SecurityFocus Bugtraq
By Thread

278 messages sorted by: [ author ] [ date ] [ subject ] [ attachment ]

---

Starting: 12/01/02
Ending: 12/31/02

• PEEL (PHP) Frog Man (12/31/02)
• [SECURITY] [DSA 219-1] New dhcpcd packages fix remote command execution vulnerability Martin Schulze (12/31/02)
• Updated "Secure Programming for Linux and Unix HOWTO" now available. David Wheeler (12/30/02)
• Wired.com: So Many Holes, So Few Hacks Richard M. Smith (12/30/02)
• Visual SourceSafe - Preliminary Observations Joel Maslak (12/29/02)
• CITIBANK [CANADA]: INTERNET EXPLORER BROWSERS http-equiv@excite.com (12/29/02)
  • Re: CITIBANK [CANADA]: INTERNET EXPLORER BROWSERS Ben Laurie (12/30/02)
• Multiple vulnerabilities found in PlatinumFTPserver V1.0.6 Dennis Rand (12/30/02)
• Leafnode security announcement SA:2002:01 Matthias Andree (12/29/02)
• [SECURITY] [DSA 218-1] New bugzilla packages fix cross site scripting problem Martin Schulze (12/30/02)
• Potential DOS attack with Web-CyrAdm. Casper Aleva (12/30/02)
• GLSA: cups Daniel Ahlberg (12/29/02)
• GLSA: openldap Daniel Ahlberg (12/28/02)
• Telindus 112x ADSL Router - Weak Password Encryption eflorio@edmaster.it (12/28/02)
• Gallery v1.3.2 allows remote exploit (fixed in 1.3.3) Bharat Mediratta (12/28/02)
• PHRACK #60 HAS BEEN RELEASED phrackstaff@phrack.org (12/28/02)
• [IPS] PUTTY SSH-Client Exploit Daniel Alcántara de la Hoz (12/28/02)
• GLSA: cyrus-sasl Daniel Ahlberg (12/27/02)
• Buffer overflow in PHP "wordwrap" function David F. Skoll (12/27/02)
• [CLA-2002:557] Conectiva Linux Security Announcement - cyrus-imapd secure@conectiva.com.br (12/27/02)
• [GIS 2002101601] SkyStream Admin Shell Privilege Escalation. Global InterSec Research (12/27/02)
• [SECURITY] [DSA 217-1] New typespeed packages fix buffer overflow Martin Schulze (12/27/02)
• Re: Solaris priocntl exploit - Sol8 patches available Scott Howard (12/27/02)
• (MSIE)A rather old trick for web server is now played on MSIE. Liu Die Yu (12/26/02)
• Full Disclosure: Windows File Protection Old Security Catalog Vulnerability FORENSICS.ORG Security Coordinator (12/26/02)
• Full Disclosure: Windows File Protection Arbitrary Certificate Chain Vulnerability FORENSICS.ORG Security Coordinator (12/26/02)
• [SECURITY] [DSA 216-1] New fetchmail packages fix buffer overflow Martin Schulze (12/24/02)
• [SNS Advisory No.60 rev.2] Windows XP Disclosure of Registered AP Information snsadv@lac.co.jp (12/24/02)
• iDEFENSE Security Advisory 12.23.02: Integer Overflow in pdftops iDEFENSE Labs (12/23/02)
• Proxy vulnerability in TrendMicro InterScan-VirusWall V3.6 jrodriga@retevision.es (12/23/02)
• Antwort: Openwebmail 1.71 remote root compromise Stephan Sachweh (12/23/02)
• junkbuster 2.0-1 proxy relaying spam Andrew Daviel (12/23/02)
• GLSA: kde-3.0.x Daniel Ahlberg (12/22/02)
• Hyperion FTP Server buffer overflow securma massine (12/23/02)
• zkfingerd remote exploit security (12/22/02)
• [SECURITY] [DSA 215-1] New cyrus-imapd packages fix remote command execution Martin Schulze (12/23/02)
• 'printenv' XSS vulnerability Dr.Tek (12/22/02)
  • Re: 'printenv' XSS vulnerability Marc Slemko (12/23/02)
• Matlab /tmp usage Paul Szabo (12/22/02)
• KDE Security Advisory: Multiple vulnerabilities in KDE Dirk Mueller (12/21/02)
  • Re: KDE Security Advisory: Multiple vulnerabilities in KDE fozzy@dmpfrance.com (12/23/02)
    • Re: KDE Security Advisory: Multiple vulnerabilities in KDE Florian Weimer (12/23/02)
• XSS and PHP include bug in W-Agora xatr0z (12/19/02)
  • Re: XSS and PHP include bug in W-Agora Marc Druilhe (12/20/02)
• Security Update: [CSSA-2002-059.0] Linux: multiple vulnerabilities in BIND (CERT CA-2002-31) security@caldera.com (12/20/02)
• RealNetworks HELIX Server Buffer Overflow Vulnerabilities (#NISR20122002) NGSSoftware Insight Security Research (12/20/02)
• SuSE Security Announcement: cyrus-imapd (SuSE-SA:2002:048) Sebastian Krahmer (12/20/02)
• GLSA: canna Daniel Ahlberg (12/20/02)
• [RAZOR] Problems with mkstemp() Michal Zalewski (12/20/02)
• Web server vulnerability in Axis Network Cameras, Video Servers and DVRs Axis Product Security (12/20/02)
• [SECURITY] [DSA 214-1] New kdentwork packages fix buffer overflows Martin Schulze (12/20/02)
• GLSA: wget Daniel Ahlberg (12/20/02)
• nCipher Advisory #6: Access control defects in PKCS#11 keys nCipher Support (12/20/02)
• SPGpartenaires (PHP) Frog Man (12/20/02)
• Cisco Security Advisory: Cisco Security Advisory: SSH Malformed Packet Vulnerabilities Cisco Systems Product Security Incident Response Team (12/20/02)
• PHP-Nuke mail CRLF Injection vulnerabilities Ulf Harnhammar (12/20/02)
• [SecurityOffice] Polycom Video Conference System Management Server Authentication Bypass Vulnerability Tamer Sahin (12/19/02)
• RE: Foundstone Research Labs Advisory - Multiple Exploitable Buff er Overflows in Winamp (fwd) Shutters, Mike (12/20/02)
  • Re: Foundstone Research Labs Advisory - Multiple Exploitable Buff er Overflows in Winamp (fwd) Mischa Krilov (12/20/02)
• GLSA: perl Daniel Ahlberg (12/20/02)
• TSLSA-2002-0085 - lynx-ssl Trustix Secure Linux Advisor (12/19/02)
• TSLSA-2002-0086 - mysql Trustix Secure Linux Advisor (12/19/02)
• TSLSA-2002-0087 - perl Trustix Secure Linux Advisor (12/19/02)
• TSLSA-2002-0083 - kernel Trustix Secure Linux Advisor (12/19/02)
• TSLSA-2002-0089 - wget Trustix Secure Linux Advisor (12/19/02)
• TSLSA-2002-0084 - tcpdump Trustix Secure Linux Advisor (12/19/02)
• [Fix] Openwebmail 1.71 remote root compromise Dmitry Guyvoronsky (12/19/02)
• Cisco IOS EIGRP Network DoS FX (12/19/02)
  • Re: Cisco IOS EIGRP Network DoS Damir Rajnovic (12/19/02)
• iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) iDEFENSE Labs (12/19/02)
  • Re: iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) Joe Testa (12/21/02)
  • Re: iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) zen-parse (12/22/02)
• Openwebmail 1.71 remote root compromise Dmitry Guyvoronsky (12/18/02)
• Multiple vulnerability in Enceladus Server securma massine (12/19/02)
• WAnewsletter (PHP) Frog Man (12/19/02)
• [CLA-2002:556] Conectiva Linux Security Announcement - openldap secure@conectiva.com.br (12/19/02)
• [SECURITY] [DSA 213-1] New libpng packages fix buffer overflow Martin Schulze (12/19/02)
• Foundstone Research Labs Advisory - Multiple Exploitable Buffer Overflows in Winamp (fwd) Dave Ahmad (12/19/02)
  • Re: Foundstone Research Labs Advisory - Multiple Exploitable Buffer Overflows in Winamp (fwd) David Howe (12/19/02)
    • RE: Foundstone Research Labs Advisory - Multiple Exploitable Buffer Overflows in Winamp (fwd) Richard Stanway (12/19/02)
    • RE: Foundstone Research Labs Advisory - Multiple Exploitable Buffer Overflows in Winamp (fwd) Russell Garrett (12/19/02)
      • Re: Foundstone Research Labs Advisory - Multiple Exploitable Buffer Overflows in Winamp (fwd) Hacknisty (12/23/02)
• Foundstone Research Labs Advisory - Exploitable Windows XP Media Files (fwd) Dave Ahmad (12/19/02)
• Historic blackhat archives exposed Pry (12/18/02)
• RE: Password Hole Found In Webshots - (Webshots Confirmed) Shutters, Mike (12/18/02)
• MDKSA-2002:068-1 - Updated apache packages fix multiple vulnerabilities Mandrake Linux Security Team (12/18/02)
• MDKSA-2002:087 - Updated MySQL packages fix multiple vulnerabilities Mandrake Linux Security Team (12/18/02)
• [securitydigest.org]: Changes for December 2002 Curator at Security Digest Archives (12/14/02)
• gfxboot allows boot password circumvention, SuSE 8.1 GRUB Matthias Andree (12/14/02)
• Security Paper: Session Fixation Vulnerability in Web-based Applications Mitja Kolsek (ACROS Lists) (12/18/02)
• Missing admin sql password in Okena StormWatch Marc Ruef (12/18/02)
  • RE: Missing admin sql password in Okena StormWatch Marcus Gavel (12/19/02)
• RAZOR advisory: Linux 2.2.xx /proc/<pid>/mem mmap() vulnerability Michal Zalewski (12/17/02)
• export LD_LIBRARY_PATH in /etc/profile.d/* files rich@annexia.org (12/17/02)
  • Re: export LD_LIBRARY_PATH in /etc/profile.d/* files mlh@zip.com.au (12/17/02)
  • Re: export LD_LIBRARY_PATH in /etc/profile.d/* files Antonomasia (12/18/02)
• Fwd: CERT Advisory CA-2002-36 Multiple Vulnerabilities in SSH Implementations Muhammad Faisal Rauf Danka (12/17/02)
• Directory traversal vulnerabilities in several archivers processing .tar Florian Schafferhans (12/17/02)
  • Re: Directory traversal vulnerabilities in several archivers processing .tar der Mouse (12/17/02)
  • RE: Directory traversal vulnerabilities in several archivers processing .tar Andrew Kopp (12/18/02)
    • Re: Directory traversal vulnerabilities in several archivers processing .tar Stephen Samuel (12/19/02)
    • RE: Directory traversal vulnerabilities in several archivers processing .tar konto mailingowe (12/20/02)
• Re: adelphia vulnerability within subnets 0x90 (12/17/02)
• [OpenPKG-SA-2002.016] OpenPKG Security Advisory (fetchmail) OpenPKG (12/17/02)
• [RHSA-2002:293-09] Updated Fetchmail packages fix security vulnerability bugzilla@redhat.com (12/17/02)
• [RHSA-2002:228-11] Updated Net-SNMP packages fix security and other bugs bugzilla@redhat.com (12/17/02)
• [SECURITY] [DSA-212-1] Multiple MySQL vulnerabilities Wichert Akkerman (12/17/02)
• [CLA-2002:555] Conectiva Linux Security Announcement - MySQL secure@conectiva.com.br (12/17/02)
• Macromedia Shockwave Flash Malformed Header Overflow #2 Marc Maiffret (12/17/02)
• Captaris (Infinite) WebMail XSS Pedram Amini (12/17/02)
• Security Patchs for PHP Products Frog Man (12/15/02)
• [CLA-2002:553] Conectiva Linux Security Announcement - kernel 2.4 secure@conectiva.com.br (12/16/02)
• [CLA-2002:554] Conectiva Linux Security Announcement - fetchmail secure@conectiva.com.br (12/16/02)
• zkfingerd 0.9.1 format string vulnerabilities (#NISR16122002A) NGSSoftware Insight Security Research (12/16/02)
• PFinger 0.7.8 format string vulnerability (#NISR16122002B) NGSSoftware Insight Security Research (12/16/02)
  • RE: PFinger 0.7.8 format string vulnerability (#NISR16122002B) Stefan Esser (12/16/02)
    • Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B) der Mouse (12/16/02)
    • Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B) Valdis.Kletnieks@vt.edu (12/17/02)
      • Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B) Stefan Esser (12/17/02)
      • Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B) der Mouse (12/17/02)
      • Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B) Andreas Borchert (12/18/02)
  • Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B) Andreas Tscharner (12/26/02)
• Cross-site scripting vulnerability in CF 5.0 KiLL CoLe (12/16/02)
  • RE: Cross-site scripting vulnerability in CF 5.0 CORREIA, PATRICK (12/16/02)
  • Re: Cross-site scripting vulnerability in CF 5.0 SecurityFocus@cubesearch.com (12/16/02)
• PHP-Nuke code execution and XSS vulnerabilities Ulf Harnhammar (12/16/02)
• GLSA: exim Daniel Ahlberg (12/16/02)
• R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors Rapid 7 Security Advisories (12/16/02)
• PHP-Nuke 6.0 : Path Disclosure & Cross Site Scripting Frog Man (12/15/02)
  • PHPNuke 6.0 path disclosure [again] Ing. Bernardo Lopez (12/22/02)
• [OpenPKG-SA-2002.015] OpenPKG Security Advisory (tetex) OpenPKG (12/16/02)
• [OpenPKG-SA-2002.014] OpenPKG Security Advisory (perl) OpenPKG (12/16/02)
• [OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql) OpenPKG (12/16/02)
• Multiple vendors XML parser (and SOAP/WebServices server) Denial of Service attack using DTD Amit Klein (12/16/02)
• Password Disclosure in Cryptainer K. K. Mookhey (12/16/02)
  • Re: [VulnWatch] Password Disclosure in Cryptainer Kurt Seifried (12/17/02)
• GLSA: mysql Daniel Ahlberg (12/15/02)
• GLSA: squirrelmail Daniel Ahlberg (12/15/02)
• GLSA: fetchmail Daniel Ahlberg (12/15/02)
• GLSA: mysql Daniel Ahlberg (12/15/02)
• MyPHPLinks (PHP) : SQL Injection Frog Man (12/14/02)
• FW: SQL Injection Solved Louie Conceicao (12/13/02)
• [CLA-2002:552] Conectiva Linux Security Announcement - wget secure@conectiva.com.br (12/13/02)
• Directory Traversal Vulnerability in FTP Client on IRIX SGI Security Coordinator (12/13/02)
• [ESA-20021213-033] Several MySQL vulnerabilities. EnGarde Secure Linux (12/13/02)
• Anyone can read all XOOPS private messages Val Deux (12/13/02)
• Advisory 05/2002: Another Fetchmail Remote Vulnerability Stefan Esser (12/13/02)
• Eserv remote denial of service securma massine (12/13/02)
• [SECURITY] [DSA 211-1] New mICQ packages fix denial of service Martin Schulze (12/13/02)
• [SECURITY] [DSA-210-1] lynx CRLF injection Wichert Akkerman (12/13/02)
• iDefense Security Advisory gobbles@hushmail.com (12/13/02)
  • RE: iDefense Security Advisory David Endler (12/13/02)
• XSS flaw found at "https://www.e-gold.com" Liu Die Yu (12/10/02)
• Adelphia Powerlink service vulnerable to man in the middle attacks by cable modem users. 0x90 (12/12/02)
• [SECURITY] [DSA-209-1] two wget problems Wichert Akkerman (12/12/02)
• Password Hole Found In Webshots Brian Carpenter (12/12/02)
  • Re: Password Hole Found In Webshots Ian Nguyen (12/12/02)
• [RHSA-2002:222-21] Updated apache, httpd, and mod_ssl packages available bugzilla@redhat.com (12/12/02)
• Advisory 04/2002: Multiple MySQL vulnerabilities Stefan Esser (12/12/02)
  • Advisory Title: iASP Remote Console Applet Allows Remote ph33r (12/13/02)
• VisNetic WebSite XSS vulnerability through HTTP referer header Ory Segal (12/12/02)
• [SECURITY] [DSA 208-1] New Perl packages correct Safe handling Martin Schulze (12/12/02)
• Multiple Mambo Site Server sec-weaknesses euronymous (12/12/02)
• PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability Marc Maiffret (12/12/02)
• MDKSA-2002:086 - Updated wget packages fix directory traversal vulnerability Mandrake Linux Security Team (12/12/02)
• CERT Advisory CA-2002-35 Vulnerability in RaQ 4 Servers (fwd) Muhammad Faisal Rauf Danka (12/12/02)
• Security Update: [CSSA-2002-SCO.44] UnixWare 7.1.1 Open UNIX 8.0.0 : uudecode performs inadequate checks on user-specified output files security@caldera.com (12/11/02)
• Denial of Service vulnerability in VisNetic Website Peter Kruse (12/11/02)
• MTPSR1-120 Firewall Proxy configuration software UkR security team™ (12/11/02)
• Enceladus Server Suite traversal directory vulnerability luca.ercoli@inwind.it (12/08/02)
• proftpd <=1.2.7rc3 DoS Rob klein Gunnewiek (12/08/02)
  • Re: [VulnWatch] proftpd <=1.2.7rc3 DoS Kurt Seifried (12/10/02)
    • Re: [VulnWatch] proftpd <=1.2.7rc3 DoS Rob klein Gunnewiek (12/11/02)
      • Re: [VulnWatch] proftpd <=1.2.7rc3 DoS Kurt Seifried (12/11/02)
• Remote multiple vulnerability in apt-www-proxy. dong-h0un U (12/08/02)
• Re: Zeus Admin Server v4.1r2 index.fcgi XSS bug Colin Watson (12/11/02)
• Security Update: [CSSA-2002-058.0] Linux: buffer overflow in nss_ldap DNS SRV security@caldera.com (12/11/02)
• Directory Traversal Vulnerabilities in FTP Clients Steven M. Christey (12/11/02)
  • Re: Directory Traversal Vulnerabilities in FTP Clients Stephen Samuel (12/12/02)
• [SECURITY] [DSA 207-1] New tetex-lib packages fix arbitrary command execution Martin Schulze (12/11/02)
• Cisco Security Advisory: OSM Line Card Header Corruption Vulnerability Cisco Systems Product Security Incident Response Team (12/11/02)
• Directory traversing bug in 'myServer' webserver. dong-h0un U (12/11/02)
• RE: Sygate Personal Firewall can be shut down without a need to s upply a password - although one is required Seth Knox (12/09/02)
  • RE: Sygate Personal Firewall can be shut down without a need to supply a password - although one is required Eitan Caspi (12/09/02)
• MDKSA-2002:082-1 - Updated python packages fix local arbitrary code execution vulnerability Mandrake Linux Security Team (12/09/02)
• KunaniFTP-Server v.1.0.10 allows dictionary traversal Zero-X www.lobnan.de Team (12/10/02)
  • Re: KunaniFTP-Server v.1.0.10 allows dictionary traversal Alun Jones (12/11/02)
• [SECURITY] [DSA-206-1] tcpdump BGP decoding error Wichert Akkerman (12/10/02)
• [SECURITY] [DSA-205-1] gtetrinet buffer overflows Wichert Akkerman (12/10/02)
• TFTP32 DOS securma massine (12/10/02)
• Remote multiple vulnerability in apt-www-proxy. dong-h0un U (12/10/02)
• Unchecked buffer in PC-cillin advisories@texonet.com (12/10/02)
• [RHSA-2002:229-10] Updated wget packages fix directory traversal bug bugzilla@redhat.com (12/10/02)
• [RHSA-2002:246-18] Updated Canna packages fix vulnerabilities bugzilla@redhat.com (12/10/02)
• Security Update: [CSSA-2002-SCO.43] UnixWare 7.1.1 Open UNIX 8.0.0 : closed file descriptor race vulnerability security@caldera.com (12/09/02)
• Cyrus SASL library buffer overflows Timo Sirainen (12/09/02)
  • Re: Cyrus SASL library buffer overflows Matthias Andree (12/10/02)
• [RHSA-2002:196-19] Updated xinetd packages fix denial of service vulnerability Derek Luce (12/09/02)
• [SecurityOffice] Enceladus Server Suite v3.9 Buffer Overflow Vulnerability Tamer Sahin (12/09/02)
• SECURITY.NNOV: more Ikonboard 3.1.1 crossite scriptings 3APA3A (12/09/02)
• XSS and Path Disclosure in UPB euronymous (12/07/02)
  • Re: XSS and Path Disclosure in UPB Frog Man (12/09/02)
• Security Update: [CSSA-2002-057.0] Linux: groff pic buffer overflow security@caldera.com (12/07/02)
• APBoard-Bug DNA ESC (12/06/02)
• [SECURITY] [DSA 202-2] New IM packages correct hidden architecture dependency Martin Schulze (12/06/02)
• SuSE Security Announcement: OpenLDAP2 (SuSE-SA:2002:047) Sebastian Krahmer (12/06/02)
• [SECURITY] [DSA 192-2] New html2ps packages correct fix against arbitrary code execution Martin Schulze (12/06/02)
• WebReflex Directory Traversal Vulnerability luca.ercoli@inwind.it (12/06/02)
• Security Update: [CSSA-2002-056.0] Linux: apache vulnerabilities in shared memory, DNS, and ApacheBench security@caldera.com (12/06/02)
• Sygate Personal Firewall can be shut down without a need to suppl y Seth Knox (12/05/02)
• RE: Sygate Personal Firewall can be shut down without a need to supply Eitan Caspi (12/05/02)
• Cobalt RaQ4 Remote root exploit grazer@digit-labs.org (12/05/02)
• Multiple vulnerabilities in akfingerd Gianni Tedesco (12/05/02)
• Samba Security Vulnerability on IRIX SGI Security Coordinator (12/05/02)
• BIND Name Server DNS Spoofing Vulnerability on IRIX SGI Security Coordinator (12/05/02)
• Proxy vulnerability in TrendMicro InterScan-VirusWall V3.6 Volker Tanger (12/05/02)
  • Re: Proxy vulnerability in TrendMicro InterScan-VirusWall V3.6 - and 3.7 Build 1190 Dr. Peter Bieringer (12/09/02)
• Cross-site Scripting Vulnerability in phpBB 2.0.3 Fabricio Angeletti (12/03/02)
  • Input Validation Error in vbulletin 2.2.x Dorin Balanica (12/08/02)
• Re: TracerouteNG - never ending story Thomas Biege (12/04/02)
• [Fwd: [RHSA-2002:196-09] Updated xinetd packages fix denial of service vulnerability] Dan Rowles (12/04/02)
  • Re: [Fwd: [RHSA-2002:196-09] Updated xinetd packages fix denial of service vulnerability] Ryan Cleary (12/05/02)
• Notes on MS02-068, extensive downplaying of severity Thor Larholm (12/05/02)
• [SECURITY] [DSA 204-1] New kdlibs packages fix arbitrary program execution Martin Schulze (12/05/02)
• Apache/Tomcat Denial Of Service And Information Leakage Vulnerability alias@securityfocus.com (12/04/02)
• Sygate Personal Firewall can be shut down without a need to supply a password - although one is required Eitan Caspi (12/04/02)
  • RE: Sygate Personal Firewall can be shut down without a need to supply a password - although one is required Russ (12/06/02)
• Buffer Overflow Vulnerability in X Font Server on IRIX SGI Security Coordinator (12/04/02)
• Multiple Vulnerabilities in BIND Name Service Daemon on IRIX SGI Security Coordinator (12/04/02)
• Security Update: [CSSA-2002-055.0] Linux: RPC XDR buffer overflow security@caldera.com (12/04/02)
• Windows XP Disclosure of Registered AP Information snsadv@lac.co.jp (12/04/02)
• [SECURITY] [DSA 203-1] New smb2www packages fix arbitrary command execution Martin Schulze (12/04/02)
• [RHSA-2002:254-05] Updated Webalizer packages fix vulnerability bugzilla@redhat.com (12/04/02)
• SAP database local root via symlink KF (12/04/02)
• [RHSA-2002:220-40] Updated KDE packages fix security issues bugzilla@redhat.com (12/04/02)
• Security Update: [CSSA-2002-054.0] Linux: exploitable memory leak in ypserv security@caldera.com (12/04/02)
• Local root vulnerability found in exim 4.x (and 3.x) Wana Thomas (12/04/02)
  • Re: Local root vulnerability found in exim 4.x (and 3.x) Tabor J. Wells (12/05/02)
    • Re: Local root vulnerability found in exim 4.x (and 3.x) Tabor J. Wells (12/05/02)
• [CLA-2002:551] Conectiva Linux Security Announcement - pine secure@conectiva.com.br (12/04/02)
• Fw: CERT Advisory CA-2002-34 Buffer Overflow in Solaris X Window Font Service Muhammad Faisal Rauf Danka (12/02/02)
  • Re: Fw: CERT Advisory CA-2002-34 Buffer Overflow in Solaris X Window Font Service Jim Knoble (12/04/02)
• Zeroo Webserver remote directory traversal exploit Mike Cramp (12/03/02)
• SquirrelMail v1.2.9 XSS bugs euronymous (12/03/02)
  • Re: SquirrelMail v1.2.9 XSS bugs Jonathan Angliss (12/03/02)
• [SECURITY] [DSA 202-1] New IM packages fix insecure temporary file creation Martin Schulze (12/03/02)
• Poisonous Style for Dialog window turns the zone off. Liu Die Yu (12/03/02)
• Local Netfilter / IPTables IP Queue PID Wrap Flaw James Morris (12/03/02)
  • Re: Local Netfilter / IPTables IP Queue PID Wrap Flaw James Morris (12/03/02)
• [SNS Advisory No.59] Buffalo Wireless LAN Access Point Denial of Service Vulnerability (was Re: Buffalo AP Denial of Service) snsadv@lac.co.jp (12/03/02)
• MDKSA-2002:085 - Updated WindowMaker packages fix buffer overflow vulnerability Mandrake Linux Security Team (12/03/02)
• CORE-20021005: Vulnerability Report For Linksys Devices Carlos Sarraute (12/03/02)
• MDKSA-2002:084 - Updated pine packages fix buffer overflow vulnerability Mandrake Linux Security Team (12/03/02)
• [VU#317417] Denial of Service condition in vxworks ftpd/3com nbx Michael S. Scheidell (12/02/02)
• [RHSA-2002:196-19] Updated xinetd packages fix denial of service vulnerability bugzilla@redhat.com (12/02/02)
• Bypassing Integrity Protection Driver (time vulnerability) Jan Rutkowski (12/02/02)
• pre-login buffer overflow in Cyrus IMAP server Timo Sirainen (12/02/02)
• ShopFactory shopping cart price manipulation Richard van den Berg (12/02/02)
• possible virus break in german exchange option of Inoculate IT 6.0 tigerblue@puzzleapuma.de (12/02/02)
• Cyrus Sieve / libSieve buffer overflow Timo Sirainen (12/02/02)
• RE: Exploit for traceroute-nanog overflow Carl Livitt (12/02/02)
• Re: Solaris priocntl exploit Jay Beale (12/02/02)
  • Re: Solaris priocntl exploit Pavel Kankovsky (12/23/02)
• Advisory: Lawson Financials RDBMS Insecurity John Eisenschmidt (12/02/02)
• Potential Vuln in McAfee VirusScan 451 jari.helenius@mawaron.com (11/29/02)
• GLSA: pine Daniel Ahlberg (12/02/02)
• Lag Security Advisory - Com21 cable modem configuration file feeding vulnerability David Laganière (11/29/02)
• RE: Kerberos login sniffer and cracker for Windows 2000/XP Jason Coombs (12/02/02)
• [SECURITY] [DSA 201-1] New Free/SWan packages fix denial of service Martin Schulze (12/02/02)
• RE: CAIS-ALERT: Vulnerability in the sending requests control of BIND Vagner Sacramento (11/30/02)
• Re: CAIS-ALERT: Vulnerability in the sending requests control of BIND Robert Tracz (12/02/02)
• Re: [Full-Disclosure] Netscape Problems. Ben Bucksch (12/01/02)
• Cross-site Scripting Vulnerability in YaBB 1 Gold - SP1! Fabricio Angeletti (12/02/02)
• Multiple pServ Remote Buffer Overflow Vulnerabilities Matthew Murphy (12/01/02)
• Thatware (PHP) Frog Man (12/01/02)
• Advisory: Webster HTTP Server Matthew Murphy (12/01/02)
• RE: User downgraded from Administrator to User retains the ability to list other user's running tasks John Tolmachofft (11/29/02)
  • RE: User downgraded from Administrator to User retains the ability to list other user's running tasks Eitan Caspi (11/29/02)

Last message date: 12/31/02
Archived on: 12/31/02 CET

---

278 messages sorted by: [ author ] [ date ] [ subject ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2002-12