security.bugtraq (date)

security.bugtraq (date)

August 31, 2002

Re: Webmin Vulnerability Leads to Remote Compromise (RPC CGI), Noam Rathaus
FactoSystem CMS Contains Multiple Vulnerabilities, Matthew Murphy
[security bulletin] SSRT2275 HP Tru64 UNIX - Potential Buffer Overflows & SSRT2229 Potential Denial of Service (fwd), Dave Ahmad
Trillian XML parser buffer overflow, John C. Hennessy

August 30, 2002

Potential issue with Ethereal, Jonas Eriksson
Re: SUMMARY: Disabling Port 445 (SMB) Entirely, Andrew Oman
RE: Macromedia Shockwave Flash Malformed Header Overflow, Martin O'Neal
Re: IE bug not fixed - update, Sanford Olson
SUMMARY: Disabling Port 445 (SMB) Entirely, Jason Coombs
RE: Security side-effects of Word fields, Hauke Lampe
GLSA: ethereal, Daniel Ahlberg
[RHSA-2002:162-12] PXE server crashes from certain DHCP packets, bugzilla
Re: Webmin Vulnerability Leads to Remote Compromise (RPC CGI), Muhammad Faisal Rauf Danka

August 29, 2002

Re: Yet another SMB dos concept code, Kevin Gennuso
MDKSA-2002:054 - gaim update, Mandrake Linux Security Team
MDKSA-2002:055 - hylafax update, Mandrake Linux Security Team
Netscape JRE vulnerability on IRIX, SGI Security Coordinator
Re: Yet another SMB dos concept code, Thomas Antepoth
[CLA-2002:519] Conectiva Linux Security Announcement - kde, secure
Re: Yet another SMB dos concept code, Fabio Pietrosanti (naif)
Re: White paper: Exploiting the Win32 API., Chris Paget
Re: Lynx CRLF Injection, part two, Petr Baudis
Windows SMB DoS - Proof of concept, Frederic Deletang
Yet another SMB dos concept code, Huagang Xie
Re: Kerio Mail Server Multiple Security vulnerabilities, Abraham Lincoln
Microsoft Terminal Server Client Buffer Overrun (A082802-1), @stake Advisories

August 28, 2002

Re: PHP: Bypass safe_mode and inject ASCII control chars with mail(), Ulf Harnhammar
Manipulating Microsoft SQL Server Using SQL Injection, Aaron C. Newman
Webmin Vulnerability Leads to Remote Compromise (RPC CGI), Aviram Jenik
SWServer 2.2 directory traversal bug, Bugtest
RE: White paper: Exploiting the Win32 API., Drew
Re: iDEFENSE Security Advisory: Linuxconf locally exploitable buffer overflow, Dave Aitel
iDEFENSE Security Advisory: Linuxconf locally exploitable buffer overflow, David Endler
RE: White paper: Exploiting the Win32 API., Rothe, Greg (G.A.)
Re: Security side-effects of Word fields, Kyle Duren
Origin of downloaded files can be spoofed in MSIE, Jouko Pynnonen
[SECURITY] [DSA 159-1] New Python packages fix insecure temporary file use, Martin Schulze

August 27, 2002

Re: Security side-effects of Word fields, Sean Smith
NOVL-2002-2961546 - SNMPv1 Trap and Request HandlingVulnerabilities, Ed Reed
Re: IPv4 mapped address considered harmful, Mark Tinberg
`admin' bug in upb, GooDWiN
Re: IPv4 mapped address considered harmful, Anthony DeRobertis
Re: IPv4 mapped address considered harmful, Mark Tinberg
Re: IPv4 mapped address considered harmful, itojun
Re: IPv4 mapped address considered harmful, Peter J. Holzer
Re: Kerio Mail Server Multiple Security Vulnerabilities, Jaroslav Snajdr
Re: IPv4 mapped address considered harmful, itojun
Yahoo Messenger Install Secuirty, Kyle Duren
Re: IPv4 mapped address considered harmful, Anthony DeRobertis
Re: Microsoft SQL Server Agent Jobs Vulnerabilities (#NISR15002002B), Chip Andrews
Re: SAP R/3 default password vulnerability, John Eisenschmidt
IE bug not fixed - update, Brian Taylor
Re: IPv4 mapped address considered harmful, Anthony DeRobertis
Re: IPv4 mapped address considered harmful, itojun
Re: IPv4 mapped address considered harmful, itojun
Re: White paper: Exploiting the Win32 API., Paul Starzetz
MDKSA-2002:053 - xinetd update, Mandrake Linux Security Team
Re: IPv4 mapped address considered harmful, Anthony DeRobertis
Security Update: [CSSA-2002-SCO.38] Open UNIX 8.0.0 UnixWare 7.1.1 : X server insecure popen and buffer overflow, security
GLSA: gaim, Daniel Ahlberg
[SECURITY] [DSA 158-1] New gaim packages fix arbitrary program execution, Martin Schulze
uuuppz.com - Advisory 002 - mIRC $asctime overflow, James Martin

August 26, 2002

Security side-effects of Word fields, Alex Gantman
Re: Microsoft SQL Server Agent Jobs Vulnerabilities (#NISR15002002B), David Litchfield
SAP R/3 default password vulnerability, Stefan Hoelzner
[SECURITY] [DSA 147-2] New mailman packages fix cross-site scripting problem, Martin Schulze
Re: Kerio Personal Firewall DOS Vulnerability, Jason Giglio
Re: Microsoft SQL Server Agent Jobs Vulnerabilities (#NISR15002002B), Brent Glover
Re: AOL Instant Messenger Heap Overflow, JasonBrown777
Kerio Personal Firewall DOS Vulnerability, Abraham Lincoln
Belkin F5D6130 Wireless Network Access Point SNMP Request Denial Of Service Vulnerability, wlanman
More OmniHTTPd Problems, Matthew Murphy
OmniHTTPd test.shtml Cross-Site Scripting Issue, Matthew Murphy
OmniHTTPd test.php Cross-Site Scripting Issue, Matthew Murphy
phpReactor - Cross-Site Scripting via STYLE, Matthew Murphy
Microsoft Internet Explorer Legacy Text Control Buffer Overflow (#NISR26082002), NGSSoftware Insight Security Research
GLSA: PostgreSQL, Daniel Ahlberg

August 24, 2002

Blazix 1.2 jsp view and free protected folder access, Auriemma Luigi
Fwd: [GENERAL] PostgreSQL 7.2.2: Security Release, Lamar Owen
AOL Instant Messenger Heap Overflow, Matthew Murphy
Security Update: [CSSA-2002-SCO.37] UnixWare 7.1.1 : buffer overflow in DNS resolver, security

August 23, 2002

[Mantis Advisory/2002-07] Bugs in private projects listed on 'View Bugs', Jeroen Latour
RE: DoS against mysqld, Bob Castleberry
[Mantis Advisory/2002-06] Private bugs accessible in Mantis, Jeroen Latour
Re: [luca.ercoli@xxxxxxxxx: DoS against mysqld], Simone Piunno
UTStarcom B-NAS 1000 / B-RAS 1000 Major Security Flaw, Scott T. Cameron
Re: [luca.ercoli@xxxxxxxxx: DoS against mysqld], Rich Lafferty
[RHSA-2002:176-06] Updated mailman packages close cross-site scripting vulnerability, bugzilla
Re: [luca.ercoli@xxxxxxxxx: DoS against mysqld], bda
Re: DoS against mysqld, Ryan Fox
Re: [VulnDiscuss] Re: Arbitrary Command Execution on Distributor SQL Server 2000 machines (#NISR22002002A), Steve
Re: Arbitrary Command Execution on Distributor SQL Server 2000 machines (#NISR22002002A), Cesar
PHP: Bypass safe_mode and inject ASCII control chars with mail(), Wojciech Purczynski
[luca.ercoli@xxxxxxxxx: DoS against mysqld], Simone Piunno
Re: Lynx CRLF Injection, part two, Alberto Devesa
Re: Lynx CRLF Injection, part two, Ulf Harnhammar
DoS against mysqld, luca.ercoli@xxxxxxxxx
ToorCon Computer Security Conference 2002 Announcement, h1kari
Accessing remote/local content in IE (GM#009-IE), GreyMagic Software
[SECURITY] [DSA 157-1] New irssi-text packages fix denial of service, Martin Schulze
CORE-20020618: Vulnerabilities in Windows SMB (DoS), Iván Arce

August 22, 2002

Arbitrary code execution problem in Achievo, Jeroen Latour
[SECURITY] [DSA 156-1] New Light package fixes arbitrary script execution, Martin Schulze
Security Update: [CSSA-2002-SCO.36] UnixWare 7.1.1 Open UNIX 8.0.0 : command line buffer overflow in ndcfg, security
Re: possible exploit: D-Link DI-804 unauthorized DHCP release from WAN, Roger McLaren
Arbitrary Command Execution on Distributor SQL Server 2000 machines (#NISR22002002A), David Litchfield
Light Security Advisory: Remotely-exploitable code execution, J. S. Connell
Abyss 1.0.3 directory traversal and administration bugs, Auriemma Luigi
LG Electronics LG3100p router, Lukasz Bromirski
Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL, Steffen Dettmer
Lynx CRLF Injection, part two, Ulf Harnhammar
IPv4 mapped address considered harmful, Jun-ichiro itojun Hagino
possible exploit: D-Link DI-804 unauthorized DHCP release from WAN, Jens Jensen
[UPDATED] Advisory: Multiple 602Pro LAN SUITE 2002 Denial of Service Attacks, Stan Bubrouski
Re: Information disclosure on mod_auth ( apache 1.3.26 ) ?, Alex Muntada
Terrible: Windows Media Player, http-equiv@xxxxxxxxxx
Cisco IOS exploit PoC, FX

August 21, 2002

WorldView vulnerability on IRIX, SGI Security Coordinator
[RHSA-2002:158-09] New kernel update available, fixes i810 video oops, several security issues, bugzilla
Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL, Lamar Owen
NOVL-2002-2963349 - Rconag6 Secure IP Login Vulnerability - NW6SP2, Ed Reed
Re: Solaris 2.6-8 SPARC Telnetd Vulnerability, Casper Dik
More DBCC overruns SQL SEVER 2000, Mark Litchfield
Solaris 2.6-8 SPARC Telnetd Vulnerability, Brendan C. Johnson
bugtraq@xxxxxxxxxxxxxxxx list issues [2], 3APA3A
LG Electronics LG3001f router, Bromirski, Lukasz
More Vulnerabilities with Pingtel xpressa SIP-based IP phones, Ofir Arkin
Win32 API 'shatter' vulnerability found in VNC-based products, EXT-Bellers, Chris
Re: @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL, Florian Weimer
[RHSA-2002:109-07] Updated bugzilla packages fix security issues, bugzilla

August 20, 2002

@(#)Mordred Labs advisory 0x0004: Multiple buffer overflows in PostgreSQL., Sir Mordred The Traitor
Re: IE SSL Vulnerability, J. Lasser
@(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL, Sir Mordred The Traitor
NSSI-2002-tpfw: Tiny Personal Firewall 3.0 Denial of Service Vulnerabilities, Aaron Lu
vulnerabilities in scponly, Derek D. Martin
NOVL-2002-2963307 - PERL Handler Vulnerability, Ed Reed
NOVL-2002-2963297 - NetBasic Buffer Overflow + Scripting Vulnerability, Ed Reed
[RHSA-2002:102-26] New PHP packages fix vulnerability in safemode, bugzilla
killer k00kie [was Re: SILLY BEHAVIOR : Internet Explorer 5.5 - 6.0], http-equiv@xxxxxxxxxx
Advisory: DoS in WebEasyMail +more possible?, Stan Bubrouski
RE: Exploiting the Google toolbar (GM#001-MC), GreyMagic Software
Re: Freebsd FD exploit, Jacques A. Vidrine

August 19, 2002

Advisory: Bonsai XSS and Physical Path Revealing Vulnerabilities, Stan Bubrouski
Re: PHP-Nuke v5.6 - Users can compromise admin accts, Ravish.
Information disclosure on mod_auth ( apache 1.3.26 ) ?, Hector A. Paterno
Security Update: [CSSA-2002-SCO.28.1] UnixWare 7.1.1 Open UNIX 8.0.0 : REVISED: rpc.ttdbserverd file creation/deletion and buffer overflow vulnerabilities, security
Re: Internet explorer can read local files, Avleen Vig
W3C Jigsaw Proxy Server: Cross-Site Scripting Vulnerability (REPOST), TAKAGI, Hiromitsu
Freebsd FD exploit, dvdman
Re: Internet explorer can read local files, Jelmer
Multiple security vulnerabilities inside Microsoft File Transfer Manager ActiveX control (<4.0) [buffer overflow, arbitrary file upload/download], Andrew G. Tereschenko
New SecurityFocus Lists, Hal Flynn
[Mantis Advisory/2002-04] Arbitrary code execution vulnerability in Mantis, Jeroen Latour
[Mantis Advisory/2002-02] Limiting output to reporters can be bypassed, Jeroen Latour
Weak MySQL Default Configuration on Windows, Mike Bommarito
[Mantis Advisory/2002-01] SQL poisoning vulnerability in Mantis, Jeroen Latour
[Mantis Advisory/2002-05] Arbitrary code execution and file reading vulnerability in Mantis, Jeroen Latour
Kerio Mail Server Multiple Security Vulnerabilities, Abraham Lincoln
[Mantis Advisory/2002-03] Bug listings of private projects can be viewed through cookie manipulation, Jeroen Latour
Re: @(#) Mordred Labs advisory 0x0001: Buffer overflow in PostgreSQL, Florian Weimer
Lynx CRLF Injection, Ulf Harnhammar
Tiny3 vs Winhelp32 Bof, Brett Moore
Re: IE SSL Vulnerability, Charles Miller
[RHSA-2002:151-21] Updated libpng packages fix buffer overflow, bugzilla
nCipher Advisory #5: C_Verify validates incorrect symmetric signatures, nCipher Support
FUDforum file access and SQL Injection, Ulf Harnhammar
KDE Security Advisory: Konqueror SSL vulnerability, Waldo Bastian
@(#) Mordred Labs advisory 0x0001: Buffer overflow in PostgreSQL, Sir Mordred The Traitor
Multiple Buffer Overflow vulnerabilities in SteelArrow (#NISR19082002B), NGSSoftware Insight Security Research
Insufficient Verification of Client Certificates in IIS 5.0 pre sp3, Johan Persson
Arbitrary File Creation/Overwrite with SQL Agent Jobs (SQL 2000 and 7) (#NISR19002002A), NGSSoftware Insight Security Research
FreeBSD Security Advisory FreeBSD-SA-02:38.signed-error, FreeBSD Security Advisories

August 17, 2002

August 16, 2002

Repost: Buffer overflow in Microsoft DirectX Files Viewer xweb.ocx (<2,0,16,15) ActiveX sample, Andrew G. Tereschenko
RE: PHP-Nuke v5.6 - Users can compromise admin accts., Eric Stevens
Re: PHP-Nuke v5.6 - Users can compromise admin accts., Konstantin Riabitsev
Subtle insinuations may be more than idle threats I'm afraid., security
RE: IE [with Google Toolbar installed] crash, Mark Healey
Re: Delete arbitrary files using Help and Support Center [MSRC 1198dg], Gary Flynn
Re: PHP-Nuke v5.6 - Users can compromise admin accts., <-delusion->
Re: [SNS Advisory No.55] Eudora 5.x for Windows Buffer Overflow Vulnerability, John D. Hardin
Re: IE SSL Vulnerability, robert walker
Re: IE [with Google Toolbar installed] crash, Chuck
Re: "August 2002 Cumulative Update For Internet Explorer (Q323759)" & IE6 SP1, Dave English
Sun RPC xdr_array vulnerability on IRIX, SGI Security Coordinator
Re: Apache 2.0.39 directory traversal and path disclosure bug, William A. Rowe, Jr.
Re: PHP-Nuke v5.6 - Users can compromise admin accts., Jelmer
MODERATOR WAIT ! Re: SILLY BEHAVIOR : Internet Explorer 5.5 - 6.0, http-equiv@xxxxxxxxxx
Apache 2.0.39 directory traversal and path disclosure bug, Auriemma Luigi
NTFS Hard Links Subvert Auditing (A081602-1), @stake Advisories
Microsoft SQL Server Agent Jobs Vulnerabilities (#NISR15002002B), David Litchfield
Microsoft SQL Server Extended Stored Procdure privilege upgrade vulnerabilities (#NISR15002002A), David Litchfield

August 15, 2002

Re: IE [with Google Toolbar installed] crash, Bill Fryberger
"August 2002 Cumulative Update For Internet Explorer (Q323759)" & IE6 SP1, Carl R Diliberto
Input validation attack in php-affiliate-v1.0, MOD
[RHSA-2002:172-07] Updated krb5 packages fix remote buffer overflow, bugzilla
Re: OpenSSL Vulnerabilities, Sami Dalouche
Re: OpenSSL Vulnerabilities, Patrick Brauch
MDKSA-2002:052 - sharutils update, Mandrake Linux Security Team
MDKSA-2002:051 - xchat update, Mandrake Linux Security Team
IceWarp Webmail XSS, DarC KonQuesT
IE [with Google Toolbar installed] crash, Adam [onet]
RE: Trivial root compromise in Gateway GS-400 NAS Servers, Quarantine
PHP-Nuke v5.6 - Users can compromise admin accts., <-delusion->
Web Shop Manager Security Vulnerability, Tacettin Karadeniz
Delete arbitrary files using Help and Support Center [MSRC 1198dg], Shane Hird
MDKSA-2002:038-1 - bind update, Mandrake Linux Security Team
SILLY BEHAVIOR : Internet Explorer 5.5 - 6.0, http-equiv@xxxxxxxxxx

August 14, 2002

Trivial root compromise in Gateway GS-400 NAS Servers, Keith T. Morgan
new bugs in MyWebServer, D4rkGr3y
L-Forum Vulnerability - SQL Injection, Matthew Murphy
GLSA: xinetd, Daniel Ahlberg
Cisco Security Advisory: Cisco Content Service Switch 11000 Series Web Management Vulnerability, Cisco Systems Product Security Incident Response Team
MAC address change on SGI Origin 3000, SGI Security Coordinator
Acrobat Reader symlink vulnerability on IRIX, SGI Security Coordinator
Oracle Listener Control Format String Vulnerabilities (#NISR14082002), NGSSoftware Insight Security Research
MDKSA-2002:049 - libpng update, Mandrake Linux Security Team
TSLSA-2002-0067 - glibc, Trustix Secure Linux Advisor
MDKSA-2002:050 - glibc update, Mandrake Linux Security Team
L-Forum XSS and upload spoofing, Ulf Harnhammar
IRIX ftpd minor vulnerabilities, SGI Security Coordinator

August 13, 2002

Re: The Large-Scale Threat of Bad Data in DNS, Greg Steuck
[SECURITY] [DSA 149-1] New glibc packages fix security related problems, Martin Schulze
Re: EEYE: Macromedia Shockwave Flash Malformed Header Overflow, Will Bryant
mantisbt security flaw, Joao Gouveia
Multiple Vulnerabilities in CafeLog Weblog Package, Matthew Murphy
[RHSA-2002:166-07] Updated glibc packages fix vulnerabilities in RPC XDR decoder, bugzilla
[SECURITY] [DSA 152-1] New l2tpd packages adds better randomization, Martin Schulze
[SECURITY] [DSA 151-1] New xinetd packages fix local denial of service, Martin Schulze
NOVL-2002-FAQ - Novell Security Alerts Facts Sheet, Ed Reed
RE: EEYE: Macromedia Shockwave Flash Malformed Header Overflow, Drew
[SECURITY] [DSA 150-1] New interchange packages fix illegal file exposition, Martin Schulze
New l2tpd release 0.68, Jeff Mcadams
The Large-Scale Threat of Bad Data in DNS, FORENSICS.ORG Security Coordinator
Re: Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG, Werner Koch
SAME LADY, DIFFERENT DRESS: Internet Explorer 6, http-equiv@xxxxxxxxxx

August 12, 2002

Bulk Data Services (BDS) vulnerability on IRIX, SGI Security Coordinator
NOVL-2002-2963081 - Novell iManager (eMFrame 1.2.1) DoS Attack, Ed Reed
OpenBSD Security Advisory: Select Boundary Condition (fwd), Jonas Eriksson
Re: EEYE: Macromedia Shockwave Flash Malformed Header Overflow, Carlos Laviola
[RHSA-2002:148-06] Updated Tcl/Tk packages fix local vulnerability, bugzilla
CERN Proxy Server: Cross-Site Scripting Vulnerability, TAKAGI, Hiromitsu
TinySSL Vendor Statement: Basic Constraints Vulnerability, Adam Megacz
Implementation of Chosen-Ciphertext Attacks against PGP and GnuPG, aleph1
Re: IE SSL Vulnerability (Konqueror affected too), Thomas C. Greene
IE SSL Exploit, Mike Benham
Vulnerability in Oracle, Gilles Parc
[SECURITY] [DSA 148-1] New hylafax packages fix security related problems, Martin Schulze
SuSE Security Announcement: i4l (SuSE-SA:2002:030), Sebastian Krahmer
ENTERCEPT RICOCHET ADVISORY: Multi-Vendor CDE ToolTalk Database Server Remote Buffer Overflow Vulnerability, Ricochet
Cisco Security Advisory: Cisco VPN Client Multiple Vulnerabilities, Cisco Systems Product Security Incident Response Team

August 11, 2002

Re: IE SSL Vulnerability, Paweł Krawczyk
Re: CSS bug in Winamp, Chris
Re: IE SSL Vulnerability, Torbj�rn
Re: IE SSL Vulnerability, Balazs Scheidler
Re: IE SSL Vulnerability, Torbjörn Hovmark
RE: Windows 2000 Service Pack 3 now available., Javier Sanchez (Information Systems)
Re: IE SSL Vulnerability, Balazs Scheidler
RE: White paper: Exploiting the Win32 API., Kenn Humborg

August 10, 2002

CodeCon 2003 Call for Papers, Len Sassaman
RE: Winhelp32 Remote Buffer Overrun, Drew
MidiCart Shopping Cart Software database vulnerability, Dimitri Sekhniashvili
RE: White paper: Exploiting the Win32 API., Marc Maiffret
Re: White paper: Exploiting the Win32 API., Andrey Kolishak
RE: Winhelp32 Remote Buffer Overrun, Drew
Re: [SNS Advisory No.55] Eudora 5.x for Windows Buffer Overflow Vulnerability, Kanatoko
RE: EEYE: Macromedia Shockwave Flash Malformed Header Overflow, Richard M. Smith
Re: [SNS Advisory No.55] Eudora 5.x for Windows Buffer Overflow Vulnerability, Steven Michaud

August 09, 2002

Re: EEYE: Macromedia Shockwave Flash Malformed Header Overflow, Tim Jackson
RE: EEYE: Macromedia Shockwave Flash Malformed Header Overflow, Mike Chambers
Apache 2.0 vulnerability affects non-Unix platforms, Mark J Cox
Re: Microsoft SQL Server 2000,7 OpenRowSet Buffer Overflow vulnerability (#NISR02072002), Dave Aitel
Re: EEYE: Macromedia Shockwave Flash Malformed Header Overflow, Scott Lampert
Re: IE SSL Vulnerability, Mike Benham
Cross-Site Scripting Issues in Falcon Web Server, Matthew Murphy
Re: EEYE: Macromedia Shockwave Flash Malformed Header Overflow, ismail donmez
[RHSA-2002:133-13] Updated bind packages fix buffer overflow in resolver library, bugzilla
Re: [SNS Advisory No.55 rev.2] Eudora 5.x for Windows Buffer Overflow Vulnerability, John Pettitt
Re: [VulnWatch] iDEFENSE Security Advisory: iSCSI Default Configuration File Settings, Mike Caudill
MDKSA-2002:048 - mod_ssl update, Mandrake Linux Security Team
EEYE: Sun(TM) ONE / iPlanet Web Server 4.1 and 6.0 Remote Buffer Overflow, Marc Maiffret
EEYE: Macromedia Shockwave Flash Malformed Header Overflow, Marc Maiffret
MDKSA-2002:047 - util-linux update, Mandrake Linux Security Team
[SECURITY] [DSA 147-1] New mailman packages fix cross-site scripting problem, Martin Schulze
Security Update: [CSSA-2002-035.0] Linux: local off by one in cvsd, security
Re: White paper: Exploiting the Win32 API., Simos Xenitellis
RE: IE SSL Vulnerability, Pidgorny, Slav

August 08, 2002

Eudora attachment spoof, Paul Szabo
Macromedia Flash plugin can read local files, Jelmer
[SNS Advisory No.55 rev.2] Eudora 5.x for Windows Buffer Overflow Vulnerability, Atsushi Nishimura
[SECURITY] [DSA 146-2] New dietlibc packages fix integer overflows, Martin Schulze
[CLA-2002:516] Conectiva Linux Security Announcement - openssl, secure
@stake advisory: WS_FTP SITE CPWD Buffer Overflow vulnerability (a090902-1), @stake advisories
Exploiting the Google toolbar (GM#001-MC), GreyMagic Software
[SECURITY] [DSA 146-1] New dietlibc packages fix integer overflows, Martin Schulze
iDEFENSE Security Advisory: iSCSI Default Configuration File Settings, David Endler

August 07, 2002

BIND vulnerabilities in IRIX named, SGI Security Coordinator
[ESA-20020807-020] ASN.1 vulnerability fix corrections, EnGarde Secure Linux
[CLA-2002:515] Conectiva Linux Security Announcement - krb5, secure
RE: White paper: Exploiting the Win32 API., John Howie
Re: White paper: Exploiting the Win32 API., slack3r
[SECURITY] [DSA 145-1] New tinyproxy packages fix security vulnerability, Martin Schulze
Re: White paper: Exploiting the Win32 API., Adam Megacz
Re: IE SSL Vulnerability, Alex Loots
MS SQL Server Hello Overflow NASL script, Dave Aitel
Cisco Security Advisory: Cisco VPN 5000 Series Concentrator RADIUS PAP Authentication Vulnerability, Cisco Systems Product Security Incident Response Team
Re: White paper: Exploiting the Win32 API., Chris Calabrese
Re: White paper: Exploiting the Win32 API., Roland Kaufmann
MDKSA-2002:046-1 - openssl update, Mandrake Linux Security Team
Re: Winhelp32 Remote Buffer Overrun, Mark Litchfield
RE: Bypassing cookie restrictions in IE 5+6, GreyMagic Software
RE: Bypassing cookie restrictions in IE 5+6, Christopher G. Lewis

August 06, 2002

Re: White paper: Exploiting the Win32 API., Chad Loder
Re: White paper: Exploiting the Win32 API., Florian Weimer
RE: White paper: Exploiting the Win32 API., John Howie
Re: White paper: Exploiting the Win32 API., Florian Weimer
SECURITY.NNOV: Windows 2000 system partition weak default permissions, 3APA3A
Fate Research Labs Advisory: Retrieve SHOUTcast Admin Password Through GET /, Loki
Re: qmailadmin SUID buffer overflow, badc0ded
IE SSL Vulnerability, Mike Benham
Re: [SNS Advisory No.55] Eudora 5.x for Windows Buffer Overflow Vulnerability, Kanatoko
RE: White paper: Exploiting the Win32 API., John Howie
Re: White paper: Exploiting the Win32 API., Chris Paget
Security Update: [CSSA-2002-034.0] Linux: buffer overflow in multiple DNS resolver libraries, security
SPIKE 2.5 and associated vulns, Dave Aitel
[RHSA-2002:156-04] Updated secureweb packages fix temporary file handling, bugzilla
FreeBSD Security Advisory FreeBSD-SA-02:36.nfs, FreeBSD Security Advisories
FreeBSD Security Advisory FreeBSD-SA-02:35.ffs, FreeBSD Security Advisories
White paper: Exploiting the Win32 API., Chris Paget
FreeBSD Security Advisory FreeBSD-SA-02:37.kqueue, FreeBSD Security Advisories
Re: [SNS Advisory No.55] Eudora 5.x for Windows Buffer Overflow Vulnerability, Hack Hawk
CSS bug in Winamp, DownBload
Bypassing cookie restrictions in IE 5+6, Jelmer
Opera FTP View Cross-Site Scripting Vulnerability, Eiji James Yoshida
Mozilla FTP View Cross-Site Scripting Vulnerability, Eiji James Yoshida

August 05, 2002

Software vulnerability reporting survey, Tiina Havana
[SECURITY] [DSA 140-2] New libpng packages fix potential buffer overflow, Martin Schulze
[SECURITY] [DSA 142-1] New OpenAFS packages fix integer overflow bug, Martin Schulze
[SECURITY] [DSA 143-1] New krb5 packages fix integer overflow bug, Martin Schulze
[CLA-2002:514] Conectiva Linux Security Announcement - sendmail, secure
[SNS Advisory No.55] Eudora 5.x for Windows Buffer Overflow Vulnerability, snsadv
RUS-CERT Advisory 2002-08:02: Flaw in calloc and similar routines, Florian Weimer
RUS-CERT Advisory 2002-08:01: Incorrect integer overflow detection in C code, Florian Weimer
SNMP vulnerability in AVAYA Cajun firmware, Jacek Lipkowski
Re: FreeBSD Security Advisory FreeBSD-SA-02:34.rpc, Casper Dik
Advisory: Multiple 602Pro LAN SUITE 2002 Denial of Service Attacks, Stan Bubrouski
Clarification on Xitami DoS, Matthew Murphy
Advisory: ArGoSoft Mail Server Pro 1.8.1.7 DoS, Stan Bubrouski
OpenAFS Security Advisory 2002-001: Remote root vulnerability in OpenAFS servers, Derrick J Brashear

August 03, 2002

MSN Groups makes cross site scripting easy, Obscure
Fw: Security Update 2002-08-02 for OpenSSL, Sun RPC, mod_ssl for OS X, onlyOOD
Microsoft SQL Server 2000,7 OpenRowSet Buffer Overflow vulnerability (#NISR02072002), NGSSoftware Insight Security Research
Re: Microsoft Internet Explorer 'Folder View for FTP sites' Script Execution vulnerability, Eiji James Yoshida
Re: Xitami Connection Flood Server Termination Vulnerability, mattmurphy
Re: Xitami Connection Flood Server Termination Vulnerability, Muhammad Faisal Rauf Danka

August 02, 2002

Multiple Cyan Chat Exploits, chip
Xitami Connection Flood Server Termination Vulnerability, Matthew Murphy
RE: OpenSSL Vulnerabilities, Josh Welch
Lcc-win32 infos diffusion, Auriemma Luigi
MITKRB5-SA-2002-001: Remote root vulnerability in MIT krb5 admin system, Tom Yu
NetBSD Security Advisory 2002-011: Sun RPC XDR decoder contains buffer overflow, NetBSD Security Officer
NetBSD Security Advisory 2002-009: Multiple vulnerabilities in OpenSSL code, NetBSD Security Officer
NetBSD Security Advisory 2002-010: symlink race in pppd, NetBSD Security Officer
Xprobe2 - Tool & Paper release, Ofir Arkin
Nmap 3.00 Released -- http://www.insecure.org/, Fyodor
Re: OpenSSL Vulnerabilities, troy
Re: Remote Buffer Overflow Vulnerability in Sun RPC, Ricardo Quesada
Re: OpenSSL Vulnerabilities, Eric Rescorla
kerberos rpc xdr_array, david evlis reign
[SECURITY] [DSA 141-1] New mpack packages fix buffer overflow, Martin Schulze
Security Advisory: Raptor Firewall Weak ISN Vulnerability, Kristof Philipsen
RE: Windows 2000 Service Pack 3 now available., Nick FitzGerald
Sun AnswerBook2 format string and other vulnerabilities, ghandi
OpenSSL Vulnerabilities, Tina Bird
Re: It takes two to tango, Ltlw0lf
Re: The SUPER bug, William Deich
Re: Windows 2000 Service Pack 3 now available., Darren Reed
Two more exploitable holes in the trillian irc module, josh
Re: Winhelp32 Remote Buffer Overrun, Jelmer
Fw: [slackware-security] Security updates for Slackware 8.1, Adam Young

August 01, 2002

RE: Windows 2000 Service Pack 3 now available., Colin Stefani
Formal Response to HP, ATD
trillian buffer overflow, John C. Hennessy
Re: FreeBSD Security Advisory FreeBSD-SA-02:34.rpc, Adam Sampson
Re: Additional bugs in gallery, Bharat Mediratta
Re: OpenSSL Security Altert - Remote Buffer Overflows, Scott Gifford
Re: trojan horse in recent openssh (version 3.4 portable 1), Jim Breton
Re: it's all about timing, Steven M. Christey
iPlanet vulnerabilities on IRIX, SGI Security Coordinator
Re: Comment on DMCA, Security, and Vuln Reporting], Declan McCullagh
code injection in gallery, avart
FW: Windows 2000 Service Pack 3 now available., Leif Sawyer
RE: Comment on DMCA, Security, and Vuln Reporting, Wolf, Glenn
List of mirrors carrying trojaned OpenSSH, Tomi Nylund
Winhelp32 Remote Buffer Overrun, Next Generation Insight Security Research Team
Sun RPC xdr_array vulnerability, SGI Security Coordinator
Re: IPSwitch IMail ADVISORY/EXPLOIT/PATCH, Tom Fischer
rpc.pcnfsd vulnerabilities on IRIX, SGI Security Coordinator
HiverCon 2002, Ireland - Earlybird registration now available, Mark Anderson
FreeBSD Security Advisory FreeBSD-SA-02:34.rpc [REVISED], FreeBSD Security Advisories
SuSE Security Announcement: wwwoffle (SuSE-SA:2002:029), Thomas Biege
[SECURITY] [DSA 140-1] New libpng packages fix buffer overflow, Martin Schulze
Re: [Full-Disclosure] Re: it's all about timing, Georgi Guninski
RPC analysis, Charles Hannum
[SECURITY] [DSA 139-1] New super packages fix local root exploit, Martin Schulze
Re: Phenoelit Advisory 0815 ++ -- Brick, Andrew Ferreira
OpenSSH Security Advisory: Trojaned Distribution Files, Niels Provos
trojan horse in recent openssh (version 3.4 portable 1), Christian Bahls
openssh-3.4p1.tar.gz distribution recently trojaned, Mikael Olsson
it's all about timing, Florin Andrei
Re: It takes two to tango, Branson Matheson
TZ Advisores - Buffer Overflow in IBM U2 UniVerse ODBC, Claudio Ortiz Meinberg
Re: It takes two to tango, Kyle R. Hofmann
RE: It takes two to tango, Scott, Richard
RE: It takes two to tango (or samba for that matter), Gibby McCaleb
Incorrect Dichotomy - Was: It takes two to tango, Matthew White
FW: It takes two to tango (or samba for that matter), Gibby McCaleb
Re: It takes two to tango, Chris Paget
Re: It takes two to tango, Greg A. Woods
RE: It takes two to tango, John Howie
Re: It takes two to tango, Tom Perrine
Re: It takes two to tango, Randy Hinders
Re: It takes two to tango, Derek D. Martin
Re: [Full-Disclosure] it's all about timing, John Scimone
RE: It takes two to tango, Mark L. Jackson
Comment on DMCA, Security, and Vuln Reporting, Richard Forno
FreeBSD Security Advisory FreeBSD-SA-02:34.rpc, FreeBSD Security Advisories
Fwd: Re: [Full-Disclosure] for the record... (Tru64 / Compaq), John Scimone
bug in KSTAT, Dallachiesa Michele
[SECURITY] [DSA-138-1] Remote execution exploit in gallery, Wichert Akkerman

News | FAQ | advertise