security.bugtraq (date)

security.bugtraq (date)

April 30, 2002

Re: ITCP Advisory 13: Bypassing of ATGuard Firewall possible, UMusBKidN
Security Update: [CSSA-2002-019.0] Linux: imlib processes untrusted images, security
Re: ITCP Advisory 13: Bypassing of ATGuard Firewall possible, Jim Hill
IE/OE6.0 cannot handle malformed XBM files, Adam [wp-ckkl]
RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS), Rui Miguel Silva Seabra
AW: ITCP Advisory 13: Bypassing of ATGuard Firewall possible, Jonas Koch
Re: ITCP Advisory 13: Bypassing of ATGuard Firewall possible, BlueScreen
3CDaemon DoS exploit, skyrim msh
Levcgi.coms MyGuestbook JavaScript Injection Vulnerability, BrainRawt .
ISS Advisory: Remote Denial of Service Vulnerability in RealSecure Network Sensor, X-Force
RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS), Thor Larholm
SuSE Security Announcement: sudo (SuSE-SA:2002:014), Sebastian Krahmer
Adivosry + Exploit for Remote Root Hole in Default Installation of Popular Commercial Operating System, gobbles
IRIX pmcd Denial of Service vulnerability, SGI Security Coordinator
IRIX /dev/ipfilter Denial of Service vulnerability, SGI Security Coordinator
IRIX cpr vulnerability, SGI Security Coordinator
RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS), Thor Larholm
Re: Reading local files in Netscape 6 and Mozilla (GM#001-NS), Jordan K Wiens
KPMG-2002016: Bea Weblogic incorrect URL parsing issues, Peter Gründl
Re: Slrnpull Buffer Overflow (-d parameter), Bill Nottingham
Re: QPopper 4.0.4 buffer overflow, J Mike Rollins
Reading local files in Netscape 6 and Mozilla (GM#001-NS), GreyMagic Software
eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy dis play name buffer overflow vulnerability, researchteam5
Security Update: [CSSA-2002-018.0] Linux: Race condition in fileutils, security

April 29, 2002

eSecurityOnline Security Advisory 2406 - CDE dtprintinfo Help sea rch buffer overflow vulnerability, researchteam5
eSecurityOnline Security Advisories notes, researchteam5
Follows: Norton Personal Firewall 2002 vulnerable to SYN/FIN scan, Alfonso Fiore
eSecurityOnline Security Advisory 4123 - Sun Solaris admintool me dia installation path buffer overflow vulnerability, researchteam5
eSecurityOnline Security Advisory 4198 - Sun Solaris cachefsd mou nt file buffer overflow vulnerability, researchteam5
eSecurityOnline Security Advisory 4197 - Sun Solaris cachefsd den ial of service vulnerability, researchteam5
eSecurityOnline Security Advisory 2397 - Sun Solaris admintool -d and PRODVERS buffer overflow vulnerabilities, researchteam5
eSecurityOnline Security Advisory 2408 - CIDER SHADOW CGI, researchteam5
Re: CORE-20020409: Multiple vulnerabilities in stack smashing protection technologies, Mariusz Woloszyn
ITCP Advisory 13: Bypassing of ATGuard Firewall possible, BlueScreen
Multiple CSS/XSS vulnerabilities on directNIC.com, Alex Lambert
Blahz-DNS: Authentication bypass vulnerability, ppp-design
TSLSA-2002-0047 - openssh, Trustix Secure Linux Advisor
TSLSA-2002-0046 - sudo, Trustix Secure Linux Advisor
[ESA-20020429-010] 'sudo' heap corruption vulnerability, EnGarde Secure Linux
SuSE Security Announcement: radiusd-cistron (SuSE-SA:2002:013), Sebastian Krahmer
dnstools: authentication bypass vulnerability, ppp-design
More Office XP problems (version 3.0), Georgi Guninski
QPopper 4.0.4 buffer overflow, Marcell Fodor

April 27, 2002

Response to KF about Listar/Ecartis Vulnerability, Trish Lynch

April 26, 2002

Fragroute-NetworkICE follow-up, Chris Deibler
Re: PHP-Survey Database Access Vulnerability, Jens Knoell
PHP-Survey Database Access Vulnerability, MOD
Re: KPMG-2002013: Coldfusion Path Disclosure, Tom Donovan
IndiaTimes.com - Email - Session hijacking and Inbox Blocking, Giri Sandeep
Re: ecartis / listar PoC, KF
Re: ecartis / listar PoC, John Madden
Re: XMB cross-scripting vulnerability, Joe
RE: KPMG-2002015: Microsoft Distributed Transaction Coordinator DoS, Andrew Kunz
[CLA-2002:476] Conectiva Linux Security Announcement - webalizer, secure
[RHSA-2002:071-07] Updated sudo packages are available, Dave Ahmad
[CLA-2002:475] Conectiva Linux Security Announcement - sudo, secure
Mp3 file can execute code in Winamp [Sandblad advisory #5], Andreas Sandblad
Revised OpenSSH Security Advisory (adv.token), Markus Friedl
Re: Trendmicro - Interscan - List of BCC: is revealed when stripping attachments and notifying destination addresses, mutt
[slackware-security] sudo upgrade fixes a potential vulnerability, Slackware Security Team
slrnpull -d PoC, KF
Re: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list), Deus, Attonbitus
RE: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list), Menashe Eliezer
Fragroute and ISS (NetworkICE) products: a brief analysis, Chris Deibler
ecartis / listar PoC, KF
Security Update: [CSSA-2002-017.0] Linux: squid compressed DNS answer message boundary failure, security
[RHSA-2002:072-07] Updated sudo packages are available, bugzilla
Re: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list), 3APA3A
Re: CORE-20020409: Multiple vulnerabilities in stack smashing protection technologies, trial
[SECURITY] [DSA-128-1] sudo buffer overflow, Wichert Akkerman
Re: More Cross site Scripting in PHPNuke, chkumite chkumite
Re: Trendmicro - Interscan - List of BCC: is revealed when stripping attachments and notifying destination addresses, Rich Lafferty
MDKSA-2002:029 - imlib update, Mandrake Linux Security Team
Intel D845HV/WN/PT series motherboard vulnerability, Dave Oliver
MDKSA-2002:028 - sudo update, Mandrake Linux Security Team
RE: Trendmicro - Interscan - List of BCC: is revealed when stripping attachments and notifying destination addresses, Florent Trupheme

April 25, 2002

[RHSA-2002:063-05] Updated icecast packages are available, bugzilla
Re: Sudo version 1.6.6 now available (fwd), Przemyslaw Frasunek
[CLA-2002:474] Conectiva Linux Security Announcement - ethereal, secure
Sudo version 1.6.6 now available (fwd), Jonas Eriksson
[Global InterSec 2002041701] Sudo Password Prompt Vulnerability., Global InterSec Research
Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list), Menashe Eliezer
PHProjekt multiple vulnerabilities, Ulf Harnhammar
Re: Snort exploits, Chris Green
Re: trusting user-supplied data (was Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio), Steven M. Bellovin
Trendmicro - Interscan - List of BCC: is revealed when stripping attachments and notifying destination addresses, Ishay Sommer
RE: arp problem, dlaumann
Re: (Fwd) Keyservers Cross Site Scripting (When CSS Gets Dangerous), Michael Young
Re: LabVIEW Web Server DoS Vulnerability, Steven Zins
more info on the iosmash.c exploit, John Scimone

April 24, 2002

A bug in the Kerberos4 ftp client may cause heap overflow which leads to remote code execution, Marcell Fodor
Re: Ikonboard 2.1.9 (possible other versions) Vulnerability when HTML is ON, Stefan Walk
IRIX hpsnmpd vulnerability, SGI Security Coordinator
Re: trusting user-supplied data (was Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio), Wietse Venema
IRIX syslogd vulnerability, SGI Security Coordinator
IRISconsole icadmin password vulnerability, SGI Security Coordinator
CORE-20020409: Multiple vulnerabilities in stack smashing protection technologies, Iván Arce
trusting user-supplied data (was Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio), James Ralston
IE DoS and possibly exploitable stack overflow, Berend-Jan Wever
De-anonymizer, Berend-Jan Wever
RE: Cross site scripting in almost every mayor website, GreyMagic Software

April 23, 2002

More Cross site Scripting in PHPNuke, Replugge [ROD]
Denial of Service in Mosix 1.5.x, enrico
CGIscript.net - csMailto.cgi - Remote Command Execution, Steve Gustin
LabVIEW Web Server DoS Vulnerability, Steve Zins
PsyBNC Remote Dos POC, dvdman
ANNOUNCE: RATS 1.4, RATS Announce
Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio, Steven M. Bellovin
Re: psyBNC 2.3 DoS / Bug, psychoid
[ESA-20020423-009] webalizer contains a potentially exploitable buffer overflow, EnGarde Secure Linux
cheers, KF
Re: arp problem, Akatosh
arp problem, Bart�omiej
Re: Cross site scripting in almost every mayor website, Berend-Jan Wever
Lil' HTTP Server Directory Traversal Vulnerability, Matthew Murphy
Cross Site Scripting. Many Sites Vulnerable., InterWN Labs
Tomcat real path disclosure (2), CHINANSL Security Team
Matu FTP remote buffer overflow vulnerability, Kanatoko
vqServer Demo Files Cross-Site Scripting, Matthew Murphy
Re: Cross site scripting in almost every mayor website, FozZy
Philip Chinery's Guestbook 1.1 fails to filter out js/html, Markus Arndt
AIM Remote File Transfer/Direct Connection Vulnerability, Sil
ALERT! ALERT! ALERT! ALERT! ALERT! hehehehe ;Pppppp, gobbles

April 22, 2002

Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio, bert hubert
Pine Internet Advisory: Setuid application execution may give local root in FreeBSD, Patrick Oonk
Slrnpull Buffer Overflow (-d parameter), Alex Hernandez
psyBNC 2.3 DoS / bug, nawok
Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio, Theo de Raadt
STANFORD CONFERENCE ON VULNERABILITY DISCLOSURE: Early Reg to Close Soon! (fwd), Adam Shostack
Redux: NIDS, fragrouter, and off-topic sanity [WAS: Snort exploit], Greg Shipley
FreeBSD Security Advisory FreeBSD-SA-02:23.stdio, FreeBSD Security Advisories
OpenSSH Security Advisory (adv.token), Niels Provos

April 20, 2002

Cross site scripting in almost every mayor website, Berend-Jan Wever
Re: fragroute vs. snort: the tempest in a teacup, jan
Re: fragroute vs. snort: the tempest in a teacup, Ron DuFresne
Cross site scripting @verisign.com and @cybercash.com, KF
DOS for Icq 2001&2002, Michael
Re: Cross site scripting @verisign.com and @cybercash.com, zeno
Another Faq-O-Matic XSS Vuln?, BrainRawt .
DoS in Multiple IE Versions (Self-Referenced Directives), Matthew Murphy
Vulnerability in PostCalendar, gcsb
Re: Bug in QPopper (All Versions?), Tim Jackson
Re: Microsoft Security Bulletin - MS02-020, Bronek Kozicki
Keyservers Cross Site Scripting (When CSS Gets Dangerous), Noam Rathaus
Re: Remote Timing Techniques over TCP/IP, stealth
OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow, Marcell Fodor
Re: Microsoft Security Bulletin - MS02-020, Chip Andrews
Re: Tomcat 4.1 real path disclosure, Ian Darwin

April 19, 2002

Re: Tomcat 4.1 real path disclosure, Joe Testa
Snitz Forums 2000 remote SQL query manipulation vulnerability, acemi
Re: fragroute vs. snort: the tempest in a teacup, Steven M. Bellovin
Re: NSFOCUS SA2002-02 : Microsoft Windows MUP overlong request kernel overflow, Berend-Jan Wever
Summercon 2002 CFP, Summercon Admin
Re: KPMG-2002013: Coldfusion Path Disclosure, Mike Fetherston
Xpede many vulnerabilities, Cerberus Vulgaris
Re: Nortel CVX 1800s will dump all local user names and passwords via SNMP, Cynthia Brown
Re: Restricted Shells, Scott T. Cameron
Re: Amazon.com Password limit, jon schatz
Tomcat 4.1 real path disclosure, Wang Yun
RE: segfault in ntop, Burton M. Strauss III
KPMG-2002015: Microsoft Distributed Transaction Coordinator DoS, Peter Gründl
Re: fragroute vs. snort: the tempest in a teacup, Brad Powell
RE: KPMG-2002013: ColdFusion Path Disclosure, Bejon Parsinia
[[ TH 026 Inc. ]] SA #2 - IcrediBB 1.1, Cross Site Scripting vulnerability., Daniel Nyström
Re: Remote Timing Techniques over TCP/IP, Syzop
Re: Remote Timing Techniques over TCP/IP, Solar Designer
Re: Howto exploit a remote format bug automatically, Fredrik Widlund
KPMG-2002014: Foundstone Fscan Format String Bug, Peter Gründl
Re: List of extended sprocs that are vulnerable? FW: Microsoft Security Bulletin MS02-020, Bronek Kozicki
MHonArc v2.5.2 Script Filtering Bypass Vulnerability, TAKAGI, Hiromitsu
Re: Remote buffer overflow in Webalizer, Lars Hecking
Re: fragroute vs. snort: the tempest in a teacup, Darren Reed
Remote Timing Techniques over TCP/IP, Mauro Lacy
Restricted Shells, A . Dimitrov
fragroute vs. snort: the tempest in a teacup, Dragos Ruiu
Re: Snort exploits, Vern Paxson

April 18, 2002

RE: segfault in ntop, Craig Humphrey
Re: [Snort-devel] Re: Re: Snort exploits, Fyodor
Amazon.com Password limit, Vishal Ganeriwala
Howto exploit a remote format bug automatically, Frédéric Raynal
List of extended sprocs that are vulnerable? FW: Microsoft Security Bulletin MS02-020, Toni Lassila
Re: KPMG-2002013: Coldfusion Path Disclosure, Chris Ess
答复: An alternative method to check LKM backdoor/rootkit, Wang Jian
Re: ansi outer join syntax in Oracle allows access to any data, Pete Finnigan
Re: Snort exploits, Darren Reed
Re: Snort exploits, der Mouse
Microsoft Security Bulletin MS02-020:SQL Extended Procedure Functions Contain Unchecked Buffers (Q319507), Microsoft
HiverCon 2002, Mark Anderson
Re: Microsoft Security Bulletin - MS02-020, Bronek Kozicki
FreeBSD Security Advisory FreeBSD-SA-02:18.zlib [REVISED], FreeBSD Security Advisories
Re: Microsoft IIS 5.0 CodeBrws.asp Source Disclosure, Chris Anley
Re: An alternative method to check LKM backdoor/rootkit, Karsten W. Rohrbach
KPMG-2002012: (Re-submitted) Sambar Webserver Serverside Fileparse Bypass, Peter Gründl
MDKSA-2002:024-1 - rsync update, Mandrake Linux Security Team
KPMG-2002013: Coldfusion Path Disclosure, Peter Gründl
Re: Snort exploits, Martin Roesch
Re: fragroute vs. snort: the tempest in a teacup, Dug Song
RE: IE allows universal Cross Site Scripting (TL#002), GreyMagic Software
FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip, FreeBSD Security Advisories
[[ TH 026 Inc. ]] SA #1 - Multiple vulnerabilities in PVote 1.5, Daniel Nyström
RE: Snort exploits, Grimes, Roger
Re: Remote buffer overflow in Webalizer, Bradford L. Barrett
RE: Raptor Firewall FTP Bounce vulnerability, Martin O'Neal

April 17, 2002

RE: An alternative method to check LKM backdoor/rootkit, Philippe Bourgeois
Re: An alternative method to check LKM backdoor/rootkit, Florian Weimer
Re: Raptor Firewall FTP Bounce vulnerability, William Aguilar
IBM Security Advisory: IBM Tivoli Policy Director WebSEAL, Michael S Soukup
KPMG-2002012: Sambar Webserver Serverside Fileparse Bypass, Peter Gründl
segfault in ntop, JP
RE: Raptor Firewall FTP Bounce vulnerability, Roy Hills
RE: Raptor Firewall FTP Bounce vulnerability, Lysel Christian Emre
Re: Snort exploits, Dragos Ruiu
Re: An alternative method to check LKM backdoor/rootkit, Paul Starzetz
Microsoft Security Bulletin MS02-019: Unchecked Buffer in Internet Explorer and Office for Mac Can Cause Code to Execute (Q321309), Microsoft
RE: Microsoft IIS 5.0 CodeBrws.asp Source Disclosure, Randy Hinders
Re: Microsoft IIS 5.0 CodeBrws.asp Source Disclosure, H D Moore
IBM Informix Web DataBlade: Local root by design, Simon Lodal
KPMG-2002011: Windows 2000 microsoft-ds Denial of Service, Peter Gründl
Re: Microsoft IIS 5.0 CodeBrws.asp Source Disclosure, Joe Testa
Ammendum: A crash course with Linux Kernel 2.4.x, IP ID values & RFC 791, Ofir Arkin
Buffer Overrun in Talentsoft's Web+ (3) (#NISR17042002B), NGSSoftware Insight Security Research
Back Office Web Administrator Authentication Bypass (#NISR17042002A), NGSSoftware Insight Security Research
Webtrends Reporting Center Buffer Overflow (#NISR17042002C), NGSSoftware Insight Security Research
Re: ansi outer join syntax in Oracle allows access to any data, Greg Williamson
[SNS Advisory No.51] Compaq Tru64 UNIX libc Buffer Overflow Vulnerability, snsadv@xxxxxxxxx
[SNS Advisory No.50] Compaq Tru64 UNIX dtprintinfo "-session" Buffer Overflow Vulnerability, snsadv@xxxxxxxxx
An alternative method to check LKM backdoor/rootkit, Wang Jian
AIM's 'Direct Connection' feature could lead to arbitrary file creation, Noah Johnson
Re: ansi outer join syntax in Oracle allows access to any data, Pete Finnigan
Mailman/Pipermail private mailing list/local user vulnerability, H. Peter Anvin
Microsoft IIS 5.0 CodeBrws.asp Source Disclosure, H D Moore
Re: Ability to read buddy list of AIM users, Eugene Medynskiy
RE: Ability to read buddy list of AIM users, emann
[SECURITY] [DSA-127-1] buffer overflow in xpilot-server, Wichert Akkerman
Demarc Security Update Advisory, Demarc Security Support
RE: Ability to read buddy list of AIM users, emann
[CERT-intexxia] AOLServer DB Proxy Daemon Format String Vulnerability, Benoît Roussel
Snort exploits, 0xcafebabe
Re: Remote buffer overflow in Webalizer, Franck Coppola
Multiple Vulnerabilities in PostBoard, gcsb
IE allows universal Cross Site Scripting (TL#002), Thor Larholm
Re: Possible vulnerabilities of ICQ files opened in IE or OE, N|ghtHawk
Melange Chat POC DOS, dvdman
Microsoft FTP Service STAT Globbing DoS, H D Moore
Microsoft Security Bulletin MS02-019: Unchecked Buffer in Internet Explorer and Office for Mac Can Cause Code to Execute (Q321309), Microsoft

April 16, 2002

Re: w00w00 on Microsoft IE/Office for Mac OS, Kevin van Haaren
IRIX cron daemon vulnerability, SGI Security Coordinator
MDKSA-2002:027 - squid update, Mandrake Linux Security Team
FreeBSD Security Advisory FreeBSD-SA-02:20.syncache, FreeBSD Security Advisories
Re: IRIX XFS filesystem denial of service attack, Eric Sandeen
Security Update: [CSSA-2002-016.0] Linux: horde/imp cross scripting vulnerabilities, security
Re: ansi outer join syntax in Oracle allows access to any data, Charles J Wertz
[SECURITY] [DSA-126-1] Horde and IMP cross-site scripting attack, Wichert Akkerman
Norton Personal Firewall 2002 vulnerable to SYN/FIN scan, Alfonso Fiore
ansi outer join syntax in Oracle allows access to any data, Pete Finnigan
Re: IRIX XFS filesystem denial of service attack, H D Moore
Cisco Security Advisory: Microsoft IIS Vulnerabilities in Cisco Products - MS02-018, Cisco Systems Product Security Incident Response Team
w00w00 on Microsoft IE/Office for Mac OS, Matt Conover
A crash course with Linux Kernel 2.4.x, IP ID values & RFC 791, Ofir Arkin
Vulnerability in HP Photosmart/Deskjet Drivers for Mac OS X (root compromise), Dr Andreas F Muller
Demarc PureSecure 1.05 may be other (user can bypass login), pokleyzz sakamaniaka
About: Using the backbutton in IE is dangerous, Andreas Sandblad
Raptor Firewall FTP Bounce vulnerability, Roy Hills
buffer overflow, using greek characters, AGAIN!, MegaHz

April 15, 2002

IRIX XFS filesystem denial of service attack, SGI Security Coordinator
Several x-dev.de Guestbook and xNewsletter Vulnerabilities ( www.x-dev.de ), Florian Hobelsberger / BlueScreen
wbboard 1.1.1 Cross Site Scripting Vulnerability, SeazoN
Possible vulnerabilities of ICQ files opened in IE or OE, silentsupporter
Re: local root compromise in openbsd 3.0 and below, Brett Glass
Nortel CVX 1800s will dump all local user names and passwords via SNMP, Michael Rawls
Re: local root compromise in openbsd 3.0 and below, Manuel Bouyer
Vulnerabilities in the Melange Chat Server, Leon Harris
Re: Ability to read buddy list of AIM users, Andrew J. Stackhouse
SunSop: cross-site-scripting bug, ppp-design
Security Update: [CSSA-2002-SCO.16] UnixWare 7.1.1 : Multiple Vulnerabilities in BIND, security
Ability to read buddy list of AIM users, sunny licious
More fun with html mail: Outlook Express, Internet Explorer, Other etc, http-equiv@xxxxxxxxxx
Remote buffer overflow in Webalizer, Spybreak

April 12, 2002

Re: local root compromise in openbsd 3.0 and below, Manuel Bouyer
MDKSA-2002:026 - libsafe update, Mandrake Linux Security Team
R: MS02-018, Francesco Pacaccio
OpenBSD 3.0: Bug in rshd(8) and rexecd(8) (fwd), Jonas Eriksson
SWS Vuln (small but important to those using it.), BrainRawt .
Re: Cisco Security Advisory: Solaris /bin/log vulnerability, Charles M. Richmond
Re: SQL injection in PHPGroupware, Dan Kuykendall

April 11, 2002

Re: (SRADV00006) Remote command execution vulnerabilities in phpGroupWare, Dan Kuykendall
re: gobbles ntop alert, Burton M. Strauss III
Inn (Inter Net News) security problems, Paul Starzetz
Security Update: [CSSA-2002-SCO.15] Open UNIX 8.0.0 UnixWare 7.1.1 : Buffer overflow in libX11 with -xrm, security
Re: OpenBSD Local Root Compromise, Dries Schellekens
IBM Informix Web DataBlade: Auto-decoding HTML entities, Simon Lodal
RE: MS02-018, verbal
IBM Informix Web DataBlade: SQL injection, Simon Lodal
iXsecurity.20020328.tivoli_tsm_dsmsvc.a, Patrik Karlsson
Re: local root compromise in openbsd 3.0 and below, Solar Designer
OpenBSD Local Root Compromise, Milos Urbanek
RE: Windows 2000 Sec rollup 2 patch -- Ouch!, krisk
local root compromise in openbsd 3.0 and below, Przemyslaw Frasunek
[SNS Advisory No.49] A Possibility of Internet Information Server/Services Cross Site Scripting, snsadv@xxxxxxxxx
Re: MS02-018, Christian Milow
IRIX Mail, mailx, timed and sort vulnerabilities, SGI Security Coordinator
iXsecurity.20020327.tivoli_tsm_dsmcad.a, Patrik Karlsson
ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT, gobbles
SOAP::Lite hole, quentyn
Re: CA security contact, Phil Froehlich
KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun, Peter Gründl
KPMG-2002009: Microsoft IIS W3SVC Denial of Service, Peter Gründl

April 10, 2002

KPMG-2002008: Watchguard SOHO IP Restrictions Flaw, Peter Gründl
Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow, Marc Maiffret
Re: emumail.cgi, one more local vulnerability (not verified), Leif Jakob
SPIKE version released that detects .HTR and ISAPI overflows (see spike.sourceforge.net), Dave Aitel
IIS allows universal CrossSiteScripting, Thor Larholm
Cgisecurity Advisory #9: Novell Websearch, and Microsoft IIS XSS Issues, zeno
@stake advisory: .htr heap overflow in IIS 4.0 and 5.0, advisories
Cisco Security Advisory: Solaris /bin/log vulnerability, Cisco Systems Product Security Incident Response Team
MS02-018, Dave Ahmad

April 09, 2002

Re: Vulnerability: Windows2000Server running Terminalservices, Thor
Abyss Webserver 1.0 Administration password file retrieval exploit, Jeremy Roberts
Re: emumail.cgi, Randal L. Schwartz
[RHSA-2001:089-08] Updated tcpdump packages available for Red Hat Linux 6.2 and 7.x, bugzilla
Vulnerability: Windows2000Server running Terminalservices, Tom.Unger@xxxxxx
IE Word ActiveX DoS Loop, eflorio
Cisco Security Advisory: Aironet Telnet Vulnerability, Cisco Systems Product Security Incident Response Team
Security Update: [CSSA-2002-SCO.14] Open UNIX 8.0.0 UnixWare 7.1.1 : X server allows access to any shared memory on the system, security
regarding SSL issues, 0x90
RE: More Office XP problems, Paul Szabo
RE: More Office XP problems, Mary Landesman
Re: VNC Security Bulletin - zlib double free issue (multiple vendors and versions), Nick Lamb
Re: emumail.cgi, MegaHz

April 08, 2002

Unauthorized remote control access to systems running Funk Softwa re's Proxy v3.x, Coffin, Chris
Multiple local files detection issues with OWC in IE (GM#008-IE), GreyMagic Software
SuSE Security Announcement: ucdsnmp (SuSE-SA:2002:012), Thomas Biege
Reading local files with OWC in IE (GM#006-IE), GreyMagic Software
multiple CGIscript.net scripts - Remote Code Execution, Steve Gustin
Controlling the clipboard with OWC in IE (GM#007-IE), GreyMagic Software
Scripting for the scriptless with OWC in IE (GM#005-IE), GreyMagic Software
KPMG-2002007: Watchguard SOHO Denial of Service, Andreas Sandor
Typsoft FTP Server: yet another directory traversal vulnerability, Kistler Ueli
Anthill login and JavaScript vulnerabilities, Ulf Harnhammar
NetWare Remote Manager patches, Patrik Karlsson
IMP 2.2.8 (SECURITY) released, Brent J. Nordquist
RE: Multiple Vendor "talkd" user validation fault, 0x90

April 06, 2002

RE: More Office XP problems, Kevin Brown
RE: More Office XP problems, Paul Schmehl

April 05, 2002

Re: VNC Security Bulletin - zlib double free issue (multiple vendors and versions), Anthony DeRobertis
Re: VNC Security Bulletin - zlib double free issue (multiple vendors and versions), Anthony DeRobertis
Re: CA security contact, Dustin E. Childers
RE: VNC Security Bulletin - zlib double free issue (multiple vendors and versions), Andrew van der Stock
RE: CA security contact, Nick Benigno
RE: More Office XP problems, Leonard Chung
Re: emumail.cgi, N|ghtHawk
Re: Techniques for Vulneability discovery, Ivan Arce
Re: CA security contact, KF
Re: Multiple Vendor "talkd" user validation fault., Mike Scher
Security Update: [CSSA-2002-015.0] Linux: Double free in zlib (libz) vulnerability, security
Re: emumail.cgi, Tom Micklovitch
CA security contact, Nicolas Gregoire
[RHSA-2002:054-09] Race conditions in logwatch, bugzilla
[RHSA-2002:053-12] Race conditions in logwatch, bugzilla

April 04, 2002

Exploit for Tarantella Enterprise 3 installation (BID 3966), Larry W. Cashdollar
(WSS-Advisories-02003) PHPBB BBcode Process Vulnerability, Whitecell Security Systems
emumail.cgi, acidneo
Re: More Office XP problems, Georgi Guninski
NSFOCUS SA2002-02 : Microsoft Windows MUP overlong request kernel overflow, Nsfocus Security Team
Full analysis of multiple remotely exploitable bugs in Icecast 1.3.11, dizznutt
Re: DoS in debian (potato) proftpd: 1.2.0pre10-2.0potato1, Alun Jones
Re: KPMG-2002006: Lotus Domino Physical Path Revealed, Joe Testa
Re: Winamp: Mp3 file can control the minibrowser, Daniel Lorch
Re: Winamp: Mp3 file can control the minibrowser, Andreas Sandblad
Re: Firewall-1 Identification : port 257 (ie archive : 18701), Mariusz Woloszyn
RE: Windows 2000 DCOM clients may leak sensitive information onto the network, Adcock, Matt
Security Update: [CSSA-2002-014.0] Linux: rsync supplementary groups vulnerability, security
Re: SQL injection in PHPGroupware, Adam McKenna
RFC: suggestions for SSL security enhancements in Microsoft Internet Explorer, dhalterm
SECURITY.NNO: FTGate PRO/Office hotfixes, 3APA3A
Dynamic Guestbook V3.0 Cross Site Scripting and Arbitrary Command Execution under certain circumstances, Florian Hobelsberger / BlueScreen
Quik-Serv Web Server v1.1B Arbitrary File Disclosure, a b
Re: DoS in debian (potato) proftpd: 1.2.0pre10-2.0potato1, martin f krafft

April 03, 2002

Re: Winamp: Mp3 file can control the minibrowser, Security
More Office XP problems (Version 2.0), Georgi Guninski
ISS Advisory: Remote Buffer Overflow Vulnerability in IRIX SNMP Daemon, X-Force
IRIX SNMP Vulnerabilities, SGI Security Coordinator
RE: More Office XP problems, Ben Schorr
Re: Taxonomies, Andrew R. Reiter
iXsecurity.20020314.csadmin_fmt.a, Patrik Karlsson
LogWatch 2.5 still vulnerable, Spybreak
Multiple Vendor "talkd" user validation fault., Tekno pHReak
RE: MS 3/28/02 Security Patch for IE6 - warning!, the Pull
iXsecurity.20020313.nw6remotemanager.a, Patrik Karlsson
Re: Bypassing javascript filters - problem N3., fozzy
Cisco Security Advisory: Vulnerability in zlib library, Cisco Systems Product Security Incident Response Team
Icecast temp patch (OR: Patches? We DO need stinkin' patches!!@$!), Neeko Oni
SQL injection in PHPGroupware, Matthias Jordan
Re: Multiple Vulnerabilties Sambar Webserver, Steven M. Christey
iXsecurity.20020316.csadmin_dir.a, Patrik Karlsson
Security bugs in PhpNuke, Thiébaut
[CLA-2002:471] Conectiva Linux Security Announcement - cups, secure
Re: Taxonomies, Alex Russell
Cisco Security Advisory: Web interface vulnerabilities in ACS for Windows, Cisco Systems Product Security Incident Response Team
Re: KPMG-2002006: Lotus Domino Physical Path Revealed, Nicolas Gregoire
Re: packet filter fingerprinting(open but closed, closed but filtered), Jonas Eriksson
Winamp: Mp3 file can control the minibrowser, Andreas Sandblad
RE: MS 3/28/02 Security Patch for IE6 - warning!, Eric
RE: MS 3/28/02 Security Patch for IE6 - warning!, Thor Larholm
Huge Privacy Threats in Webmails and How Big Companies Handle them, FozZy
Re: Identifying Kernel 2.4.x based Linux machines using UDP, Phil
Re: packet filter fingerprinting(open but closed, closed but filtered), Jonas Eriksson
VNC Security Bulletin - zlib double free issue (multiple vendors and versions), Andrew van der Stock
IE: Remote webpage can script in local zone, Andreas Sandblad
RE: [VulnWatch] vuln in wwwisis: remote command execution and get files, Jorge Walters
SASL (v1/v2) MYSQL/LDAP authentication patch., Simon Loader
Re: Multiple Vulnerabilties Sambar Webserver, Tamer Sahin
icecast 1.3.11 remote shell/root exploit - #temp, dizznutt
Happy Easter / April Fools from Snosoft (Oracle 8.1.5 tnslsnr), KF
Re: IRIX FTP Bounce vulnerability, Christophe Casalegno
Outlook Express Attach Execution Exploit (img tag + innerHTML + TIF dos name), Elia Florio
Taxonomies, Marco de Vivo [UCV]

April 02, 2002

popper_mod 1.2.1 and previous accounts compromise, matthew@xxxxxxxxxx
MS 3/28/02 Security Patch for IE6 - warning!, Phil Dibowitz
Firewall-1 Identification : port 257 (ie archive : 18701), Sacha Faust
Re: A buffer overflow study - generic protections, Crispin Cowan
Reading portions of local files in IE, depending on structure (GM#004-IE), GreyMagic Software
Windows 2000 DCOM clients may leak sensitive information onto the network, Todd Sabin
Various Vulnerabilities in ZoneAlarm MailSafe, Edvice Security Services
KPMG-2002006: Lotus Domino Physical Path Revealed, Peter Gründl
iXsecurity.20020313.nw6remotemanager.a, Patrik Karlsson
NSFOCUS SA2002-01: Sun Solaris Xsun "-co" heap overflow, Nsfocus Security Team
Re: Zope security address, Matt Burleigh

April 01, 2002

Fw: Multiple Vulnerabilties in Sambar Server, NGSSoftware Insight Security Research Advisory (NISR)
Re: squirrelmail 1.2.5 email user can execute command, Konstantin Riabitsev
Boursorama.com cookie exploit, Eyrill / Securiteinfo.com
Zope security address, Rossen Raykov
Progress Setuid patch Installs (Happy Easter or April fools to Progress), KF
Bypassing javascript filters - problem N3., Alexander K. Yezhov
packet filter fingerprinting(open but closed, closed but filtered), Meder Kydyraliev
Security Update: [CSSA-2002-005.0] Linux - LD_LIBRARY_PATH problem in KDE sessions, security
Re: invitation to my cam (fwd), Johnny J Chin
UPDATED: Cisco Security Advisory: LDAP Connection Leak in CTI when User Authentication Fails, Cisco Systems Product Security Incident Response Team
Fun With MSN Chat Part I (Cross Scripting), John Heasman
Announcing Immunix SnackGuard, Crispin Cowan

News | FAQ | advertise