SecurityFocus Bugtraq
By Subject
357 messages sorted by: [ author ] [ date ] [ thread ] [ attachment ]
Starting: 03/01/04
Ending: 03/31/04
- "Divide and Conquer" - cross site response header tampering, cookie manipulation, and session fixation
- 03-02-04 XSS Bug in NetScreen-SA 5000 Series of SSL VPN appliance
- [ GLSA 200403-01 ] Libxml2 URI Parsing Buffer Overflow Vulnerabilities
- [ GLSA 200403-02 ] Linux kernel do_mremap local privilege escalation vulnerability
- [ GLSA 200403-05 ] Linux kernel do_mremap local privilege escalation vulnerability
- [ GLSA 200403-05 ] UUDeview MIME Buffer Overflow
- [ GLSA 200403-06 ] Multiple remote buffer overflow vulnerabilities in Courier
- [ GLSA 200403-07 ] Multiple remote overflows and vulnerabilities in Ethereal
- [ GLSA 200403-08 ] oftpd DoS vulnerability
- [ GLSA 200403-09 ] Buffer overflow in Midnight Commander
- [ GLSA 200403-10 ] Fetchmail 6.2.5 fixes a remote DoS
- [ GLSA 200403-11 ] Squid ACL [url_regex] bypass vulnerability
- [ GLSA 200403-12 ] OpenLDAP DoS Vulnerability
- [ GLSA 200403-13 ] Remote buffer overflow in MPlayer
- [ GLSA 200403-14 ] Multiple Security Vulnerabilities in Monit
- [ANNOUNCE] Apache HTTP Server 2.0.49 Released (fwd)
- [bugtraq] Nokia 3410 cell phones software flaw
- [CLA-2004:833] Conectiva Security Announcement - mc
- [ESA-20040317-003] 'openssl' Denial of Service vulnerabilities.
- [FLSA-2004:1256] Updated util-linux resolves security vulnerability
- [FLSA-2004:1284] Updated kernel resolves security vulnerabilities
- [Full-Disclosure] iDEFENSE Security Advisory 03.19.04: Borland Interbase admin.ib Administrative Access Vulnerability
- [OpenPKG-SA-2004.003] OpenPKG Security Advisory (libxml)
- [OpenPKG-SA-2004.004] OpenPKG Security Advisory (libtool)
- [OpenPKG-SA-2004.005] OpenPKG Security Advisory (mutt)
- [OpenPKG-SA-2004.006] OpenPKG Security Advisory (uudeview)
- [OpenPKG-SA-2004.007] OpenPKG Security Advisory (openssl)
- [RHSA-2004:075-01] Updated kdelibs packages resolve cookie security issue
- [RHSA-2004:093-01] Updated sysstat packages fix security vulnerabilities
- [RHSA-2004:102-01] Updated gdk-pixbuf packages fix denial of service vulnerability
- [RHSA-2004:112-01] Updated Mozilla packages fix security issu es
- [RHSA-2004:112-01] Updated Mozilla packages fix security issues
- [RHSA-2004:121-01] Updated OpenSSL packages fix vulnerabilities
- [RHSA-2004:134-01] Updated squid package fixes security vulnerability
- [RHSA-2004:137-01] Updated Ethereal packages fix security issues
- [SCAN Associates Sdn Bhd Security Advisory] phpBB 2.0.6 and below sql injection
- [SECURITY] [DSA 452-1] New libapache-mod-python packages fix denial of service
- [SECURITY] [DSA 454-1] New Linux 2.2.22 packages fix local root exploit (alpha)
- [SECURITY] [DSA 455-1] New libxml packages fix arbitrary code execution
- [SECURITY] [DSA 456-1] New Linux 2.2.19 packages fix local root exploit (arm)
- [SECURITY] [DSA 457-1] New wu-ftpd packages fix multiple vulnerabilities
- [SECURITY] [DSA 458-1] New python2.2 packages fix buffer overflow
- [SECURITY] [DSA 459-1] New kdelibs, kdelibs-crypto packages fix cookie traversal bug
- [SECURITY] [DSA 460-1] New sysstat packages fix insecure temporary file creation
- [SECURITY] [DSA 461-1] New calife packages fix buffer overflow
- [SECURITY] [DSA 463-1] New samba packages fix privilege escalation in smbmnt
- [SECURITY] [DSA 464-1] New gdk-pixbuf packages fix denial of service
- [SECURITY] [DSA 465-1] New openssl packages fix multiple vulnerabilities
- [SECURITY] [DSA 466-1] New Linux 2.2.10 packages fix local root exploit (powerpc/apus)
- [SECURITY] [DSA 467-1] New ecartis packages fix several vulnerabilities
- [SECURITY] [DSA 468-1] New emil packages fix multiple vulnerabilities
- [SECURITY] [DSA 469-1] New libpam-pgsql packages fix SQL injection
- [waraxe-2004-SA#005 - XSS in Php-Nuke 7.1.0 - part 2]
- [waraxe-2004-SA#006 - Multiple vulnerabilities in 4nalbum module for PhpNuke]
- [waraxe-2004-SA#007 - XSS and SQL injection bugs in 4nguestbook module for PhpNuke]
- [waraxe-2004-SA#008 - easy way to get superadmin rights in PhpNuke 6.x-7.1.0]
- [waraxe-2004-SA#009 - Non-critical Sql injection and XSS bug in PhpBB 2.0.6c]
- [waraxe-2004-SA#010 - Multiple vulnerabilities in Error Manager v2.1 for PhpNuke]
- [waraxe-2004-SA#011 - Multiple vulnerabilities in MS Analysis v2.0 module for PhpNuke]
- [waraxe-2004-SA#012 - Multiple vulnerabilities in XMB Forum 1.8 SP3 and 1.9 beta]
- [waraxe-2004-SA#013 - Critical sql injection bug in PhpBB 2.0.8 and in older versions]
- A new Sanctum white paper: "Divide and Conquer - HTTP Response Splitting, Web Cache Poisoning Attacks, and Related Topics"
- A new white paper by Sanctum: "Divide and Conquer - HTTP Response Splitting, Web Cache Poisoning Attacks, and Related Topics"
- A-CART Pro & A-CART 2.0 Input Validation Holes
- Abobe Reader 5.1 XFDF Buffer Overflow Vulnerability
- Addressing Cisco Security Issues
- Advisory 03/2004: Multiple (13) Ethereal remote overflows
- ALLO ALLO WS_FTP Server
- Announcing full functional adore-ng rootkit for 2.6 Kernel
- Another ISS BlackIce & RealSecure Update ?
- Antivir for Freebsd doesn't work on 5.X
- Any dissasemblies of the Witty worm yet?
- Apache mod_disk_cache stores client authentication credentials on disk
- bblog 0.7.2 cross site scripting
- Bilbao Method Exposed
- Blogger XSS Vulnerability
- Broadcast client buffer-overflow in Terminator 3 1.0
- Buffer overflow in PicoPhone 1.63
- CactuSoft CactuShop v5.x shopping cart software multiple security vulnerabilities
- cdp buffer overflow vulnerability
- cdp buffer overflow vulnerability - updated details
- Check Point SmartDashboard Buffer Overflow
- Chrome 1.2.0.0 server crash
- Cisco Security Advisory: Cisco CSS 11000 Series Content Services Switches Malformed UDP Packet Vulnerability
- Cisco Security Advisory: Cisco OpenSSL Implementation Vulnerability
- clamd - NEVER use "%f" in your "VirusEvent"
- Clients broadcast buffer overflow in Red Faction <= 1.20
- Concerning The Recent Invision power Board Issues
- Coreutils 'dir' integer overflow vulnerability.
- Cpanel 8.*.* have a problem ?
- Cpanel 9.1.0 have a problem ?
- Cpanel Request Lets Authenticated Users Conduct Cross-Site Scripting Attacks
- cPanel Secuirty Advisory CPANEL-2004:01-01
- Crafty Game Stack Overflow & Exploit
- Dameware Passes Weak File Encryption Key in the Clear
- Dark Age of Camelot login client vulnerability to man in the middle attack
- Desert Rats vs. Afrika Korps (Haegemonia bug)
- directory traversal in GWeb 0.6
- directory traversal in PWebServer 0.3.3
- directory traversal in xweb 1.0
- Dogpatch Software CFWebstore 5.0 shopping cart software multiple security vulnerabilities
- DoS in wMCam server 2.1.348
- DSL Modem Ericsson HM220dp Exploit
- E-mail account disabling warning.
- EEYE: Internet Security Systems PAM ICQ Server Response Processing Vulnerability
- eSignal v7 remote buffer overflow (exploit)
- Establishing contact with Nullsoft
- Ethereal(v0.10.0-0.10.2) IGAP Dissector Message Overflow Exploit
- Eudora 6.0.3 attachment spoof, LaunchProtect
- Exensive cPanel Cross Site Scripting
- Follow-up: Major hack attack on the U.S. Senate
- Followup: vuln in WinBlox monitor for winnt
- Format string bug in EpicGames Unreal engine
- Format String vuln in Inktomi Search4.0
- FreeBSD Security Advisory FreeBSD-SA-04:05.openssl
- FreeBSD Security Advisory FreeBSD-SA-04:06.ipv6
- freshmeat.net: XSS Attack due to improper comment filtering.
- Ghost users in Chat Anywhere 2.72
- GLSA200403-04 Multiple security vulnerabilities in Apache 2
- GNU Anubis 3.6.2 remote root exploit
- GNU Anubis buffer overflows and format string bugs
- Heap overflow in MPlayer
- HOTMAIL / PASSPORT: phishing expedition
- How to crash a harddisk - the Ipswitch WS_FTP Server way
- HP printers and currency anti-copying measures
- HP Web JetAdmin vulnerabilities.
- IBM DB2 Remote Command Execution Privilege Upgrade (#NISR09032004)
- IEEE Security & Privacy CFP
- Immunity Advisory: dtlogin remote root
- Immunity Advisory: Solaris local kernel root
- Infosecdaily.net: Expanding our blogging community.
- Internet Explorer Causing Explorer.exe - Null Pointer Crash
- Invision Gallery SQL Injection Vulnerabilities
- Invision Power Board 1.3 Final Path Disclosure Vulnerability
- Invision Power Board v1.3 Final Cross Site Scripting 2 - Addon
- Invision Power Board v1.3 Final Cross Site Scripting Vulnerabillity
- Invision Power Top Site List SQL Injection Vulnerability
- IPv4 fragmentation --> The Rose Attack
- iss_pam1.dll remote exploits
- JelSoft vBulletin Multiple XSS Vulnerabilities
- LAN SUITE Web Mail 602Pro Multiple Vulnerabilities
- Linbit linbox Multiple Vulnerabilities
- LNSA-#2004-0004: libxml2 buffer overflow
- LNSA-#2004-0006: bug workaround for Apache 2.0.48
- LNSA-#2004-0007: Multiple security problems in Ethereal
- mac osx- admin service buffer overflow
- Mambo Open Source Multiple Vulnerabilities
- MDKSA-2004:017 - Updated pwlib packages fix vulnerability
- MDKSA-2004:018 - Updated libxml2 packages fix vulnerability
- MDKSA-2004:019 - Updated python packages fix buffer overflow vulnerability
- MDKSA-2004:020 - Updated gdk-pixbuf packages fix BMP-handling vulnerability
- MDKSA-2004:021 - Updated mozilla packages fix multiple vulnerabilities
- MDKSA-2004:022 - Updated kdelibs packages fix cookie theft vulnerability
- MDKSA-2004:023 - Updated openssl packages fix multiple vulnerabilities
- MDKSA-2004:024 - Updated ethereal packages fix multiple vulnerabilities
- MDKSA-2004:025 - Updated squid packages fix vulnerability
- Metamail 'extcompose' script Symlink Vulnerability
- Mod_Survey security advisory: Script injection bug
- ModSecurity 1.7.4 for Apache 2.x remote off-by-one overflow
- More Cpanel Vuls (cross site scripting)
- Motorola T720 cell phone DoS vulnerability.
- MPlayer Security Advisory #002 - HTTP parsing vulnerability
- mremap(2) full details available
- MS Outlook/Outlook Express Preview Pane Security Issue
- MS Security Response is a bunch of half-witted ***s
- MS Word - password protection vulnerabilty
- Multiple Immunity Advisories
- Multiple issues with Mac OS X AFP client
- Multiple Vendor SOAP server array DoS
- Multiple Vulnerabilities in Cloisterblog web blog/journal
- Multiple vulnerabilities in Hushmail.com
- Multiple Vulnerabilities in PWS 0.2.2
- mysqlbug tmpfile/symlink vulnerability.
- NetScreen Advisory 58412: XSS Bug in NetScreen-SA SSL VPN
- NetSky.q Virus. Looking for more detailed information on how the DOS will be performed.
- NetSupport School Pro: Password Encryption Weaknesses
- New Adventures In Phishing
- New Internet Explorer Cross Zone/Site Scripting Vulnerability
- new internet explorer exploit (was new worm)
- New OpenSSL releases fix denial of service attacks [17 March 2004]
- New phpBB ViewTopic.php Cross Site Scripting Vulnerability
- new security alert #66 issued in Oracle web cache
- New worm?
- Nokia 3410 cell phones software flaw
- Norton AntiSpam Remote Buffer Overrun (#NISR19042004a)
- Norton Antivirus 2002 fails to scan files with ... [2'nd... UPDATED]
- Norton AntiVirus 2002 fails to scan files with ... [2'nd... UPDATED] Message-ID: 20040306040833.28300
- Norton Antivirus 2002 fails to scan files with special character(s) properly.
- Norton Internet Security Remote Command Execution (#NISR19042004b)
- NOT GOOD: Outlook Express 6 + Internet Explorer 6
- Nstxd vulnerability
- O-088: Sun passwd(1) Command Vulnerability
- Open the WS_FTP Server backdoor to SYSTEM
- OpenLinux: cups denial of service vulnerability
- OpenLinux: Gnupg (gpg) severe bug could compromise almost all ElGamal keys
- OpenLinux: Integer overflow may allow local users to cause a denial of service or possibly execute arbitrary code
- OpenLinux: mc Updated packages resolve local buffer overflow vulnerability
- OpenLinux: mutt remote buffer overflow
- OpenLinux: rsync heap based overflow
- OpenLinux: screen buffer overflow
- Opera Array Allocation Managment Exploit
- Outlook mailto: URL argument injection vulnerability
- Outlook mailto: URL argument injection vulnerability MS04-009 (Now CRITICAL) !
- Phorum 5.0.3 Beta && Earlier XSS Issues
- PhotoPost PHP Pro Multiple Vulnerabilities
- phpBB 2.0.6d && Earlier Security Issues
- Phpbb 2.0.7a And Earlier Secuity Issues
- phpBB 2.0.8 Exploit
- phpBB profile.php Cross Site Scripting Vulnerability
- phpBB2 2.0.8 privmsg.php SQL injection patch (critical).
- phpkit suffers (reale stupid) XSS vuln.
- PHPX 2.x - 3.2.4
- PLAXO: is that a cure or a disease?
- Problem with customized login pages for Oracle SSO
- ptl-2004-02: RealNetworks Helix Server 9 Administration Server Buffer Overflow
- R7-0017: TCPDUMP ISAKMP payload handling denial-of-service vulnerabilities
- R7-0018: OpenBSD isakmpd payload handling denial-of-service vulnerabilities
- R: UPDATED: MS Word - password protection vulnerabilty
- Ref: NGSSoftware Advisories NISR19042004a and NISR19042004b
- Remote crash in Etherlords I 1.07 and II 1.03
- Remotely Exploitable Cross-Site Scripting in Hotmail and Yahoo (GM#005-MC)
- RogerWilco: new funny bugs
- Rosiello Security's exploit for MDaemon
- Safari javascript array overflow
- Samba 'smbprint' script tmpfile vulnerability.
- Sarca rainbow tables on-line cracking service
- security enforcement - new monitor for winnt
- Serv-U Real Target and Search ASM Code Tool for Overflow Exploit.
- Server freeze in The Rage 1.01
- SGI Advanced Linux Environment security update #13
- SGI Advanced Linux Environment security update #14
- SGI Advanced Linux Environment security update #15
- SGI Advanced Linux Environment security update #16
- SHOUTcast v1.9.2 remote connect back exploit
- SLMail Pro Supervisor Report Center Buffer Overflow (#NISR05022004a)
- SLWebMail Multiple Buffer Overflow Vulnerabilities (#NISR05022004b)
- SonicWall Firewall DoS, ARP Flood, Network Mapping
- SonicWall VPN/Firewall Appliance - DoS, ARP Flood, Network mapping vulnerability
- spamblocker turns into mail denial of service
- Spider Sales shopping cart software multiple security vulnerabilities
- Strange traffic - Outgoing TCP 3127/3198 (Not mydoom) New worm?
- SUSE Security Announcement: openssl (SuSE-SA:2004:007)
- Symlink Vulnerability in GNU automake <1.8.3
- systrace silently patches full local bypass vulnerability on Linux
- The Cult of a Cardinal Number
- The non-apreciated world of full-disclosure
- The witty worm
- Think of the buffers! Won't somebody think of the buffers?!
- Tomcat 5.0.14: remote DoS
- TrendMacro Interscan Viruswall Directory Traversal
- TrendMicro (not Macro) Interscan Viruswall Directory Traversal
- TSLSA-2004-0009 - nfs-utils
- TSLSA-2004-0010 - libxml2
- TSLSA-2004-0011 - sysstat
- TSLSA-2004-0012 - openssl
- TSLSA-2004-0015 - tcpdump
- TSLSA-2004-0017 - apache
- Unreal engine updates and Battle Mages advisory
- UPDATED: MS Word - password protection vulnerabilty
- Vcard 2.8 uninstall script problem
- VirtuaNews Admin Panel 1.0.3 Pro Cross Site Scripting Vulnerabillity
- VocalTec Gateway 8 Reverse Directory Transversal + Authorization Bypass
- vuln
- Vulnerabilities in Member Management System 2.1
- Vulnerabilities in News Manager Lite 2.5 & News Manager Lite administration
- vulnerability
- WebCT Campus Edition 4.1 - Cross site scripting using CSS @import
- Wftpd stat Command Remote Vulnerability Exploit
- White Paper - Web Application Worms: Myth or Reality?
- Winamp 5.02 Long Filename Buffer Overflow Vulnerability
- With regards to the Adobe Acrobat Reader advisory (#NISR03022004)
- ws_ftp overflow
- ws_ftp overflow (WS_FTP Pro 8.0.3 is vulnerable)
- xine-check/xine-bugreport symlink vulnerability.
- XP SP2 is out
- XSS in MyProxy 20030629
- YaBB/YaBBse Cross Site Scripting Vulnerability
- YabbSE (3 on 1)
- Z***ING EMAILS !
Last message date: 03/31/04
Archived on: 03/31/04 CEST
357 messages sorted by: [ author ] [ date ] [ thread ] [ attachment ]
