)
• Re: The Art of Unspoofing Sean Trifero (09/20/02)
• SuSE Security Announcement: Slapper worm (SuSE-SA:2002:033) Olaf Kirch (09/20/02)
• Re: The Trivial Cisco IP Phones Compromise Peter Peters (09/20/02)
• ShadowCon 2002 Sharla Warren (09/20/02)
• Re: NetMeeting 3.01 Local RDS Session Hijacking proberts@teleport.com (09/20/02)
• Yet Another. Trillian 'JOIN' Overflow. Lance Fitz-Herbert (09/20/02)
• Re: Microsoft Windows Terminal Services vulnerabilities Ben Cohen (09/20/02)
• Re: Trillian .74 and below, ident flaw. netmask {enZo} (09/19/02)
• ANNOUNCE: RATS 2.0 RATS Team (09/19/02)
• ANNOUNCE: Egads 0.9.5 EGADS Team (09/19/02)
• CanSecWest/core03 Dragos Ruiu (09/19/02)
• [CLA-2002:525] Conectiva Linux Security Announcement - kdelibs secure@conectiva.com.br (09/20/02)
• Re: The Trivial Cisco IP Phones Compromise Jim Duncan (09/19/02)
• More vulnerabilities (Re: Security side-effects of Word fields) Alex Gantman (09/19/02)
• iDEFENSE OSF1/Tru64 3.x vuln clarification KF (09/19/02)
• Re: Squirrel Mail 1.2.7 XSS Exploit Jason Munro (09/19/02)
• Squirrel Mail 1.2.7 XSS Exploit DarC KonQuesT (09/19/02)
• Re: Linux Slapper Worm Charles Stevenson (09/19/02)
• Re: [Full-Disclosure] iDEFENSE Security Advisory 09.18.2002: Security Vulnerabilities in OSF1/Tru64 3. Steven M. Christey (09/19/02)
• Re: nidump on OS X Blake Watters (09/18/02)
• [CLA-2002:524] Conectiva Linux Security Announcement - postgresql secure@conectiva.com.br (09/19/02)
• http://online.securityfocus.com/archive/1/291358/2002-09-08/2002-09-14/0, Subj: Norton AintiVirus 2001 POPROXY DoS Sym Security (09/19/02)
• Re: Linux Slapper Worm Miroslaw Jaworski (09/19/02)
• Re: The Art of Unspoofing Darren Reed (09/19/02)
• The Trivial Cisco IP Phones Compromise Ofir Arkin (09/19/02)
• Re: The Art of Unspoofing Euan (09/19/02)
• Trillian .73 & .74 "PRIVMSG" Overflow. Lance Fitz-Herbert (09/19/02)
• Re: Web browser certificate Validation flaw: Netscape, Mozilla, MSIE vulnerable - still? nestler@speakeasy.net (09/19/02)
• KPMG-2002035: IBM Websphere Large Header DoS Peter Gründl (09/19/02)
• Re: Execution Rights Not Checked Correctly For 16-bit Applications Torbjörn Hovmark (09/19/02)
• The Art of Unspoofing eric.prince@cox.net (09/18/02)
• Mozilla vulnerabilities, an update Thor Larholm (09/18/02)
• Re: Linux Slapper Worm Ajai Khattri (09/18/02)
• Re: Bug in Opera and Konqueror Andy Spiers (09/17/02)
• Foundstone Research Labs Advisory - Remotely Exploitable Buffer Overflow in ISS Scanner Marshall Beddoe (09/18/02)
• RE: Execution Rights Not Checked Correctly For 16-bit Application s Vigneau, Steve (09/18/02)
• Re: nidump on OS X John C. Welch (09/18/02)
• iDEFENSE Security Advisory 09.18.2002: Security Vulnerabilities in OSF1/Tru64 3. David Endler (09/18/02)
• Re: Bug in Opera and Konqueror Michael McCallum (09/18/02)
• Firewall-1 –HTTP Security Server - Proxy vulnerability Mark van Gelder (09/18/02)
• Re: OpenSSH 3.4p1 Privsep Artem Chuprina (09/17/02)
• Re: slashdot / slashcode disclosing passwords Jamie McCarthy (09/17/02)
• Re: Trillian .74 and below, ident flaw. Jason Barbour (09/18/02)
• Web browser certificate Validation flaw: Netscape, Mozilla, MSIE vulnerable - still? Pidgorny, Slav (09/18/02)
• trillian DoS: trillian 1.0 pro also vulnerable Jose Nazario (09/18/02)
• Re: OpenSSH 3.4p1 Privsep Just Marc (09/17/02)
• Re: OpenSSH 3.4p1 Privsep Peter J. Holzer (09/17/02)
• Fw: [ut2003bugs] remote denial of service in ut2003 demo Arne Schwerdtfegger (09/17/02)
• Execution Rights Not Checked Correctly For 16-bit Applications Torbjörn Hovmark (09/18/02)
• SuSE Security Announcement: xf86 (SuSE-SA:2002:032) Sebastian Krahmer (09/18/02)
• Cisco Security Advisory: Microsoft Windows SMB Denial of Service Vulnerabilities in Cisco Products - MS02-045 Cisco Systems Product Security Incident Response Team (09/18/02)
• Cisco Security Advisory: Cisco VPN 5000 Client Multiple Vulnerabilities Cisco Systems Product Security Incident Response Team (09/18/02)
• IRIX default root umask and coredumps SGI Security Coordinator (09/18/02)
• Trillian .74 and below, ident flaw. Lance Fitz-Herbert (09/18/02)
• Cisco VPN 5000 client buffer overflow vulnerabilities. Niels Heinen (09/18/02)
• Re: Password Security Policy Question Crispin Cowan (09/18/02)
• Re: nidump on OS X Martin (09/17/02)
• Re: nidump on OS X Jason A.***er (09/17/02)
• Advisory: TCP-Connection risk in DB4Web Stefan.Bagdohn@guardeonic.com (09/17/02)
• Re: nidump on OS X Bryan Blackburn (09/17/02)
• Re: OpenSSH 3.4p1 Privsep eric@catastrophe.net (09/17/02)
• Microsoft Windows Terminal Services vulnerabilities Ben Cohen (09/18/02)
• [SECURITY] [DSA 168-1] New PHP packages fix several vulnerabilities Martin Schulze (09/18/02)
• [SECURITY] [DSA-136-2] Multiple OpenSSL problems (update) Michael Stone (09/16/02)
• Re: Remote detection of vulnerable OpenSSL versions Eric Rescorla (09/18/02)
• Microsoft Windows Remote Desktop Protocol checksum and keystroke vulnerabilities Ben Cohen (09/16/02)
• Microsoft Windows XP Remote Desktop denial of service vulnerability Ben Cohen (09/16/02)
• Multiple NetBSD Security Advisories Released/Updated NetBSD Security Officer (09/17/02)
• Planet Web Software Buffer Overflow UkR security team™ (09/14/02)
• Re: Password Security Policy Question Nate Lawson (09/17/02)
• NetBSD Security Advisory 2002-017: shutdown(s, SHUT_RD) on TCP socket does not work as intended NetBSD Security Officer (09/17/02)
• tst attachment Jose Martins (09/18/02)
• Re: Linux Slapper Worm code KF (09/16/02)
• Advisory: File disclosure in DB4Web Stefan.Bagdohn@guardeonic.com (09/17/02)
• NetBSD Security Advisory 2002-013: Bug in NFS server code allows remote denial of service NetBSD Security Officer (09/17/02)
• Re: Bypassing SMTP Content Protection with a Flick of a Button Steven M. Bellovin (09/14/02)
• joe editor backup problem Ondrej Suchy (09/17/02)
• NetBSD Security Advisory 2002-012: buffer overrun in setlocale NetBSD Security Officer (09/17/02)
• NetBSD Security Advisory 2002-006: buffer overrun in libc/libresolv DNS resolver NetBSD Security Officer (09/17/02)
• Lycos HTMLGear Guestbook Script Injection Vulnerability Matthew Murphy (09/15/02)
• [SECURITY] [DSA-136-3] Multiple OpenSSL problems (update) Michael Stone (09/17/02)
• NetBSD Security Advisory 2002-007: Repeated TIOCSCTTY ioctl can corrupt session hold counts NetBSD Security Officer (09/17/02)
• NetBSD Security Advisory 2002-010: symlink race in pppd NetBSD Security Officer (09/17/02)
• NetBSD Security Advisory 2002-018: Multiple security isses with kfd daemon NetBSD Security Officer (09/17/02)
• Re: Bug in Opera and Konqueror Dirk Mueller (09/17/02)
• NetBSD Security Advisory 2002-014: fd_set overrun in mbone tools and pppd NetBSD Security Officer (09/17/02)
• Re: bugtraq.c httpd apache ssl attack Ben Kittridge (09/14/02)
• Remote detection of vulnerable OpenSSL versions Florian Weimer (09/17/02)
• NetBSD Security Advisory 2002-009: NetBSD Security Officer (09/17/02)
• NetBSD Security Advisory 2002-011: Sun RPC XDR decoder contains buffer overflow NetBSD Security Officer (09/17/02)
• [SECURITY] [DSA 167-1] New kdelibs fix cross site scripting bug Martin Schulze (09/16/02)
• Analysis of Modap worm Mario van Velzen (09/17/02)
• NetMeeting 3.01 Local RDS Session Hijacking Paul A Roberts (09/13/02)
• OpenSSH 3.4p1 Privsep Andrew Danforth (09/16/02)
• Bug in Opera and Konqueror Zeux (09/15/02)
• RE: bugtraq.c httpd apache ssl attack Sandu Mihai Eduard (09/16/02)
• NSSI-2002-sygatepfw5: Sygate Personal Firewall IP Spoofing Vulnerability Abraham Lincoln (09/16/02)
• Re: bugtraq.c httpd apache ssl attack Ben Laurie (09/14/02)
• Re: bugtraq.c httpd apache ssl attack Fernando Nunes (09/14/02)
• Re: Race condition in BRU Workstation 17.0 prophecy@prophecy.net.nz (09/14/02)
• Re: OpenSSL worm in the wild Eric Rescorla (09/13/02)
• Re: OpenSSL worm in the wild Eric Rescorla (09/13/02)
• [RHSA-2002:036-26] Updated ethereal packages available bugzilla@redhat.com (09/13/02)
• RE: bugtraq.c httpd apache ssl attack Sandu Mihai (09/13/02)
• Re: bugtraq.c httpd apache ssl attack adamkuj@gatordog.com (09/13/02)
• Re: Race condition in BRU Workstation 17.0 Peter Watkins (09/13/02)
• Re: bugtraq.c httpd apache ssl attack The Little Prince (09/13/02)
• Re: OpenSSL worm in the wild Dave Ahmad (09/13/02)
• Savant 3.1 multiple vulnerabilities Auriemma Luigi (09/13/02)
• Cobalt 6.0 Local Root Brendan C. Johnson (09/12/02)
• Security Issue with Mac OS X Christopher Allene (09/13/02)
• OpenSSL worm in the wild Ben Laurie (09/13/02)
• Race condition in BRU Workstation 17.0 prophecy@prophecy.net.nz (09/13/02)
• Re: Multiple vulnerabilities in Avaya Argent Office Russell Garrett (09/12/02)
• bugtraq.c httpd apache ssl attack Fernando Nunes (09/13/02)
• RE: Apache worm in the wild Sandu Mihai (09/13/02)
• Re: Password Security Policy Question Solar Designer (09/13/02)
• Re: Password Security Policy Question Nick Lamb (09/13/02)
• [securitydigest.org]: Changes in August/September 2002 Curator at Security Digest Archives (09/13/02)
• Scan against Enterasys SSR8000 crash the system Mella Marco (09/13/02)
• [SECURITY] [DSA 166-1] New purity packages fix potential buffer overflows Martin Schulze (09/13/02)
• Re: Bypassing SMTP Content Protection with a Flick of a Button Gossi The Dog (09/13/02)
• Re: xbreaky symlink vulnerability Marco van Berkum (09/12/02)
• Re: PHP fopen() CRLF Injection Stefan Esser (09/12/02)
• [CLA-2002:523] Conectiva Linux Security Announcement - util-linux secure@conectiva.com.br (09/12/02)
• Re: xbreaky symlink vulnerability Jeremy C. Reed (09/12/02)
• Roaring Penguin fixes for "Bypassing SMTP Content Protection with a Flick of a Button" David F. Skoll (09/12/02)
• FW: Bypassing SMTP Content Protection with a Flick of a Button Menashe Eliezer (09/12/02)
• Re: Small bug crashes OE David Komanek (09/12/02)
• Re: PHP fopen() CRLF Injection Ulf Harnhammar (09/12/02)
• xbreaky symlink vulnerability Marco van Berkum (09/12/02)
• Bypassing TrendMicro InterScan VirusWall Vincent Royer (09/12/02)
• Re: efstool slackware 7.1 local root exploit exploit included Jeffrey Denton (09/12/02)
• MIMEDefang update (was Re: Bypassing SMTP Content Protection ) David F. Skoll (09/12/02)
• [SECURITY] [DSA 165-1] New PostgreSQL packages fix several vulnerabilities Martin Schulze (09/12/02)
• LEVERAGING CROSS-PROTOCOL SCRIPTING IN MSIE jelmer (09/12/02)
• the attachement jelmer (09/12/02)
• ht://Check XSS Ulf Harnhammar (09/12/02)
• Bypassing SMTP Content Protection with a Flick of a Button Aviram Jenik (09/12/02)
• Re: slashdot / slashcode disclosing passwords Michal Zalewski (09/12/02)
• Re: slashdot / slashcode disclosing passwords Jamie McCarthy (09/12/02)
• efstool slackware 7.1 local root exploit exploit included Cloud Ass (09/11/02)
• Re: Password Security Policy Question Greg A. Woods (09/11/02)
• Re: slashdot / slashcode disclosing passwords Michal Zalewski (09/11/02)
• Re: slashdot / slashcode disclosing passwords Craig Dickson (09/11/02)
• Re: Vulnerabilities in Microsoft's Java implementation Mike Duncan (09/11/02)
• Some unpatched vulnerabilities fixed Auriemma Luigi (09/11/02)
• Privacy leak in mozilla Sven Neuhaus (09/11/02)
• slashdot / slashcode disclosing passwords Michal Zalewski (09/11/02)
• Re: Vulnerabilities in Microsoft's Java implementation Gwendal Stevanazzi (09/11/02)
• Norton AntiVirus 2001 POP3 Proxy local DoS Berend-Jan Wever (09/11/02)
• Re: Small bug crashes OE Berend-Jan Wever (09/11/02)
• Final Speakers for HiverCon 2002 Announced Mark Anderson (09/11/02)
• RE: SecuRemote usernames can be guessed or sniffed using IKE exchange Roy Hills (09/11/02)
• Re: Foundstone Labs Advisory - Buffer Overflow in Savant Web Server zeno (09/11/02)
• Re: Vulnerabilities in Microsoft's Java implementation Damon McMahon (09/11/02)
• MDKSA-2002:059 - php update Mandrake Linux Security Team (09/11/02)
• KDE Security Advisory: Konqueror Cross Site Scripting Vulnerability Dirk Mueller (09/11/02)
• KDE Security Advisory: Secure Cookie Vulnerability Dirk Mueller (09/11/02)
• Buffer over/underflows in ssldump prior to 0.9b3 Eric Rescorla (09/11/02)
• [security bulletin] SSRT-547 HP Tru64 UNIX Potential Security Vulnerabilities TPC/IP, FTPD, ARP (fwd) Dave Ahmad (09/11/02)
• Foundstone Labs Advisory - Buffer Overflow in Savant Web Server Foundstone Labs (09/11/02)
• Apple QuickTime ActiveX v5.0.2 Buffer Overrun (a091002-1) @stake Advisories (09/10/02)
• Re: Password Security Policy Question bugtraq@applied-knowledge.net (09/10/02)
• Re: Password Security Policy Question Roman Drahtmueller (09/10/02)
• Password Security Policy Question L. Adrian Griffis (09/10/02)
• RE: Who framed Internet Explorer and IE6 SP1 GreyMagic Software (09/10/02)
• Re: Small bug crashes OE Kilian CAVALOTTI (09/10/02)
• [RHSA-2002:189-08] Updated gaim client fixes URL vulnerability bugzilla@redhat.com (09/10/02)
• Re: Trillian weakly encrypts saved passwords jelmer (09/09/02)
• MDKSA-2002:057 - krb5 update Mandrake Linux Security Team (09/10/02)
• IE6 SP1 Notes Thor Larholm (09/10/02)
• [SECURITY] [DSA 164-1] New cacti package fixes arbitrary code execution Martin Schulze (09/10/02)
• MDKSA-2002:058 - kdelibs update Mandrake Linux Security Team (09/10/02)
• Strange Attractors and TCP/IP Sequence Number Analysis - One Year Later Michal Zalewski (09/10/02)
• PHP fopen() CRLF Injection Ulf Harnhammar (09/09/02)
• RE: PHP header() CRLF Injection Eric Stevens (09/09/02)
• Small correction... Raistlin (09/09/02)
• Small bug crashes OE Raistlin (09/09/02)
• RE: Trillian weakly encrypts saved passwords Brenna Primrose (09/09/02)
• Re: Trillian weakly encrypts saved passwords Mike Benham (09/09/02)
• [SECURITY] [DSA 163-1] New mhonarc packages fix cross site scripting problems Martin Schulze (09/09/02)
• phpGB: DoS and executing_arbitrary_commands ppp-design (09/09/02)
• Trillian weakly encrypts saved passwords Evan Nemerson (09/09/02)
• Unmask 1.0 Release Party at My House! Dave Aitel (09/09/02)
• sql injection vulnerability in WBB 2.0 RC1 and below Cano2 (09/08/02)
• phpGB: mysql injection bug ppp-design (09/09/02)
• [RHSA-2002:188-08] New wordtrans packages fix remote vulnerabilities bugzilla@redhat.com (09/09/02)
• phpGB: cross site scripting bug ppp-design (09/09/02)
• [SECURITY] [DSA 159-2] New Python packages fix problem introduced by security fix Martin Schulze (09/09/02)
• GLSA: glibc Daniel Ahlberg (09/09/02)
• Guardent Client Advisory: Multiple wordtrans-web Vulnerabilities Allen.Wilson@guardent.com (09/08/02)
• Who framed Internet Explorer (GM#010-IE) GreyMagic Software (09/09/02)
• Vulnerabilities in Microsoft's Java implementation Jouko Pynnonen (09/09/02)
• PHP header() CRLF Injection Matthew Murphy (09/08/02)
• Re: Next-hop scanning for open firewall ports Darren Reed (09/07/02)
• Re: All versions of windows infected? Axel Pettinger (09/07/02)
• Re: Next-hop scanning for open firewall ports Chris Brenton (09/07/02)
• NetGear FM114P URL filter bypassing vulnerability Marc Ruef (09/07/02)
• Re: All versions of windows infected? Walter Hop (09/07/02)
• All versions of windows infected? Iamhatingit@aol.com (09/06/02)
• MDKSA-2002:054-1 - gaim update Mandrake Linux Security Team (09/06/02)
• Re: MSIEv6 % encoding - Konqueror 3.0.3 also vulnerable Dirk Mueller (09/07/02)
• KSTAT (and maybe others) bypass Dark Angel (09/06/02)
• Next-hop scanning for open firewall ports David G. Andersen (09/06/02)
• UPDATE: (Was Veritas Backup Exec opens networks for NetBIOS based attacks?) Geoff Craig (09/06/02)
• RE: Veritas Backup Exec opens networks for NetBIOS based attacks? Gino Genari (09/06/02)
• [SECURITY] [DSA 162-1] New ethereal packages fix buffer overflow Martin Schulze (09/06/02)
• Re: Security side-effects of Word fields B.Goodman (09/06/02)
• Veritas Backup Exec opens networks for NetBIOS based attacks? Geoff Craig (09/06/02)
• Rapid 7 Advisory R7-0005: ZMerge Insecure Default ACLs Rapid 7 Security Advisories (09/06/02)
• Foundstone Labs Advisory - Remotely Exploitable Buffer Overflow in PGP Foundstone Labs (09/06/02)
• zero-width gif: exploit PoC for NS6.2.3 (fixed in 7.0) [Was: GIFs Good, Flash Executable Bad] zen-parse (09/06/02)
• MSIEv6 % encoding - Konqueror 3.0.3 also vulnerable Piotr Paw³ow (09/06/02)
• Re: SWS Web Server v0.1.0 Exploit 3APA3A (09/03/02)
• RE: (Fwd) MSIEv6 % encoding causes a problem again Thor Larholm (09/05/02)
• advisory UkR security team™ (09/05/02)
• RE: Bypassing the Finjan SurfinGate URL filter Menashe Eliezer (09/05/02)
• RE: SecuRemote usernames can be guessed or sniffed using IKE exchange Scott Walker Register (09/05/02)
• Cisco Security Advisory: Cisco VPN Client Multiple Vulnerabilities - Second Set Cisco Systems Product Security Incident Response Team (09/05/02)
• GLSA: amavis Daniel Ahlberg (09/05/02)
• SuSE Security Announcement: glibc (SuSE-SA:2002:031) Roman Drahtmueller (08/30/02)
• Re: Compaq mount patch broken Paul Szabo (09/04/02)
• Re: MSIEv6 % encoding causes a problem again Dave Ahmad (09/04/02)
• Re: MSIEv6 % encoding causes a problem again jelmer (09/04/02)
• Re: **maillist:: Outlook S/MIME Vulnerability Torbjörn Hovmark (09/04/02)
• Bypassing the Finjan SurfinGate URL filter Marc Ruef (09/04/02)
• SPIKE 2.6 Released... Dave Aitel (09/04/02)
• TRU64 formal disclosure from Snosoft. KF (09/04/02)
• [SECURITY] [DSA 161-1] New Mantis package fixes privilege escalation Martin Schulze (09/04/02)
• Re: **maillist:: Outlook S/MIME Vulnerability Timothy J.Miller (09/04/02)
• Re: MSIEv6 % encoding causes a problem again Dave Ahmad (09/04/02)
• AFD 1.2.14 multiple local root compromises Bert Vanmanshoven (09/04/02)
• Cacti security issues Knights of the Routing Table (09/03/02)
• GLSA: scrollkeeper Daniel Ahlberg (09/04/02)
• Cross-Site Scripting in Aestiva's HTML/OS eax@3xT.org (09/03/02)
• Re: **maillist:: Outlook S/MIME Vulnerability Thomas Seliger (09/03/02)
• [CLA-2002:522] Conectiva Linux Security Announcement - mailman secure@conectiva.com.br (09/03/02)
• Re: Compaq mount patch broken Florian Weimer (09/03/02)
• [security bulletin] SSRT2310a HP Tru64 UNIX & HP OpenVMS Potential OpenSSL Security Vulnerability (fwd) Dave Ahmad (09/03/02)
• Re: One step easier password guessing on Windows Howard Yeend (09/03/02)
• MSIEv6 % encoding causes a problem again Liu Die Yu (09/03/02)
• Cisco Security Advisory: Cisco VPN 3000 Concentrator Multiple Vulnerabilities Cisco Systems Product Security Incident Response Team (09/03/02)
• SecuRemote usernames can be guessed or sniffed using IKE exchange Roy Hills (09/03/02)
• Re: CacheFlow CacheOS Cross-site Scripting Vulnerability Blue@mail.securityfocus.com, Coat@mail.securityfocus.com, Systems@mail.security (09/03/02)
• Re: Outlook S/MIME Vulnerability Spyder (09/03/02)
• Re: Security side-effects of Word fields Woody Leonhard (09/03/02)
• Compaq mount patch broken Paul Szabo (09/03/02)
• [SECURITY] [DSA 160-1] New scrollkeeper packages fix insecure temporary file creation Martin Schulze (09/03/02)
• SWS Web Server v0.1.0 Exploit saman@hush.com (09/02/02)
• New Paper: Threat profiling Microsoft SQL Server NGSSoftware Insight Security Research (09/02/02)
• Microsoft SQL Server Stored procedures [sp_MSSetServerPropertiesn and sp_MSsetalertinfo] (#NISR03092002A) NGSSoftware Insight Security Research (09/02/02)
• Windows .NET Server (RC1) and MSDE (#NISR03092002B) NGSSoftware Insight Security Research (09/02/02)
• Outlook S/MIME Vulnerability Mike Benham (09/02/02)
• Happy Labor Day from Snosoft KF (09/02/02)
• Re: Trillian XML parser buffer overflow soulshock (08/31/02)
• SECNAP Security Alert: Radmin Default install options vulnerability Michael Scheidell (09/02/02)
• One step easier password guessing on Windows NP-completer (09/01/02)
• [RHSA-2002:186-07] Updated scrollkeeper packages fix tempfile vulnerability bugzilla@redhat.com (09/02/02)
• XSS in Null HTTPd Matthew Murphy (09/02/02)
• The ScrollKeeper Root Trap Spybreak (09/02/02)
• Re: SUMMARY: Disabling Port 445 (SMB) Entirely Shaolin Tiger (09/02/02)

Last message date: 09/30/02
Archived on: 09/30/02 CEST

---

345 messages sorted by: [ author ] [ thread ] [ subject ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2002-09