security.bugtraq (thread)

Security Update: [CSSA-2002-019.0] Linux: imlib processes untrusted images, security
IE/OE6.0 cannot handle malformed XBM files, Adam [wp-ckkl]
3CDaemon DoS exploit, skyrim msh
Levcgi.coms MyGuestbook JavaScript Injection Vulnerability, BrainRawt .
ISS Advisory: Remote Denial of Service Vulnerability in RealSecure Network Sensor, X-Force
SuSE Security Announcement: sudo (SuSE-SA:2002:014), Sebastian Krahmer
Adivosry + Exploit for Remote Root Hole in Default Installation of Popular Commercial Operating System, gobbles
IRIX pmcd Denial of Service vulnerability, SGI Security Coordinator
IRIX /dev/ipfilter Denial of Service vulnerability, SGI Security Coordinator
IRIX cpr vulnerability, SGI Security Coordinator
KPMG-2002016: Bea Weblogic incorrect URL parsing issues, Peter Gründl
Reading local files in Netscape 6 and Mozilla (GM#001-NS), GreyMagic Software
- Re: Reading local files in Netscape 6 and Mozilla (GM#001-NS), Jordan K Wiens
- RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS), Thor Larholm
  - RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS), Rui Miguel Silva Seabra
- RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS), Thor Larholm
eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy dis play name buffer overflow vulnerability, researchteam5
Security Update: [CSSA-2002-018.0] Linux: Race condition in fileutils, security
eSecurityOnline Security Advisory 2406 - CDE dtprintinfo Help sea rch buffer overflow vulnerability, researchteam5
eSecurityOnline Security Advisories notes, researchteam5
Follows: Norton Personal Firewall 2002 vulnerable to SYN/FIN scan, Alfonso Fiore
eSecurityOnline Security Advisory 4123 - Sun Solaris admintool me dia installation path buffer overflow vulnerability, researchteam5
eSecurityOnline Security Advisory 4198 - Sun Solaris cachefsd mou nt file buffer overflow vulnerability, researchteam5
eSecurityOnline Security Advisory 4197 - Sun Solaris cachefsd den ial of service vulnerability, researchteam5
eSecurityOnline Security Advisory 2397 - Sun Solaris admintool -d and PRODVERS buffer overflow vulnerabilities, researchteam5
eSecurityOnline Security Advisory 2408 - CIDER SHADOW CGI, researchteam5
ITCP Advisory 13: Bypassing of ATGuard Firewall possible, BlueScreen
- AW: ITCP Advisory 13: Bypassing of ATGuard Firewall possible, Jonas Koch
  - Re: ITCP Advisory 13: Bypassing of ATGuard Firewall possible, BlueScreen
- Re: ITCP Advisory 13: Bypassing of ATGuard Firewall possible, Jim Hill
- Re: ITCP Advisory 13: Bypassing of ATGuard Firewall possible, UMusBKidN
Multiple CSS/XSS vulnerabilities on directNIC.com, Alex Lambert
Blahz-DNS: Authentication bypass vulnerability, ppp-design
TSLSA-2002-0047 - openssh, Trustix Secure Linux Advisor
TSLSA-2002-0046 - sudo, Trustix Secure Linux Advisor
[ESA-20020429-010] 'sudo' heap corruption vulnerability, EnGarde Secure Linux
SuSE Security Announcement: radiusd-cistron (SuSE-SA:2002:013), Sebastian Krahmer
dnstools: authentication bypass vulnerability, ppp-design
More Office XP problems (version 3.0), Georgi Guninski
QPopper 4.0.4 buffer overflow, Marcell Fodor
Response to KF about Listar/Ecartis Vulnerability, Trish Lynch
Fragroute-NetworkICE follow-up, Chris Deibler
PHP-Survey Database Access Vulnerability, MOD
- Re: PHP-Survey Database Access Vulnerability, Jens Knoell
IndiaTimes.com - Email - Session hijacking and Inbox Blocking, Giri Sandeep
Re: XMB cross-scripting vulnerability, Joe
[CLA-2002:476] Conectiva Linux Security Announcement - webalizer, secure
[RHSA-2002:071-07] Updated sudo packages are available, Dave Ahmad
[CLA-2002:475] Conectiva Linux Security Announcement - sudo, secure
Mp3 file can execute code in Winamp [Sandblad advisory #5], Andreas Sandblad
Revised OpenSSH Security Advisory (adv.token), Markus Friedl
Re: Trendmicro - Interscan - List of BCC: is revealed when stripping attachments and notifying destination addresses, mutt
[slackware-security] sudo upgrade fixes a potential vulnerability, Slackware Security Team
slrnpull -d PoC, KF
Re: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list), Deus, Attonbitus
Fragroute and ISS (NetworkICE) products: a brief analysis, Chris Deibler
ecartis / listar PoC, KF
- Re: ecartis / listar PoC, John Madden
- Re: ecartis / listar PoC, KF
Security Update: [CSSA-2002-017.0] Linux: squid compressed DNS answer message boundary failure, security
[RHSA-2002:072-07] Updated sudo packages are available, bugzilla
Re: CORE-20020409: Multiple vulnerabilities in stack smashing protection technologies, trial
[SECURITY] [DSA-128-1] sudo buffer overflow, Wichert Akkerman
MDKSA-2002:029 - imlib update, Mandrake Linux Security Team
Intel D845HV/WN/PT series motherboard vulnerability, Dave Oliver
MDKSA-2002:028 - sudo update, Mandrake Linux Security Team
[RHSA-2002:063-05] Updated icecast packages are available, bugzilla
[CLA-2002:474] Conectiva Linux Security Announcement - ethereal, secure
Sudo version 1.6.6 now available (fwd), Jonas Eriksson
- Re: Sudo version 1.6.6 now available (fwd), Przemyslaw Frasunek
[Global InterSec 2002041701] Sudo Password Prompt Vulnerability., Global InterSec Research
Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list), Menashe Eliezer
- Re: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list), 3APA3A
- RE: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list), Menashe Eliezer
PHProjekt multiple vulnerabilities, Ulf Harnhammar
Trendmicro - Interscan - List of BCC: is revealed when stripping attachments and notifying destination addresses, Ishay Sommer
- RE: Trendmicro - Interscan - List of BCC: is revealed when stripping attachments and notifying destination addresses, Florent Trupheme
- Re: Trendmicro - Interscan - List of BCC: is revealed when stripping attachments and notifying destination addresses, Rich Lafferty
Re: (Fwd) Keyservers Cross Site Scripting (When CSS Gets Dangerous), Michael Young
more info on the iosmash.c exploit, John Scimone
A bug in the Kerberos4 ftp client may cause heap overflow which leads to remote code execution, Marcell Fodor
Re: Ikonboard 2.1.9 (possible other versions) Vulnerability when HTML is ON, Stefan Walk
IRIX hpsnmpd vulnerability, SGI Security Coordinator
Re: trusting user-supplied data (was Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio), Wietse Venema
- Re: trusting user-supplied data (was Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio), Steven M. Bellovin
IRIX syslogd vulnerability, SGI Security Coordinator
IRISconsole icadmin password vulnerability, SGI Security Coordinator
CORE-20020409: Multiple vulnerabilities in stack smashing protection technologies, Iván Arce
- Re: CORE-20020409: Multiple vulnerabilities in stack smashing protection technologies, Mariusz Woloszyn
IE DoS and possibly exploitable stack overflow, Berend-Jan Wever
De-anonymizer, Berend-Jan Wever
More Cross site Scripting in PHPNuke, Replugge [ROD]
- Re: More Cross site Scripting in PHPNuke, chkumite chkumite
Denial of Service in Mosix 1.5.x, enrico
CGIscript.net - csMailto.cgi - Remote Command Execution, Steve Gustin
LabVIEW Web Server DoS Vulnerability, Steve Zins
- Re: LabVIEW Web Server DoS Vulnerability, Steven Zins
PsyBNC Remote Dos POC, dvdman
ANNOUNCE: RATS 1.4, RATS Announce
[ESA-20020423-009] webalizer contains a potentially exploitable buffer overflow, EnGarde Secure Linux
cheers, KF
arp problem, Bart�omiej
- Re: arp problem, Akatosh
- RE: arp problem, dlaumann
Lil' HTTP Server Directory Traversal Vulnerability, Matthew Murphy
Cross Site Scripting. Many Sites Vulnerable., InterWN Labs
Tomcat real path disclosure (2), CHINANSL Security Team
Matu FTP remote buffer overflow vulnerability, Kanatoko
vqServer Demo Files Cross-Site Scripting, Matthew Murphy
Philip Chinery's Guestbook 1.1 fails to filter out js/html, Markus Arndt
AIM Remote File Transfer/Direct Connection Vulnerability, Sil
ALERT! ALERT! ALERT! ALERT! ALERT! hehehehe ;Pppppp, gobbles
Pine Internet Advisory: Setuid application execution may give local root in FreeBSD, Patrick Oonk
Slrnpull Buffer Overflow (-d parameter), Alex Hernandez
- Re: Slrnpull Buffer Overflow (-d parameter), Bill Nottingham
psyBNC 2.3 DoS / bug, nawok
- Re: psyBNC 2.3 DoS / Bug, psychoid
STANFORD CONFERENCE ON VULNERABILITY DISCLOSURE: Early Reg to Close Soon! (fwd), Adam Shostack
Redux: NIDS, fragrouter, and off-topic sanity [WAS: Snort exploit], Greg Shipley
FreeBSD Security Advisory FreeBSD-SA-02:23.stdio, FreeBSD Security Advisories
- Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio, Theo de Raadt
- Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio, bert hubert
- Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio, Steven M. Bellovin
  - trusting user-supplied data (was Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio), James Ralston
OpenSSH Security Advisory (adv.token), Niels Provos
Cross site scripting in almost every mayor website, Berend-Jan Wever
- Re: Cross site scripting in almost every mayor website, FozZy
- Re: Cross site scripting in almost every mayor website, Berend-Jan Wever
  - RE: Cross site scripting in almost every mayor website, GreyMagic Software
DOS for Icq 2001&2002, Michael
Re: Cross site scripting @verisign.com and @cybercash.com, zeno
- Cross site scripting @verisign.com and @cybercash.com, KF
Another Faq-O-Matic XSS Vuln?, BrainRawt .
DoS in Multiple IE Versions (Self-Referenced Directives), Matthew Murphy
Vulnerability in PostCalendar, gcsb
Re: Bug in QPopper (All Versions?), Tim Jackson
Keyservers Cross Site Scripting (When CSS Gets Dangerous), Noam Rathaus
OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow, Marcell Fodor
Snitz Forums 2000 remote SQL query manipulation vulnerability, acemi
Re: NSFOCUS SA2002-02 : Microsoft Windows MUP overlong request kernel overflow, Berend-Jan Wever
Summercon 2002 CFP, Summercon Admin
Xpede many vulnerabilities, Cerberus Vulgaris
Re: Nortel CVX 1800s will dump all local user names and passwords via SNMP, Cynthia Brown
Tomcat 4.1 real path disclosure, Wang Yun
- Re: Tomcat 4.1 real path disclosure, Joe Testa
- Re: Tomcat 4.1 real path disclosure, Ian Darwin
KPMG-2002015: Microsoft Distributed Transaction Coordinator DoS, Peter Gründl
- RE: KPMG-2002015: Microsoft Distributed Transaction Coordinator DoS, Andrew Kunz
[[ TH 026 Inc. ]] SA #2 - IcrediBB 1.1, Cross Site Scripting vulnerability., Daniel Nyström
KPMG-2002014: Foundstone Fscan Format String Bug, Peter Gründl
MHonArc v2.5.2 Script Filtering Bypass Vulnerability, TAKAGI, Hiromitsu
Remote Timing Techniques over TCP/IP, Mauro Lacy
- Re: Remote Timing Techniques over TCP/IP, Solar Designer
  - Re: Remote Timing Techniques over TCP/IP, stealth
- Re: Remote Timing Techniques over TCP/IP, Syzop
Restricted Shells, A . Dimitrov
- Re: Restricted Shells, Scott T. Cameron
fragroute vs. snort: the tempest in a teacup, Dragos Ruiu
- Re: fragroute vs. snort: the tempest in a teacup, Dug Song
  - Re: fragroute vs. snort: the tempest in a teacup, Darren Reed
    - Re: fragroute vs. snort: the tempest in a teacup, Ron DuFresne
- Re: fragroute vs. snort: the tempest in a teacup, Brad Powell
- Re: fragroute vs. snort: the tempest in a teacup, Steven M. Bellovin
- Re: fragroute vs. snort: the tempest in a teacup, jan
Re: [Snort-devel] Re: Re: Snort exploits, Fyodor
Amazon.com Password limit, Vishal Ganeriwala
- Re: Amazon.com Password limit, jon schatz
Howto exploit a remote format bug automatically, Frédéric Raynal
- Re: Howto exploit a remote format bug automatically, Fredrik Widlund
List of extended sprocs that are vulnerable? FW: Microsoft Security Bulletin MS02-020, Toni Lassila
- Re: List of extended sprocs that are vulnerable? FW: Microsoft Security Bulletin MS02-020, Bronek Kozicki
  - Re: QPopper 4.0.4 buffer overflow, J Mike Rollins
Microsoft Security Bulletin MS02-020:SQL Extended Procedure Functions Contain Unchecked Buffers (Q319507), Microsoft
HiverCon 2002, Mark Anderson
Re: Microsoft Security Bulletin - MS02-020, Bronek Kozicki
- Re: Microsoft Security Bulletin - MS02-020, Chip Andrews
- Re: Microsoft Security Bulletin - MS02-020, Bronek Kozicki
FreeBSD Security Advisory FreeBSD-SA-02:18.zlib [REVISED], FreeBSD Security Advisories
KPMG-2002012: (Re-submitted) Sambar Webserver Serverside Fileparse Bypass, Peter Gründl
MDKSA-2002:024-1 - rsync update, Mandrake Linux Security Team
KPMG-2002013: Coldfusion Path Disclosure, Peter Gründl
- Re: KPMG-2002013: Coldfusion Path Disclosure, Chris Ess
  - RE: KPMG-2002013: ColdFusion Path Disclosure, Bejon Parsinia
  - Re: KPMG-2002013: Coldfusion Path Disclosure, Mike Fetherston
- Re: KPMG-2002013: Coldfusion Path Disclosure, Tom Donovan
FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip, FreeBSD Security Advisories
[[ TH 026 Inc. ]] SA #1 - Multiple vulnerabilities in PVote 1.5, Daniel Nyström
IBM Security Advisory: IBM Tivoli Policy Director WebSEAL, Michael S Soukup
KPMG-2002012: Sambar Webserver Serverside Fileparse Bypass, Peter Gründl
segfault in ntop, JP
- RE: segfault in ntop, Burton M. Strauss III
- RE: segfault in ntop, Craig Humphrey
IBM Informix Web DataBlade: Local root by design, Simon Lodal
KPMG-2002011: Windows 2000 microsoft-ds Denial of Service, Peter Gründl
Ammendum: A crash course with Linux Kernel 2.4.x, IP ID values & RFC 791, Ofir Arkin
Buffer Overrun in Talentsoft's Web+ (3) (#NISR17042002B), NGSSoftware Insight Security Research
Back Office Web Administrator Authentication Bypass (#NISR17042002A), NGSSoftware Insight Security Research
Webtrends Reporting Center Buffer Overflow (#NISR17042002C), NGSSoftware Insight Security Research
[SNS Advisory No.51] Compaq Tru64 UNIX libc Buffer Overflow Vulnerability, snsadv@xxxxxxxxx
[SNS Advisory No.50] Compaq Tru64 UNIX dtprintinfo "-session" Buffer Overflow Vulnerability, snsadv@xxxxxxxxx
An alternative method to check LKM backdoor/rootkit, Wang Jian
- Re: An alternative method to check LKM backdoor/rootkit, Paul Starzetz
  - Re: An alternative method to check LKM backdoor/rootkit, Florian Weimer
    - Re: An alternative method to check LKM backdoor/rootkit, Karsten W. Rohrbach
    - 答复: An alternative method to check LKM backdoor/rootkit, Wang Jian
- RE: An alternative method to check LKM backdoor/rootkit, Philippe Bourgeois
AIM's 'Direct Connection' feature could lead to arbitrary file creation, Noah Johnson
Mailman/Pipermail private mailing list/local user vulnerability, H. Peter Anvin
Microsoft IIS 5.0 CodeBrws.asp Source Disclosure, H D Moore
- Re: Microsoft IIS 5.0 CodeBrws.asp Source Disclosure, Joe Testa
- RE: Microsoft IIS 5.0 CodeBrws.asp Source Disclosure, Randy Hinders
  - Re: Microsoft IIS 5.0 CodeBrws.asp Source Disclosure, H D Moore
    - Re: Microsoft IIS 5.0 CodeBrws.asp Source Disclosure, Chris Anley
[SECURITY] [DSA-127-1] buffer overflow in xpilot-server, Wichert Akkerman
Demarc Security Update Advisory, Demarc Security Support
[CERT-intexxia] AOLServer DB Proxy Daemon Format String Vulnerability, Benoît Roussel
Snort exploits, 0xcafebabe
- Re: Snort exploits, Dragos Ruiu
- Re: Snort exploits, Chris Green
- RE: Snort exploits, Grimes, Roger
  - Re: Snort exploits, Darren Reed
- Re: Snort exploits, Vern Paxson
  - Re: Snort exploits, Martin Roesch
    - Re: Snort exploits, der Mouse
Multiple Vulnerabilities in PostBoard, gcsb
IE allows universal Cross Site Scripting (TL#002), Thor Larholm
- RE: IE allows universal Cross Site Scripting (TL#002), GreyMagic Software
Melange Chat POC DOS, dvdman
Microsoft FTP Service STAT Globbing DoS, H D Moore
Microsoft Security Bulletin MS02-019: Unchecked Buffer in Internet Explorer and Office for Mac Can Cause Code to Execute (Q321309), Microsoft
- Microsoft Security Bulletin MS02-019: Unchecked Buffer in Internet Explorer and Office for Mac Can Cause Code to Execute (Q321309), Microsoft
IRIX cron daemon vulnerability, SGI Security Coordinator
MDKSA-2002:027 - squid update, Mandrake Linux Security Team
FreeBSD Security Advisory FreeBSD-SA-02:20.syncache, FreeBSD Security Advisories
Security Update: [CSSA-2002-016.0] Linux: horde/imp cross scripting vulnerabilities, security
[SECURITY] [DSA-126-1] Horde and IMP cross-site scripting attack, Wichert Akkerman
Norton Personal Firewall 2002 vulnerable to SYN/FIN scan, Alfonso Fiore
ansi outer join syntax in Oracle allows access to any data, Pete Finnigan
- Re: ansi outer join syntax in Oracle allows access to any data, Charles J Wertz
  - Re: ansi outer join syntax in Oracle allows access to any data, Pete Finnigan
- Re: ansi outer join syntax in Oracle allows access to any data, Pete Finnigan
- Re: ansi outer join syntax in Oracle allows access to any data, Greg Williamson
Cisco Security Advisory: Microsoft IIS Vulnerabilities in Cisco Products - MS02-018, Cisco Systems Product Security Incident Response Team
w00w00 on Microsoft IE/Office for Mac OS, Matt Conover
- Re: w00w00 on Microsoft IE/Office for Mac OS, Kevin van Haaren
A crash course with Linux Kernel 2.4.x, IP ID values & RFC 791, Ofir Arkin
Vulnerability in HP Photosmart/Deskjet Drivers for Mac OS X (root compromise), Dr Andreas F Muller
Demarc PureSecure 1.05 may be other (user can bypass login), pokleyzz sakamaniaka
About: Using the backbutton in IE is dangerous, Andreas Sandblad
Raptor Firewall FTP Bounce vulnerability, Roy Hills
- RE: Raptor Firewall FTP Bounce vulnerability, Lysel Christian Emre
  - RE: Raptor Firewall FTP Bounce vulnerability, Roy Hills
- Re: Raptor Firewall FTP Bounce vulnerability, William Aguilar
- RE: Raptor Firewall FTP Bounce vulnerability, Martin O'Neal
buffer overflow, using greek characters, AGAIN!, MegaHz
IRIX XFS filesystem denial of service attack, SGI Security Coordinator
- Re: IRIX XFS filesystem denial of service attack, H D Moore
- Re: IRIX XFS filesystem denial of service attack, Eric Sandeen
Several x-dev.de Guestbook and xNewsletter Vulnerabilities ( www.x-dev.de ), Florian Hobelsberger / BlueScreen
wbboard 1.1.1 Cross Site Scripting Vulnerability, SeazoN
Possible vulnerabilities of ICQ files opened in IE or OE, silentsupporter
- Re: Possible vulnerabilities of ICQ files opened in IE or OE, N|ghtHawk
Nortel CVX 1800s will dump all local user names and passwords via SNMP, Michael Rawls
Vulnerabilities in the Melange Chat Server, Leon Harris
SunSop: cross-site-scripting bug, ppp-design
Security Update: [CSSA-2002-SCO.16] UnixWare 7.1.1 : Multiple Vulnerabilities in BIND, security
Ability to read buddy list of AIM users, sunny licious
- Re: Ability to read buddy list of AIM users, Andrew J. Stackhouse
- Re: Ability to read buddy list of AIM users, Eugene Medynskiy
- RE: Ability to read buddy list of AIM users, emann
- RE: Ability to read buddy list of AIM users, emann
More fun with html mail: Outlook Express, Internet Explorer, Other etc, http-equiv@xxxxxxxxxx
Remote buffer overflow in Webalizer, Spybreak
- Re: Remote buffer overflow in Webalizer, Franck Coppola
  - Re: Remote buffer overflow in Webalizer, Bradford L. Barrett
  - Re: Remote buffer overflow in Webalizer, Lars Hecking
MDKSA-2002:026 - libsafe update, Mandrake Linux Security Team
OpenBSD 3.0: Bug in rshd(8) and rexecd(8) (fwd), Jonas Eriksson
SWS Vuln (small but important to those using it.), BrainRawt .
Re: (SRADV00006) Remote command execution vulnerabilities in phpGroupWare, Dan Kuykendall
Inn (Inter Net News) security problems, Paul Starzetz
Security Update: [CSSA-2002-SCO.15] Open UNIX 8.0.0 UnixWare 7.1.1 : Buffer overflow in libX11 with -xrm, security
IBM Informix Web DataBlade: Auto-decoding HTML entities, Simon Lodal
IBM Informix Web DataBlade: SQL injection, Simon Lodal
iXsecurity.20020328.tivoli_tsm_dsmsvc.a, Patrik Karlsson
OpenBSD Local Root Compromise, Milos Urbanek
- Re: OpenBSD Local Root Compromise, Dries Schellekens
local root compromise in openbsd 3.0 and below, Przemyslaw Frasunek
- Re: local root compromise in openbsd 3.0 and below, Solar Designer
- Re: local root compromise in openbsd 3.0 and below, Manuel Bouyer
  - Re: local root compromise in openbsd 3.0 and below, Brett Glass
    - Re: local root compromise in openbsd 3.0 and below, Manuel Bouyer
[SNS Advisory No.49] A Possibility of Internet Information Server/Services Cross Site Scripting, snsadv@xxxxxxxxx
IRIX Mail, mailx, timed and sort vulnerabilities, SGI Security Coordinator
iXsecurity.20020327.tivoli_tsm_dsmcad.a, Patrik Karlsson
ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT, gobbles
- re: gobbles ntop alert, Burton M. Strauss III
SOAP::Lite hole, quentyn
KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun, Peter Gründl
KPMG-2002009: Microsoft IIS W3SVC Denial of Service, Peter Gründl
KPMG-2002008: Watchguard SOHO IP Restrictions Flaw, Peter Gründl
Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow, Marc Maiffret
- RE: Windows 2000 Sec rollup 2 patch -- Ouch!, krisk
SPIKE version released that detects .HTR and ISAPI overflows (see spike.sourceforge.net), Dave Aitel
IIS allows universal CrossSiteScripting, Thor Larholm
Cgisecurity Advisory #9: Novell Websearch, and Microsoft IIS XSS Issues, zeno
@stake advisory: .htr heap overflow in IIS 4.0 and 5.0, advisories
Cisco Security Advisory: Solaris /bin/log vulnerability, Cisco Systems Product Security Incident Response Team
- Re: Cisco Security Advisory: Solaris /bin/log vulnerability, Charles M. Richmond
MS02-018, Dave Ahmad
- Re: MS02-018, Christian Milow
  - R: MS02-018, Francesco Pacaccio
- RE: MS02-018, verbal
Abyss Webserver 1.0 Administration password file retrieval exploit, Jeremy Roberts
[RHSA-2001:089-08] Updated tcpdump packages available for Red Hat Linux 6.2 and 7.x, bugzilla
Vulnerability: Windows2000Server running Terminalservices, Tom.Unger@xxxxxx
- Re: Vulnerability: Windows2000Server running Terminalservices, Thor
IE Word ActiveX DoS Loop, eflorio
Cisco Security Advisory: Aironet Telnet Vulnerability, Cisco Systems Product Security Incident Response Team
Security Update: [CSSA-2002-SCO.14] Open UNIX 8.0.0 UnixWare 7.1.1 : X server allows access to any shared memory on the system, security
regarding SSL issues, 0x90
Unauthorized remote control access to systems running Funk Softwa re's Proxy v3.x, Coffin, Chris
Multiple local files detection issues with OWC in IE (GM#008-IE), GreyMagic Software
SuSE Security Announcement: ucdsnmp (SuSE-SA:2002:012), Thomas Biege
Reading local files with OWC in IE (GM#006-IE), GreyMagic Software
multiple CGIscript.net scripts - Remote Code Execution, Steve Gustin
Controlling the clipboard with OWC in IE (GM#007-IE), GreyMagic Software
Scripting for the scriptless with OWC in IE (GM#005-IE), GreyMagic Software
KPMG-2002007: Watchguard SOHO Denial of Service, Andreas Sandor
Typsoft FTP Server: yet another directory traversal vulnerability, Kistler Ueli
Anthill login and JavaScript vulnerabilities, Ulf Harnhammar
NetWare Remote Manager patches, Patrik Karlsson
IMP 2.2.8 (SECURITY) released, Brent J. Nordquist
RE: Multiple Vendor "talkd" user validation fault, 0x90
Re: Techniques for Vulneability discovery, Ivan Arce
Security Update: [CSSA-2002-015.0] Linux: Double free in zlib (libz) vulnerability, security
CA security contact, Nicolas Gregoire
- Re: CA security contact, KF
- Re: CA security contact, Dustin E. Childers
- RE: CA security contact, Nick Benigno
- Re: CA security contact, Phil Froehlich
[RHSA-2002:054-09] Race conditions in logwatch, bugzilla
[RHSA-2002:053-12] Race conditions in logwatch, bugzilla
Exploit for Tarantella Enterprise 3 installation (BID 3966), Larry W. Cashdollar
(WSS-Advisories-02003) PHPBB BBcode Process Vulnerability, Whitecell Security Systems
emumail.cgi, acidneo
- Re: emumail.cgi, Tom Micklovitch
- Re: emumail.cgi, one more local vulnerability (not verified), Leif Jakob
- Re: emumail.cgi, N|ghtHawk
  - Re: emumail.cgi, MegaHz
    - Re: emumail.cgi, Randal L. Schwartz
NSFOCUS SA2002-02 : Microsoft Windows MUP overlong request kernel overflow, Nsfocus Security Team
Full analysis of multiple remotely exploitable bugs in Icecast 1.3.11, dizznutt
RE: Windows 2000 DCOM clients may leak sensitive information onto the network, Adcock, Matt
Security Update: [CSSA-2002-014.0] Linux: rsync supplementary groups vulnerability, security
RFC: suggestions for SSL security enhancements in Microsoft Internet Explorer, dhalterm
SECURITY.NNO: FTGate PRO/Office hotfixes, 3APA3A
Dynamic Guestbook V3.0 Cross Site Scripting and Arbitrary Command Execution under certain circumstances, Florian Hobelsberger / BlueScreen
Quik-Serv Web Server v1.1B Arbitrary File Disclosure, a b
Re: DoS in debian (potato) proftpd: 1.2.0pre10-2.0potato1, martin f krafft
- Re: DoS in debian (potato) proftpd: 1.2.0pre10-2.0potato1, Alun Jones
More Office XP problems (Version 2.0), Georgi Guninski
ISS Advisory: Remote Buffer Overflow Vulnerability in IRIX SNMP Daemon, X-Force
IRIX SNMP Vulnerabilities, SGI Security Coordinator
RE: More Office XP problems, Ben Schorr
- Re: More Office XP problems, Georgi Guninski
  - RE: More Office XP problems, Leonard Chung
    - RE: More Office XP problems, Paul Schmehl
    - RE: More Office XP problems, Kevin Brown
    - RE: More Office XP problems, Mary Landesman
- RE: More Office XP problems, Paul Szabo
iXsecurity.20020314.csadmin_fmt.a, Patrik Karlsson
LogWatch 2.5 still vulnerable, Spybreak
Multiple Vendor "talkd" user validation fault., Tekno pHReak
- Re: Multiple Vendor "talkd" user validation fault., Mike Scher
Cisco Security Advisory: Vulnerability in zlib library, Cisco Systems Product Security Incident Response Team
Icecast temp patch (OR: Patches? We DO need stinkin' patches!!@$!), Neeko Oni
SQL injection in PHPGroupware, Matthias Jordan
- Re: SQL injection in PHPGroupware, Adam McKenna
- Re: SQL injection in PHPGroupware, Dan Kuykendall
iXsecurity.20020316.csadmin_dir.a, Patrik Karlsson
Security bugs in PhpNuke, Thiébaut
[CLA-2002:471] Conectiva Linux Security Announcement - cups, secure
Cisco Security Advisory: Web interface vulnerabilities in ACS for Windows, Cisco Systems Product Security Incident Response Team
Winamp: Mp3 file can control the minibrowser, Andreas Sandblad
- Re: Winamp: Mp3 file can control the minibrowser, Security
- Re: Winamp: Mp3 file can control the minibrowser, Daniel Lorch
  - Re: Winamp: Mp3 file can control the minibrowser, Andreas Sandblad
Huge Privacy Threats in Webmails and How Big Companies Handle them, FozZy
Re: Identifying Kernel 2.4.x based Linux machines using UDP, Phil
VNC Security Bulletin - zlib double free issue (multiple vendors and versions), Andrew van der Stock
- Re: VNC Security Bulletin - zlib double free issue (multiple vendors and versions), Anthony DeRobertis
  - RE: VNC Security Bulletin - zlib double free issue (multiple vendors and versions), Andrew van der Stock
    - Re: VNC Security Bulletin - zlib double free issue (multiple vendors and versions), Anthony DeRobertis
    - Re: VNC Security Bulletin - zlib double free issue (multiple vendors and versions), Nick Lamb
IE: Remote webpage can script in local zone, Andreas Sandblad
RE: [VulnWatch] vuln in wwwisis: remote command execution and get files, Jorge Walters
SASL (v1/v2) MYSQL/LDAP authentication patch., Simon Loader
Re: Multiple Vulnerabilties Sambar Webserver, Tamer Sahin
- Re: Multiple Vulnerabilties Sambar Webserver, Steven M. Christey
icecast 1.3.11 remote shell/root exploit - #temp, dizznutt
Happy Easter / April Fools from Snosoft (Oracle 8.1.5 tnslsnr), KF
Re: IRIX FTP Bounce vulnerability, Christophe Casalegno
Outlook Express Attach Execution Exploit (img tag + innerHTML + TIF dos name), Elia Florio
Taxonomies, Marco de Vivo [UCV]
- Re: Taxonomies, Alex Russell
- Re: Taxonomies, Andrew R. Reiter
popper_mod 1.2.1 and previous accounts compromise, matthew@xxxxxxxxxx
MS 3/28/02 Security Patch for IE6 - warning!, Phil Dibowitz
- RE: MS 3/28/02 Security Patch for IE6 - warning!, Thor Larholm
  - RE: MS 3/28/02 Security Patch for IE6 - warning!, Eric
    - RE: MS 3/28/02 Security Patch for IE6 - warning!, the Pull
Firewall-1 Identification : port 257 (ie archive : 18701), Sacha Faust
- Re: Firewall-1 Identification : port 257 (ie archive : 18701), Mariusz Woloszyn
Re: A buffer overflow study - generic protections, Crispin Cowan
Reading portions of local files in IE, depending on structure (GM#004-IE), GreyMagic Software
Windows 2000 DCOM clients may leak sensitive information onto the network, Todd Sabin
Various Vulnerabilities in ZoneAlarm MailSafe, Edvice Security Services
KPMG-2002006: Lotus Domino Physical Path Revealed, Peter Gründl
- Re: KPMG-2002006: Lotus Domino Physical Path Revealed, Nicolas Gregoire
- Re: KPMG-2002006: Lotus Domino Physical Path Revealed, Joe Testa
iXsecurity.20020313.nw6remotemanager.a, Patrik Karlsson
- iXsecurity.20020313.nw6remotemanager.a, Patrik Karlsson
NSFOCUS SA2002-01: Sun Solaris Xsun "-co" heap overflow, Nsfocus Security Team
Fw: Multiple Vulnerabilties in Sambar Server, NGSSoftware Insight Security Research Advisory (NISR)
Re: squirrelmail 1.2.5 email user can execute command, Konstantin Riabitsev
Boursorama.com cookie exploit, Eyrill / Securiteinfo.com
Zope security address, Rossen Raykov
- Re: Zope security address, Matt Burleigh
Progress Setuid patch Installs (Happy Easter or April fools to Progress), KF
Bypassing javascript filters - problem N3., Alexander K. Yezhov
- Re: Bypassing javascript filters - problem N3., fozzy
packet filter fingerprinting(open but closed, closed but filtered), Meder Kydyraliev
- Re: packet filter fingerprinting(open but closed, closed but filtered), Jonas Eriksson
- Re: packet filter fingerprinting(open but closed, closed but filtered), Jonas Eriksson
Security Update: [CSSA-2002-005.0] Linux - LD_LIBRARY_PATH problem in KDE sessions, security
Re: invitation to my cam (fwd), Johnny J Chin
UPDATED: Cisco Security Advisory: LDAP Connection Leak in CTI when User Authentication Fails, Cisco Systems Product Security Incident Response Team
Fun With MSN Chat Part I (Cross Scripting), John Heasman
Announcing Immunix SnackGuard, Crispin Cowan