SecurityFocus Bugtraq
By Thread

435 messages sorted by: [ author ] [ date ] [ subject ] [ attachment ]

---

Starting: 10/01/02
Ending: 10/31/02

• Security Update: [CSSA-2002-043.0] Linux: chfn (util-linux) temp file race vulnerability security@caldera.com (10/30/02)
• Cisco Security Advisory: Cisco ONS15454 and Cisco ONS15327 Vulnerabilities Cisco Systems Product Security Incident Response Team (10/31/02)
• ezmlm warning bugtraq-help@securityfocus.com (10/31/02)
• Microsoft Internet Information Server 5/5.1 Denial of Service (#NISR31102002) NGSSoftware Insight Security Research (10/31/02)
  • Anyone know the security alert contact for 3com? Michael Scheidell (10/31/02)
• SmartMail server DOS securma massine (10/31/02)
• SuSE Security Announcement: lprng/html2ps (SuSE-SA:2002:040) Sebastian Krahmer (10/31/02)
• [SECURITY] [DSA 185-1] New heimdal packages fix buffer overflows Martin Schulze (10/31/02)
• SuSE Security Announcement: syslog-ng (SuSE-SA:2002:039) Sebastian Krahmer (10/31/02)
• GLSA: pam_ldap Daniel Ahlberg (10/30/02)
• [SECURITY] [DSA 184-1] New krb4 packages fix buffer overflow Martin Schulze (10/30/02)
• GLSA: sharutils Daniel Ahlberg (10/30/02)
• XXE (Xml eXternal Entity) attack Gregory Steuck (10/30/02)
• Gimp: Erased sections of images print in some cases Clark Mills (10/29/02)
  • Re: Gimp: Erased sections of images print in some cases Robert Bihlmeyer (10/30/02)
  • Re: Gimp: Erased sections of images print in some cases Earl Hood (10/30/02)
  • Re: Gimp: Erased sections of images print in some cases Elio Grieco (10/30/02)
• MDKSA-2002:073 - krb5 update Mandrake Linux Security Team (10/29/02)
• IP SmartSpoofing : How to bypass all IP filters relying on sourc e IP address Vincent Royer (10/29/02)
• Bypassing website filter in SonicWall Marc Ruef (10/29/02)
  • Re: Bypassing website filter in SonicWall Kurt Seifried (10/30/02)
  • Re: Bypassing website filter in SonicWall Robert Bihlmeyer (10/30/02)
• [SECURITY] [DSA 183-1] New krb5 packages fix buffer overflow Martin Schulze (10/29/02)
• Security Update: [CSSA-2002-039.0] Linux: bzip2 file creation and symbolic link vulnerabilities security@caldera.com (10/29/02)
• Re: SUMMARY: Disabling Port 445 (SMB) Entirely dan hayden (10/29/02)
• Security Update: [CSSA-2002-041.0] Linux: pam_ldap format string vulnerability security@caldera.com (10/29/02)
• KRB5-SORCERER2002-10-27 Security Update ask33@linuxmountain.org (10/28/02)
• Further problems with Arescom NetDSL-800 MSN Firmware version 5.4.x and up Justin Cervero (10/29/02)
• [ESA-20021029-028] syslog-ng: buffer overflow in macro handling code (UPDATED) EnGarde Secure Linux (10/29/02)
• [ESA-20021029-027] mod_ssl cross-site scripting vulnerability. EnGarde Secure Linux (10/29/02)
• GLSA: ypserv Daniel Ahlberg (10/28/02)
• CISCO as5350 crashes with nmap connect scan Thomas Munn (10/28/02)
  • Re: CISCO as5350 crashes with nmap connect scan Thomas Munn (10/29/02)
  • Re: CISCO as5350 crashes with nmap connect scan Thomas Munn (10/29/02)
  • Re: CISCO as5350 crashes with nmap connect scan Wendy Garvin (10/29/02)
• Re: Privilege Escalation Vulnerability In phpBB 2.0.0 x x (10/28/02)
• dobermann FORUM (php) Frog Man (10/27/02)
  • RE: dobermann FORUM (php) Mark Stunnenberg (10/29/02)
• Oracle9iAS Web Cache Denial of Service (a102802-1) @stake advisories (10/28/02)
• SCAN Associates Advisory : Multiple vurnerabilities on mailreader.com pokleyzz (10/28/02)
• Re: Buffer overflow in kadmind4 Chris Barnes (10/27/02)
• Privilege Escalation Vulnerability In phpBB 2.0.0 nick84@rootsecure.net (10/28/02)
• [SNS Advisory No.57] AN HTTPD Cross-site Scripting Vulnerability snsadv@lac.co.jp (10/28/02)
• GLSA: mod_ssl Daniel Ahlberg (10/27/02)
• Substitution of document signed under new American format ECDSA. Alexander Komlin (10/28/02)
• MDaemon SMTP/POP/IMAP server DoS D4rkGr3y (10/27/02)
  • RE: MDaemon SMTP/POP/IMAP server DoS Basil Hussain (10/29/02)
    • RE: MDaemon SMTP/POP/IMAP server DoS Robert Feldbauer (10/29/02)
  • Re: MDaemon SMTP/POP/IMAP server DoS Karl Pietri (10/29/02)
  • Re: MDaemon SMTP/POP/IMAP server DoS Muhammad Faisal Rauf Danka (10/29/02)
    • RE: MDaemon SMTP/POP/IMAP server DoS Basil Hussain (10/30/02)
• GLSA: kth-krb Daniel Ahlberg (10/26/02)
• Updated: MITKRB5-SA-2002-002: Buffer overflow in kadmind4 Tom Yu (10/26/02)
• TCP/IP Printer Configuration Utility for Apple.LaserWriter 12/640 PS security problem UkR security team™ (10/26/02)
• RE: DH team: Norton Antivirus Corporate Edition Privilege Escalation, http://online.securityfocus.com/archive/1/296979/2002-10-22/2002-10-28/0 Sym Security (10/25/02)
• IPSwitch, Inc. WS_FTP Server dev-null@no-id.com (10/25/02)
  • Re: IPSwitch, Inc. WS_FTP Server Alun Jones (10/25/02)
    • Re[2]: IPSwitch, Inc. WS_FTP Server 3APA3A (10/26/02)
• Sec-Tec advisory 24.10.02 Unauthorised file acces in Acuma's Acusend David Wray (10/25/02)
• Security Update: [CSSA-2002-038.0] Linux: inn format string and insecure open vulnerabilities security@caldera.com (10/25/02)
• iDEFENSE Security Advisory 10.24.02: Directory Traversal in SolarWinds TFTP Server David Endler (10/24/02)
• IBM Infoprint Remote Management Simple DoS Toni Lassila (10/25/02)
  • Re: IBM Infoprint Remote Management Simple DoS Fredrik Björk (10/28/02)
• [SecurityOffice] Liteserve Web Server v2.0 Authorization Bypass Vulnerability Tamer Sahin (10/24/02)
• vpopmail CGIapps vpasswd vulnerabilities Ignacio Vazquez (10/24/02)
  • Re: vpopmail CGIapps vpasswd vulnerabilities Jeremy C. Reed (10/24/02)
• MDKSA-2002:072 - mod_ssl update Mandrake Linux Security Team (10/24/02)
• MDKSA-2002:071 - kdegraphics update Mandrake Linux Security Team (10/24/02)
• [SecurityOffice] BRS WebWeaver Web Server v1.01 Protected File Access Vulnerability Tamer Sahin (10/24/02)
• Security Update: [CSSA-2002-037.0] Linux: various packet handling vunerabilities in ethereal security@caldera.com (10/24/02)
• [SecurityOffice] BadBlue Web Server v1.7 Protected File Access Vulnerability Tamer Sahin (10/24/02)
• NetBSD Security Advisory 2002-025: trek(6) buffer overrun NetBSD Security Officer (10/24/02)
• Multiple issues in internet explorer/outlook John C. Hennessy (10/24/02)
• Reminder: Call for Papers IWIA 2003 Ends Soon Stephen D. B. Wolthusen (10/24/02)
• vpopmail CGIapps vadddomain multiple vulnerabilities Ignacio Vazquez (10/24/02)
• GLSA: zope Daniel Ahlberg (10/24/02)
• XSS vulnerability in Mojo Mail Sign-Up Form Daniel Boland (10/24/02)
• DH team: Norton Antivirus Corporate Edition Privilege Escalation 3APA3A (10/24/02)
• TFTP Server DoS D4rkGr3y (10/24/02)
• GLSA: xfree Daniel Ahlberg (10/24/02)
• [RHSA-2002:223-07] Updated ypserv packages fixes memory leak bugzilla@redhat.com (10/24/02)
• ABfrag followup / WITHOUT ATTACHMENT daniel.roberts@hushmail.com (10/24/02)
• R7-0007: IBM WebSphere Edge Server Caching Proxy Denial of Service Rapid 7 Security Advisories (10/23/02)
• R7-0008: IBM WebSphere Edge Server Caching Proxy Cross-Site Scripting Issues Rapid 7 Security Advisories (10/23/02)
• XSS bug in MyMarket 1.71 qber66 (09/11/02)
  • Router DSL Dlink Linux (10/23/02)
    • Re: Router DSL Dlink Markus Garscha (10/24/02)
• does Xandros have anyone answering the security phone? Eric L. Howard (10/23/02)
  • Re: does Xandros have anyone answering the security phone? KF (10/23/02)
• MITKRB5-SA-2002-002: Buffer overflow in kadmind4 Tom Yu (10/23/02)
• Security Update: [CSSA-2002-036.0] Linux: remote buffer overflow in webalizer reverse lookup code security@caldera.com (10/23/02)
• MDKSA-2002:070 - tetex update Mandrake Linux Security Team (10/23/02)
• [SecurityOffice] Web Server 4 Everyone v1.28 Host Field Denial of Service Vulnerability Tamer Sahin (10/23/02)
• [OpenPKG-SA-2002.010] OpenPKG Security Advisory (apache) OpenPKG (10/23/02)
• [ESA-20021022-026] local kernel vulnerabilities EnGarde Secure Linux (10/22/02)
• phpnewsDev Frog Man (10/22/02)
• Re: Sniffing Administrator's Password in Symantec Firewall/VPN Appliance V. 200R Sym Security (10/22/02)
• gBook Frog Man (10/22/02)
• FlashFXP 1.4 Local Password Disclosure Vulnerability Blud Clot (10/22/02)
• Virgil CGI Scanner Vulnerability kalif@hushmail.com (10/22/02)
• MS WIN RPC DoS CODE FROM SPIKE v2.7 lion (10/22/02)
• Windows 2000 SNMP DoS Chris Anley (10/22/02)
• Call For Papers Announcement: Black Hat Windows Security Jeff Moss (10/22/02)
• NetBSD Security Advisory 2002-016: Insufficient length check in ESP authentication data NetBSD Security Officer (10/22/02)
• AIM 4.8.2790 remote file execution vulnerability Blud Clot (10/22/02)
• Vulnerable cached objects in IE (9 advisories in 1) GreyMagic Software (10/22/02)
  • Re: Vulnerable cached objects in IE (9 advisories in 1) jelmer (10/22/02)
    • RE: Vulnerable cached objects in IE (9 advisories in 1) GreyMagic Software (10/23/02)
  • RE: Vulnerable cached objects in IE (9 advisories in 1) Thor Larholm (10/23/02)
• MDKSA-2002:069 - gv update Mandrake Linux Security Team (10/22/02)
• NetBSD Security Advisory 2002-026: Buffer overflow in kadmind daemon NetBSD Security Officer (10/22/02)
• [SECURITY] [DSA 181-1] New mod_ssl packages fix cross site scripting Martin Schulze (10/22/02)
• Sniffing Administrator's Password in Symantec Firewall/VPN Appliance V. 200R Juan de la Fuente Costa (10/22/02)
• LinuxSecurity Brasil Magazine Online - Second Edition Renato Murilo Langona (10/21/02)
• Security Update: [CSSA-2002-SCO.41] UnixWare 7.1.1 Open UNIX 8.0.0 : rcp of /proc causes denial-of-service security@caldera.com (10/22/02)
• fragrouter trojan matt@anzen.com (10/21/02)
• XSS vulnerabilites in Pafiledb ersatz@unixhideout.com (10/21/02)
• SuSE Security Announcement: postgresql (SuSE-SA:2002:038) Thomas Biege (10/21/02)
• Reproducing the MS DCE-RPC DOS. Joe Testa (10/20/02)
• D-Link Access Point DWL-900AP+ TFTP Vulnerability security@rionero.com (10/21/02)
• MSIE:"SaveRef" cracks "(VictimWindow).document.write" Liu Die Yu (10/21/02)
  • Re: MSIE:"SaveRef" cracks "(VictimWindow).document.write" jelmer (10/21/02)
• Re: [VulnWatch] NOCC: XSS Ulf Harnhammar (10/20/02)
• NOCC: XSS Ulf Harnhammar (10/20/02)
• AN HTTPD SOCKS4 username Buffer Overflow Vulnerability Kanatoko (10/20/02)
• [SECURITY] [DSA 180-1] New NIS packages fix information leak Martin Schulze (10/21/02)
• GLSA: groff Daniel Ahlberg (10/19/02)
• Re: 3Com TelnetD COMPLETE CODE bladebla@hotmail.com (10/19/02)
• Chrooting Daemons and System Processes HOWTO Jonathan A. Zdziarski (10/18/02)
• Full zone information disclosure on top level domain name servers Max (10/18/02)
  • Re: Full zone information disclosure on top level domain name servers Måns Nilsson (10/19/02)
    • Re: Full zone information disclosure on top level domain name servers Jim Reid (10/20/02)
• GLSA: tetex Daniel Ahlberg (10/18/02)
• SCAN Associates Advisory: Molly 0.5 - Remote Command Execution guejez (10/18/02)
• [security bulletin] SSRT0818U HP Tru64 UNIX V5.1A zlib Potential Security Vulnerability (fwd) Dave Ahmad (10/18/02)
• SCAN Associates Advisory: perlbot 1.9.2 - Remote Command Execution guejez (10/18/02)
• Ambiguities in TCP/IP - firewall bypassing Paul Starzetz (10/18/02)
  • Re: Ambiguities in TCP/IP - firewall bypassing Alan DeKok (10/18/02)
    • Re: Ambiguities in TCP/IP - firewall bypassing Benjamin Krueger (10/18/02)
      • Re: Ambiguities in TCP/IP - firewall bypassing Alun Jones (10/18/02)
      • RE: Ambiguities in TCP/IP - firewall bypassing John Fitzgerald (10/19/02)
      • Re: Ambiguities in TCP/IP - firewall bypassing Tony Finch (10/19/02)
      • Re: Ambiguities in TCP/IP - firewall bypassing Alan DeKok (10/18/02)
      • Re: Ambiguities in TCP/IP - firewall bypassing Luis Bruno (10/19/02)
  • Re: Ambiguities in TCP/IP - firewall bypassing Florian Weimer (10/19/02)
    • Re: Ambiguities in TCP/IP - firewall bypassing cbrenton@slartibartfast.pa.net (10/19/02)
    • Re: Ambiguities in TCP/IP - firewall bypassing Aaron Hopkins (10/19/02)
      • Re: Ambiguities in TCP/IP - firewall bypassing Florian Weimer (10/21/02)
  • Re: Ambiguities in TCP/IP - firewall bypassing David Wagner (10/19/02)
  • Re: Ambiguities in TCP/IP - firewall bypassing Lyndon Nerenberg (10/20/02)
  • RE: Ambiguities in TCP/IP - firewall bypassing Ofir Arkin (10/21/02)
• [RHSA-2002:192-13] Updated Mozilla packages fix security vulnerabilities bugzilla@redhat.com (10/18/02)
• interSEC security advisory - Multiple bugs in Web602 web server Jan Kachlik (10/18/02)
• [Immunity, Inc.]Vulnerability: RPC Service DoS (port 135/tcp) on Windows 2000 SP3 Dave Aitel (10/18/02)
• KaZaA David Krum (10/18/02)
  • RE: KaZaA Christopher Wagner (10/18/02)
  • RE: KaZaA Brenna Primrose (10/18/02)
  • Re: KaZaA Nicholas C. Weaver (10/18/02)
  • Re: KaZaA Alex Lambert (10/18/02)
• New Vulnerability on YaBB 1.4.0 and YaBB 1.4.1 forums Nir Adar (10/18/02)
• Microsoft Windows Media Player for Sparc/Solaris vulnerability Samuel Tardieu (10/18/02)
• SCAN Associates Advisory: madhater perlbot 1.0 beta - Remote Command Execution guejez (10/18/02)
• New buffer overflow in PlanetDNS securma massine (10/18/02)
• vBulletin XSS Security Bug Sp.IC (10/18/02)
  • RE: vBulletin XSS Security Bug Alex Yu (10/21/02)
• [SECURITY] [DSA 179-1] New gnome-gv packages fix buffer overflow Martin Schulze (10/18/02)
• TSLSA-2002-0069-apache Trustix Secure Linux Advisor (10/17/02)
• [RHSA-2002:205-15] New kernel fixes local security issues bugzilla@redhat.com (10/17/02)
• [RHSA-2002:210-06] New kernel 2.2 packages fix local vulnerabilities bugzilla@redhat.com (10/17/02)
• TSLSA-2002-0068-kernel Trustix Secure Linux Advisor (10/17/02)
• [RHSA-2002:206-12] New kernel fixes local security issues bugzilla@redhat.com (10/17/02)
• Solution: Kill a Unisys Clearpath with nmap port scan Michael.Kain@unisys.com (10/17/02)
• [SECURITY] [DSA 177-1] New PAM packages fix serious security violation in Debian/unstable Martin Schulze (10/17/02)
  • Re: [SECURITY] [DSA 177-1] New PAM packages fix serious security violation in Debian/unstable Samuele Giovanni Tonon (10/17/02)
• PGP Corporation Beta License Agreement er t (10/17/02)
  • Re: PGP Corporation Beta License Agreement Juraj Bednar (10/17/02)
  • Re: PGP Corporation Beta License Agreement Jon Callas (10/18/02)
• Linux Kernel Exploits / ABFrag daniel.roberts@hushmail.com (10/17/02)
  • Re: Linux Kernel Exploits / ABFrag h2g.sec.list@zipmail.com.br (10/17/02)
  • Re: Linux Kernel Exploits / ABFrag huang po (10/17/02)
    • Re: Linux Kernel Exploits / ABFrag Cedric Blancher (10/17/02)
  • Re: Linux Kernel Exploits / ABFrag dr john halewood (10/17/02)
  • Re: Linux Kernel Exploits / ABFrag Muhammad Faisal Rauf Danka (10/19/02)
• GLSA: ggv Daniel Ahlberg (10/17/02)
• [SECURITY] [DSA 178-1] New Heimdal packages fix remote command execution Martin Schulze (10/17/02)
• NFS Denial of Service advisory from Sun m g (10/17/02)
  • Re: NFS Denial of Service advisory from Sun Edsel Adap (10/18/02)
• Microsoft SQL Server Webtasks privilege upgrade (#NISR17102002) David Litchfield (10/17/02)
• New buffer overflow in plaetDNS securma massine (10/17/02)
• Apache 1.3.26 David Wagner (10/17/02)
• [CLA-2002:533] Conectiva Linux Security Announcement - XFree86 secure@conectiva.com.br (10/17/02)
• phptonuke allows Remote File Retrieving Zero-X ScriptKiddy (10/16/02)
  • Re: phptonuke allows Remote File Retrieving BlueRaven (10/17/02)
• Openwall GNU/*/Linux (Owl) 1.0 release Solar Designer (10/16/02)
• [GIS 2002021001] SkyStream EMR5000 DVB router DoS. Global InterSec Research (10/16/02)
• [CLA-2002:532] Conectiva Linux Security Announcement - sendmail secure@conectiva.com.br (10/16/02)
• MSN Moster Strike Back ?! drorshalev@hotmail.com (10/16/02)
• Cisco Security Advisory: Cisco CatOS Embedded HTTP Server Buffer Overflow Cisco Systems Product Security Incident Response Team (10/16/02)
• [CLA-2002:531] Conectiva Linux Security Announcement - fetchmail secure@conectiva.com.br (10/16/02)
• Linux Security Protection System Bosko Radivojevic (10/16/02)
• X Windows zlib/MIT-SHM/huge font DoS vulnerabilities SGI Security Coordinator (10/16/02)
• [SECURITY] [DSA 176-1] New gv packages fix buffer overflow Martin Schulze (10/16/02)
• Designing Shellcode Demystified Murat Balaban (10/16/02)
• NSSI-2002-zonealarm3: ZoneAlarm Pro Denial of Service Vulnerability Abraham Lincoln (10/16/02)
  • Re: NSSI-2002-zonealarm3: ZoneAlarm Pro Denial of Service Vulnerability Te Smith (10/17/02)
• iDEFENSE Security Advisory 10.16.02: Denial of Service in Sabre Desktop Reservation Client for Windows David Endler (10/16/02)
• MDKSA-2002:066 - tar update Mandrake Linux Security Team (10/11/02)
• CoolForum v 0.5 beta shows content of PHP files scrap (10/12/02)
  • Re: CoolForum v 0.5 beta shows content of PHP files David Woods (10/16/02)
• iDEFENSE Security Advisory 10.15.02: DoS and Directory Traversal Vulnerabilities in WebServer 4 Everyone David Endler (10/15/02)
• A full event log does not send administrative alerts Eitan Caspi (10/11/02)
• [SECURITY] [DSA 175-1] New syslog-ng packages fix buffer overflow Martin Schulze (10/15/02)
• rpcbind/fsr_efs/mv/errhook/uux vulnerabilities update SGI Security Coordinator (10/15/02)
• TheServer log file access password in cleartext w/vendor resolution. Larry W. Cashdollar (10/14/02)
• MDKSA-2002:065 - unzip update Mandrake Linux Security Team (10/11/02)
• Ingenium Admin Password Vulnerability Brian Enigma (10/15/02)
• [RHSA-2002:196-09] Updated xinetd packages fix denial of service vulnerability bugzilla@redhat.com (10/15/02)
• Undocumented account vulnerability in Avaya P550R/P580/P880/P882 switches Jacek Lipkowski (10/15/02)
  • Re: Undocumented account vulnerability in Avaya P550R/P580/P880/P882 switches Mike Scher (10/17/02)
    • Re: Undocumented account vulnerability in Avaya P550R/P580/P880/P882 switches Jacek Lipkowski (10/17/02)
• GLSA: tomcat Daniel Ahlberg (10/15/02)
• Who Need Friends ? IE & MSN expose contact list & other info drorshalev@hotmail.com (10/15/02)
  • RE: Who Need Friends ? IE & MSN expose contact list & other info Thor Larholm (10/16/02)
• securitybugware new network tool Jitsu-Disk (10/15/02)
• GLSA: apache Daniel Ahlberg (10/15/02)
• Internet Explorer : The D-Day GreyMagic Software (10/15/02)
• Coolsoft PowerFTP <= v2.24 Denial of Service (Linux Source) a b (10/12/02)
• J2EE EJB privacy leak and DOS. Sylvia (10/14/02)
  • RE: J2EE EJB privacy leak and DOS. Alan Rouse (10/15/02)
    • Re: J2EE EJB privacy leak and DOS. Ari Gordon-Schlosberg (10/16/02)
  • Re: J2EE EJB privacy leak and DOS. Rudolf Schreiner (10/15/02)
  • RE: J2EE EJB privacy leak and DOS. Sylvia Else (10/18/02)
• Multiple Symantec Firewall Secure Webserver timeout DoS AI-SEC Security Advisories (10/14/02)
  • Re: Multiple Symantec Firewall Secure Webserver timeout DoS Sym Security (10/15/02)
• SuSE Security Announcement: Heartbeat (SuSE-SA:2002:037) Olaf Kirch (10/14/02)
• Symantec Enterprise Firewall Secure Webserver info leak AI-SEC Security Advisories (10/14/02)
  • Re: Symantec Enterprise Firewall Secure Webserver info leak Sym Security (10/15/02)
• Long URL causes TelCondex SimpleWebServer to crash Marc Ruef (10/13/02)
• [RHSA-2002:194-18] Command execution vulnerability in dvips bugzilla@redhat.com (10/14/02)
• [SECURITY] [DSA 174-1] New heartbeat packages fix buffer overflows Martin Schulze (10/14/02)
• Pyramid Research Project - atphttpd security advisorie pyramid-rp@hushmail.com (10/13/02)
• Security vulnerabilities in Polycom ViaVideo Web component advisory@prophecy.net.nz (10/13/02)
• GLSA: sendmail Daniel Ahlberg (10/13/02)
• Directory traversal in Daniel Arenz' Mini Server Marc Ruef (10/13/02)
• Pyramid Research Project - ghttpd security advisorie pyramid-rp@hushmail.com (10/13/02)
• Researcher seeking 'phage' and other security mailing list archives Curator at Security Digest Archive (10/13/02)
• ECHU Alert #3 : Meunity 1.1 script injection vulnerability das@echu.org (10/14/02)
• GLSA: net-snmp Daniel Ahlberg (10/14/02)
• GLSA: heimdal Daniel Ahlberg (10/14/02)
• GLSA: nss_ldap Daniel Ahlberg (10/13/02)
• CALL FOR PAPERS - SANTA DIED LAST YEAR staff (10/14/02)
• Input requested for second edition of "Firewalls and Internet Security" Steve Bellovin (10/14/02)
• "Camera/Shy the Steganographical Browser" ttudia@yahoo.com.tw (10/14/02)
  • RE: "Camera/Shy the Steganographical Browser" the Pull (10/15/02)
• Long URL crashes My Web Server 1.0.2 Marc Ruef (10/12/02)
• R7-0006: Oracle 8i/9i Listener SERVICE_CURLOAD Denial of Service Rapid 7 Security Advisories (10/09/02)
• Security Update: [CSSA-2002-SCO.39] OpenServer 5.0.5 OpenServer 5.0.6 : Buffer Overflow in Multiple DNS Resolver Libraries security@caldera.com (10/12/02)
• Multiple XSS vulnerabilites in PHPNuke Bruno Morisson (10/10/02)
• [SecurityOffice] Webserver 4D v3.6 Weak Password Preservation Vulnerability Tamer Sahin (10/09/02)
• Security hole in kpf - KDE personal fileserver. Ajay R Ramjatan (10/11/02)
• Multiple firewalls ruleset bypass through FTP. Again. (CERT VU#328867) Mikael Olsson (10/08/02)
• [SNS Advisory No.56] TSAC Web package/IIS 5.1 connect.asp Cross-site Scripting Vulnerability snsadv@lac.co.jp (10/11/02)
• KDE Security Advisory: KGhostview Arbitary Code Execution Dirk Mueller (10/09/02)
• KDE Security Advisory: kpf Directory traversal Dirk Mueller (10/09/02)
• Outlook Express Remote Code Execution in Preview Pane (S/MIME) Aviram Jenik (10/11/02)
• OpenOffice 1.0.1 Race condition during installation. Larry W. Cashdollar (10/11/02)
• prover of concept code of windows help overflow buzheng (10/10/02)
• XSS bug in PHPNuke 6.0 Arab VieruZ (10/11/02)
• [RHSA-2002:204-10] Updated squirrelmail packages close cross-site scripting vulnerabilities bugzilla@redhat.com (10/11/02)
• Security Update: [CSSA-2002-SCO.40] OpenServer 5.0.5 OpenServer 5.0.6 : ypxfrd remote file access vulnerability security@caldera.com (10/11/02)
• Re: Multiple Vendor PC firewall remote denial of services Vulnerability Sym Security (10/10/02)
• [RHSA-2002:207-14] Updated packages fix PostScript and PDF security issue bugzilla@redhat.com (10/10/02)
• R7-0004: Multiple Vendor Long ZIP Entry Filename Processing bugtraq-return-6791@securityfocus.com (10/10/02)
• Plain text DDNS password in NetGear FM114P backups Marc Ruef (10/10/02)
• XSS bug in Zorum 2.4 Arab VieruZ (10/10/02)
• phpBBmod contains an open phpinfo Roland Verlander (10/10/02)
• Multiple vulnerabilities in phpRank Jedi/Sector One (10/10/02)
• MondoSearch show the source of all files thefastkid (10/10/02)
  • Re: MondoSearch show the source of all files Orp 664 (10/19/02)
• TCP flood against NetGear FM114P Marc Ruef (10/10/02)
  • Re: TCP flood against NetGear FM114P Stephen Samuel (10/10/02)
• more silly bugs in cooolsoft 'personal ftp server' Knud Erik Højgaard (10/10/02)
• XSS bug in php(Reactor) Arab VieruZ (10/10/02)
• Multiple vendor ypxfrd map handling vulnerability Janusz Niewiadomski (10/10/02)
• nylon 0.2 (0.3?) DoS 3APA3A (10/10/02)
• syslog-ng buffer overflow Holtzl Peter (10/10/02)
• [SECURITY] [DSA 173-1] New bugzilla packages fix privilege escalation Martin Schulze (10/09/02)
• XSS in Authoria HR Suite Max (10/09/02)
• MDKSA-2002:064 - kdelibs update Mandrake Linux Security Team (10/09/02)
• [security bulletin] SSRT2339 (ypxfrd) and SSRT2368 (ypserv) HP Tru64 UNIX Potential Security Vulnerability (fwd) Dave Ahmad (10/09/02)
• GNU tar (Re: Allot Netenforcer problems, GNU TAR flaw) Solar Designer (09/28/02)
• Thor Larholm security advisory TL#004 Thor Larholm (10/09/02)
• Four Vulnerabilities in SurfControl's SuperScout Email Filter Administrative Server 'ken'@FTU (10/09/02)
• Flood ACK packets cause AIX DoS Mauro Flores (10/09/02)
  • Re: Flood ACK packets cause AIX DoS Doug Brenner (10/09/02)
• CfP: 19C3 Chaos Communication Congress 2002 Pluto (10/09/02)
• upload malicious file in VBZooM forums hish _ hish (10/09/02)
  • Re: upload malicious file in VBZooM forums M. Zeeshan Mustafa (10/09/02)
• new vulnerability inPowerFTP Personal FTP Server securma massine (10/09/02)
• phpBB2 Showing users ip adresses Priamus (10/09/02)
  • Re: phpBB2 Showing users ip adresses Gerben Wijnja (10/10/02)
  • Re: phpBB2 Showing users ip adresses nick84@rootsecure.net (10/13/02)
• Flood ACK packets cause an IBM SecureWay FireWall DoS Mauro Flores (10/09/02)
• CSS on Microsoft Content Management Server overclocking_a_la_abuela@hotmail.com (10/08/02)
• [RHSA-2002:215-09] Updated fetchmail packages fix vulnerabilities bugzilla@redhat.com (10/07/02)
• [security bulletin] SSRT2208 - HP Tru64 UNIX /usr/sbin/routed Potential Security Vulnerability (fwd) Dave Ahmad (10/09/02)
• CERT Advisory CA-2002-28 Trojan Horse Sendmail Distribution (fwd) Dave Ahmad (10/09/02)
  • Re: CERT Advisory CA-2002-28 Trojan Horse Sendmail Kim Scarborough (10/09/02)
• Reset any user's password in VBZoom forums hish _ hish (10/08/02)
• [SECURITY] [DSA 171-1] New fetchmail packages fix buffer overflows Martin Schulze (10/08/02)
• [SECURITY] [DSA 169-1] New ht://Check packages fix cross site scripting problem Martin Schulze (10/08/02)
• Multiple Vendor PC firewall remote denial of services Vulnerability Yiming Gong (10/08/02)
• SSGbook (ASP) Frog Man (10/08/02)
• [SECURITY] [DSA 172-1] New tkmail packages fix insecure temporary file creation Martin Schulze (10/08/02)
• NetBSD Security Advisory 2002-019: Buffer overrun in talkd NetBSD Security Officer (10/08/02)
• [ESA-20021007-024] apache: potential DoS, cross-site scripting, and buffer overflow vulnerabilities. EnGarde Secure Linux (10/07/02)
• NetBSD Security Advisory 2002-021: rogue vulnerability NetBSD Security Officer (10/08/02)
• NetBSD Security Advisory 2002-022: buffer overrun in pic(1) NetBSD Security Officer (10/08/02)
• NetBSD Security Advisory 2002-015: (another) buffer overrun in libc/libresolv DNS resolver NetBSD Security Officer (10/08/02)
• NetBSD Security Advisory 2002-023: sendmail smrsh bypass vulnerability NetBSD Security Officer (10/08/02)
• macromedia flash mx bypasses cookie settings jelmer (10/07/02)
• Filters on url shortening services Andrew Hodgson (10/07/02)
  • Re: Filters on url shortening services Florian Weimer (10/07/02)
    • Re: Filters on url shortening services Andrew Hodgson (10/07/02)
• SuSE Security Announcement: hylafax (SuSE-SA:2002:035) Thomas Biege (10/07/02)
• Re: iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv juergen.daubert@t-online.de (10/07/02)
• SPIKE 2.7 Released: There's a party at my house, so bring the beer and follow me.... Dave Aitel (10/07/02)
• XSS bug in hotmail login page Peter Rdam (10/06/02)
  • RE: XSS bug in hotmail login page Thor Larholm (10/07/02)
    • RE: XSS bug in hotmail login page Russell Harding (10/08/02)
      • Re: XSS bug in hotmail login page Inderjeet S Sodhi (10/09/02)
  • RE: XSS bug in hotmail login page Thor Larholm (10/08/02)
  • Re: XSS bug in hotmail login page Muhammad Faisal Rauf Danka (10/08/02)
    • Re: XSS bug in hotmail login page Berend-Jan Wever (10/08/02)
• ArGoSoft Web-Mail security problem Z0rbaS (10/07/02)
• phpSecurePages & Killer Protection ( PHP ) Frog Man (10/06/02)
• SuSE Security Announcement: mod_php4 (SuSE-SA:2002:036) Thomas Biege (10/07/02)
• [CLA-2002:530] Conectiva Linux Security Announcement - apache secure@conectiva.com.br (10/07/02)
• Flash player can read local files jelmer (10/06/02)
• phpLinkat XSS Security Bug Sp.IC (10/04/02)
• [RHSA-2002:175-16] Updated nss_ldap packages fix buffer overflow bugzilla@redhat.com (10/04/02)
• [RHSA-2002:197-06] Updated glibc packages fix vulnerabilities in resolver bugzilla@redhat.com (10/04/02)
• Vulnerabilitie in PowerFTP server Armand Morgan (10/05/02)
• injecting commands on a ptraced telnet/ssh session by way of xenion (10/04/02)
  • Re: injecting commands on a ptraced telnet/ssh session Paul Starzetz (10/09/02)
• vulnerabilities in logsurfer Jan Kohlrausch (10/04/02)
• [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache) OpenPKG (10/04/02)
• SECURITY.NNOV: ikonboard 3.1.1 CSS 3APA3A (10/04/02)
  • Re: SECURITY.NNOV: ikonboard 3.1.1 CSS Rajkumar S. (10/04/02)
• WinXP Pro(Gold) Insecure System Restore File Permissions Makoto Shiotsuki (10/04/02)
• Cisco Security Advisory: Predefined Restriction Tables Allow Calls to International Operator Cisco Systems Product Security Incident Response Team (10/04/02)
• [RHSA-2002:212-06] Updated packages fix PostScript and PDF security issue bugzilla@redhat.com (10/04/02)
• [SECURITY] [DSA 169-1] New tomcat packages fix unintended source code disclosure Martin Schulze (10/04/02)
• Cisco Secure Content Accelerator vulnerable to SSL worm Matt Zimmerman (10/03/02)
  • Re: Cisco Secure Content Accelerator vulnerable to SSL worm Mike Caudill (10/04/02)
• phpLinkat XSS Security Bug Sp.IC (10/03/02)
• BearShare Directory Traversal Issue Resurfaces Aviram Jenik (10/03/02)
• rpcbind/fsr_efs/mv/errhook/uux vulnerabilities SGI Security Coordinator (10/03/02)
• phpMyNewsletter Frog Man (10/03/02)
• iDEFENSE Security Advisory 10.03.2002: Apache 1.3.x shared memory scoreboard vulnerabilities David Endler (10/03/02)
• Re: Postnuke XSS issues [correction] Brian E (10/01/02)
• Re: [VulnDiscuss] XSS bug in Compaq Insight Manager Http server sullo (10/01/02)
• The Books Module for the PostNuke CMS XSS Vulnerability Pistone (10/03/02)
  • Re: The Books Module for the PostNuke CMS XSS Vulnerability Michael Schatz (10/07/02)
• Xerox DocuShare Internal IP address disclosure Ryan Purita (10/03/02)
• Re: Kondara MNU/Linux Shin SHIRAHATA (10/01/02)
• [CLA-2002:529] Conectiva Linux Security Announcement - XFree86 secure@conectiva.com.br (10/03/02)
• Notes on the SQL Cumulative patch David Litchfield (10/03/02)
  • Re: [VulnWatch] Notes on the SQL Cumulative patch Dave Aitel (10/03/02)
• [ESA-20021003-023] fetchmail-ssl: buffer overflows and broken boundary checks. EnGarde Secure Linux (10/03/02)
• GLSA: python Daniel Ahlberg (10/03/02)
• SSL certificate validation problems in Ximian Evolution Veit Wahlich (10/03/02)
• GLSA: gv Daniel Ahlberg (10/03/02)
• Buffer Overflow in IE/Outlook HTML Help NGS Insight Security Research (10/03/02)
• [ESA-20021003-022] tar: directory traversal vulnerability. EnGarde Secure Linux (10/03/02)
• CommonName Toolbar potentially exposes LAN web addresses Eric Stevens (10/03/02)
  • RE: CommonName Toolbar potentially exposes LAN web addresses Eric Stevens (10/03/02)
  • RE: CommonName Toolbar potentially exposes LAN web addresses Mustafa Deeb (10/03/02)
  • Re: CommonName Toolbar potentially exposes LAN web addresses Andrew Clover (10/04/02)
  • RE: CommonName Toolbar potentially exposes LAN web addresses Anders Blockmar (10/07/02)
• [ESA-20021003-021] glibc: several security-related updates. EnGarde Secure Linux (10/03/02)
• Postnuke XSS fixed Muhammad Faisal Rauf Danka (10/02/02)
  • Re: Postnuke XSS fixed Daniel Woods (10/02/02)
    • Re: Postnuke XSS fixed Sebastian Konstanty Zdrojewski (10/03/02)
  • Re: Postnuke XSS fixed Muhammad Faisal Rauf Danka (10/03/02)
  • Re: Postnuke XSS fixed Muhammad Faisal Rauf Danka (10/03/02)
• wp--02-0005: Multiple Vulnerabilities in SuperScout Web Reports Server Matt Moore (10/02/02)
• Kill a Unisys Clearpath with nmap port scan Jonathan G. Lampe (10/02/02)
  • Re: Kill a Unisys Clearpath with nmap port scan Mike Shaw (10/03/02)
  • Re: Kill a Unisys Clearpath with nmap port scan Michael.Kain@unisys.com (10/04/02)
• phpWebSite XSS Vulnerability Sp.IC (10/02/02)
• MySimpleNews (PHP) Frog Man (10/02/02)
• iDEFENSE Security Advisory 10.02.2002: Net-SNMP DoS Vulnerability David Endler (10/02/02)
  • Re: iDEFENSE Security Advisory 10.02.2002: Net-SNMP DoS Vulnerability Wes Hardaker (10/03/02)
• wp-02-0012: Carello 1.3 Remote File Execution (Updated 1/10/2002) Matt Moore (10/02/02)
• wp-02-0011: Jetty CGIServlet Arbitrary Command Execution Matt Moore (10/02/02)
• wp-02-0003: MySQL Locally Exploitable Buffer Overflow Matt Moore (10/02/02)
• Multiple Web Security Holes Frog Man (10/02/02)
• Solaris 2.6, 7, 8 Jonathan S (10/02/02)
  • Re: Solaris 2.6, 7, 8 Dave Ahmad (10/02/02)
    • Re: Solaris 2.6, 7, 8 Christopher X. Candreva (10/02/02)
    • Re: Solaris 2.6, 7, 8 buzheng (10/02/02)
      • Re: Solaris 2.6, 7, 8 tb0b (01/08/80)
      • Re: Solaris 2.6, 7, 8 Marco Ivaldi (10/02/02)
      • Re: Solaris 2.6, 7, 8 Sebastian (10/04/02)
    • Re: Solaris 2.6, 7, 8 Gert-Jan Hagenaars (10/02/02)
  • RE: Solaris 2.6, 7, 8 Sinan Eren (10/02/02)
  • Re: Solaris 2.6, 7, 8 Dan Diamond (10/03/02)
  • Re: Solaris 2.6, 7, 8 Ido Dubrawsky (10/02/02)
  • Re: Solaris 2.6, 7, 8 Ramon Kagan (10/02/02)
  • Re: Solaris 2.6, 7, 8 Ramon Kagan (10/02/02)
    • Re: Solaris 2.6, 7, 8 Roy Kidder (10/03/02)
  • RE: Solaris 2.6, 7, 8 Morgan (04/08/02)
• Citrix Published Application Brute Forcer wirepair (10/02/02)
• Apache 2 Cross-Site Scripting mattmurphy@kc.rr.com (10/02/02)
• [BUGZILLA] Security Advisory David Miller (10/01/02)
• iDEFENSE Security Advisory 10.01.02: Sendmail smrsh bypass vulnerabilities David Endler (10/01/02)
• XSS bug in Compaq Insight Manager Http server Taylor Huff (10/01/02)
  • RE: XSS bug in Compaq Insight Manager Http server Toni Lassila (10/04/02)
• [security bulletin] SSRT2371 HP OpenVMS Potential POP server local vulnerability (fwd) Dave Ahmad (10/01/02)
• MSIE:"SaveRef" turns Zone off Liu Die Yu (10/01/02)
  • RE: MSIE:"SaveRef" turns Zone off Thor Larholm (10/02/02)
• Postnuke XSS patch Mark Grimes (10/01/02)
• GLSA: unzip Daniel Ahlberg (10/01/02)
• GLSA: fetchmail Daniel Ahlberg (10/01/02)
• PPTP Dave Aitel (10/01/02)
• [CLA-2002:527] Conectiva Linux Security Announcement - python secure@conectiva.com.br (10/01/02)
• NETGEAR FVS318 Information Disclosure Fab\\AIS (10/01/02)
• Insecure XML-RPC handling in Zope reveals the distribution physic al location. Rossen Raykov (10/01/02)
  • Re: Insecure XML-RPC handling in Zope reveals the distribution physic al location. BlueRaven (10/07/02)
• GLSA: tar Daniel Ahlberg (10/01/02)
• ASA-0000: GV Execution of Arbitrary Shell Commands Marc Bevand (10/01/02)
• Re: Another possible RFC 2046 vulnerability. Daniel Pittman (09/30/02)
  • Re: Another possible RFC 2046 vulnerability. Earl Hood (10/01/02)
• local exploitable overflow in rogue/FreeBSD stanojr (09/28/02)

Last message date: 10/31/02
Archived on: 10/31/02 CET

---

435 messages sorted by: [ author ] [ date ] [ subject ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2002-10