Bugtraq: by thread

Bugtraq: by thread

440 messages starting Apr 01 02 and ending Apr 30 02
Date index | Thread index | Author index

Announcing Immunix SnackGuard Crispin Cowan (Apr 01)
UPDATED: Cisco Security Advisory: LDAP Connection Leak in CTI when User Authentication Fails Cisco Systems Product Security Incident Response Team (Apr 01)
Fun With MSN Chat Part I (Cross Scripting) John Heasman (Apr 01)
Security Update: [CSSA-2002-005.0] Linux - LD_LIBRARY_PATH problem in KDE sessions security (Apr 01)
packet filter fingerprinting(open but closed, closed but filtered) Meder Kydyraliev (Apr 01)
- Re: packet filter fingerprinting(open but closed, closed but filtered) Jonas Eriksson (Apr 03)
- Re: packet filter fingerprinting(open but closed, closed but filtered) Jonas Eriksson (Apr 03)
Re: invitation to my cam (fwd) Johnny J Chin (Apr 01)
Bypassing javascript filters - problem N3. Alexander K. Yezhov (Apr 01)
- Re: Bypassing javascript filters - problem N3. fozzy (Apr 04)
Zope security address Rossen Raykov (Apr 01)
- Re: Zope security address Matt Burleigh (Apr 02)
Boursorama.com cookie exploit Eyrill / Securiteinfo.com (Apr 01)
Re: squirrelmail 1.2.5 email user can execute command Konstantin Riabitsev (Apr 01)
Progress Setuid patch Installs (Happy Easter or April fools to Progress) KF (Apr 01)
Fw: Multiple Vulnerabilties in Sambar Server NGSSoftware Insight Security Research Advisory (NISR) (Apr 01)
iXsecurity.20020313.nw6remotemanager.a Patrik Karlsson (Apr 02)
KPMG-2002006: Lotus Domino Physical Path Revealed Peter Gründl (Apr 02)
- Re: KPMG-2002006: Lotus Domino Physical Path Revealed Nicolas Gregoire (Apr 03)
- Re: KPMG-2002006: Lotus Domino Physical Path Revealed Joe Testa (Apr 04)
Windows 2000 DCOM clients may leak sensitive information onto the network Todd Sabin (Apr 02)
Reading portions of local files in IE, depending on structure (GM#004-IE) GreyMagic Software (Apr 02)
Re: A buffer overflow study - generic protections Crispin Cowan (Apr 02)
Firewall-1 Identification : port 257 (ie archive : 18701) Sacha Faust (Apr 02)
- Re: Firewall-1 Identification : port 257 (ie archive : 18701) Mariusz Woloszyn (Apr 04)
MS 3/28/02 Security Patch for IE6 - warning! Phil Dibowitz (Apr 02)
- <Possible follow-ups>
- RE: MS 3/28/02 Security Patch for IE6 - warning! Thor Larholm (Apr 03)
  - RE: MS 3/28/02 Security Patch for IE6 - warning! Eric (Apr 03)
    - RE: MS 3/28/02 Security Patch for IE6 - warning! the Pull (Apr 04)
NSFOCUS SA2002-01: Sun Solaris Xsun "-co" heap overflow Nsfocus Security Team (Apr 02)
Various Vulnerabilities in ZoneAlarm MailSafe Edvice Security Services (Apr 02)
popper_mod 1.2.1 and previous accounts compromise matthew () ectisp net (Apr 02)
Taxonomies Marco de Vivo [UCV] (Apr 03)
- Re: Taxonomies Alex Russell (Apr 03)
- Re: Taxonomies Andrew R. Reiter (Apr 04)
Outlook Express Attach Execution Exploit (img tag + innerHTML + TIF dos name) Elia Florio (Apr 03)
Happy Easter / April Fools from Snosoft (Oracle 8.1.5 tnslsnr) KF (Apr 03)
Re: IRIX FTP Bounce vulnerability Christophe Casalegno (Apr 03)
Re: Multiple Vulnerabilties Sambar Webserver Tamer Sahin (Apr 03)
- <Possible follow-ups>
- Re: Multiple Vulnerabilties Sambar Webserver Steven M. Christey (Apr 04)
RE: [VulnWatch] vuln in wwwisis: remote command execution and get files Jorge Walters (Apr 03)
icecast 1.3.11 remote shell/root exploit - #temp dizznutt (Apr 03)
Huge Privacy Threats in Webmails and How Big Companies Handle them FozZy (Apr 03)
IE: Remote webpage can script in local zone Andreas Sandblad (Apr 03)
SASL (v1/v2) MYSQL/LDAP authentication patch. Simon Loader (Apr 03)
VNC Security Bulletin - zlib double free issue (multiple vendors and versions) Andrew van der Stock (Apr 03)
- Re: VNC Security Bulletin - zlib double free issue (multiple vendors and versions) Anthony DeRobertis (Apr 06)
  - RE: VNC Security Bulletin - zlib double free issue (multiple vendors and versions) Andrew van der Stock (Apr 06)
    - Re: VNC Security Bulletin - zlib double free issue (multiple vendors and versions) Anthony DeRobertis (Apr 06)
    - Re: VNC Security Bulletin - zlib double free issue (multiple vendors and versions) Nick Lamb (Apr 09)
Re: Identifying Kernel 2.4.x based Linux machines using UDP Phil (Apr 03)
Winamp: Mp3 file can control the minibrowser Andreas Sandblad (Apr 03)
- Re: Winamp: Mp3 file can control the minibrowser Security (Apr 04)
- Re: Winamp: Mp3 file can control the minibrowser Daniel Lorch (Apr 04)
  - Re: Winamp: Mp3 file can control the minibrowser Andreas Sandblad (Apr 04)
Cisco Security Advisory: Web interface vulnerabilities in ACS for Windows Cisco Systems Product Security Incident Response Team (Apr 03)
[CLA-2002:471] Conectiva Linux Security Announcement - cups secure (Apr 04)
Security bugs in PhpNuke Thiébaut (Apr 04)
Icecast temp patch (OR: Patches? We DO need stinkin' patches!! () $!) Neeko Oni (Apr 04)
SQL injection in PHPGroupware Matthias Jordan (Apr 04)
- Re: SQL injection in PHPGroupware Adam McKenna (Apr 04)
- <Possible follow-ups>
- Re: SQL injection in PHPGroupware Dan Kuykendall (Apr 12)
Cisco Security Advisory: Vulnerability in zlib library Cisco Systems Product Security Incident Response Team (Apr 04)
Multiple Vendor "talkd" user validation fault. Tekno pHReak (Apr 04)
- <Possible follow-ups>
- Re: Multiple Vendor "talkd" user validation fault. Mike Scher (Apr 05)
LogWatch 2.5 still vulnerable Spybreak (Apr 04)
iXsecurity.20020314.csadmin_fmt.a Patrik Karlsson (Apr 04)
ISS Advisory: Remote Buffer Overflow Vulnerability in IRIX SNMP Daemon X-Force (Apr 04)
RE: More Office XP problems Ben Schorr (Apr 04)
- Re: More Office XP problems Georgi Guninski (Apr 04)
  - RE: More Office XP problems Leonard Chung (Apr 06)
    - RE: More Office XP problems Paul Schmehl (Apr 06)
    - RE: More Office XP problems Kevin Brown (Apr 06)
    - RE: More Office XP problems Mary Landesman (Apr 09)
- <Possible follow-ups>
- RE: More Office XP problems Paul Szabo (Apr 09)
More Office XP problems (Version 2.0) Georgi Guninski (Apr 04)
Re: DoS in debian (potato) proftpd: 1.2.0pre10-2.0potato1 martin f krafft (Apr 04)
- Re: DoS in debian (potato) proftpd: 1.2.0pre10-2.0potato1 Alun Jones (Apr 04)
Quik-Serv Web Server v1.1B Arbitrary File Disclosure a b (Apr 04)
Dynamic Guestbook V3.0 Cross Site Scripting and Arbitrary Command Execution under certain circumstances Florian Hobelsberger / BlueScreen (Apr 04)
SECURITY.NNO: FTGate PRO/Office hotfixes 3APA3A (Apr 04)
RFC: suggestions for SSL security enhancements in Microsoft Internet Explorer dhalterm (Apr 04)
RE: Windows 2000 DCOM clients may leak sensitive information onto the network Adcock, Matt (Apr 04)
Security Update: [CSSA-2002-014.0] Linux: rsync supplementary groups vulnerability security (Apr 04)
IRIX SNMP Vulnerabilities SGI Security Coordinator (Apr 04)
iXsecurity.20020316.csadmin_dir.a Patrik Karlsson (Apr 04)
Full analysis of multiple remotely exploitable bugs in Icecast 1.3.11 dizznutt (Apr 04)
NSFOCUS SA2002-02 : Microsoft Windows MUP overlong request kernel overflow Nsfocus Security Team (Apr 04)
emumail.cgi acidneo (Apr 04)
- Re: emumail.cgi Tom Micklovitch (Apr 05)
- Re: emumail.cgi, one more local vulnerability (not verified) Leif Jakob (Apr 10)
- <Possible follow-ups>
- Re: emumail.cgi N|ghtHawk (Apr 05)
  - Re: emumail.cgi MegaHz (Apr 09)
    - Re: emumail.cgi Randal L. Schwartz (Apr 09)
(WSS-Advisories-02003) PHPBB BBcode Process Vulnerability Whitecell Security Systems (Apr 04)
Exploit for Tarantella Enterprise 3 installation (BID 3966) Larry W. Cashdollar (Apr 04)
[RHSA-2002:053-12] Race conditions in logwatch bugzilla (Apr 05)
Security Update: [CSSA-2002-015.0] Linux: Double free in zlib (libz) vulnerability security (Apr 05)
[RHSA-2002:054-09] Race conditions in logwatch bugzilla (Apr 05)
CA security contact Nicolas Gregoire (Apr 05)
- Re: CA security contact KF (Apr 05)
- Re: CA security contact Dustin E. Childers (Apr 06)
- <Possible follow-ups>
- RE: CA security contact Nick Benigno (Apr 06)
- Re: CA security contact Phil Froehlich (Apr 11)
Re: Techniques for Vulneability discovery Ivan Arce (Apr 05)
RE: Multiple Vendor "talkd" user validation fault 0x90 (Apr 08)
IMP 2.2.8 (SECURITY) released Brent J. Nordquist (Apr 08)
NetWare Remote Manager patches Patrik Karlsson (Apr 08)
Anthill login and JavaScript vulnerabilities Ulf Harnhammar (Apr 08)
Typsoft FTP Server: yet another directory traversal vulnerability Kistler Ueli (Apr 08)
KPMG-2002007: Watchguard SOHO Denial of Service Andreas Sandor (Apr 08)
Scripting for the scriptless with OWC in IE (GM#005-IE) GreyMagic Software (Apr 08)
Controlling the clipboard with OWC in IE (GM#007-IE) GreyMagic Software (Apr 08)
Reading local files with OWC in IE (GM#006-IE) GreyMagic Software (Apr 08)
multiple CGIscript.net scripts - Remote Code Execution Steve Gustin (Apr 08)
SuSE Security Announcement: ucdsnmp (SuSE-SA:2002:012) Thomas Biege (Apr 08)
Multiple local files detection issues with OWC in IE (GM#008-IE) GreyMagic Software (Apr 09)
Unauthorized remote control access to systems running Funk Softwa re's Proxy v3.x Coffin, Chris (Apr 09)
regarding SSL issues 0x90 (Apr 09)
Security Update: [CSSA-2002-SCO.14] Open UNIX 8.0.0 UnixWare 7.1.1 : X server allows access to any shared memory on the system security (Apr 09)
Cisco Security Advisory: Aironet Telnet Vulnerability Cisco Systems Product Security Incident Response Team (Apr 09)
Vulnerability: Windows2000Server running Terminalservices Tom.Unger () gmx de (Apr 09)
- Re: Vulnerability: Windows2000Server running Terminalservices Thor (Apr 09)
IE Word ActiveX DoS Loop eflorio (Apr 09)
[RHSA-2001:089-08] Updated tcpdump packages available for Red Hat Linux 6.2 and 7.x bugzilla (Apr 09)
Abyss Webserver 1.0 Administration password file retrieval exploit Jeremy Roberts (Apr 09)
MS02-018 Dave Ahmad (Apr 10)
- <Possible follow-ups>
- Re: MS02-018 Christian Milow (Apr 11)
  - R: MS02-018 Francesco Pacaccio (Apr 12)
- RE: MS02-018 verbal (Apr 12)
Cisco Security Advisory: Solaris /bin/log vulnerability Cisco Systems Product Security Incident Response Team (Apr 10)
- <Possible follow-ups>
- Re: Cisco Security Advisory: Solaris /bin/log vulnerability Charles M. Richmond (Apr 12)
@stake advisory: .htr heap overflow in IIS 4.0 and 5.0 advisories (Apr 10)
Cgisecurity Advisory #9: Novell Websearch, and Microsoft IIS XSS Issues zeno (Apr 10)
Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow Marc Maiffret (Apr 10)
- RE: Windows 2000 Sec rollup 2 patch -- Ouch! krisk (Apr 11)
IIS allows universal CrossSiteScripting Thor Larholm (Apr 10)
SPIKE version released that detects .HTR and ISAPI overflows (see spike.sourceforge.net) Dave Aitel (Apr 10)
KPMG-2002008: Watchguard SOHO IP Restrictions Flaw Peter Gründl (Apr 10)
KPMG-2002009: Microsoft IIS W3SVC Denial of Service Peter Gründl (Apr 11)
SOAP::Lite hole quentyn (Apr 11)
ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT gobbles (Apr 11)
- re: gobbles ntop alert Burton M. Strauss III (Apr 12)
iXsecurity.20020327.tivoli_tsm_dsmcad.a Patrik Karlsson (Apr 11)
IRIX Mail, mailx, timed and sort vulnerabilities SGI Security Coordinator (Apr 11)
[SNS Advisory No.49] A Possibility of Internet Information Server/Services Cross Site Scripting snsadv () lac co jp (Apr 11)
KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun Peter Gründl (Apr 11)
local root compromise in openbsd 3.0 and below Przemyslaw Frasunek (Apr 11)
- Re: local root compromise in openbsd 3.0 and below Solar Designer (Apr 11)
- Re: local root compromise in openbsd 3.0 and below Manuel Bouyer (Apr 12)
  - Re: local root compromise in openbsd 3.0 and below Brett Glass (Apr 15)
    - Re: local root compromise in openbsd 3.0 and below Manuel Bouyer (Apr 15)
OpenBSD Local Root Compromise Milos Urbanek (Apr 11)
- Re: OpenBSD Local Root Compromise Dries Schellekens (Apr 12)
iXsecurity.20020328.tivoli_tsm_dsmsvc.a Patrik Karlsson (Apr 12)
IBM Informix Web DataBlade: SQL injection Simon Lodal (Apr 12)
IBM Informix Web DataBlade: Auto-decoding HTML entities Simon Lodal (Apr 12)
Security Update: [CSSA-2002-SCO.15] Open UNIX 8.0.0 UnixWare 7.1.1 : Buffer overflow in libX11 with -xrm security (Apr 12)
Inn (Inter Net News) security problems Paul Starzetz (Apr 12)
Re: (SRADV00006) Remote command execution vulnerabilities in phpGroupWare Dan Kuykendall (Apr 12)
MDKSA-2002:026 - libsafe update Mandrake Linux Security Team (Apr 12)
OpenBSD 3.0: Bug in rshd(8) and rexecd(8) (fwd) Jonas Eriksson (Apr 12)
SWS Vuln (small but important to those using it.) BrainRawt . (Apr 12)
Remote buffer overflow in Webalizer Spybreak (Apr 15)
- Re: Remote buffer overflow in Webalizer Franck Coppola (Apr 17)
  - Re: Remote buffer overflow in Webalizer Bradford L. Barrett (Apr 18)
  - Re: Remote buffer overflow in Webalizer Lars Hecking (Apr 19)
More fun with html mail: Outlook Express, Internet Explorer, Other etc http-equiv () excite com (Apr 15)
Security Update: [CSSA-2002-SCO.16] UnixWare 7.1.1 : Multiple Vulnerabilities in BIND security (Apr 15)
Ability to read buddy list of AIM users sunny licious (Apr 15)
- Re: Ability to read buddy list of AIM users Andrew J. Stackhouse (Apr 15)
- Re: Ability to read buddy list of AIM users Eugene Medynskiy (Apr 17)
- <Possible follow-ups>
- RE: Ability to read buddy list of AIM users emann (Apr 17)
- RE: Ability to read buddy list of AIM users emann (Apr 17)
SunSop: cross-site-scripting bug ppp-design (Apr 15)
Using the backbutton in IE is dangerous Andreas Sandblad (Apr 15)
- <Possible follow-ups>
- RE: Using the backbutton in IE is dangerous Martin, Jeffrey (Apr 17)
Vulnerabilities in the Melange Chat Server Leon Harris (Apr 15)
Nortel CVX 1800s will dump all local user names and passwords via SNMP Michael Rawls (Apr 15)
Several x-dev.de Guestbook and xNewsletter Vulnerabilities ( www.x-dev.de ) Florian Hobelsberger / BlueScreen (Apr 16)
Possible vulnerabilities of ICQ files opened in IE or OE silentsupporter (Apr 16)
- <Possible follow-ups>
- Re: Possible vulnerabilities of ICQ files opened in IE or OE N|ghtHawk (Apr 17)
wbboard 1.1.1 Cross Site Scripting Vulnerability SeazoN (Apr 16)
IRIX XFS filesystem denial of service attack SGI Security Coordinator (Apr 16)
- Re: IRIX XFS filesystem denial of service attack H D Moore (Apr 16)
  - Re: IRIX XFS filesystem denial of service attack Eric Sandeen (Apr 16)
buffer overflow, using greek characters, AGAIN! MegaHz (Apr 16)
Raptor Firewall FTP Bounce vulnerability Roy Hills (Apr 16)
- <Possible follow-ups>
- RE: Raptor Firewall FTP Bounce vulnerability Lysel Christian Emre (Apr 18)
  - RE: Raptor Firewall FTP Bounce vulnerability Roy Hills (Apr 18)
- Re: Raptor Firewall FTP Bounce vulnerability William Aguilar (Apr 18)
- RE: Raptor Firewall FTP Bounce vulnerability Martin O'Neal (Apr 18)
About: Using the backbutton in IE is dangerous Andreas Sandblad (Apr 16)
Demarc PureSecure 1.05 may be other (user can bypass login) pokleyzz sakamaniaka (Apr 16)
Vulnerability in HP Photosmart/Deskjet Drivers for Mac OS X (root compromise) Dr Andreas F Muller (Apr 16)
A crash course with Linux Kernel 2.4.x, IP ID values & RFC 791 Ofir Arkin (Apr 16)
w00w00 on Microsoft IE/Office for Mac OS Matt Conover (Apr 16)
- Re: w00w00 on Microsoft IE/Office for Mac OS Kevin van Haaren (Apr 16)
Cisco Security Advisory: Microsoft IIS Vulnerabilities in Cisco Products - MS02-018 Cisco Systems Product Security Incident Response Team (Apr 16)
Norton Personal Firewall 2002 vulnerable to SYN/FIN scan Alfonso Fiore (Apr 16)
ansi outer join syntax in Oracle allows access to any data Pete Finnigan (Apr 16)
- Re: ansi outer join syntax in Oracle allows access to any data Charles J Wertz (Apr 16)
  - Re: ansi outer join syntax in Oracle allows access to any data Pete Finnigan (Apr 17)
- Re: ansi outer join syntax in Oracle allows access to any data Pete Finnigan (Apr 19)
- <Possible follow-ups>
- Re: ansi outer join syntax in Oracle allows access to any data Greg Williamson (Apr 17)
[SECURITY] [DSA-126-1] Horde and IMP cross-site scripting attack Wichert Akkerman (Apr 16)
Security Update: [CSSA-2002-016.0] Linux: horde/imp cross scripting vulnerabilities security (Apr 16)
FreeBSD Security Advisory FreeBSD-SA-02:20.syncache FreeBSD Security Advisories (Apr 16)
MDKSA-2002:027 - squid update Mandrake Linux Security Team (Apr 16)
IRIX cron daemon vulnerability SGI Security Coordinator (Apr 16)
Microsoft Security Bulletin MS02-019: Unchecked Buffer in Internet Explorer and Office for Mac Can Cause Code to Execute (Q321309) Microsoft (Apr 17)
- <Possible follow-ups>
- Microsoft Security Bulletin MS02-019: Unchecked Buffer in Internet Explorer and Office for Mac Can Cause Code to Execute (Q321309) Microsoft (Apr 17)
Microsoft FTP Service STAT Globbing DoS H D Moore (Apr 17)
Melange Chat POC DOS dvdman (Apr 17)
Demarc Security Update Advisory Demarc Security Support (Apr 17)
IE allows universal Cross Site Scripting (TL#002) Thor Larholm (Apr 17)
- RE: IE allows universal Cross Site Scripting (TL#002) GreyMagic Software (Apr 18)
[SECURITY] [DSA-127-1] buffer overflow in xpilot-server Wichert Akkerman (Apr 17)
Snort exploits 0xcafebabe (Apr 17)
- Re: Snort exploits Dragos Ruiu (Apr 18)
- Re: Snort exploits Chris Green (Apr 25)
- <Possible follow-ups>
- RE: Snort exploits Grimes, Roger (Apr 18)
  - Re: Snort exploits Darren Reed (Apr 19)
- Re: Snort exploits Vern Paxson (Apr 19)
  - Re: Snort exploits Martin Roesch (Apr 18)
    - Re: Snort exploits der Mouse (Apr 19)
Multiple Vulnerabilities in PostBoard gcsb (Apr 17)
[CERT-intexxia] AOLServer DB Proxy Daemon Format String Vulnerability Benoît Roussel (Apr 17)
An alternative method to check LKM backdoor/rootkit Wang Jian (Apr 17)
- Re: An alternative method to check LKM backdoor/rootkit Paul Starzetz (Apr 18)
  - Re: An alternative method to check LKM backdoor/rootkit Florian Weimer (Apr 18)
    - Re: An alternative method to check LKM backdoor/rootkit Karsten W. Rohrbach (Apr 18)
    - 答复: An alternative method to check LKM bac kdoor/rootkit Wang Jian (Apr 19)
- <Possible follow-ups>
- RE: An alternative method to check LKM backdoor/rootkit Philippe Bourgeois (Apr 18)
Microsoft IIS 5.0 CodeBrws.asp Source Disclosure H D Moore (Apr 17)
- Re: Microsoft IIS 5.0 CodeBrws.asp Source Disclosure Joe Testa (Apr 17)
- <Possible follow-ups>
- RE: Microsoft IIS 5.0 CodeBrws.asp Source Disclosure Randy Hinders (Apr 17)
  - Re: Microsoft IIS 5.0 CodeBrws.asp Source Disclosure H D Moore (Apr 17)
    - Re: Microsoft IIS 5.0 CodeBrws.asp Source Disclosure Chris Anley (Apr 18)
Mailman/Pipermail private mailing list/local user vulnerability H. Peter Anvin (Apr 17)
AIM's 'Direct Connection' feature could lead to arbitrary file creation Noah Johnson (Apr 17)
[SNS Advisory No.51] Compaq Tru64 UNIX libc Buffer Overflow Vulnerability snsadv () lac co jp (Apr 17)
[SNS Advisory No.50] Compaq Tru64 UNIX dtprintinfo "-session" Buffer Overflow Vulnerability snsadv () lac co jp (Apr 17)
Webtrends Reporting Center Buffer Overflow (#NISR17042002C) NGSSoftware Insight Security Research (Apr 17)
Back Office Web Administrator Authentication Bypass (#NISR17042002A) NGSSoftware Insight Security Research (Apr 17)
Ammendum: A crash course with Linux Kernel 2.4.x, IP ID values & RFC 791 Ofir Arkin (Apr 17)
Buffer Overrun in Talentsoft's Web+ (3) (#NISR17042002B) NGSSoftware Insight Security Research (Apr 17)
KPMG-2002011: Windows 2000 microsoft-ds Denial of Service Peter Gründl (Apr 17)
IBM Informix Web DataBlade: Local root by design Simon Lodal (Apr 17)
segfault in ntop JP (Apr 18)
- RE: segfault in ntop Burton M. Strauss III (Apr 20)
- <Possible follow-ups>
- RE: segfault in ntop Craig Humphrey (Apr 18)
KPMG-2002012: Sambar Webserver Serverside Fileparse Bypass Peter Gründl (Apr 18)
IBM Security Advisory: IBM Tivoli Policy Director WebSEAL Michael S Soukup (Apr 18)
[[ TH 026 Inc. ]] SA #1 - Multiple vulnerabilities in PVote 1.5 Daniel Nyström (Apr 18)
FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip FreeBSD Security Advisories (Apr 18)
MDKSA-2002:024-1 - rsync update Mandrake Linux Security Team (Apr 18)
KPMG-2002012: (Re-submitted) Sambar Webserver Serverside Fileparse Bypass Peter Gründl (Apr 18)
KPMG-2002013: Coldfusion Path Disclosure Peter Gründl (Apr 18)
- Re: KPMG-2002013: Coldfusion Path Disclosure Chris Ess (Apr 19)
  - RE: KPMG-2002013: ColdFusion Path Disclosure Bejon Parsinia (Apr 20)
  - Re: KPMG-2002013: Coldfusion Path Disclosure Mike Fetherston (Apr 20)
- <Possible follow-ups>
- Re: KPMG-2002013: Coldfusion Path Disclosure Tom Donovan (Apr 26)
Re: [Snort-devel] Re: Re: Snort exploits Fyodor (Apr 18)
FreeBSD Security Advisory FreeBSD-SA-02:18.zlib [REVISED] FreeBSD Security Advisories (Apr 19)
fragroute vs. snort: the tempest in a teacup Dragos Ruiu (Apr 19)
- Re: fragroute vs. snort: the tempest in a teacup Dug Song (Apr 18)
  - Re: fragroute vs. snort: the tempest in a teacup Darren Reed (Apr 19)
    - Re: fragroute vs. snort: the tempest in a teacup Ron DuFresne (Apr 20)
- <Possible follow-ups>
- Re: fragroute vs. snort: the tempest in a teacup Steven M. Bellovin (Apr 20)
- Re: fragroute vs. snort: the tempest in a teacup Brad Powell (Apr 20)
- Re: fragroute vs. snort: the tempest in a teacup jan (Apr 20)
Restricted Shells A . Dimitrov (Apr 19)
- Re: Restricted Shells Scott T. Cameron (Apr 20)
Re: Microsoft Security Bulletin - MS02-020 Bronek Kozicki (Apr 19)
- Re: Microsoft Security Bulletin - MS02-020 Chip Andrews (Apr 20)
- <Possible follow-ups>
- Re: Microsoft Security Bulletin - MS02-020 Bronek Kozicki (Apr 20)
HiverCon 2002 Mark Anderson (Apr 19)
Remote Timing Techniques over TCP/IP Mauro Lacy (Apr 19)
- Re: Remote Timing Techniques over TCP/IP Solar Designer (Apr 19)
  - Re: Remote Timing Techniques over TCP/IP stealth (Apr 20)
- Re: Remote Timing Techniques over TCP/IP Syzop (Apr 20)
Microsoft Security Bulletin MS02-020:SQL Extended Procedure Functions Contain Unchecked Buffers (Q319507) Microsoft (Apr 19)
Amazon.com Password limit Vishal Ganeriwala (Apr 19)
- Re: Amazon.com Password limit jon schatz (Apr 20)
MHonArc v2.5.2 Script Filtering Bypass Vulnerability TAKAGI, Hiromitsu (Apr 19)
Howto exploit a remote format bug automatically Frédéric Raynal (Apr 19)
- Re: Howto exploit a remote format bug automatically Fredrik Widlund (Apr 20)
List of extended sprocs that are vulnerable? FW: Microsoft Security Bulletin MS02-020 Toni Lassila (Apr 19)
- Re: List of extended sprocs that are vulnerable? FW: Microsoft Security Bulletin MS02-020 Bronek Kozicki (Apr 20)
  - Re: QPopper 4.0.4 buffer overflow J Mike Rollins (Apr 30)
KPMG-2002014: Foundstone Fscan Format String Bug Peter Gründl (Apr 20)
Re: Nortel CVX 1800s will dump all local user names and passwords via SNMP Cynthia Brown (Apr 20)
Snitz Forums 2000 remote SQL query manipulation vulnerability acemi (Apr 20)
Xpede many vulnerabilities Cerberus Vulgaris (Apr 20)
OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow Marcell Fodor (Apr 20)
Summercon 2002 CFP Summercon Admin (Apr 20)
KPMG-2002015: Microsoft Distributed Transaction Coordinator DoS Peter Gründl (Apr 20)
- RE: KPMG-2002015: Microsoft Distributed Transaction Coordinator DoS Andrew Kunz (Apr 26)
Re: NSFOCUS SA2002-02 : Microsoft Windows MUP overlong request kernel overflow Berend-Jan Wever (Apr 20)
[[ TH 026 Inc. ]] SA #2 - IcrediBB 1.1, Cross Site Scripting vulnerability. Daniel Nyström (Apr 20)
Tomcat 4.1 real path disclosure Wang Yun (Apr 20)
- Re: Tomcat 4.1 real path disclosure Joe Testa (Apr 20)
- Re: Tomcat 4.1 real path disclosure Ian Darwin (Apr 20)
Another Faq-O-Matic XSS Vuln? BrainRawt . (Apr 20)
Vulnerability in PostCalendar gcsb (Apr 20)
Cross site scripting in almost every mayor website Berend-Jan Wever (Apr 20)
- Re: Cross site scripting in almost every mayor website FozZy (Apr 23)
- <Possible follow-ups>
- Re: Cross site scripting in almost every mayor website Berend-Jan Wever (Apr 23)
  - RE: Cross site scripting in almost every mayor website GreyMagic Software (Apr 24)
Keyservers Cross Site Scripting (When CSS Gets Dangerous) Noam Rathaus (Apr 20)
DoS in Multiple IE Versions (Self-Referenced Directives) Matthew Murphy (Apr 20)
Re: Cross site scripting @verisign.com and @cybercash.com zeno (Apr 20)
- <Possible follow-ups>
- Cross site scripting @verisign.com and @cybercash.com KF (Apr 20)
DOS for Icq 2001&2002 Michael (Apr 20)
Re: Bug in QPopper (All Versions?) Tim Jackson (Apr 20)
OpenSSH Security Advisory (adv.token) Niels Provos (Apr 22)
FreeBSD Security Advisory FreeBSD-SA-02:23.stdio FreeBSD Security Advisories (Apr 22)
- Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio bert hubert (Apr 23)
- Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio Theo de Raadt (Apr 23)
- <Possible follow-ups>
- Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio Steven M. Bellovin (Apr 23)
  - trusting user-supplied data (was Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio) James Ralston (Apr 24)
STANFORD CONFERENCE ON VULNERABILITY DISCLOSURE: Early Reg to Close Soon! (fwd) Adam Shostack (Apr 22)
Redux: NIDS, fragrouter, and off-topic sanity [WAS: Snort exploit] Greg Shipley (Apr 22)
Slrnpull Buffer Overflow (-d parameter) Alex Hernandez (Apr 22)
- Re: Slrnpull Buffer Overflow (-d parameter) Bill Nottingham (Apr 30)
psyBNC 2.3 DoS / bug nawok (Apr 22)
- <Possible follow-ups>
- Re: psyBNC 2.3 DoS / Bug psychoid (Apr 23)
Pine Internet Advisory: Setuid application execution may give local root in FreeBSD Patrick Oonk (Apr 22)
ALERT! ALERT! ALERT! ALERT! ALERT! hehehehe ;Pppppp gobbles (Apr 23)
Philip Chinery's Guestbook 1.1 fails to filter out js/html Markus Arndt (Apr 23)
AIM Remote File Transfer/Direct Connection Vulnerability Sil (Apr 23)
Matu FTP remote buffer overflow vulnerability Kanatoko (Apr 23)
Tomcat real path disclosure (2) CHINANSL Security Team (Apr 23)
arp problem Bart�omiej (Apr 23)
- Re: arp problem Akatosh (Apr 23)
- <Possible follow-ups>
- RE: arp problem dlaumann (Apr 25)
vqServer Demo Files Cross-Site Scripting Matthew Murphy (Apr 23)
Lil' HTTP Server Directory Traversal Vulnerability Matthew Murphy (Apr 23)
Cross Site Scripting. Many Sites Vulnerable. InterWN Labs (Apr 23)
cheers KF (Apr 23)
[ESA-20020423-009] webalizer contains a potentially exploitable buffer overflow EnGarde Secure Linux (Apr 23)
LabVIEW Web Server DoS Vulnerability Steve Zins (Apr 23)
- <Possible follow-ups>
- Re: LabVIEW Web Server DoS Vulnerability Steven Zins (Apr 25)
PsyBNC Remote Dos POC dvdman (Apr 23)
ANNOUNCE: RATS 1.4 RATS Announce (Apr 23)
CGIscript.net - csMailto.cgi - Remote Command Execution Steve Gustin (Apr 23)
Denial of Service in Mosix 1.5.x enrico (Apr 23)
More Cross site Scripting in PHPNuke Replugge [ROD] (Apr 23)
- <Possible follow-ups>
- Re: More Cross site Scripting in PHPNuke chkumite chkumite (Apr 26)
IE DoS and possibly exploitable stack overflow Berend-Jan Wever (Apr 24)
De-anonymizer Berend-Jan Wever (Apr 24)
CORE-20020409: Multiple vulnerabilities in stack smashing protection technologies Iván Arce (Apr 24)
- Re: CORE-20020409: Multiple vulnerabilities in stack smashing protection technologies Mariusz Woloszyn (Apr 30)
IRISconsole icadmin password vulnerability SGI Security Coordinator (Apr 24)
Re: trusting user-supplied data (was Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio) Wietse Venema (Apr 24)
- <Possible follow-ups>
- Re: trusting user-supplied data (was Re: FreeBSD Security Advisory FreeBSD-SA-02:23.stdio) Steven M. Bellovin (Apr 25)
IRIX hpsnmpd vulnerability SGI Security Coordinator (Apr 24)
IRIX syslogd vulnerability SGI Security Coordinator (Apr 24)
Re: Ikonboard 2.1.9 (possible other versions) Vulnerability when HTML is ON Stefan Walk (Apr 24)
A bug in the Kerberos4 ftp client may cause heap overflow which leads to remote code execution Marcell Fodor (Apr 24)
more info on the iosmash.c exploit John Scimone (Apr 25)
Re: (Fwd) Keyservers Cross Site Scripting (When CSS Gets Dangerous) Michael Young (Apr 25)
Trendmicro - Interscan - List of BCC: is revealed when stripping attachments and notifying destination addresses Ishay Sommer (Apr 25)
- RE: Trendmicro - Interscan - List of BCC: is revealed when stripping attachments and notifying destination addresses Florent Trupheme (Apr 26)
- Re: Trendmicro - Interscan - List of BCC: is revealed when stripping attachments and notifying destination addresses Rich Lafferty (Apr 26)
Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list) Menashe Eliezer (Apr 25)
- Re: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list) 3APA3A (Apr 26)
  - Re: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list) Deus, Attonbitus (Apr 26)
  - RE: Microsoft Baseline Security Analyzer exploit (Exposed vulnerabilities' list) Menashe Eliezer (Apr 26)
PHProjekt multiple vulnerabilities Ulf Harnhammar (Apr 25)
[Global InterSec 2002041701] Sudo Password Prompt Vulnerability. Global InterSec Research (Apr 25)
Sudo version 1.6.6 now available (fwd) Jonas Eriksson (Apr 25)
- Re: Sudo version 1.6.6 now available (fwd) Przemyslaw Frasunek (Apr 25)
[CLA-2002:474] Conectiva Linux Security Announcement - ethereal secure (Apr 25)
[RHSA-2002:063-05] Updated icecast packages are available bugzilla (Apr 25)
MDKSA-2002:028 - sudo update Mandrake Linux Security Team (Apr 26)
Intel D845HV/WN/PT series motherboard vulnerability Dave Oliver (Apr 26)
[SECURITY] [DSA-128-1] sudo buffer overflow Wichert Akkerman (Apr 26)
MDKSA-2002:029 - imlib update Mandrake Linux Security Team (Apr 26)
ecartis / listar PoC KF (Apr 26)
- Re: ecartis / listar PoC John Madden (Apr 26)
  - Re: ecartis / listar PoC KF (Apr 26)
slrnpull -d PoC KF (Apr 26)
Fragroute and ISS (NetworkICE) products: a brief analysis Chris Deibler (Apr 26)
Re: CORE-20020409: Multiple vulnerabilities in stack smashing protection technologies trial (Apr 26)
[slackware-security] sudo upgrade fixes a potential vulnerability Slackware Security Team (Apr 26)
[RHSA-2002:072-07] Updated sudo packages are available bugzilla (Apr 26)
Security Update: [CSSA-2002-017.0] Linux: squid compressed DNS answer message boundary failure security (Apr 26)
Re: Trendmicro - Interscan - List of BCC: is revealed when stripping attachments and notifying destination addresses mutt (Apr 26)
Revised OpenSSH Security Advisory (adv.token) Markus Friedl (Apr 26)
Mp3 file can execute code in Winamp [Sandblad advisory #5] Andreas Sandblad (Apr 26)
[CLA-2002:475] Conectiva Linux Security Announcement - sudo secure (Apr 26)
Re: XMB cross-scripting vulnerability Joe (Apr 26)
[RHSA-2002:071-07] Updated sudo packages are available Dave Ahmad (Apr 26)
[CLA-2002:476] Conectiva Linux Security Announcement - webalizer secure (Apr 26)
IndiaTimes.com - Email - Session hijacking and Inbox Blocking Giri Sandeep (Apr 26)
PHP-Survey Database Access Vulnerability MOD (Apr 26)
- Re: PHP-Survey Database Access Vulnerability Jens Knoell (Apr 26)
Fragroute-NetworkICE follow-up Chris Deibler (Apr 26)
Response to KF about Listar/Ecartis Vulnerability Trish Lynch (Apr 27)
QPopper 4.0.4 buffer overflow Marcell Fodor (Apr 29)
More Office XP problems (version 3.0) Georgi Guninski (Apr 29)
dnstools: authentication bypass vulnerability ppp-design (Apr 29)
SuSE Security Announcement: radiusd-cistron (SuSE-SA:2002:013) Sebastian Krahmer (Apr 29)
[ESA-20020429-010] 'sudo' heap corruption vulnerability EnGarde Secure Linux (Apr 29)
TSLSA-2002-0046 - sudo Trustix Secure Linux Advisor (Apr 29)
TSLSA-2002-0047 - openssh Trustix Secure Linux Advisor (Apr 29)
Blahz-DNS: Authentication bypass vulnerability ppp-design (Apr 29)
Multiple CSS/XSS vulnerabilities on directNIC.com Alex Lambert (Apr 29)
ITCP Advisory 13: Bypassing of ATGuard Firewall possible BlueScreen (Apr 29)
- AW: ITCP Advisory 13: Bypassing of ATGuard Firewall possible Jonas Koch (Apr 30)
  - Re: ITCP Advisory 13: Bypassing of ATGuard Firewall possible BlueScreen (Apr 30)
- Re: ITCP Advisory 13: Bypassing of ATGuard Firewall possible Jim Hill (Apr 30)
- <Possible follow-ups>
- Re: ITCP Advisory 13: Bypassing of ATGuard Firewall possible UMusBKidN (Apr 30)
eSecurityOnline Security Advisory 2397 - Sun Solaris admintool -d and PRODVERS buffer overflow vulnerabilities researchteam5 (Apr 30)
eSecurityOnline Security Advisory 2408 - CIDER SHADOW CGI researchteam5 (Apr 30)
eSecurityOnline Security Advisory 4197 - Sun Solaris cachefsd den ial of service vulnerability researchteam5 (Apr 30)
eSecurityOnline Security Advisory 4198 - Sun Solaris cachefsd mou nt file buffer overflow vulnerability researchteam5 (Apr 30)
eSecurityOnline Security Advisory 4123 - Sun Solaris admintool me dia installation path buffer overflow vulnerability researchteam5 (Apr 30)
Follows: Norton Personal Firewall 2002 vulnerable to SYN/FIN scan Alfonso Fiore (Apr 30)
eSecurityOnline Security Advisories notes researchteam5 (Apr 30)
eSecurityOnline Security Advisory 2406 - CDE dtprintinfo Help sea rch buffer overflow vulnerability researchteam5 (Apr 30)
Security Update: [CSSA-2002-018.0] Linux: Race condition in fileutils security (Apr 30)
eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy dis play name buffer overflow vulnerability researchteam5 (Apr 30)
Reading local files in Netscape 6 and Mozilla (GM#001-NS) GreyMagic Software (Apr 30)
- Re: Reading local files in Netscape 6 and Mozilla (GM#001-NS) Jordan K Wiens (Apr 30)
- <Possible follow-ups>
- RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS) Thor Larholm (Apr 30)
  - RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS) Rui Miguel Silva Seabra (Apr 30)
- RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS) Thor Larholm (Apr 30)
KPMG-2002016: Bea Weblogic incorrect URL parsing issues Peter Gründl (Apr 30)
IRIX cpr vulnerability SGI Security Coordinator (Apr 30)
IRIX /dev/ipfilter Denial of Service vulnerability SGI Security Coordinator (Apr 30)
IRIX pmcd Denial of Service vulnerability SGI Security Coordinator (Apr 30)
Adivosry + Exploit for Remote Root Hole in Default Installation of Popular Commercial Operating System gobbles (Apr 30)
SuSE Security Announcement: sudo (SuSE-SA:2002:014) Sebastian Krahmer (Apr 30)
ISS Advisory: Remote Denial of Service Vulnerability in RealSecure Network Sensor X-Force (Apr 30)
Levcgi.coms MyGuestbook JavaScript Injection Vulnerability BrainRawt . (Apr 30)
Security Update: [CSSA-2002-019.0] Linux: imlib processes untrusted images security (Apr 30)
3CDaemon DoS exploit skyrim msh (Apr 30)

Previous period

Next period