Bugtraq: by thread

Bugtraq: by thread

380 messages starting Jun 02 02 and ending Jun 29 02
Date index | Thread index | Author index

Re: Multiple vulnerabilities in QNX Kris Warkentin (Jun 02)
[SECURITY] [DSA-129-1] in.uucpd string truncation problem Michael Stone (Jun 03)
SECURITY.NNOV: Courier CPU exhaustion + bonus on imap-uw 3APA3A (Jun 03)
Mnews 1.22 PoC exploit zillion (Jun 03)
Self-Executing HTML: Internet Explorer 5.5 and 6.0 http-equiv () excite com (Jun 03)
[SECURITY] [DSA-130-1] memory allocation error in ethereal Michael Stone (Jun 03)
Re: Security Update: [CSSA-2002-SCO.23] Open UNIX 8.0.0 UnixWare 7.1.1 : ftpd allows data connection hijacking via PASV mode Tomasz Grabowski (Jun 03)
QNX badc0ded (Jun 03)
Re: wbbboard 1.1.1 registration _new_users_vulnerability_ Frank Wein (Jun 03)
BadBlue Web Server v1.7.0 Directory Contents Disclosure a b (Jun 03)
Re: 2 security problem Quantum SNAP server awacs () hawkeye ac (Jun 03)
Security Update: [CSSA-2002-024.0] Volution Manager: Directory Administrator password in cleartext security (Jun 03)
MIME::Tools Perl module and virus scanners David F. Skoll (Jun 04)
- Re: MIME::Tools Perl module and virus scanners Wietse Venema (Jun 04)
  - Re: MIME::Tools Perl module and virus scanners Kee Hinckley (Jun 07)
    - Re: MIME::Tools Perl module and virus scanners David F. Skoll (Jun 07)
- Re: MIME::Tools Perl module and virus scanners Bennett Todd (Jun 04)
- <Possible follow-ups>
- Re: MIME::Tools Perl module and virus scanners David F. Skoll (Jun 04)
  - Why black list based extension filtering won't work (Was: Re: MIME::Tools Perl module and virus scanners) Mikael Olsson (Jun 13)
[DER #11] - Remotey exploitable fmt string bug in squid david evlis reign (Jun 04)
Buffer overflow in MSIE gopher code Jouko Pynnonen (Jun 04)
sql injection in Logisense software Akatosh (Jun 04)
Entercept Ricochet Security Advisory: Solaris snmpdx Vulnerabilities Entercept Ricochet Team (Jun 04)
[RHSA-2002:097-08] Updated xchat packages fix /dns vulnerability bugzilla (Jun 04)
SHOUTcast 1.8.9 bufferoverflow eSDee (Jun 04)
[RHSA-2002:105-09] Updated bind packages fix denial of service attack bugzilla (Jun 04)
[RHSA-2002:083-22] Ghostscript command execution vulnerability bugzilla (Jun 04)
SRT Security Advisory (SRT2002-06-04-1711): SCO crontab zillion (Jun 04)
Sun Security Bulletin #00219 Sun Security Coordination Team (Jun 04)
CERT Advisory CA-2002-15 Denial-of-Service Vulnerability in ISC BIND 9 CERT Advisory (Jun 04)
IRIX rpc.passwd vulnerability SGI Security Coordinator (Jun 04)
- Re: IRIX rpc.passwd vulnerability Frank Bures (Jun 07)
- <Possible follow-ups>
- Re: IRIX rpc.passwd vulnerability David Foster (Jun 07)
SRT Security Advisory (SRT2002-06-04-1011): slurp zillion (Jun 04)
Re: More ELF Buggery silvio . cesare (Jun 05)
- <Possible follow-ups>
- Re: More ELF Buggery Rafal Wojtczuk (Jun 07)
- Re: More ELF Buggery pageexec (Jun 11)
solaris lpd thing ron1n . (Jun 05)
[CLA-2002:491] Conectiva Linux Security Announcement - tcpdump secure (Jun 05)
Security Update: [CSSA-2002-025.0] Linux: tcpdump AFS RPC and NFS packet vulnerabilities security (Jun 05)
Three possible DoS attacks against some IOS versions. Andrew Vladimirov (Jun 05)
- Re: Three possible DoS attacks against some IOS versions. Sharad Ahlawat (Jun 07)
  - Re: Three possible DoS attacks against some IOS versions. Felix Lindner (Jun 11)
    - Re: Three possible DoS attacks against some IOS versions. Sharad Ahlawat (Jun 12)
- <Possible follow-ups>
- Re: Three possible DoS attacks against some IOS versions. Big Poop (Jun 10)
- Re: Three possible DoS attacks against some IOS versions. Shane Gibson (Jun 11)
Some vulnerabilities in the Telindus 11xx router series finelli (Jun 05)
[Bypassing JavaScript Filters - the Flash! Attack] Obscure (Jun 05)
CERT Advisory CA-2002-16 Multiple Vulnerabilities in Yahoo! Messenger CERT Advisory (Jun 05)
KPMG-2002019: BlackICE Agent not Firewalling After Standby Peter Gründl (Jun 06)
eDonkey 2000 ed2k: URL Buffer Overflow Shane Hird (Jun 06)
SuSE Security Announcement: bind9/bind9-beta (SuSE-SA:2002:021) Roman Drahtmueller (Jun 06)
[ARL02-A12] PHP(Reactor) Cross Site Scripting Vulnerability Ahmet Sabri ALPER (Jun 06)
Splatt Forum XSS MegaHz (Jun 06)
[CLA-2002:494] Conectiva Linux Security Announcement - bind secure (Jun 06)
Microsoft Internet Explorer 'Folder View for FTP sites' Script Execution vulnerability Eiji James Yoshida (Jun 06)
TSLSA-2002-0055 - tcpdump Trustix Secure Linux Advisor (Jun 06)
Format String bug in TrACESroute 6.0 GOLD DownBload (Jun 06)
- Re: Format String bug in TrACESroute 6.0 GOLD Olaf Kirch (Jun 07)
RE: Microsoft Internet Explorer 'Folder View for FTP sites' Scrip t Execution vulnerability Thor Larholm (Jun 06)
MediaMail vulnerability SGI Security Coordinator (Jun 06)
Possible problems with patch MS02_025 for Exchange 2000 Ken Brown (Jun 07)
CBMS: XSS and SQL Injection holes Ulf Harnhammar (Jun 07)
[ESA-20020607-013] Remote buffer overflow in imap daemon EnGarde Secure Linux (Jun 07)
@stake advisory: Multiple Red-M 1050 Blue Tooth Access Point Vulnerabilities Dave Ahmad (Jun 07)
Pine 4.44 Privacy Patch Roger Marquis (Jun 08)
[BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 Prior To 2.14.2, 2.16 Prior To 2.16rc2 David Miller (Jun 08)
Security holes in LokwaBB and W-Agora Frog Man (Jun 08)
- [LoWNOISE] ImageFolio Pro 2.2 ET LoWNOISE (Jun 10)
SeaNox Devwex - Denial of Service and Directory traversal Kistler Ueli (Jun 08)
[ARL02-A15] Multiple Security Issues in MyHelpdesk Ahmet Sabri ALPER (Jun 10)
remote DoS in Mozilla 1.0 Tom (Jun 10)
- Re: remote DoS in Mozilla 1.0 Stijn Jonker (Jun 11)
  - Re: remote DoS in Mozilla 1.0 Mikael Olsson (Jun 11)
  - Re: remote DoS in Mozilla 1.0 Tom (Jun 11)
    - Re: remote DoS in Mozilla 1.0 Andreas Beck (Jun 11)
    - Re: remote DoS in Mozilla 1.0 John C. Welch (Jun 11)
  - Re: remote DoS in Mozilla 1.0 Jakub Bogusz (Jun 11)
- Very large font size crashing X Font Server and Grounding Server to a Halt (was: remote DoS in Mozilla 1.0) Federico Sevilla III (Jun 13)
  - Re: Very large font size crashing X Font Server and Grounding Server to Alan Cox (Jun 13)
    - rlimits and non overcommit (was: Very large font size ...) Federico Sevilla III (Jun 13)
  - Re: Very large font size crashing X Font Server and Grounding Server to a Halt (was: remote DoS in Mozilla 1.0) rjh (Jun 13)
  - Re: Very large font size crashing X Font Server and Grounding Server to a Halt (was: remote DoS in Mozilla 1.0) Rob Mayoff (Jun 13)
  - Re: Very large font size crashing X Font Server and Grounding Server to a Halt (was: remote DoS in Mozilla 1.0) Matthew Wakeling (Jun 13)
- RE: remote DoS in Mozilla 1.0 Keith Warno (Jun 13)
  - Re: remote DoS in Mozilla 1.0 Tom (Jun 13)
- <Possible follow-ups>
- RE: remote DoS in Mozilla 1.0 Jon Keating (Jun 11)
- Re: Re: remote DoS in Mozilla 1.0 0xFF (Jun 11)
- RE: remote DoS in Mozilla 1.0 Jon Keating (Jun 14)
[ARL02-A14] ZenTrack System Information Path Disclosure Vulnerability Ahmet Sabri ALPER (Jun 10)
Re: VP-ASP shopping cart software. Virtual Programming (Jun 10)
Datalex BookIt! Consumer Password Vulnerabilities alias (Jun 10)
IRIX talkd vulnerability SGI Security Coordinator (Jun 10)
Xinet K-Talk Appletalk(tm) xkas vulnerability on IRIX SGI Security Coordinator (Jun 10)
[RHSA-2002:099-04] Updated mailman packages available bugzilla (Jun 10)
AlienForm2 CGI script: arbitrary file read/write Nick Cleaton (Jun 10)
Problem with IP reporting - Belkin Cable/DSL router M Freitas (Jun 10)
[RHSA-2002:100-03] Updated mailman packages available bugzilla (Jun 10)
Security Update: [CSSA-2002-SCO.24] Open UNIX 8.0.0 : BIND 9 Denial-of-Service vulnerability security (Jun 10)
[RHSA-2002:089-07] Relaxed LPRng job submission policy bugzilla (Jun 10)
[ARL02-A13] Multiple Security Issues in GeekLog Ahmet Sabri ALPER (Jun 10)
Broken PMTUD in FreeBSD? Phil Dibowitz (Jun 11)
- Re: Broken PMTUD in FreeBSD? Jean-Yves Lefort (Jun 11)
  - Re: Broken PMTUD in FreeBSD? Phil Dibowitz (Jun 12)
- Re: Broken PMTUD in FreeBSD? Mikael Olsson (Jun 11)
Security Update: [CSSA-2002-SCO.25] OpenServer 5.0.5 OpenServer 5.0.6 : snmpd denial-of-service vulnerabilities. security (Jun 11)
SCO Openserver Xsco heap overflow. KF (Jun 11)
RHmask Andrew Griffiths (Jun 11)
13 local PoC root exploit programs for Progress Database KF (Jun 11)
CGIscript.net - csNews.cgi - Multiple Vulnerabilities Steve Gustin (Jun 11)
Security Update: [CSSA-2002-026.0] Linux: ghostscript arbitrary command execution security (Jun 12)
SSI & CSS execution in MakeBook 2.2 DownBload (Jun 12)
- <Possible follow-ups>
- Re: SSI & CSS execution in MakeBook 2.2 DownBload (Jun 13)
- Re: SSI & CSS execution in MakeBook 2.2 Kristina Pfaff-Harris (Jun 13)
[CERT-intexxia] mmmail POP3-SMTP Daemon Format String Vulnerability Benoît Roussel (Jun 12)
Oracle Reports Server Buffer Overflow (#NISR12062002B) NGSSoftware Insight Security Research (Jun 12)
Oracle TNS Listener Buffer Overflow (#NISR12062002A) NGSSoftware Insight Security Research (Jun 12)
[CERT-intexxia] mmftpd FTP Daemon Format String Vulnerability Benoît Roussel (Jun 12)
madcr: QnX 4.25 - multiples bof in suid/no suid files Egor Egorov (Jun 12)
Remote Hole in IRC Client and Stuff gobbles (Jun 12)
Part II: Vulnerability in 3Com® OfficeConnect® Remote 812 ADSL Router Ismael Briones (Jun 12)
Another small DoS on Mozilla <= 1.0 through pop3 eldre8 (Jun 12)
- <Possible follow-ups>
- Another small DoS on Mozilla <= 1.0 through pop3 Tim the Enchanter (Jun 14)
ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow [AD20020612] Ryan Permeh (Jun 12)
simpleinit root exploit - file descriptor left open Patrick Smith (Jun 13)
Remote DoS in AnalogX SimpleServer:www 1.16 Fort _ (Jun 13)
wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting Matt Moore (Jun 13)
[SNS Advisory No.54] Active! mail Executing the Script upon the Opening of a Mail Message Vulnerability snsadv () lac co jp (Jun 13)
CSS vulnerabilities in IMP 3.0 Brent J. Nordquist (Jun 13)
Re: Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases mattmurphy (Jun 13)
Microsoft releases critical fix that breaks their own software! Geoff Shively (Jun 13)
- Re: Microsoft releases critical fix that breaks their own software! Deus, Attonbitus (Jun 13)
  - Re: Microsoft releases critical fix that breaks their own software! Geoff Shively (Jun 13)
- Re: Microsoft releases critical fix that breaks their own software! Gavin Hanover (Jun 13)
- Re: Microsoft releases critical fix that breaks their own software! Benjamin Bodenheim (Jun 13)
  - Re: Microsoft releases critical fix that breaks their own software! Geoff Shively (Jun 13)
- <Possible follow-ups>
- Re: Microsoft releases critical fix that breaks their own software! mattmurphy (Jun 14)
  - Re: Microsoft releases critical fix that breaks their own software! Geoff Shively (Jun 15)
- Re: Microsoft releases critical fix that breaks their own software! mattmurphy (Jun 14)
VNA - .HTR HEAP OVERFLOW Mark Litchfield (Jun 13)
Microsoft RASAPI32.DLL Mark Litchfield (Jun 13)
[LBYTE] Ruslan Communications <BODY>Builder SQL modification Alexander Korchagin (Jun 13)
- <Possible follow-ups>
- RE: [LBYTE] Ruslan Communications <BODY>Builder SQL modification Nick Lothian (Jun 14)
Sensitive IM Security - MSN Message Sniffing SeungHyun Seo (Jun 13)
Re: Very large font size crashing X Font Server and Grounding Server to a Halt (was: remote DoS in Mozilla 1.0) Jesse Pollard (Jun 13)
- Re: Very large font size crashing X Font Server and Grounding Server to a Halt (was: remote DoS in Mozilla 1.0) Matthew Wakeling (Jun 13)
Microsoft FrontPage vs Composer Netscape... S[h]iff - [ISR] - Infobyte Security Research (Jun 14)
Flawed workaround in MS02-027 -- gopher can run on _any_ port, not just 70 Mikael Olsson (Jun 14)
- Message not available
  - Re: Flawed workaround in MS02-027 -- gopher can run on _any_ port, not just 70 Mikael Olsson (Jun 14)
ToorCon 2002 Call For Papers h1kari (Jun 14)
+ALERT+ BACKDOOR IN MSN666 SNIFFER FOR SNIFFING MSN +ALERT+ gobbles (Jun 14)
- Re: +ALERT+ BACKDOOR IN MSN666 SNIFFER FOR SNIFFING MSN +ALERT+ Seunghyun Seo (Jun 14)
Security Update: [CSSA-2002-SCO.26] OpenServer 5.0.6a : squid compressed DNS answer message boundary failure security (Jun 14)
Microsoft SQL Server 2000 pwdencrypt() buffer overflow martin rakhmanoff (Jun 14)
Another cgiemail bug sec (Jun 14)
- Re: Another cgiemail bug Christopher X. Candreva (Jun 14)
Lumigent Log Explorer 3.xx extended stored procedures buffer overflow martin rakhmanoff (Jun 14)
UPDATE UPDATE UPDATE UPDATE UPDATE UPDATE gobbles (Jun 14)
IGMP denial of service vulnerability Krishna N. Ramachandran (Jun 14)
- Re: IGMP denial of service vulnerability Marty Schoch (Jun 14)
  - Re: IGMP denial of service vulnerability Arun D. Qamra (Jun 14)
    - IE 5.-6 CSS parsing error Dmitry Leonov (Jun 15)
    - Re: IE 5.-6 CSS parsing error patpro (Jun 16)
- <Possible follow-ups>
- RE: IGMP denial of service vulnerability Nick Roffey (Jun 15)
  - Re: IGMP denial of service vulnerability Marty Schoch (Jun 15)
Re: MSN666 "backdoor" Seunghyun Seo (Jun 14)
Follow-up on Lumigent Log Explorer 3.xx extended stored procedures buffer overflow Murray S. Mazer (Jun 14)
Mewsoft Auction, PHP Classifieds and eFax.com - CrossSiteScripting issues § o m e 1 (Jun 14)
XSS in CiscoSecure ACS v3.0 Dave Palumbo (Jun 14)
- Re: XSS in CiscoSecure ACS v3.0 Lisa Napier (Jun 21)
ALERT: Xitami 2.5b5 Matthew Murphy (Jun 14)
RE: wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Sc ripting Francis Favorini (Jun 15)
malicious PHP source injection I'm I (Jun 15)
Fore/Marconi ATM Switch 'land' vulnerability Seeker of Truth (Jun 15)
- Windows Buffer Overflows Brett Moore (Jun 17)
  - Re: Windows Buffer Overflows dullien (Jun 18)
GOBBLES Reflection on the msn666 Hole gobbles (Jun 15)
KPMG-2002020: Resin view_source.jsp Arbitrary File Reading Peter Gründl (Jun 17)
KPMG-2002021: Resin Large Parameter Denial of Service Peter Gründl (Jun 17)
ZyXEL 642R(-11) AJ.6 SYN-ACK, SYN-FIN DoS Kistler Ueli (Jun 17)
- Re: ZyXEL 642R(-11) AJ.6 SYN-ACK, SYN-FIN DoS Knud Erik Højgaard (Jun 17)
- Re: ZyXEL 642R(-11) AJ.6 SYN-ACK, SYN-FIN DoS Rich Henning (Jun 18)
  - Message not available
    - Re: ZyXEL 642R(-11) AJ.6 SYN-ACK, SYN-FIN DoS -- 643R testing Kistler Ueli (Jun 17)
- <Possible follow-ups>
- RE: ZyXEL 642R(-11) AJ.6 SYN-ACK, SYN-FIN DoS Christopher Gripp (Jun 25)
nCipher Advisory #3: MSCAPI keys erroneously module-protected - update nCipher Support (Jun 17)
nCipher Advisory #4: Console Java apps can leak passphrases on Windows nCipher Support (Jun 17)
ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server X-Force (Jun 17)
- Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server valcu.gheorghe (Jun 17)
  - Message not available
    - Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server Florian Weimer (Jun 18)
  - Re[2]: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server bogachev igor (Jun 18)
  - Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server Dave Aitel (Jun 19)
- Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server Joe Testa (Jun 19)
Directory Traversal in Wolfram Research's webMathematica Andrew Badr (Jun 17)
Another small metacharacter bug in Penguin Traceroute v1.0 Marco van Berkum (Jun 17)
- Re: Another small metacharacter bug in Penguin Traceroute v1.0 Andreas Beck (Jun 17)
  - Re: Another small metacharacter bug in Penguin Traceroute v1.0 Jedi/Sector One (Jun 18)
Re: Remote Compromise Vulnerability in Apache HTTP Server David Litchfield (Jun 17)
- RE: Remote Compromise Vulnerability in Apache HTTP Server Marc Maiffret (Jun 17)
- Re: Remote Compromise Vulnerability in Apache HTTP Server Florian Weimer (Jun 18)
External access to Netgear RP114 "firewall" auto353237 (Jun 17)
- <Possible follow-ups>
- Re: External access to Netgear RP114 "firewall" auto353237 (Jun 18)
Apache httpd: vulnerability with chunked encoding Mark J Cox (Jun 17)
- external policy enforcement [Re: Apache httpd: vulnerability...] Niels Provos (Jun 18)
Cisco Security Advisory: Cable Modem Termination System Authentication Bypass Cisco Systems Product Security Incident Response Team (Jun 17)
PHP source injection in PHPAddress tim vandermeersch (Jun 17)
Follow: ZyXEL 642R-11 AJ.6 service DoS -- additional informations Kistler Ueli (Jun 17)
PHP source injection in osCommerce Tim Vandermeerch (Jun 17)
Solaris 8 Screensaver Issue? Jon Masters (Jun 18)
- Re: Solaris 8 Screensaver Issue? Mark Baldwin (Jun 18)
malicious PHP source injection in phpBB morris Chang (Jun 18)
- RE: malicious PHP source injection in phpBB Nathan Anderson (Jun 18)
- Re: malicious PHP source injection in phpBB Jonathan Haase (Jun 18)
ISS X-Force response (fwd) Dave Ahmad (Jun 18)
Security Update: [CSSA-2002-027.0] Linux: fetchmail imap message count vulnerability security (Jun 18)
CERT Advisory CA-2002-17 Apache Web Server Chunk Handling Vulnerability CERT Advisory (Jun 18)
tracesex.pl : TrACESroute 6.0 GOLD local format string exploit thc [ () drug org] (Jun 18)
Metacart vuln. Tacettin Karadeniz (Jun 18)
Vulnerability Coordination David Litchfield (Jun 18)
Apache Web Server Chunk Handling vulnerability on IRIX SGI Security Coordinator (Jun 18)
Interbase 6.0 malloc() issues KF (Jun 18)
DeepMetrix LiveStats javascript injection security (Jun 18)
Re: Catalyst 4000 - Cisco's Response Mike Caudill (Jun 18)
ColdFusion MX Cross Site Scripting vulnerability Ory Segal (Jun 18)
(more) Advanced SQL Injection Chris Anley (Jun 18)
Mandrake 8.2 msec security issue Spot (Jun 18)
WebBBS 5.0 (andlater versions) vulnerable: allow commands execution via "followup" bug nerf gr0up nerf (Jun 18)
Fixed version of Apache 1.3 available Dave Ahmad (Jun 18)
- Re: Fixed version of Apache 1.3 available Armando Ortiz (Jun 18)
- <Possible follow-ups>
- Re: Fixed version of Apache 1.3 available zeno (Jun 19)
Security Update: [CSSA-2002-SCO.27] UnixWare 7.1.1 Open UNIX 8.0.0 : ppptalk root privilege vulnerability security (Jun 18)
4D 6.7 DOS and Buffer Overflow Vulnerability Alfred Goldberg (Jun 19)
Cisco Security Advisory: Buffer Overflow in UNIX VPN Client Cisco Systems Product Security Incident Response Team (Jun 19)
[AP] Cisco vpnclient buffer overflow methodic (Jun 19)
Microsoft SQL Server 2000 OpenDataSource Buffer Overflow (#NISR19062002) David Litchfield (Jun 19)
Cisco Security Advisory: Cisco ONS15454 IP TOS Bit Vulnerability Cisco Systems Product Security Incident Response Team (Jun 19)
KPMG-2002024: Apache Tomcat Path Disclosure Peter Gründl (Jun 19)
DoS on irssi 0.8.4 Ripe (Jun 19)
[SECURITY] [DSA-131-2] Apache chunk handling vulnerability, update Wichert Akkerman (Jun 19)
SuSE Security Announcement: Apache (SuSE-SA:2002:022) Olaf Kirch (Jun 19)
Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server Muhammad Faisal Rauf Danka (Jun 19)
- <Possible follow-ups>
- Fw: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server Mark Litchfield (Jun 20)
[SECURITY] [DSA-131-1] Apache chunk handling vulnerability Wichert Akkerman (Jun 19)
[ESA-20020619-014] 'apache' chunk handling overflow vulnerability EnGarde Secure Linux (Jun 19)
[OpenPKG-SA-2002.004] OpenPKG Security Advisory (apache) OpenPKG (Jun 19)
Solaris 8 Screensaver Issue Jon Masters (Jun 19)
Remote Apache 1.3.x Exploit gobbles (Jun 20)
Implications of Apache vuln for Oracle Tina Bird (Jun 20)
- Re: Implications of Apache vuln for Oracle Kevin Spett (Jun 20)
BasiliX multiple vulnerabilities Ulf Harnhammar (Jun 20)
bugtraq () security nnov ru list issues 3APA3A (Jun 20)
TSLSA-2002-0056 - apache Trustix Secure Linux Advisor (Jun 20)
Acrobat reader 4.05 temporary files Jarno Huuskonen (Jun 20)
KPMG-2002025: Apache Tomcat Denial of Service Peter Gründl (Jun 20)
Xitami Web Server (32-bit) 2.5b4 Plaintext Administrator Password Storage ace (Jun 20)
- Re: Xitami Web Server (32-bit) 2.5b4 Plaintext Administrator Password Storage Florian Hobelsberger / BlueScreen (Jun 21)
IRIX xfsmd vulnerability SGI Security Coordinator (Jun 20)
Half-life fake players bug Auriemma Luigi (Jun 20)
Apache Exploit Stefan Esser (Jun 20)
- Re: Apache Exploit Ben Laurie (Jun 21)
Source Injection into PHPAddress Chris Huebsch (Jun 20)
[RHSA-2002:103-13] Updated Apache packages fix chunked encoding issue Terry A Jeeves (Jun 20)
[LSD] IRIX rpc.xfsmd multiple remote root vulnerabilities Last Stage of Delirium (Jun 20)
Security Update: [CSSA-2002-028.0] Linux: dhcpd dynamic DNS format string vulnerability security (Jun 20)
ISS Apache Advisory Response Klaus, Chris (ISSAtlanta) (Jun 21)
- Re: ISS Apache Advisory Response Kee Hinckley (Jun 21)
- Re: ISS Apache Advisory Response Thomas Reinke (Jun 21)
- Re: ISS Apache Advisory Response Kevin Spett (Jun 21)
  - Re: ISS Apache Advisory Response Kevin Spett (Jun 22)
- Re: ISS Apache Advisory Response Mike Eldridge (Jun 21)
- Re: ISS Apache Advisory Response Security Admin (Jun 25)
- <Possible follow-ups>
- Re: ISS Apache Advisory Response dminor (Jun 22)
bugtraq () security nnov ru list issue: NcFTPd Mike Gleason (Jun 21)
Pirch 98 Link Handling Buffer Overflow David Rude II (Jun 21)
MDKSA-2002:039 - apache update Mandrake Linux Security Team (Jun 21)
VPN and Q318138 Lucas, Mark J. (Jun 21)
[SECURITY] Remote exploit for 32-bit Apache HTTP Server known jwoolley (Jun 21)
[AP] YaBB Cross-Site Scripting vulnerability methodic (Jun 21)
AdvServer DoS elaborate ruse (Jun 21)
MDKSA-2002:039-1 - apache update Mandrake Linux Security Team (Jun 21)
ISS Advisory clarification Klaus, Chris (ISSAtlanta) (Jun 21)
- Re: ISS Advisory clarification Michael Stone (Jun 21)
- <Possible follow-ups>
- Re: ISS Advisory clarification security curmudgeon (Jun 21)
DPGS allows any file to be overwritten b0iler (Jun 21)
[slackware-security] new apache/mod_ssl packages available Dave Ahmad (Jun 21)
Apache Vulnerability through a Proxy? Ulf Bahrenfuss (Jun 21)
- Re: Apache Vulnerability through a Proxy? Ben Laurie (Jun 22)
- Re: Apache Vulnerability through a Proxy? Jason Yates (Jun 25)
Ending a few arguments with one simple attachment. gobbles (Jun 22)
- Re: Ending a few arguments with one simple attachment. KF (Jun 22)
  - Re: Ending a few arguments with one simple attachment. Pete Ehlke (Jun 22)
blowchunks - protecting existing apache servers until upgrades arrive Cris Bailiff (Jun 22)
- don't assume stuff is safe (was Re: blowchunks) Perry E. Metzger (Jun 22)
MDKSA-2002:039-2 - apache update (revised) Mandrake Linux Security Team (Jun 22)
Re: Half-life fake players bug (update) Auriemma Luigi (Jun 24)
Security Update: [CSSA-2002-029.0] Linux: Apache Web Server Chunk Handling Vulnerability security (Jun 25)
OpenSSH vulnerability John Williams (Jun 25)
cqure.net.20020521.netware_nwftpd_fmtstr Patrik Karlsson (Jun 25)
IRIX nveventd vulnerability SGI Security Coordinator (Jun 26)
Caucho Resin Path Disclosure security-protocols (Jun 26)
Upcoming OpenSSH vulnerability Theo de Raadt (Jun 26)
- <Possible follow-ups>
- Re: Upcoming OpenSSH vulnerability Solar Designer (Jun 26)
Salescart vuln. Tacettin Karadeniz (Jun 26)
- <Possible follow-ups>
- Salescart vuln. ComCity (Jun 27)
phpsquidpass: unauthorized user deleting ppp-design (Jun 26)
A DoS against IE in W2K and XP? You Make the Call... 'ken'@FTU (Jun 26)
ISS Advisory: OpenSSH Remote Challenge Vulnerability X-Force (Jun 26)
New Paper - Violating Database Enforced Security Mechanisms Chris Anley (Jun 26)
[SECURITY] [DSA-134-2] Unknown OpenSSH remote vulnerability Wichert Akkerman (Jun 26)
Sharity Cifslogin Buffer Overflow (arguments) Alex Hernandez (Jun 26)
IRIX pmpost vulnerability SGI Security Coordinator (Jun 26)
MDKSA-2002:040 - openssh update Mandrake Linux Security Team (Jun 26)
Acrobat reader 5.05 temp file insecurity Paul Szabo (Jun 26)
- Re: Acrobat reader 5.05 temp file insecurity Juan M. Courcoul (Jun 27)
ssh environment - circumvention of restricted shells ari (Jun 26)
- Re: ssh environment - circumvention of restricted shells Markus Friedl (Jun 27)
  - Re: ssh environment - circumvention of restricted shells Jose Nazario (Jun 27)
- <Possible follow-ups>
- RE: ssh environment - circumvention of restricted shells Leif Sawyer (Jun 27)
  - Re: ssh environment - circumvention of restricted shells ari (Jun 28)
Remote buffer overflow in resolver code of libc Mark Lastdrager (Jun 26)
- Re: Remote buffer overflow in resolver code of libc Brett Glass (Jun 29)
  - Re: Remote buffer overflow in resolver code of libc David Conrad (Jun 29)
Re: apache-scalp.c Michael A. Williams (Jun 27)
Apache Chunked Vulnerability on Many Dell Servers running NT? greg (Jun 27)
Security Update: [CSSA-2002-SCO.30] UnixWare 7.1.1 Open UNIX 8.0.0 : dtprintinfo buffer overflow with Help search security (Jun 27)
[SECURITY] [DSA-134-3] Unknown OpenSSH remote vulnerability Michael Stone (Jun 27)
Formatstring Vulnerability in decfingerd 0.7 isox (Jun 27)
Now Online OWASP Guide to Building Secure Web Applications The Owasp Project (Jun 27)
SuSE Security Announcement: OpenSSH (SuSE-SA:2002:023) Olaf Kirch (Jun 27)
[ESA-20020625-015] openssh: introduce privilege separation into sshd EnGarde Secure Linux (Jun 27)
Apache mod_ssl off-by-one vulnerability Jedi/Sector One (Jun 27)
- Re: Apache mod_ssl off-by-one vulnerability H D Moore (Jun 27)
- <Possible follow-ups>
- Re: Apache mod_ssl off-by-one vulnerability Ken . Williams (Jun 29)
  - Re: Apache mod_ssl off-by-one vulnerability Jedi/Sector One (Jun 29)
    - Simple Wais 1.11 allows users to execute commands as SWAIS deamon. John Thornton (Jun 29)
[CLA-2002:500] Conectiva Linux Security Announcement - openssh secure (Jun 27)
Administrivia: Recent list delays Dave Ahmad (Jun 27)
OpenSSH Security Advisory (adv.iss) Markus Friedl (Jun 27)
XSS in HTDIG Howard Yeend (Jun 27)
- Re: XSS in HTDIG Peter Watkins (Jun 28)
  - Re: XSS in HTDIG Henrik Edlund (Jun 28)
- Re: XSS in HTDIG webmaster (Stephen Ostermiller) (Jun 29)
CERT Advisory CA-2002-18 OpenSSH Vulnerabilities in Challenge Response CERT Advisory (Jun 27)
Revised OpenSSH Security Advisory (adv.iss) Markus Friedl (Jun 27)
[sp00fed packet] Whois vulnerability Zeux (Jun 27)
[SECURITY] [DSA-134-4] OpenSSH Remote Challenge Vulnerability Michael Stone (Jun 27)
Xitami 2.5 Beta Errors.gsl Script Injection Vulnerabilities Matthew Murphy (Jun 27)
Cisco Security Advisory: Scanning for SSH Can Cause a Crash Cisco Systems Product Security Incident Response Team (Jun 27)
NetBSD Security Advisory 2002-006: buffer overrun in libc DNS resolver NetBSD Security Officer (Jun 27)
Summary: IE DoS in W2K and XP 'ken'@FTU (Jun 27)
Reminder Announcement - CSICON.NET CSICONdotNET (Jun 27)
ALERT: Lil'HTTP Server (Summit Computer Networks) Matthew Murphy (Jun 27)
How to reproduce OpenSSH Overflow. Joe Testa (Jun 27)
[OpenPKG-SA-2002.005] OpenPKG Security Advisory (openssh) OpenPKG (Jun 27)
FreeBSD Security Advisory FreeBSD-SA-02:28.resolv FreeBSD Security Advisories (Jun 27)
Foundstone Advisory - Buffer Overflow in AnalogX SimpleServer:Shout (fwd) Dave Ahmad (Jun 27)
NetBSD Security Advisory 2002-005: OpenSSH protocol version 2 challenge-response authentication NetBSD Security Officer (Jun 27)
Cluestick Advisory #000 cluestick (Jun 27)
CERT VU #803539 Joost Pol (Jun 28)
Security Update: [CSSA-2002-030.0] Linux: OpenSSH Vulnerabilities in Challenge Response Handling security (Jun 28)
[RHSA-2002:127-18] Updated OpenSSH packages fix various security issues bugzilla (Jun 28)
Apache worm in the wild Domas Mituzas (Jun 28)
- Re: Apache worm in the wild flynn (Jun 28)
  - Re: Apache worm in the wild Brett Glass (Jun 29)
- Re: Apache worm in the wild Mihai (Cop) Moldovanu (Jun 28)
- Re: Apache worm in the wild wink (Jun 28)
wp-02-0002: 'WEB-INF' Folder accessible in Multiple Web Application Servers Matt Moore (Jun 28)
H2K2 "Hacker" conference July 12-14 in New York City Michael Kaegler (Jun 28)
[CLA-2002:502] Conectiva Linux Security Announcement - openssh secure (Jun 28)
wp-02-0009: Macromedia JRun Admin Server Authentication Bypass Matt Moore (Jun 28)
OpenBSD 3.1 sshd remote root exploit Christophe Devine (Jun 28)
TSL-2002-0058 - apache/mod_ssl Trustix Secure Linux Advisor (Jun 28)
TSL-2002-0059 - openssh Trustix Secure Linux Advisor (Jun 28)
apache-worm.c Domas Mituzas (Jun 28)
CERT Advisory CA-2002-19 Buffer Overflow in Multiple DNS Resolver Libraries CERT Advisory (Jun 28)
[slackware-security] New OpenSSH packages available White Vampire (Jun 29)
RE: ZyXEL SYN-ACK, SYN-FIN DoS Update Christopher Gripp (Jun 29)
Cluestick Advisory #001 cluestick (Jun 29)
Sun statement on the OpenSSH Remote Challenge Vulnerability Darren J Moffat (Jun 29)
efstool local root exploit clorox (Jun 29)
SSI & CSS execution in E-Guest (1.1) & ZAP Book (v1.0.3) DownBload (Jun 29)

Previous period

Next period