security.bugtraq (thread)

Security Update: [CSSA-2002-033.0] Linux: multiple vulnerabilities in openssl, security
SuSE Security Announcement: mod_ssl, mm (SuSE-SA:2002:028), Roman Drahtmueller
Remote Buffer Overflow Vulnerability in Sun RPC, Dave Ahmad
Announcing: The Zardoz 'Security Digest' Archives, Curator
FW: Parachat DoS Vulnerability, Matt Smith
[CLA-2002:513] Conectiva Linux Security Announcement - openssl, secure
The SUPER Bug, gobbles
[RHSA-2002:153-07] Updated mm packages fix temporary file handling, bugzilla
FreeBSD Security Advisory FreeBSD-SA-02:32.pppd, FreeBSD Security Advisories
It takes two to tango, Richard M. Smith
- Re: It takes two to tango, Chris Paget
  - Re: It takes two to tango, Jose Nazario
  - Re: It takes two to tango, Stan Bubrouski
  - Re: It takes two to tango, Riad S. Wahby
- Re: It takes two to tango, Mike Forrester
LinuxSecurity Magazine Online - First Edition, Renato Murilo Langona
Directory traversal vulnerability in sendform.cgi, Steven M. Christey
Bug in Eupload, [Zero_Byte]
Security Update: [CSSA-2002-032.0] Linux: temporary file races in libmm, security
MDKSA-2002:046 - openssl update, Mandrake Linux Security Team
IPSwitch IMail Advisory #2, 2c79cbe14ac7d0b8472d3f129fa1df55
[ADVISORY]: Arbitrary file disclosure vulnerability in Sympoll 1.2, David Raeman
[SECURITY] [DSA 137-1] New mm packages fix insecure temporary file creation, Martin Schulze
FreeBSD Security Advisory FreeBSD-SA-02:23.stdio [REVISED], FreeBSD Security Advisories
Windows mplay32 buffer overflow, 'ken'@FTU
RE: warning, Thor Larholm
Vulnerability: protected Adobe eBooks can be copied between computers, info
TSLSA-2002-0064 - util-linux, Trustix Secure Linux Advisor
SuSE Security Announcement: openssl (SuSE-SA:2002:027), Roman Drahtmueller
Cisco Security Advisory: TFTP Long Filename Vulnerability, Cisco Systems Product Security Incident Response Team
Code injection Vulnerability in endity.com's shoutBOX, <-delusion->
GLSA: OpenSSL, Daniel Ahlberg
[ESA-20020730-019] several vulnerabilities in the openssl library, EnGarde Secure Linux
OpenSSL patches for other versions, Ben Laurie
- Re: OpenSSL patches for other versions, Ademar de Souza Reis Jr.
OpenSSL Security Altert - Remote Buffer Overflows, Ben Laurie
TSLSA-2002-0063 - openssl, Trustix Secure Linux Advisor
[OpenPKG-SA-2002.007] OpenPKG Security Advisory (mm), OpenPKG
[OpenPKG-SA-2002.008] OpenPKG Security Advisory (openssl), OpenPKG
[RHSA-2002:155-11] Updated openssl packages fix remote vulnerabilities, bugzilla
[SECURITY] [DSA-136-1] Multiple OpenSSL problems, Wichert Akkerman
RE: XWT Foundation Advisory, Microsoft Security Response Center
- Re: XWT Foundation Advisory, Peter Watkins
- RE: XWT Foundation Advisory, Thor Larholm
  - Re: XWT Foundation Advisory, Adam Megacz
  - RE: XWT Foundation Advisory, Jason Coombs
MDKSA-2002:045 - mm update, Mandrake Linux Security Team
Re: Hoax Exploit (2c79cbe14ac7d0b8472d3f129fa1df55 RETURNS), 2c79cbe14ac7d0b8472d3f129fa1df55 2c79cbe14ac7d0b8472d3f129fa1df55
Fake Identd - Remote root exploit, Jedi/Sector One
Hoax Exploit, John Korsak
- Re: Hoax Exploit, Tom Fischer
XWT Foundation Advisory: Firewall circumvention possible with all browsers, Adam Megacz
- Re: XWT Foundation Advisory: Firewall circumvention possible with all browsers, Peter Watkins
- RE: XWT Foundation Advisory: Firewall circumvention possible with all browsers, GreyMagic Software
- RE: XWT Foundation Advisory: Firewall circumvention possible with all browsers, Jason Coombs
Re: Eat gopher!, JW Oh
KDE 2/3 artsd 1.0.0 local root exploit, kokane
- Re: [VulnWatch] KDE 2/3 artsd 1.0.0 local root exploit, H D Moore
[RHSA-2002:132-14] Updated util-linux package fixes password locking race, bugzilla
Abyss Web Server version 1.0.3 shows file and directory content, Securiteinfo . com
php dotProject by pass authentication, pokleyzz
HylaFAX - Various Vulnerabilities Fixed, Lee Howard
RAZOR advisory: Linux util-linux chfn local root vulnerability, Michal Zalewski
- Re: RAZOR advisory: Linux util-linux chfn local root vulnerability, Andrew Pimlott
  - Re: RAZOR advisory: Linux util-linux chfn local root vulnerability, Michal Zalewski
    - Re: RAZOR advisory: Linux util-linux chfn local root vulnerability, Andrew Pimlott
    - Re: RAZOR advisory: Linux util-linux chfn local root vulnerability, Andreas Beck
- Re: RAZOR advisory: Linux util-linux chfn local root vulnerability, Szemkel
phenoelit advisory, Brother Printers ++/-, kim0
Easy Homepage Creator Vulnerability, Arek Suroboyo
phpBB/gender mod allows get admin privilege, exploit/patch, langtuhaohoa caothuvolam
WHERE'S THE CA$H: Internet Explorer 6.00. Outlook Express 6.00, http-equiv@xxxxxxxxxx
Easy Guestbook Vulnerabilities, Arek Suroboyo
Phenoelit Advisory 0815 ++ -- Brick, kim0
Phenoelit ADvisory 0815 ++ ** Ascend, kim0
Phenoelit Advisory 0815 ++ // Xedia, kim0
Phenoelit Advisory #0815 +--, kim0
Phenoelit Advisory #0815 ++-+ dp_300 (DLINK), kim0
Phenoelit Advisory #0815 +-+, kim0
Phenoelit Advisory 0815 ++ /+ HP ProCurve, kim0
Phenoelit Advisory, 0815 ++ * - Cisco_tftp, kim0
- Re: Phenoelit Advisory, 0815 ++ * - Cisco_tftp, Mike Caudill
0815 ++ */ SEH_Web, kim0
SECURITY.NNOV: multiple vulnerabilities in JanaServer, 3APA3A
Re: [Full-Disclosure] Re: UPDATE: Re: REFRESH: EUDORA MAIL 5.1.1, http-equiv@xxxxxxxxxx
IPSwitch IMail ADVISORY/EXPLOIT/PATCH, 2c79cbe14ac7d0b8472d3f129fa1df
SQL Server 2000 Buffer Overflows and SQL Inyection vulnerabilities., c c
KaZaa v1.7.1 Denial of Service Attack, josh
26 June 2002 Cumulative Patch for Windows Media Player (Q320920), Szulc Roger
- Re: 26 June 2002 Cumulative Patch for Windows Media Player (Q320920), David Beards
- RE: 26 June 2002 Cumulative Patch for Windows Media Player (Q320920), Coffin, Chris
[RHSA-2002:139-10] Updated glibc packages fix vulnerabilities in resolver, bugzilla
PGP 7.04 Patch Modifies the Password Cache Setting, Steve.Cohen
- RE: PGP 7.04 Patch Modifies the Password Cache Setting, Cohen, Steve
VU#197395 Microsoft IIS SMTP encapsulated e-mail address vulnerability - update, TLR
Novell GroupWise 6.0.1 Support Pack 1 Bufferoverflow, Marco van Berkum
Uninets StatsPlus 1.25 script injection vulnerabilities, BrainRawt .
UPDATE: Re: REFRESH: EUDORA MAIL 5.1.1, http-equiv@xxxxxxxxxx
- Re: UPDATE: Re: REFRESH: EUDORA MAIL 5.1.1, Jeff Kell
- Re: UPDATE: Re: REFRESH: EUDORA MAIL 5.1.1, Nick FitzGerald
Medium security hole affecting W3Mail, Tim Brown
ezContents multiple vulnerabilities, Ulf Harnhammar
Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002), NGSSoftware Insight Security Research
ISS Brief: Remote Buffer Overflow Vulnerability in Microsoft Exchange Server (fwd), Dave Ahmad
Microsoft Security Bulletin MS02-032: 26 June 2002 Cumulative Patch for Windows Media Player (Q320920) (Version 2.0) (fwd), Dave Ahmad
- Re: Microsoft Security Bulletin MS02-032: 26 June 2002 Cumulative Patch for Windows Media Player (Q320920) (Version 2.0) (fwd), Knud Erik Højgaard
Microsoft Security Bulletin MS02-038: Cumulative Patch for SQL Server 2000 Service Pack 2 (Q316333) (fwd), Dave Ahmad
Microsoft Security Bulletin MS02-039: Buffer Overruns in SQL Server 2000 Resolution Service Could Enable Code Execution (Q323875) (fwd), Dave Ahmad
Microsoft Security Bulletin MS02-036: Authentication Flaw in Microsoft Metadirectory Services Could Allow Privilege Elevation (Q317138) (fwd), Dave Ahmad
CacheFlow CacheOS Cross-site Scripting Vulnerability, T.Suzuki
Interface promiscuity obscurity in Linux, Ricardo Branco
- Re: Interface promiscuity obscurity in Linux, Ademar de Souza Reis Jr.
- Re: Interface promiscuity obscurity in Linux, Glynn Clements
- Re: Interface promiscuity obscurity in Linux, Frédéric Raynal
  - Re: Interface promiscuity obscurity in Linux, Casper Dik
    - Re: Interface promiscuity obscurity in Linux, Jim Mellander
- Re: Interface promiscuity obscurity in Linux, Paul Starzetz
- Re: Interface promiscuity obscurity in Linux, Rasmus Bøg Hansen
  - Re: Interface promiscuity obscurity in Linux, plattner
    - Re: Interface promiscuity obscurity in Linux, quentyn
Pegasus mail DoS, Auriemma Luigi
[ESA-20020724-018] Buffer overflow in BIND4-derived resolver code., EnGarde Secure Linux
Apple OSX and iDisk and Mail.app, Randal L. Schwartz
- Re: Apple OSX and iDisk and Mail.app, Dale Southard
  - Re: Apple OSX and iDisk and Mail.app, Daryl Tester
- Re: Apple OSX and iDisk and Mail.app, osx_guru
- Re: Apple OSX and iDisk and Mail.app, spam_bucket
  - Re: Apple OSX and iDisk and Mail.app, Eric Hall
Denial of Service bug in Pine 4.44, Martin J. Muench
Cisco Security Advisory: Heap Overflow in Solaris cachefs Daemon, Cisco Systems Product Security Incident Response Team
Potential remote root in CodeBlue log scanner, Demi Sex God from Hell
cross-site scripting bug of Mailman, office
Cobalt Qube 3 Administration page, pokley
VNC authentication weakness, jepler
- Re: VNC authentication weakness, David Frascone
  - Re: VNC authentication weakness, Iván Arce
- Re: VNC authentication weakness, Jack Lloyd
  - Re: VNC authentication weakness, Constantin Kaplinsky
- Re: VNC authentication weakness, Andreas Beck
  - Re: VNC authentication weakness, David Wagner
    - Re: VNC authentication weakness, Mitch Adair
    - Re: VNC authentication weakness, Jose Nazario
    - Re: VNC authentication weakness, Ariel Waissbein
- RE: VNC authentication weakness, Andrew van der Stock
- Re: VNC authentication weakness, Kragen Sitaker
  - Re: VNC authentication weakness, Theo de Raadt
    - Re: VNC authentication weakness, Nate Lawson
    - Re: VNC authentication weakness, Mike Porter
  - Re: VNC authentication weakness, David Wagner
    - Re: VNC authentication weakness, David Malone
Icq 2001&2002 vulnerability, Michael
VMware GSX Server Remote Buffer Overflow, Mingyan Liu
- Re: VMware GSX Server Remote Buffer Overflow, Eric Horschman
Mozilla cookie stealing - Sandblad advisory #9, Andreas Sandblad
Denial of Service in ZyXEL prestige 642R w/ZyNOS v2.50(FA.1), 0x36
- Re: Denial of Service in ZyXEL prestige 642R w/ZyNOS v2.50(FA.1), bd
REFRESH: EUDORA MAIL 5.1.1, http-equiv@xxxxxxxxxx
- Re: REFRESH: EUDORA MAIL 5.1.1, Doug Monroe
How to reproduce PHP segfault., Joseph S. Testa II
Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta, kelli burkinshaw
- Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta, kelli burkinshaw
  - RE: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta, Burton M. Strauss III
    - Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta, Bela Lubkin
    - Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta, Bela Lubkin
    - Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta, Russell Harding
    - Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta, Bela Lubkin
    - Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta, Jim Paris
- Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta, VanDyke Technical Support
- Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta, VanDyke Technical Support
Pressing CTRL in IE is dangerous - Sandblad advisory #8, Andreas Sandblad
- Re: Pressing CTRL in IE is dangerous - Sandblad advisory #8, Peter Pentchev
- RE: Pressing CTRL in IE is dangerous - Sandblad advisory #8, GreyMagic Software
- RE: Pressing CTRL in IE is dangerous - Sandblad advisory #8, Thor Larholm
Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta, Kyuzo
- Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta, Andrea Lisci
PHRACK 59 OFFICIAL RELEASE, Phrack Staff
MailMax security advisory/exploit/patch, 2c79cbe14ac7d0b8472d3f129fa1df
Announcement: injectso-0.2, Shaun Clowes
- Re: Announcement: injectso-0.2, Barton Miller
CERT Advisory CA-2002-21 Vulnerability in PHP, CERT Advisory
SSH Protocol Trick, auto458545
- Re: SSH Protocol Trick, H D Moore
- Re: SSH Protocol Trick, stealth
  - Re: SSH Protocol Trick, stealth
- Re: SSH Protocol Trick, Mikael Olsson
- Re: SSH Protocol Trick, Markus Friedl
Nanog traceroute format string exploit., SpaceWalker
- Re: Nanog traceroute format string exploit., Ryan Mansager
- Re: Nanog traceroute format string exploit., Olaf Kirch
Security Update: [CSSA-2002-SCO.35] OpenServer 5.0.5 OpenServer 5.0.6 : crontab format string vulnerability, security
Pablo Sofware Solutions FTP server Directory Traversal Vulnerability, Securiteinfo . com
PHP Resource Exhaustion Denial of Service, Matthew Murphy
- RE: PHP Resource Exhaustion Denial of Service, Russ Garrett
- Re: PHP Resource Exhaustion Denial of Service, vjt
Pyramid BenHur Firewall active FTP portfilter ruleset results in a firewall leak, Dr. Peter Bieringer
Vulnerability found: Adobe Acrobat eBook Reader and Content Server, Vladimir Katalov
Advisory 02/2002: PHP remote vulnerability, e-matters Security
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1, Marko Karppinen
- [Admin/Spamassasin] Re: PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1, Lupe Christoph
  - Re: [Admin/Spamassasin] Re: PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1, John Pettitt
  - Re: [Admin/Spamassasin] Re: PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1, Steven Champeon
BadBlue - Unauthorized Administrative Command Execution, Matthew Murphy
- Re: BadBlue - Unauthorized Administrative Command Execution, ellipse
Re: AIM forced behavior "issue" Re:ICQ and MSIE allow execution of arbitrary code, rwertenb
AIM Exploit!!, tuna
- Re: AIM Exploit!!, john smith
ANNOUNCING: Debian GNU/Linux 3.0, martin f krafft
BadBlue 302 Status Message XSS, Matthew Murphy
tru64 proof of concept /bin/su non-exec bypass, phased
Domain password logon authentication bug in Windows 2000 Advanced Server Domain Controller, Ron Ray
- Re: Domain password logon authentication bug in Windows 2000 Advanced Server Domain Controller, 3APA3A
Norton AV 2002 rewriting SMTP, breaking TLS, Dale Clapperton (lists)
- RE: Norton AV 2002 rewriting SMTP, breaking TLS, Russell Mann
- RE: Norton AV 2002 rewriting SMTP, breaking TLS, Owen, Greg
  - Re: Norton AV 2002 rewriting SMTP, breaking TLS, Adam Shostack
Linux kernel setgid implementation flaw, FozZy
- Re: Linux kernel setgid implementation flaw, FozZy
  - Re: Linux kernel setgid implementation flaw, Wietse Venema
    - Re: Linux kernel setgid implementation flaw, FozZy
Geeklog XSS and CRLF Injection, Ulf Harnhammar
Trend Micro Officescan Denial of Service, Marc Ruef
asciiSECURE advisory (2002-07-17/1), lumpy
[CLA-2002:512] Conectiva Linux Security Announcement - libpng, secure
WINAMP also allows execution of arbitrary code (probably a lot more programs aswell), Jelmer
Fwd: non-disclosed info in Outlook can lead to potential serious Social Attack., Intel Nop
- Forged FROM addresses/non-disclosed info in Outlook can lead to potential serious Social Attack, David Walker
  - Re: Forged FROM addresses/non-disclosed info in Outlook can lead to potential serious Social Attack, Andrew Church
  - Re: Forged FROM addresses/non-disclosed info in Outlook can lead to potential serious Social Attack, Neil W Rickert
[AP] Oracle Reports Server Information Disclosure Vulnerability, skp
Java webstart also allows execution of arbitrary code, Jelmer
MERCUR Mailserver advisory/remote exploit, 2c79cbe14ac7d0b8472d3f129fa1df
wwwoffle-2.7b and prior segfaults with negative Content-Length value, qitest1
Administrivia: Symantec acquiring SecurityFocus, aleph1
MDKSA-2002:044 - squid update, Mandrake Linux Security Team
KPMG-2002034: Jigsaw Webserver DOS device DoS, Peter Gründl
Wiki module postnuke Cross Site Scripting Vulnerability, Pistone
Exploit for a security hole in the pickle module for Python versions <= 2.1.x, Jeff Epler
Re:[VulnWatch] wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting, xile
- Re: [VulnWatch] wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting, Matt Moore
KPMG-2002033: Resin DOS device path disclosure, Peter Gründl
- Re: KPMG-2002033: Resin DOS device path disclosure, security-protocols
KPMG-2002032: Macromedia Sitespring Cross Site Scripting, Peter Gründl
KPMG-2002031: Jigsaw Webserver Path Disclosure, Peter Gründl
Security Update: [CSSA-2002-031.0] Linux: mod_ssl off-by-one error, security
MDKSA-2002:043 - bind update, Mandrake Linux Security Team
ICQ and MSIE allow execution of arbitrary code, Jelmer
- Re: ICQ and MSIE allow execution of arbitrary code, Stan Bubrouski
- Re: ICQ and MSIE allow execution of arbitrary code, Jelmer
[RHSA-2002:134-12] Updated mod_ssl packages available, bugzilla
Sniffable Switch Project, alaric
- Re: Sniffable Switch Project, Cedric Blancher
  - Re: Sniffable Switch Project, martin f krafft
    - Re: Sniffable Switch Project, martin f krafft
- Re: Sniffable Switch Project, Frédéric Raynal
Outpost24 Advisory: Oddsock PlaylistGenerator Multiple BufferOverlow vulnerability, Lucas Lundgren
Error in MS mail handler - noncritical but a problem, Fred Cohen
AIM forced behavior "issue", orb
- Re: AIM forced behavior "issue", Knud Erik Højgaard
  - Re: AIM forced behavior "issue" Re:ICQ and MSIE allow execution of arbitrary code, Bojidar Alexandrov
Security Update: [CSSA-2002-SCO.33] OpenServer 5.0.5 OpenServer 5.0.6 : timed does not enforce nulls, security
Security Update: [CSSA-2002-SCO.34] OpenServer 5.0.5 OpenServer 5.0.6 : uux status file name buffer overflow, security
Again NULL and addslashes() (now in 123tkshop), avart
Remote ICQ Sound Desactivation, xLaNT
- Re: Remote ICQ Sound Desactivation, Knud Erik Højgaard
  - Re: Remote ICQ Sound Desactivation, Adam [wp-ckkl]
@stake Advisory: Norton Personal Internet Firewall HTTP Proxy Vulnerability, advisories
FreeBSD Security Advisory FreeBSD-SA-02:31.openssh, FreeBSD Security Advisories
Tivoli TMF Endpoint Buffer Overflow, Mark A. Rowe (PenTest)
Tivoli TMF ManagedNode Buffer Overflow, Mark A. Rowe (PenTest)
TSLSA-2002-0061 - bind, Trustix Secure Linux Advisor
TSLSA-2002-0062 - squid, Trustix Secure Linux Advisor
pwc.20020630.nims_modweb.b, patrik . karlsson
pwc.20020630.nims_3.0.3_imapd.a, patrik . karlsson
Double Choco Latte multiple vulnerabilities, Ulf Harnhammar
Hosting Controller Vulnerability, Ben M
- Re: Hosting Controller Vulnerability, Muhammad Faisal Rauf Danka
- Re: Hosting Controller Vulnerability, James Griffin
- Re: Hosting Controller Vulnerability, Ben M
SGI Apache Web Server Chunk Handling vulnerability, SGI Security Coordinator
MFC Overflow Test Code, Matthew Murphy
Three BadBlue Vulnerabilities, Matthew Murphy
The answer to the PIX encryption issue, Damir Rajnovic
Re: Cisco VPN3000 MTU overflow (fragmentation issue), porte10
MFC ISAPI Framework Buffer Overflow, Matthew Murphy
- Re: MFC ISAPI Framework Buffer Overflow, Chris Wysopal
FreeBSD Security Advisory FreeBSD-SA-02:30.ktrace, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-02:29.tcpdump, FreeBSD Security Advisories
5 bugs, D4rkGr3y
- Re: [VulnWatch] 5 bugs, Kurt Seifried
  - Re: [VulnWatch] 5 bugs, Simon Hausmann
@stake Advisory: Multiple Vulnerabilities with Pingtel xpressa SIP Phones, @stake advisories
Vulnerability found: The Adobe eBook Library, Vladimir Katalov
Multiple vulnerabilities in atphttpd-0.4b, qitest1
- Re: Multiple vulnerabilities in atphttpd-0.4b, badc0ded
[SPSadvisory#47]RealONE Player Gold / RealJukebox2 skin file download vulnerability, webmaster
Several problems in CARE 2002, avart
Portcullis Security Advisory - IIS Microsoft SMTP Service Encapsu lated SMTP Address Vulnerability, JWC
[SPSadvisory#48]RealONE Player Gold / RealJukebox2 Buffer Overflow, webmaster
IRIX DNS resolver vulnerability, SGI Security Coordinator
ZyXEL Prestige Router Remote Node Filtering Vulnerability still present, Bernardo Pons
- Re: ZyXEL Prestige Router Remote Node Filtering Vulnerability still present, Daniel Roethlisberger
RE: Multiple Security Vulnerabilities in Sharp Zaurus, Moorhouse, Walt P
[CLA-2002:507] Conectiva Linux Security Announcement - Resolver libraries, secure
Popcorn vulnerabilities, bugtest
Security Update: [CSSA-2002-SCO.28] UnixWare 7.1.1 Open UNIX 8.0.0 : rpc.ttdbserverd file creation and deletion vulnerabilities, security
Exploit: TL003/Dot Bug = Reading Non-Parsable Files, Matthew Murphy
Lil'HTTP Pbcgi.cgi XSS Vulnerability, Matthew Murphy
SQL Server passwords, David Litchfield
- SQL Server passwords, patrik . karlsson
Tiny Software and Sygate contact, Jonas Koch
- Re: Tiny Software and Sygate contact, Paul Schmehl
- RE: Tiny Software and Sygate contact, Seth Knox
CERT Advisory CA-2002-20 Multiple Vulnerabilities in CDE ToolTalk, CERT Advisory
SQL Server 7 & 2000 Installation process and Service Packs write encoded passwords to a file, c c
Portcullis Security Advisory - Directory Traversal Vulnerability in SunPS iRunbook 2.5.2, JWC
Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002), NGSSoftware Insight Security Research
- RE: Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002), Hall, Philip
  - RE: Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002), Aaron C. Newman
Re: XSS in ht://Dig, Geoff Hutchison
[CORE-20020528] Multiple vulnerabilities in ToolTalk Database server, Iván Arce
Cisco VPN3000 gateway MTU overflow, porte10
- Re: Cisco VPN3000 gateway MTU overflow, Steve McIlwain
- Re: Cisco VPN3000 gateway MTU overflow, Pete Davis
EEYE: Remote PGP Outlook Encryption Plug-in Vulnerability, Marc Maiffret
SuSE Security Announcement: Resolver (SuSE-SA:2002:026), Olaf Kirch
RE: XSS Hole in Fluid Dynamics Search engine, Zoltan Milosevic
- XSS Hole in Fluid Dynamics search Engine, VALDEUX
IE allows universal Cross Domain Scripting (TL#003), Thor Larholm
- Multiple Security Vulnerabilities in Sharp Zaurus, SURUAZ
  - Re: Multiple Security Vulnerabilities in Sharp Zaurus, Stephen Harris
  - Re: Multiple Security Vulnerabilities in Sharp Zaurus, Jordan K Wiens
wp-02-0012: Carello 1.3 Remote File Execution, Matt Moore
wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting, Matt Moore
wp-02-0008: Apache Tomcat Cross Site Scripting, Matt Moore
iPlanet Remote File Viewing, turambar386
- Re: iPlanet Remote File Viewing, hubbelyo
Exploit for previously reported DoS issues in Shambala Server 4.5, Daniel Nyström
ALERT: Working Resources BadBlue #2 (DoS, Heap Overflow), Matthew Murphy
SuSE Security Announcement: squid (SuSE-SA:2002:025), Roman Drahtmueller
KPMG-2002030: Watchguard Firebox Dynamic VPN Configuration Protocol DoS, Peter Gründl
Sun iPlanet Web Server Buffer Overflow (#NISR09072002), NGSSoftware Insight Security Research
Foundstone Advisory - Buffer Overflow in MyWebServer (fwd), Dave Ahmad
BadBlue 1.73 EXT.DLL XSS Variant, Matthew Murphy
Technical Details of Urlcount.cgi Vulnerability, Matthew Murphy
KF Web Server version 1.0.2 shows file and directory content, Securiteinfo . com
Linux kernels DoSable by file-max limit, Paul Starzetz
- Re: Linux kernels DoSable by file-max limit, Kurt Seifried
  - Re: Linux kernels DoSable by file-max limit, Paul Starzetz
  - Re: Linux kernels DoSable by file-max limit, Michal Zalewski
    - Re: Linux kernels DoSable by file-max limit, Jim Breton
  - Re: Linux kernels DoSable by file-max limit, Aleksander Adamowski
- Re: Linux kernels DoSable by file-max limit, Andrea Arcangeli
- Re: Linux kernels DoSable by file-max limit, elv
Technical Details of BadBlue EXT.DLL Vulnerability, Matthew Murphy
New Paper: Microsoft SQL Server Passwords, NGSSoftware Insight Security Research
- RE: New Paper: Microsoft SQL Server Passwords, John Tolmachofft
- RE: New Paper: Microsoft SQL Server Passwords, Toni Lassila
  - RE: New Paper: Microsoft SQL Server Passwords, Pauli Porkka
KPMG-2002029: Bea Weblogic Performance Pack Denial of Service, Peter Gründl
sparc exploit for known solaris 8 kcms_configure overflow, Adam Slattery
MacOS X SoftwareUpdate Vulnerability, Russell Harding
- Re: MacOS X SoftwareUpdate Vulnerability, Julian Suschlik
  - Re: MacOS X SoftwareUpdate Vulnerability, Kurt Seifried
  - Re: MacOS X SoftwareUpdate Vulnerability, Corey J. Steele
    - Re: MacOS X SoftwareUpdate Vulnerability, gabriel rosenkoetter
- RE: MacOS X SoftwareUpdate Vulnerability, jaehnel
- RE: MacOS X SoftwareUpdate Vulnerability, Hundley, Gordon - Princeton
LOCAL ROOT EXPLOIT - SUPPORT FULL-DISCLOSURE - LOCAL ROOT EXPLOIT, kanix THE HACKER
- Re: LOCAL ROOT EXPLOIT - SUPPORT FULL-DISCLOSURE - LOCAL ROOT EXPLOIT, KF
- Re: LOCAL ROOT EXPLOIT - SUPPORT FULL-DISCLOSURE - LOCAL ROOT EXPLOIT, Olaf Kirch
- Re: LOCAL ROOT EXPLOIT - SUPPORT FULL-DISCLOSURE - LOCAL ROOT EXPLOIT, kanix
Re: UnBodyGuard a.k.a Bouncer (Solaris kernel function hijacking) (fwd), Dave Aitel
- Re: UnBodyGuard a.k.a Bouncer (Solaris kernel function hijacking) (fwd), noir sin
  - Re: UnBodyGuard a.k.a Bouncer (Solaris kernel function hijacking) (fwd), noir sin
    - Re: UnBodyGuard a.k.a Bouncer (Solaris kernel function hijacking) (fwd), Dave Aitel
remote winamp 2.x exploit (all current versions), 2c79cbe14ac7d0b8472d3f129fa1df
UT (and other game-servers) DDOS, Tom
[CLA-2002:506] Conectiva Linux Security Announcement - squid, secure
MDKSA-2002:042 - LPRng updates, Mandrake Linux Security Team
Worldspan DoS, altomo
UnBodyGuard a.k.a Bouncer (Solaris kernel function hijacking) (fwd), noir sin
[CLA-2002:505] Conectiva Linux Security Announcement - ethereal, secure
Re: Remote buffer overflow in resolver code of libc, D. J. Bernstein
- Re: Remote buffer overflow in resolver code of libc, Florian Weimer
MDKSA-2002:041 - kernel 2.2 and 2.4 updates, Mandrake Linux Security Team
Re: UT DDoS risk (possible solution), Auriemma Luigi
nn remote format string vulnerability, zillion
Re: Acrobat reader 5.05 temp file insecurity, Paul Szabo
- Re: Acrobat reader 5.05 temp file insecurity, secfocus
[OpenPKG-SA-2002.006] OpenPKG Security Advisory (bind), OpenPKG
[RHSA-2002:051-16] New Squid packages available, bugzilla
Squid Security Update Advisory 2002:3, Henrik Nordstrom
[Global InterSec 2002062801] OpenSSH challenge-response buffer overflow (Update), Global InterSec Research
UT DDoS risk, bugtest
SunPCi II VNC weak authentication scheme vulnerability, Richard van den Berg
Remotely Exploitable Buffer Overruns in Microsoft's Commerce Server 2000/2 (#NISRNISR03062002), NGSSoftware Insight Security Research
Argosoft Mail Server Plus/Pro Webmail Reverse Directory Traversal, nfinity
Security Update: [CSSA-2002-SCO.31] UnixWare 7.1.1 Open UNIX 8.0.0 : Apache Web Server Chunk Handling Vulnerability / mod_ssl off-by-one error, security
Security Update: [CSSA-2002-SCO.32] OpenServer 5.0.5 OpenServer 5.0.6 : Apache Web Server Chunk Handling Vulnerability / mod_ssl off-by-one error, security
MDKSA-2002:040-1 - openssh update, Mandrake Linux Security Team
Three problems in OpenSSH's ssh-keysign, Charles Hannum
- Re: Three problems in OpenSSH's ssh-keysign, Theo de Raadt
CORE-20020620: Inktomi Traffic Server Buffer Overflow, Iván Arce
Noguska Nola 1.1.1 [ Intranet Business Management Software ], sindhi
Falsifying a VeriSign Seal (Japan), Noam Rathaus
SuSE Security Announcement: openssh (SuSE-SA:2002:024), Roman Drahtmueller
Re: Remote DoS in AnlaogX SimpleServer:www 1.16, Auriemma Luigi
BIND 9.2.1 patch, multiple RR's for singleton types., Tim Gladding
- Re: BIND 9.2.1 patch, multiple RR's for singleton types., Jim Reid
  - Re: BIND 9.2.1 patch, multiple RR's for singleton types., der Mouse
  - Re: BIND 9.2.1 patch, multiple RR's for singleton types., Tim Gladding
    - Sybase contact, Aaron C. Newman
    - Re: Sybase contact, Ryan Russell
[ESA-20020702-017] off-by-one in mod_ssl's configuration directive handling, EnGarde Secure Linux
Security Advisory: Cisco Secure ACS Unix Acme.server Information Disclosure Vulnerability, Cisco Systems Product Security Incident Response Team
CommuniGate Pro directory listings, c0rrect0r
- Re: CommuniGate Pro directory listings, tfm
[CLA-2002:504] Conectiva Linux Security Announcement - apache, secure
PHPAuction bug, ethx
[ESA-20020702-016] several vulnerabilities in the OpenSSH daemon, EnGarde Secure Linux
XSS in Slashcode, gcsb
- Re: XSS in Slashcode, Jamie McCarthy
[SECURITY] [DSA-135-1] buffer overflow / DoS in libapache-mod-ssl, Robert van der Meulen
Foundstone Advisory - Buffer Overflow in AnalogX Proxy (fwd), Dave Ahmad
- NEC's socks5 (Re: Foundstone Advisory - Buffer Overflow in AnalogX Proxy (fwd)), 3APA3A
- Re: Foundstone Advisory - Buffer Overflow in AnalogX Proxy (fwd), Kanatoko
BufferOverflow in OmniHTTPd 2.09, Martin J. Muench
CSS in blackboard, Berend-Jan Wever
KPMG-2002028: Sitespring Server Denial of Service, Peter Gründl
Revised OpenSSH Security Advisory, Markus Friedl
PTL-2002-03 Betsie XSS Vuln, Mark A. Rowe (PenTest)
KPMG-2002026: Jrun sourcecode Disclosure, Peter Gründl
Proof of Concept Code for OpenSSH, gobbles
ftp.bitchx.org's ircii-pana-1.0c19.tar.gz is backdoored, Hank Leininger