Bugtraq: by thread

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq: by thread

393 messages starting Jan 01 02 and ending Jan 31 02
Date index | Thread index | Author index

IE GetObject() problems Georgi Guninski (Jan 01)
- Re: IE GetObject() problems the Pull (Jan 02)
- Re: IE GetObject() problems Michael Fellows (Jan 03)
  - Re: IE GetObject() problems Georgi Guninski (Jan 04)
[Announce] SECURITY: mutt-1.2.5.1 and mutt-1.3.25 released. Thomas Roessler (Jan 01)
w00w00 on AOL Instant Messenger (serious vulnerability) Matt Conover (Jan 02)
- <Possible follow-ups>
- RE: w00w00 on AOL Instant Messenger (serious vulnerability) Moorhouse, Walt P (Jan 02)
[RHSA-2001:170-06] Updated Mailman packages available bugzilla (Jan 02)
AIM addendum Matt Conover (Jan 02)
- Re: AIM addendum Paul Schmehl (Jan 02)
  - Re: AIM addendum Matt Conover (Jan 02)
    - Heap overflow in snmpnetstat Juan M. de la Torre (Jan 03)
    - Re: AIM addendum Mark Coleman (Jan 03)
    - Re: AIM addendum Paul Schmehl (Jan 03)
- <Possible follow-ups>
- Re: AIM addendum austin naremore (Jan 03)
  - Re: AIM addendum Tyler (Jan 04)
[SECURITY] [DSA-096-1] mutt buffer overflow Wichert Akkerman (Jan 02)
Vulnerability in encrypted loop device for linux Jerome Etienne (Jan 02)
- <Possible follow-ups>
- Re: Vulnerability in encrypted loop device for linux Alfonso De Gregorio (Jan 02)
BSCW: Vulnerabilities and Problems SQEHXLLBQUJX (Jan 02)
[SECURITY] [DSA-096-2] mutt buffer overflow, sparc update Wichert Akkerman (Jan 02)
Mail.com Cross Site Scripting Vulnerability Digital Shadow (Jan 03)
- <Possible follow-ups>
- Mail.com Cross Site Scripting Vulnerability Keith Dallara (Jan 04)
[CLA-2002:447] Conectiva Linux Security Announcement - glibc secure (Jan 03)
[CLA-2002:448] Conectiva Linux Security Announcement - libgtop secure (Jan 03)
Serious IE privacy issues Tom Micklovitch (Jan 03)
Stunnel: Format String Bug update Brian Hatch (Jan 03)
- Re: Stunnel: Format String Bug update Roman Drahtmueller (Jan 08)
[AP] awhttpd v2.2 local DoS methodic (Jan 03)
- Format string bug in awhttpd (Re: [AP] awhttpd v2.2 local DoS) 3APA3A (Jan 05)
  - Buffer overflow in awhttpd (Re: Format string bug in awhttpd (Re: [AP] awhttpd v2.2 local DoS)) 3APA3A (Jan 05)
- <Possible follow-ups>
- Re: [AP] awhttpd v2.2 local DoS D. (Jan 07)
Vulnerability in new user creation in Geeklog 1.3 Woody Hughes (Jan 04)
[SECURITY] [DSA 097-1] New versions of Exim fix uncontrolled program execution Martin Schulze (Jan 04)
Vulnerability in user posting in Nick.com forums Danny Ricci (Jan 04)
More reading of local files in MSIE jelmer (Jan 04)
- Re: More reading of local files in MSIE Dave Ahmad (Jan 04)
- Re: More reading of local files in MSIE the Pull (Jan 05)
VERISIGN "PAYFLOW LINK" PAYMENT SERVICE SECURITY FAILURE keith royster (Jan 04)
- <Possible follow-ups>
- Re: VERISIGN "PAYFLOW LINK" PAYMENT SERVICE SECURITY FAILURE David Frascone (Jan 05)
Security Advisory for Bugzilla v2.15 (cvs20020103) and older Dave Miller (Jan 05)
- Re: Security Advisory for Bugzilla v2.15 (cvs20020103) and older David Miller (Jan 07)
Savant Webserver Buffer Overflow Vulnerability Tamer Sahin (Jan 05)
BOOZT! Standard 's administration cgi vulnerable to buffer overflow rsanmcar (Jan 05)
Pine 4.33 (at least) URL handler allows embedded commands. zen-parse (Jan 05)
- Re: Pine 4.33 (at least) URL handler allows embedded commands. Michal Zalewski (Jan 07)
  - Re: Pine 4.33 (at least) URL handler allows embedded commands. zen-parse (Jan 08)
  - Re: Pine 4.33 (at least) URL handler allows embedded commands. Roman Drahtmueller (Jan 08)
CSS Daryl (Jan 05)
Hosting Controller's - Multiple Security Vulnerabilities Phuong Nguyen (Jan 05)
Re: gzip bug w/ patch.. Jonathan A. Zdziarski (Jan 05)
AW: IE https certificate attack K . J . Mueller (Jan 05)
- Re: AW: IE https certificate attack Florian Weimer (Jan 07)
- Re: IE https certificate attack Helmut Springer (Jan 07)
  - Re: IE https certificate attack Jim Knoble (Jan 08)
- Re: AW: IE https certificate attack Ben Laurie (Jan 07)
- Re: AW: IE https certificate attack George Staikos (Jan 07)
CrossSiteScripting PostNuke. rolphin (Jan 06)
Denial of Service flaw in Apache Tozz (Jan 06)
- Re: Denial of Service flaw in Apache Marc Slemko (Jan 07)
RE: Re : Fw: VERISIGN "PAYFLOW LINK" PAYMENT SERVICE SECURITY FAI LURE (#5947-000093-7546\939465) vps-support (Jan 06)
Inproper input validation in Bugzilla <=2.14 - exploit funkysh (Jan 07)
- <Possible follow-ups>
- Re: Inproper input validation in Bugzilla <=2.14 - exploit David Miller (Jan 10)
Cross Site Scripting in microsoft.com frog frog (Jan 07)
AOLserver 3.4.2 Unauthorized File Disclosure Vulnerability Tamer Sahin (Jan 07)
HP Secure OS Software for Linux security bulletins digest IT Resource Center (Jan 07)
- <Possible follow-ups>
- HP Secure OS Software for Linux security bulletins digest IT Resource Center (Jan 25)
Internet Explorer Javascript Modeless Popup Local Denial of Service Vulnerability Lance Hitchcock Jr . (Jan 07)
Linksys 'routers', SNMP issues Matthew S. Hallacy (Jan 07)
- Re: Linksys 'routers', SNMP issues John Duksta (Jan 07)
  - Re: Linksys 'routers', SNMP issues The Cyberiad (Jan 08)
- <Possible follow-ups>
- Re: Linksys 'routers', SNMP issues Ken . Williams (Jan 09)
Aftpd core dump vulnerability Nu Omega Tau (Jan 07)
- Re: Aftpd core dump vulnerability Neeko Oni (Jan 08)
- <Possible follow-ups>
- Re: Aftpd core dump vulnerability Nu Omega Tau (Jan 08)
[PTL-2002-01] Vulnerabilities in Oracle9iAS Web Cache Mark A. Rowe (PenTest) (Jan 07)
Faqmanager.cgi file read vulnerability Nu Omega Tau (Jan 07)
ICQ remote buffer overflow vulnerability Daniel Tan (Jan 07)
- Re: ICQ remote buffer overflow vulnerability Daniel Tan (Jan 07)
- Re: ICQ remote buffer overflow vulnerability elijah wright (Jan 08)
  - Re: ICQ remote buffer overflow vulnerability Daniel Tan (Jan 08)
  - Re: ICQ remote buffer overflow vulnerability 'ken'@FTU (Jan 08)
- Re: ICQ remote buffer overflow vulnerability Nick FitzGerald (Jan 08)
SuSE Security Announcement: mutt (SuSE-SA:2002:001) Roman Drahtmueller (Jan 07)
C2IT.com Cross Site Scripting Vulnerability security (Jan 07)
Network Queuing Environment (NQE) contains vulnerabilities SGI Security Coordinator (Jan 07)
[RHSA-2002:003-10] New mutt packages available to fix security problem bugzilla (Jan 07)
[CLA-2002:449] Conectiva Linux Security Announcement - mutt secure (Jan 07)
TSLSA-2002-0003 - mutt Trustix Secure Linux Advisor (Jan 07)
[RHSA-2002:002-10] Updated stunnel packages available. bugzilla (Jan 07)
[RHSA-2001:176-05] Updated exim packages fix security problem bugzilla (Jan 08)
KPMG-2002003: Bea Weblogic DOS-device Denial of Service Peter Gründl (Jan 08)
w00w00 on AIM Filter (Backdoors & SpyWare) Jordan Ritter (Jan 08)
- <Possible follow-ups>
- RE: w00w00 on AIM Filter (Backdoors & SpyWare) Tim Yardley (Jan 08)
svindel.net security advisory - web admin vulnerability in CacheOS Bjorn Djupvik (Jan 08)
Allaire Forums Vulnerability John Cantu (Jan 09)
CSS vulnerabilities in YaBB and UBB allow account hijack [Multiple Vendor] Obscure (Jan 09)
- LIDS Security Advisory 1 Huagang Xie (Jan 09)
- <Possible follow-ups>
- RE: CSS vulnerabilities in YaBB and UBB allow account hijack [Multiple Vendor] Obscure (Jan 10)
  - Re: CSS vulnerabilities in YaBB and UBB allow account hijack [Multiple Vendor] Andrew Clover (Jan 11)
[SECURITY] [DSA-098-1] two libgtop security problems Wichert Akkerman (Jan 09)
xchat IRC session hijacking vulnerability (versions 1.4.1, 1.4.2) zen-parse (Jan 09)
MDKSA-2002:001 - bind update Mandrake Linux Security Team (Jan 09)
[CLA-2002:450] Conectiva Linux Security Announcement - proftpd secure (Jan 09)
Paper: Unicode overflow technique Chris Anley (Jan 09)
xterm exploit in Unixware 7.0.1 jG gM (Jan 09)
Announcing a new DNS server implementation bugtraq (Jan 09)
- Re: Announcing a new DNS server implementation D. J. Bernstein (Jan 09)
[RHSA-2001:179-05] Updated namazu packages are available bugzilla (Jan 09)
- Details on the updated namazu packages that are available KF (Jan 10)
  - Re: Details on the updated namazu packages that are available NOKUBI Takatsugu (Jan 10)
CDE bug in Unixware 7.1 jG gM (Jan 09)
dtterm exploit in Unixware 7.1.1 jG gM (Jan 09)
MDKSA-2002:002 - mutt update Mandrake Linux Security Team (Jan 09)
Cisco Security Advisory: Multiple Vulnerabilities in Cisco SN 5420 Storage Router Cisco Systems Product Security Incident Response Team (Jan 09)
Security flaws in tinc Jerome Etienne (Jan 09)
HP-UX security bulletins digest IT Resource Center (Jan 09)
- <Possible follow-ups>
- HP-UX security bulletins digest IT Resource Center (Jan 25)
File Transversal Vulnerability in Dino's WebServer Franc Ruiz Arenas (Jan 09)
Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability Tamer Sahin (Jan 09)
FWD: Sun Microsystems, Inc. Security Bulletin Dave Ahmad (Jan 09)
BOOZT! Standard CGI Vulnerability : Exploit Released NIKEBOY (Jan 09)
myvoicestream.com vulnerability Trey Valenta (Jan 09)
- Re: myvoicestream.com vulnerability Scott Dier (Jan 09)
MiraMail 1.04 can give POP account access and details Chris Lathem (Jan 09)
UPNP Denial of Service Gabriel Maggiotti (Jan 09)
- Re: UPNP Denial of Service Patrick Chambet (Jan 10)
Security weaknesses of VTun Jerome Etienne (Jan 10)
[SA-2002:00] Slashcode login vulunerability Chris Nandor (Jan 10)
Snort core dumped Sinbad (Jan 10)
- Re: Snort core dumped KF (Jan 10)
- Re: Snort core dumped Martin Roesch (Jan 11)
Unixware 7.1.1 rpc.cmsd remote exploit code. jGgM . (Jan 10)
- Re: Unixware 7.1.1 rpc.cmsd remote exploit code. Dave Ahmad (Jan 10)
Cookie modification allows unauthenticated user login in Geeklog 1.3 Adrian Chung (Jan 10)
Handspring Visor D.O.S Jason Lutz (Jan 10)
- Re: Handspring Visor D.O.S Roger H. Goun (Jan 10)
  - Re: Handspring Visor D.O.S ark (Jan 10)
  - Re: Handspring Visor D.O.S Simon Dick (Jan 11)
- Re: Handspring Visor D.O.S Raistlin (Jan 11)
Legato Vulnerable Venkatesh babu Sira (Jan 10)
- Re: Legato Vulnerable Wolfgang Fischer (Jan 10)
Security Update: [CSSA-2002-SCO.1] OpenServer: wu-ftpd ftpglob() vulnerability security (Jan 10)
MDKSA-2001:095-1 - glibc update Mandrake Linux Security Team (Jan 10)
Shockwave Flash player issue Peter Santangeli (Jan 10)
autoresponder program could be tricked by spamers to send unsolicited mail to victim's address user (Jan 10)
address.com: email vulnerability wannabe anonymousplease (Jan 10)
- <Possible follow-ups>
- RE: address.com: email vulnerability Robert Ellis (Jan 12)
cgiaudit release information Derek Callaway (Jan 10)
Security Update: [CSSA-2001-039.0] Linux - IMP/HORDE cross site scripting vulnerability Support Info (Jan 11)
Announce: NGSSniff David Litchfield (Jan 11)
Kerberos 5 ftp client Core Dump Replugge [Rod] (Jan 11)
Re: autoresponder program could be tricked by spamers to send unsolicitedmail to victim's address (fwd) Rodent of Unusual Size (Jan 11)
Automated remote CGI vulnerability discovery Samy Kamkar (Jan 11)
Novell Netware Login "bypass" to execute programs Philip Wagenaar (Jan 11)
ASP Application Security: CDONTS.NEWMAIL David Litchfield (Jan 11)
Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability (Solution) Tamer Sahin (Jan 11)
Bug in alcatel speed touch home adsl modem Hacknisty (Jan 11)
cdrdao insecure filehandling Jens Steube (Jan 14)
- Re: cdrdao insecure filehandling Guillaume PELAT (Jan 15)
- Re: cdrdao insecure filehandling Anthony DeRobertis (Jan 15)
  - Re: cdrdao insecure filehandling martin f krafft (Jan 16)
    - Re: cdrdao insecure filehandling Luciano Miguel Ferreira Rocha (Jan 17)
    - Re: cdrdao insecure filehandling Pavel Kankovsky (Jan 21)
Eterm SGID utmp Buffer Overflow (Local) Charles 'core' Stevenson (Jan 14)
- Re: Eterm SGID utmp Buffer Overflow (Local) Michael Jennings (Jan 21)
Palm Desktop 4.0b76-77 for Mac OS X Victor Kruger (Jan 14)
[RHSA-2002:004-06] New groff packages available to fix security problems bugzilla (Jan 14)
- Message not available
  - Re: [RHSA-2002:004-06] New groff packages available to fix security problems Colin Watson (Jan 16)
Sudo version 1.6.4 now available (fwd) Jonas Eriksson (Jan 14)
CERT Advisory CA-2002-01 Exploitation of Vulnerability in CDE Subprocess CERT Advisory (Jan 14)
Siemens Mobie SMS Exceptional Character Vulnerability benjurry (Jan 14)
[SECURITY] [DSA-104-1] CIPE DoS attack Wichert Akkerman (Jan 14)
[SECURITY] [DSA 101-1] New sudo packages fix local root exploit Martin Schulze (Jan 14)
Internet Explorer Pop-Up OBJECT Tag Bug the Pull (Jan 14)
- Addendum Re: Internet Explorer Pop-Up OBJECT Tag Bug the Pull (Jan 16)
SuSE Security Announcement: sudo (SuSE-SA:2002:002) Sebastian Krahmer (Jan 14)
[SECURITY] [DSA 100-1] New gzip packages fix potential buffer overflow Martin Schulze (Jan 14)
PHP 4.x session spoofing Daniel Lorch (Jan 14)
- <Possible follow-ups>
- Re: FW: PHP 4.x session spoofing Gunzour (Jan 15)
[SECURITY] [DSA-103-1] glibc buffer overflow Wichert Akkerman (Jan 14)
Pi3Web Webserver v2.0 Buffer Overflow Vulnerability Tamer Sahin (Jan 14)
- <Possible follow-ups>
- Re: Pi3Web Webserver v2.0 Buffer Overflow Vulnerability Holger Zimmermann (Jan 21)
[ESA-20020114-003] Several local LIDS vulnerabilities EnGarde Secure Linux (Jan 14)
[SECURITY] [DSA 099-1] New XChat packages fix potential IRC session hijacking Martin Schulze (Jan 14)
IE Clipboard Stealing Vulnerability Tom Gilder (Jan 14)
- Re: IE Clipboard Stealing Vulnerability TAKAGI, Hiromitsu (Jan 15)
Web Server 4D/eCommerce 3.5.3 DoS Vulnerability Tamer Sahin (Jan 14)
[ESA-20020114-001] 'sudo' can invoke the system MTA as root EnGarde Secure Linux (Jan 14)
Web Server 4D/eCommerce 3.5.3 Directory Traversal Vulnerability Tamer Sahin (Jan 14)
MSIE may download and run programs automatically - details Jouko Pynnonen (Jan 14)
- MSIE 6.0 will rollback during XP Pro Install -- Ref: MSIE may download and run programs automatically - details Jeffrey W. Dronenburg (Jan 15)
[ESA-20020114-002] 'pine' URL handling vulnerability EnGarde Secure Linux (Jan 14)
File Extensions Spoofable in Windows Explorer Tom Micklovitch (Jan 15)
Internet Explorer SuperCookies bypass P3P and cookie controls Richard M. Smith (Jan 15)
ZBServer Pro DoS Vulnerability Tamer Sahin (Jan 15)
- <Possible follow-ups>
- Re: ZBServer Pro DoS Vulnerability Steven M. Christey (Jan 16)
Vulnerability Netgear RP-114 Router - nmap causes DOS Omkhar Arasaratnam (Jan 15)
- <Possible follow-ups>
- Re: Vulnerability Netgear RP-114 Router - nmap causes DOS Zoid (Jan 16)
Authorize.Net Plain Text Login Transmission Brian Gallagher (Jan 15)
- <Possible follow-ups>
- RE: Authorize.Net Plain Text Login Transmission Robert Brewer (Jan 16)
Clanlib overflow / Super Methane Brothers overflow KF (Jan 15)
[RHSA-2002:011-06] Updated sudo packages are available bugzilla (Jan 15)
Sambar Webserver v5.1 DoS Vulnerability Tamer Sahin (Jan 15)
FWD: IRIX nsd Vulnerability Dave Ahmad (Jan 15)
BlackMoon FTPd Buffer Overflow Vulnerability Strumpf Noir Society (Jan 15)
Update on the SuperCookie issue Richard M. Smith (Jan 15)
[CLA-2002:451] Conectiva Linux Security Announcement - sudo secure (Jan 15)
Serious privacy leak in Python for Windows Richard M. Smith (Jan 15)
- Re: Serious privacy leak in Python for Windows Alan Caulkins (Jan 16)
NMRC Advisory: OpenFile Win32 API Log Overwriting/Rewriting Information Anarchy 2K01 (Jan 15)
IE FORM DOS Ivan Sergio Borgonovo (Jan 16)
- <Possible follow-ups>
- Re: IE FORM DOS SkyLined (Jan 21)
[RHSA-2002:005-09] Updated xchat packages are available bugzilla (Jan 16)
[RHSA-2002:013-03] Updated sudo package is available bugzilla (Jan 16)
MDKSA-2002:003 - sudo update Mandrake Linux Security Team (Jan 16)
Sudo +Postfix Exploit Charles 'core' Stevenson (Jan 16)
Breakable Kevin L. Poulsen (Jan 16)
- <Possible follow-ups>
- RE: Breakable Jonathan A. Zdziarski (Jan 18)
  - RE: Breakable bugtraq () t-swat com (Jan 18)
    - RE: Breakable Jonathan A. Zdziarski (Jan 18)
    - Re: Breakable Pete Finnigan (Jan 21)
  - Re: Breakable uid0 (Jan 21)
- RE: Breakable Greg Williamson (Jan 23)
PHP-Nuke allows Command Execution & Much more Handle Nopman (Jan 16)
- <Possible follow-ups>
- Re: PHP-Nuke allows Command Execution & Much more truff (Jan 21)
- Re: PHP-Nuke allows Command Execution & Much more RoMaNSoFt (Jan 24)
NetBSD Security Advisory 2002-001 Close-on-exec, SUID and ptrace(2) NetBSD Security Officer (Jan 16)
Re: efax Wodahs Latigid (Jan 16)
- Re: efax H D Moore (Jan 16)
Chinput Buffer Overflow Vulnerability xperc (Jan 16)
[SECURITY] [DSA 102-1] New at packages fix heap corruption vulnerability Martin Schulze (Jan 16)
Cisco Security Advisory: Hardening of Solaris OS for MGC Cisco Systems Product Security Incident Response Team (Jan 16)
IRIX nsd vulnerability update SGI Security Coordinator (Jan 16)
SuSE Security Announcement: at (SuSE-SA:2002:003) Roman Drahtmueller (Jan 16)
'/usr/bin/at 31337 + vuln' problem + exploit zen-parse (Jan 17)
MDKSA-2002:004 - stunnel update Mandrake Linux Security Team (Jan 17)
Re: BOOZT! Standard CGI Vuln : fixed in 0.9.9 _kiss_ (Jan 17)
Avirt Proxy Buffer Overflow Vulnerabilities Strumpf Noir Society (Jan 17)
Avirt Gateway Suite Remote SYSTEM Level Compromise Strumpf Noir Society (Jan 17)
uucp --config patch -- not sufficient zen-parse (Jan 18)
- Re: uucp --config patch -- not sufficient Charles 'core' Stevenson (Jan 21)
  - Re: uucp --config patch -- not sufficient zen-parse (Jan 21)
Vulnerability in hellbent joetesta (Jan 18)
[CLA-2002:455] Conectiva Linux Security Announcement - MySQL secure (Jan 18)
MDKSA-2002:007 - at update Mandrake Linux Security Team (Jan 19)
USPS Online Bill Pay - Cleartext Password Leakage Matthew Dent (Jan 19)
- <Possible follow-ups>
- Re: USPS Online Bill Pay - Cleartext Password Leakage KF (Jan 22)
remote memory reading through tcp/icmp Andrew Griffiths (Jan 20)
- Re: remote memory reading through tcp/icmp Fyodor (Jan 21)
- RE: remote memory reading through tcp/icmp David LeBlanc (Jan 22)
- Re: remote memory reading through tcp/icmp Casper Dik (Jan 31)
- <Possible follow-ups>
- Re: remote memory reading through tcp/icmp Andi Kleen (Jan 22)
  - Re: remote memory reading through tcp/icmp (linux) Martin Mačok (Jan 22)
- RE: remote memory reading through tcp/icmp Michael Wojcik (Jan 22)
Maelstrom 1.4.3 abartity file overwrite Andrew Griffiths (Jan 20)
- Re: Maelstrom 1.4.3 abartity file overwrite Chris Gragsone (Jan 21)
Bounce vulnerability in SpoonFTP 1.1.0.1 Arne Vidstrom (Jan 20)
[resend] Avirt Gateway Telnet Vulnerability (and more?) Strumpf Noir Society (Jan 21)
[resend] Strumpf Noir Society on BadBlue Strumpf Noir Society (Jan 21)
KSSA-003 - Multiple windows file wiping utilities do not properly wipe data with NTFS Kurt Seifried (Jan 21)
Timbuktu 6.0.1 and Older DoS Advisory Tekno pHReak (Jan 21)
[SECURITY] [DSA-089-2] updated i386 icecast-server package Wichert Akkerman (Jan 21)
RE: [RHSA-2001:165-08] The uuxqt utility can be used to execute a rbitrary commands as uucp.uucp John . Airey (Jan 21)
[SECURITY] [DSA 102-2] New at packages really fix heap corruption vulnerability Martin Schulze (Jan 21)
sltrib.com, using nacorp.com's web forms are submitted insecurely, and are clearly promoted as being secure Jon Zobrist (Jan 21)
dnrd 2.10 dos Andrew Griffiths (Jan 21)
Cross-Site Vulnerabilities (Still) Found in Major Web Sites Watung Arif (Jan 21)
- <Possible follow-ups>
- Re: Cross-Site Vulnerabilities (Still) Found in Major Web Sites Andrew Wason (Jan 22)
Shoutcast server 1.8.3 win32 Brian Dittmer (Jan 21)
- Re: Shoutcast server 1.8.3 win32 ellipse (Jan 22)
- Re: Shoutcast server 1.8.3 win32 Austin Ensminger (Jan 23)
remote buffer overflow in sniffit g_463 (Jan 21)
- Re: remote buffer overflow in sniffit Edwin Groothuis (Jan 22)
  - Re: remote buffer overflow in sniffit Brad (Jan 22)
(Repost) CwpApi : GetRelativePath() returns invalid paths (security advisory) ACD Incorporated Support (Jan 22)
Unixware 7.1.1 scoadminreg.cgi local exploit jGgM . (Jan 22)
Re: Maelstrom file overwrite Andrew Griffiths (Jan 22)
Citrix NFuse 1.6 Tom . Lyne (Jan 22)
- <Possible follow-ups>
- RE: Citrix NFuse 1.6 Jeff Mills (Jan 22)
- RE: Citrix NFuse 1.6 steven.sporen (Jan 23)
Mozilla Cookie Exploit Marc Slemko (Jan 22)
[SECURITY] [DSA-105-1] enscript creates temporary files insecurely Wichert Akkerman (Jan 22)
security vulnerability in chuid Scott Parish (Jan 22)
psyBNC 2.3 Beta - encrypted text "spoofable" in others' irc terminal Brian Rea (Jan 22)
The "Lunch Break Hole" Frank Heyne (Jan 22)
- RE: The "Lunch Break Hole" David LeBlanc (Jan 28)
More information on alcatel speed touch home modem Hacknisty (Jan 22)
"Dec. 6: Oracle server vulnerable on Unix" Elan Hasson (Jan 22)
Macinosh IE file execuion vulerability Jass Seljamaa (Jan 22)
psyBNC2.3 Beta - encrypted text spoofable in others irc terminal psychoid (Jan 22)
CyberStop-Server-DoS-remote-attacks al3x hernandez (Jan 22)
[RHSA-2002:015-13] Updated at package available bugzilla (Jan 23)
Cgisecurity Paper #4: Header Based Exploitation: Web Statistical Software Threats zeno (Jan 23)
MDKSA-2002:008 - jmcce update Mandrake Linux Security Team (Jan 23)
[RHSA-2002:014-07] Updated OpenLDAP packages available bugzilla (Jan 23)
Re: USPS Online Bill Pay - Cleartext Password Leakage (resolved) Matthew Dent (Jan 23)
Re: D-Link DWL-1000AP can be compromised because of SNMP configuration Jim (Jan 23)
- Re: D-Link DWL-1000AP can be compromised because of SNMP configuration David (Jan 24)
Vulnerabilty in PaintBBS v1.2 John Bissell (Jan 23)
pldaniels - ripMime 1.2.6 and lower? KF (Jan 23)
[RHSA-2002:007-16] Updated 2.4 kernel available bugzilla (Jan 24)
squirrelmail bug appelast (Jan 24)
- <Possible follow-ups>
- Re: squirrelmail bug Konstantin Riabitsev (Jan 24)
- Re: squirrelmail bug Adam Herscher (Jan 24)
gnuchess buffer overflow vulnerabilty Bernhard Kuemel (Jan 24)
For European and Asian Knowledge Seekers Nathan Andrew Carter (Jan 24)
Plumtree Corporate Portal Cross-Site Scripting (Patch Available) Ed Moyle (Jan 24)
Re: Agoracgi v3.3e Cross Site Scripting Vulnerability Steve Kneizys (Jan 24)
- <Possible follow-ups>
- Re: Agoracgi v3.3e Cross Site Scripting Vulnerability Steve Kneizys (Jan 25)
Cross-Site Scripting Vuln... InterWN Labs (Jan 24)
ISSTW Security Advisory Tarantella Enterprise 3.11.903 Directory Index Disclosure Vulnerability advisory (Jan 24)
[NGSEC] Whitepaper Released: Polymorphic shellcodes vs. Application IDSs NGSEC Research Team (Jan 24)
Anonymous Mail Forwarding Vulnerabilities in FormMail 1.9 Ronald F. Guilmette (Jan 24)
CERT Advisory CA-2002-02 Buffer Overflow in AOL ICQ CERT Advisory (Jan 24)
Vulnerabilities in squirrelmail Tom McAdam (Jan 24)
BindView NetInventory NetRC hostcfg_ni password passed in clear t ext Barker, Brent (Jan 25)
Security Update: [CSSA-2001-SCO.35.2] REVISED: OpenServer: setcontext and sysi86 vulnerabilities security (Jan 25)
SuSE Security Announcement: rsync (SuSE-SA:2002:004) Sebastian Krahmer (Jan 25)
[CLA-2002:458] Conectiva Linux Security Announcement - rsync secure (Jan 25)
[ESA-20020125-004] rsync signed integer handling vulnerability EnGarde Secure Linux (Jan 25)
Potential RealPlayer 8 Vulnerability Dave Cotter (Jan 25)
Re: ISSTW Security Advisory Tarantella Enterprise 3.11.903 Directory Index Disclosure Vulnerability KF (Jan 25)
- Vulnerability report for Tarantella Enterprise 3. Larry W. Cashdollar (Jan 26)
Security Update: [CSSA-2002-SCO.2] Open UNIX, UnixWare 7: sort creates temporary files insecurely security (Jan 25)
RealPlayer Buffer Overflow [Sentinel Chicken Networks Security Advisory #01] tmorgan-security (Jan 25)
Identifying PGP Corporate Desktop 7.1 with PGPfire Personal Desktop Firewall Installed (no need to be enabled) on Microsoft Windows Based OSs Ofir Arkin (Jan 25)
[RHSA-2002:018-05] New rsync packages available bugzilla (Jan 25)
- rsync-2.5.2 has security fix (was: Re: [RHSA-2002:018-05] New rsync packages available) Jim Knoble (Jan 28)
Alteon ACEdirector signature/security bug Dave Plonka (Jan 25)
[SECURITY] [DSA-106-1] rsync remote exploit Wichert Akkerman (Jan 25)
TSLSA-2002-0025 - rsync Trustix Secure Linux Advisor (Jan 28)
[ Hackerslab bug_paper ] Xkas application vulnerability s96192 (Jan 28)
Intel WLAN Driver storing 128bit WEP-Key in plain text! dario luethi (Jan 28)
bru backup program Andrew Griffiths (Jan 28)
Sapgui 4.6D for Windows Falk Siemonsmeier (Jan 28)
- Re: Sapgui 4.6D for Windows Falk Siemonsmeier (Jan 28)
SECURITY.NNOV: stream3 Windows NT/2000 DoS (Q280446) 3APA3A (Jan 28)
Full path disclosure vulnerabilty in Sun's Web site J_Bourdeau (Jan 28)
[CLA-2002:459] Conectiva Linux Security Announcement - openldap secure (Jan 28)
user-mode-linux problems Andrew Griffiths (Jan 28)
- Re: user-mode-linux problems Ajax (Jan 31)
[ARL02-A01] Vulnerability in Hosting Controller Ahmet Sabri ALPER (Jan 28)
IRIX O2 video security issue SGI Security Coordinator (Jan 28)
MDKSA-2002:009 - rsync update Mandrake Linux Security Team (Jan 28)
SGI IRIX: Various shells create temporary files insecurely update SGI Security Coordinator (Jan 28)
MDKSA-2002:010 - enscript update Mandrake Linux Security Team (Jan 28)
[SUPERPETZ ADVISORY #001 - agora.cgi Secret Path Disclosure Vulnerability] superpetz (Jan 28)
Cisco Security Advisory: Cisco CatOS Telnet Buffer Vulnerability PSIRT (Product Security Incident Response Team) (Jan 29)
Xoops Private Message System Script injection Cabezon Aurélien (Jan 29)
Xoops SQL fragment disclosure and SQL injection vulnerability Cabezon Aurélien (Jan 29)
Re: sastcpd Buffer Overflow and Format String Vulnerabilities elliptic (Jan 29)
- <Possible follow-ups>
- sastcpd Buffer Overflow and Format String Vulnerabilities Wodahs Latigid (Jan 29)
  - Re: [VulnWatch] sastcpd Buffer Overflow and Format String Vulnerabilities William D. Colburn (aka Schlake) (Jan 29)
Xoops topics : One more time Cabezon Aurélien (Jan 29)
Vulnerabilities in EServ 2.97 Arne Vidstrom (Jan 29)
PhpSmsSend remote execute commands bug Indra Kusuma (Jan 29)
Long path exploit on NTFS hans . somers (Jan 30)
- RE: Long path exploit on NTFS Gavin Lowe (Jan 30)
- RE: Long path exploit on NTFS David LeBlanc (Jan 31)
- <Possible follow-ups>
- RE: Long path exploit on NTFS Leif Sawyer (Jan 30)
- RE: Long path exploit on NTFS Moorhouse, Walt P (Jan 31)
Compaq Tru64 patches for CERT VU#10277 Roberts Ross (Jan 30)
DoS bug on Tru64 Jason Johns - SAS(IT) (Jan 30)
- Re: DoS bug on Tru64 Dennis Jenkins (Jan 30)
- Re: DoS bug on Tru64 Matt Chapman (Jan 31)
- <Possible follow-ups>
- Re: DoS bug on Tru64 ellipse (Jan 30)
- RE: DoS bug on Tru64 Roberts Ross (Jan 30)
- Re: DoS bug on Tru64 Bob Dog (Jan 30)
  - Re: DoS bug on Tru64 Chris Adams (Jan 31)
- Re: DoS bug on Tru64 UCX Foe (Jan 31)
- Re: DoS bug on Tru64 Scott Brewster (Jan 31)
Betr.: Long path exploit on NTFS Remko Catersels (Jan 30)
[SECURITY] [DSA 107-1] New jgroff packages fix printf format problem Martin Schulze (Jan 30)
[RHSA-2002:018-10] New rsync packages available bugzilla (Jan 30)
[ WWWThreads, UBBThreads ] Security Hole in upload system Root Extractor (Jan 30)
sastcpd 8.0 'authprog' local root vulnerability rpc (Jan 30)
RE:Siemens Mobile Phone SMS Denial of Service Vulnerability benjurry (Jan 30)
Script for find domino's users Gabriel A. Maggiotti (Jan 31)
- <Possible follow-ups>
- Re: Script for find domino's users Simon Delicata (Jan 31)
tac_plus version F4.0.4.alpha on at least Solaris 8 sparc Kevin A. Nassery (Jan 31)
- Re: tac_plus version F4.0.4.alpha on at least Solaris 8 sparc ellipse (Jan 31)
- Re: tac_plus version F4.0.4.alpha on at least Solaris 8 sparc Jarno Huuskonen (Jan 31)
[CLA-2002:460] Conectiva Linux Security Announcement - pine secure (Jan 31)
New SQL Injection Whitepaper Chris Anley (Jan 31)
SPI Labs SQL Injection Whitepaper Available spi labs (Jan 31)
Microsoft Security Bulletin MS02-001 Microsoft (Jan 31)
Fairly serious vulnerability in vBulletin 2.2.0 HarryM (Jan 31)
- Re: Fairly serious vulnerability in vBulletin 2.2.0 Sam Sargeant (Jan 31)
msdtc on 3372 palante (Jan 31)
MDKSA-2002:011 - gzip update Mandrake Linux Security Team (Jan 31)
Semi-serious vulnerability in vBulletin 2.2.0 John Percival (Jan 31)
Possible privilege escalation with NDS for NT nobody (Jan 31)

Previous period

Next period