SecurityFocus Bugtraq
By Thread

392 messages sorted by: [ author ] [ date ] [ subject ] [ attachment ]

---

Starting: 04/01/04
Ending: 04/30/04

• [RHSA-2004:175-01] Updated utempter package fixes vulnerability bugzilla_at_redhat.com (04/30/04)
• Multi stage attacks on networks? Sudhakar-bugtraq Govindavajhala (04/30/04)
• [RHSA-2004:181-01] Updated libpng packages fix crash bugzilla_at_redhat.com (04/30/04)
• [RHSA-2004:163-01] Updated OpenOffice packages fix security vulnerability in neon bugzilla_at_redhat.com (04/30/04)
• IE Certificate Stealing (Phising) bug E.Kellinis (04/30/04)
• [RHSA-2004:173-00] Updated mc packages resolve several vulnerabilities bugzilla_at_redhat.com (04/30/04)
• Dameware Mini Remote Control Version 4.2 – Weak Key Agreement Scheme ax09001h (04/30/04)
• [RHSA-2004:179-01] An updated LHA package fixes security vulnerabilities bugzilla_at_redhat.com (04/30/04)
• TSLSA-2004-0024 - rsync Trustix Security Advisor (04/30/04)
• HP Web Jetadmin John Morris (04/30/04)
• MDKSA-2004:039 - Updated mc packages fix vulnerabilities Mandrake Linux Security Team (04/30/04)
• SECURITY.NNOV: Sambar security quest 3APA3A (04/30/04)
• [OpenPKG-SA-2004.018] OpenPKG Security Advisory (proftpd) OpenPKG (04/30/04)
• Cross Site Scripting in Moodle < 1.3 Bartek Nowotarski (04/30/04)
• TSLSA-2004-0025 - multi Trustix Security Advisor (04/30/04)
• [RHSA-2004:177-01] An updated X-Chat package fixes vulnerability in Socks-5 proxy bugzilla_at_redhat.com (04/30/04)
• cqure.net.20040430.citrixmetaframe Patrik Karlsson (04/30/04)
• A technical description of the SSL PCT vulnerability (CVE-2003-0719) Juliano Rizzo (04/30/04)
• [SECURITY] [DSA 498-1] New libpng packages fix denial of service Martin Schulze (04/30/04)
• [OpenPKG-SA-2004.017] OpenPKG Security Advisory (png) OpenPKG (04/29/04)
• [RHSA-2004:182-01] Updated httpd packages fix mod_ssl security issue bugzilla_at_redhat.com (04/30/04)
• 3com NBX VOIP NetSet Denial of Service Attack Michael Scheidell (04/29/04)
• MDKSA-2004:040 - Updated libpng packages fix vulnerability Mandrake Linux Security Team (04/30/04)
• SquirrelMail Cross Scripting Attacks.... Alvin Alex (04/29/04)
  • Re: SquirrelMail Cross Scripting Attacks.... Jonathan Angliss (04/30/04)
• [ GLSA 200404-21 ] Multiple Vulnerabilities in Samba Joshua J. Berry (04/29/04)
• [SECURITY] [DSA 497-1] New mc packages fix several vulnerabilities Martin Schulze (04/29/04)
• RE: New Worm??? - High level of activity on port 445 Roger A. Grimes (04/29/04)
  • RE: New Worm??? - High level of activity on port 445 Jodrell Dimaculangan (04/29/04)
  • RE: New Worm??? - High level of activity on port 445 Thor Larholm (04/29/04)
• [SECURITY] [DSA 496-1] New eterm packages fix indirect arbitrary command execution Martin Schulze (04/29/04)
• Re[2]: [Full-Disclosure] Microsoft's Explorer and Internet Explorer long share name buffer overflow. 3APA3A (04/29/04)
• MS04011 Lsasrv.dll RPC buffer overflow remote exploit (PoC) houseofdabus HOD (04/29/04)
• New Worm??? - High level of activity on port 445 Tony Abell (04/29/04)
• MDKSA-2004:038 - Updated sysklogd packages fix vulnerability Mandrake Linux Security Team (04/29/04)
• [slackware-security] kernel security updates (SSA:2004-119-01) Slackware Security Team (04/28/04)
• RE: [Full-Disclosure] Microsoft's Explorer and Internet Explorer long share name buffer overflow. Bryce Porter (04/28/04)
• SGI Advanced Linux Environment security update #19 SGI Security Coordinator (04/28/04)
• SMC Routers have remote administration enabled by default user86 (04/28/04)
  • Re: SMC Routers have remote administration enabled by default user86 (04/29/04)
    • Re: SMC Routers have remote administration enabled by default user86 (04/29/04)
  • Re: SMC Routers have remote administration enabled by default Michael Curtis (04/29/04)
  • Re: SMC Routers have remote administration enabled by default Martin Nedbal (04/29/04)
• [ESA-20040428-004] 'kernel' Several security and bug fixes EnGarde Secure Linux (04/28/04)
• Re: Squirrelmail Chpasswod bof p dont think (04/27/04)
• resources consumption in DiGi WWW Server Donato Ferrante (04/27/04)
• Multiple vulnerabilities paFileDB k1LL3r B0y (04/27/04)
• SGI ProPack v2.4: Kernel update #3 SGI Security Coordinator (04/27/04)
• MDKSA-2004:037 - Updated kernel packages fix multiple vulnerabilities Mandrake Linux Security Team (04/27/04)
• [ GLSA 200404-18 ] Multiple Vulnerabilities in ssmtp Joshua J. Berry (04/27/04)
• [ GLSA 200404-20 ] Multiple vulnerabilities in xine Joshua J. Berry (04/27/04)
• Re: [Full-Disclosure] Microsoft's Explorer and Internet Explorer long share name buffer overflow. KF (lists) (04/27/04)
• Re: Perl code exploting TCP not checking RST ACK. Michael Gschwandtner (04/27/04)
• Multiple vulnerabilities PHP-Nuke Video Gallery Module for PHP-Nuke k1LL3r B0y (04/26/04)
• [ GLSA 200404-19 ] Buffer overflows and format string Joshua J. Berry (04/27/04)
• Source Code To Test IPv4 fragmentation --> The Rose Attack Gandalf The White (04/27/04)
• Re: HP Web JetAdmin vulnerabilities. FX (04/27/04)
  • Re: HP Web JetAdmin vulnerabilities. Samuel Walker (04/29/04)
• Remote Format String Vulnerabilities in eXtremail Luca Ercoli (04/25/04)
• [SECURITY] [DSA 495-1] New Linux 2.4.16 packages fix local root exploit (arm) Martin Schulze (04/26/04)
• Multiple Vulnerabilities In OpenBB JeiAr (04/25/04)
• Horde webmail: mysql access sig_at_flaming.tolna.net (04/25/04)
  • Re: Horde webmail: mysql access Christopher T. Beers (04/27/04)
• Spammers can hide behind 'Email a friend/article' scripts. cyber_flash_at_hotmail.com (04/26/04)
  • Re: Spammers can hide behind 'Email a friend/article' scripts. matthias_at_astrum.ch (04/27/04)
  • Re: Spammers can hide behind 'Email a friend/article' scripts. 3APA3A (04/27/04)
• Samsung SmartEther SS6215S Switch Kyle Duren (04/26/04)
• [HOTFIX] setsockopt kernel vulnerability nolife (04/26/04)
• RE: US-CERT Technical Cyber Security Alert TA04-111A -- Vulnerabilities in TCP soby_at_hushmail.com (04/25/04)
• Microsoft's Explorer and Internet Explorer long share name buffer overflow. Rodrigo Gutierrez (04/26/04)
• Microsoft's Explorer and Internet Explorer long share name buffer overflow. Rodrigo Gutierrez (04/25/04)
  • RE: Microsoft's Explorer and Internet Explorer long share name buffer overflow. Rodrigo Gutierrez (04/25/04)
• Netegrity SiteMinder Affiliate Agent Cookie Overflow advisories (04/23/04)
• Apache - all versions vulnerability in OLD procesors. Adam Zabrocki (04/24/04)
  • Re: Apache - all versions vulnerability in OLD procesors. Chris Adams (04/25/04)
  • Re: Apache - all versions vulnerability in OLD procesors. Chris Adams (04/25/04)
  • Re: Apache - all versions vulnerability in OLD procesors. Peter J. Holzer (04/26/04)
  • Re: Apache - all versions vulnerability in OLD procesors. Adam Zabrocki (04/26/04)
    • Re: Apache - all versions vulnerability in OLD procesors. Peter Pentchev (04/28/04)
• [ GLSA 200404-17 ] ipsec-tools and iputils contain a remote DoS vulnerability Kurt Lieber (04/24/04)
• [waraxe-2004-SA#024 - XSS and full path disclosure in Network Query Tool 1.6] Janek Vind (04/24/04)
• [waraxe-2004-SA#025 - Multiple vulnerabilities in Protector System 1.15b1 for PhpNuke] Janek Vind (04/23/04)
• RE: [Full-Disclosure] EEYE: Symantec Multiple Firewall TCP Options Denial of Service Sym Security (04/23/04)
• EEYE: Symantec Multiple Firewall TCP Options Denial of Service Derek Soeder (04/23/04)
• Potential Microsoft PCT worm (MS04-011) advisories (04/23/04)
• Netegrity SiteMinder Affiliate Agent Cookie Overflow advisories_at_atstake.com (04/23/04)
• TCP Reset Attacks: Paper and Code Now Availble sullo_at_cirt.net (04/23/04)
• Arbitrary file overwriting in Unreal engine through UMOD Luigi Auriemma (04/22/04)
• [slackware-security] xine security update (SSA:2004-111-01) Slackware Security Team (04/21/04)
• SGI Advanced Linux Environment security update #18 SGI Security Coordinator (04/22/04)
• MDKSA-2004:031-1 - Updated utempter packages fix several vulnerabilities Mandrake Linux Security Team (04/22/04)
• Vulnerabilities in long-lived TCP connections on SGI systems SGI Security Coordinator (04/21/04)
• NetBSD Security Advisory 2004-005: Denial of service vulnerabilities in OpenSSL NetBSD Security-Officer (04/21/04)
• [waraxe-2004-SA#021 - Multiple vulnerabilities in phprofession 2.5 module for PostNuke] Janek Vind (04/21/04)
• EEYE: Yahoo! Mail Account Filter Overflow Hijack Drew Copley (04/21/04)
• NetBSD Security Advisory 2004-006: TCP protocol and implementation vulnerability NetBSD Security-Officer (04/21/04)
• [waraxe-2004-SA#022 - Multiple vulnerabilities in PostNuke 0.726 Phoenix - part 2] Janek Vind (04/22/04)
• Advanced Guestbook 2.2 -- SQL Injection Exploit JQ (04/21/04)
• [SECURITY] [DSA 493-1] New xchat packages fix arbitrary code execution Martin Schulze (04/21/04)
• [RHSA-2004:166-01] Updated kernel packages resolve security vulnerabilities bugzilla_at_redhat.com (04/21/04)
• [PNSA 2004-2] PostNuke Security Advisory PNSA 2004-2 Valerio Santinelli (04/21/04)
• Linux kernel setsockopt MCAST_MSFILTER integer overflow Wojciech Purczynski (04/20/04)
• Cisco Security Advisory: Vulnerabilities in SNMP Message Processing Cisco Systems Product Security Incident Response Team (04/21/04)
• Cisco Security Advisory: TCP Vulnerabilities in Multiple IOS Based Cisco Products Cisco Systems Product Security Incident Response Team (04/20/04)
• Cisco Security Advisory: TCP Vulnerabilities in Multiple Non-IOS-Based Cisco Products Cisco Systems Product Security Incident Response Team (04/20/04)
• IETF Draft on Transmission Control Protocol security considerations Thor Larholm (04/21/04)
• WinSCP Denial of Service Luca Ercoli (04/15/04)
• [cliph@isec.pl: Linux kernel setsockopt MCAST_MSFILTER integer overflow] David Ahmad (04/20/04)
• Format String in Cherokee CoKi (04/20/04)
• NISCC Vulnerability Advisory 236929: Vulnerability Issues in TCP David Ahmad (04/20/04)
• MDKSA-2004:035 - Updated samba packages fix privilege escalation vulnerability Mandrake Linux Security Team (04/20/04)
• MDKSA-2004:034 - Updated MySQL packages fix temporary file insecurities Mandrake Linux Security Team (04/20/04)
• MDKSA-2004:032 - Updated libneon packages fix temporary file insecurities Mandrake Linux Security Team (04/20/04)
• MDKSA-2004:033 - Updated xine-ui packages fix temporary file insecurities Mandrake Linux Security Team (04/20/04)
• NcFTP - password leaking Konstantin Gavrilenko (04/20/04)
  • Re: NcFTP - password leaking Frank v Waveren (04/20/04)
  • Re: NcFTP - password leaking Alex Behar (04/20/04)
• Exchange pop3 remote exploit securma massine (04/20/04)
• [slackware-security] cvs security update (SSA:2004-108-02) Slackware Security Team (04/19/04)
• phpBB modified by Przemo arbitary code execution Dariusz 'Officerrr' Kolasinski (04/19/04)
• Re: After Ms patches last Wed ... geoff.froh_at_densho.org (04/17/04)
• KPhone STUN DoS (Malformed STUN Packets) Aviram Jenik (04/19/04)
• Solaris 9 patch 113579-03 introduces a NIS security bug Chris Thompson (04/19/04)
• Zaep AntiSpam Cross Site Scripting Aviram Jenik (04/19/04)
• Eudora 6.1 is evil Paul Szabo (04/19/04)
• [slackware-security] utempter security update (SSA:2004-110-01) Slackware Security Team (04/19/04)
• LNSA-#2004-0011: CVS Server and Client Vulnerabilities Vincenzo Ciaglia (04/18/04)
• MS Patches last Mon - Recap aborg_at_mca.org.mt (04/18/04)
• phpBB 2.0.8a and lower - IP spoofing vulnerability Ready Response (04/19/04)
  • Re: phpBB 2.0.8a and lower - IP spoofing vulnerability Shaun Colley (04/19/04)
  • Re: phpBB 2.0.8a and lower - IP spoofing vulnerability 3APA3A (04/20/04)
    • Re: phpBB 2.0.8a and lower - IP spoofing vulnerability Xin LI (04/21/04)
      • Re: phpBB 2.0.8a and lower - IP spoofing vulnerability BlueRaven (04/28/04)
      • Re: phpBB 2.0.8a and lower - IP spoofing vulnerability Xin LI (04/29/04)
• [waraxe-2004-SA#019 - Critical sql injection bug in Phorum 3.4.7] Janek Vind (04/18/04)
• LNSA-#2004-0012: Multiple format string vulnerabilities in neon Vincenzo Ciaglia (04/18/04)
• MS Patches last Wed - SOLUTION aborg_at_mca.org.mt (04/18/04)
• Microsoft Help and Support Center argument injection vulnerability Jouko Pynnonen (04/13/04)
• MDKSA-2004:031 - Updated utempter packages fix several vulnerabilities Mandrake Linux Security Team (04/19/04)
• New Paper - SQL Injection Signatures Evasion Imperva Application Defense Center (04/19/04)
  • Re: New Paper - SQL Injection Signatures Evasion K. K. Mookhey (04/26/04)
  • RE: New Paper - SQL Injection Signatures Evasion Imperva Application Defense Center (04/26/04)
• ssmtp insecure file creation priestmaster_at_sms.at (04/18/04)
• [ GLSA 200404-15 ] XChat 2.0.x SOCKS5 Vulnerability Kurt Lieber (04/19/04)
• phpBB modified by Przemo arbitary code execution Dariusz 'Officerrr' Kolasinski (04/19/04)
• BitDefender Scan Online(ActiveX) - Remote File Download & Execute & Private Information Disclosure Rafel Ivgi, The-Insider (04/19/04)
  • Re: BitDefender Scan Online(ActiveX) - Remote File Download & Execute & Private Information Disclosure Sami POTIRCA (04/20/04)
• [ GLSA 200404-16 ] Multiple new security vulnerabilities in monit Kurt Lieber (04/19/04)
• Idea of CAW (Creation of Attack Wood) kincses zoli (04/18/04)
  • Re: Idea of CAW (Creation of Attack Wood) Magosányi Árpád (04/20/04)
    • Re: Idea of CAW (Creation of Attack Wood) Jan Minar (04/21/04)
• [ GLSA 200404-14 ] Multiple format string vulnerabilities in cadaver Kurt Lieber (04/19/04)
• RE: MS04-011 Break SSL support in IE 6.0.3790.0 with Windows 2003 Thor Larholm (04/17/04)
• after ms patches... kincses zoli (04/18/04)
• DoS in NETFile FTP/Web Server Donato Ferrante (04/19/04)
• [SECURITY] [DSA 492-1] New iproute packages fix denial of service Matt Zimmerman (04/19/04)
• [slackware-security] tcpdump denial of service (SSA:2004-108-01) Slackware Security Team (04/17/04)
• [SECURITY] [DSA 489-1] New Linux 2.4.17 packages fix local root exploit (mips+mipsel) Martin Schulze (04/17/04)
• [SECURITY] [DSA 488-1] New logcheck packages fix insecure temporary directory Matt Zimmerman (04/17/04)
• [BUG-CORRECTION] IISShield "Server" header costumization Tiago Halm (04/17/04)
• [SECURITY] [DSA 487-1] New neon packages fix format string vulnerabilities Matt Zimmerman (04/17/04)
• [SECURITY] [DSA 431-2] New perl packages fix information leak in suidperl Matt Zimmerman (04/17/04)
• MS04-011 SSL Remote DoS PoC David Barroso Berrueta (04/17/04)
• [SECURITY] [DSA 490-1] New Zope packages fix arbitrary code execution Martin Schulze (04/17/04)
• [SECURITY] [DSA 491-1] New Linux 2.4.19 packages fix local root exploit (mips) Martin Schulze (04/17/04)
• Network Intelligence Advisory - Denial of Service Vulnerability in ColdFusion MX K. K. Mookhey (04/17/04)
• [SCSA-028] Nuked-Klan Multiple Vulnerabilities advisory_at_security-corporation.com (04/17/04)
• Internet Explorer XSS published unpatched in SP1 AND SP2 Rafel Ivgi, The-Insider (04/17/04)
• Squirrelmail Chpasswod bof Matias Neiff (04/17/04)
  • Re: Squirrelmail Chpasswod bof martin f krafft (04/17/04)
  • Re: Squirrelmail Chpasswod bof rip_at_overflow.no (04/19/04)
  • Re: Squirrelmail Chpasswod bof Jonathan Angliss (04/17/04)
  • Re: Squirrelmail Chpasswod bof Peter Geissler (04/19/04)
• [SECURITY] [DSA 486-1] New cvs packages fix multiple vulnerabilities Matt Zimmerman (04/17/04)
• Norton AntiVirus nested file manual scan bypass..... Bipin Gautam (04/17/04)
  • Re: Norton AntiVirus nested file manual scan bypass..... Bipin Gautam (04/18/04)
• "Delete anti-virus and firewall software" --Microsoft Kim Scarborough (04/16/04)
  • RE: "Delete anti-virus and firewall software" --Microsoft Thor Larholm (04/16/04)
• void.at - neon format string bugs Thomas Wana (04/16/04)
• After Ms patches last Wed ... aborg_at_mca.org.mt (04/16/04)
  • Re: After Ms patches last Wed ... phaser-X (04/16/04)
    • Re: After Ms patches last Wed ... Andy Shaw (04/17/04)
    • Re: After Ms patches last Wed ... Dan Harkless (04/17/04)
    • RE: After Ms patches last Wed ... Alun Jones (04/17/04)
      • RE: After Ms patches last Wed ... phaser-X (04/17/04)
    • Re: After Ms patches last Wed ... plasmahh_at_informatik.uni-bremen.de (04/18/04)
      • Re: After Ms patches last Wed ... Alex Cruz (04/19/04)
    • Re: After Ms patches last Wed ... T.H. Haymore (04/17/04)
  • Re: After Ms patches last Wed ... Scott Gifford (04/17/04)
    • Re: After Ms patches last Wed ... Jerry Winegarden (04/19/04)
  • RE: After Ms patches last Wed ... David Hayden (04/18/04)
  • Re: After Ms patches last Wed ... Greg Kujawa (04/20/04)
  • RE: After Ms patches last Wed ... David Hayden (04/30/04)
• [securityzone@macromedia.com: New Macromedia Security Zone Bulletin Posted] David Ahmad (04/16/04)
• [OpenPKG-SA-2004.016] OpenPKG Security Advisory (neon) OpenPKG (04/16/04)
• [OpenPKG-SA-2004.015] OpenPKG Security Advisory (ethereal) OpenPKG (04/16/04)
• TSLSA-2004-0020 - kernel Trustix Security Advisor (04/16/04)
• SCT javascript execution vulnerability spiffomatic 64 (04/15/04)
• FreeBSD Security Advisory FreeBSD-SA-04:07.cvs FreeBSD Security Advisories (04/15/04)
• Re: XSS, Admin Access via Cookie and File Upload vulnerability in NewsPHP. Manuel Lopez (04/15/04)
• [Full-Disclosure] iDEFENSE Security Advisory 04.15.04: RealNetworks Helix Universal Server Denial of Service Vulnerability idlabs-advisories_at_idefense.com (04/15/04)
• [OpenPKG-SA-2004.014] OpenPKG Security Advisory (mysql) OpenPKG (04/14/04)
• ZA Security Hole Damjan Kreft (04/14/04)
  • Re: ZA Security Hole Samps (04/16/04)
    • Re: ZA Security Hole Patrick Brauch (04/21/04)
  • Re: ZA Security Hole Pablo G. Sabbatella (04/16/04)
  • Re: ZA Security Hole Hugo van der Kooij (04/16/04)
  • Re: ZA Security Hole David Wilson (04/20/04)
• Include vulnerability in GEMITEL v 3.50 jaguar (04/15/04)
• Cisco Security Notice: Cisco IPsec VPN Implementation Group Password Usage Vulnerability Cisco Systems Product Security Incident Response Team (04/15/04)
• [RHSA-2004:159-01] Updated Subversion packages fix security vulnerability in neon bugzilla_at_redhat.com (04/15/04)
• FW: [Unpatched] 4 new Microsoft patches, 4 old updated, 24 vulnerabilities Thor Larholm (04/14/04)
• [SECURITY] [DSA 479-2] New Linux 2.4.18 packages fix local root exploit (i386) Martin Schulze (04/14/04)
• EEYE: Windows Expand-Down Data Segment Local Privilege Escalation Marc Maiffret (04/13/04)
• EEYE: Windows Local Security Authority Service Remote Buffer Overflow Marc Maiffret (04/13/04)
• UPDATE: LCDproc Buffer Overflow and Format String Vulnerabilities Rene Wagner (04/14/04)
• Microsoft Internet Explorer BMP file memory DoS vulnerability Arman Nayyeri (04/11/04)
  • Re: Microsoft Internet Explorer BMP file memory DoS vulnerability jeremy_at_33ad.org (04/13/04)
• new strange worm Alex Gen (04/12/04)
• [CLA-2004:837] Conectiva Security Announcement - mod_python Conectiva Updates (04/12/04)
• [waraxe-2004-SA#018 - Admin-level authentication bypass in phpnuke 6.x-7.2] Janek Vind (04/12/04)
• Microsoft Outlook Express EML file Crash vulnerability Arman Nayyeri (04/11/04)
  • RE: Microsoft Outlook Express EML file Crash vulnerability Kamran Muzaffer (04/13/04)
• [CLA-2004:838] Conectiva Security Announcement - squid Conectiva Updates (04/12/04)
• Adobe Acrobat Reader PDF file DoS vulnerability Arman Nayyeri (04/11/04)
• Citadel/UX 6.20 fixes local permissions vulnerability IO ERROR (04/12/04)
• BID 7482, bug in OpenSSH (Still in FreeBSD-STABLE) Felipe Neuwald (04/12/04)
  • Re: BID 7482, bug in OpenSSH (Still in FreeBSD-STABLE) Damien Miller (04/13/04)
• [waraxe-2004-SA#017 - User-level authentication bypass in phpnuke 6.x-7.2] Janek Vind (04/12/04)
• IE 6 Print Without Prompt Ben Garvey (04/12/04)
• eMule <= 0.42d Remote Exploit kcope (04/11/04)
• Multiple Vulnerabilities In Tiki CMS/Groupware [ TikiWiki ] JeiAr (04/11/04)
• Gnome nautilus bug gsicht gsicht (04/12/04)
• UPDATE: Cisco Security Notice: Dictionary Attack on Cisco LEAP Vulnerability Cisco Systems Product Security Incident Response Team (04/12/04)
• Possible DoS on Linux kernel 2.4 and 2.6 using sigqueue overflow. Nikita V. Youshchenko (04/12/04)
• Monit <= 4.2 Remote Root Exploit Eye on Security India (04/12/04)
• [waraxe-2004-SA#016 - Cross-Site Scripting aka XSS in phpnuke 6.x-7.2 part 3] Janek Vind (04/12/04)
• Backdoor in X-Micro WLAN 11b Broadband Router RISKO Gergely (04/10/04)
  • Re: Backdoor in X-Micro WLAN 11b Broadband Router Mariano Firpo (04/16/04)
    • NEW backdoor in X-Micro WLAN 11b Broadband Router RISKO Gergely (04/16/04)
• ANNOUNCE: SecLegal mailing list Thor Larholm (04/09/04)
• [ GLSA 200404-09 ] Cross-realm trust vulnerability in Heimdal Kurt Lieber (04/09/04)
• DoS in Rsniff 1.0 Luigi Auriemma (04/09/04)
  • Re: DoS in Rsniff 1.0 Luigi Auriemma (04/09/04)
• Browser bugs [DoS] ... where will you draw a line? Bipin Gautam (04/09/04)
• DoS in Crackalaka 1.0.8 Donato Ferrante (04/09/04)
• [ GLSA 200404-12 ] Scorched 3D server chat box format string vulnerability Kurt Lieber (04/09/04)
• [ GLSA 200404-11 ] Multiple Vulnerabilities in pwlib Aida Escriva-Sammer (04/09/04)
• monit 4.1 POC gsicht gsicht (04/09/04)
• MDKSA-2004:027 - Updated ipsec-tools packages fix vulnerability in racoon Mandrake Linux Security Team (04/09/04)
• Full-Disclosure is now ILLEGAL in France ! (Vulnerabilties, Technical details, Exploits ...) K-OTiK Security (04/09/04)
  • Re: Full-Disclosure is now ILLEGAL in France ! (Vulnerabilties, Technical details, Exploits ...) Chris Johnson (04/09/04)
    • Re: Full-Disclosure is now ILLEGAL in France ! (Vulnerabilties, Technical details, Exploits ...) Geoffrey (04/09/04)
      • Re: Full-Disclosure is now ILLEGAL in France ! (Vulnerabilties, Technical details, Exploits ...) Chris Johnson (04/09/04)
      • Re: Full-Disclosure is now ILLEGAL in France ! (Vulnerabilties, Technical details, Exploits ...) Romain Francoise (04/09/04)
  • RE: Full-Disclosure is now ILLEGAL in France ! (Vulnerabilties, Technical details, Exploits ...) Richard M. Smith (04/09/04)
    • RE: Full-Disclosure is now ILLEGAL in France ! (Vulnerabilties, Technical details, Exploits ...) Amer Karim (04/10/04)
  • Re: Full-Disclosure is now ILLEGAL in France ! (Vulnerabilties, Technical details, Exploits ...) Chris Wysopal (04/09/04)
• PSR - #2004-002 Remote - LCDProc Priv8 Security Research (04/08/04)
• PSR - #2004-001 Remote - LCDProc Priv8 Security Research (04/08/04)
• Microsoft IE iframe src DoS already reported to Microsoft 'ken'_at_FTU (04/08/04)
  • Re: Microsoft IE iframe src DoS already reported to Microsoft Valdis.Kletnieks_at_vt.edu (04/08/04)
• LNSA-#2004-0009: GNU Automake symbolic link vulnerability Vincenzo Ciaglia (04/08/04)
• RE: [AppSec-research] New Worm/Virus April 8th Polazzo Justin (04/08/04)
• LNSA-#2004-0010: login may leak sensitive data Vincenzo Ciaglia (04/08/04)
• [OpenPKG-SA-2004.012] OpenPKG Security Advisory (fetchmail) OpenPKG (04/08/04)
• LNSA-#2004-0009: GNU Automake symbolic link vulnerability Vincenzo Ciaglia (04/08/04)
• New Worm/Virus April 8th Polazzo Justin (04/08/04)
  • RE: New Worm/Virus April 8th securityguy_at_dslextreme.com (04/08/04)
• [waraxe-2004-SA#014 - Cross-Site Scripting aka XSS in AzDGDatingLite] Janek Vind (04/08/04)
• SGI Advanced Linux Environment security update #17 SGI Security Coordinator (04/08/04)
• Cisco Security Advisory: Cisco IPSec VPN Services Module Malformed IKE Packet Vulnerability Cisco Systems Product Security Incident Response Team (04/08/04)
• [ GLSA 200404-08 ] GNU Automake symbolic link vulnerability Kurt Lieber (04/08/04)
• Phrack #62 Call for Papers Richard Miller (04/08/04)
• [waraxe-2004-SA#015 - Multiple vulnerabilities in NukeCalendar v1.1.a] Janek Vind (04/08/04)
• Re: Symantec Virus Detection(Free ActiveX) - Remote Buffer Overflow, Apr 7 2004 2:22AM Sym Security (04/08/04)
• Heap Overflow in Oracle 9iAS / 10g Application Server Web Cache Ioannis Migadakis (04/08/04)
• McAfee Freescan ActiveX Information Disclosure [Additional Details & PoC] S G Masood (04/07/04)
• Re: GNU Sharutils buffer overflow vulnerability Shaun Colley (04/07/04)
• Kerio Personal Firewall 4.0.13 - Remote DoS (Crash) E.Kellinis (04/07/04)
• [OpenPKG-SA-2004.011] OpenPKG Security Advisory (sharutils) OpenPKG (04/07/04)
• [ GLSA 200404-04 ] Multiple vulnerabilities in sysstat Kurt Lieber (04/07/04)
• Internet Explorer 6 - Crash E.Kellinis (04/07/04)
• Metasploit Framework 2.0 Released! H D Moore (04/07/04)
• [OpenPKG-SA-2004.010] OpenPKG Security Advisory (tcpdump) OpenPKG (04/07/04)
• Solaris vfs_getvfssw() local kernel exploit Sam (04/07/04)
• Symantec Virus Detection(Free ActiveX) - Remote Buffer Overflow Rafel Ivgi, The-Insider (04/07/04)
• [ GLSA 200404-07 ] ClamAV RAR Archive Remote Denial Of Service Vulnerability Kurt Lieber (04/07/04)
• Re: IPv4 fragmentation --> The Rose Attack Ventsislav Genchev (04/07/04)
  • Re: IPv4 fragmentation --> The Rose Attack Darren Reed (04/08/04)
    • Re: IPv4 fragmentation --> The Rose Attack gandalf_at_digital.net (04/09/04)
      • Re: IPv4 fragmentation --> The Rose Attack Darren Reed (04/09/04)
      • Re: IPv4 fragmentation --> The Rose Attack gandalf_at_digital.net (04/10/04)
      • Re: IPv4 fragmentation --> The Rose Attack Darren Reed (04/10/04)
      • Re: IPv4 fragmentation --> The Rose Attack gandalf_at_digital.net (04/10/04)
  • RE: IPv4 fragmentation --> The Rose Attack Taylan Develioglu (04/12/04)
• Mcafee FreeScan - Remote Buffer Overflow and Private Information Disclosure Rafel Ivgi, The-Insider (04/07/04)
• Cisco Security Advisory: A default Username and Password in WLSE and HSE devices Cisco Systems Product Security Incident Response Team (04/07/04)
• Re: [waraxe-2004-SA#013 - Critical sql injection bug in PhpBB 2.0.8 and in older versions] T.J. Ferraro (04/07/04)
• [ GLSA 200404-06 ] Util-linux login may leak sensitive data Kurt Lieber (04/07/04)
• CAN-2004-0155: The KAME IKE Daemon Racoon does not verify RSA Signatures during Phase 1, allows man-in-the-middle attacks and unauthorized connections Ralf Spenneberg (04/07/04)
• Cisco Security Advisory: A default Username and Password in WLSE and HSE devices Cisco Systems Product Security Incident Response Team (04/07/04)
• REAL One Player R3T File Format Stack Overflow NGSSoftware Insight Security Research (04/07/04)
• Release of Cisco Attack tool Asleap Joshua Wright (04/07/04)
• Kerio Personal Firewall 4 and IE 6 "Bug" E.Kellinis (04/07/04)
  • RE: Kerio Personal Firewall 4 and IE 6 "Bug" Noah Dunker (04/07/04)
    • Re: Kerio Personal Firewall 4 and IE 6 "Bug" E.Kellinis (04/07/04)
  • RE: Kerio Personal Firewall 4 and IE 6 "Bug" Noah Dunker (04/07/04)
• Re: eSignal v7 remote buffer overflow Scott Johnson (04/07/04)
• [SECURITY] [DSA 478-1] New tcpdump packages fix denial of service Matt Zimmerman (04/07/04)
• [ GLSA 200404-05 ] ipsec-tools contains an X.509 certificates vulnerability Kurt Lieber (04/07/04)
• Panda ActiveScan 5.0 - Remote Buffer Overflow and A Crash(D.O.S) Rafel Ivgi, The-Insider (04/06/04)
• Papers: The Invisible Catalog Pete Herzog (04/06/04)
• [ GLSA 200404-03 ] Tcpdump Vulnerabilities in ISAKMP Parsing Joshua J. Berry (04/06/04)
• GNU Sharutils buffer overflow vulnerability. Shaun Colley (04/06/04)
  • Re: GNU Sharutils buffer overflow vulnerability. Didier Arenzana (04/07/04)
    • Re: GNU Sharutils buffer overflow vulnerability. Carlos Eduardo Pinheiro (04/07/04)
  • Re: GNU Sharutils buffer overflow vulnerability. Dan Yefimov (04/10/04)
• Foundstone Labs Advisory: Citrix MetaFrame Password Manager 2.0 Foundstone Labs (04/06/04)
• blaxxun3D(blaxxun Platform) 7 - Remote Buffer Overflow Rafel Ivgi, The-Insider (04/06/04)
• [ GLSA 200404-02 ] KDE Personal Information Management Suite Remote Buffer Overflow Vulnerability Aida Escriva-Sammer (04/06/04)
• [product-security@apple.com: APPLE-SA-2004-04-05 Security Update 2004-04-05]] David Ahmad (04/06/04)
• [SECURITY] [DSA 477-1] New xine-ui packages fix insecure temporary file creation Martin Schulze (04/06/04)
• Support Contact Info Mark Litchfield (04/06/04)
• [ GLSA 200404-01 ] Insecure sandbox temporary lockfile vulnerabilities in Portage Tim Yamin (04/06/04)
• LNSA-#2004-0008: Multiple security problems in Monit Vincenzo Ciaglia (04/06/04)
• [SECURITY] [DSA 476-1] New heimdal packages fix cross-realm vulnerability Matt Zimmerman (04/06/04)
• MDKSA-2004:026 - Updated mplayer packages fix remotely exploitable vulnerability Mandrake Linux Security Team (04/06/04)
• Paper: Comparing binaries with graph isomorphisms Todd Sabin (04/06/04)
• Format string bug in IGI 2: Covert Strike 1.3 Luigi Auriemma (04/05/04)
• IBM Director 3.1 Windows Agent Remote DoS Juanma Merino (04/05/04)
  • Re: IBM Director 3.1 Windows Agent Remote DoS Vess Nedevski (04/06/04)
• Advisory: Multiple Vulnerabilities in Monit mattmurphy_at_kc.rr.com (04/05/04)
• Automated wireless client penetration tool "hotspotter" released. Max Moser (04/05/04)
• Texutil symlink vulnerability. Shaun Colley (04/04/04)
• [Full-Disclosure] iDEFENSE Security Advisory 04.05.04: Perl win32_stat Function Buffer Overflow Vulnerability idlabs-advisories_at_idefense.com (04/05/04)
• Macromedia Dreamweaver Remote Database Scripts (#NISR05042004B) NGSSoftware Insight Security Research (04/05/04)
• SuSEs YaST Online Update - possible symlink attack Rene (04/05/04)
  • Re: SuSEs YaST Online Update - possible symlink attack Roman Drahtmueller (04/07/04)
• Multiple XSS vulnerabilities in Microsoft SharePoint Portal Server 2001 Ory Segal (04/05/04)
• Fw: new IE vurn Philip Barnham (04/05/04)
  • Re: new IE vurn Gavin Hanover (04/05/04)
• NGSSoftware Insight Security Research Advisory Peter Winter-Smith (04/05/04)
• [OpenPKG-SA-2004.009] OpenPKG Security Advisory (mc) OpenPKG (04/05/04)
• [SECURITY] [DSA 475-1] New Linux 2.4.18 packages fix several local root exploits (hppa) Martin Schulze (04/05/04)
• [SECURITY] [DSA 473-1] New oftpd packages fix denial of service Matt Zimmerman (04/04/04)
• [SECURITY] [DSA 460-2] New sysstat packages fix insecure temporary file creation Matt Zimmerman (04/04/04)
• [SECURITY] [DSA 474-1] New squid packages fix ACL bypass Matt Zimmerman (04/04/04)
• [SECURITY] [DSA 472-1] New fte packages fix buffer overflows Matt Zimmerman (04/04/04)
• [securityzone@macromedia.com: New Macromedia Security Zone Bulletin Posted] David Ahmad (04/03/04)
• IRIX Update Some Network Drivers May Leak Data SGI Security Coordinator (04/03/04)
• eMule v0.42d Buffer Overflow Kostya Kortchinsky (04/03/04)
• Remote Exploit for Aborior's Encore Web Forum XNUXER RESEARCH (04/03/04)
• IRIX ftpd ftp_syslog issue with anonymous FTP SGI Security Coordinator (04/02/04)
• [SECURITY] [DSA 471-1] New interchange packages fix information leak Martin Schulze (04/02/04)
• Enterprise Application Security Dave Aitel (04/02/04)
• Netsky.R, auto execute w/ IE6 ? BugtraQ (04/02/04)
  • RE: Netsky.R, auto execute w/ IE6 ? BugtraQ (04/06/04)
  • Re: Netsky.R, auto execute w/ IE6 ? vbsubmit_at_hotmail.com (04/06/04)
• [OpenPKG-SA-2004.008] OpenPKG Security Advisory (squid) OpenPKG (04/01/04)
• [SECURITY] [DSA 470-1] New Linux 2.4.17 packages fix several local root exploits (hppa) Martin Schulze (04/01/04)
• Index viewing in imgSvr 0.4 Donato Ferrante (04/01/04)
• Pikachu -Turn on WEP ! Himanshu Singh (04/01/04)
  • Re: Pikachu -Turn on WEP ! christophe barbe (04/01/04)
• Re: NetSky.q Virus. Looking for more detailed information on how the DOS will be performed. Paul (03/31/04)
• [CLA-2004:836] Conectiva Security Announcement - libxml2 Conectiva Updates (03/31/04)
• UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : perl unsafe Safe compartment please_reply_to_security_at_sco.com (04/01/04)
• OpenLinux: vim arbitrary commands execution through modelines please_reply_to_security_at_sco.com (04/01/04)
• Re: IPv4 fragmentation --> The Rose Attack Crist J. Clark (04/01/04)
  • Re: IPv4 fragmentation --> The Rose Attack stanislav shalunov (04/01/04)
  • Re: IPv4 fragmentation --> The Rose Attack Chris Brenton (04/01/04)
  • Re: IPv4 fragmentation --> The Rose Attack Paul Starzetz (04/08/04)
• RE: cdp buffer overflow vulnerability Dave Paris (03/31/04)
• Google using Expired Cert and SSLv2 Matthew S. Hamrick (03/31/04)
  • Re: Google using Expired Cert and SSLv2 Ivaylo Kostadinov (04/01/04)
• Re: new internet explorer exploit (was new worm) mgotts_at_2roads.com (03/31/04)
• OpenLinux: util-linux could leak sensitive data please_reply_to_security_at_sco.com (04/01/04)
• RE: Followup: vuln in WinBlox monitor for winnt Oliver Lavery (03/31/04)
  • Releasing full source code of WinBlox Liu Die Yu (04/01/04)
• TOOL: Adder - runtime patching in python Oliver Lavery (03/31/04)
• Open Source Vulnerability Database Opens for Public Access fbr (03/31/04)
• Bugfinder Being Indicted As Criminal ("Counterfeiter") in France Drew Copley (03/31/04)
  • Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France K-OTiK Security (04/02/04)
  • Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France Chris Wysopal (04/03/04)
    • Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France Fozzy (04/03/04)
    • Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France Renaud Deraison (04/04/04)
      • Vuln Info Disclosure may become illegal in France [was: Re: Bugfinder Being Indicted As Criminal] Fozzy (04/05/04)
  • Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France K-OTiK Security (04/04/04)
  • Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France K-OTiK Security (04/05/04)
• [CLA-2004:835] Conectiva Security Announcement - ethereal Conectiva Updates (03/31/04)
• [CLA-2004:834] Conectiva Security Announcement - openssl Conectiva Updates (03/31/04)
• Re: cdp buffer overflow vulnerability Vade 79 (03/31/04)

Last message date: 04/30/04
Archived on: 04/30/04 CEST

---

392 messages sorted by: [ author ] [ date ] [ subject ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2004-04