security.bugtraq (date)

security.bugtraq (date)

March 31, 2002

Security Update: [CSSA-2002-013.0] Linux: Name Service Cache Daemon (nscd) advisory, security
Re: Local Security Vulnerability in Windows NT and Windows 2000, Alexander K. Yezhov
Security Update: [CSSA-2002-011.0] Linux: mod_ssl Buffer Overflow Condition, security
More Office XP problems, Georgi Guninski
Security Update: [CSSA-2002-010.0] Linux: ftp vulnerability in squid, security
Security Update: [CSSA-2002-009.0] Linux: X server allows access to any shared memory on the system, security

March 29, 2002

Security Update: [CSSA-2002-008.0] Linux: CUPS buffer overflow when reading names of attributes, security
Security Update: [CSSA-2002-012.0] Linux: OpenSSH channel code vulnerability, security
privacy issues in metor.com (a search engine), Tom Micklovitch
Local Security Vulnerability in Windows NT and Windows 2000, Ashot Oganesyan K.
Team Asylum: Online renewal sites susceptible to spammer "harvesting", Mailer
Security Update: [CSSA-2002-007.0] Linux: Updated Caldera Public Keys, security
Anonymizer, MSIE, images ..., Alexander K. Yezhov
Re: 1024-bit RSA keys in danger of compromise, Hugh Pierce
IRIX rpc/HOSTALIASES vulnerability, SGI Security Coordinator
IRIX TCP/IP Denial-of-Service attacks, SGI Security Coordinator
[CLA-2002:470] Conectiva Linux Security Announcement - imlib, secure
Re:[Advisory] phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability, altomo
Re: Oracle9i TSN DoS Attack, Lucien Fransman
IRIX FTP Bounce vulnerability, SGI Security Coordinator
Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris, Casper Dik

March 28, 2002

Authentication with RSA SecurID and Outlook web access, Scalise, Marzio
A possible buffer overflow in libnewt, Wu Tao
Oracle9i TSN DoS Attack, Andrey Gordienko
[SECURITY] [DSA 125-1] New analog packages fix cross-site scripting vulnerability, Martin Schulze
squirrelmail 1.2.5 email user can execute command, pokleyzz sakamaniaka
JS embedding @ yahoo.com, Alan McCaig
vuln in wwwisis: remote command execution and get files, Klaus Ripke
OpenSSH channel_lookup() off by one exploit, Morgan
postnuke v 0.7.0.3 remote command execution, pokleyzz sakamaniaka
Re: 1024-bit RSA keys in danger of compromise, Florian Weimer
HELP.dropper: IE6, OE6, Outlook...lookOut, http-equiv@xxxxxxxxxx
Citrix Nfuse directory traversal with boilerplate.asp, Eric Budke
Re: RCA cable modem Deny of Service, Mario Lorenz

March 27, 2002

A buffer overflow study - generic protections, Vincent
Format String Bug in Posadis DNS Server, nick
Re: DoS in debian (potato) proftpd, martin f krafft
Re: DebPloit (exploit), Florian Weimer
[Advisory] phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability, Florian Hobelsberger / BlueScreen
Re: RCA cable modem Deny of Service, Rob Koliha
RCA cable modem Deny of Service, Gabriel A. Maggiotti
NFuse Cross Site Scripting vulnerability, Eric Detoisien
Cisco Security Advisory: LDAP Connection Leak in CTI when User Authentication Fails, Cisco Systems Product Security Incident Response Team
Xchat /dns command execution vulnerability, SpaceWalker
Retrieving information on local files in IE (GM#003-IE), GreyMagic Software
Root compromise through LogWatch 2.1.1, Spybreak

March 26, 2002

JS embedding @ www.reed.co.uk, elaborate ruse
Re: Cross-site scripting., zeno
Re: [RHEA-2002:024-23] Updated rpm packages available, helmut g. katzgraber
RE: Security contact for Network Associates?, Jim_Magdych
DoS in debian (potato) proftpd, Joe Dollard
CGIscript.net - csSearch.cgi - Remote Code Execution (up to 17,000 sites vulnerable), Steve Gustin
SouthWest Telnet talker server. DoS (Denial of Service Attack)., Alex Hernandez
FreeBSD Ports Security Advisory FreeBSD-SA-02:19.squid, FreeBSD Security Advisories
[SECURITY] [DSA 124-1] New mtr packages fix buffer overflow, Martin Schulze
d_path() truncating excessive long path name vulnerability, Wojciech Purczynski
Etnus TotalView 5., Andrew Griffiths
Security contact for Network Associates?, Anton Rager
updated squid advisory, Adrian Chadd
Instant Web Mail additional POP3 commands and mail headers, Ulf Harnhammar
secureinc.com Vulnerability, Jason Giglio
Re: memberlist.php of vBulletin, John Percival
Re: 1024-bit RSA keys in danger of compromise, Len Sassaman
[IMG] tag vulnerability in vBulletin, frog frog
New Bill attempts to regulate hardware, software development, Jon O.
Cross-site scripting., Berend-Jan Wever

March 25, 2002

Re: Identifying Kernel 2.4.x based Linux machines using UDP, Fyodor
re: Tomcat Security Exposure, Adam Manock
Apache 1.3.24 Released! (fwd), Jonas Eriksson
1024-bit RSA keys in danger of compromise, Lucky Green
Re: Fw: PHPNuke 5.4 Path Disclosure Vulnerability?, Dylan Reeve
WebSight Directory System: cross-site-scripting bug, ppp-design
Cookie vulnerability in Alguest guestbook (PHP), MOD
dcshop.cgi anybody can delete *.setup for database, pokleyzz sakamaniaka
RE: Automatically opening IE + Executing attachments, jelmer
RE: NMRC Advisory: RealSecure KeyManager Issue - Further Explanation, Marc Maiffret

March 23, 2002

Re: PostNuke Bugged, Scott
Re: Local privalege escalation issues with Webmin 0.92, Ed
One more way to bypass NAV, 3APA3A
Re: PHP script: Penguin Traceroute, Remote Command Execution, bugtraq

March 22, 2002

RE: NMRC Advisory: RealSecure KeyManager Issue - Further Explanation, hellNbak
XSS + Info leak @ www.myownemail.com, elaborate ruse
UniNet InfoSec Conference, Seth Arnold
EUDORA Re: Automatically opening + Executing attachments, http-equiv@xxxxxxxxxx
Re: move_uploaded_file breaks safe_mode restrictions in PHP, sesser
Re: PHP script: Penguin Traceroute, Remote Command Execution, Philip Turner
RE: PHPNuke 5.4 Path Disclosure Vulnerability?, Martens, Thierry
PostNuke Bugged, Scott
memberlist.php of vBulletin, plato
RE: Automatically opening IE + Executing attachments, GreyMagic Software
Webtraversal in PCI Netsupport Manager (all version up to 7 using web extensions), watcher60
Gravity Storm Service Pack Manager 2000 Share Vulnerability, 'ken'@FTU
[RHSA-2002:035-18] Updated PHP packages are available [updated 2002-Mar-11], bugzilla
[RHSA-2002:026-43] Vulnerability in zlib library, bugzilla
Xpede passwords exposed (2 vuln.), Gregory Duchemin
Automatically opening IE + Executing attachments, GreyMagic Software
How Outlook 2002 can still execute JavaScript in an HTML email message, Richard M. Smith

March 21, 2002

RE: CSS in ikonboard 3.0.1,3.0.2,3.0.3, Michael Ginese
Re: move_uploaded_file breaks safe_mode restrictions in PHP, sesser
Re: TCP Connections to a Broadcast Address on BSD-Based Systems, David Maxwell
RE: [VulnWatch] NMRC Advisory - KeyManager Issue in ISS RealSecur e on Nokia Appliances, Rouland, Chris (ISSAtlanta)
[RHSA-2002:048-06] New imlib packages available, bugzilla
RE: [VulnWatch] NMRC Advisory - KeyManager Issue in ISS RealSecur e on Nokia Appliances, Rouland, Chris (ISSAtlanta)
Re: move_uploaded_file breaks safe_mode restrictions in PHP, Patrick Oonk
Vulnerability in Apache for Win32 batch file processing - Remote command execution, Ory Segal
RE: [VulnWatch] NMRC Advisory - KeyManager Issue in ISS RealSecur e on Nokia Appliances, hellNbak
Fw: PHPNuke 5.4 Path Disclosure Vulnerability?, godminus
Questionable security policies in Outlook 2002, Richard M. Smith
PHP script: Penguin Traceroute, Remote Command Execution, paul jenkins
MDKSA-2002:025 - fix for insecure default kdm configuration, Mandrake Linux Security Team
RE: NMRC Advisory - KeyManager Issue in ISS RealSecure on Nokia A ppliances, Rouland, Chris (ISSAtlanta)
Re: move_uploaded_file breaks safe_mode restrictions in PHP, sesser
Re: NMRC Advisory - KeyManager Issue in ISS RealSecure, hellNbak
Re: NMRC Advisory - KeyManager Issue in ISS RealSecure on Nokia Appliances, Georgi Guninski
Security Update: [CSSA-2002-SCO.12] Open UNIX, UnixWare 7: rpc.cmsd can be remotely exploited, security
Re: Excite Email Disclosure Vulnerability, Obscure
RE: Citrix vulnerability disclosure/bug reports contact, Arian J. Evans
RE: phpBB2 remote execution command, Nathan Anderson
Re: PHP Net Toolpack: input validation error, Jon Ribbens
[Bug 131761] Buffer Overflow in Geck/Netscape 5.0/6.0?, Jonathan A. Zdziarski
CSS in ikonboard 3.0.1,3.0.2,3.0.3, Max Speed
[img]-vulnerability in vBulletin Version 2.2.2 & 2.2.1 & maybe olders, Cano2
RE: Hosting Directory Traversal madness..., Phuong Nguyen
Re: Identifying Kernel 2.4.x based Linux machines using UDP, Charles-Edouard Ruault
Re: move_uploaded_file breaks safe_mode restrictions in PHP, Jedi/Sector One
Re: TCP Connections to a Broadcast Address on BSD-Based Systems, itojun
[Mozilla Bug #131761] Buffer Overflow in Geck/Netscape 5.0/6.0?, Jonathan A. Zdziarski
RE: Potential vulnerabilities of the Microsoft RVP-based Instant Messaging, Brian Heathfield
RE: Identifying Kernel 2.4.x based Linux machines using UDP, Fletcher, Stephen J

March 20, 2002

NMRC Advisory - KeyManager Issue in ISS RealSecure on Nokia Appliances, hellNbak
Re: Identifying Kernel 2.4.x based Linux machines using UDP, Crist J. Clark
Re: Identifying Kernel 2.4.x based Linux machines using UDP, Crist J. Clark
Citrix contacts, Eric Budke
Re: [VulnWatch] Bypassing libsafe format string protection, Steve Beattie
Default SNMP configuration issue with Foundry Networks EdgeIron 4802F, advisory
Local privalege escalation issues with Webmin 0.92, advisory
LilHTTP Web Server Protected File Access Vulnerability (Solution), Tamer Sahin
Bypassing libsafe format string protection, Wojciech Purczynski
Re: More SWF vulnerabilities?, the Pull
move_uploaded_file breaks safe_mode restrictions in PHP, Tozz
Javascript loop causes IE to crash, Patrik Birgersson
Additional IRIX CDE and CDE ToolTalk Vulnerabilities update, SGI Security Coordinator
More SWF vulnerabilities?, Drew Daniels
IRIX TCP/IP Initial Sequence Numbers, SGI Security Coordinator

March 19, 2002

Potential vulnerabilities of the Microsoft RVP-based Instant Messaging, Dimitrios Petropoulos
RE: MSIE vulnerability exploitable with IncrediMail, Joachim Thuau
phpBB2 remote execution command, nullbyte
RE: Buffer Overflow in Geck/Netscape 5.0/6.0?, Pauls, Nicole
Excite Email Disclosure Vulnerability, Jan Schaumann
[SECURITY] [DSA-123-1] listar buffer overflow, Wichert Akkerman
Identifying Kernel 2.4.x based Linux machines using UDP, Ofir Arkin
Re: [ARL02-A07] ARSC Really Simple Chat System Information Path Disclosure Vulnerability, Manuel Kiessling
RE: PHP-Nuke & Post-Nuke account hijacking., Chris Bradford
FreeBSD Ports Security Advisory FreeBSD-SA-02:18.zlib, FreeBSD Security Advisories
Re: Buffer Overflow in Geck/Netscape 5.0/6.0?, Scott Dier
[ARL02-A08] BG Guestbook Cross Site Scripting Vulnerability, Ahmet Sabri ALPER
MSIE vulnerability exploitable with Eudora (was: IncrediMail), Magnus Bodin
RE: MSIE vulnerability exploitable with IncrediMail, RT
[ARL02-A10] News-TNK Cross Site Scripting Vulnerability, Ahmet Sabri ALPER
Re: about zlib vulnerability - Microsoft products, Florian Weimer
[ARL02-A09] Board-TNK Cross Site Scripting Vulnerability, Ahmet Sabri ALPER
RE: MSIE vulnerability exploitable with IncrediMail, Thor Larholm
Re: phpBB2 remote execution command (fwd), Jose Romeo Vela
Re: Buffer Overflow in Geck/Netscape 5.0/6.0?, Patrick Morris
SOLARIS LOGIN remote via telnetd, Morgan
KPMG-2002005: BitVise WinSSH Denial of Service, Peter Gründl
[ARL02-A11] Big Sam (Built-In Guestbook Stand-Alone Module) Multiple Vulnerabilities, Ahmet Sabri ALPER
Hosting Directory Traversal madness..., Phuong Nguyen
TCP Connections to a Broadcast Address on BSD-Based Systems, Crist J. Clark

March 18, 2002

[ARL02-A07] ARSC Really Simple Chat System Information Path Disclosure Vulnerability, Ahmet Sabri ALPER
TSLSA-2002-0040 - zlib, Trustix Secure Linux Advisor
Re: Alteon ACEdirector signature/security bug, Mike Rogers
[Mozilla Bug #131761] Buffer Overflow in Geck/Netscape 5.0/6.0?, Jonathan A. Zdziarski
PHP-Nuke & Post-Nuke account hijacking., Handle Nopman
PHP Net Toolpack: input validation error, ppp-design
Buffer Overflow in Geck/Netscape 5.0/6.0?, Jonathan A. Zdziarski

March 17, 2002

Re: about zlib vulnerability - Microsoft products, Forrest J Cavalier III

March 16, 2002

RE: MSIE vulnerability exploitable with IncrediMail, Eric Detoisien
Apache vulnerabilities on IRIX, SGI Security Coordinator

March 15, 2002

Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris, Casper Dik
RE: MSIE vulnerability exploitable with IncrediMail, Thor Larholm
Re: Bug in QPopper (All Versions?), Dustin Childers
Re: ZLib double free bug: Windows NT potentially unaffected, Martijn Lievaart
MSIE vulnerability exploitable with IncrediMail, Eric Detoisien
Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris, Thomas Insel
[RHSA-2002:032-12] Updated cups packages are available, bugzilla
RE: Foundry Networks ServerIron don't decode URIs, Kevin Brown
RE: [Whitehat] about zlib vulnerability, Peter Mueller
Re: ZLib double free bug: Windows NT potentially unaffected, Dragos Ruiu
Bug in QPopper (All Versions?), Dustin Childers
CERT Advisory CA-2002-08 Multiple vulnerabilities in Oracle Servers, CERT Advisory
Re: ZLib double free bug: Windows NT potentially unaffected, Dragos Ruiu
ZLib double free bug: Windows NT potentially unaffected, KJK::Hyperion
Re: about zlib vulnerability, Paul Wouters
RE: ZLib double free bug: Windows NT potentially unaffected, Robert Collins
Fwd: DebPloit (exploit), Mike Tone
Re: ZLib double free bug: Windows NT potentially unaffected, Casper Dik

March 14, 2002

[CSS] Cross Site Scripting in the translation and infoplease services of lycos.com possible, tsr
Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris, John D Groenveld
Account Lockout Vulnerability in Oblix NetPoint v5.2, Bill Canning
Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris, Lisa Bogar
Re: about zlib vulnerability - Microsoft products, Davis Ray Sickmon, Jr
Re: [RHSA-2002:026-35] Vulnerability in zlib library, Pavel Kankovsky
about zlib vulnerability, tele
[CLA-2002:469] Conectiva Linux Security Announcement - zlib, secure
MDKSA-2002:024 - rsync update, Mandrake Linux Security Team
MDKSA-2002:023-1 - packages containing zlib update, Mandrake Linux Security Team
Foundry Networks ServerIron don't decode URIs, Jedi/Sector One
Re: [RHSA-2002:026-35] Vulnerability in zlib library, Mark J Cox
Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris, Brent J. Nordquist
[RHSA-2002:026-35] Vulnerability in zlib library, bugzilla
Re: Windows 2000 password policy bypass possibility, Anthony DeRobertis
Security Update: [CSSA-2002-004.1] REVISED: Linux: Various security problems in ucd-snmp, Support Info

March 13, 2002

Many, many, many Sql Server 7 & 2000 Buffer Overflows, c c
Xerver Free Web Server 2.10 file Disclosure & DoS PATCH (update version), Alex Hernandez
Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability, Dimitry Andric
Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability, Jean-loup Gailly
Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability, Bernd Jendrissek
Re: [RHSA-2002:026-35] Vulnerability in zlib library, Tomasz Ostrowski
Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability, Florian Weimer
Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris, Christopher X. Candreva
Security Update: [CSSA-2002-SCO.11] Open UNIX, UnixWare: OpenSSH channel code vulnerability, security
Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability, Guy Poizat
Re[2]: [VulnWatch] IMail Account hijack through the Web Interface, Obscure
MDKSA-2002:023 - packages containing zlib update, Mandrake Linux Security Team
[ARL02-A06] Black Tie Project System Information Path Disclosure Vulnerability, Ahmet Sabri ALPER
Command execution in phprojekt., b0iler _
Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability, Adam
2nd Buffer Overflow in Talentsoft's Web+ (#NISR13032002), NGSSoftware Insight Security Research
CERT Advisory CA-2002-07 Double Free Bug in zlib Compression Library, CERT Advisory
Cgisecurity.com Paper #5: Fingerprinting Port 80 Attacks: A look into web server, and web application attack signatures: Part Two, zeno
Re: Alteon ACEdirector signature/security bug, Mike Rogers
Security Update: [CSSA-2002-SCO.9] OpenServer: IPFilter may incorrectly pass packets, security
SunSolve CD cgi scripts..., Fyodor
OpenSSH rebuild warning: problems avoiding zlib problems in Solaris, Michael Leo
zlibscan : script to find suid binaries possibly affected by zlib vulnerability, hologram
RE: Suspect 'advisory' from someone claiming to be from Microsoft (was Fwd: Internet Security Update), Alex Arndt
[OpenPKG-SA-2002.003] OpenPKG Security Advisory (zlib), OpenPKG
Re: [RHSA-2002:026-35] Vulnerability in zlib library, helmut g. katzgraber
FreeBSD Ports Security Advisory FreeBSD-SA-02:17.mod_frontpage, FreeBSD Security Advisories
Security Update: [CSSA-2002-SCO.10] OpenServer: OpenSSH channel code vulnerability, security
Marcus S. Xenakis "directory.php" allows arbitrary code execution, Florian Hobelsberger / BlueScreen
NetBSD Security Advisory 2002-002: gzip buffer overrun with long filename, NetBSD Security Officer

March 12, 2002

NetBSD Security Advisory 2002-004: Off-by-one error in openssh session, NetBSD Security Officer
Re: IMail Account hijack through the Web Interface, Henrik Larsson
MDKSA-2002:022 - zlib update, Mandrake Linux Security Team
FreeBSD Ports Security Advisory FreeBSD-SA-02:14.pam-pgsql, FreeBSD Security Advisories
FreeBSD Ports Security Advisory FreeBSD-SA-02:16.netscape, FreeBSD Security Advisories
Re: [VulnWatch] exploiting the zlib bug in openssh, Michal Zalewski
FreeBSD Ports Security Advisory FreeBSD-SA-02:15.cyrus-sasl, FreeBSD Security Advisories
ZyXEL ZyWALL10 DoS, Knud Erik Højgaard
exploiting the zlib bug in openssh, H D Moore
Security Update: [CSSA-2002-SCO.8] OpenServer: dlvr_audit: exploitable buffer overflow, security
zlib & java, Darren Reed
Re: security problem fixed in zlib 1.1.4, Neil W Rickert
[ARL02-A05] PHP FirstPost System Information Path Disclosure Vulnerability, Ahmet Sabri ALPER
ADVISORY: Windows Shell Overflow, Marc Maiffret
Re: Directory traversal vulnerability in phpimglist, Jason DiCioccio
Directory traversal vulnerability in phpimglist, Jason DiCioccio
CaupoShop: cross-site-scripting bug, ppp-design
Ecartis/Listar multiple vulnerabilities, Janusz Niewiadomski
security problem fixed in zlib 1.1.4, Jean-loup Gailly
[SECURITY] [DSA 122-1] New zlib & other packages fix buffer overflow, Michael Stone

March 11, 2002

SuSE Security Announcement: libz/zlib (SuSE-SA:2002:010) (tandem-announcement, first part), Roman Drahtmueller
TSLSA-2002-0039 - openssh, Trustix Secure Linux Advisor
[RHSA-2002:027-22] Vulnerability in zlib library (powertools), bugzilla
[ESA-20020311-008] Double free() in zlib may lead to buffer overflow., EnGarde Secure Linux
SuSE Security Announcement: packages containing libz/zlib (SuSE-SA:2002:011) (tandem-announcement, second part), Roman Drahtmueller
[SECURITY] [DSA 121-1] New xtell packages fix several vulnerabilities, Martin Schulze
SMStools vulnerabilities in release before 1.4.8, Marcello Magnifico [fabbricadigitale]
Suspect 'advisory' from someone claiming to be from Microsoft (was Fwd: Internet Security Update), Marlon Borba
Re: [VulnWatch] IMail Account hijack through the Web Interface, Zillion
IMail Account hijack through the Web Interface, Obscure
[SECURITY] [DSA 120-1] New mod_ssl and Apache/SSL packages fix buffer overflow, Martin Schulze
VirusWall HTTP proxy content scanning circumvention, Boris Wesslowski
OpenSSH 2.9.9p2 packages for Immunix 6.2 with latest fix, Greg KH
GNU fileutils - recursive directory removal race condition, Wojciech Purczynski
Citadel/UX Server Remote DoS attack Vulnerability, xperc
Pi3Web/2.0.0 File-Disclosure/Path Disclosure vuln, Tekno pHReak
xtux server DoS., b0iler _

News | FAQ | advertise