security.bugtraq (thread)

Security Update: [CSSA-2002-013.0] Linux: Name Service Cache Daemon (nscd) advisory, security
Security Update: [CSSA-2002-011.0] Linux: mod_ssl Buffer Overflow Condition, security
More Office XP problems, Georgi Guninski
Security Update: [CSSA-2002-010.0] Linux: ftp vulnerability in squid, security
Security Update: [CSSA-2002-009.0] Linux: X server allows access to any shared memory on the system, security
Security Update: [CSSA-2002-008.0] Linux: CUPS buffer overflow when reading names of attributes, security
Security Update: [CSSA-2002-012.0] Linux: OpenSSH channel code vulnerability, security
privacy issues in metor.com (a search engine), Tom Micklovitch
Local Security Vulnerability in Windows NT and Windows 2000, Ashot Oganesyan K.
- Re: Local Security Vulnerability in Windows NT and Windows 2000, Alexander K. Yezhov
Team Asylum: Online renewal sites susceptible to spammer "harvesting", Mailer
Security Update: [CSSA-2002-007.0] Linux: Updated Caldera Public Keys, security
Anonymizer, MSIE, images ..., Alexander K. Yezhov
IRIX rpc/HOSTALIASES vulnerability, SGI Security Coordinator
IRIX TCP/IP Denial-of-Service attacks, SGI Security Coordinator
[CLA-2002:470] Conectiva Linux Security Announcement - imlib, secure
IRIX FTP Bounce vulnerability, SGI Security Coordinator
Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris, Casper Dik
Authentication with RSA SecurID and Outlook web access, Scalise, Marzio
A possible buffer overflow in libnewt, Wu Tao
Oracle9i TSN DoS Attack, Andrey Gordienko
- Re: Oracle9i TSN DoS Attack, Lucien Fransman
[SECURITY] [DSA 125-1] New analog packages fix cross-site scripting vulnerability, Martin Schulze
squirrelmail 1.2.5 email user can execute command, pokleyzz sakamaniaka
JS embedding @ yahoo.com, Alan McCaig
vuln in wwwisis: remote command execution and get files, Klaus Ripke
OpenSSH channel_lookup() off by one exploit, Morgan
postnuke v 0.7.0.3 remote command execution, pokleyzz sakamaniaka
HELP.dropper: IE6, OE6, Outlook...lookOut, http-equiv@xxxxxxxxxx
Citrix Nfuse directory traversal with boilerplate.asp, Eric Budke
A buffer overflow study - generic protections, Vincent
Format String Bug in Posadis DNS Server, nick
[Advisory] phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability, Florian Hobelsberger / BlueScreen
- Re:[Advisory] phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability, altomo
RCA cable modem Deny of Service, Gabriel A. Maggiotti
- Re: RCA cable modem Deny of Service, Mario Lorenz
- Re: RCA cable modem Deny of Service, Rob Koliha
NFuse Cross Site Scripting vulnerability, Eric Detoisien
Cisco Security Advisory: LDAP Connection Leak in CTI when User Authentication Fails, Cisco Systems Product Security Incident Response Team
Xchat /dns command execution vulnerability, SpaceWalker
Retrieving information on local files in IE (GM#003-IE), GreyMagic Software
Root compromise through LogWatch 2.1.1, Spybreak
JS embedding @ www.reed.co.uk, elaborate ruse
Re: [RHEA-2002:024-23] Updated rpm packages available, helmut g. katzgraber
DoS in debian (potato) proftpd, Joe Dollard
- Re: DoS in debian (potato) proftpd, martin f krafft
CGIscript.net - csSearch.cgi - Remote Code Execution (up to 17,000 sites vulnerable), Steve Gustin
SouthWest Telnet talker server. DoS (Denial of Service Attack)., Alex Hernandez
FreeBSD Ports Security Advisory FreeBSD-SA-02:19.squid, FreeBSD Security Advisories
[SECURITY] [DSA 124-1] New mtr packages fix buffer overflow, Martin Schulze
d_path() truncating excessive long path name vulnerability, Wojciech Purczynski
Etnus TotalView 5., Andrew Griffiths
Security contact for Network Associates?, Anton Rager
- RE: Security contact for Network Associates?, Jim_Magdych
updated squid advisory, Adrian Chadd
Instant Web Mail additional POP3 commands and mail headers, Ulf Harnhammar
secureinc.com Vulnerability, Jason Giglio
[IMG] tag vulnerability in vBulletin, frog frog
New Bill attempts to regulate hardware, software development, Jon O.
Cross-site scripting., Berend-Jan Wever
- Re: Cross-site scripting., zeno
re: Tomcat Security Exposure, Adam Manock
Apache 1.3.24 Released! (fwd), Jonas Eriksson
1024-bit RSA keys in danger of compromise, Lucky Green
- Re: 1024-bit RSA keys in danger of compromise, Len Sassaman
- Re: 1024-bit RSA keys in danger of compromise, Florian Weimer
  - Re: 1024-bit RSA keys in danger of compromise, Hugh Pierce
WebSight Directory System: cross-site-scripting bug, ppp-design
Cookie vulnerability in Alguest guestbook (PHP), MOD
dcshop.cgi anybody can delete *.setup for database, pokleyzz sakamaniaka
One more way to bypass NAV, 3APA3A
RE: NMRC Advisory: RealSecure KeyManager Issue - Further Explanation, hellNbak
- RE: NMRC Advisory: RealSecure KeyManager Issue - Further Explanation, Marc Maiffret
XSS + Info leak @ www.myownemail.com, elaborate ruse
UniNet InfoSec Conference, Seth Arnold
EUDORA Re: Automatically opening + Executing attachments, http-equiv@xxxxxxxxxx
PostNuke Bugged, Scott
- Re: PostNuke Bugged, Scott
memberlist.php of vBulletin, plato
- Re: memberlist.php of vBulletin, John Percival
Webtraversal in PCI Netsupport Manager (all version up to 7 using web extensions), watcher60
Gravity Storm Service Pack Manager 2000 Share Vulnerability, 'ken'@FTU
[RHSA-2002:035-18] Updated PHP packages are available [updated 2002-Mar-11], bugzilla
[RHSA-2002:026-43] Vulnerability in zlib library, bugzilla
Xpede passwords exposed (2 vuln.), Gregory Duchemin
Automatically opening IE + Executing attachments, GreyMagic Software
- RE: Automatically opening IE + Executing attachments, GreyMagic Software
- RE: Automatically opening IE + Executing attachments, jelmer
How Outlook 2002 can still execute JavaScript in an HTML email message, Richard M. Smith
[RHSA-2002:048-06] New imlib packages available, bugzilla
RE: [VulnWatch] NMRC Advisory - KeyManager Issue in ISS RealSecur e on Nokia Appliances, Rouland, Chris (ISSAtlanta)
- RE: [VulnWatch] NMRC Advisory - KeyManager Issue in ISS RealSecur e on Nokia Appliances, Rouland, Chris (ISSAtlanta)
Vulnerability in Apache for Win32 batch file processing - Remote command execution, Ory Segal
RE: [VulnWatch] NMRC Advisory - KeyManager Issue in ISS RealSecur e on Nokia Appliances, hellNbak
Fw: PHPNuke 5.4 Path Disclosure Vulnerability?, godminus
- Re: Fw: PHPNuke 5.4 Path Disclosure Vulnerability?, Dylan Reeve
- RE: PHPNuke 5.4 Path Disclosure Vulnerability?, Martens, Thierry
Questionable security policies in Outlook 2002, Richard M. Smith
PHP script: Penguin Traceroute, Remote Command Execution, paul jenkins
- Re: PHP script: Penguin Traceroute, Remote Command Execution, Philip Turner
- Re: PHP script: Penguin Traceroute, Remote Command Execution, bugtraq
MDKSA-2002:025 - fix for insecure default kdm configuration, Mandrake Linux Security Team
RE: NMRC Advisory - KeyManager Issue in ISS RealSecure on Nokia A ppliances, Rouland, Chris (ISSAtlanta)
Re: NMRC Advisory - KeyManager Issue in ISS RealSecure, hellNbak
Security Update: [CSSA-2002-SCO.12] Open UNIX, UnixWare 7: rpc.cmsd can be remotely exploited, security
[Bug 131761] Buffer Overflow in Geck/Netscape 5.0/6.0?, Jonathan A. Zdziarski
CSS in ikonboard 3.0.1,3.0.2,3.0.3, Max Speed
- RE: CSS in ikonboard 3.0.1,3.0.2,3.0.3, Michael Ginese
[img]-vulnerability in vBulletin Version 2.2.2 & 2.2.1 & maybe olders, Cano2
NMRC Advisory - KeyManager Issue in ISS RealSecure on Nokia Appliances, hellNbak
- Re: NMRC Advisory - KeyManager Issue in ISS RealSecure on Nokia Appliances, Georgi Guninski
Citrix contacts, Eric Budke
- RE: Citrix vulnerability disclosure/bug reports contact, Arian J. Evans
Default SNMP configuration issue with Foundry Networks EdgeIron 4802F, advisory
Local privalege escalation issues with Webmin 0.92, advisory
- Re: Local privalege escalation issues with Webmin 0.92, Ed
LilHTTP Web Server Protected File Access Vulnerability (Solution), Tamer Sahin
Bypassing libsafe format string protection, Wojciech Purczynski
- Re: [VulnWatch] Bypassing libsafe format string protection, Steve Beattie
move_uploaded_file breaks safe_mode restrictions in PHP, Tozz
- Re: move_uploaded_file breaks safe_mode restrictions in PHP, Jedi/Sector One
- Re: move_uploaded_file breaks safe_mode restrictions in PHP, sesser
  - Re: move_uploaded_file breaks safe_mode restrictions in PHP, Patrick Oonk
  - Re: move_uploaded_file breaks safe_mode restrictions in PHP, sesser
- Re: move_uploaded_file breaks safe_mode restrictions in PHP, sesser
Javascript loop causes IE to crash, Patrik Birgersson
Additional IRIX CDE and CDE ToolTalk Vulnerabilities update, SGI Security Coordinator
More SWF vulnerabilities?, Drew Daniels
- Re: More SWF vulnerabilities?, the Pull
IRIX TCP/IP Initial Sequence Numbers, SGI Security Coordinator
Potential vulnerabilities of the Microsoft RVP-based Instant Messaging, Dimitrios Petropoulos
- RE: Potential vulnerabilities of the Microsoft RVP-based Instant Messaging, Brian Heathfield
phpBB2 remote execution command, nullbyte
- RE: phpBB2 remote execution command, Nathan Anderson
Excite Email Disclosure Vulnerability, Jan Schaumann
- Re: Excite Email Disclosure Vulnerability, Obscure
[SECURITY] [DSA-123-1] listar buffer overflow, Wichert Akkerman
Identifying Kernel 2.4.x based Linux machines using UDP, Ofir Arkin
- Re: Identifying Kernel 2.4.x based Linux machines using UDP, Crist J. Clark
- Re: Identifying Kernel 2.4.x based Linux machines using UDP, Crist J. Clark
- Re: Identifying Kernel 2.4.x based Linux machines using UDP, Charles-Edouard Ruault
- Re: Identifying Kernel 2.4.x based Linux machines using UDP, Fyodor
- RE: Identifying Kernel 2.4.x based Linux machines using UDP, Fletcher, Stephen J
FreeBSD Ports Security Advisory FreeBSD-SA-02:18.zlib, FreeBSD Security Advisories
[ARL02-A08] BG Guestbook Cross Site Scripting Vulnerability, Ahmet Sabri ALPER
[ARL02-A10] News-TNK Cross Site Scripting Vulnerability, Ahmet Sabri ALPER
[ARL02-A09] Board-TNK Cross Site Scripting Vulnerability, Ahmet Sabri ALPER
Re: phpBB2 remote execution command (fwd), Jose Romeo Vela
SOLARIS LOGIN remote via telnetd, Morgan
KPMG-2002005: BitVise WinSSH Denial of Service, Peter Gründl
[ARL02-A11] Big Sam (Built-In Guestbook Stand-Alone Module) Multiple Vulnerabilities, Ahmet Sabri ALPER
Hosting Directory Traversal madness..., Phuong Nguyen
- RE: Hosting Directory Traversal madness..., Phuong Nguyen
TCP Connections to a Broadcast Address on BSD-Based Systems, Crist J. Clark
- Re: TCP Connections to a Broadcast Address on BSD-Based Systems, itojun
- Re: TCP Connections to a Broadcast Address on BSD-Based Systems, David Maxwell
[ARL02-A07] ARSC Really Simple Chat System Information Path Disclosure Vulnerability, Ahmet Sabri ALPER
- Re: [ARL02-A07] ARSC Really Simple Chat System Information Path Disclosure Vulnerability, Manuel Kiessling
TSLSA-2002-0040 - zlib, Trustix Secure Linux Advisor
[Mozilla Bug #131761] Buffer Overflow in Geck/Netscape 5.0/6.0?, Jonathan A. Zdziarski
- Re: Buffer Overflow in Geck/Netscape 5.0/6.0?, Scott Dier
  - Re: Buffer Overflow in Geck/Netscape 5.0/6.0?, Patrick Morris
- [Mozilla Bug #131761] Buffer Overflow in Geck/Netscape 5.0/6.0?, Jonathan A. Zdziarski
PHP-Nuke & Post-Nuke account hijacking., Handle Nopman
- RE: PHP-Nuke & Post-Nuke account hijacking., Chris Bradford
PHP Net Toolpack: input validation error, ppp-design
- Re: PHP Net Toolpack: input validation error, Jon Ribbens
Buffer Overflow in Geck/Netscape 5.0/6.0?, Jonathan A. Zdziarski
- RE: Buffer Overflow in Geck/Netscape 5.0/6.0?, Pauls, Nicole
Re: about zlib vulnerability - Microsoft products, Forrest J Cavalier III
- Re: about zlib vulnerability - Microsoft products, Florian Weimer
Apache vulnerabilities on IRIX, SGI Security Coordinator
MSIE vulnerability exploitable with IncrediMail, Eric Detoisien
- MSIE vulnerability exploitable with Eudora (was: IncrediMail), Magnus Bodin
- RE: MSIE vulnerability exploitable with IncrediMail, Thor Larholm
  - RE: MSIE vulnerability exploitable with IncrediMail, RT
- RE: MSIE vulnerability exploitable with IncrediMail, Eric Detoisien
- RE: MSIE vulnerability exploitable with IncrediMail, Thor Larholm
- RE: MSIE vulnerability exploitable with IncrediMail, Joachim Thuau
[RHSA-2002:032-12] Updated cups packages are available, bugzilla
RE: [Whitehat] about zlib vulnerability, Peter Mueller
Bug in QPopper (All Versions?), Dustin Childers
- Re: Bug in QPopper (All Versions?), Dustin Childers
CERT Advisory CA-2002-08 Multiple vulnerabilities in Oracle Servers, CERT Advisory
RE: ZLib double free bug: Windows NT potentially unaffected, Robert Collins
- Re: ZLib double free bug: Windows NT potentially unaffected, Martijn Lievaart
- ZLib double free bug: Windows NT potentially unaffected, KJK::Hyperion
  - Re: ZLib double free bug: Windows NT potentially unaffected, Casper Dik
  - Re: ZLib double free bug: Windows NT potentially unaffected, Dragos Ruiu
    - Re: ZLib double free bug: Windows NT potentially unaffected, Dragos Ruiu
Fwd: DebPloit (exploit), Mike Tone
- Re: DebPloit (exploit), Florian Weimer
[CSS] Cross Site Scripting in the translation and infoplease services of lycos.com possible, tsr
Account Lockout Vulnerability in Oblix NetPoint v5.2, Bill Canning
about zlib vulnerability, tele
- Re: about zlib vulnerability - Microsoft products, Davis Ray Sickmon, Jr
- Re: about zlib vulnerability, Paul Wouters
[CLA-2002:469] Conectiva Linux Security Announcement - zlib, secure
MDKSA-2002:024 - rsync update, Mandrake Linux Security Team
MDKSA-2002:023-1 - packages containing zlib update, Mandrake Linux Security Team
Foundry Networks ServerIron don't decode URIs, Jedi/Sector One
- RE: Foundry Networks ServerIron don't decode URIs, Kevin Brown
Re: Windows 2000 password policy bypass possibility, Anthony DeRobertis
Security Update: [CSSA-2002-004.1] REVISED: Linux: Various security problems in ucd-snmp, Support Info
Many, many, many Sql Server 7 & 2000 Buffer Overflows, c c
Xerver Free Web Server 2.10 file Disclosure & DoS PATCH (update version), Alex Hernandez
Security Update: [CSSA-2002-SCO.11] Open UNIX, UnixWare: OpenSSH channel code vulnerability, security
MDKSA-2002:023 - packages containing zlib update, Mandrake Linux Security Team
[ARL02-A06] Black Tie Project System Information Path Disclosure Vulnerability, Ahmet Sabri ALPER
Command execution in phprojekt., b0iler _
2nd Buffer Overflow in Talentsoft's Web+ (#NISR13032002), NGSSoftware Insight Security Research
CERT Advisory CA-2002-07 Double Free Bug in zlib Compression Library, CERT Advisory
Cgisecurity.com Paper #5: Fingerprinting Port 80 Attacks: A look into web server, and web application attack signatures: Part Two, zeno
Re: Alteon ACEdirector signature/security bug, Mike Rogers
- Re: Alteon ACEdirector signature/security bug, Mike Rogers
Security Update: [CSSA-2002-SCO.9] OpenServer: IPFilter may incorrectly pass packets, security
SunSolve CD cgi scripts..., Fyodor
zlibscan : script to find suid binaries possibly affected by zlib vulnerability, hologram
- Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability, Adam
- Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability, Guy Poizat
- Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability, Florian Weimer
- Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability, Jean-loup Gailly
- Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability, Dimitry Andric
- Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability, Bernd Jendrissek
[OpenPKG-SA-2002.003] OpenPKG Security Advisory (zlib), OpenPKG
Re: [RHSA-2002:026-35] Vulnerability in zlib library, helmut g. katzgraber
- Re: [RHSA-2002:026-35] Vulnerability in zlib library, Tomasz Ostrowski
  - Re: [RHSA-2002:026-35] Vulnerability in zlib library, Mark J Cox
- Re: [RHSA-2002:026-35] Vulnerability in zlib library, Pavel Kankovsky
- [RHSA-2002:026-35] Vulnerability in zlib library, bugzilla
FreeBSD Ports Security Advisory FreeBSD-SA-02:17.mod_frontpage, FreeBSD Security Advisories
Security Update: [CSSA-2002-SCO.10] OpenServer: OpenSSH channel code vulnerability, security
Marcus S. Xenakis "directory.php" allows arbitrary code execution, Florian Hobelsberger / BlueScreen
NetBSD Security Advisory 2002-002: gzip buffer overrun with long filename, NetBSD Security Officer
NetBSD Security Advisory 2002-004: Off-by-one error in openssh session, NetBSD Security Officer
MDKSA-2002:022 - zlib update, Mandrake Linux Security Team
FreeBSD Ports Security Advisory FreeBSD-SA-02:14.pam-pgsql, FreeBSD Security Advisories
FreeBSD Ports Security Advisory FreeBSD-SA-02:16.netscape, FreeBSD Security Advisories
Re: [VulnWatch] exploiting the zlib bug in openssh, Michal Zalewski
FreeBSD Ports Security Advisory FreeBSD-SA-02:15.cyrus-sasl, FreeBSD Security Advisories
ZyXEL ZyWALL10 DoS, Knud Erik Højgaard
exploiting the zlib bug in openssh, H D Moore
- OpenSSH rebuild warning: problems avoiding zlib problems in Solaris, Michael Leo
  - Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris, Christopher X. Candreva
    - Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris, Brent J. Nordquist
    - Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris, Lisa Bogar
    - Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris, John D Groenveld
    - Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris, Thomas Insel
    - Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris, Casper Dik
Security Update: [CSSA-2002-SCO.8] OpenServer: dlvr_audit: exploitable buffer overflow, security
zlib & java, Darren Reed
[ARL02-A05] PHP FirstPost System Information Path Disclosure Vulnerability, Ahmet Sabri ALPER
ADVISORY: Windows Shell Overflow, Marc Maiffret
Directory traversal vulnerability in phpimglist, Jason DiCioccio
- Re: Directory traversal vulnerability in phpimglist, Jason DiCioccio
CaupoShop: cross-site-scripting bug, ppp-design
Ecartis/Listar multiple vulnerabilities, Janusz Niewiadomski
security problem fixed in zlib 1.1.4, Jean-loup Gailly
- Re: security problem fixed in zlib 1.1.4, Neil W Rickert
[SECURITY] [DSA 122-1] New zlib & other packages fix buffer overflow, Michael Stone
SuSE Security Announcement: libz/zlib (SuSE-SA:2002:010) (tandem-announcement, first part), Roman Drahtmueller
TSLSA-2002-0039 - openssh, Trustix Secure Linux Advisor
[RHSA-2002:027-22] Vulnerability in zlib library (powertools), bugzilla
[ESA-20020311-008] Double free() in zlib may lead to buffer overflow., EnGarde Secure Linux
SuSE Security Announcement: packages containing libz/zlib (SuSE-SA:2002:011) (tandem-announcement, second part), Roman Drahtmueller
[SECURITY] [DSA 121-1] New xtell packages fix several vulnerabilities, Martin Schulze
SMStools vulnerabilities in release before 1.4.8, Marcello Magnifico [fabbricadigitale]
Suspect 'advisory' from someone claiming to be from Microsoft (was Fwd: Internet Security Update), Marlon Borba
- RE: Suspect 'advisory' from someone claiming to be from Microsoft (was Fwd: Internet Security Update), Alex Arndt
IMail Account hijack through the Web Interface, Obscure
- Re: [VulnWatch] IMail Account hijack through the Web Interface, Zillion
  - Re[2]: [VulnWatch] IMail Account hijack through the Web Interface, Obscure
- Re: IMail Account hijack through the Web Interface, Henrik Larsson
[SECURITY] [DSA 120-1] New mod_ssl and Apache/SSL packages fix buffer overflow, Martin Schulze
VirusWall HTTP proxy content scanning circumvention, Boris Wesslowski
OpenSSH 2.9.9p2 packages for Immunix 6.2 with latest fix, Greg KH
GNU fileutils - recursive directory removal race condition, Wojciech Purczynski
Citadel/UX Server Remote DoS attack Vulnerability, xperc
Pi3Web/2.0.0 File-Disclosure/Path Disclosure vuln, Tekno pHReak
xtux server DoS., b0iler _