security.bugtraq (date)

security.bugtraq (date)

April 30, 2003

[CLA-2003:633] Conectiva Security Announcement - glibc, Conectiva Updates
[CLA-2003:614] REVISED: Conectiva Security Announcement - sendmail, Conectiva Updates
Re: Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv), Valdis . Kletnieks
[CLA-2003:632] Conectiva Security Announcement - apache, Conectiva Updates
[ESA-20030430-013] 'snort' stream4 preprocessor integer overflow vulnerability, EnGarde Secure Linux
[ESA-20030430-014] 'tcpdump' multiple vulnerabilities, EnGarde Secure Linux
[SECURITY] [DSA 292-3] New mime-support packages really fix temporary file race conditions, Martin Schulze
RE: [Opera 7] Yet Another Story of "Phantom of the Opera", GreyMagic Software
OpenSSH/PAM timing attack allows remote users identification, Marco Ivaldi
Cisco Security Advisory: Cisco Content Service Switch 11000 Series DNS Negative Cache of Information Denial-of-Service, Cisco Systems Product Security Incident Response Team
GLSA: balsa (200304-10), Daniel Ahlberg
Re: Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv), Denise Genty
Re: Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv), Darren Tucker
Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv), Damien Miller
Latest MS SQL Server vulnerabilities revealed, Cesar

April 29, 2003

Re: Windows Server 2003 Security Guide available, Lucas Holt
RE: RE : IE / Outlook / MS SHLWAPI Render - more trivial crash, kajbaf
RE: Windows Server 2003 Security Guide available, Uwe Betz
[RHSA-2003:093-01] Updated MySQL packages fix vulnerabilities, bugzilla
April appeared to be a month of IE bugs. Here's another one., ERRor
HPUX rexec buffer overflow vulnerability, Davide Del Vecchio
Auerswald COMsuite/ Back Door, Kroma Pierre
Coldfusion MX: Java in CFM causes Crash, Marc Schoenefeld
RE: Windows Server 2003 Security Guide available, David F. Skoll
RE: Windows Server 2003 Security Guide available, paul
Re: PTNews v1.7.7 - Access to administrator functions without authentification, Rui Pimenta
MDKSA-2003:052 - Updated snort packages fix remote vulnerability, Mandrake Linux Security Team
RE: Windows Server 2003 Security Guide available, Frank Knobbe
RE: Windows Server 2003 Security Guide available, Jason Coombs
Re: Microsoft IIS Integrated Authentication, Michael . vonGlasow
RE: Windows Server 2003 Security Guide available, J.'LoneWolf' Mattsson
"netscape navigator" is cracked., Liu Die Yu
IdeaBox: Remote Command Execution, euronymous
Oracle Database Server Buffer Overflow Vulnerability (#NISR29042003), NGSSoftware Insight Security Research
[RHSA-2003:079-01] Updated zlib packages fix gzprintf buffer overflow vulnerability, bugzilla

April 28, 2003

RE: MDaemon SMTP/POP/IMAP server: =>6.0.7: POP remote DoS, William Pratt
Windows 2000 Security Hardening Guide Available, Michael Howard
Pi3Web 2.0.1 DoS, aT4r InsaN3
CORE-2003-0305-02: Vulnerabilities in Kerio Personal Firewall, CORE Security Technologies Advisories
MDaemon SMTP/POP/IMAP server: =>6.0.7: POP remote DoS, D4rkGr3y
MDaemon SMTP/POP/IMAP server =>v.6.7.5: IMAP buffer overflow, D4rkGr3y
s0h: Remote/Local exploit and patch for regedit.exe., descript
Buffer overflow in 3D-ftp, Over_G
GLSA: pptpd (200304-08), Daniel Ahlberg
GLSA: snort (200304-06), Daniel Ahlberg
[Opera 7/6] Long File Extension Heap Buffer Overrun Vulnerability in Download., nesumin
[Opera 7] Yet Another Story of "Phantom of the Opera", nesumin
GLSA: monkeyd (200304-07.1), Daniel Ahlberg
Qpopper v4.0.x poppassd local root exploit, dong-h0un U
ATM on Linux Exploit Code Release (les, local), Angelo Rosiello
GLSA: mgetty (200304-09), Daniel Ahlberg
IIS Security and Programming Countermeasures e-book, Jason Coombs

April 27, 2003

Re: RE: Windows Server 2003 Security Guide available, Greg Steuck
3com NBX IP Phone Call manager Denial of Service - Update, Michael Scheidell

April 26, 2003

Re: Apache http server 2.0, Justin [GHA]
Re: Apache http server 2.0, Justin [GHA]
Re: Cracking preshared keys, Stefan Laudat
Buffer overflow in Internet Explorer's HTTP parsing code, Jouko Pynnonen
Album.pl Vulnerability - Remote Command Execution, aresu
NII Advisory - Path Disclosure in Cold Fusion MX Server, Network Intelligence India Pvt. Ltd.
Apache http server 2.0, Kim De Smaele

April 25, 2003

RE: Windows Server 2003 Security Guide available, Jason Coombs
Vulnerability in nsd LDAP Implementation on IRIX, SGI Security Coordinator
Cross site scripting in Onecenter forum 4.0, David F. Madrid
Re: Unauthorized reading files on phpSysInfo, Wolter Kamphuis
Re: Cracking preshared keys, hank
Microsoft IIS Integrated Authentication, skybristol
Invision Power Board Plaintext Password Disclosure Vuln, JeiAr
Re: Exploit for PopPToP PPTP server - Working version, blightninjas
Path disclosure and file access on WebAdmin, David A . Pérez
Multiple Vulnerabilities in BSD LPR Subsystem on IRIX update, SGI Security Coordinator
XOOPS MyTextSanitizer CSS 1.3x & 2.x, magistrat
Unauthorized reading files on phpSysInfo, Albert Puigsech Galicia
Multiple SQL injection on OpenBB forums, Albert Puigsech Galicia
SonicWall Pro DoS?, Greg Smith
Re: Cracking preshared keys, Curt Sampson
Windows Server 2003 Security Guide available, Michael Howard
MDKSA-2003:051 - Updated ethereal packages fix remote vulnerability, Mandrake Linux Security Team
True Galerie 1.0 : Admin Access & File Copy, Frog Man
[BUGZILLA] Security Advisory - XSS, insecure temporary filenames, David Miller

April 24, 2003

Re: Nokia IPSO Vulnerability, Shawn Duffy
RE: Nokia IPSO Vulnerability, Iain.King
RE: Nokia IPSO Vulnerability, Miller, Rick
Re: Permanent crash in Opera 7.10, Dmitrij Lukasevic
PHP-Nuke 6.5 FINAL Cross Site Scripting, Frog Man
[RHSA-2003:118-01] Updated mICQ packages fix vulnerability, bugzilla
RE: Nokia IPSO Vulnerability, Jorge Merlino
Re: Nokia IPSO Vulnerability, Valdis . Kletnieks
address for postini security, Hamby, Charles D.
SRT2003-04-24-1532 - Options Parsing Tool library buffer overflows., KF
Re: Cracking preshared keys, Michael Thumann
Re: Nokia IPSO Vulnerability, Damieon Stark
RE: Cracking preshared keys, Rager, Anton (Anton)
[RHSA-2003:142-01] Updated LPRng packages fix psbanner vulnerability, bugzilla
Re: DNS vulnerabilities in shared host environments, Frank Tegtmeyer
Re: Cracking preshared keys, Michael Thumann
Re: Cracking preshared keys, Gary Flynn
[RHSA-2003:112-01] Updated squirrelmail packages fix cross-site scripting vulnerabilities, bugzilla
An Implementation of a Birthday Attack in a DNS Spoofing, Ramon Izaguirre
DNS vulnerabilities in shared host environments, Chris Leishman
Permanent crash in Opera 7.10, David F. Madrid
Positive Technologies SA2003-0310: DoS-attack in VisNetic ActiveDefense, Dmitry Maksimov
RE: Nokia IPSO Vulnerability, Jorge Merlino
Internet Explorer Plugin.ocx heap overflow (#NISR24042003), NGSSoftware Insight Security Research
SuSE Security Announcement: KDE (SuSE-SA:2003:026), Sebastian Krahmer
BRS WebWeaver: Ftpd Lockdown via RETR cmd, euronymous
Re: Cracking preshared keys, Derek
SQL injection in BttlxeForum, SecurityTracker
Re: Cracking preshared keys, David Wagner
Nokia IPSO Vulnerability, Jonas Eriksson
Cisco Security Advisory: Cisco Catalyst Enable Password Bypass Vulnerability, Cisco Systems Product Security Incident Response Team
NSFOCUS SA2003-04 : Remote Buffer Overflow Vulnerability in Web Management Interface of Cisco Secure ACS, NSFOCUS Security Team
[VulnDiscuss] Re: Cracking preshared keys, Gary Flynn

April 23, 2003

[VulnDiscuss] RE: Cracking preshared keys, Lance James
Re: Secunia Research: Xeneo Web Server URL Encoding Denial of Service, Hotmail
[VulnDiscuss] Re: Cracking preshared keys, Damir Rajnovic
[RHSA-2003:076-01] Updated ethereal packages fix security vulnerabilities, redhat-announce-list-admin
RE: [cgiwrap-users] RE: Format strings vuln in CGIwrap, Neulinger, Nathan
[VulnDiscuss] Re: Xeneo Webserver Vulnerability, badpack3t
[VulnDiscuss] Re: [Full-Disclosure] Secunia Research: Xeneo Web Server URL Encoding Denial of Service, GaLiaRePt
[VulnDiscuss] Xeneo Webserver Vulnerability, Tamer Sahin
RE: Format strings vuln in CGIwrap, Neulinger, Nathan
[SECURITY] [DSA 294-1] New gkrellm-newsticker packages fix DoS and arbitrary command execution, Martin Schulze
Re: Secunia Research: Xeneo Web Server URL Encoding Denial of Service, badpack3t
Format strings vuln in CGIwrap, b0f www . b0f . net
[SECURITY] [DSA 293-1] New kdelibs packages fix arbitrary command execution, Martin Schulze
Re[2]: Authentication flaw in microsoft SMB protocol, 3APA3A
Security problems in gkrellm-newsticker, Martin Schulze
[SECURITY] [DSA 292-2] New mime-support packages fix temporary file race conditions, Martin Schulze
Re: IE / Outlook / MS SHLWAPI Render - more trivial crash, Berend-Jan Wever
Snort <=1.9.1 exploit, truff
Cracking preshared keys, Michael Thumann
Cisco Security Advisory: Cisco Secure Access Control Server for Windows Admin Buffer Overflow Vulnerability, Cisco Systems Product Security Incident Response Team
[RHSA-2003:032-01] Updated tcpdump packages fix various vulnerabilities, bugzilla
Secunia Research: Xeneo Web Server URL Encoding Denial of Service, Carsten H. Eiram

April 22, 2003

Re: Exploit for PoPToP PPTP server - Linux version, John Leach
Re: Authentication flaw in microsoft SMB protocol, Chris Wysopal
Re: Stealth DMCA. Be afraid. Be very afraid..., Darren Pilgrim
Re: [mail_lists] Stealth DMCA. Be afraid. Be very afraid..., Jim
RE : IE / Outlook / MS SHLWAPI Render - more trivial crash, Gervaize Maquard
Defeating HTML "Encryption", rjfix
[CLA-2003:630] Conectiva Security Announcement - balsa, Conectiva Updates
XMB 1.8 Partagium SQL Injection Bug, zeez
SRT2003-04-22-1336 - SAP DB Development Tools install flaw, KF
IE / Outlook / MS SHLWAPI Render - more trivial crash, Ramon Pinuaga Cascales
Stealth DMCA. Be afraid. Be very afraid..., alaskan
[SECURITY] [DSA 292-1] New mime-support packages fix temporary file race conditions, Martin Schulze
[CLA-2003:629] Conectiva Security Announcement - tcpdump, Conectiva Updates
[SECURITY] [DSA 291-1] New ircII packages fix DoS and arbitrary code execution, Martin Schulze
[NGSEC-2003-5] YABB SE, remote command execution, labs
GLSA: snort (200304-05), Daniel Ahlberg
RE: Authentication flaw in microsoft SMB protocol, Jesper Johansson
[VulnDiscuss] Office 2000 bug, Regristration, Alex Elger

April 21, 2003

AN HTTPd Sample Script File Truncation, Matthew Murphy
PTNews v1.7.7 - Access to administrator functions without authentification, scrap
Re: Exploit/DoS in MS Internet Explorer 6.0 (OBJECT Tag), mattmurphy
Remote Vulnerabilties in mod_ntlm, Matthew Murphy
MPCSoftWeb Guest Book vulnerabilities., drG4njubas
ACER Travelmate 600 and 800 series - Smartcard flawed Implementation, Leonard.Ong

April 20, 2003

Monkey HTTPd Remote Buffer Overflow, Matthew Murphy
BadBlue Remote Administrative Access Vulnerability, Matthew Murphy
Race in XP SCM Service Shutdown Mechanism, Matthew Murphy

April 19, 2003

Re: Authentication flaw in microsoft SMB protocol, Dave Aitel
IE 6.0 - trivial crash - part II, Adam [ckkl]
Authentication flaw in microsoft SMB protocol, seclab

April 18, 2003

Exploit for PoPToP PPTP server, einstein, dhtm
Xinetd 2.3.10 Memory Leaks, Steve Grubb

April 17, 2003

MDKSA-2003:049 - Updated kde3 packages fix arbitrary command execution, Mandrake Linux Security Team
Re: IE 6.0 - trivial crash, Geoff Shively
[CLA-2003:628] Conectiva Security Announcement - vixie-cron, Conectiva Updates
CrossSite Scripting @ Snitz Forums 2000, badwebmasters
Web Wiz Forums all version db stealing, Uziel aka nuJIurpuM
Fwd: CERT Advisory CA-2003-13 Multiple Vulnerabilities in Snort Preprocessors, Muhammad Faisal Rauf Danka
Re: False-negatives in several Vulnerability Assessment tools, Nicolas Gregoire
Re: i cracked restriction of 'zone' in mozilla., Alla Bezroutchko
[SECURITY] [DSA 288-1] New OpenSSL packages fix decipher vulnerability, Martin Schulze
Re: IE 6.0 - trivial crash, Richard Moore
Re: Exploit/DoS in MS Internet Explorer 6.0 (OBJECT Tag), Roland Postle
RE: Exploit/DoS in MS Internet Explorer 6.0 (OBJECT Tag), Steve Ryan
IE 6.0 - trivial crash, Adam [ckkl]
[SECURITY] [DSA 289-1] New rinetd packages fix denial of service, Martin Schulze
Vulnerability in rinetd, Martin Schulze
[SECURITY] [DSA 290-1] New sendmail-wide packages fix DoS and arbitrary code execution, Martin Schulze
[SCSA-017] Directory Traversal Vulnerability in EZ Server, Gr�gory

April 16, 2003

Exploit/DoS in MS Internet Explorer 6.0 (OBJECT Tag), Ryan Emerle
[CLA-2003:627] Conectiva Security Announcement - ethereal, Conectiva Updates
Netgear Logging Vulnerability, { }
MDKSA-2003:048 - Updated eog packages fix arbitrary command execution, Mandrake Linux Security Team
MDKSA-2003:047 - Updated xfsdump packages fix insecure file creation, Mandrake Linux Security Team
i cracked restriction of 'zone' in mozilla., Liu Die Yu
SFAD03-001: iWeb Mini Web Server Remote Directory Traversal, subversive

April 15, 2003

Veritas BackupExec 9.0 may ship with upatched MS SQL Desktop Engine, Marcus Beaman
Immunix Secured OS 7+ glibc update, Immunix Security Team
Re: ActivCard password cache memory leakage, Massimo Cereda
CORE-2003-0307: Snort TCP Stream Reassembly Integer Overflow Vulnerability, CORE Security Technologies Advisories
Oddities in Windows ACL inheritance, Nicolas RUFF (lists)
Windows 2003 win2k.sys vulnerability, securityfocus.com
[SECURITY] [DSA 267-2] New lpr packages fix local root exploit (potato), Martin Schulze
nb1300 router - default settings expose password, denote
MDKSA-2003:045 - Updated evolution packages fix multiple vulnerabilities, Mandrake Linux Security Team
[SECURITY] [DSA 287-1] New EPIC packages fix DoS and arbitrary code execution, Martin Schulze
SRT2003-04-15-1029 - Progres BINPATHX overflow, KF
BitchX trojan, the real follow up., Rob Andrews
[SCSA-016] Multiple vulnerabilities in Ez publish, Gr�gory
MDKSA-2003:046 - Updated gtkhtml packages fix vulnerability, Mandrake Linux Security Team
GLSA: kdegraphics-3.1.x (200304-04.1), Daniel Ahlberg

April 14, 2003

[CLA-2003:626] Conectiva Security Announcement - mutt, Conectiva Updates
Re: Arp records in solaris, Brad Arlt
bitchx sources trojaned - follow up, Michał Szwaczko
Re: bitchx sources backdoored on distribution site, Neeko Oni
GLSA: kde-2.x (200304-05.1), Daniel Ahlberg
ActivCard password cache memory leakage, OTERO Hernan Gustavo EDS
bitchx sources backdoored on distribution site, Michał Szwaczko
Multiple Vulnerabilities in BSD LPR Subsystem on IRIX, SGI Security Coordinator
FipsGuestbook Version 1.12.7 script injection., drG4njubas
Web Wiz Site News realease v3.06 administration access., drG4njubas
Instaboard 1.3 SQL Injection, Jim Dew
[SECURITY] [DSA 285-1] New lprng packages fix insecure temporary file creation, Martin Schulze
[SECURITY] [DSA 286-1] New gs-common packages fix insecure temporary file creation, Martin Schulze
Misuse of Macromedia Flash Ads clickTAG Option May Lead to Privacy Breach, Aviram Jenik
Multiple vulnerabilities in SheerDNS, Jedi/Sector One
[RHSA-2003:126-01] Updated gtkhtml packages fix vulnerability, bugzilla

April 12, 2003

[SECURITY] [DSA 274-2] New mutt packages fix arbitrary code execution in potato, Martin Schulze
Arp records in solaris, Edward J. Aivazian
Re: working apache <= 2.0.44 DoS exploit for linux., Paul Johnston
Re: Medium Vulnerability in SNMP on Linsys BEFVP41, Stefan Laudat
[Sorcerer-spells] KDE-SORCERER2003-04-12, Michael Walton
[SECURITY] [DSA 284-1] New kdegraphics packages fix arbitrary command execution, Martin Schulze
PATCH: [CAN-2003-0132] Apache 2.0.44 Denial of Service Vulnerability, William A. Rowe, Jr.
R7-0013: Heap Corruption in Gaim-Encryption Plugin, Rapid 7 Security Advisories
Immunix Secured OS 7+ PostgreSQL update, WireX Security Team
Protection against buffer overflows: when your anchor is washed away, then you are overflowed and refuse to RET, Exurity Inc.
Ocean12 ASP Guestbook Manager v1.00, drG4njubas
repost: SRT2003-04-01-1231 - Progress DLC overflows, KF
Re: AMaViS-ng 0.1.6.x and postfix: possible open relay and mail loss, Hilko Bengen
Re: Netscape and Opera crash via java, Dan Harkless
GLSA: kde-2.x (200304-05), Daniel Ahlberg
FileMaker Pro network protocol sends passwords to any client attempting to connect to a shared database., Stephen White
Buffer Overflow Vulnerability Found in MailMax Version 5, Dennis Rand
Immunix Secured OS 7+ MySQL update, WireX Security Team
MacOS X DirectoryService Privilege Escalation (a041003-1), @stake Advisories
[SECURITY] [DSA 283-1] New xfsdump packages fix insecure file creation, Martin Schulze
Medium Vulnerability in SNMP on Linsys BEFVP41, Branson Matheson
Integrigy Security Advisory - Oracle Applications FNDFS Vulnerability, Integrigy Security Alerts
[CLA-2003:625] Conectiva Security Announcement - openssl, Conectiva Updates

April 11, 2003

Brocade Firmware SNMP Vulnerability, SGI Security Coordinator
IRIX ToolTalk Vulnerabilities Update, SGI Security Coordinator
[RHSA-2003:089-00] Updated glibc packages fix vulnerabilities in RPC XDR decoder, bugzilla

April 10, 2003

working apache <= 2.0.44 DoS exploit for linux., Daniel Nyström
Flaw in Microsoft VM Could Enable System Compromise, K-Otik . com
Re: PoPToP PPTP server remotely exploitable buffer overflow, Dick St.Peters
Re: Exploit Code Released for Apache 2.x Memory Leak, Serban Murariu
Re: Microsoft Terminal Services vulnerable to MITM-attacks., Carlos Branco
GLSA: kde-3.x (200304-04), Daniel Ahlberg
Re: Unchecked Buffer in Opera 7.02, nesumin
KDE Security Advisory: PS/PDF file handling vulnerability, Dirk Mueller
MDKSA-2003:038-1 - Updated 2.4 kernel packages fix ptrace vulnerability, Mandrake Linux Security Team
Admin access in GuestBook r4, Over_G
Disclosing information in Super GuestBook, Over_G
xfsdump creates files insecurely on IRIX, SGI Security Coordinator
Vulnerabilities in Portable Executable (PE) File Format For Win32 Architecture, Exurity Inc.
Re: AMaViS-ng 0.1.6.x and postfix: possible open relay and mail loss, Phil Cyc
[SECURITY] [DSA 269-2] New heimdal packages fix authentication failure, Martin Schulze
GLSA: samba (200304-02), Daniel Ahlberg
Immunix Secured OS 7+ MySQL update, WireX Security
iDEFENSE Security Advisory 04.09.03: Denial of Service in Microsoft Proxy Server and Internet Security and Acceleration (ISA) S, iDEFENSE Labs
Re: Buffer Overflow in Broker FTP Server, Knud Erik Højgaard
ISC guestbook script injection vulnerability., drG4njubas
PoPToP PPTP server remotely exploitable buffer overflow, Timo Sirainen
GLSA: setiathome (200304-03), Daniel Ahlberg
Hyperion FTP server Remote DOS and unauthorised remote access., moran zavdi
[CLA-2003:624] Conectiva Security Announcement - samba, Conectiva Updates
Immunix Secured OS 7+ PostgreSQL update, WireX Security
GLSA: apache (200304-01), Daniel Ahlberg
[ARL03-A16] Multiple Security Issues in phPay, Ahmet Sabri ALPER
samba 2.x call_trans2open() exploit, noir sin
Fwd: Samba Security Vulnerability on IRIX, chris1

April 09, 2003

Samba Security Vulnerability on IRIX, SGI Security Coordinator
[RHSA-2003:139-01] Updated httpd packages fix security vulnerabilities., redhat-announce-list-admin
[RHSA-2003:137-02] New samba packages fix security vulnerability, bugzilla

April 08, 2003

[VulnDiscuss] Exploit Code Released for Apache 2.x Memory Leak, mattmurphy@xxxxxxxxx
Multiple Vulnerabilities in libc RPC functions on IRIX, SGI Security Coordinator
Re: False-negatives in several Vulnerability Assessment tools, Geoff Shively
iDEFENSE Security Advisory 04.08.03: Denial of Service in Apache HTTP Server 2.x, iDEFENSE Labs
Orplex guestbook script injection., drG4njubas
AMaViS-ng 0.1.6.x and postfix: possible open relay and mail loss, Phil Cyc
False-negatives in several Vulnerability Assessment tools, Nicolas Gregoire
[CLA-2003:620] Conectiva Security Announcement - man, Conectiva Updates
[SECURITY] [DSA 281-1] New xftp packages fix arbitrary code execution, Martin Schulze
[Sorcerer-spells] SAMBA--SORCERER2003-04-08, Michael Walton
TSLSA-2003-0019 - samba, Trustix Secure Linux Advisor
Unchecked Buffer in Opera 7.02, David F.Madrid
Immunix Secured OS 7+ Kerberos update, Immunix Security Team
[RHSA-2003:036-01] Updated mgetty packages available, redhat-announce-list-admin
[RHSA-2003:137-01] New samba packages fix security vulnerability, redhat-announce-list-admin
RE: mIRC "dcc filename spoofing", Gossi The Dog

April 07, 2003

mIRC "dcc filename spoofing", Knud Erik Højgaard
MDKSA-2003:044 - Updated samba packages fix remote root vulnerability, Mandrake Linux Security Team
Re: NetBIOS could be used as network flood amplier, Francesco Vigo
SuSE Security Announcement: samba (SuSE-SA:2003:025), Roman Drahtmueller
[CLA-2003:619] Conectiva Security Announcement - zlib, Conectiva Updates
Immunix Secured OS 7+ samba update, Immunix Security Team
[SECURITY] [DSA 280-1] New samba packages fix remote root exploit, Martin Schulze
Immunix Secured OS 7+ cvs update, Immunix Security Team
[VulnDiscuss] Dangerous permissions in unitedlinux, Knud Erik Højgaard
Coppermine Photo Gallery remote compromise, Berend-Jan Wever
JpegX 2.0.0.3 Password Bypass Vulnerability, JeiAr
Java Agent freezes Lotus Notes and Domino 6.0.1, Marc Schoenefeld
Vignette Story Server sensitive information disclosure (a040703-1), @stake Advisories
[OpenPKG-SA-2003.028] OpenPKG Security Advisory (samba), OpenPKG
[SECURITY] [DSA 279-1] New metrics packages fix insecure temporary file creation, Martin Schulze
[CLA-2003:618] Conectiva Security Announcement - kernel, Conectiva Updates
[DDI-1013] Buffer Overflow in Samba allows remote root compromise, Erik Parker
Re: Syscall implementation could lead to whether or not a file exists, Arjan van de Ven
Re: Re: Syscall implementation could lead to whether or not a file exists, andrewg

April 06, 2003

Re: Syscall implementation could lead to whether or not a file exists, Pavel Machek
Seti@home exploit, Berend-Jan Wever
Seti@home information leakage and remote compromise, Berend-Jan Wever

April 05, 2003

Interbase/Firebird - external file security bug, Kotala Zdeněk
Re: An Alternate View of Recently Reported PHP Vulnerabilities, dullien
Two Invision Power Board 1.1.x vulns, Gossi The Dog
RE: LocalSystem account in Windows 2000/XP, Russ
Re: An Alternate View of Recently Reported PHP Vulnerabilities, Goran Krajnovic
SignHere guestbook vulnerability., drG4njubas
Abyss X1 1.1.2 remote crash, Auriemma Luigi

April 04, 2003

Re: @(#)Mordred Labs advisory - Integer overflow in PHP str_repeat() function, Muhammad Faisal Rauf Danka
LocalSystem account in Windows 2000/XP, Pavel
[CLA-2003:615] Conectiva Security Announcement - samba, Conectiva Updates
[CLA-2003:617] Conectiva Security Announcement - file, Conectiva Updates
Re: An Alternate View of Recently Reported PHP Vulnerabilities, Sascha Schumann
Re: @(#)Mordred Labs advisory - Integer overflow in PHP str_repeat() function, Jon Ribbens
[CLA-2003:616] Conectiva Security Announcement - dhcp, Conectiva Updates
SRT2003-04-04-1106 - AOLServer Proxy Daemon API unformatted syslog() call, KF
buffalo AirStation G54 - (WBR-G54 ) DoS, Pavel shpac
Re: Microsoft Terminal Services vulnerable to MITM-attacks., Henrik Storner
Re: @(#)Mordred Labs advisory - Integer overflow in PHP str_repeat() function, Javi Lavandeira
[CLA-2003:614] Conectiva Security Announcement - sendmail, Conectiva Updates
Re: @(#)Mordred Labs advisory - Integer overflow in PHP str_repeat() function, Jedi/Sector One
Re: passlogd sniffer remote buffer overflow root exploit., Dragos Ruiu
RE: Netscape and Opera crash via java, Richard H. Cotterell
An Alternate View of Recently Reported PHP Vulnerabilities, Steven M. Christey
RE: NetBIOS could be used as network flood amplier, Russ
Re: SRT2003-04-03-1300 - Interbase ISC_LOCK_ENV overflow, Marius Popa Adrian
[CLA-2003:613] Conectiva Security Announcement - snort, Conectiva Updates
Re: Vulnerability (critical): Digital signature for Adobe Acrobat/Reader plug-in can be forged, Vladimir Katalov
NetBSD Security Advisory 2003-009: sendmail buffer overrun in prescan() address parser, NetBSD Security Officer
NetBSD Security Advisory 2003-006: Cryptographic weaknesses in Kerberos v4 protocol, NetBSD Security Officer
TA-2003-03 Buffer Overflow Vulnerability in Hyperion FTP Server 3.0, Rushjo@xxxxxxxxxxx
AspJar guestbook script injection vulnerability., drG4njubas
[SECURITY] [DSA 278-2] New sendmail packages fix DoS and arbitrary code execution, Martin Schulze
SuSE Security Announcement: openssl (SuSE-SA:2003:024), Sebastian Krahmer
[SECURITY] [DSA 278-1] New sendmail packages fix denial of service, Martin Schulze
Re: Multiple vulnerabilities in AutomatedShops WebC shopping cart, Carl Livitt
Syscall implementation could lead to whether or not a file exists, Andrew Griffiths

April 03, 2003

Re: Microsoft Terminal Services vulnerable to MITM-attacks., Erik Forsberg
RE: Microsoft Terminal Services vulnerable to MITM-attacks., Devin Heitmueller
NetBIOS could be used as network flood amplier, Francesco Vigo
Using Java from Javascript, David F. Madrid
RE: Another security problem in Netgear FM114P ProSafe Wireless Router firmware (also level-one), Björn Stickler
Re: @(#)Mordred Labs advisory - Integer overflow in PHP str_repeat() function, Goran Krajnovic
Sakki's guestbook V.1.01 script injection vulnerability., drG4njubas
Another security problem in Netgear FM114P ProSafe Wireless Router firmware, Björn Stickler
RE: Microsoft Terminal Services vulnerable to MITM-attacks., Larry Seltzer
[SECURITY] [DSA 277-1] New apcupsd packages fix remote root exploit, Martin Schulze
[RHSA-2003:109-03] Updated balsa and mutt packages fix vulnerabilities, bugzilla
Security Update: [CSSA-2003-016.0] OpenLinux: sendmail sign extension buffer overflow (CERT CA-2003-12), security
Re: Phorum 3.4 Cross Site Scripting, Brian Moon
Multiple vulnerabilities in AutomatedShops WebC shopping cart, Carl Livitt
[SECURITY] [DSA 276-1] New Linux kernel packages (s390) fix local root exploit, Martin Schulze
Re: Phorum 3.4 Cross Site Scripting, Hagen Kühnel - HagK
Re: BEA WebLogic internal hostname disclosure, Kurt Seifried
Re: Webserver CVS (In)Security, Andrew Brown
Re: Webserver CVS (In)Security, Crist J. Clark
@(#)Mordred Labs advisory - Integer overflow in PHP array_pad() function, sir.mordred
@(#)Mordred Labs advisory - Integer overflow in PHP str_repeat() function, sir.mordred
Re: Webserver CVS (In)Security, Brian Hatch
[VulnDiscuss] passlogd sniffer remote buffer overflow root exploit., dong-h0un U
SRT2003-04-03-1300 - Interbase ISC_LOCK_ENV overflow, KF
[RHSA-2003:060-01] Updated NetPBM packages fix multiple vulnerabilities, bugzilla
[RHSA-2003:128-01] Updated Eye of GNOME packages fix vulnerability, bugzilla
SRT2003-04-02-1735 - Progress PROSTARTUP root owned file read, KF

April 02, 2003

Sendmail parseaddr security vulnerability on IRIX, SGI Security Coordinator
Re: NSFOCUS SA2003-03: Solaris dtsession Heap Buffer Overflow Vulnerability, Alan Kong
MDKSA-2003:040 - Updated Eterm packages fix escape sequence insecurities, Mandrake Linux Security Team
Microsoft Terminal Services vulnerable to MITM-attacks., Erik Forsberg
Re: Oracle JDBC: Inconsistent handling of timestamps, Peter J. Holzer
Java and Javascript, David F. Madrid
IkonBoard v3.1.1: arbitrary command execution, Nick Cleaton
Viewpoint Server, Ben Maynard
Re: PHP-Nuke block-Forums.php subject vulnerabilities, Frog Man
Css in Xoops module glossary 1.3.x, magistrat
Re: Positive Technologies Security Advisory 2003-0307: DoS-attack in Kerio WinRoute Firewall, Peter Pentchev
re:3com RAS 1500 Remote vulnerabilities., Jan Kachlik
XSS in Python Documentation Server, euronymous
[SECURITY] [DSA 275-1] New lpr-ppd packages fix local root exploit, Martin Schulze
OpenSSH 3.6.1 released, Markus Friedl
BEA WebLogic internal hostname disclosure, Michael Hendrickx
RE: Netscape and Opera crash via java, Zelena Endre
Phorum 3.4 Cross Site Scripting, St�ckli
Inaccurate Reports Concerning PHP Vulnerabilities, mattmurphy@xxxxxxxxx
@(#)Mordred Labs advisory - Integer overflow in PHP array_pad() function, Sir Mordred
[ANNOUNCE] Apache 2.0.45 Released, Lars Eilebrecht
@(#)Mordred Labs advisory - Integer overflow in PHP str_repeat() function, Sir Mordred
[INetCop Security Advisory] Remote Multiple Buffer Overflow vulnerability in passlogd sniffer., dong-h0un U
[RHSA-2003:091-01] Updated kerberos packages fix various vulnerabilities, redhat-announce-list-admin
[SCSA-015] Remote Denial of Service Vulnerability in PowerFTP, Gr�gory
iDEFENSE Security Advisory 03.31.03: Buffer Overflow in Windows QuickTime Player, iDEFENSE Labs
Immunix Secured OS 7+ samba update, Immunix Security Team
TYPSoft FTP Server, subj
Sambar Server "Buffer OverFlow" Vulnerabilities, Lorenzo Manuel Hernandez Garcia-Hierro
Fwd: QuickTime 6.1 for Windows is available, Bryan Blackburn
BRS WebWeaver: full disclosure, euronymous
Immunix Secured OS 7+ openssl update, Immunix Security Team
Re: IRM 004: ActiveSync Version 3.5 Denial of Service Vulnerability, panic
Buffer Overflow in Broker FTP Server, subj
FreeBSD Security Advisory FreeBSD-SA-03:07.sendmail, FreeBSD Security Advisories
GLSA: openafs (200303-26), Daniel Ahlberg
MiniPortal, subj

April 01, 2003

SRT2003-04-01-1231 - Progress DLC overflows, KF
Webserver CVS (In)Security, methodic
[RHSA-2003:084-01] Updated vsftpd packages re-enable tcp_wrappers support, bugzilla
[RHSA-2003:095-03] New samba packages fix security vulnerabilities, bugzilla
[RHSA-2003:101-01] Updated OpenSSL packages fix vulnerabilities, bugzilla
serious vulnerability present. all doomed. over., Security Experts, Liability Limited
[VulnDiscuss] 3Com 812 ADSL router vulnerability addendum, Michael Puchol
3Com OfficeConnect Remote 812 ADSL router exposes internal LAN computer's ports during outbound and inbound TCP and UDP sessions, Michael Puchol

News | FAQ | advertise