Bugtraq: by thread

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq: by thread

438 messages starting Feb 28 02 and ending Mar 31 02
Date index | Thread index | Author index

Re: BUG: Kmail client DoS Valden Longhurst (Feb 28)
the dangers of disclosing vulnerabilities when the guilty party is ignorant of industry standards Brian Rea (Feb 28)
- Re: the dangers of disclosing vulnerabilities when the guilty party is ignorant of industry standards Brian McWilliams (Mar 01)
- <Possible follow-ups>
- Re: the dangers of disclosing vulnerabilities when the guilty party is ignorant of industry standards Andrew Church (Mar 03)
[ARL02-A04] DCP-Portal System Information Path Disclosure Vulnerability Ahmet Sabri ALPER (Feb 28)
RE: Symantec LiveUpdate Peter Miller (Feb 28)
- <Possible follow-ups>
- RE: Symantec LiveUpdate Steven Vallarian (Mar 01)
Re: Why is Microsoft watching us watch DVD movies? Scott Christopher Dodson (Feb 28)
Snitz 2000 Code Patch (was RE: Open Bulletin Board javascript bug.) Joshua_Hiller (Feb 28)
... Tiny Personal Firewall ... Andrew Barkley (Feb 28)
- Re: ... Tiny Personal Firewall ... Maher Odeh (Mar 01)
- Re: ... Tiny Personal Firewall ... Scott Nursten (Mar 05)
  - Re: ... Tiny Personal Firewall ... Dave Ahmad (Mar 04)
    - Re: ... Tiny Personal Firewall ... Tom Geldner (Mar 05)
    - Re: Tiny Personal Firewall elfs (Mar 05)
    - Re: ... Tiny Personal Firewall ... J.Brown (Ender/Amigo) (Mar 06)
Resend: SuSE Security Announcement: cups (SuSE-SA:2002:006) Thomas Biege (Feb 28)
Old (and fixed) Windows bug - was Re: BPM STUDIO PRO 4.2 DOS DEVICE PATH VULNERABILITY Alun Jones (Feb 28)
Re: NtWakO BlackICE sig missing Graham, Robert (ISS Atlanta) (Feb 28)
Re: Anonymous Mail Forwarding Vulnerabilities in FormMail 1.9 David Cantrell (Feb 28)
SecurityOffice Security Advisory:// Novell GroupWise Web Access Path Disclosure Vulnerability Tamer Sahin (Feb 28)
Remote exploit against xtelld and other fun Spybreak (Feb 28)
MDKSA-2002:018 - cyrus-sasl update Mandrake Linux Security Team (Feb 28)
CERT Advisory CA-2002-05 Multiple Vulnerabilities in PHP fileupload CERT Advisory (Feb 28)
RE: Open Bulletin Board javascript bug. Nate Pinchot (Feb 28)
NAI Gauntlet Firewall 5.5 for NT (Multiple Vendor HTTP CONNECT TCP Tunnel Vulnerability (bugtraq id 4131) Rashed Alabbar (Feb 28)
- Re: NAI Gauntlet Firewall 5.5 for NT (Multiple Vendor HTTP CONNECT TCP Tunnel Vulnerability (bugtraq id 4131) Colin Campbell (Mar 01)
Hotline Client Plain password vuln. Rense Buijen (Feb 28)
- Re: Hotline Client Plain password vuln. macdaddy (Mar 01)
[CLA-2002:464] Conectiva Linux Security Announcement - squid secure (Feb 28)
Re: Anti Virus Mailscanners DOS David F. Skoll (Feb 28)
- <Possible follow-ups>
- Re: Anti Virus Mailscanners DOS Lars Hecking (Feb 28)
- Re: Anti Virus Mailscanners DOS Eduardo R. Maciel (Feb 28)
- Re: Anti Virus Mailscanners DOS Kragen Sitaker (Mar 01)
- Re: Anti Virus Mailscanners DOS Paul L Daniels (Mar 01)
- Re: Anti Virus Mailscanners DOS arivanov (Mar 01)
RE: Windows Media Player executes WMF content in .MP3 files. Menashe Eliezer (Feb 28)
- <Possible follow-ups>
- RE: Windows Media Player executes WMF content in .MP3 files. David Korn (Mar 01)
[SECURITY] [DSA-111-2] Update for SNMP security fix Wichert Akkerman (Feb 28)
2K, with RealPlayer Installed 100 % CPU utilization Adonis.No.Spam (Feb 28)
MDKSA-2002:017 - php update Mandrake Linux Security Team (Feb 28)
[RHSA-2002:035-13] Updated PHP packages are available bugzilla (Feb 28)
Colbalt-RAQ-v4-Bugs&Vulnerabilities Alex Hernandez (Mar 01)
- <Possible follow-ups>
- Re: Colbalt-RAQ-v4-Bugs&Vulnerabilities Peter N. Go (Mar 01)
PCFriendly DVD Backchannel Matt Curtin (Mar 01)
- Re: PCFriendly DVD Backchannel Olin Sibert (Mar 04)
  - Re: PCFriendly DVD Backchannel Martin Stricker (Mar 06)
- <Possible follow-ups>
- RE: PCFriendly DVD Backchannel Graham, Brian (Mar 05)
- RE: PCFriendly DVD Backchannel garberoa (Mar 05)
nCipher Security Advisory #2: SNMP vulnerabilities nCipher Support (Mar 01)
IE execution of arbitrary commands without Active Scripting or ActiveX (GM#001-IE) GreyMagic Software (Mar 01)
- Re: IE execution of arbitrary commands without Active Scripting or ActiveX (GM#001-IE) the Pull (Mar 01)
- Re: IE execution of arbitrary commands without Active Scripting or ActiveX (GM#001-IE) Stefan Osterlitz (Mar 01)
  - Re: IE execution of arbitrary commands without Active Scripting or ActiveX (GM#001-IE) Peter Wu (Mar 03)
  - RE: IE execution of arbitrary commands without Active Scripting or ActiveX (GM#001-IE) + Workaround. GreyMagic Software (Mar 03)
- RE: IE execution of arbitrary commands without Active Scripting or ActiveX (GM#001-IE) Thomas Thornbury (Mar 04)
  - RE: IE execution of arbitrary commands without Active Scripting Nick FitzGerald (Mar 05)
Re: "Javier Sanchez" jsanchez157 () hotmail com 02/25/2002 11:14 AM, Symantec LiveUpdate Sym Security (Mar 01)
UPDATE: Cert Advisory 2002-03 and Ethereal Information Security (Mar 01)
TSLSA-2002-0034 - apache Trustix Secure Linux Advisor (Mar 01)
SuSE Security Announcement: mod_php/mod_php4 (SuSE-SA:2002:007) Roman Drahtmueller (Mar 01)
Commercial stack fragility (Was RE: Cert Advisory 2002-03 and HP JetDirect) Brewis, Mark (Mar 01)
- Re: Commercial stack fragility (Was RE: Cert Advisory 2002-03 and HP JetDirect) Andrew M Hoerter (Mar 01)
TSLSA-2002-0033 - mod_php Trustix Secure Linux Advisor (Mar 01)
RE: UPDATE: [wcolburn () nmt edu: SMTP relay through checkpoint fire wall] Corey J. Steele (Mar 01)
Cobalt-RAQ-4-Bugs&Vulnerabilities Alex Hernandez (Mar 01)
DoS on HP ProCurve 4000M switch (possibly others) Jon Snyder (Mar 01)
[ESA-20020301-005] 'apache' (mod_ssl) session caching buffer overflow EnGarde Secure Linux (Mar 01)
[ESA-20020301-006] 'php, mod_php' MIME parsing vulnerabilities EnGarde Secure Linux (Mar 01)
Re: mod_ssl Buffer Overflow Condition (Update Available) Ben Laurie (Mar 01)
- <Possible follow-ups>
- Re: mod_ssl Buffer Overflow Condition (Update Available) Ben Laurie (Mar 01)
IIS SMTP component allows mail relaying via Null Session Todd Sabin (Mar 01)
- <Possible follow-ups>
- RE: IIS SMTP component allows mail relaying via Null Session Toni Lassila (Mar 04)
  - Re: IIS SMTP component allows mail relaying via Null Session Todd Sabin (Mar 05)
Open Security Testing Meth 2.0 released pete (Mar 01)
[matt () zope com: [Zope-Annce] Zope Hotfix 2002-03-01 (Ownership Roles Enforcement)] George Lewis (Mar 01)
AOL Instant Messenger Servers Patched and...Un-Patched? Brendan Butts (Mar 01)
[SECURITY] [DSA 116-1] New CFS packages fix security problems Martin Schulze (Mar 02)
Phorum Discussion Board Security Bug (Email Disclosure) Agricola (Mar 02)
[SECURITY] [DSA 115-1] New PHP packages fix security problems Martin Schulze (Mar 02)
Apache-SSL buffer overflow (fix available) Ben Laurie (Mar 03)
Denial of Service in Sphereserver iphantomi (Mar 03)
RealPlayer bug §ome1 (Mar 03)
- Re: RealPlayer bug Michiel Heijkoop (Mar 04)
  - Re: RealPlayer bug obscure (Mar 05)
  - Re: RealPlayer bug bugtraq42 (Mar 05)
  - Re: RealPlayer bug Jenny Holmberg (Mar 05)
AeroMail multiple vulnerabilities Ulf Harnhammar (Mar 03)
iBuySpy store hole Tom Gilder (Mar 03)
ReBB javascripts vulnerability skizzik (Mar 04)
Security Update: [CSSA-2002-SCO.7] OpenServer: multiple vulnerabilities in squid security (Mar 04)
Apache-SSL 1.3.22+1.47 - update to security fix Ben Laurie (Mar 04)
CERT Advisory CA-2002-06 Vulnerabilities in Various Implementations of the CERT Advisory (Mar 04)
Re: "Peter Miller" pcmiller61 () yahoo com, 02/26/2002 03:48 AM RE: Symantec LiveUpdate Sym Security (Mar 04)
SuSE Security Announcement: squid (SuSE-SA:2002:008) Sebastian Krahmer (Mar 04)
[CLA-2002:465] Conectiva Linux Security Announcement - apache secure (Mar 04)
BSD: IPv4 forwarding doesn't consult inbound SPD in KAME-derived IPsec Greg Troxel (Mar 04)
[RHSA-2002:030-08] Updated radiusd-cistron packages are available bugzilla (Mar 04)
[H20020304]: Remotely exploitable format string vulnerability in ntop hologram (Mar 05)
- RE: [H20020304]: Remotely exploitable format string vulnerability in ntop Burton M. Strauss III (Mar 05)
mutants! - spp_fnord.c (It can see the FNORDs! :-) Dragos Ruiu (Mar 05)
Java HTTP proxy vulnerability Harmen van der Wal (Mar 05)
Buffer Overrun in Talentsoft's Web+ (#NISR01032002A) David Litchfield (Mar 05)
Endymion SakeMail and MailMan File Disclosure Vulnerability rudi carell (Mar 05)
Another Sql Server 7 Buffer Overflow c c (Mar 05)
Considerations for IIS Authentication (#NISR05032002C) David Litchfield (Mar 05)
Two new white papers David Litchfield (Mar 05)
[SECURITY] [DSA 117-1] New CVS packages fix potential security problems Martin Schulze (Mar 05)
IIS Internal IP Address Disclosure (#NISR05032002B) David Litchfield (Mar 05)
- Re: IIS Internal IP Address Disclosure (#NISR05032002B) Eric (Mar 06)
  - RE: IIS Internal IP Address Disclosure (#NISR05032002B) David Litchfield (Mar 08)
Buffer Overflows in sh39.com's mailserver 1.21 Rense Buijen (Mar 05)
Apache+php Proof of Concept Exploit Gabriel A. Maggiotti (Mar 05)
SECURITY.NNOV: few vulnerabilities in multiple RADIUS implementations 3APA3A (Mar 05)
On the ultimate futility of server-based mail scanning David F. Skoll (Mar 05)
- RE: On the ultimate futility of server-based mail scanning Richard M. Smith (Mar 06)
- <Possible follow-ups>
- Re: On the ultimate futility of server-based mail scanning David Kennedy CISSP (Mar 06)
  - Re: On the ultimate futility of server-based mail scanning aleph1 (Mar 08)
cansecwest/core02 Dragos Ruiu (Mar 05)
mtr 0.45, 0.46 Przemyslaw Frasunek (Mar 06)
- Re: mtr 0.45, 0.46 Rogier Wolff (Mar 06)
  - Re: mtr 0.45, 0.46 Matt Zimmerman (Mar 08)
NT user (who is locked changing his/her password by administrator ) can bypass the security policy and Change the password. Syed Mohamed A (Mar 06)
efingerd remote buffer overflow and a dangerous feature Spybreak (Mar 06)
- Re: efingerd remote buffer overflow and a dangerous feature Michael Bacarella (Mar 06)
Mistype a URL? M$N knows what you typed. Darren Reed (Mar 06)
- RE: Mistype a URL? M$N knows what you typed. Dan Heskett (Mar 06)
[CLA-2002:466] Conectiva Linux Security Announcement - radiusd-cistron secure (Mar 06)
PureTLS Security Announcement: Upgrade to 0.9b2 Eric Rescorla (Mar 06)
[PINE-CERT-20020301] OpenSSH off-by-one Joost Pol (Mar 07)
- Re: [PINE-CERT-20020301] OpenSSH off-by-one Florin Andrei (Mar 08)
  - Re: [PINE-CERT-20020301] OpenSSH off-by-one Attila Nagy (Mar 08)
[ESA-20020307-007] Local vulnerability in OpenSSH's channel code. EnGarde Secure Linux (Mar 07)
- Re: [ESA-20020307-007] Local vulnerability in OpenSSH's channel code. Ryan W. Maple (Mar 08)
mIRC DCC Server Security Flaw James Evans (Mar 07)
Various Vulnerabilities in Norton Anti-Virus 2002 Edvice Security Services (Mar 07)
OpenSSH Security Advisory (adv.channelalloc) Markus Friedl (Mar 07)
[CLA-2002:467] Conectiva Linux Security Announcement - openssh secure (Mar 07)
SuSE Security Announcement: openssh (SuSE-SA:2002:009) Roman Drahtmueller (Mar 07)
Vulnerability Details for MS02-012 H D Moore (Mar 08)
[OpenPKG-SA-2002.002] OpenPKG Security Advisory (openssh) OpenPKG (Mar 08)
Subversion of Information Vulnerabilities on Major News Sites Jeremiah J. Jacks (Mar 08)
MDKSA-2002:021 - mod_frontpage update Mandrake Linux Security Team (Mar 08)
[CLA-2002:468] Conectiva Linux Security Announcement - php secure (Mar 08)
Linksys BEFVP41 VPN Server does not follow proper VPN standards pschlesinger (Mar 08)
[RHSA-2002:043-10] Updated openssh packages available bugzilla (Mar 08)
linux <=2.4.18 x86 traps.c problem Avery Buffington (Mar 08)
Remote Cobalt Raq XTR vulns W. ter Maat - Digit-Labs Information Security (Mar 08)
Checkpoint FW1 SecuRemote/SecureClient "re-authentication" (client side hacks of users.C) Cedric Amand (Mar 08)
[SECURITY] [DSA 119-1] ssh channel bug Michael Stone (Mar 08)
Re: Edvice Security Services <support () edvicesecurity com, 000701c1c5fb$c168f970$5a01010a () mic2000 Sym Security (Mar 08)
[RHSA-2002:041-08] Updated mod_ssl packages available bugzilla (Mar 08)
MDKSA-2002:019 - openssh update Mandrake Linux Security Team (Mar 08)
Windows 2000 password policy bypass possibility Leonid Mamtchenkov (Mar 08)
- <Possible follow-ups>
- RE: Windows 2000 password policy bypass possibility Bradley, Tony (Mar 08)
  - Re: Windows 2000 password policy bypass possibility Anthony DeRobertis (Mar 13)
MDKSA-2002:020 - mod_ssl update Mandrake Linux Security Team (Mar 08)
Xerver-2.10-File-Disclousure&DoS-attack Alex Hernandez (Mar 08)
Pi3Web/2.0.0 File-Disclosure/Path Disclosure vuln Tekno pHReak (Mar 11)
xtux server DoS. b0iler _ (Mar 11)
Citadel/UX Server Remote DoS attack Vulnerability xperc (Mar 11)
GNU fileutils - recursive directory removal race condition Wojciech Purczynski (Mar 11)
OpenSSH 2.9.9p2 packages for Immunix 6.2 with latest fix Greg KH (Mar 11)
VirusWall HTTP proxy content scanning circumvention Boris Wesslowski (Mar 11)
[SECURITY] [DSA 120-1] New mod_ssl and Apache/SSL packages fix buffer overflow Martin Schulze (Mar 11)
IMail Account hijack through the Web Interface Obscure (Mar 11)
- Re: [VulnWatch] IMail Account hijack through the Web Interface Zillion (Mar 11)
  - Re[2]: [VulnWatch] IMail Account hijack through the Web Interface Obscure (Mar 13)
- Re: IMail Account hijack through the Web Interface Henrik Larsson (Mar 13)
Suspect 'advisory' from someone claiming to be from Microsoft (was Fwd: Internet Security Update) Marlon Borba (Mar 11)
- RE: Suspect 'advisory' from someone claiming to be from Microsoft (was Fwd: Internet Security Update) Alex Arndt (Mar 12)
SMStools vulnerabilities in release before 1.4.8 Marcello Magnifico [fabbricadigitale] (Mar 11)
[SECURITY] [DSA 121-1] New xtell packages fix several vulnerabilities Martin Schulze (Mar 11)
SuSE Security Announcement: packages containing libz/zlib (SuSE-SA:2002:011) (tandem-announcement, second part) Roman Drahtmueller (Mar 11)
[ESA-20020311-008] Double free() in zlib may lead to buffer overflow. EnGarde Secure Linux (Mar 11)
[RHSA-2002:027-22] Vulnerability in zlib library (powertools) bugzilla (Mar 11)
TSLSA-2002-0039 - openssh Trustix Secure Linux Advisor (Mar 11)
SuSE Security Announcement: libz/zlib (SuSE-SA:2002:010) (tandem-announcement, first part) Roman Drahtmueller (Mar 11)
[SECURITY] [DSA 122-1] New zlib & other packages fix buffer overflow Michael Stone (Mar 11)
security problem fixed in zlib 1.1.4 Jean-loup Gailly (Mar 11)
- Re: security problem fixed in zlib 1.1.4 Neil W Rickert (Mar 12)
Ecartis/Listar multiple vulnerabilities Janusz Niewiadomski (Mar 11)
Directory traversal vulnerability in phpimglist Jason DiCioccio (Mar 11)
- Re: Directory traversal vulnerability in phpimglist Jason DiCioccio (Mar 11)
CaupoShop: cross-site-scripting bug ppp-design (Mar 11)
ADVISORY: Windows Shell Overflow Marc Maiffret (Mar 12)
[ARL02-A05] PHP FirstPost System Information Path Disclosure Vulnerability Ahmet Sabri ALPER (Mar 12)
zlib & java Darren Reed (Mar 12)
Security Update: [CSSA-2002-SCO.8] OpenServer: dlvr_audit: exploitable buffer overflow security (Mar 12)
exploiting the zlib bug in openssh H D Moore (Mar 12)
- OpenSSH rebuild warning: problems avoiding zlib problems in Solaris Michael Leo (Mar 12)
  - Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris Christopher X. Candreva (Mar 13)
    - Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris Brent J. Nordquist (Mar 13)
    - Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris Lisa Bogar (Mar 14)
    - Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris John D Groenveld (Mar 14)
    - Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris Thomas Insel (Mar 15)
    - Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris Casper Dik (Mar 15)
ZyXEL ZyWALL10 DoS Knud Erik Højgaard (Mar 12)
FreeBSD Ports Security Advisory FreeBSD-SA-02:15.cyrus-sasl FreeBSD Security Advisories (Mar 12)
Re: [VulnWatch] exploiting the zlib bug in openssh Michal Zalewski (Mar 12)
FreeBSD Ports Security Advisory FreeBSD-SA-02:16.netscape FreeBSD Security Advisories (Mar 12)
FreeBSD Ports Security Advisory FreeBSD-SA-02:14.pam-pgsql FreeBSD Security Advisories (Mar 12)
MDKSA-2002:022 - zlib update Mandrake Linux Security Team (Mar 12)
NetBSD Security Advisory 2002-004: Off-by-one error in openssh session NetBSD Security Officer (Mar 12)
NetBSD Security Advisory 2002-002: gzip buffer overrun with long filename NetBSD Security Officer (Mar 12)
Marcus S. Xenakis "directory.php" allows arbitrary code execution Florian Hobelsberger / BlueScreen (Mar 12)
Security Update: [CSSA-2002-SCO.10] OpenServer: OpenSSH channel code vulnerability security (Mar 12)
FreeBSD Ports Security Advisory FreeBSD-SA-02:17.mod_frontpage FreeBSD Security Advisories (Mar 12)
[OpenPKG-SA-2002.003] OpenPKG Security Advisory (zlib) OpenPKG (Mar 12)
Re: [RHSA-2002:026-35] Vulnerability in zlib library helmut g. katzgraber (Mar 12)
- Re: [RHSA-2002:026-35] Vulnerability in zlib library Tomasz Ostrowski (Mar 13)
  - Re: [RHSA-2002:026-35] Vulnerability in zlib library Mark J Cox (Mar 13)
- Re: [RHSA-2002:026-35] Vulnerability in zlib library Pavel Kankovsky (Mar 14)
- <Possible follow-ups>
- [RHSA-2002:026-35] Vulnerability in zlib library bugzilla (Mar 13)
zlibscan : script to find suid binaries possibly affected by zlib vulnerability hologram (Mar 12)
- Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability Adam (Mar 13)
- Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability Florian Weimer (Mar 13)
- Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability Jean-loup Gailly (Mar 13)
- Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability Dimitry Andric (Mar 13)
- Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability Guy Poizat (Mar 13)
- <Possible follow-ups>
- Re: zlibscan : script to find suid binaries possibly affected by zlib vulnerability Bernd Jendrissek (Mar 13)
SunSolve CD cgi scripts... Fyodor (Mar 12)
Security Update: [CSSA-2002-SCO.9] OpenServer: IPFilter may incorrectly pass packets security (Mar 12)
Re: Alteon ACEdirector signature/security bug Mike Rogers (Mar 12)
- <Possible follow-ups>
- Re: Alteon ACEdirector signature/security bug Mike Rogers (Mar 18)
Cgisecurity.com Paper #5: Fingerprinting Port 80 Attacks: A look into web server, and web application attack signatures: Part Two zeno (Mar 12)
CERT Advisory CA-2002-07 Double Free Bug in zlib Compression Library CERT Advisory (Mar 13)
2nd Buffer Overflow in Talentsoft's Web+ (#NISR13032002) NGSSoftware Insight Security Research (Mar 13)
Command execution in phprojekt. b0iler _ (Mar 13)
[ARL02-A06] Black Tie Project System Information Path Disclosure Vulnerability Ahmet Sabri ALPER (Mar 13)
[RHSA-2002:042-12] Updated secureweb packages available bugzilla (Mar 13)
Xerver Free Web Server 2.10 file Disclosure & DoS PATCH (update version) Alex Hernandez (Mar 13)
Many, many, many Sql Server 7 & 2000 Buffer Overflows c c (Mar 13)
MDKSA-2002:023 - packages containing zlib update Mandrake Linux Security Team (Mar 13)
Security Update: [CSSA-2002-SCO.11] Open UNIX, UnixWare: OpenSSH channel code vulnerability security (Mar 13)
Foundry Networks ServerIron don't decode URIs Jedi/Sector One (Mar 13)
- RE: Foundry Networks ServerIron don't decode URIs Kevin Brown (Mar 15)
Security Update: [CSSA-2002-004.1] REVISED: Linux: Various security problems in ucd-snmp Support Info (Mar 14)
MDKSA-2002:023-1 - packages containing zlib update Mandrake Linux Security Team (Mar 14)
MDKSA-2002:024 - rsync update Mandrake Linux Security Team (Mar 14)
[CLA-2002:469] Conectiva Linux Security Announcement - zlib secure (Mar 14)
about zlib vulnerability tele (Mar 14)
- Re: about zlib vulnerability Paul Wouters (Mar 14)
- Re: about zlib vulnerability - Microsoft products Davis Ray Sickmon, Jr (Mar 14)
ZLib double free bug: Windows NT potentially unaffected KJK::Hyperion (Mar 14)
- Re: ZLib double free bug: Windows NT potentially unaffected Casper Dik (Mar 14)
- Re: ZLib double free bug: Windows NT potentially unaffected Dragos Ruiu (Mar 15)
  - Re: ZLib double free bug: Windows NT potentially unaffected Dragos Ruiu (Mar 14)
- <Possible follow-ups>
- RE: ZLib double free bug: Windows NT potentially unaffected Robert Collins (Mar 14)
  - Re: ZLib double free bug: Windows NT potentially unaffected Martijn Lievaart (Mar 15)
Account Lockout Vulnerability in Oblix NetPoint v5.2 Bill Canning (Mar 14)
[CSS] Cross Site Scripting in the translation and infoplease services of lycos.com possible tsr (Mar 14)
Fwd: DebPloit (exploit) Mike Tone (Mar 14)
- Re: DebPloit (exploit) Florian Weimer (Mar 27)
CERT Advisory CA-2002-08 Multiple vulnerabilities in Oracle Servers CERT Advisory (Mar 14)
RE: [Whitehat] about zlib vulnerability Peter Mueller (Mar 15)
Bug in QPopper (All Versions?) Dustin Childers (Mar 15)
- <Possible follow-ups>
- Re: Bug in QPopper (All Versions?) Dustin Childers (Mar 15)
[RHSA-2002:032-12] Updated cups packages are available bugzilla (Mar 15)
MSIE vulnerability exploitable with IncrediMail Eric Detoisien (Mar 15)
- MSIE vulnerability exploitable with Eudora (was: IncrediMail) Magnus Bodin (Mar 18)
- <Possible follow-ups>
- RE: MSIE vulnerability exploitable with IncrediMail Thor Larholm (Mar 15)
  - RE: MSIE vulnerability exploitable with IncrediMail RT (Mar 18)
- RE: MSIE vulnerability exploitable with IncrediMail Eric Detoisien (Mar 16)
- RE: MSIE vulnerability exploitable with IncrediMail Thor Larholm (Mar 18)
- RE: MSIE vulnerability exploitable with IncrediMail Joachim Thuau (Mar 19)
Apache vulnerabilities on IRIX SGI Security Coordinator (Mar 16)
Re: about zlib vulnerability - Microsoft products Forrest J Cavalier III (Mar 17)
- Re: about zlib vulnerability - Microsoft products Florian Weimer (Mar 18)
PHP-Nuke & Post-Nuke account hijacking. Handle Nopman (Mar 18)
- RE: PHP-Nuke & Post-Nuke account hijacking. Chris Bradford (Mar 18)
PHP Net Toolpack: input validation error ppp-design (Mar 18)
- Re: PHP Net Toolpack: input validation error Jon Ribbens (Mar 20)
[Mozilla Bug #131761] Buffer Overflow in Geck/Netscape 5.0/6.0? Jonathan A. Zdziarski (Mar 18)
- Re: Buffer Overflow in Geck/Netscape 5.0/6.0? Scott Dier (Mar 18)
  - Re: Buffer Overflow in Geck/Netscape 5.0/6.0? Patrick Morris (Mar 18)
- <Possible follow-ups>
- [Mozilla Bug #131761] Buffer Overflow in Geck/Netscape 5.0/6.0? Jonathan A. Zdziarski (Mar 20)
Buffer Overflow in Geck/Netscape 5.0/6.0? Jonathan A. Zdziarski (Mar 18)
- <Possible follow-ups>
- RE: Buffer Overflow in Geck/Netscape 5.0/6.0? Pauls, Nicole (Mar 19)
TSLSA-2002-0040 - zlib Trustix Secure Linux Advisor (Mar 18)
[ARL02-A07] ARSC Really Simple Chat System Information Path Disclosure Vulnerability Ahmet Sabri ALPER (Mar 18)
- Re: [ARL02-A07] ARSC Really Simple Chat System Information Path Disclosure Vulnerability Manuel Kiessling (Mar 19)
KPMG-2002005: BitVise WinSSH Denial of Service Peter Gründl (Mar 18)
[ARL02-A10] News-TNK Cross Site Scripting Vulnerability Ahmet Sabri ALPER (Mar 18)
[ARL02-A08] BG Guestbook Cross Site Scripting Vulnerability Ahmet Sabri ALPER (Mar 18)
[ARL02-A09] Board-TNK Cross Site Scripting Vulnerability Ahmet Sabri ALPER (Mar 18)
FreeBSD Ports Security Advisory FreeBSD-SA-02:18.zlib FreeBSD Security Advisories (Mar 18)
SOLARIS LOGIN remote via telnetd Morgan (Mar 18)
TCP Connections to a Broadcast Address on BSD-Based Systems Crist J. Clark (Mar 18)
- Re: TCP Connections to a Broadcast Address on BSD-Based Systems itojun (Mar 20)
- Re: TCP Connections to a Broadcast Address on BSD-Based Systems David Maxwell (Mar 21)
Re: phpBB2 remote execution command (fwd) Jose Romeo Vela (Mar 18)
Hosting Directory Traversal madness... Phuong Nguyen (Mar 18)
- <Possible follow-ups>
- RE: Hosting Directory Traversal madness... Phuong Nguyen (Mar 20)
[ARL02-A11] Big Sam (Built-In Guestbook Stand-Alone Module) Multiple Vulnerabilities Ahmet Sabri ALPER (Mar 18)
Identifying Kernel 2.4.x based Linux machines using UDP Ofir Arkin (Mar 19)
- Re: Identifying Kernel 2.4.x based Linux machines using UDP Crist J. Clark (Mar 20)
- Re: Identifying Kernel 2.4.x based Linux machines using UDP Crist J. Clark (Mar 20)
- Re: Identifying Kernel 2.4.x based Linux machines using UDP Charles-Edouard Ruault (Mar 20)
- Re: Identifying Kernel 2.4.x based Linux machines using UDP Fyodor (Mar 25)
- <Possible follow-ups>
- RE: Identifying Kernel 2.4.x based Linux machines using UDP Fletcher, Stephen J (Mar 20)
Excite Email Disclosure Vulnerability Jan Schaumann (Mar 19)
- Re: Excite Email Disclosure Vulnerability Obscure (Mar 20)
phpBB2 remote execution command nullbyte (Mar 19)
- RE: phpBB2 remote execution command Nathan Anderson (Mar 20)
IRIX TCP/IP Initial Sequence Numbers SGI Security Coordinator (Mar 19)
Potential vulnerabilities of the Microsoft RVP-based Instant Messaging Dimitrios Petropoulos (Mar 19)
- RE: Potential vulnerabilities of the Microsoft RVP-based Instant Messaging Brian Heathfield (Mar 20)
[SECURITY] [DSA-123-1] listar buffer overflow Wichert Akkerman (Mar 19)
More SWF vulnerabilities? Drew Daniels (Mar 19)
- Re: More SWF vulnerabilities? the Pull (Mar 20)
Additional IRIX CDE and CDE ToolTalk Vulnerabilities update SGI Security Coordinator (Mar 19)
Javascript loop causes IE to crash Patrik Birgersson (Mar 19)
move_uploaded_file breaks safe_mode restrictions in PHP Tozz (Mar 19)
- Re: move_uploaded_file breaks safe_mode restrictions in PHP Jedi/Sector One (Mar 20)
- <Possible follow-ups>
- Re: move_uploaded_file breaks safe_mode restrictions in PHP sesser (Mar 21)
  - Re: move_uploaded_file breaks safe_mode restrictions in PHP Patrick Oonk (Mar 21)
  - Message not available
    - Re: move_uploaded_file breaks safe_mode restrictions in PHP sesser (Mar 21)
- Re: move_uploaded_file breaks safe_mode restrictions in PHP sesser (Mar 22)
LilHTTP Web Server Protected File Access Vulnerability (Solution) Tamer Sahin (Mar 20)
Bypassing libsafe format string protection Wojciech Purczynski (Mar 20)
- Re: [VulnWatch] Bypassing libsafe format string protection Steve Beattie (Mar 20)
Citrix contacts Eric Budke (Mar 20)
- RE: Citrix vulnerability disclosure/bug reports contact Arian J. Evans (Mar 20)
Default SNMP configuration issue with Foundry Networks EdgeIron 4802F advisory (Mar 20)
Local privalege escalation issues with Webmin 0.92 advisory (Mar 20)
- Re: Local privalege escalation issues with Webmin 0.92 Ed (Mar 22)
NMRC Advisory - KeyManager Issue in ISS RealSecure on Nokia Appliances hellNbak (Mar 20)
- Re: NMRC Advisory - KeyManager Issue in ISS RealSecure on Nokia Appliances Georgi Guninski (Mar 21)
[Bug 131761] Buffer Overflow in Geck/Netscape 5.0/6.0? Jonathan A. Zdziarski (Mar 20)
Security Update: [CSSA-2002-SCO.12] Open UNIX, UnixWare 7: rpc.cmsd can be remotely exploited security (Mar 20)
CSS in ikonboard 3.0.1,3.0.2,3.0.3 Max Speed (Mar 20)
- <Possible follow-ups>
- RE: CSS in ikonboard 3.0.1,3.0.2,3.0.3 Michael Ginese (Mar 21)
[img]-vulnerability in vBulletin Version 2.2.2 & 2.2.1 & maybe olders Cano2 (Mar 21)
Re: NMRC Advisory - KeyManager Issue in ISS RealSecure hellNbak (Mar 21)
RE: NMRC Advisory - KeyManager Issue in ISS RealSecure on Nokia A ppliances Rouland, Chris (ISSAtlanta) (Mar 21)
PHP script: Penguin Traceroute, Remote Command Execution paul jenkins (Mar 21)
- Re: PHP script: Penguin Traceroute, Remote Command Execution Philip Turner (Mar 22)
- Re: PHP script: Penguin Traceroute, Remote Command Execution bugtraq (Mar 22)
Questionable security policies in Outlook 2002 Richard M. Smith (Mar 21)
Fw: PHPNuke 5.4 Path Disclosure Vulnerability? godminus (Mar 21)
- Re: Fw: PHPNuke 5.4 Path Disclosure Vulnerability? Dylan Reeve (Mar 25)
- <Possible follow-ups>
- RE: PHPNuke 5.4 Path Disclosure Vulnerability? Martens, Thierry (Mar 22)
RE: [VulnWatch] NMRC Advisory - KeyManager Issue in ISS RealSecur e on Nokia Appliances hellNbak (Mar 21)
Vulnerability in Apache for Win32 batch file processing - Remote command execution Ory Segal (Mar 21)
MDKSA-2002:025 - fix for insecure default kdm configuration Mandrake Linux Security Team (Mar 21)
RE: [VulnWatch] NMRC Advisory - KeyManager Issue in ISS RealSecur e on Nokia Appliances Rouland, Chris (ISSAtlanta) (Mar 21)
- <Possible follow-ups>
- RE: [VulnWatch] NMRC Advisory - KeyManager Issue in ISS RealSecur e on Nokia Appliances Rouland, Chris (ISSAtlanta) (Mar 21)
[RHSA-2002:048-06] New imlib packages available bugzilla (Mar 21)
How Outlook 2002 can still execute JavaScript in an HTML email message Richard M. Smith (Mar 21)
Automatically opening IE + Executing attachments GreyMagic Software (Mar 22)
- RE: Automatically opening IE + Executing attachments GreyMagic Software (Mar 22)
- RE: Automatically opening IE + Executing attachments jelmer (Mar 25)
Xpede passwords exposed (2 vuln.) Gregory Duchemin (Mar 22)
[RHSA-2002:035-18] Updated PHP packages are available [updated 2002-Mar-11] bugzilla (Mar 22)
Gravity Storm Service Pack Manager 2000 Share Vulnerability 'ken'@FTU (Mar 22)
Webtraversal in PCI Netsupport Manager (all version up to 7 using web extensions) watcher60 (Mar 22)
memberlist.php of vBulletin plato (Mar 22)
- <Possible follow-ups>
- Re: memberlist.php of vBulletin John Percival (Mar 25)
PostNuke Bugged Scott (Mar 22)
- <Possible follow-ups>
- Re: PostNuke Bugged Scott (Mar 22)
EUDORA Re: Automatically opening + Executing attachments http-equiv () excite com (Mar 22)
XSS + Info leak @ www.myownemail.com elaborate ruse (Mar 22)
RE: NMRC Advisory: RealSecure KeyManager Issue - Further Explanation hellNbak (Mar 22)
- RE: NMRC Advisory: RealSecure KeyManager Issue - Further Explanation Marc Maiffret (Mar 25)
One more way to bypass NAV 3APA3A (Mar 22)
[RHSA-2002:026-43] Vulnerability in zlib library bugzilla (Mar 22)
UniNet InfoSec Conference Seth Arnold (Mar 23)
dcshop.cgi anybody can delete *.setup for database pokleyzz sakamaniaka (Mar 25)
Cookie vulnerability in Alguest guestbook (PHP) MOD (Mar 25)
WebSight Directory System: cross-site-scripting bug ppp-design (Mar 25)
1024-bit RSA keys in danger of compromise Lucky Green (Mar 25)
- Re: 1024-bit RSA keys in danger of compromise Len Sassaman (Mar 25)
- Re: 1024-bit RSA keys in danger of compromise Florian Weimer (Mar 28)
  - Re: 1024-bit RSA keys in danger of compromise Hugh Pierce (Mar 29)
re: Tomcat Security Exposure Adam Manock (Mar 25)
Cross-site scripting. Berend-Jan Wever (Mar 25)
- <Possible follow-ups>
- Re: Cross-site scripting. zeno (Mar 26)
New Bill attempts to regulate hardware, software development Jon O. (Mar 25)
[IMG] tag vulnerability in vBulletin frog frog (Mar 25)
secureinc.com Vulnerability Jason Giglio (Mar 25)
Apache 1.3.24 Released! (fwd) Jonas Eriksson (Mar 25)
Instant Web Mail additional POP3 commands and mail headers Ulf Harnhammar (Mar 26)
updated squid advisory Adrian Chadd (Mar 26)
Security contact for Network Associates? Anton Rager (Mar 26)
- <Possible follow-ups>
- RE: Security contact for Network Associates? Jim_Magdych (Mar 26)
Etnus TotalView 5. Andrew Griffiths (Mar 26)
FreeBSD Ports Security Advisory FreeBSD-SA-02:19.squid FreeBSD Security Advisories (Mar 26)
d_path() truncating excessive long path name vulnerability Wojciech Purczynski (Mar 26)
[SECURITY] [DSA 124-1] New mtr packages fix buffer overflow Martin Schulze (Mar 26)
CGIscript.net - csSearch.cgi - Remote Code Execution (up to 17,000 sites vulnerable) Steve Gustin (Mar 26)
Re: [RHEA-2002:024-23] Updated rpm packages available helmut g. katzgraber (Mar 26)
SouthWest Telnet talker server. DoS (Denial of Service Attack). Alex Hernandez (Mar 26)
DoS in debian (potato) proftpd Joe Dollard (Mar 26)
- Re: DoS in debian (potato) proftpd martin f krafft (Mar 27)
JS embedding @ www.reed.co.uk elaborate ruse (Mar 26)
Root compromise through LogWatch 2.1.1 Spybreak (Mar 27)
Retrieving information on local files in IE (GM#003-IE) GreyMagic Software (Mar 27)
Xchat /dns command execution vulnerability SpaceWalker (Mar 27)
Cisco Security Advisory: LDAP Connection Leak in CTI when User Authentication Fails Cisco Systems Product Security Incident Response Team (Mar 27)
NFuse Cross Site Scripting vulnerability Eric Detoisien (Mar 27)
RCA cable modem Deny of Service Gabriel A. Maggiotti (Mar 27)
- Re: RCA cable modem Deny of Service Mario Lorenz (Mar 28)
- <Possible follow-ups>
- Re: RCA cable modem Deny of Service Rob Koliha (Mar 27)
[Advisory] phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability Florian Hobelsberger / BlueScreen (Mar 27)
- <Possible follow-ups>
- Re:[Advisory] phpBB 1.4.4 still suffers from Cross Site Scripting Vulnerability altomo (Mar 29)
Format String Bug in Posadis DNS Server nick (Mar 27)
A buffer overflow study - generic protections Vincent (Mar 27)
Citrix Nfuse directory traversal with boilerplate.asp Eric Budke (Mar 28)
HELP.dropper: IE6, OE6, Outlook...lookOut http-equiv () excite com (Mar 28)
postnuke v 0.7.0.3 remote command execution pokleyzz sakamaniaka (Mar 28)
OpenSSH channel_lookup() off by one exploit Morgan (Mar 28)
vuln in wwwisis: remote command execution and get files Klaus Ripke (Mar 28)
squirrelmail 1.2.5 email user can execute command pokleyzz sakamaniaka (Mar 28)
[SECURITY] [DSA 125-1] New analog packages fix cross-site scripting vulnerability Martin Schulze (Mar 28)
Oracle9i TSN DoS Attack Andrey Gordienko (Mar 28)
- <Possible follow-ups>
- Re: Oracle9i TSN DoS Attack Lucien Fransman (Mar 29)
A possible buffer overflow in libnewt Wu Tao (Mar 28)
Authentication with RSA SecurID and Outlook web access Scalise, Marzio (Mar 28)
JS embedding @ yahoo.com Alan McCaig (Mar 28)
Re: OpenSSH rebuild warning: problems avoiding zlib problems in Solaris Casper Dik (Mar 29)
IRIX FTP Bounce vulnerability SGI Security Coordinator (Mar 29)
Team Asylum: Online renewal sites susceptible to spammer "harvesting" Mailer (Mar 29)
Local Security Vulnerability in Windows NT and Windows 2000 Ashot Oganesyan K. (Mar 29)
- Re: Local Security Vulnerability in Windows NT and Windows 2000 Alexander K. Yezhov (Mar 31)
[CLA-2002:470] Conectiva Linux Security Announcement - imlib secure (Mar 29)
IRIX TCP/IP Denial-of-Service attacks SGI Security Coordinator (Mar 29)
IRIX rpc/HOSTALIASES vulnerability SGI Security Coordinator (Mar 29)
Security Update: [CSSA-2002-007.0] Linux: Updated Caldera Public Keys security (Mar 29)
Security Update: [CSSA-2002-012.0] Linux: OpenSSH channel code vulnerability security (Mar 29)
privacy issues in metor.com (a search engine) Tom Micklovitch (Mar 29)
Security Update: [CSSA-2002-008.0] Linux: CUPS buffer overflow when reading names of attributes security (Mar 29)
Anonymizer, MSIE, images ... Alexander K. Yezhov (Mar 29)
Security Update: [CSSA-2002-009.0] Linux: X server allows access to any shared memory on the system security (Mar 31)
More Office XP problems Georgi Guninski (Mar 31)
Security Update: [CSSA-2002-010.0] Linux: ftp vulnerability in squid security (Mar 31)
Security Update: [CSSA-2002-011.0] Linux: mod_ssl Buffer Overflow Condition security (Mar 31)
Security Update: [CSSA-2002-013.0] Linux: Name Service Cache Daemon (nscd) advisory security (Mar 31)

Previous period

Next period