Bugtraq: by thread

Bugtraq: by thread

393 messages starting Apr 01 04 and ending Apr 30 04
Date index | Thread index | Author index

RE: cdp buffer overflow vulnerability Dave Paris (Apr 01)
Re: IPv4 fragmentation --> The Rose Attack Crist J. Clark (Apr 01)
- Re: IPv4 fragmentation --> The Rose Attack stanislav shalunov (Apr 01)
- <Possible follow-ups>
- Re: IPv4 fragmentation --> The Rose Attack Chris Brenton (Apr 01)
- Re: IPv4 fragmentation --> The Rose Attack Paul Starzetz (Apr 08)
OpenLinux: vim arbitrary commands execution through modelines please_reply_to_security (Apr 01)
UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : perl unsafe Safe compartment please_reply_to_security (Apr 01)
[CLA-2004:836] Conectiva Security Announcement - libxml2 Conectiva Updates (Apr 01)
Re: NetSky.q Virus. Looking for more detailed information on how the DOS will be performed. Paul (Apr 01)
Pikachu -Turn on WEP ! Himanshu Singh (Apr 01)
- Re: Pikachu -Turn on WEP ! christophe barbe (Apr 01)
Releasing full source code of WinBlox Liu Die Yu (Apr 01)
Index viewing in imgSvr 0.4 Donato Ferrante (Apr 01)
[SECURITY] [DSA 470-1] New Linux 2.4.17 packages fix several local root exploits (hppa) Martin Schulze (Apr 01)
Re: Google using Expired Cert and SSLv2 Ivaylo Kostadinov (Apr 01)
[OpenPKG-SA-2004.008] OpenPKG Security Advisory (squid) OpenPKG (Apr 01)
Netsky.R, auto execute w/ IE6 ? BugtraQ (Apr 02)
- <Possible follow-ups>
- RE: Netsky.R, auto execute w/ IE6 ? BugtraQ (Apr 06)
- Re: Netsky.R, auto execute w/ IE6 ? vbsubmit (Apr 06)
Enterprise Application Security Dave Aitel (Apr 02)
[SECURITY] [DSA 471-1] New interchange packages fix information leak Martin Schulze (Apr 02)
IRIX ftpd ftp_syslog issue with anonymous FTP SGI Security Coordinator (Apr 03)
Remote Exploit for Aborior's Encore Web Forum XNUXER RESEARCH (Apr 03)
eMule v0.42d Buffer Overflow Kostya Kortchinsky (Apr 03)
IRIX Update Some Network Drivers May Leak Data SGI Security Coordinator (Apr 03)
Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France K-OTiK Security (Apr 03)
- <Possible follow-ups>
- Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France Chris Wysopal (Apr 03)
  - Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France Fozzy (Apr 05)
  - Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France Renaud Deraison (Apr 05)
    - Vuln Info Disclosure may become illegal in France [was: Re: Bugfinder Being Indicted As Criminal] Fozzy (Apr 06)
- Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France K-OTiK Security (Apr 05)
- Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France K-OTiK Security (Apr 05)
[securityzone () macromedia com: New Macromedia Security Zone Bulletin Posted] David Ahmad (Apr 03)
- <Possible follow-ups>
- [securityzone () macromedia com: New Macromedia Security Zone Bulletin Posted] David Ahmad (Apr 16)
[SECURITY] [DSA 472-1] New fte packages fix buffer overflows Matt Zimmerman (Apr 05)
[SECURITY] [DSA 474-1] New squid packages fix ACL bypass Matt Zimmerman (Apr 05)
[SECURITY] [DSA 460-2] New sysstat packages fix insecure temporary file creation Matt Zimmerman (Apr 05)
[SECURITY] [DSA 473-1] New oftpd packages fix denial of service Matt Zimmerman (Apr 05)
[SECURITY] [DSA 475-1] New Linux 2.4.18 packages fix several local root exploits (hppa) Martin Schulze (Apr 05)
[OpenPKG-SA-2004.009] OpenPKG Security Advisory (mc) OpenPKG (Apr 05)
NGSSoftware Insight Security Research Advisory Peter Winter-Smith (Apr 05)
Fw: new IE vurn Philip Barnham (Apr 05)
- Re: new IE vurn Gavin Hanover (Apr 05)
Multiple XSS vulnerabilities in Microsoft SharePoint Portal Server 2001 Ory Segal (Apr 05)
SuSEs YaST Online Update - possible symlink attack Rene (Apr 05)
- Re: SuSEs YaST Online Update - possible symlink attack Roman Drahtmueller (Apr 07)
Macromedia Dreamweaver Remote Database Scripts (#NISR05042004B) NGSSoftware Insight Security Research (Apr 05)
[Full-Disclosure] iDEFENSE Security Advisory 04.05.04: Perl win32_stat Function Buffer Overflow Vulnerability idlabs-advisories (Apr 05)
Texutil symlink vulnerability. Shaun Colley (Apr 05)
Automated wireless client penetration tool "hotspotter" released. Max Moser (Apr 05)
Advisory: Multiple Vulnerabilities in Monit mattmurphy () kc rr com (Apr 05)
IBM Director 3.1 Windows Agent Remote DoS Juanma Merino (Apr 05)
- <Possible follow-ups>
- Re: IBM Director 3.1 Windows Agent Remote DoS Vess Nedevski (Apr 06)
Format string bug in IGI 2: Covert Strike 1.3 Luigi Auriemma (Apr 05)
Paper: Comparing binaries with graph isomorphisms Todd Sabin (Apr 06)
MDKSA-2004:026 - Updated mplayer packages fix remotely exploitable vulnerability Mandrake Linux Security Team (Apr 06)
[SECURITY] [DSA 476-1] New heimdal packages fix cross-realm vulnerability Matt Zimmerman (Apr 06)
LNSA-#2004-0008: Multiple security problems in Monit Vincenzo Ciaglia (Apr 06)
[ GLSA 200404-01 ] Insecure sandbox temporary lockfile vulnerabilities in Portage Tim Yamin (Apr 06)
Support Contact Info Mark Litchfield (Apr 06)
[SECURITY] [DSA 477-1] New xine-ui packages fix insecure temporary file creation Martin Schulze (Apr 06)
[product-security () apple com: APPLE-SA-2004-04-05 Security Update 2004-04-05]] David Ahmad (Apr 06)
[ GLSA 200404-02 ] KDE Personal Information Management Suite Remote Buffer Overflow Vulnerability Aida Escriva-Sammer (Apr 06)
blaxxun3D(blaxxun Platform) 7 - Remote Buffer Overflow Rafel Ivgi, The-Insider (Apr 06)
Foundstone Labs Advisory: Citrix MetaFrame Password Manager 2.0 Foundstone Labs (Apr 06)
GNU Sharutils buffer overflow vulnerability. Shaun Colley (Apr 06)
- Re: GNU Sharutils buffer overflow vulnerability. Didier Arenzana (Apr 07)
  - Re: GNU Sharutils buffer overflow vulnerability. Carlos Eduardo Pinheiro (Apr 07)
- Re: GNU Sharutils buffer overflow vulnerability. Dan Yefimov (Apr 11)
[ GLSA 200404-03 ] Tcpdump Vulnerabilities in ISAKMP Parsing Joshua J. Berry (Apr 06)
Papers: The Invisible Catalog Pete Herzog (Apr 07)
Panda ActiveScan 5.0 - Remote Buffer Overflow and A Crash(D.O.S) Rafel Ivgi, The-Insider (Apr 07)
[ GLSA 200404-05 ] ipsec-tools contains an X.509 certificates vulnerability Kurt Lieber (Apr 07)
[SECURITY] [DSA 478-1] New tcpdump packages fix denial of service Matt Zimmerman (Apr 07)
Re: eSignal v7 remote buffer overflow Scott Johnson (Apr 07)
Kerio Personal Firewall 4 and IE 6 "Bug" E.Kellinis (Apr 07)
- <Possible follow-ups>
- RE: Kerio Personal Firewall 4 and IE 6 "Bug" Noah Dunker (Apr 07)
  - Re: Kerio Personal Firewall 4 and IE 6 "Bug" E.Kellinis (Apr 08)
- RE: Kerio Personal Firewall 4 and IE 6 "Bug" Noah Dunker (Apr 07)
Release of Cisco Attack tool Asleap Joshua Wright (Apr 07)
REAL One Player R3T File Format Stack Overflow NGSSoftware Insight Security Research (Apr 07)
Cisco Security Advisory: A default Username and Password in WLSE and HSE devices Cisco Systems Product Security Incident Response Team (Apr 07)
CAN-2004-0155: The KAME IKE Daemon Racoon does not verify RSA Signatures during Phase 1, allows man-in-the-middle attacks and unauthorized connections Ralf Spenneberg (Apr 07)
[ GLSA 200404-06 ] Util-linux login may leak sensitive data Kurt Lieber (Apr 07)
Re: [waraxe-2004-SA#013 - Critical sql injection bug in PhpBB 2.0.8 and in older versions] T.J. Ferraro (Apr 07)
Mcafee FreeScan - Remote Buffer Overflow and Private Information Disclosure Rafel Ivgi, The-Insider (Apr 07)
Re: IPv4 fragmentation --> The Rose Attack Ventsislav Genchev (Apr 07)
- Re: IPv4 fragmentation --> The Rose Attack Darren Reed (Apr 08)
  - Re: IPv4 fragmentation --> The Rose Attack gandalf (Apr 09)
    - Re: IPv4 fragmentation --> The Rose Attack Darren Reed (Apr 09)
    - Re: IPv4 fragmentation --> The Rose Attack gandalf (Apr 12)
    - Re: IPv4 fragmentation --> The Rose Attack Darren Reed (Apr 11)
    - Re: IPv4 fragmentation --> The Rose Attack gandalf (Apr 12)
- RE: IPv4 fragmentation --> The Rose Attack Taylan Develioglu (Apr 13)
[ GLSA 200404-07 ] ClamAV RAR Archive Remote Denial Of Service Vulnerability Kurt Lieber (Apr 07)
Symantec Virus Detection(Free ActiveX) - Remote Buffer Overflow Rafel Ivgi, The-Insider (Apr 07)
Solaris vfs_getvfssw() local kernel exploit Sam (Apr 07)
[OpenPKG-SA-2004.010] OpenPKG Security Advisory (tcpdump) OpenPKG (Apr 07)
Metasploit Framework 2.0 Released! H D Moore (Apr 07)
Internet Explorer 6 - Crash E.Kellinis (Apr 07)
[ GLSA 200404-04 ] Multiple vulnerabilities in sysstat Kurt Lieber (Apr 07)
[OpenPKG-SA-2004.011] OpenPKG Security Advisory (sharutils) OpenPKG (Apr 07)
Kerio Personal Firewall 4.0.13 - Remote DoS (Crash) E.Kellinis (Apr 07)
Re: GNU Sharutils buffer overflow vulnerability Shaun Colley (Apr 07)
McAfee Freescan ActiveX Information Disclosure [Additional Details & PoC] S G Masood (Apr 07)
Re: Symantec Virus Detection(Free ActiveX) - Remote Buffer Overflow, Apr 7 2004 2:22AM Sym Security (Apr 08)
[waraxe-2004-SA#015 - Multiple vulnerabilities in NukeCalendar v1.1.a] Janek Vind (Apr 08)
[ GLSA 200404-08 ] GNU Automake symbolic link vulnerability Kurt Lieber (Apr 08)
Phrack #62 Call for Papers Richard Miller (Apr 08)
Cisco Security Advisory: Cisco IPSec VPN Services Module Malformed IKE Packet Vulnerability Cisco Systems Product Security Incident Response Team (Apr 08)
SGI Advanced Linux Environment security update #17 SGI Security Coordinator (Apr 08)
[waraxe-2004-SA#014 - Cross-Site Scripting aka XSS in AzDGDatingLite] Janek Vind (Apr 08)
Heap Overflow in Oracle 9iAS / 10g Application Server Web Cache Ioannis Migadakis (Apr 08)
New Worm/Virus April 8th Polazzo Justin (Apr 08)
- <Possible follow-ups>
- RE: New Worm/Virus April 8th securityguy (Apr 08)
LNSA-#2004-0009: GNU Automake symbolic link vulnerability Vincenzo Ciaglia (Apr 08)
- <Possible follow-ups>
- LNSA-#2004-0009: GNU Automake symbolic link vulnerability Vincenzo Ciaglia (Apr 08)
[OpenPKG-SA-2004.012] OpenPKG Security Advisory (fetchmail) OpenPKG (Apr 08)
LNSA-#2004-0010: login may leak sensitive data Vincenzo Ciaglia (Apr 08)
RE: [AppSec-research] New Worm/Virus April 8th Polazzo Justin (Apr 08)
Microsoft IE iframe src DoS already reported to Microsoft 'ken'@FTU (Apr 08)
- Re: Microsoft IE iframe src DoS already reported to Microsoft Valdis . Kletnieks (Apr 08)
PSR - #2004-001 Remote - LCDProc Priv8 Security Research (Apr 08)
PSR - #2004-002 Remote - LCDProc Priv8 Security Research (Apr 08)
Full-Disclosure is now ILLEGAL in France ! (Vulnerabilties, Technical details, Exploits ...) K-OTiK Security (Apr 09)
- Re: Full-Disclosure is now ILLEGAL in France ! (Vulnerabilties, Technical details, Exploits ...) Chris Johnson (Apr 09)
  - Re: Full-Disclosure is now ILLEGAL in France ! (Vulnerabilties, Technical details, Exploits ...) Geoffrey (Apr 09)
    - Re: Full-Disclosure is now ILLEGAL in France ! (Vulnerabilties, Technical details, Exploits ...) Chris Johnson (Apr 09)
    - Re: Full-Disclosure is now ILLEGAL in France ! (Vulnerabilties, Technical details, Exploits ...) Romain Francoise (Apr 09)
- RE: Full-Disclosure is now ILLEGAL in France ! (Vulnerabilties, Technical details, Exploits ...) Richard M. Smith (Apr 09)
- <Possible follow-ups>
- Re: Full-Disclosure is now ILLEGAL in France ! (Vulnerabilties, Technical details, Exploits ...) Chris Wysopal (Apr 09)
- RE: Full-Disclosure is now ILLEGAL in France ! (Vulnerabilties, Technical details, Exploits ...) Amer Karim (Apr 10)
MDKSA-2004:027 - Updated ipsec-tools packages fix vulnerability in racoon Mandrake Linux Security Team (Apr 09)
monit 4.1 POC gsicht gsicht (Apr 09)
[ GLSA 200404-12 ] Scorched 3D server chat box format string vulnerability Kurt Lieber (Apr 09)
DoS in Crackalaka 1.0.8 Donato Ferrante (Apr 09)
Browser bugs [DoS] ... where will you draw a line? Bipin Gautam (Apr 09)
- <Possible follow-ups>
- RE: Browser bugs [DoS] ... where will you draw a line? Drew Copley (Apr 09)
DoS in Rsniff 1.0 Luigi Auriemma (Apr 09)
- <Possible follow-ups>
- Re: DoS in Rsniff 1.0 Luigi Auriemma (Apr 09)
[ GLSA 200404-09 ] Cross-realm trust vulnerability in Heimdal Kurt Lieber (Apr 09)
[ GLSA 200404-11 ] Multiple Vulnerabilities in pwlib Aida Escriva-Sammer (Apr 09)
ANNOUNCE: SecLegal mailing list Thor Larholm (Apr 09)
Backdoor in X-Micro WLAN 11b Broadband Router RISKO Gergely (Apr 10)
- <Possible follow-ups>
- Re: Backdoor in X-Micro WLAN 11b Broadband Router Mariano Firpo (Apr 16)
  - NEW backdoor in X-Micro WLAN 11b Broadband Router RISKO Gergely (Apr 17)
Monit <= 4.2 Remote Root Exploit Eye on Security India (Apr 12)
Possible DoS on Linux kernel 2.4 and 2.6 using sigqueue overflow. Nikita V. Youshchenko (Apr 12)
Citadel/UX 6.20 fixes local permissions vulnerability IO ERROR (Apr 12)
UPDATE: Cisco Security Notice: Dictionary Attack on Cisco LEAP Vulnerability Cisco Systems Product Security Incident Response Team (Apr 12)
Gnome nautilus bug gsicht gsicht (Apr 12)
Multiple Vulnerabilities In Tiki CMS/Groupware [ TikiWiki ] JeiAr (Apr 12)
IE 6 Print Without Prompt Ben Garvey (Apr 12)
[waraxe-2004-SA#017 - User-level authentication bypass in phpnuke 6.x-7.2] Janek Vind (Apr 12)
eMule <= 0.42d Remote Exploit kcope (Apr 12)
BID 7482, bug in OpenSSH (Still in FreeBSD-STABLE) Felipe Neuwald (Apr 12)
- Re: BID 7482, bug in OpenSSH (Still in FreeBSD-STABLE) Damien Miller (Apr 14)
Adobe Acrobat Reader PDF file DoS vulnerability Arman Nayyeri (Apr 12)
[waraxe-2004-SA#018 - Admin-level authentication bypass in phpnuke 6.x-7.2] Janek Vind (Apr 12)
[CLA-2004:838] Conectiva Security Announcement - squid Conectiva Updates (Apr 12)
Microsoft Outlook Express EML file Crash vulnerability Arman Nayyeri (Apr 12)
- <Possible follow-ups>
- RE: Microsoft Outlook Express EML file Crash vulnerability Kamran Muzaffer (Apr 14)
[CLA-2004:837] Conectiva Security Announcement - mod_python Conectiva Updates (Apr 13)
[waraxe-2004-SA#016 - Cross-Site Scripting aka XSS in phpnuke 6.x-7.2 part 3] Janek Vind (Apr 13)
new strange worm Alex Gen (Apr 13)
Microsoft Internet Explorer BMP file memory DoS vulnerability Arman Nayyeri (Apr 13)
UPDATE: LCDproc Buffer Overflow and Format String Vulnerabilities Rene Wagner (Apr 14)
EEYE: Windows Local Security Authority Service Remote Buffer Overflow Marc Maiffret (Apr 14)
EEYE: Windows Expand-Down Data Segment Local Privilege Escalation Marc Maiffret (Apr 14)
[Full-Disclosure] iDEFENSE Security Advisory 04.13.04 - Microsoft Help and Support Center Argument Injection Vulnerability idlabs-advisories (Apr 14)
[SECURITY] [DSA 483-1] New mysql packages fix insecure temporary file creation Martin Schulze (Apr 14)
SUSE Security Announcement: cvs (SuSE-SA:2004:008) Sebastian Krahmer (Apr 14)
4 new Microsoft patches to close 20 vulnerabilities Thor Larholm (Apr 14)
[SECURITY] [DSA 482-1] New Linux 2.4.17 packages fix local root exploit (source+powerpc/apus+s390) Martin Schulze (Apr 14)
[RHSA-2004:154-01] Updated CVS packages fix security issue bugzilla (Apr 14)
[SECURITY] [DSA 480-1] New Linux 2.4.17 and 2.4.18 packages fix local root exploit (hppa) Martin Schulze (Apr 14)
[SECURITY] [DSA 479-2] New Linux 2.4.18 packages fix local root exploit (i386) Martin Schulze (Apr 15)
[RHSA-2004:159-01] Updated Subversion packages fix security vulnerability in neon bugzilla (Apr 15)
Cisco Security Notice: Cisco IPsec VPN Implementation Group Password Usage Vulnerability Cisco Systems Product Security Incident Response Team (Apr 15)
Include vulnerability in GEMITEL v 3.50 jaguar (Apr 15)
ZA Security Hole Damjan Kreft (Apr 15)
- Re: ZA Security Hole Pablo G. Sabbatella (Apr 16)
- Re: ZA Security Hole Samps (Apr 16)
  - Re: ZA Security Hole Patrick Brauch (Apr 21)
- Re: ZA Security Hole Hugo van der Kooij (Apr 16)
- Re: ZA Security Hole David Wilson (Apr 20)
FW: [Unpatched] 4 new Microsoft patches, 4 old updated, 24 vulnerabilities Thor Larholm (Apr 15)
[OpenPKG-SA-2004.014] OpenPKG Security Advisory (mysql) OpenPKG (Apr 15)
Re: XSS, Admin Access via Cookie and File Upload vulnerability in NewsPHP. Manuel Lopez (Apr 15)
FreeBSD Security Advisory FreeBSD-SA-04:07.cvs FreeBSD Security Advisories (Apr 15)
SCT javascript execution vulnerability spiffomatic 64 (Apr 15)
[Full-Disclosure] iDEFENSE Security Advisory 04.15.04: RealNetworks Helix Universal Server Denial of Service Vulnerability idlabs-advisories (Apr 16)
TSLSA-2004-0020 - kernel Trustix Security Advisor (Apr 16)
[OpenPKG-SA-2004.015] OpenPKG Security Advisory (ethereal) OpenPKG (Apr 16)
"Delete anti-virus and firewall software" --Microsoft Kim Scarborough (Apr 16)
- <Possible follow-ups>
- RE: "Delete anti-virus and firewall software" --Microsoft Thor Larholm (Apr 20)
After Ms patches last Wed ... aborg (Apr 16)
- Re: After Ms patches last Wed ... phaser-X (Apr 16)
  - Re: After Ms patches last Wed ... Andy Shaw (Apr 17)
  - Re: After Ms patches last Wed ... Dan Harkless (Apr 17)
  - RE: After Ms patches last Wed ... Alun Jones (Apr 17)
    - RE: After Ms patches last Wed ... phaser-X (Apr 19)
  - Re: After Ms patches last Wed ... Scott Gifford (Apr 17)
    - Re: After Ms patches last Wed ... Jerry Winegarden (Apr 19)
  - Re: After Ms patches last Wed ... plasmahh (Apr 19)
    - Re: After Ms patches last Wed ... Alex Cruz (Apr 19)
  - Re: After Ms patches last Wed ... T.H. Haymore (Apr 19)
- <Possible follow-ups>
- RE: After Ms patches last Wed ... Brito, Nelson (ISS Brazil) (Apr 19)
- RE: After Ms patches last Wed ... David Hayden (Apr 19)
- Re: After Ms patches last Wed ... geoff . froh (Apr 20)
- Re: After Ms patches last Wed ... Greg Kujawa (Apr 20)
- RE: After Ms patches last Wed ... David Hayden (Apr 30)
[OpenPKG-SA-2004.016] OpenPKG Security Advisory (neon) OpenPKG (Apr 16)
void.at - neon format string bugs Thomas Wana (Apr 16)
Norton AntiVirus nested file manual scan bypass..... Bipin Gautam (Apr 17)
- <Possible follow-ups>
- Re: Norton AntiVirus nested file manual scan bypass..... Bipin Gautam (Apr 19)
[SECURITY] [DSA 486-1] New cvs packages fix multiple vulnerabilities Matt Zimmerman (Apr 17)
Internet Explorer XSS published unpatched in SP1 AND SP2 Rafel Ivgi, The-Insider (Apr 17)
Network Intelligence Advisory - Denial of Service Vulnerability in ColdFusion MX K. K. Mookhey (Apr 17)
[SECURITY] [DSA 489-1] New Linux 2.4.17 packages fix local root exploit (mips+mipsel) Martin Schulze (Apr 17)
[SCSA-028] Nuked-Klan Multiple Vulnerabilities advisory (Apr 17)
[SECURITY] [DSA 431-2] New perl packages fix information leak in suidperl Matt Zimmerman (Apr 17)
Squirrelmail Chpasswod bof Matias Neiff (Apr 17)
- Re: Squirrelmail Chpasswod bof Jonathan Angliss (Apr 19)
- Re: Squirrelmail Chpasswod bof martin f krafft (Apr 19)
- <Possible follow-ups>
- Re: Squirrelmail Chpasswod bof Peter Geissler (Apr 19)
- Re: Squirrelmail Chpasswod bof rip (Apr 19)
- Re: Squirrelmail Chpasswod bof p dont think (Apr 28)
MS04-011 SSL Remote DoS PoC David Barroso Berrueta (Apr 17)
[SECURITY] [DSA 490-1] New Zope packages fix arbitrary code execution Martin Schulze (Apr 17)
[SECURITY] [DSA 487-1] New neon packages fix format string vulnerabilities Matt Zimmerman (Apr 17)
[BUG-CORRECTION] IISShield "Server" header costumization Tiago Halm (Apr 17)
[SECURITY] [DSA 491-1] New Linux 2.4.19 packages fix local root exploit (mips) Martin Schulze (Apr 17)
[SECURITY] [DSA 488-1] New logcheck packages fix insecure temporary directory Matt Zimmerman (Apr 17)
[slackware-security] tcpdump denial of service (SSA:2004-108-01) Slackware Security Team (Apr 19)
[SECURITY] [DSA 492-1] New iproute packages fix denial of service Matt Zimmerman (Apr 19)
after ms patches... kincses zoli (Apr 19)
DoS in NETFile FTP/Web Server Donato Ferrante (Apr 19)
RE: MS04-011 Break SSL support in IE 6.0.3790.0 with Windows 2003 Thor Larholm (Apr 19)
[ GLSA 200404-14 ] Multiple format string vulnerabilities in cadaver Kurt Lieber (Apr 19)
[ GLSA 200404-16 ] Multiple new security vulnerabilities in monit Kurt Lieber (Apr 19)
[ GLSA 200404-15 ] XChat 2.0.x SOCKS5 Vulnerability Kurt Lieber (Apr 19)
New Paper - SQL Injection Signatures Evasion Imperva Application Defense Center (Apr 19)
- <Possible follow-ups>
- Re: New Paper - SQL Injection Signatures Evasion K. K. Mookhey (Apr 26)
- RE: New Paper - SQL Injection Signatures Evasion Imperva Application Defense Center (Apr 26)
ssmtp insecure file creation priestmaster (Apr 19)
MS Patches last Wed - SOLUTION aborg (Apr 19)
LNSA-#2004-0012: Multiple format string vulnerabilities in neon Vincenzo Ciaglia (Apr 19)
[waraxe-2004-SA#019 - Critical sql injection bug in Phorum 3.4.7] Janek Vind (Apr 19)
phpBB 2.0.8a and lower - IP spoofing vulnerability Ready Response (Apr 19)
- Re: phpBB 2.0.8a and lower - IP spoofing vulnerability Shaun Colley (Apr 19)
- Re: phpBB 2.0.8a and lower - IP spoofing vulnerability 3APA3A (Apr 20)
  - Re: phpBB 2.0.8a and lower - IP spoofing vulnerability Xin LI (Apr 21)
    - Re: phpBB 2.0.8a and lower - IP spoofing vulnerability BlueRaven (Apr 28)
    - Re: phpBB 2.0.8a and lower - IP spoofing vulnerability Xin LI (Apr 29)
LNSA-#2004-0011: CVS Server and Client Vulnerabilities Vincenzo Ciaglia (Apr 19)
MS Patches last Mon - Recap aborg (Apr 19)
Idea of CAW (Creation of Attack Wood) kincses zoli (Apr 19)
- Re: Idea of CAW (Creation of Attack Wood) Magosányi Árpád (Apr 20)
  - Re: Idea of CAW (Creation of Attack Wood) Jan Minar (Apr 21)
MDKSA-2004:031 - Updated utempter packages fix several vulnerabilities Mandrake Linux Security Team (Apr 19)
BitDefender Scan Online(ActiveX) - Remote File Download & Execute & Private Information Disclosure Rafel Ivgi, The-Insider (Apr 19)
- Re: BitDefender Scan Online(ActiveX) - Remote File Download & Execute & Private Information Disclosure Sami POTIRCA (Apr 20)
phpBB modified by Przemo arbitary code execution Dariusz 'Officerrr' Kolasinski (Apr 19)
- <Possible follow-ups>
- phpBB modified by Przemo arbitary code execution Dariusz 'Officerrr' Kolasinski (Apr 20)
Microsoft Help and Support Center argument injection vulnerability Jouko Pynnonen (Apr 19)
Zaep AntiSpam Cross Site Scripting Aviram Jenik (Apr 19)
Solaris 9 patch 113579-03 introduces a NIS security bug Chris Thompson (Apr 19)
[slackware-security] utempter security update (SSA:2004-110-01) Slackware Security Team (Apr 19)
Eudora 6.1 is evil Paul Szabo (Apr 19)
KPhone STUN DoS (Malformed STUN Packets) Aviram Jenik (Apr 20)
[slackware-security] cvs security update (SSA:2004-108-02) Slackware Security Team (Apr 20)
Exchange pop3 remote exploit securma massine (Apr 20)
NcFTP - password leaking Konstantin Gavrilenko (Apr 20)
- Re: NcFTP - password leaking Frank v Waveren (Apr 20)
- Re: NcFTP - password leaking Alex Behar (Apr 21)
MDKSA-2004:033 - Updated xine-ui packages fix temporary file insecurities Mandrake Linux Security Team (Apr 20)
MDKSA-2004:032 - Updated libneon packages fix temporary file insecurities Mandrake Linux Security Team (Apr 20)
MDKSA-2004:034 - Updated MySQL packages fix temporary file insecurities Mandrake Linux Security Team (Apr 20)
MDKSA-2004:035 - Updated samba packages fix privilege escalation vulnerability Mandrake Linux Security Team (Apr 20)
NISCC Vulnerability Advisory 236929: Vulnerability Issues in TCP David Ahmad (Apr 20)
Format String in Cherokee CoKi (Apr 20)
[cliph () isec pl: Linux kernel setsockopt MCAST_MSFILTER integer overflow] David Ahmad (Apr 20)
Cisco Security Advisory: TCP Vulnerabilities in Multiple Non-IOS-Based Cisco Products Cisco Systems Product Security Incident Response Team (Apr 20)
WinSCP Denial of Service Luca Ercoli (Apr 20)
Cisco Security Advisory: Vulnerabilities in SNMP Message Processing Cisco Systems Product Security Incident Response Team (Apr 21)
Cisco Security Advisory: TCP Vulnerabilities in Multiple IOS Based Cisco Products Cisco Systems Product Security Incident Response Team (Apr 21)
Linux kernel setsockopt MCAST_MSFILTER integer overflow Wojciech Purczynski (Apr 21)
IETF Draft on Transmission Control Protocol security considerations Thor Larholm (Apr 21)
[PNSA 2004-2] PostNuke Security Advisory PNSA 2004-2 Valerio Santinelli (Apr 21)
[RHSA-2004:166-01] Updated kernel packages resolve security vulnerabilities bugzilla (Apr 21)
[SECURITY] [DSA 493-1] New xchat packages fix arbitrary code execution Martin Schulze (Apr 21)
Advanced Guestbook 2.2 -- SQL Injection Exploit JQ (Apr 21)
[waraxe-2004-SA#022 - Multiple vulnerabilities in PostNuke 0.726 Phoenix - part 2] Janek Vind (Apr 21)
[waraxe-2004-SA#021 - Multiple vulnerabilities in phprofession 2.5 module for PostNuke] Janek Vind (Apr 21)
NetBSD Security Advisory 2004-006: TCP protocol and implementation vulnerability NetBSD Security-Officer (Apr 21)
EEYE: Yahoo! Mail Account Filter Overflow Hijack Drew Copley (Apr 21)
NetBSD Security Advisory 2004-005: Denial of service vulnerabilities in OpenSSL NetBSD Security-Officer (Apr 21)
Vulnerabilities in long-lived TCP connections on SGI systems SGI Security Coordinator (Apr 22)
MDKSA-2004:031-1 - Updated utempter packages fix several vulnerabilities Mandrake Linux Security Team (Apr 22)
SGI Advanced Linux Environment security update #18 SGI Security Coordinator (Apr 22)
[slackware-security] xine security update (SSA:2004-111-01) Slackware Security Team (Apr 22)
Arbitrary file overwriting in Unreal engine through UMOD Luigi Auriemma (Apr 22)
TCP Reset Attacks: Paper and Code Now Availble sullo (Apr 23)
Netegrity SiteMinder Affiliate Agent Cookie Overflow advisories (Apr 23)
- <Possible follow-ups>
- Netegrity SiteMinder Affiliate Agent Cookie Overflow advisories (Apr 24)
Potential Microsoft PCT worm (MS04-011) advisories (Apr 23)
EEYE: Symantec Multiple Firewall TCP Options Denial of Service Derek Soeder (Apr 23)
RE: [Full-Disclosure] EEYE: Symantec Multiple Firewall TCP Options Denial of Service Sym Security (Apr 23)
[waraxe-2004-SA#025 - Multiple vulnerabilities in Protector System 1.15b1 for PhpNuke] Janek Vind (Apr 23)
[waraxe-2004-SA#024 - XSS and full path disclosure in Network Query Tool 1.6] Janek Vind (Apr 23)
[ GLSA 200404-17 ] ipsec-tools and iputils contain a remote DoS vulnerability Kurt Lieber (Apr 24)
Apache - all versions vulnerability in OLD procesors. Adam Zabrocki (Apr 24)
- Re: Apache - all versions vulnerability in OLD procesors. Chris Adams (Apr 26)
- Re: Apache - all versions vulnerability in OLD procesors. Chris Adams (Apr 26)
- Re: Apache - all versions vulnerability in OLD procesors. Peter J. Holzer (Apr 26)
- <Possible follow-ups>
- Re: Apache - all versions vulnerability in OLD procesors. Adam Zabrocki (Apr 27)
  - Re: Apache - all versions vulnerability in OLD procesors. Peter Pentchev (Apr 28)
RE: US-CERT Technical Cyber Security Alert TA04-111A -- Vulnerabilities in TCP soby (Apr 26)
Microsoft's Explorer and Internet Explorer long share name buffer overflow. Rodrigo Gutierrez (Apr 26)
- <Possible follow-ups>
- RE: Microsoft's Explorer and Internet Explorer long share name buffer overflow. Rodrigo Gutierrez (Apr 26)
- Microsoft's Explorer and Internet Explorer long share name buffer overflow. Rodrigo Gutierrez (Apr 26)
[HOTFIX] setsockopt kernel vulnerability nolife (Apr 26)
Samsung SmartEther SS6215S Switch Kyle Duren (Apr 26)
Spammers can hide behind 'Email a friend/article' scripts. cyber_flash (Apr 26)
- Re: Spammers can hide behind 'Email a friend/article' scripts. matthias (Apr 28)
- Re: Spammers can hide behind 'Email a friend/article' scripts. 3APA3A (Apr 28)
Horde webmail: mysql access sig (Apr 26)
- <Possible follow-ups>
- Re: Horde webmail: mysql access Christopher T. Beers (Apr 28)
Multiple Vulnerabilities In OpenBB JeiAr (Apr 26)
[SECURITY] [DSA 495-1] New Linux 2.4.16 packages fix local root exploit (arm) Martin Schulze (Apr 26)
Perl code exploting TCP not checking RST ACK. K sPecial (Apr 26)
- <Possible follow-ups>
- Re: Perl code exploting TCP not checking RST ACK. Michael Gschwandtner (Apr 27)
Remote Format String Vulnerabilities in eXtremail Luca Ercoli (Apr 26)
Re: HP Web JetAdmin vulnerabilities. FX (Apr 27)
- <Possible follow-ups>
- Re: HP Web JetAdmin vulnerabilities. Samuel Walker (Apr 29)
Source Code To Test IPv4 fragmentation --> The Rose Attack Gandalf The White (Apr 27)
[ GLSA 200404-19 ] Buffer overflows and format string Joshua J. Berry (Apr 27)
Multiple vulnerabilities PHP-Nuke Video Gallery Module for PHP-Nuke k1LL3r B0y (Apr 27)
Re: [Full-Disclosure] Microsoft's Explorer and Internet Explorer long share name buffer overflow. KF (lists) (Apr 27)
- <Possible follow-ups>
- RE: [Full-Disclosure] Microsoft's Explorer and Internet Explorer long share name buffer overflow. Bryce Porter (Apr 28)
- Re[2]: [Full-Disclosure] Microsoft's Explorer and Internet Explorer long share name buffer overflow. 3APA3A (Apr 29)
[ GLSA 200404-20 ] Multiple vulnerabilities in xine Joshua J. Berry (Apr 27)
[ GLSA 200404-18 ] Multiple Vulnerabilities in ssmtp Joshua J. Berry (Apr 27)
MDKSA-2004:037 - Updated kernel packages fix multiple vulnerabilities Mandrake Linux Security Team (Apr 27)
SGI ProPack v2.4: Kernel update #3 SGI Security Coordinator (Apr 27)
Multiple vulnerabilities paFileDB k1LL3r B0y (Apr 28)
resources consumption in DiGi WWW Server Donato Ferrante (Apr 28)
[ESA-20040428-004] 'kernel' Several security and bug fixes EnGarde Secure Linux (Apr 28)
SMC Routers have remote administration enabled by default user86 (Apr 28)
- Re: SMC Routers have remote administration enabled by default user86 (Apr 29)
  - Re: SMC Routers have remote administration enabled by default user86 (Apr 29)
- Re: SMC Routers have remote administration enabled by default Michael Curtis (Apr 29)
- Re: SMC Routers have remote administration enabled by default Martin Nedbal (Apr 30)
SGI Advanced Linux Environment security update #19 SGI Security Coordinator (Apr 28)
[slackware-security] kernel security updates (SSA:2004-119-01) Slackware Security Team (Apr 29)
MDKSA-2004:038 - Updated sysklogd packages fix vulnerability Mandrake Linux Security Team (Apr 29)
MS04011 Lsasrv.dll RPC buffer overflow remote exploit (PoC) houseofdabus HOD (Apr 29)
[SECURITY] [DSA 496-1] New eterm packages fix indirect arbitrary command execution Martin Schulze (Apr 29)
New Worm??? - High level of activity on port 445 Tony Abell (Apr 29)
- <Possible follow-ups>
- RE: New Worm??? - High level of activity on port 445 Roger A. Grimes (Apr 29)
- RE: New Worm??? - High level of activity on port 445 Jodrell Dimaculangan (Apr 29)
- RE: New Worm??? - High level of activity on port 445 Thor Larholm (Apr 30)
[ GLSA 200404-21 ] Multiple Vulnerabilities in Samba Joshua J. Berry (Apr 30)
SquirrelMail Cross Scripting Attacks.... Alvin Alex (Apr 30)
- Re: SquirrelMail Cross Scripting Attacks.... Jonathan Angliss (Apr 30)
MDKSA-2004:040 - Updated libpng packages fix vulnerability Mandrake Linux Security Team (Apr 30)
3com NBX VOIP NetSet Denial of Service Attack Michael Scheidell (Apr 30)
[RHSA-2004:182-01] Updated httpd packages fix mod_ssl security issue bugzilla (Apr 30)
[OpenPKG-SA-2004.017] OpenPKG Security Advisory (png) OpenPKG (Apr 30)
[SECURITY] [DSA 498-1] New libpng packages fix denial of service Martin Schulze (Apr 30)
cqure.net.20040430.citrixmetaframe Patrik Karlsson (Apr 30)
A technical description of the SSL PCT vulnerability (CVE-2003-0719) Juliano Rizzo (Apr 30)
[SECURITY] [DSA 497-1] New mc packages fix several vulnerabilities Martin Schulze (Apr 30)
[RHSA-2004:177-01] An updated X-Chat package fixes vulnerability in Socks-5 proxy bugzilla (Apr 30)
TSLSA-2004-0025 - multi Trustix Security Advisor (Apr 30)
Cross Site Scripting in Moodle < 1.3 Bartek Nowotarski (Apr 30)
[OpenPKG-SA-2004.018] OpenPKG Security Advisory (proftpd) OpenPKG (Apr 30)
SECURITY.NNOV: Sambar security quest 3APA3A (Apr 30)
MDKSA-2004:039 - Updated mc packages fix vulnerabilities Mandrake Linux Security Team (Apr 30)
HP Web Jetadmin John Morris (Apr 30)
TSLSA-2004-0024 - rsync Trustix Security Advisor (Apr 30)
[RHSA-2004:179-01] An updated LHA package fixes security vulnerabilities bugzilla (Apr 30)
Dameware Mini Remote Control Version 4.2 � Weak Key Agreement Scheme ax09001h (Apr 30)
[RHSA-2004:173-00] Updated mc packages resolve several vulnerabilities bugzilla (Apr 30)
IE Certificate Stealing (Phising) bug E.Kellinis (Apr 30)
[RHSA-2004:163-01] Updated OpenOffice packages fix security vulnerability in neon bugzilla (Apr 30)
[RHSA-2004:181-01] Updated libpng packages fix crash bugzilla (Apr 30)
Multi stage attacks on networks? Sudhakar-bugtraq Govindavajhala (Apr 30)
- Re: Multi stage attacks on networks? Bill Nash (Apr 30)
- <Possible follow-ups>
- RE: Multi stage attacks on networks? Shaun Bertrand (Apr 30)
[RHSA-2004:175-01] Updated utempter package fixes vulnerability bugzilla (Apr 30)
MDKSA-2004:041 - Updated ProFTPD packages fix vulnerability Mandrake Linux Security Team (Apr 30)

Previous period

Next period