security.bugtraq (thread)

[CLA-2003:633] Conectiva Security Announcement - glibc, Conectiva Updates
[CLA-2003:614] REVISED: Conectiva Security Announcement - sendmail, Conectiva Updates
[CLA-2003:632] Conectiva Security Announcement - apache, Conectiva Updates
[ESA-20030430-013] 'snort' stream4 preprocessor integer overflow vulnerability, EnGarde Secure Linux
[ESA-20030430-014] 'tcpdump' multiple vulnerabilities, EnGarde Secure Linux
[SECURITY] [DSA 292-3] New mime-support packages really fix temporary file race conditions, Martin Schulze
OpenSSH/PAM timing attack allows remote users identification, Marco Ivaldi
Cisco Security Advisory: Cisco Content Service Switch 11000 Series DNS Negative Cache of Information Denial-of-Service, Cisco Systems Product Security Incident Response Team
GLSA: balsa (200304-10), Daniel Ahlberg
Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv), Damien Miller
- Re: Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv), Darren Tucker
- Re: Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv), Denise Genty
- Re: Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv), Valdis . Kletnieks
Latest MS SQL Server vulnerabilities revealed, Cesar
[RHSA-2003:093-01] Updated MySQL packages fix vulnerabilities, bugzilla
April appeared to be a month of IE bugs. Here's another one., ERRor
HPUX rexec buffer overflow vulnerability, Davide Del Vecchio
Auerswald COMsuite/ Back Door, Kroma Pierre
Coldfusion MX: Java in CFM causes Crash, Marc Schoenefeld
MDKSA-2003:052 - Updated snort packages fix remote vulnerability, Mandrake Linux Security Team
"netscape navigator" is cracked., Liu Die Yu
IdeaBox: Remote Command Execution, euronymous
Oracle Database Server Buffer Overflow Vulnerability (#NISR29042003), NGSSoftware Insight Security Research
[RHSA-2003:079-01] Updated zlib packages fix gzprintf buffer overflow vulnerability, bugzilla
Windows 2000 Security Hardening Guide Available, Michael Howard
Pi3Web 2.0.1 DoS, aT4r InsaN3
CORE-2003-0305-02: Vulnerabilities in Kerio Personal Firewall, CORE Security Technologies Advisories
MDaemon SMTP/POP/IMAP server: =>6.0.7: POP remote DoS, D4rkGr3y
- RE: MDaemon SMTP/POP/IMAP server: =>6.0.7: POP remote DoS, William Pratt
MDaemon SMTP/POP/IMAP server =>v.6.7.5: IMAP buffer overflow, D4rkGr3y
s0h: Remote/Local exploit and patch for regedit.exe., descript
Buffer overflow in 3D-ftp, Over_G
GLSA: pptpd (200304-08), Daniel Ahlberg
GLSA: snort (200304-06), Daniel Ahlberg
[Opera 7/6] Long File Extension Heap Buffer Overrun Vulnerability in Download., nesumin
[Opera 7] Yet Another Story of "Phantom of the Opera", nesumin
- RE: [Opera 7] Yet Another Story of "Phantom of the Opera", GreyMagic Software
GLSA: monkeyd (200304-07.1), Daniel Ahlberg
Qpopper v4.0.x poppassd local root exploit, dong-h0un U
ATM on Linux Exploit Code Release (les, local), Angelo Rosiello
GLSA: mgetty (200304-09), Daniel Ahlberg
IIS Security and Programming Countermeasures e-book, Jason Coombs
3com NBX IP Phone Call manager Denial of Service - Update, Michael Scheidell
Buffer overflow in Internet Explorer's HTTP parsing code, Jouko Pynnonen
Album.pl Vulnerability - Remote Command Execution, aresu
NII Advisory - Path Disclosure in Cold Fusion MX Server, Network Intelligence India Pvt. Ltd.
Apache http server 2.0, Kim De Smaele
- Re: Apache http server 2.0, Justin [GHA]
- Re: Apache http server 2.0, Justin [GHA]
Vulnerability in nsd LDAP Implementation on IRIX, SGI Security Coordinator
Cross site scripting in Onecenter forum 4.0, David F. Madrid
Microsoft IIS Integrated Authentication, skybristol
- Re: Microsoft IIS Integrated Authentication, Michael . vonGlasow
Invision Power Board Plaintext Password Disclosure Vuln, JeiAr
Re: Exploit for PopPToP PPTP server - Working version, blightninjas
Path disclosure and file access on WebAdmin, David A . Pérez
Multiple Vulnerabilities in BSD LPR Subsystem on IRIX update, SGI Security Coordinator
XOOPS MyTextSanitizer CSS 1.3x & 2.x, magistrat
Unauthorized reading files on phpSysInfo, Albert Puigsech Galicia
- Re: Unauthorized reading files on phpSysInfo, Wolter Kamphuis
Multiple SQL injection on OpenBB forums, Albert Puigsech Galicia
SonicWall Pro DoS?, Greg Smith
Windows Server 2003 Security Guide available, Michael Howard
- RE: Windows Server 2003 Security Guide available, Jason Coombs
  - Re: RE: Windows Server 2003 Security Guide available, Greg Steuck
  - RE: Windows Server 2003 Security Guide available, Frank Knobbe
    - RE: Windows Server 2003 Security Guide available, Jason Coombs
  - RE: Windows Server 2003 Security Guide available, David F. Skoll
    - RE: Windows Server 2003 Security Guide available, Uwe Betz
    - Re: Windows Server 2003 Security Guide available, Lucas Holt
- RE: Windows Server 2003 Security Guide available, J.'LoneWolf' Mattsson
- RE: Windows Server 2003 Security Guide available, paul
MDKSA-2003:051 - Updated ethereal packages fix remote vulnerability, Mandrake Linux Security Team
True Galerie 1.0 : Admin Access & File Copy, Frog Man
[BUGZILLA] Security Advisory - XSS, insecure temporary filenames, David Miller
PHP-Nuke 6.5 FINAL Cross Site Scripting, Frog Man
[RHSA-2003:118-01] Updated mICQ packages fix vulnerability, bugzilla
address for postini security, Hamby, Charles D.
SRT2003-04-24-1532 - Options Parsing Tool library buffer overflows., KF
[RHSA-2003:142-01] Updated LPRng packages fix psbanner vulnerability, bugzilla
[RHSA-2003:112-01] Updated squirrelmail packages fix cross-site scripting vulnerabilities, bugzilla
An Implementation of a Birthday Attack in a DNS Spoofing, Ramon Izaguirre
DNS vulnerabilities in shared host environments, Chris Leishman
- Re: DNS vulnerabilities in shared host environments, Frank Tegtmeyer
Permanent crash in Opera 7.10, David F. Madrid
- Re: Permanent crash in Opera 7.10, Dmitrij Lukasevic
Positive Technologies SA2003-0310: DoS-attack in VisNetic ActiveDefense, Dmitry Maksimov
Internet Explorer Plugin.ocx heap overflow (#NISR24042003), NGSSoftware Insight Security Research
SuSE Security Announcement: KDE (SuSE-SA:2003:026), Sebastian Krahmer
BRS WebWeaver: Ftpd Lockdown via RETR cmd, euronymous
SQL injection in BttlxeForum, SecurityTracker
Nokia IPSO Vulnerability, Jonas Eriksson
- RE: Nokia IPSO Vulnerability, Jorge Merlino
  - Re: Nokia IPSO Vulnerability, Damieon Stark
    - Re: Nokia IPSO Vulnerability, Shawn Duffy
  - Re: Nokia IPSO Vulnerability, Valdis . Kletnieks
    - RE: Nokia IPSO Vulnerability, Jorge Merlino
- RE: Nokia IPSO Vulnerability, Miller, Rick
- RE: Nokia IPSO Vulnerability, Iain.King
Cisco Security Advisory: Cisco Catalyst Enable Password Bypass Vulnerability, Cisco Systems Product Security Incident Response Team
NSFOCUS SA2003-04 : Remote Buffer Overflow Vulnerability in Web Management Interface of Cisco Secure ACS, NSFOCUS Security Team
[VulnDiscuss] Re: Cracking preshared keys, Damir Rajnovic
- [VulnDiscuss] Re: Cracking preshared keys, Gary Flynn
  - Re: Cracking preshared keys, Michael Thumann
    - Re: Cracking preshared keys, Gary Flynn
- Re: Cracking preshared keys, Derek
- [VulnDiscuss] RE: Cracking preshared keys, Lance James
[RHSA-2003:076-01] Updated ethereal packages fix security vulnerabilities, redhat-announce-list-admin
RE: [cgiwrap-users] RE: Format strings vuln in CGIwrap, Neulinger, Nathan
[VulnDiscuss] Xeneo Webserver Vulnerability, Tamer Sahin
- [VulnDiscuss] Re: Xeneo Webserver Vulnerability, badpack3t
[SECURITY] [DSA 294-1] New gkrellm-newsticker packages fix DoS and arbitrary command execution, Martin Schulze
Format strings vuln in CGIwrap, b0f www . b0f . net
- RE: Format strings vuln in CGIwrap, Neulinger, Nathan
[SECURITY] [DSA 293-1] New kdelibs packages fix arbitrary command execution, Martin Schulze
Security problems in gkrellm-newsticker, Martin Schulze
[SECURITY] [DSA 292-2] New mime-support packages fix temporary file race conditions, Martin Schulze
Snort <=1.9.1 exploit, truff
Cracking preshared keys, Michael Thumann
- Re: Cracking preshared keys, David Wagner
  - Re: Cracking preshared keys, Michael Thumann
  - Re: Cracking preshared keys, Curt Sampson
  - Re: Cracking preshared keys, Stefan Laudat
- RE: Cracking preshared keys, Rager, Anton (Anton)
- Re: Cracking preshared keys, hank
Cisco Security Advisory: Cisco Secure Access Control Server for Windows Admin Buffer Overflow Vulnerability, Cisco Systems Product Security Incident Response Team
[RHSA-2003:032-01] Updated tcpdump packages fix various vulnerabilities, bugzilla
Secunia Research: Xeneo Web Server URL Encoding Denial of Service, Carsten H. Eiram
- Re: Secunia Research: Xeneo Web Server URL Encoding Denial of Service, badpack3t
  - [VulnDiscuss] Re: [Full-Disclosure] Secunia Research: Xeneo Web Server URL Encoding Denial of Service, GaLiaRePt
  - Re: Secunia Research: Xeneo Web Server URL Encoding Denial of Service, Hotmail
Defeating HTML "Encryption", rjfix
[CLA-2003:630] Conectiva Security Announcement - balsa, Conectiva Updates
XMB 1.8 Partagium SQL Injection Bug, zeez
SRT2003-04-22-1336 - SAP DB Development Tools install flaw, KF
Stealth DMCA. Be afraid. Be very afraid..., alaskan
- Re: [mail_lists] Stealth DMCA. Be afraid. Be very afraid..., Jim
- Re: Stealth DMCA. Be afraid. Be very afraid..., Darren Pilgrim
[SECURITY] [DSA 292-1] New mime-support packages fix temporary file race conditions, Martin Schulze
[CLA-2003:629] Conectiva Security Announcement - tcpdump, Conectiva Updates
[SECURITY] [DSA 291-1] New ircII packages fix DoS and arbitrary code execution, Martin Schulze
[NGSEC-2003-5] YABB SE, remote command execution, labs
GLSA: snort (200304-05), Daniel Ahlberg
AN HTTPd Sample Script File Truncation, Matthew Murphy
- [VulnDiscuss] Office 2000 bug, Regristration, Alex Elger
PTNews v1.7.7 - Access to administrator functions without authentification, scrap
- Re: PTNews v1.7.7 - Access to administrator functions without authentification, Rui Pimenta
Remote Vulnerabilties in mod_ntlm, Matthew Murphy
MPCSoftWeb Guest Book vulnerabilities., drG4njubas
ACER Travelmate 600 and 800 series - Smartcard flawed Implementation, Leonard.Ong
Monkey HTTPd Remote Buffer Overflow, Matthew Murphy
BadBlue Remote Administrative Access Vulnerability, Matthew Murphy
Race in XP SCM Service Shutdown Mechanism, Matthew Murphy
IE 6.0 - trivial crash - part II, Adam [ckkl]
- IE / Outlook / MS SHLWAPI Render - more trivial crash, Ramon Pinuaga Cascales
  - RE : IE / Outlook / MS SHLWAPI Render - more trivial crash, Gervaize Maquard
    - Re: IE / Outlook / MS SHLWAPI Render - more trivial crash, Berend-Jan Wever
    - RE: RE : IE / Outlook / MS SHLWAPI Render - more trivial crash, kajbaf
Authentication flaw in microsoft SMB protocol, seclab
- Re: Authentication flaw in microsoft SMB protocol, Dave Aitel
- RE: Authentication flaw in microsoft SMB protocol, Jesper Johansson
  - Re[2]: Authentication flaw in microsoft SMB protocol, 3APA3A
- Re: Authentication flaw in microsoft SMB protocol, Chris Wysopal
Exploit for PoPToP PPTP server, einstein, dhtm
- Re: Exploit for PoPToP PPTP server - Linux version, John Leach
Xinetd 2.3.10 Memory Leaks, Steve Grubb
MDKSA-2003:049 - Updated kde3 packages fix arbitrary command execution, Mandrake Linux Security Team
[CLA-2003:628] Conectiva Security Announcement - vixie-cron, Conectiva Updates
CrossSite Scripting @ Snitz Forums 2000, badwebmasters
Web Wiz Forums all version db stealing, Uziel aka nuJIurpuM
Fwd: CERT Advisory CA-2003-13 Multiple Vulnerabilities in Snort Preprocessors, Muhammad Faisal Rauf Danka
[SECURITY] [DSA 288-1] New OpenSSL packages fix decipher vulnerability, Martin Schulze
IE 6.0 - trivial crash, Adam [ckkl]
- Re: IE 6.0 - trivial crash, Richard Moore
- Re: IE 6.0 - trivial crash, Geoff Shively
[SECURITY] [DSA 289-1] New rinetd packages fix denial of service, Martin Schulze
Vulnerability in rinetd, Martin Schulze
[SECURITY] [DSA 290-1] New sendmail-wide packages fix DoS and arbitrary code execution, Martin Schulze
[SCSA-017] Directory Traversal Vulnerability in EZ Server, Gr�gory
Exploit/DoS in MS Internet Explorer 6.0 (OBJECT Tag), Ryan Emerle
- RE: Exploit/DoS in MS Internet Explorer 6.0 (OBJECT Tag), Steve Ryan
- Re: Exploit/DoS in MS Internet Explorer 6.0 (OBJECT Tag), Roland Postle
- Re: Exploit/DoS in MS Internet Explorer 6.0 (OBJECT Tag), mattmurphy
[CLA-2003:627] Conectiva Security Announcement - ethereal, Conectiva Updates
Netgear Logging Vulnerability, { }
MDKSA-2003:048 - Updated eog packages fix arbitrary command execution, Mandrake Linux Security Team
MDKSA-2003:047 - Updated xfsdump packages fix insecure file creation, Mandrake Linux Security Team
i cracked restriction of 'zone' in mozilla., Liu Die Yu
- Re: i cracked restriction of 'zone' in mozilla., Alla Bezroutchko
SFAD03-001: iWeb Mini Web Server Remote Directory Traversal, subversive
Veritas BackupExec 9.0 may ship with upatched MS SQL Desktop Engine, Marcus Beaman
Immunix Secured OS 7+ glibc update, Immunix Security Team
CORE-2003-0307: Snort TCP Stream Reassembly Integer Overflow Vulnerability, CORE Security Technologies Advisories
Oddities in Windows ACL inheritance, Nicolas RUFF (lists)
Windows 2003 win2k.sys vulnerability, securityfocus.com
[SECURITY] [DSA 267-2] New lpr packages fix local root exploit (potato), Martin Schulze
nb1300 router - default settings expose password, denote
MDKSA-2003:045 - Updated evolution packages fix multiple vulnerabilities, Mandrake Linux Security Team
[SECURITY] [DSA 287-1] New EPIC packages fix DoS and arbitrary code execution, Martin Schulze
SRT2003-04-15-1029 - Progres BINPATHX overflow, KF
BitchX trojan, the real follow up., Rob Andrews
[SCSA-016] Multiple vulnerabilities in Ez publish, Gr�gory
MDKSA-2003:046 - Updated gtkhtml packages fix vulnerability, Mandrake Linux Security Team
GLSA: kdegraphics-3.1.x (200304-04.1), Daniel Ahlberg
[CLA-2003:626] Conectiva Security Announcement - mutt, Conectiva Updates
bitchx sources trojaned - follow up, Michał Szwaczko
GLSA: kde-2.x (200304-05.1), Daniel Ahlberg
ActivCard password cache memory leakage, OTERO Hernan Gustavo EDS
- Re: ActivCard password cache memory leakage, Massimo Cereda
bitchx sources backdoored on distribution site, Michał Szwaczko
- Re: bitchx sources backdoored on distribution site, Neeko Oni
Multiple Vulnerabilities in BSD LPR Subsystem on IRIX, SGI Security Coordinator
FipsGuestbook Version 1.12.7 script injection., drG4njubas
Web Wiz Site News realease v3.06 administration access., drG4njubas
Instaboard 1.3 SQL Injection, Jim Dew
[SECURITY] [DSA 285-1] New lprng packages fix insecure temporary file creation, Martin Schulze
[SECURITY] [DSA 286-1] New gs-common packages fix insecure temporary file creation, Martin Schulze
Misuse of Macromedia Flash Ads clickTAG Option May Lead to Privacy Breach, Aviram Jenik
Multiple vulnerabilities in SheerDNS, Jedi/Sector One
[RHSA-2003:126-01] Updated gtkhtml packages fix vulnerability, bugzilla
[SECURITY] [DSA 274-2] New mutt packages fix arbitrary code execution in potato, Martin Schulze
[Sorcerer-spells] KDE-SORCERER2003-04-12, Michael Walton
[SECURITY] [DSA 284-1] New kdegraphics packages fix arbitrary command execution, Martin Schulze
PATCH: [CAN-2003-0132] Apache 2.0.44 Denial of Service Vulnerability, William A. Rowe, Jr.
R7-0013: Heap Corruption in Gaim-Encryption Plugin, Rapid 7 Security Advisories
Ocean12 ASP Guestbook Manager v1.00, drG4njubas
repost: SRT2003-04-01-1231 - Progress DLC overflows, KF
GLSA: kde-2.x (200304-05), Daniel Ahlberg
FileMaker Pro network protocol sends passwords to any client attempting to connect to a shared database., Stephen White
Buffer Overflow Vulnerability Found in MailMax Version 5, Dennis Rand
MacOS X DirectoryService Privilege Escalation (a041003-1), @stake Advisories
[SECURITY] [DSA 283-1] New xfsdump packages fix insecure file creation, Martin Schulze
Medium Vulnerability in SNMP on Linsys BEFVP41, Branson Matheson
- Re: Medium Vulnerability in SNMP on Linsys BEFVP41, Stefan Laudat
Integrigy Security Advisory - Oracle Applications FNDFS Vulnerability, Integrigy Security Alerts
[CLA-2003:625] Conectiva Security Announcement - openssl, Conectiva Updates
Brocade Firmware SNMP Vulnerability, SGI Security Coordinator
IRIX ToolTalk Vulnerabilities Update, SGI Security Coordinator
[RHSA-2003:089-00] Updated glibc packages fix vulnerabilities in RPC XDR decoder, bugzilla
working apache <= 2.0.44 DoS exploit for linux., Daniel Nyström
- Re: working apache <= 2.0.44 DoS exploit for linux., Paul Johnston
Flaw in Microsoft VM Could Enable System Compromise, K-Otik . com
Re: Exploit Code Released for Apache 2.x Memory Leak, Serban Murariu
GLSA: kde-3.x (200304-04), Daniel Ahlberg
KDE Security Advisory: PS/PDF file handling vulnerability, Dirk Mueller
MDKSA-2003:038-1 - Updated 2.4 kernel packages fix ptrace vulnerability, Mandrake Linux Security Team
Admin access in GuestBook r4, Over_G
Disclosing information in Super GuestBook, Over_G
xfsdump creates files insecurely on IRIX, SGI Security Coordinator
Vulnerabilities in Portable Executable (PE) File Format For Win32 Architecture, Exurity Inc.
- Protection against buffer overflows: when your anchor is washed away, then you are overflowed and refuse to RET, Exurity Inc.
[SECURITY] [DSA 269-2] New heimdal packages fix authentication failure, Martin Schulze
GLSA: samba (200304-02), Daniel Ahlberg
Immunix Secured OS 7+ MySQL update, WireX Security
- Immunix Secured OS 7+ MySQL update, WireX Security Team
iDEFENSE Security Advisory 04.09.03: Denial of Service in Microsoft Proxy Server and Internet Security and Acceleration (ISA) S, iDEFENSE Labs
ISC guestbook script injection vulnerability., drG4njubas
PoPToP PPTP server remotely exploitable buffer overflow, Timo Sirainen
- Re: PoPToP PPTP server remotely exploitable buffer overflow, Dick St.Peters
GLSA: setiathome (200304-03), Daniel Ahlberg
Hyperion FTP server Remote DOS and unauthorised remote access., moran zavdi
[CLA-2003:624] Conectiva Security Announcement - samba, Conectiva Updates
Immunix Secured OS 7+ PostgreSQL update, WireX Security
- Immunix Secured OS 7+ PostgreSQL update, WireX Security Team
GLSA: apache (200304-01), Daniel Ahlberg
[ARL03-A16] Multiple Security Issues in phPay, Ahmet Sabri ALPER
samba 2.x call_trans2open() exploit, noir sin
Samba Security Vulnerability on IRIX, SGI Security Coordinator
- Fwd: Samba Security Vulnerability on IRIX, chris1
[RHSA-2003:139-01] Updated httpd packages fix security vulnerabilities., redhat-announce-list-admin
[RHSA-2003:137-02] New samba packages fix security vulnerability, bugzilla
[VulnDiscuss] Exploit Code Released for Apache 2.x Memory Leak, mattmurphy@xxxxxxxxx
- Arp records in solaris, Edward J. Aivazian
  - Re: Arp records in solaris, Brad Arlt
Multiple Vulnerabilities in libc RPC functions on IRIX, SGI Security Coordinator
iDEFENSE Security Advisory 04.08.03: Denial of Service in Apache HTTP Server 2.x, iDEFENSE Labs
Orplex guestbook script injection., drG4njubas
AMaViS-ng 0.1.6.x and postfix: possible open relay and mail loss, Phil Cyc
- Re: AMaViS-ng 0.1.6.x and postfix: possible open relay and mail loss, Phil Cyc
- Re: AMaViS-ng 0.1.6.x and postfix: possible open relay and mail loss, Hilko Bengen
False-negatives in several Vulnerability Assessment tools, Nicolas Gregoire
- Re: False-negatives in several Vulnerability Assessment tools, Geoff Shively
- Re: False-negatives in several Vulnerability Assessment tools, Nicolas Gregoire
[CLA-2003:620] Conectiva Security Announcement - man, Conectiva Updates
[SECURITY] [DSA 281-1] New xftp packages fix arbitrary code execution, Martin Schulze
[Sorcerer-spells] SAMBA--SORCERER2003-04-08, Michael Walton
TSLSA-2003-0019 - samba, Trustix Secure Linux Advisor
Unchecked Buffer in Opera 7.02, David F.Madrid
- Re: Unchecked Buffer in Opera 7.02, nesumin
Immunix Secured OS 7+ Kerberos update, Immunix Security Team
[RHSA-2003:036-01] Updated mgetty packages available, redhat-announce-list-admin
[RHSA-2003:137-01] New samba packages fix security vulnerability, redhat-announce-list-admin
mIRC "dcc filename spoofing", Knud Erik Højgaard
- RE: mIRC "dcc filename spoofing", Gossi The Dog
MDKSA-2003:044 - Updated samba packages fix remote root vulnerability, Mandrake Linux Security Team
SuSE Security Announcement: samba (SuSE-SA:2003:025), Roman Drahtmueller
[CLA-2003:619] Conectiva Security Announcement - zlib, Conectiva Updates
[SECURITY] [DSA 280-1] New samba packages fix remote root exploit, Martin Schulze
Immunix Secured OS 7+ cvs update, Immunix Security Team
[VulnDiscuss] Dangerous permissions in unitedlinux, Knud Erik Højgaard
Coppermine Photo Gallery remote compromise, Berend-Jan Wever
JpegX 2.0.0.3 Password Bypass Vulnerability, JeiAr
Java Agent freezes Lotus Notes and Domino 6.0.1, Marc Schoenefeld
Vignette Story Server sensitive information disclosure (a040703-1), @stake Advisories
[OpenPKG-SA-2003.028] OpenPKG Security Advisory (samba), OpenPKG
[SECURITY] [DSA 279-1] New metrics packages fix insecure temporary file creation, Martin Schulze
[CLA-2003:618] Conectiva Security Announcement - kernel, Conectiva Updates
[DDI-1013] Buffer Overflow in Samba allows remote root compromise, Erik Parker
Seti@home exploit, Berend-Jan Wever
Seti@home information leakage and remote compromise, Berend-Jan Wever
Interbase/Firebird - external file security bug, Kotala Zdeněk
Two Invision Power Board 1.1.x vulns, Gossi The Dog
SignHere guestbook vulnerability., drG4njubas
Abyss X1 1.1.2 remote crash, Auriemma Luigi
Re: @(#)Mordred Labs advisory - Integer overflow in PHP str_repeat() function, Muhammad Faisal Rauf Danka
LocalSystem account in Windows 2000/XP, Pavel
- RE: LocalSystem account in Windows 2000/XP, Russ
[CLA-2003:615] Conectiva Security Announcement - samba, Conectiva Updates
[CLA-2003:617] Conectiva Security Announcement - file, Conectiva Updates
[CLA-2003:616] Conectiva Security Announcement - dhcp, Conectiva Updates
SRT2003-04-04-1106 - AOLServer Proxy Daemon API unformatted syslog() call, KF
buffalo AirStation G54 - (WBR-G54 ) DoS, Pavel shpac
[CLA-2003:614] Conectiva Security Announcement - sendmail, Conectiva Updates
An Alternate View of Recently Reported PHP Vulnerabilities, Steven M. Christey
- Re: An Alternate View of Recently Reported PHP Vulnerabilities, Sascha Schumann
- Re: An Alternate View of Recently Reported PHP Vulnerabilities, Goran Krajnovic
- Re: An Alternate View of Recently Reported PHP Vulnerabilities, dullien
[CLA-2003:613] Conectiva Security Announcement - snort, Conectiva Updates
Re: Vulnerability (critical): Digital signature for Adobe Acrobat/Reader plug-in can be forged, Vladimir Katalov
NetBSD Security Advisory 2003-009: sendmail buffer overrun in prescan() address parser, NetBSD Security Officer
NetBSD Security Advisory 2003-006: Cryptographic weaknesses in Kerberos v4 protocol, NetBSD Security Officer
TA-2003-03 Buffer Overflow Vulnerability in Hyperion FTP Server 3.0, Rushjo@xxxxxxxxxxx
AspJar guestbook script injection vulnerability., drG4njubas
[SECURITY] [DSA 278-2] New sendmail packages fix DoS and arbitrary code execution, Martin Schulze
SuSE Security Announcement: openssl (SuSE-SA:2003:024), Sebastian Krahmer
[SECURITY] [DSA 278-1] New sendmail packages fix denial of service, Martin Schulze
Syscall implementation could lead to whether or not a file exists, Andrew Griffiths
- Re: Syscall implementation could lead to whether or not a file exists, Pavel Machek
  - Re: Re: Syscall implementation could lead to whether or not a file exists, andrewg
- Re: Syscall implementation could lead to whether or not a file exists, Arjan van de Ven
NetBIOS could be used as network flood amplier, Francesco Vigo
- RE: NetBIOS could be used as network flood amplier, Russ
- Re: NetBIOS could be used as network flood amplier, Francesco Vigo
Using Java from Javascript, David F. Madrid
RE: Another security problem in Netgear FM114P ProSafe Wireless Router firmware (also level-one), Björn Stickler
Sakki's guestbook V.1.01 script injection vulnerability., drG4njubas
Another security problem in Netgear FM114P ProSafe Wireless Router firmware, Björn Stickler
[SECURITY] [DSA 277-1] New apcupsd packages fix remote root exploit, Martin Schulze
[RHSA-2003:109-03] Updated balsa and mutt packages fix vulnerabilities, bugzilla
Security Update: [CSSA-2003-016.0] OpenLinux: sendmail sign extension buffer overflow (CERT CA-2003-12), security
Multiple vulnerabilities in AutomatedShops WebC shopping cart, Carl Livitt
- Re: Multiple vulnerabilities in AutomatedShops WebC shopping cart, Carl Livitt
[SECURITY] [DSA 276-1] New Linux kernel packages (s390) fix local root exploit, Martin Schulze
[VulnDiscuss] passlogd sniffer remote buffer overflow root exploit., dong-h0un U
- Re: passlogd sniffer remote buffer overflow root exploit., Dragos Ruiu
SRT2003-04-03-1300 - Interbase ISC_LOCK_ENV overflow, KF
- Re: SRT2003-04-03-1300 - Interbase ISC_LOCK_ENV overflow, Marius Popa Adrian
[RHSA-2003:060-01] Updated NetPBM packages fix multiple vulnerabilities, bugzilla
[RHSA-2003:128-01] Updated Eye of GNOME packages fix vulnerability, bugzilla
SRT2003-04-02-1735 - Progress PROSTARTUP root owned file read, KF
Sendmail parseaddr security vulnerability on IRIX, SGI Security Coordinator
Re: NSFOCUS SA2003-03: Solaris dtsession Heap Buffer Overflow Vulnerability, Alan Kong
MDKSA-2003:040 - Updated Eterm packages fix escape sequence insecurities, Mandrake Linux Security Team
Microsoft Terminal Services vulnerable to MITM-attacks., Erik Forsberg
- RE: Microsoft Terminal Services vulnerable to MITM-attacks., Larry Seltzer
  - RE: Microsoft Terminal Services vulnerable to MITM-attacks., Devin Heitmueller
    - Re: Microsoft Terminal Services vulnerable to MITM-attacks., Henrik Storner
  - Re: Microsoft Terminal Services vulnerable to MITM-attacks., Erik Forsberg
- Re: Microsoft Terminal Services vulnerable to MITM-attacks., Carlos Branco
Re: Oracle JDBC: Inconsistent handling of timestamps, Peter J. Holzer
Java and Javascript, David F. Madrid
IkonBoard v3.1.1: arbitrary command execution, Nick Cleaton
Viewpoint Server, Ben Maynard
Re: PHP-Nuke block-Forums.php subject vulnerabilities, Frog Man
Css in Xoops module glossary 1.3.x, magistrat
Re: Positive Technologies Security Advisory 2003-0307: DoS-attack in Kerio WinRoute Firewall, Peter Pentchev
re:3com RAS 1500 Remote vulnerabilities., Jan Kachlik
XSS in Python Documentation Server, euronymous
[SECURITY] [DSA 275-1] New lpr-ppd packages fix local root exploit, Martin Schulze
OpenSSH 3.6.1 released, Markus Friedl
BEA WebLogic internal hostname disclosure, Michael Hendrickx
- Re: BEA WebLogic internal hostname disclosure, Kurt Seifried
RE: Netscape and Opera crash via java, Zelena Endre
- RE: Netscape and Opera crash via java, Richard H. Cotterell
  - Re: Netscape and Opera crash via java, Dan Harkless
Phorum 3.4 Cross Site Scripting, St�ckli
- Re: Phorum 3.4 Cross Site Scripting, Hagen Kühnel - HagK
- Re: Phorum 3.4 Cross Site Scripting, Brian Moon
Inaccurate Reports Concerning PHP Vulnerabilities, mattmurphy@xxxxxxxxx
@(#)Mordred Labs advisory - Integer overflow in PHP array_pad() function, Sir Mordred
- @(#)Mordred Labs advisory - Integer overflow in PHP array_pad() function, sir.mordred
[ANNOUNCE] Apache 2.0.45 Released, Lars Eilebrecht
@(#)Mordred Labs advisory - Integer overflow in PHP str_repeat() function, Sir Mordred
- Re: @(#)Mordred Labs advisory - Integer overflow in PHP str_repeat() function, Goran Krajnovic
  - Re: @(#)Mordred Labs advisory - Integer overflow in PHP str_repeat() function, Jedi/Sector One
  - Re: @(#)Mordred Labs advisory - Integer overflow in PHP str_repeat() function, Javi Lavandeira
    - Re: @(#)Mordred Labs advisory - Integer overflow in PHP str_repeat() function, Jon Ribbens
- @(#)Mordred Labs advisory - Integer overflow in PHP str_repeat() function, sir.mordred
[INetCop Security Advisory] Remote Multiple Buffer Overflow vulnerability in passlogd sniffer., dong-h0un U
[RHSA-2003:091-01] Updated kerberos packages fix various vulnerabilities, redhat-announce-list-admin
[SCSA-015] Remote Denial of Service Vulnerability in PowerFTP, Gr�gory
iDEFENSE Security Advisory 03.31.03: Buffer Overflow in Windows QuickTime Player, iDEFENSE Labs
Immunix Secured OS 7+ samba update, Immunix Security Team
- Immunix Secured OS 7+ samba update, Immunix Security Team
TYPSoft FTP Server, subj
Sambar Server "Buffer OverFlow" Vulnerabilities, Lorenzo Manuel Hernandez Garcia-Hierro
Fwd: QuickTime 6.1 for Windows is available, Bryan Blackburn
BRS WebWeaver: full disclosure, euronymous
Immunix Secured OS 7+ openssl update, Immunix Security Team
Re: IRM 004: ActiveSync Version 3.5 Denial of Service Vulnerability, panic
Buffer Overflow in Broker FTP Server, subj
- Re: Buffer Overflow in Broker FTP Server, Knud Erik Højgaard
FreeBSD Security Advisory FreeBSD-SA-03:07.sendmail, FreeBSD Security Advisories
GLSA: openafs (200303-26), Daniel Ahlberg
MiniPortal, subj
SRT2003-04-01-1231 - Progress DLC overflows, KF
Webserver CVS (In)Security, methodic
- Re: Webserver CVS (In)Security, Brian Hatch
- Re: Webserver CVS (In)Security, Crist J. Clark
- Re: Webserver CVS (In)Security, Andrew Brown
[RHSA-2003:084-01] Updated vsftpd packages re-enable tcp_wrappers support, bugzilla
[RHSA-2003:095-03] New samba packages fix security vulnerabilities, bugzilla
[RHSA-2003:101-01] Updated OpenSSL packages fix vulnerabilities, bugzilla
serious vulnerability present. all doomed. over., Security Experts, Liability Limited
[VulnDiscuss] 3Com 812 ADSL router vulnerability addendum, Michael Puchol
3Com OfficeConnect Remote 812 ADSL router exposes internal LAN computer's ports during outbound and inbound TCP and UDP sessions, Michael Puchol