Bugtraq: by thread

Bugtraq: by thread

433 messages starting Jul 01 02 and ending Jul 31 02
Date index | Thread index | Author index

ftp.bitchx.org's ircii-pana-1.0c19.tar.gz is backdoored Hank Leininger (Jul 01)
Proof of Concept Code for OpenSSH gobbles (Jul 01)
KPMG-2002026: Jrun sourcecode Disclosure Peter Gründl (Jul 01)
PTL-2002-03 Betsie XSS Vuln Mark A. Rowe (PenTest) (Jul 01)
Revised OpenSSH Security Advisory Markus Friedl (Jul 01)
KPMG-2002028: Sitespring Server Denial of Service Peter Gründl (Jul 01)
CSS in blackboard Berend-Jan Wever (Jul 01)
Foundstone Advisory - Buffer Overflow in AnalogX Proxy (fwd) Dave Ahmad (Jul 01)
- NEC's socks5 (Re: Foundstone Advisory - Buffer Overflow in AnalogX Proxy (fwd)) 3APA3A (Jul 03)
- Re: Foundstone Advisory - Buffer Overflow in AnalogX Proxy (fwd) Kanatoko (Jul 26)
BufferOverflow in OmniHTTPd 2.09 Martin J. Muench (Jul 01)
[SECURITY] [DSA-135-1] buffer overflow / DoS in libapache-mod-ssl Robert van der Meulen (Jul 02)
[ESA-20020702-016] several vulnerabilities in the OpenSSH daemon EnGarde Secure Linux (Jul 02)
XSS in Slashcode gcsb (Jul 02)
- Re: XSS in Slashcode Jamie McCarthy (Jul 02)
BIND 9.2.1 patch, multiple RR's for singleton types. Tim Gladding (Jul 02)
- Re: BIND 9.2.1 patch, multiple RR's for singleton types. Jim Reid (Jul 02)
  - Re: BIND 9.2.1 patch, multiple RR's for singleton types. der Mouse (Jul 04)
  - Re: BIND 9.2.1 patch, multiple RR's for singleton types. Tim Gladding (Jul 05)
    - Sybase contact Aaron C. Newman (Jul 05)
    - Re: Sybase contact Ryan Russell (Jul 05)
Re: Remote DoS in AnlaogX SimpleServer:www 1.16 Auriemma Luigi (Jul 02)
PHPAuction bug ethx (Jul 02)
[CLA-2002:504] Conectiva Linux Security Announcement - apache secure (Jul 02)
CommuniGate Pro directory listings c0rrect0r (Jul 02)
- Re: CommuniGate Pro directory listings tfm (Jul 03)
Security Advisory: Cisco Secure ACS Unix Acme.server Information Disclosure Vulnerability Cisco Systems Product Security Incident Response Team (Jul 02)
Falsifying a VeriSign Seal (Japan) Noam Rathaus (Jul 02)
[ESA-20020702-017] off-by-one in mod_ssl's configuration directive handling EnGarde Secure Linux (Jul 02)
Noguska Nola 1.1.1 [ Intranet Business Management Software ] sindhi (Jul 02)
SuSE Security Announcement: openssh (SuSE-SA:2002:024) Roman Drahtmueller (Jul 02)
CORE-20020620: Inktomi Traffic Server Buffer Overflow Iván Arce (Jul 03)
Three problems in OpenSSH's ssh-keysign Charles Hannum (Jul 03)
- Re: Three problems in OpenSSH's ssh-keysign Theo de Raadt (Jul 03)
Security Update: [CSSA-2002-SCO.31] UnixWare 7.1.1 Open UNIX 8.0.0 : Apache Web Server Chunk Handling Vulnerability / mod_ssl off-by-one error security (Jul 03)
MDKSA-2002:040-1 - openssh update Mandrake Linux Security Team (Jul 03)
Security Update: [CSSA-2002-SCO.32] OpenServer 5.0.5 OpenServer 5.0.6 : Apache Web Server Chunk Handling Vulnerability / mod_ssl off-by-one error security (Jul 03)
Remotely Exploitable Buffer Overruns in Microsoft's Commerce Server 2000/2 (#NISRNISR03062002) NGSSoftware Insight Security Research (Jul 03)
SunPCi II VNC weak authentication scheme vulnerability Richard van den Berg (Jul 03)
UT DDoS risk bugtest (Jul 03)
Argosoft Mail Server Plus/Pro Webmail Reverse Directory Traversal nfinity (Jul 03)
[Global InterSec 2002062801] OpenSSH challenge-response buffer overflow (Update) Global InterSec Research (Jul 03)
Squid Security Update Advisory 2002:3 Henrik Nordstrom (Jul 03)
[RHSA-2002:051-16] New Squid packages available bugzilla (Jul 04)
[OpenPKG-SA-2002.006] OpenPKG Security Advisory (bind) OpenPKG (Jul 04)
Re: Acrobat reader 5.05 temp file insecurity Paul Szabo (Jul 04)
- <Possible follow-ups>
- Re: Acrobat reader 5.05 temp file insecurity secfocus (Jul 25)
nn remote format string vulnerability zillion (Jul 04)
Re: UT DDoS risk (possible solution) Auriemma Luigi (Jul 04)
MDKSA-2002:041 - kernel 2.2 and 2.4 updates Mandrake Linux Security Team (Jul 04)
Re: Remote buffer overflow in resolver code of libc D. J. Bernstein (Jul 04)
- Re: Remote buffer overflow in resolver code of libc Florian Weimer (Jul 04)
[CLA-2002:505] Conectiva Linux Security Announcement - ethereal secure (Jul 04)
UnBodyGuard a.k.a Bouncer (Solaris kernel function hijacking) (fwd) noir sin (Jul 04)
- Re: UnBodyGuard a.k.a Bouncer (Solaris kernel function hijacking) (fwd) Dave Aitel (Jul 05)
  - Re: UnBodyGuard a.k.a Bouncer (Solaris kernel function hijacking) (fwd) noir sin (Jul 06)
    - Re: UnBodyGuard a.k.a Bouncer (Solaris kernel function hijacking) (fwd) noir sin (Jul 07)
    - Re: UnBodyGuard a.k.a Bouncer (Solaris kernel function hijacking) (fwd) Dave Aitel (Jul 08)
Worldspan DoS altomo (Jul 04)
MDKSA-2002:042 - LPRng updates Mandrake Linux Security Team (Jul 05)
UT (and other game-servers) DDOS Tom (Jul 05)
[CLA-2002:506] Conectiva Linux Security Announcement - squid secure (Jul 05)
remote winamp 2.x exploit (all current versions) 2c79cbe14ac7d0b8472d3f129fa1df (Jul 05)
LOCAL ROOT EXPLOIT - SUPPORT FULL-DISCLOSURE - LOCAL ROOT EXPLOIT kanix THE HACKER (Jul 07)
- Re: LOCAL ROOT EXPLOIT - SUPPORT FULL-DISCLOSURE - LOCAL ROOT EXPLOIT Olaf Kirch (Jul 08)
- Re: LOCAL ROOT EXPLOIT - SUPPORT FULL-DISCLOSURE - LOCAL ROOT EXPLOIT KF (Jul 08)
- Re: LOCAL ROOT EXPLOIT - SUPPORT FULL-DISCLOSURE - LOCAL ROOT EXPLOIT kanix (Jul 09)
sparc exploit for known solaris 8 kcms_configure overflow Adam Slattery (Jul 07)
MacOS X SoftwareUpdate Vulnerability Russell Harding (Jul 08)
- Re: MacOS X SoftwareUpdate Vulnerability Julian Suschlik (Jul 08)
  - Re: MacOS X SoftwareUpdate Vulnerability Kurt Seifried (Jul 08)
  - Re: MacOS X SoftwareUpdate Vulnerability Corey J. Steele (Jul 12)
    - Re: MacOS X SoftwareUpdate Vulnerability gabriel rosenkoetter (Jul 12)
- <Possible follow-ups>
- RE: MacOS X SoftwareUpdate Vulnerability jaehnel (Jul 13)
- RE: MacOS X SoftwareUpdate Vulnerability Hundley, Gordon - Princeton (Jul 15)
KPMG-2002029: Bea Weblogic Performance Pack Denial of Service Peter Gründl (Jul 08)
New Paper: Microsoft SQL Server Passwords NGSSoftware Insight Security Research (Jul 08)
- RE: New Paper: Microsoft SQL Server Passwords John Tolmachofft (Jul 16)
- <Possible follow-ups>
- RE: New Paper: Microsoft SQL Server Passwords Toni Lassila (Jul 10)
  - RE: New Paper: Microsoft SQL Server Passwords Pauli Porkka (Jul 11)
Technical Details of BadBlue EXT.DLL Vulnerability Matthew Murphy (Jul 08)
KF Web Server version 1.0.2 shows file and directory content Securiteinfo . com (Jul 08)
Linux kernels DoSable by file-max limit Paul Starzetz (Jul 08)
- Re: Linux kernels DoSable by file-max limit Kurt Seifried (Jul 08)
  - Re: Linux kernels DoSable by file-max limit Aleksander Adamowski (Jul 09)
  - Re: Linux kernels DoSable by file-max limit Paul Starzetz (Jul 09)
  - Re: Linux kernels DoSable by file-max limit Michal Zalewski (Jul 10)
    - Re: Linux kernels DoSable by file-max limit Jim Breton (Jul 10)
- Re: Linux kernels DoSable by file-max limit Andrea Arcangeli (Jul 11)
- <Possible follow-ups>
- Re: Linux kernels DoSable by file-max limit elv (Jul 10)
BadBlue 1.73 EXT.DLL XSS Variant Matthew Murphy (Jul 08)
Technical Details of Urlcount.cgi Vulnerability Matthew Murphy (Jul 08)
Foundstone Advisory - Buffer Overflow in MyWebServer (fwd) Dave Ahmad (Jul 08)
Sun iPlanet Web Server Buffer Overflow (#NISR09072002) NGSSoftware Insight Security Research (Jul 09)
KPMG-2002030: Watchguard Firebox Dynamic VPN Configuration Protocol DoS Peter Gründl (Jul 09)
SuSE Security Announcement: squid (SuSE-SA:2002:025) Roman Drahtmueller (Jul 09)
Exploit for previously reported DoS issues in Shambala Server 4.5 Daniel Nyström (Jul 09)
ALERT: Working Resources BadBlue #2 (DoS, Heap Overflow) Matthew Murphy (Jul 09)
iPlanet Remote File Viewing turambar386 (Jul 09)
- <Possible follow-ups>
- Re: iPlanet Remote File Viewing hubbelyo (Jul 10)
wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting Matt Moore (Jul 10)
wp-02-0008: Apache Tomcat Cross Site Scripting Matt Moore (Jul 10)
wp-02-0012: Carello 1.3 Remote File Execution Matt Moore (Jul 10)
IE allows universal Cross Domain Scripting (TL#003) Thor Larholm (Jul 10)
- Multiple Security Vulnerabilities in Sharp Zaurus SURUAZ (Jul 10)
  - Re: Multiple Security Vulnerabilities in Sharp Zaurus Stephen Harris (Jul 11)
  - Re: Multiple Security Vulnerabilities in Sharp Zaurus Jordan K Wiens (Jul 11)
RE: XSS Hole in Fluid Dynamics Search engine Zoltan Milosevic (Jul 10)
- <Possible follow-ups>
- XSS Hole in Fluid Dynamics search Engine VALDEUX (Jul 10)
SuSE Security Announcement: Resolver (SuSE-SA:2002:026) Olaf Kirch (Jul 10)
EEYE: Remote PGP Outlook Encryption Plug-in Vulnerability Marc Maiffret (Jul 11)
Cisco VPN3000 gateway MTU overflow porte10 (Jul 11)
- Re: Cisco VPN3000 gateway MTU overflow Steve McIlwain (Jul 12)
- <Possible follow-ups>
- Re: Cisco VPN3000 gateway MTU overflow Pete Davis (Jul 15)
[CORE-20020528] Multiple vulnerabilities in ToolTalk Database server Iván Arce (Jul 11)
Re: XSS in ht://Dig Geoff Hutchison (Jul 11)
Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002) NGSSoftware Insight Security Research (Jul 11)
- <Possible follow-ups>
- RE: Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002) Hall, Philip (Jul 12)
  - RE: Microsoft SQL Server 2000 'BULK INSERT' Buffer Overflow (#NISR11072002) Aaron C. Newman (Jul 12)
Portcullis Security Advisory - Directory Traversal Vulnerability in SunPS iRunbook 2.5.2 JWC (Jul 11)
SQL Server 7 & 2000 Installation process and Service Packs write encoded passwords to a file c c (Jul 11)
CERT Advisory CA-2002-20 Multiple Vulnerabilities in CDE ToolTalk CERT Advisory (Jul 11)
Tiny Software and Sygate contact Jonas Koch (Jul 11)
- Re: Tiny Software and Sygate contact Paul Schmehl (Jul 12)
- <Possible follow-ups>
- RE: Tiny Software and Sygate contact Seth Knox (Jul 12)
SQL Server passwords David Litchfield (Jul 11)
- <Possible follow-ups>
- SQL Server passwords patrik . karlsson (Jul 12)
Lil'HTTP Pbcgi.cgi XSS Vulnerability Matthew Murphy (Jul 11)
Exploit: TL003/Dot Bug = Reading Non-Parsable Files Matthew Murphy (Jul 11)
Security Update: [CSSA-2002-SCO.28] UnixWare 7.1.1 Open UNIX 8.0.0 : rpc.ttdbserverd file creation and deletion vulnerabilities security (Jul 12)
[CLA-2002:507] Conectiva Linux Security Announcement - Resolver libraries secure (Jul 12)
RE: Multiple Security Vulnerabilities in Sharp Zaurus Moorhouse, Walt P (Jul 12)
IRIX DNS resolver vulnerability SGI Security Coordinator (Jul 12)
ZyXEL Prestige Router Remote Node Filtering Vulnerability still present Bernardo Pons (Jul 12)
- Re: ZyXEL Prestige Router Remote Node Filtering Vulnerability still present Daniel Roethlisberger (Jul 12)
Popcorn vulnerabilities bugtest (Jul 12)
[SPSadvisory#48]RealONE Player Gold / RealJukebox2 Buffer Overflow webmaster (Jul 12)
Several problems in CARE 2002 avart (Jul 12)
[SPSadvisory#47]RealONE Player Gold / RealJukebox2 skin file download vulnerability webmaster (Jul 12)
Portcullis Security Advisory - IIS Microsoft SMTP Service Encapsu lated SMTP Address Vulnerability JWC (Jul 12)
Vulnerability found: The Adobe eBook Library Vladimir Katalov (Jul 12)
Multiple vulnerabilities in atphttpd-0.4b qitest1 (Jul 12)
- <Possible follow-ups>
- Re: Multiple vulnerabilities in atphttpd-0.4b badc0ded (Jul 15)
MFC ISAPI Framework Buffer Overflow Matthew Murphy (Jul 12)
- <Possible follow-ups>
- Re: MFC ISAPI Framework Buffer Overflow Chris Wysopal (Jul 13)
@stake Advisory: Multiple Vulnerabilities with Pingtel xpressa SIP Phones @stake advisories (Jul 12)
FreeBSD Security Advisory FreeBSD-SA-02:29.tcpdump FreeBSD Security Advisories (Jul 12)
5 bugs D4rkGr3y (Jul 12)
- Re: [VulnWatch] 5 bugs Kurt Seifried (Jul 15)
  - Re: [VulnWatch] 5 bugs Simon Hausmann (Jul 15)
FreeBSD Security Advisory FreeBSD-SA-02:30.ktrace FreeBSD Security Advisories (Jul 12)
Re: Cisco VPN3000 MTU overflow (fragmentation issue) porte10 (Jul 12)
The answer to the PIX encryption issue Damir Rajnovic (Jul 12)
Three BadBlue Vulnerabilities Matthew Murphy (Jul 13)
MFC Overflow Test Code Matthew Murphy (Jul 13)
Hosting Controller Vulnerability Ben M (Jul 13)
- <Possible follow-ups>
- Re: Hosting Controller Vulnerability Muhammad Faisal Rauf Danka (Jul 15)
- Re: Hosting Controller Vulnerability James Griffin (Jul 15)
- Re: Hosting Controller Vulnerability Ben M (Jul 15)
SGI Apache Web Server Chunk Handling vulnerability SGI Security Coordinator (Jul 13)
Double Choco Latte multiple vulnerabilities Ulf Harnhammar (Jul 14)
pwc.20020630.nims_3.0.3_imapd.a patrik . karlsson (Jul 15)
pwc.20020630.nims_modweb.b patrik . karlsson (Jul 15)
TSLSA-2002-0062 - squid Trustix Secure Linux Advisor (Jul 15)
TSLSA-2002-0061 - bind Trustix Secure Linux Advisor (Jul 15)
Tivoli TMF ManagedNode Buffer Overflow Mark A. Rowe (PenTest) (Jul 15)
Tivoli TMF Endpoint Buffer Overflow Mark A. Rowe (PenTest) (Jul 15)
@stake Advisory: Norton Personal Internet Firewall HTTP Proxy Vulnerability advisories (Jul 15)
Remote ICQ Sound Desactivation xLaNT (Jul 15)
- Re: Remote ICQ Sound Desactivation Knud Erik Højgaard (Jul 15)
  - Re: Remote ICQ Sound Desactivation Adam [wp-ckkl] (Jul 16)
Again NULL and addslashes() (now in 123tkshop) avart (Jul 15)
FreeBSD Security Advisory FreeBSD-SA-02:31.openssh FreeBSD Security Advisories (Jul 15)
Security Update: [CSSA-2002-SCO.34] OpenServer 5.0.5 OpenServer 5.0.6 : uux status file name buffer overflow security (Jul 16)
Security Update: [CSSA-2002-SCO.33] OpenServer 5.0.5 OpenServer 5.0.6 : timed does not enforce nulls security (Jul 16)
AIM forced behavior "issue" orb (Jul 16)
- Re: AIM forced behavior "issue" Knud Erik Højgaard (Jul 16)
  - Re: AIM forced behavior "issue" Re:ICQ and MSIE allow execution of arbitrary code Bojidar Alexandrov (Jul 18)
Error in MS mail handler - noncritical but a problem Fred Cohen (Jul 16)
Sniffable Switch Project alaric (Jul 16)
- Re: Sniffable Switch Project Cedric Blancher (Jul 16)
  - Re: Sniffable Switch Project martin f krafft (Jul 17)
    - Re: Sniffable Switch Project martin f krafft (Jul 18)
- Re: Sniffable Switch Project Frédéric Raynal (Jul 16)
Outpost24 Advisory: Oddsock PlaylistGenerator Multiple BufferOverlow vulnerability Lucas Lundgren (Jul 16)
MDKSA-2002:043 - bind update Mandrake Linux Security Team (Jul 16)
ICQ and MSIE allow execution of arbitrary code Jelmer (Jul 16)
- Re: ICQ and MSIE allow execution of arbitrary code Stan Bubrouski (Jul 19)
- <Possible follow-ups>
- Re: ICQ and MSIE allow execution of arbitrary code Jelmer (Jul 19)
Security Update: [CSSA-2002-031.0] Linux: mod_ssl off-by-one error security (Jul 16)
[RHSA-2002:134-12] Updated mod_ssl packages available bugzilla (Jul 17)
KPMG-2002031: Jigsaw Webserver Path Disclosure Peter Gründl (Jul 17)
KPMG-2002032: Macromedia Sitespring Cross Site Scripting Peter Gründl (Jul 17)
KPMG-2002033: Resin DOS device path disclosure Peter Gründl (Jul 17)
- <Possible follow-ups>
- Re: KPMG-2002033: Resin DOS device path disclosure security-protocols (Jul 18)
Exploit for a security hole in the pickle module for Python versions <= 2.1.x Jeff Epler (Jul 17)
Re:[VulnWatch] wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting xile (Jul 17)
- Re: [VulnWatch] wp-02-0001: GoAhead Web Server Directory Traversal + Cross Site Scripting Matt Moore (Jul 19)
Wiki module postnuke Cross Site Scripting Vulnerability Pistone (Jul 17)
KPMG-2002034: Jigsaw Webserver DOS device DoS Peter Gründl (Jul 17)
MDKSA-2002:044 - squid update Mandrake Linux Security Team (Jul 17)
Administrivia: Symantec acquiring SecurityFocus aleph1 (Jul 17)
wwwoffle-2.7b and prior segfaults with negative Content-Length value qitest1 (Jul 18)
MERCUR Mailserver advisory/remote exploit 2c79cbe14ac7d0b8472d3f129fa1df (Jul 18)
[CLA-2002:512] Conectiva Linux Security Announcement - libpng secure (Jul 18)
Trend Micro Officescan Denial of Service Marc Ruef (Jul 18)
Java webstart also allows execution of arbitrary code Jelmer (Jul 18)
Fwd: non-disclosed info in Outlook can lead to potential serious Social Attack. Intel Nop (Jul 18)
- Forged FROM addresses/non-disclosed info in Outlook can lead to potential serious Social Attack David Walker (Jul 23)
  - Re: Forged FROM addresses/non-disclosed info in Outlook can lead to potential serious Social Attack Andrew Church (Jul 23)
  - Re: Forged FROM addresses/non-disclosed info in Outlook can lead to potential serious Social Attack Neil W Rickert (Jul 23)
[AP] Oracle Reports Server Information Disclosure Vulnerability skp (Jul 18)
asciiSECURE advisory (2002-07-17/1) lumpy (Jul 18)
WINAMP also allows execution of arbitrary code (probably a lot more programs aswell) Jelmer (Jul 18)
Geeklog XSS and CRLF Injection Ulf Harnhammar (Jul 19)
Linux kernel setgid implementation flaw FozZy (Jul 19)
- Re: Linux kernel setgid implementation flaw FozZy (Jul 19)
  - Re: Linux kernel setgid implementation flaw Wietse Venema (Jul 19)
    - Re: Linux kernel setgid implementation flaw FozZy (Jul 19)
Norton AV 2002 rewriting SMTP, breaking TLS Dale Clapperton (lists) (Jul 19)
- RE: Norton AV 2002 rewriting SMTP, breaking TLS Russell Mann (Jul 19)
- <Possible follow-ups>
- RE: Norton AV 2002 rewriting SMTP, breaking TLS Owen, Greg (Jul 19)
  - Re: Norton AV 2002 rewriting SMTP, breaking TLS Adam Shostack (Jul 22)
Domain password logon authentication bug in Windows 2000 Advanced Server Domain Controller Ron Ray (Jul 19)
- Re: Domain password logon authentication bug in Windows 2000 Advanced Server Domain Controller 3APA3A (Jul 19)
tru64 proof of concept /bin/su non-exec bypass phased (Jul 19)
BadBlue 302 Status Message XSS Matthew Murphy (Jul 20)
ANNOUNCING: Debian GNU/Linux 3.0 martin f krafft (Jul 20)
AIM Exploit!! tuna (Jul 20)
- Re: AIM Exploit!! john smith (Jul 20)
Re: AIM forced behavior "issue" Re:ICQ and MSIE allow execution of arbitrary code rwertenb (Jul 20)
BadBlue - Unauthorized Administrative Command Execution Matthew Murphy (Jul 20)
- Re: BadBlue - Unauthorized Administrative Command Execution ellipse (Jul 22)
PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 Marko Karppinen (Jul 22)
- [Admin/Spamassasin] Re: PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 Lupe Christoph (Jul 23)
  - Re: [Admin/Spamassasin] Re: PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 John Pettitt (Jul 23)
  - Re: [Admin/Spamassasin] Re: PHP Security Advisory: Vulnerability in PHP versions 4.2.0 and 4.2.1 Steven Champeon (Jul 24)
Advisory 02/2002: PHP remote vulnerability e-matters Security (Jul 22)
Vulnerability found: Adobe Acrobat eBook Reader and Content Server Vladimir Katalov (Jul 22)
Pyramid BenHur Firewall active FTP portfilter ruleset results in a firewall leak Dr. Peter Bieringer (Jul 22)
PHP Resource Exhaustion Denial of Service Matthew Murphy (Jul 22)
- RE: PHP Resource Exhaustion Denial of Service Russ Garrett (Jul 23)
- Re: PHP Resource Exhaustion Denial of Service vjt (Jul 23)
Pablo Sofware Solutions FTP server Directory Traversal Vulnerability Securiteinfo . com (Jul 22)
Security Update: [CSSA-2002-SCO.35] OpenServer 5.0.5 OpenServer 5.0.6 : crontab format string vulnerability security (Jul 22)
Nanog traceroute format string exploit. SpaceWalker (Jul 22)
- Re: Nanog traceroute format string exploit. Ryan Mansager (Jul 23)
- Re: Nanog traceroute format string exploit. Olaf Kirch (Jul 24)
SSH Protocol Trick auto458545 (Jul 23)
- Re: SSH Protocol Trick H D Moore (Jul 23)
- Re: SSH Protocol Trick stealth (Jul 23)
  - Message not available
    - Re: SSH Protocol Trick stealth (Jul 23)
- Re: SSH Protocol Trick Mikael Olsson (Jul 23)
- Re: SSH Protocol Trick Markus Friedl (Jul 25)
CERT Advisory CA-2002-21 Vulnerability in PHP CERT Advisory (Jul 23)
Announcement: injectso-0.2 Shaun Clowes (Jul 23)
- <Possible follow-ups>
- Re: Announcement: injectso-0.2 Barton Miller (Jul 26)
MailMax security advisory/exploit/patch 2c79cbe14ac7d0b8472d3f129fa1df (Jul 23)
Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta Kyuzo (Jul 23)
- Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta Andrea Lisci (Jul 24)
PHRACK 59 OFFICIAL RELEASE Phrack Staff (Jul 23)
Pressing CTRL in IE is dangerous - Sandblad advisory #8 Andreas Sandblad (Jul 23)
- RE: Pressing CTRL in IE is dangerous - Sandblad advisory #8 GreyMagic Software (Jul 24)
- Re: Pressing CTRL in IE is dangerous - Sandblad advisory #8 Peter Pentchev (Jul 24)
- <Possible follow-ups>
- RE: Pressing CTRL in IE is dangerous - Sandblad advisory #8 Thor Larholm (Jul 24)
Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta kelli burkinshaw (Jul 23)
- <Possible follow-ups>
- Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta kelli burkinshaw (Jul 26)
  - RE: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta Burton M. Strauss III (Jul 26)
    - Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta Bela Lubkin (Jul 28)
    - Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta Bela Lubkin (Jul 28)
    - Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta Russell Harding (Jul 28)
    - Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta Bela Lubkin (Jul 28)
    - Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta Jim Paris (Jul 29)
- Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta VanDyke Technical Support (Jul 29)
- Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta VanDyke Technical Support (Jul 30)
How to reproduce PHP segfault. Joseph S. Testa II (Jul 24)
Denial of Service in ZyXEL prestige 642R w/ZyNOS v2.50(FA.1) 0x36 (Jul 24)
- Re: Denial of Service in ZyXEL prestige 642R w/ZyNOS v2.50(FA.1) bd (Jul 24)
REFRESH: EUDORA MAIL 5.1.1 http-equiv () excite com (Jul 24)
- Re: REFRESH: EUDORA MAIL 5.1.1 Doug Monroe (Jul 25)
  - UPDATE: Re: REFRESH: EUDORA MAIL 5.1.1 http-equiv () excite com (Jul 25)
    - Re: UPDATE: Re: REFRESH: EUDORA MAIL 5.1.1 Jeff Kell (Jul 25)
    - Re: UPDATE: Re: REFRESH: EUDORA MAIL 5.1.1 Nick FitzGerald (Jul 26)
    - Re: [Full-Disclosure] Re: UPDATE: Re: REFRESH: EUDORA MAIL 5.1.1 http-equiv () excite com (Jul 26)
Mozilla cookie stealing - Sandblad advisory #9 Andreas Sandblad (Jul 24)
VMware GSX Server Remote Buffer Overflow Mingyan Liu (Jul 24)
- <Possible follow-ups>
- Re: VMware GSX Server Remote Buffer Overflow Eric Horschman (Jul 26)
Cobalt Qube 3 Administration page pokley (Jul 24)
Cisco Security Advisory: Heap Overflow in Solaris cachefs Daemon Cisco Systems Product Security Incident Response Team (Jul 24)
cross-site scripting bug of Mailman office (Jul 24)
Icq 2001&2002 vulnerability Michael (Jul 24)
Potential remote root in CodeBlue log scanner Demi Sex God from Hell (Jul 24)
Denial of Service bug in Pine 4.44 Martin J. Muench (Jul 24)
VNC authentication weakness jepler (Jul 24)
- Re: VNC authentication weakness David Frascone (Jul 24)
  - Re: VNC authentication weakness Iván Arce (Jul 24)
- Re: VNC authentication weakness Jack Lloyd (Jul 25)
  - Re: VNC authentication weakness Constantin Kaplinsky (Jul 26)
- Re: VNC authentication weakness Andreas Beck (Jul 25)
  - Re: VNC authentication weakness David Wagner (Jul 26)
    - Re: VNC authentication weakness Mitch Adair (Jul 26)
    - Re: VNC authentication weakness Jose Nazario (Jul 26)
    - Re: VNC authentication weakness Ariel Waissbein (Jul 27)
- <Possible follow-ups>
- RE: VNC authentication weakness Andrew van der Stock (Jul 26)
- Re: VNC authentication weakness Kragen Sitaker (Jul 28)
  - Re: VNC authentication weakness Theo de Raadt (Jul 29)
    - Re: VNC authentication weakness Nate Lawson (Jul 29)
    - Re: VNC authentication weakness Mike Porter (Jul 31)
  - Re: VNC authentication weakness David Wagner (Jul 29)
    - Re: VNC authentication weakness David Malone (Jul 31)
[ESA-20020724-018] Buffer overflow in BIND4-derived resolver code. EnGarde Secure Linux (Jul 24)
Apple OSX and iDisk and Mail.app Randal L. Schwartz (Jul 24)
- Re: Apple OSX and iDisk and Mail.app Dale Southard (Jul 24)
  - Re: Apple OSX and iDisk and Mail.app Daryl Tester (Jul 26)
- Re: Apple OSX and iDisk and Mail.app osx_guru (Jul 24)
- <Possible follow-ups>
- Re: Apple OSX and iDisk and Mail.app spam_bucket (Jul 24)
  - Re: Apple OSX and iDisk and Mail.app Eric Hall (Jul 25)
Pegasus mail DoS Auriemma Luigi (Jul 24)
Interface promiscuity obscurity in Linux Ricardo Branco (Jul 24)
- Re: Interface promiscuity obscurity in Linux Paul Starzetz (Jul 25)
- Re: Interface promiscuity obscurity in Linux Glynn Clements (Jul 25)
- Re: Interface promiscuity obscurity in Linux Frédéric Raynal (Jul 25)
  - Re: Interface promiscuity obscurity in Linux Casper Dik (Jul 25)
    - Re: Interface promiscuity obscurity in Linux Jim Mellander (Jul 25)
- Re: Interface promiscuity obscurity in Linux Ademar de Souza Reis Jr. (Jul 25)
- <Possible follow-ups>
- Re: Interface promiscuity obscurity in Linux Rasmus Bøg Hansen (Jul 24)
  - Re: Interface promiscuity obscurity in Linux plattner (Jul 24)
    - Re: Interface promiscuity obscurity in Linux quentyn (Jul 25)
CacheFlow CacheOS Cross-site Scripting Vulnerability T.Suzuki (Jul 24)
Microsoft Security Bulletin MS02-036: Authentication Flaw in Microsoft Metadirectory Services Could Allow Privilege Elevation (Q317138) (fwd) Dave Ahmad (Jul 25)
Microsoft Security Bulletin MS02-039: Buffer Overruns in SQL Server 2000 Resolution Service Could Enable Code Execution (Q323875) (fwd) Dave Ahmad (Jul 25)
Microsoft Security Bulletin MS02-038: Cumulative Patch for SQL Server 2000 Service Pack 2 (Q316333) (fwd) Dave Ahmad (Jul 25)
Microsoft Security Bulletin MS02-032: 26 June 2002 Cumulative Patch for Windows Media Player (Q320920) (Version 2.0) (fwd) Dave Ahmad (Jul 25)
- Re: Microsoft Security Bulletin MS02-032: 26 June 2002 Cumulative Patch for Windows Media Player (Q320920) (Version 2.0) (fwd) Knud Erik Højgaard (Jul 25)
ISS Brief: Remote Buffer Overflow Vulnerability in Microsoft Exchange Server (fwd) Dave Ahmad (Jul 25)
Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002) NGSSoftware Insight Security Research (Jul 25)
ezContents multiple vulnerabilities Ulf Harnhammar (Jul 25)
Medium security hole affecting W3Mail Tim Brown (Jul 25)
Novell GroupWise 6.0.1 Support Pack 1 Bufferoverflow Marco van Berkum (Jul 25)
VU#197395 Microsoft IIS SMTP encapsulated e-mail address vulnerability - update TLR (Jul 25)
Uninets StatsPlus 1.25 script injection vulnerabilities BrainRawt . (Jul 25)
[RHSA-2002:139-10] Updated glibc packages fix vulnerabilities in resolver bugzilla (Jul 25)
PGP 7.04 Patch Modifies the Password Cache Setting Steve.Cohen (Jul 25)
- <Possible follow-ups>
- RE: PGP 7.04 Patch Modifies the Password Cache Setting Cohen, Steve (Jul 26)
26 June 2002 Cumulative Patch for Windows Media Player (Q320920) Szulc Roger (Jul 25)
- Re: 26 June 2002 Cumulative Patch for Windows Media Player (Q320920) David Beards (Jul 26)
- <Possible follow-ups>
- RE: 26 June 2002 Cumulative Patch for Windows Media Player (Q320920) Coffin, Chris (Jul 26)
KaZaa v1.7.1 Denial of Service Attack josh (Jul 25)
SQL Server 2000 Buffer Overflows and SQL Inyection vulnerabilities. c c (Jul 26)
IPSwitch IMail ADVISORY/EXPLOIT/PATCH 2c79cbe14ac7d0b8472d3f129fa1df (Jul 26)
SECURITY.NNOV: multiple vulnerabilities in JanaServer 3APA3A (Jul 26)
0815 ++ */ SEH_Web kim0 (Jul 27)
Phenoelit Advisory, 0815 ++ * - Cisco_tftp kim0 (Jul 27)
- Re: Phenoelit Advisory, 0815 ++ * - Cisco_tftp Mike Caudill (Jul 28)
Phenoelit Advisory 0815 ++ /+ HP ProCurve kim0 (Jul 27)
Phenoelit Advisory #0815 +-- kim0 (Jul 27)
Phenoelit Advisory #0815 ++-+ dp_300 (DLINK) kim0 (Jul 27)
Phenoelit Advisory 0815 ++ -- Brick kim0 (Jul 27)
Phenoelit Advisory 0815 ++ // Xedia kim0 (Jul 27)
Phenoelit ADvisory 0815 ++ ** Ascend kim0 (Jul 27)
Phenoelit Advisory #0815 +-+ kim0 (Jul 27)
Easy Homepage Creator Vulnerability Arek Suroboyo (Jul 28)
phpBB/gender mod allows get admin privilege, exploit/patch langtuhaohoa caothuvolam (Jul 28)
phenoelit advisory, Brother Printers ++/- kim0 (Jul 28)
WHERE'S THE CA$H: Internet Explorer 6.00. Outlook Express 6.00 http-equiv () excite com (Jul 28)
Easy Guestbook Vulnerabilities Arek Suroboyo (Jul 28)
RAZOR advisory: Linux util-linux chfn local root vulnerability Michal Zalewski (Jul 29)
- Re: RAZOR advisory: Linux util-linux chfn local root vulnerability Andrew Pimlott (Jul 31)
  - Re: RAZOR advisory: Linux util-linux chfn local root vulnerability Michal Zalewski (Jul 30)
    - Re: RAZOR advisory: Linux util-linux chfn local root vulnerability Andrew Pimlott (Jul 30)
    - Re: RAZOR advisory: Linux util-linux chfn local root vulnerability Andreas Beck (Jul 31)
- Re: RAZOR advisory: Linux util-linux chfn local root vulnerability Szemkel (Jul 31)
HylaFAX - Various Vulnerabilities Fixed Lee Howard (Jul 29)
[RHSA-2002:132-14] Updated util-linux package fixes password locking race bugzilla (Jul 29)
XWT Foundation Advisory: Firewall circumvention possible with all browsers Adam Megacz (Jul 29)
- Re: XWT Foundation Advisory: Firewall circumvention possible with all browsers Peter Watkins (Jul 29)
- RE: XWT Foundation Advisory: Firewall circumvention possible with all browsers GreyMagic Software (Jul 30)
- <Possible follow-ups>
- RE: XWT Foundation Advisory: Firewall circumvention possible with all browsers Jason Coombs (Jul 30)
Hoax Exploit John Korsak (Jul 29)
- Re: Hoax Exploit Tom Fischer (Jul 30)
Abyss Web Server version 1.0.3 shows file and directory content Securiteinfo . com (Jul 29)
KDE 2/3 artsd 1.0.0 local root exploit kokane (Jul 29)
- Re: [VulnWatch] KDE 2/3 artsd 1.0.0 local root exploit H D Moore (Jul 29)
php dotProject by pass authentication pokleyzz (Jul 29)
Re: Eat gopher! JW Oh (Jul 29)
Fake Identd - Remote root exploit Jedi/Sector One (Jul 29)
MDKSA-2002:045 - mm update Mandrake Linux Security Team (Jul 29)
RE: XWT Foundation Advisory Microsoft Security Response Center (Jul 29)
- Re: XWT Foundation Advisory Peter Watkins (Jul 30)
- <Possible follow-ups>
- RE: XWT Foundation Advisory Thor Larholm (Jul 30)
  - Re: XWT Foundation Advisory Adam Megacz (Jul 30)
  - RE: XWT Foundation Advisory Jason Coombs (Jul 30)
Re: Hoax Exploit (2c79cbe14ac7d0b8472d3f129fa1df55 RETURNS) 2c79cbe14ac7d0b8472d3f129fa1df55 2c79cbe14ac7d0b8472d3f129fa1df55 (Jul 30)
[SECURITY] [DSA 137-1] New mm packages fix insecure temporary file creation Martin Schulze (Jul 30)
FreeBSD Security Advisory FreeBSD-SA-02:23.stdio [REVISED] FreeBSD Security Advisories (Jul 30)
[OpenPKG-SA-2002.008] OpenPKG Security Advisory (openssl) OpenPKG (Jul 30)
TSLSA-2002-0063 - openssl Trustix Secure Linux Advisor (Jul 30)
[ADVISORY]: Arbitrary file disclosure vulnerability in Sympoll 1.2 David Raeman (Jul 30)
IPSwitch IMail Advisory #2 2c79cbe14ac7d0b8472d3f129fa1df55 (Jul 30)
Windows mplay32 buffer overflow 'ken'@FTU (Jul 31)
TSLSA-2002-0064 - util-linux Trustix Secure Linux Advisor (Jul 31)
Code injection Vulnerability in endity.com's shoutBOX <-delusion-> (Jul 31)
MDKSA-2002:046 - openssl update Mandrake Linux Security Team (Jul 31)
Security Update: [CSSA-2002-032.0] Linux: temporary file races in libmm security (Jul 31)
GLSA: OpenSSL Daniel Ahlberg (Jul 31)
[SECURITY] [DSA-136-1] Multiple OpenSSL problems Wichert Akkerman (Jul 31)
[ESA-20020730-019] several vulnerabilities in the openssl library EnGarde Secure Linux (Jul 31)
Vulnerability: protected Adobe eBooks can be copied between computers info (Jul 31)
RE: warning Thor Larholm (Jul 31)
SuSE Security Announcement: openssl (SuSE-SA:2002:027) Roman Drahtmueller (Jul 31)
Bug in Eupload [Zero_Byte] (Jul 31)
Directory traversal vulnerability in sendform.cgi Steven M. Christey (Jul 31)
LinuxSecurity Magazine Online - First Edition Renato Murilo Langona (Jul 31)
[OpenPKG-SA-2002.007] OpenPKG Security Advisory (mm) OpenPKG (Jul 31)
It takes two to tango Richard M. Smith (Jul 31)
- Re: It takes two to tango Chris Paget (Jul 31)
  - Re: It takes two to tango Jose Nazario (Jul 31)
  - Re: It takes two to tango Stan Bubrouski (Jul 31)
- Re: It takes two to tango Mike Forrester (Jul 31)
OpenSSL patches for other versions Ben Laurie (Jul 31)
- Re: OpenSSL patches for other versions Ademar de Souza Reis Jr. (Jul 31)
Cisco Security Advisory: TFTP Long Filename Vulnerability Cisco Systems Product Security Incident Response Team (Jul 31)
OpenSSL Security Altert - Remote Buffer Overflows Ben Laurie (Jul 31)
[RHSA-2002:155-11] Updated openssl packages fix remote vulnerabilities bugzilla (Jul 31)
FreeBSD Security Advisory FreeBSD-SA-02:32.pppd FreeBSD Security Advisories (Jul 31)
[RHSA-2002:153-07] Updated mm packages fix temporary file handling bugzilla (Jul 31)
The SUPER Bug gobbles (Jul 31)
Announcing: The Zardoz 'Security Digest' Archives Curator (Jul 31)
SuSE Security Announcement: mod_ssl, mm (SuSE-SA:2002:028) Roman Drahtmueller (Jul 31)
[CLA-2002:513] Conectiva Linux Security Announcement - openssl secure (Jul 31)
FW: Parachat DoS Vulnerability Matt Smith (Jul 31)
Security Update: [CSSA-2002-033.0] Linux: multiple vulnerabilities in openssl security (Jul 31)
Remote Buffer Overflow Vulnerability in Sun RPC Dave Ahmad (Jul 31)

Previous period

Next period