SecurityFocus Bugtraq
By Thread

417 messages sorted by: [ author ] [ date ] [ subject ] [ attachment ]

---

Starting: 08/02/04
Ending: 08/31/04

• MITKRB5-SA-2004-003: ASN.1 decoder denial-of-service Tom Yu (08/31/04)
• [SECURITY] [DSA 543-1] New krb5 packages fix several vulnerabilities Martin Schulze (08/31/04)
• [SECURITY] [DSA 458-2] New python2.2 packages really fix buffer overflow Martin Schulze (08/31/04)
• DOS@TFS CoolICE (08/31/04)
• Linux OpenExchange - cleartext rootpw in swap Rene (08/31/04)
  • Re: Linux OpenExchange - cleartext rootpw in swap Rainer Duffner (08/31/04)
• D-Link DCS-900 IP camera remote exploit that change the IP Jérôme (08/31/04)
• Possible root compromose with bsdmainutils 6.0.x < 6.0.15 (Debian testing/unstable) Steven Van Acker (08/30/04)
• [vulnwatch] WFTPD Pro Server 3.21 MLST Command Denial of Service Vulnerability lion (08/29/04)
• [vulnwatch] Titan FTP Server Long Command Heap Overflow Vulnerability lion (08/29/04)
• Cross Site Scripting in XOOPS Version 2.x Dictionary module CyruxNET (08/28/04)
• Multiple Vulnerabilities In Xedus Webserver GulfTech Security (08/30/04)
• [SECURITY] [DSA 542-1] New Qt packages fix arbitrary code execution and denial of service Martin Schulze (08/30/04)
• Security Center and Windows XP clients in domain albatross_at_tim.it (08/31/04)
• DoS in Chat Anywhere 2.72a Donato Ferrante (08/27/04)
• CuteNews News.txt writable to world e0r (08/29/04)
• [vulnwatch] WS_FTP Server Denial of Service Vulnerability lion (08/29/04)
• [ GLSA 200408-27 ] Gaim: New vulnerabilities Sune Kloppenborg Jeppesen (08/27/04)
• [ GLSA 200408-26 ] zlib: Denial of service vulnerability Sune Kloppenborg Jeppesen (08/27/04)
• Cisco Security Advisory: Cisco Telnet Denial of Service Vulnerability Cisco Systems Product Security Incident Response Team (08/27/04)
• Gaucho v1.4 Build 145 Buffer Overflow Jérôme (08/27/04)
• SGI ProPack 3: Kernel Update #3 - Security and other fixes SGI Security Coordinator (08/27/04)
• MDKSA-2004:087 - Updated kernel packages fix multiple vulnerabilities Mandrake Linux Security Team (08/27/04)
• Check Point - Zone Labs Division - Response to "Weak Default Permissions Vulnerability" Zone Labs Product Security (08/25/04)
• Alpha Phising [IE 6 WinXP SP2] mikx (08/26/04)
• Broadcast forced exit in Ground Control II 1.0.0.7 Luigi Auriemma (08/26/04)
• 0day critical vulnerability/exploit targets Winamp users in the wild K-OTiK Security (08/26/04)
  • Re: 0day critical vulnerability/exploit targets Winamp users in the wild K-OTiK Security (08/28/04)
• Keene Digital Media Server Directory Traversal GulfTech Security (08/26/04)
• [ GLSA 200408-24 ] Linux Kernel: Multiple information leaks Tim Yamin (08/26/04)
• Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State) john.courcoul_at_mac.com (08/26/04)
  • Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State) Rishi Khan (08/27/04)
  • Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State) john.courcoul_at_mac.com (08/27/04)
• MS XP SP2 Windows Security Center allows spoofing Jérôme (08/26/04)
• TSL-2004-0043 - multi Trustix Security Advisor (08/26/04)
• [ GLSA 200408-25 ] MoinMoin: Group ACL bypass Joshua J. Berry (08/26/04)
• [OpenPKG-SA-2004.038] OpenPKG Security Advisory (zlib) OpenPKG (08/25/04)
• [security bulletin] SSRT4779 - rev.0 HP-UX Netscape NSS Library Suite SSLv2 remote buffer overflow Boren, Rich (SSRT) (08/25/04)
• Re: Images being pulled in Outlook 2003 even though don't download pictures is set? Jason Coombs PivX Solutions (08/26/04)
• multiple vulnerabilities in lukemftpd/tnftpd on mailhost.freebsd.lublin.pl venglin_at_freebsd.lublin.pl (08/22/04)
• Dynix Webpac Input Validation Wil Allsopp (08/24/04)
• Ipswitch WhatsUp Gold Remote Buffer Overflow Vulnerability - [Full-Disclosure] iDEFENSE Security Advisory 08.25.04 Jérôme (08/25/04)
• CDE libDtHelp LOGNAME Buffer Overflow Vulnerability Jérôme (08/25/04)
  • RE: CDE libDtHelp LOGNAME Buffer Overflow Vulnerability Thor Larholm (08/26/04)
• Anonymous Surfing Via Gmail Login Window - Poor Sanitization Punabi MC (08/25/04)
  • Re: Anonymous Surfing Via Gmail Login Window - Poor Sanitization Markus Ackermann (08/26/04)
• Computer Network Defence Vulnerability Alert State Andy Cuff (08/25/04)
• Squirrelmail chpasswd local root bruteforce exploit Jérôme (08/24/04)
• RealVNC 4.0 DoS Allan Zhang (08/25/04)
• Cisco Security Advisory: Multiple Vulnerabilities in Cisco Secure Access Control Server Cisco Systems Product Security Incident Response Team (08/25/04)
• Kaspersky Labs says Electronic Jihad on the Internet quite possible tomorrow Steve (08/25/04)
  • Re: Kaspersky Labs says Electronic Jihad on the Internet quite possible tomorrow Kyle Maxwell (08/25/04)
  • RE: Kaspersky Labs says Electronic Jihad on the Internet quite possible tomorrow Andreas Freyvogel (08/25/04)
  • Re: Kaspersky Labs says Electronic Jihad on the Internet quite possible tomorrow Jay D. Dyson (08/25/04)
  • Re: Kaspersky Labs says Electronic Jihad on the Internet quite possible tomorrow Jérôme (08/26/04)
• IRM 010: Top Layer Attack Mitigator IPS 5500 Denial of Service Advisories (08/25/04)
• [NGSEC-2004-7] NtRegmon, local system denial of service. labs_at_NGSEC (08/25/04)
• A new website to search & submit win exploits Dav1d (08/21/04)
• Vulnerability: OpenBSD 3.5 Kernel Panic. Vafa Izadinia (08/25/04)
• ANNOUNCE: VulnDisco RADIUS protocol testsuite v1.0 Evgeny Demidov (08/24/04)
• bug found Mathieu Lacroix (08/25/04)
• Limited buffer overflow in Painkiller 1.31 Luigi Auriemma (08/24/04)
• PHP Code Snippet Library Multiple Cross-Site Scripting (XSS) Vulnerabilities Nikyt0x Argentina (08/25/04)
• [ GLSA 200408-23 ] kdelibs: Cross-domain cookie injection vulnerability Joshua J. Berry (08/24/04)
• [SECURITY] [DSA 541-1] New icecast-server packages fix cross site scripting Martin Schulze (08/24/04)
• Possible Security Issues In LiveWorld Products GulfTech Security (08/24/04)
• Microsoft updates documentation on Windows time synchronization 3APA3A (08/24/04)
• Internet Explorer Local File/Directory Detection Rynho Zeros Web (08/24/04)
• Hastymail security update Jason Munro (08/24/04)
• WebAPP directory traversal and ability to retrieve the DES encrypted password hash Jérôme (08/24/04)
• What A Drag! -revisited- mikx (08/24/04)
• Window Washer 5.5: False Sense of Security First Last (08/23/04)
• Running renamed executables with CMD.EXE Geoff Vass (08/21/04)
  • RE: Running renamed executables with CMD.EXE Michael Wojcik (08/24/04)
• A word of caution on the use of suphp Steven Van Acker (08/23/04)
• CAU-2004-0002 - imwheel Predictable PidFile Name Race Condition I)ruid (08/21/04)
• Hafiye-1.0 Terminal Escape Sequence Injection Vulnerability Serkan Akpolat (08/23/04)
  • Re: Hafiye-1.0 Terminal Escape Sequence Injection Vulnerability Jan Minar (08/24/04)
    • Re: Hafiye-1.0 Terminal Escape Sequence Injection Vulnerability Serkan Akpolat (08/25/04)
  • Re: Hafiye-1.0 Terminal Escape Sequence Injection Vulnerability Rodrigo Barbosa (08/24/04)
    • Re: Hafiye-1.0 Terminal Escape Sequence Injection Vulnerability Serkan Akpolat (08/24/04)
• Yahoo! E-mail Service Vulnerability Dror Shalev (08/23/04)
• New google's top query? Jérôme (08/20/04)
  • Re: New google's top query? Luke Burton (08/24/04)
  • Re: New google's top query? Alex Keller (08/24/04)
    • Re: New google's top query? Justin Wheeler (08/26/04)
• MusicDaemon <= 0.0.3 /etc/shadow Stealer / DoS Exploit Tal0n (08/23/04)
• [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers bashis (08/22/04)
  • Re: [Full-Disclosure] [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers morning_wood (08/22/04)
    • Re: [Full-Disclosure] [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers bashis (08/24/04)
  • Re: [Full-Disclosure] [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers bashis (08/24/04)
• Bugs fixed in Version 1.4.3 Joxean Koret (08/22/04)
• IE, Firefox, Opera DoS exploits_at_su1d.net (08/21/04)
  • Re: IE, Firefox, Opera DoS Dan Pixley (08/23/04)
    • RE: IE, Firefox, Opera DoS GulfTech Security (08/25/04)
      • RE: IE, Firefox, Opera DoS (*not* a DoS, not even close) Steve R (08/26/04)
• Re: Fwd: Re: Posible security bug in phpMyWebhosting Matias Neiff (08/20/04)
• DoS in Bird Chat 1.61 Donato Ferrante (08/23/04)
• [ GLSA 200408-21 ] Cacti: SQL injection vulnerability Kurt Lieber (08/23/04)
• Multiple Cross Site Scripting Vulnerabilities in eGroupWare Joxean Koret (08/22/04)
• KDE Security Advisory: Konqueror Cross-Domain Cookie Injection Waldo Bastian (08/23/04)
• [ GLSA 200408-22 ] Mozilla, Firefox, Thunderbird: New releases fix vulnerabilities Kurt Lieber (08/23/04)
• ERRATA: [ GLSA 200408-21 ] Cacti: SQL injection vulnerability Sune Kloppenborg Jeppesen (08/23/04)
• ERRATA: [ GLSA 200406-14 ] aspell: Buffer overflow in word-list-compress Kurt Lieber (08/23/04)
• JShop Input Validation Hole in 'page.php' Permits Cross-Site Scripting Attacks Dr Ponidi (08/22/04)
• [ GLSA 200408-20 ] Qt: Image loader overflows Joshua J. Berry (08/22/04)
• Multiple vulnerabilities in MyDMS Jose Antonio (08/21/04)
• Mantis Bugtracker Remote PHP Code Execution Vulnerability Jose Antonio (08/21/04)
• Cross Site Scripting Vulnerability in Sympa Jose Antonio (08/21/04)
• EXPLOIT: Qt bmp heap overflow infamous41md_at_hotpop.com (08/21/04)
• Multiple Vulnerabilities in Mantis Bugtracker Jose Antonio (08/21/04)
• MDKSA-2004:086 - Updated kdelibs and kdebase packages fix multiple vulnerabilities Mandrake Linux Security Team (08/21/04)
• BadBlue Webserver v2.5 Denial Of Service Vulnerability GulfTech Security (08/20/04)
• [Fwd: Re: [vchkpw] vpopmail <= 5.4.2 (sybase vulnerability) (fwd)] Myron Davis (08/19/04)
• Buffer overflow in sarad Matthias Bethke (08/20/04)
• What A Drag II XP SP2 http-equiv_at_excite.com (08/20/04)
• Cross-Site Scripting (XSS) in Nihuo Web Log Analyzer Audun Larsen (08/20/04)
• What A Drag II XP SP2 http-equiv_at_excite.com (08/18/04)
• Unsecure file permission of ZoneAlarm pro. Bipin Gautam (08/20/04)
  • RE: Unsecure file permission of ZoneAlarm pro. Simon Zuckerbraun (08/22/04)
  • Re: Unsecure file permission of ZoneAlarm pro. Bipin Gautam (08/22/04)
• XV multiple buffer overflows, exploit included infamous41md_at_hotpop.com (08/20/04)
• NetBSD Security Advisory 2004-009: ftpd root escalation NetBSD Security-Officer (08/17/04)
• [ GLSA 200408-19 ] courier-imap: Remote Format String Vulnerability Joshua J. Berry (08/20/04)
  • Re: [ GLSA 200408-19 ] courier-imap: Remote Format String Vulnerability infamous41md_at_hotpop.com (08/21/04)
  • Re: [ GLSA 200408-19 ] courier-imap: Remote Format String Vulnerability ktha_at_hush.com (08/24/04)
• Xines_Mine.c Open Security Group Advisory c0ntex_at_open-security.org (08/17/04)
• Microsoft Windows XP SP2 http-equiv_at_excite.com (08/19/04)
• SUSE Security Announcement: qt3 (SUSE-SA:2004:027) Thomas Biege (08/19/04)
• Security aspects of time synchronization infrastructure 3APA3A (08/19/04)
  • RE: [Full-Disclosure] Security aspects of time synchronization infrastructure joe (08/20/04)
    • Re[2]: [Full-Disclosure] Security aspects of time synchronization infrastructure 3APA3A (08/20/04)
      • RE: Re[2]: [Full-Disclosure] Security aspects of time synchronization infrastructure joe (08/20/04)
• Immunity, Inc. Release: libdisassemble dave (08/19/04)
• CESA-2004-004: qt chris_at_scary.beasts.org (08/19/04)
• MDKSA-2004:085 - Updated qt3 packages fix multiple vulnerabilities Mandrake Linux Security Team (08/19/04)
• MDKSA-2004:084 - Updated spamassassin packages fixes possible malformed message vulnerability Mandrake Linux Security Team (08/19/04)
  • Re: MDKSA-2004:084 - Updated spamassassin packages fixes possible malformed message vulnerability (OpenBSD 3.5 too??) Joel D. Kinard (08/24/04)
    • Re: MDKSA-2004:084 - Updated spamassassin packages fixes possible malformed message vulnerability (OpenBSD 3.5 too??) Gabriel Kihlman (08/25/04)
• Third party cookie handling in Opera can lead to potential compromises in Servers relying on redirection Rohit Dube (08/17/04)
  • Re: Third party cookie handling in Opera can lead to potential compromises in Servers relying on redirection George Capehart (08/20/04)
    • RE: Third party cookie handling in Opera can lead to potential compromises in Servers relying on redirection Rohit Dube (08/24/04)
• [security bulletin] SSRT3460 rev.3 HP-UX Network traffic can cause programs to fail Boren, Rich (SSRT) (08/17/04)
• recent iDefense advisories not being posted to bugtraq includes CVS information disclosure bug (CAN-2004-0778) Marc Bejarano (08/17/04)
• Breaking windows LM hashes using the Time-Memory Trade-Off : Optimization & new tool Jérôme (08/17/04)
• SHA-0 Broken, MD5 Rumored Broken Jérôme (08/18/04)
  • Re: SHA-0 Broken, MD5 Rumored Broken Anthony Nemmer (08/18/04)
    • Re: SHA-0 Broken, MD5 Rumored Broken stanislav shalunov (08/20/04)
• Multiple vulnerabilities in PHP-FUSION Ahmad Muammar (08/18/04)
• [SECURITY] [DSA 540-1] New mysql packages fix insecure temporary file creation Martin Schulze (08/18/04)
• Cisco Security Advisory: Cisco IOS Malformed OSPF Packet Causes Reload Cisco Systems Product Security Incident Response Team (08/18/04)
• Open Security Group Advisory #6 c0ntex_at_open-security.org (08/17/04)
• MDKSA-2004:083 - Updated rsync packages fix remotely-exploitable vulnerability Mandrake Linux Security Team (08/18/04)
• Vulnerabilities in Merak Webmail Server. Criolabs (08/17/04)
• RE: [Full-Disclosure] IpSwitch IMail Server <= ver 8.1 User Password Decryption Bill Roemhild (08/16/04)
• Cross-Site Scripting (XSS) in Php-Nuke 7.1.0 Abu Lafy (08/17/04)
  • Re: Cross-Site Scripting (XSS) in Php-Nuke 7.1.0 Anthony Petito (08/18/04)
• [ GLSA 200408-18 ] xine-lib: VCD MRL buffer overflow Kurt Lieber (08/17/04)
• LNSA-#2004-0017: rsync (Aug, 17 2004) Vincenzo Ciaglia (08/17/04)
• [NGSEC-2004-6] IPD, local system denial of service. labs_at_NGSEC (08/17/04)
• Opera Local File/Directory Detection (GM#009-OP) GreyMagic Software (08/17/04)
• vpopmail <= 5.4.2 (sybase vulnerability) Jérôme (08/17/04)
  • [2Cents on] vpopmail <= 5.4.2 (sybase vulnerability) bugtraq_at_beyondsecurity.com (08/18/04)
• [ GLSA 200408-17 ] rsync: Potential information leakage Kurt Lieber (08/17/04)
• TSLSA-2004-0042 - rsync Trustix Security Advisor (08/17/04)
• [SECURITY] [DSA 539-1] New kdelibs packages fix denial of service Martin Schulze (08/17/04)
• [ GLSA 200408-16 ] glibc: Information leak with LD_DEBUG Kurt Lieber (08/17/04)
  • Re: [ GLSA 200408-16 ] glibc: Information leak with LD_DEBUG Jim Paris (08/20/04)
    • Re: [ GLSA 200408-16 ] glibc: Information leak with LD_DEBUG Solar Designer (08/21/04)
• [SECURITY] [DSA 538-1] New rsync packages fix unauthorised directory traversal and file access Martin Schulze (08/17/04)
• SQL Injection in CACTI Fernando Quintero (08/16/04)
  • Re: SQL Injection in CACTI Thomas Chiverton (08/17/04)
    • Re: SQL Injection in CACTI Cedric Blancher (08/17/04)
  • Re: SQL Injection in CACTI Andy Markert (08/18/04)
• First vulnerabilities in the SP2 - XP ?... Jérôme (08/16/04)
  • Re: First vulnerabilities in the SP2 - XP ?... Colin Alston (08/17/04)
  • Re: First vulnerabilities in the SP2 - XP ?... Oliver Schneider (08/17/04)
    • RE: First vulnerabilities in the SP2 - XP ?... Larry Seltzer (08/18/04)
  • Re: First vulnerabilities in the SP2 - XP ?... Radoslav Dejanović (08/18/04)
  • Re: First vulnerabilities in the SP2 - XP ?... Robert Decker (08/19/04)
  • RE: First vulnerabilities in the SP2 - XP ?... Thor Larholm (08/19/04)
  • Re: First vulnerabilities in the SP2 - XP ?... Matthew Roberts (08/18/04)
    • RE: First vulnerabilities in the SP2 - XP ?... Larry Seltzer (08/21/04)
• IpSwitch IMail Server <= ver 8.1 User Password Decryption Adik (08/16/04)
  • Re: IpSwitch IMail Server <= ver 8.1 User Password Decryption Dave Warren (08/17/04)
  • Re: IpSwitch IMail Server <= ver 8.1 User Password Decryption Jérôme (08/18/04)
  • Re: IpSwitch IMail Server <= ver 8.1 User Password Decryption David E. Smith (08/19/04)
• TSSA-2004-020-ES - rsync tinysofa Security Team (08/16/04)
• pscript.de PFORUM XSS Vulnerability Christoph Jeschke (08/15/04)
• [ GLSA 200408-14 ] acroread: UUDecode filename buffer overflow Sune Kloppenborg Jeppesen (08/15/04)
• NullyFake - Site Spoofing in MSIE Liu Die Yu (08/15/04)
• gv buffer overflows: here, there, and everywhere infamous41md_at_hotpop.com (08/16/04)
• SUSE Security Announcement: rsync (SUSE-SA:2004:026) Thomas Biege (08/16/04)
• [SECURITY] [DSA 537-1] New Ruby packages fix insecure CGI session management Martin Schulze (08/16/04)
• [ GLSA 200408-15 ] Tomcat: Insecure Installation Sune Kloppenborg Jeppesen (08/15/04)
• Posible security bug in phpMyWebhosting Matias Neiff (08/14/04)
  • Re: Posible security bug in phpMyWebhosting Udo (08/19/04)
    • Re: Posible security bug in phpMyWebhosting Daniel Souza (08/20/04)
      • Re: Posible security bug in phpMyWebhosting Udo Mueller (08/20/04)
• SGI Advanced Linux Environment 3 Security Update #9 SGI Security Coordinator (08/14/04)
• SpecificMAIL Technical Brief Nick D. (08/14/04)
  • Re: SpecificMAIL Technical Brief Skip Carter (08/16/04)
• SGI Advanced Linux Environment 2.4 security update #24 SGI Security Coordinator (08/14/04)
• QuiXplorer directory traversal Cyrille Barthelemy (08/14/04)
• Corsaire Security Advisory - Clearswift MAILsweeper multiple encoding/compression issues advisories (08/13/04)
• Advanced usage of system() function. Adam Zabrocki (08/13/04)
• MDKSA-2004:082 - Updated mozilla packages fix multiple vulnerabilities Mandrake Linux Security Team (08/13/04)
• recent gaim advisory infamous41md_at_hotpop.com (08/13/04)
• MDKSA-2004:081 - Updated gaim packages fix remotely exploitable vulnerabilities Mandrake Linux Security Team (08/13/04)
• New Paper: Microsoft Windows, a lower Total Cost of Ownership Dave Aitel (08/13/04)
• NGSEC's response to Idefense overflow protections whitepaper. (PART II) lists_at_NGSEC (08/13/04)
• [ GLSA 200408-12 ] Gaim: MSN protocol parsing function buffer overflow Sune Kloppenborg Jeppesen (08/12/04)
• [ GLSA 200408-13 ] kdebase, kdelibs: Multiple security issues Sune Kloppenborg Jeppesen (08/12/04)
• NETGEAR DG834G SPECIAL FEATURES thanasonic_at_hack.gr (08/12/04)
  • Re: NETGEAR DG834G SPECIAL FEATURES Uday Moorjani (08/13/04)
  • RE: NETGEAR DG834G SPECIAL FEATURES Andre Lorbach (08/13/04)
  • Re: NETGEAR DG834G SPECIAL FEATURES thanasonic_at_hack.gr (08/13/04)
    • Re: NETGEAR DG834G SPECIAL FEATURES Dave Paris (08/13/04)
  • Re: NETGEAR DG834G SPECIAL FEATURES Paul James (08/24/04)
    • Re: NETGEAR DG834G SPECIAL FEATURES Rodrigo Barbosa (08/26/04)
      • RE: NETGEAR DG834G SPECIAL FEATURES prj (08/26/04)
    • Re: NETGEAR DG834G SPECIAL FEATURES Luca Berra (08/28/04)
• JS/Zerolin T.H. Haymore (08/12/04)
  • Re: JS/Zerolin Nicolas Gregoire (08/13/04)
    • Re: JS/Zerolin T.H. Haymore (08/13/04)
  • Re: JS/Zerolin K-OTiK Security (08/13/04)
  • RE: JS/Zerolin Thor Larholm (08/14/04)
• SUSE Security Announcement: gaim (SUSE-SA:2004:025) Thomas Biege (08/12/04)
• [CLA-2004:858] Conectiva Security Announcement - squirrelmail Conectiva Updates (08/12/04)
• [ GLSA 200408-10 ] gv: Exploitable Buffer Overflow Sune Kloppenborg Jeppesen (08/12/04)
  • Re: [ GLSA 200408-10 ] gv: Exploitable Buffer Overflow infamous41md_at_hotpop.com (08/13/04)
  • Re: [ GLSA 200408-10 ] gv: Exploitable Buffer Overflow Dan Margolis (08/14/04)
• [ GLSA 200408-11 ] Nessus: "adduser" race condition vulnerability Sune Kloppenborg Jeppesen (08/12/04)
• Metasploit Framework v2.2 H D Moore (08/12/04)
• ISS BlackIce Server Protect Unprivileged User Attack Thomas Ryan (08/11/04)
• SSC Advisory TSA-051 (T-mobile wireless and Verizon Northwest) Secure Science Corporation Advisory Notice (08/11/04)
  • Re: SSC Advisory TSA-051 (T-mobile wireless and Verizon Northwest) Joe Eversole (08/12/04)
    • Re: SSC Advisory TSA-051 (T-mobile wireless and Verizon Northwest) Lance James (08/13/04)
  • Re: SSC Advisory TSA-051 (T-mobile wireless and Verizon Northwest) Brad Herbert (08/12/04)
• [ GLSA 200408-09 ] Roundup filesystem access vulnerability Kurt Lieber (08/12/04)
• KDE Security Advisories: Temporary File and Konqueror Frame Injection Vulnerabilities Waldo Bastian (08/11/04)
• NGSEC's response to Idefense overflow protections whitepaper. lists_at_NGSEC (08/11/04)
  • RE: NGSEC's response to Idefense overflow protections whitepaper. Richard Johnson (08/12/04)
• Windows doesn't verify digital signature of CRL files Michael Howard (08/11/04)
• Clearswift Mimesweeper Path Traversal Vulnerability Kroma Pierre (08/11/04)
  • Re: Clearswift Mimesweeper Path Traversal Vulnerability Pete Simpson (08/11/04)
• EXPLOIT libpng infamous41md_at_hotpop.com (08/10/04)
• HTTP Response Splitting vulnerability in Microsoft Outlook Web Access for Exchange 5.5 Amit Klein (08/11/04)
• ptl-2004-03: WIDCOMM Bluetooth Connectivity Software Buffer Overflows Pentest Security Advisories (08/11/04)
• BlackICE unprivileged local user attack Paul Craig - Pimp Industries (08/11/04)
• Driver for display goes to a infinite loop by viewing a html! Bipin Gautam (08/11/04)
  • Re: Driver for display goes to a infinite loop by viewing a html! Conor Byrne (08/11/04)
  • Re: Driver for display goes to a infinite loop by viewing a html! Jack C (08/11/04)
    • Re: Driver for display goes to a infinite loop by viewing a html! Christopher X. Candreva (08/11/04)
      • Re: Driver for display goes to a infinite loop by viewing a html! Mike Pumford (08/11/04)
  • Re: Driver for display goes to a infinite loop by viewing a html! Anthony Petito (08/11/04)
  • Re: Driver for display goes to a infinite loop by viewing a html! Steven Leikeim (08/11/04)
  • RE: Driver for display goes to a infinite loop by viewing a html! Eggers, Bill A [LTD] (08/11/04)
  • Re: Driver for display goes to a infinite loop by viewing a html! Eddie Block (08/11/04)
  • Re: Driver for display goes to a infinite loop by viewing a html! 3APA3A (08/12/04)
  • Re: Driver for display goes to a infinite loop by viewing a html! Frank Nospam (08/12/04)
  • RE: Driver for display goes to a infinite loop by viewing a html! Christopher Wagner (08/17/04)
• AOL Instant Messenger "Away" Message Buffer Overflow Vulnerability homicidal_at_gmail.com (08/10/04)
  • RE: AOL Instant Messenger "Away" Message Buffer Overflow Vulnerability Thor Larholm (08/11/04)
    • Re: AOL Instant Messenger "Away" Message Buffer Overflow Vulnerability High Pressure (08/12/04)
• Corsaire Security Advisory - Sygate Enforcer discovery packet DoS issue advisories (08/10/04)
• spamcop.net allows everyone to grab mail addresses and reset passwords Henning Schmiedehausen (08/10/04)
• Corsaire Security Advisory - Sygate Enforcer unauthenticated broadcast issue advisories (08/10/04)
• Corsaire Security Advisory - Sygate Secure Enterprise replay issue advisories (08/10/04)
• [security bulletin] SSRT4785 rev. 0 HP-UX Process Resource Manager (PRM) potential data corruption Boren, Rich (SSRT) (08/10/04)
• [security bulletin] SSRT4788 rev. 0 HP-UX Apache Remote arbitrary code execution Boren, Rich (SSRT) (08/10/04)
• [ GLSA 200408-07 ] Horde-IMP: Input validation vulnerability for Internet Explorer users Kurt Lieber (08/10/04)
• MDKSA-2004:080 - Updated shorewall packages fix temporary file vulnerabilities Mandrake Linux Security Team (08/10/04)
• Corsaire Security Advisory - Port80 Software ServerMask inconsistencies advisories (08/10/04)
• First symbian OS trojan discovered in the wild kers0r (08/09/04)
• CORE-2004-0714: Cfengine RSA Authentication Heap Corruption CORE Security Technologies Advisories (08/09/04)
• [ GLSA 200408-06 ] SpamAssassin: Denial of Service vulnerability Sune Kloppenborg Jeppesen (08/09/04)
• Windows doesn't verify digital signature of CRL files Faro Poplar (08/09/04)
  • Re: Windows doesn't verify digital signature of CRL files Thomas Walpuski (08/10/04)
    • Re: Windows doesn't verify digital signature of CRL files Neil Gierman (08/10/04)
      • Re: Windows doesn't verify digital signature of CRL files Jack Lloyd (08/10/04)
      • Re: Windows doesn't verify digital signature of CRL files Thomas Walpuski (08/11/04)
      • Re: Windows doesn't verify digital signature of CRL files Thomas Walpuski (08/10/04)
    • Re: Windows doesn't verify digital signature of CRL files Valdis.Kletnieks_at_vt.edu (08/10/04)
• TSLSA-2004-0041 - kernel Trustix Security Advisor (08/09/04)
• Remote Command Execution Francisco Alisson (08/09/04)
• Java XSLT security advisory addendum Marc Schoenefeld (08/09/04)
• SUSE Security Announcement: kernel (SUSE-SA:2004:024) Thomas Biege (08/09/04)
• EXPLOIT Re: Pavuk Digest Authentication Buffer Overflow infamous41md_at_hotpop.com (08/07/04)
• Airpwn & libpng holes Matt Venzke (08/07/04)
• [PHP Bug] How to hide a HTTP request in the apache logs Anthony Debhian (08/07/04)
  • Re: [PHP Bug] How to hide a HTTP request in the apache logs Steve Brown (08/09/04)
  • Re: [PHP Bug] How to hide a HTTP request in the apache logs Max Valdez (08/09/04)
• Type xxs root_at_spiffomatic64.com (08/07/04)
• SuSE Linux K-Menu YAST Control Center Priviledge Escalation Vulnerability Jordan Pilat (08/06/04)
  • Re: SuSE Linux K-Menu YAST Control Center Priviledge Escalation Vulnerability Stefan Seifert (08/07/04)
  • Re: SuSE Linux K-Menu YAST Control Center Priviledge Escalation Vulnerability Radoslav Dejanović (08/09/04)
    • Re: SuSE Linux K-Menu YAST Control Center Priviledge Escalation Vulnerability Matthias Leisi (08/09/04)
• Winmx Software making calls to Port 25 Retro Granny (08/06/04)
  • Re: Winmx Software making calls to Port 25 Retro Granny (08/07/04)
  • Re: Winmx Software making calls to Port 25 Radoslav Dejanović (08/09/04)
• Re: Remote crash in tcpdump from OpenBSD Balaram Amgoth (08/06/04)
  • Re: Remote crash in tcpdump from OpenBSD Otto Moerbeek (08/07/04)
• xss in moodle (post.php) Javier Ubilla Brenni (08/06/04)
• Anyone know IBM's security address? Michael Scheidell (08/06/04)
  • Re: Anyone know IBM's security address? Jedi/Sector One (08/06/04)
• Remote Command Execution Francisco Alisson (08/06/04)
• [OpenPKG-SA-2004.036] OpenPKG Security Advisory (cvstrac) OpenPKG (08/06/04)
• RE: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards Bart.Lansing_at_kohls.com (08/06/04)
  • RE: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards Dana Hudes (08/06/04)
• GNU/Linux 'info Buffer Overflow Josh Martin (08/06/04)
  • Re: GNU/Linux 'info Buffer Overflow Valdis.Kletnieks_at_vt.edu (08/06/04)
  • Re: GNU/Linux 'info Buffer Overflow Niels Bakker (08/06/04)
    • Re: GNU/Linux 'info Buffer Overflow Janusz A. Urbanowicz (08/07/04)
  • Re: GNU/Linux 'info Buffer Overflow Roman Werpachowski (08/07/04)
• [security bulletin] SSRTSSRT4778 Rev.0 Mozilla Application Suite for HP Tru64 UNIX libpng Potential Overflows Boren, Rich (SSRT) (08/06/04)
• [security bulletin] SSRT4777 HP-UX Apache, PHP remote code execution, Denial of Service Boren, Rich (SSRT) (08/06/04)
• [security bulletin] SSRT4782 rev. 1 HP-UX CIFS Server potential remote root access Boren, Rich (SSRT) (08/06/04)
• Opera: Location, Location, Location (GM#008-OP) GreyMagic Software (08/06/04)
• [CLA-2004:856] Conectiva Security Announcement - libpng Conectiva Updates (08/06/04)
• [CLA-2004:857] Conectiva Security Announcement - apache Conectiva Updates (08/06/04)
• [ GLSA 200408-05 ] Opera: Multiple new vulnerabilities Thierry Carrez (08/05/04)
• Microsoft Internet Explorer 6 Protocol Handler Vulnerability Robillard, Nicolas (08/05/04)
  • Re: Microsoft Internet Explorer 6 Protocol Handler Vulnerability Jouko Pynnonen (08/06/04)
  • Re: Microsoft Internet Explorer 6 Protocol Handler Vulnerability Uday Moorjani (08/06/04)
• CVStrac Remote Arbitrary Code Execution exploit Richard Ngo (08/05/04)
  • Re: CVStrac Remote Arbitrary Code Execution exploit Richard Hipp (08/06/04)
• local denial of Service, Yellowdog linux to 3.0.1 pmoses_at_physics.ucsd.edu (08/05/04)
• MS04-025 - Ignorance is truly bliss.... hellNbak (08/05/04)
• International DNS compromise? Zhen Shi (08/05/04)
  • Re: International DNS compromise? john (08/05/04)
  • Re: International DNS compromise? Troy (08/05/04)
    • Re: International DNS compromise? Rio Martin. (08/06/04)
    • Re: International DNS compromise? Danny (08/06/04)
    • Re: International DNS compromise? John F. Waymouth (08/06/04)
  • Re: International DNS compromise? John Kinsella (08/05/04)
  • RE: International DNS compromise? travis.alexander_at_lacamas.org (08/05/04)
    • RE: International DNS compromise? Troy Monaghen (08/06/04)
  • Re: International DNS compromise? bill_at_dit-inc.us (08/06/04)
  • RE: International DNS compromise? Mike Clark (08/06/04)
  • RE: International DNS compromise? Johan Nilsson (08/06/04)
  • Re: International DNS compromise? Troy (08/06/04)
• TSLSA-2004-0040 - libpng Trustix Security Advisor (08/05/04)
• Opera: Location, Location, Location GreyMagic Software (08/05/04)
• [ GLSA 200408-04 ] PuTTY: Pre-authentication arbitrary code execution Sune Kloppenborg Jeppesen (08/05/04)
• [ GLSA 200408-03 ] libpng: Numerous vulnerabilities Sune Kloppenborg Jeppesen (08/05/04)
• [SECURITY] [DSA 536-1] New libpng, libpng3 packages fix multiple vulnerabilities Matt Zimmerman (08/05/04)
• CORE-2004-0705: Vulnerabilities in PuTTY and PSCP CORE Security Technologies Advisories (08/04/04)
• MDKSA-2004:079 - Updated libpng packages fix multiple vulnerabilities Mandrake Linux Security Team (08/04/04)
• Re: CVS woes: .cvspass Greg A. Woods (08/04/04)
  • Re: CVS woes: .cvspass Delian Krustev (08/05/04)
    • Re: CVS woes: .cvspass Greg A. Woods (08/05/04)
      • Re: CVS woes: .cvspass Delian Krustev (08/06/04)
      • Re: CVS woes: .cvspass Greg A. Woods (08/07/04)
      • Re: CVS woes: .cvspass Tilman Schmidt (08/06/04)
    • Re: CVS woes: .cvspass Andy Dustman (08/06/04)
  • Re: CVS woes: .cvspass Robin Rosenberg (08/07/04)
  • Re: CVS woes: .cvspass Robin Rosenberg (08/07/04)
• Multiple Vulnerabilities in Free Web Chat Donato Ferrante (08/04/04)
• Linux kernel file offset pointer races Paul Starzetz (08/04/04)
• Multiple vulnerabilities in eNdonesia CMS ahmad muammar (08/04/04)
• GoScript Remote Command Execution Francisco Alisson (08/04/04)
• New MyDoom variant albatross_at_tim.it (08/04/04)
  • Re: New MyDoom variant Paul Kurczaba (08/04/04)
    • Re: New MyDoom variant Bryan Burns (08/04/04)
      • Re: New MyDoom variant James C. Slora Jr. (08/05/04)
      • Re: New MyDoom variant Thor (08/05/04)
      • Re: New MyDoom variant Mary Landesman (08/05/04)
    • Re: New MyDoom variant QElliott_C=2E_B=E4ck=22?= (08/04/04)
      • Re: New MyDoom variant Marc Hultquist (08/05/04)
      • Re: New MyDoom variant Purple Pony (08/05/04)
    • RE: New MyDoom variant Security Guy (08/05/04)
• CESA-2004-001: libpng chris_at_scary.beasts.org (08/04/04)
• vulnerabilities in JetboxOne CMS ahmad muammar (08/04/04)
• Clear text password exposure in Datakey's tokens and smartcards vuln_at_hexview.com (08/04/04)
  • Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards Lionel Ferette (08/04/04)
    • Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards Toomas Soome (08/04/04)
      • Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards Kevin Sheldrake (08/05/04)
      • Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards Seth Breidbart (08/06/04)
      • Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards Lee Dilkie (08/05/04)
      • Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards Kevin Sheldrake (08/06/04)
    • Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards Kevin Sheldrake (08/06/04)
• Bug@thttpd CoolICE (08/04/04)
• [OpenPKG-SA-2004.035] OpenPKG Security Advisory (png) OpenPKG (08/04/04)
• [ GLSA 200408-02 ] Courier: Cross-site scripting vulnerability in SqWebMail Thierry Carrez (08/04/04)
• SUSE Security Announcement: libpng (SUSE-SA:2004:023) Thomas Biege (08/04/04)
• CDE libDtHelp and dtlogin vulnerabilities on IRIX SGI Security Coordinator (08/03/04)
• DoS in Webbsyte Chat 0.9.0 Donato Ferrante (08/03/04)
• Re: Fwd: New possible scam method : forged websites using XUL (Firefox) Barry Fitzgerald (08/03/04)
• EXPLOIT for Re: [VSA0402] OpenFTPD format string vulnerability infamous41md_at_hotpop.com (08/03/04)
• [SECURITY] [DSA 535-1] New squirrelmail packages fix multiple vulnerabilities Matt Zimmerman (08/03/04)
• Re: Citadel/UX Remote DoS Vulnerability IO ERROR (08/01/04)
• OPEN3S - Local Privilege Elevation through Oracle products (Unix Platform) Juan Manuel Pascual (08/02/04)
• [ GLSA 200408-01 ] MPlayer: GUI filename handling overflow Thierry Carrez (08/01/04)
• SideFind aborg_at_mca.org.mt (08/02/04)
  • RE: SideFind Polazzo Justin (08/02/04)
• Comersus 5.098 XSS Vulnerable Abdul Azis (08/02/04)
• DOS@MEHTTPS CoolICE (08/02/04)
  • RE: [Full-Disclosure] DOS@MEHTTPS Peter Fregon (08/09/04)
• SA-20040802 GnuTLS certificate chain verification bug Patrik Hornik (08/02/04)
• 7a69Adv#13 - USRobotics AP Wireless Denial of Service Albert Puigsech Galicia (08/02/04)
• Security contact for RSA Security Amit Klein (08/01/04)
• Re[2]: Aladdin response regarding eSafe 3APA3A (08/02/04)
• Re: New possible scam method : forged websites using XUL (Firefox) Peter J. Holzer (08/02/04)
  • Re: New possible scam method : forged websites using XUL (Firefox) Nicholas Knight (08/01/04)
    • Re: New possible scam method : forged websites using XUL (Firefox) Marc (08/02/04)
  • Re: New possible scam method : forged websites using XUL (Firefox) Peter J. Holzer (08/03/04)
    • Re: New possible scam method : forged websites using XUL (Firefox) Kim Scarborough (08/03/04)
    • Re: New possible scam method : forged websites using XUL (Firefox) Michael Reilly (08/03/04)
• Re: Sonicwall diag tool includes VPN credentlials neil gardner (08/01/04)
• RE: New possible scam method : forged websites using XUL (Firefox) Thomas T. Evans, III (08/02/04)
• RE: Sonicwall diag tool includes VPN credentlials Eric McCarty (08/02/04)
  • RE: Sonicwall diag tool includes VPN credentlials Stephan Sachweh (08/02/04)
    • RE: Sonicwall diag tool includes VPN credentlials Jody McCluggage (08/02/04)
• Re: Fwd: New possible scam method : forged websites using XUL (Firefox) Justin Polazzo (08/02/04)
  • Re: Fwd: New possible scam method : forged websites using XUL (Firefox) Peter J. Holzer (08/03/04)
• SoX Exploiter by Rosiello Security Angelo Rosiello (08/02/04)

Last message date: 08/31/04
Archived on: 08/31/04 CEST

---

417 messages sorted by: [ author ] [ date ] [ subject ] [ attachment ]

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2004-08