Bugtraq: by thread

Nmap Security Scanner

Intro

Ref Guide

Install Guide

Download

Changelog

Book

Docs
Security Lists

Bugtraq

Basics

More
Security Tools

More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

Bugtraq: by thread

330 messages starting Apr 30 04 and ending May 31 04
Date index | Thread index | Author index

Re: http://www.smashguard.org Pavel Machek (Apr 30)
- Re: http://www.smashguard.org Crispin Cowan (Apr 30)
  - Re: http://www.smashguard.org Pavel Machek (Apr 30)
    - Re: http://www.smashguard.org Nicholas Weaver (May 01)
  - Re: http://www.smashguard.org Theo de Raadt (May 01)
- Re: http://www.smashguard.org Coleman Kane (May 01)
- Re: http://www.smashguard.org Theo de Raadt (May 01)
[product-security () apple com: APPLE-SA-2004-04-30 QuickTime 6.5.1] David Ahmad (Apr 30)
LNSA-#2004-0013: Multiple Vulnerabilities in Samba Vincenzo Ciaglia (May 01)
RE: IE Certificate Stealing (Phising) bug Michael Wojcik (May 01)
Props 0.6.1 XSS and Remote File Viewing Vulnerability Manuel Lopez (May 01)
LNSA-#2004-0014: X-Chat vulnerability in Socks-5 proxy Vincenzo Ciaglia (May 01)
Will the Sasser worm become the next Blaster? kers0r (May 01)
- Re: Will the Sasser worm become the next Blaster? Gadi Evron (May 01)
- <Possible follow-ups>
- Re: Will the Sasser worm become the next Blaster? Damian Menscher (May 03)
- RE: Will the Sasser worm become the next Blaster? Pullum, Stephen (May 03)
New LSASS-based worm finally here (Sasser) Ben Ryan (May 01)
- Re: New LSASS-based worm finally here (Sasser) Javier Fernandez-Sanguino (May 03)
  - Re: [Full-Disclosure] Re: New LSASS-based worm finally here (Sasser) Jason (May 04)
    - Re: [Full-Disclosure] Re: New LSASS-based worm finally here (Sasser) Javier Fernandez-Sanguino (May 04)
- <Possible follow-ups>
- RE: New LSASS-based worm finally here (Sasser) Marc Maiffret (May 04)
[SECURITY] [DSA 500-1] New flim packages fix insecure temporary file creation Matt Zimmerman (May 03)
W32/Sasser a and b SNORT Sigs Martin Overton (May 03)
[SECURITY] [DSA 499-1] New rsync packages fix directory traversal bug Matt Zimmerman (May 03)
PaX Linux Kernel 2.6 Patches DoS Advisory chris (May 03)
EEYE: Apple QuickTime (QuickTime.qts) Heap Overflow Marc Maiffret (May 03)
[waraxe-2004-SA#026 - Multiple vulnerabilities in Coppermine Photo Gallery for PhpNuke] Janek Vind (May 03)
X-Chat[v1.8.0-v2.0.8]: socks-5 remote buffer overflow exploit. Vade 79 (May 03)
Serv-U LIST -l Parameter Buffer Overflow Aviram Jenik (May 03)
RE: After Ms patches last Wed ... InfoSec (May 03)
- Re: After Ms patches last Wed ... James Riden (May 03)
  - Re: After Ms patches last Wed ... Nicholas Weaver (May 04)
- RE: After Ms patches last Wed ... Nick FitzGerald (May 04)
Crystal Reports Vulnerabilities Imperva Application Defense Center (May 03)
- Re: Crystal Reports Vulnerabilities Michael Ray (May 05)
- <Possible follow-ups>
- RE: Crystal Reports Vulnerabilities Imperva Application Defense Center (May 05)
Vulnerability in YaBB forum (Perl version without SQL) Dmitry Shurupov (May 03)
Multible Vulnerabilites in Aldos Webserver oliver (May 03)
[slackware-security] rsync update (SSA:2004-124-01) Slackware Security Team (May 03)
[slackware-security] xine-lib update (SSA:2004-124-03) Slackware Security Team (May 03)
[slackware-security] sysklogd update (SSA:2004-124-02) Slackware Security Team (May 03)
[slackware-security] libpng update (SSA:2004-124-04) Slackware Security Team (May 03)
[product-security () apple com: APPLE-SA-2004-05-03 Security Update 2004-05-03] David Ahmad (May 04)
@stake: AppleFileServer Remote Command Execution @stake Advisories (May 04)
SUSE Security Announcement: kernel (SuSE-SA:2004:010) Roman Drahtmueller (May 04)
Sasser worm and Embedded Support Partner (ESP) port 5554/tcp SGI Security Coordinator (May 04)
remote root exec vulnerability in omail Thijs Dalhuijsen (May 05)
Re: (HOAX) Dameware Mini Remote Control Version 4.2 ? Weak Key Agreement Scheme DameWare Support (May 05)
Vulnerabilities In PHPX 3.26 And Earlier JeiAr (May 05)
[slackware-security] lha update in bin package (SSA:2004-125-01) Slackware Security Team (May 05)
UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : apache multiple vulnerabilities, upgraded to apache-1.3.29 please_reply_to_security (May 05)
SMF SIZE Tag Script Injection Vulnerability Cheng Peng Su (May 05)
Corsaire Security Advisory - Verity Ultraseek path disclosure issue advisories (May 05)
Fuse Talk Vunerabilities Stuart Jamieson (May 05)
[OpenPKG-SA-2004.019] OpenPKG Security Advisory (kolab) OpenPKG (May 05)
Titan FTP Server Aborted LIST DoS Aviram Jenik (May 05)
- Re: Titan FTP Server Aborted LIST DoS Gene Ken (May 07)
  - Re: Titan FTP Server Aborted LIST DoS Noam Rathaus (May 07)
[waraxe-2004-SA#027 - Once again - critical vulnerabilities in PhpNuke 6.x - 7.2] Janek Vind (May 05)
IRIX Networking Security Updates SGI Security Coordinator (May 05)
Multiple vulnerabilities in P4DB Jon McClintock (May 05)
FreeBSD Security Advisory FreeBSD-SA-04:08.heimdal FreeBSD Security Advisories (May 05)
FreeBSD Security Advisory FreeBSD-SA-04:09.kadmind FreeBSD Security Advisories (May 05)
[AppSecInc Security Alert] Microsoft Active Server Pages Cookie Retrieval Issue Aaron C. Newman (Application Security, Inc.) (May 06)
Advisory: Heimdal kadmind version4 remote heap overflow Evgeny Demidov (May 06)
[0xbadc0ded #03] DeleGate (SSL-filter) <= 8.9.2 Joel Eriksson (May 06)
SUSE Security Announcement: Live CD 9.1 (SuSE-SA:2004:011) Roman Drahtmueller (May 06)
Will a smart worm be made in the near future? Taeho Oh (May 07)
- Re: Will a smart worm be made in the near future? Jose Nazario (May 07)
Fwd: [Re: cvs commit: src/sys/vm vm_map.c] Jacques A. Vidrine (May 07)
Security issue with Trend OfficeScan Corporate Edition Matt (May 07)
[SECURITY] [DSA 501-1] New exim packages fix buffer overflows Martin Schulze (May 07)
Remote DoS IE Memory Access Violation E.Kellinis (May 07)
Windows IPSec Vulnerabilty Steffen Pfendtner (May 07)
Eudora file URL buffer overflow Paul Szabo (May 07)
- Status bar exploit hides spoofed URLs Eudora, possibly other e-mail clients Brett Glass (May 08)
[CLA-2004:840] Conectiva Security Announcement - lha Conectiva Updates (May 07)
Streaming Video and Audio security lists (May 07)
[OpenPKG-SA-2004.020] OpenPKG Security Advisory (ssmtp) OpenPKG (May 08)
FW: [security bulletin] SSRT4717 Management Agents for HP-UX Remote DoS Boren, Rich (SSRT) (May 08)
[FLSA-2004:1395] Updated OpenSSL resolves security vulnerability Jesse Keating (May 08)
[waraxe-2004-SA#028 - Multiple vulnerabilities in NukeJokes module for PhpNuke] Janek Vind (May 08)
[ GLSA 200405-01 ] Multiple format string vulnerabilities in neon 0.24.4 and earlier Kurt Lieber (May 10)
PaX DoS proof-of-concept Michel Blomgren (May 10)
OUTLOOK 2003: OuchLook http-equiv () excite com (May 10)
a litle bypass with IE Nuno Costa (May 10)
- Re: a litle bypass with IE Neil Briscoe (May 10)
- RE: a litle bypass with IE Eric Norbut (May 10)
- Re: a litle bypass with IE Emilio Casbas (May 11)
- <Possible follow-ups>
- RE: a litle bypass with IE Thor Larholm (May 11)
[ GLSA 200405-02 ] Multiple vulnerabilities in LHa Thierry Carrez (May 10)
Monit 4.1 remote shell exploit (HTTP) Michel Blomgren (May 10)
RE: An undetectable Online Bank Vulnerability? M Peterson (May 10)
Arbitrary code inclusion in phpShop Calum Power (May 10)
Emule 0.42e Remote Denial Of Service Exploit Rafel Ivgi, The-Insider (May 10)
msxml3.dll Parsing Error Crashes Internet Explorer Remotely Upon Refresh Rafel Ivgi, The-Insider (May 10)
- Re: msxml3.dll Parsing Error Crashes Internet Explorer Remotely Upon Refresh Gao Rui (May 12)
[Ulf Harnhammar]: LHA Advisory + Patch David Ahmad (May 10)
DEEP SEA PHISHING: Internet Explorer / Outlook Express http-equiv () excite com (May 10)
PING: Outlook 2003 Spam http-equiv () excite com (May 11)
Somebody exploiting (badly designed) yahoo service? Aleksandar Milivojevic (May 11)
- Re: Somebody exploiting (badly designed) yahoo service? Nick FitzGerald (May 12)
- <Possible follow-ups>
- Re: Somebody exploiting (badly designed) yahoo service? Charles Mansmann (May 11)
MDKSA-2004:042 - Updated rsync packages fixes potential to write outside of directory tree. Mandrake Linux Security Team (May 11)
[SECURITY] [DSA 502-1] New exim-tls packages fix buffer overflows Martin Schulze (May 11)
MDKSA-2004:043 - Updated apache2 packages fixes a denial of service vulnerability in mod_ssl Mandrake Linux Security Team (May 11)
Linux Kernel sctp_setsockopt() Integer Overflow Shaun Colley (May 11)
- Re: [Full-Disclosure] Linux Kernel sctp_setsockopt() Integer Overflow Tom Rini (May 12)
- Re: Linux Kernel sctp_setsockopt() Integer Overflow Michael Tokarev (May 15)
  - Re: Linux Kernel sctp_setsockopt() Integer Overflow Michael Tokarev (May 28)
    - Re: Linux Kernel sctp_setsockopt() Integer Overflow Jirka Kosina (May 31)
    - Re: Linux Kernel sctp_setsockopt() Integer Overflow Shaun Colley (May 31)
Re: NISCC Vulnerability Advisory 236929: Vulnerability Issues in TCP Florian Weimer (May 11)
- Re: NISCC Vulnerability Advisory 236929: Vulnerability Issues in TCP Bob Beck (May 12)
  - Re: NISCC Vulnerability Advisory 236929: Vulnerability Issues in TCP Darren Reed (May 13)
[ GLSA 200405-04 ] OpenOffice.org vulnerability when using DAV servers Thierry Carrez (May 11)
[ GLSA 200405-03 ] ClamAV VirusEvent parameter vulnerability Thierry Carrez (May 11)
Advisory 04/2004: Net(Free)BSD Systrace local root vulnerabilitiy Stefan Esser (May 11)
Hiding URLs from Outlook and other mail clients Carl (May 11)
OpenServer 5.0.5 OpenServer 5.0.6 OpenServer 5.0.7 : X sessions which are not started by scologin cannot use the X authorization protocol please_reply_to_security (May 11)
MS04-015 - Windows Help Center - Dvdupgrade morning_wood (May 12)
[OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache) OpenPKG (May 12)
surfboard1.1.6 local exploit. Anonymous (May 12)
- Re: surfboard1.1.6 local exploit. Meredydd (May 13)
NetBSD Security Advisory 2004-007: Systrace systrace_exit() local root NetBSD Security-Officer (May 12)
EEYE: Symantec Multiple Firewall NBNS Response Processing Stack Overflow Marc Maiffret (May 13)
EEYE: Symantec Multiple Firewall DNS Response Denial-of-Service Marc Maiffret (May 13)
EEYE: Symantec Multiple Firewall Remote DNS KERNEL Overflow Marc Maiffret (May 13)
EEYE: Symantec Multiple Firewall NBNS Response Remote Heap Corruption Marc Maiffret (May 13)
Showhelp() local CHM file execution roozbeh afrasiabi (May 13)
- <Possible follow-ups>
- Re: Showhelp() local CHM file execution roozbeh afrasiabi (May 14)
[ GLSA 200405-05 ] Utempter symlink vulnerability Kurt Lieber (May 13)
[SECURITY] [DSA 503-1] New mah-jong packages fix denial of service Martin Schulze (May 13)
[slackware-security] apache (SSA:2004-133-01) Slackware Security Team (May 13)
Opera Telnet URI Handler Vulnerability also applies to other browsers Jannes (May 13)
SYM04-008, Symantec Client Firewall Remote Access and Denial of Service Issues Sym Security (May 13)
[security bulletin] SSRT4722 rev.0 HP-UX Mozilla denial of service Boren, Rich (SSRT) (May 13)
POA: Outlook Expresss 6.00 http-equiv () excite com (May 13)
IE URL Issue Being Used In Phishing In the Wild [USBank] Drew Copley (May 14)
- Re: IE URL Issue Being Used In Phishing In the Wild [USBank] Todd C. Campbell (May 14)
- Re: IE URL Issue Being Used In Phishing In the Wild [USBank] Nick FitzGerald (May 15)
- <Possible follow-ups>
- RE: IE URL Issue Being Used In Phishing In the Wild [USBank] Drew Copley (May 14)
Vulnerability Scanning on Windows 2003 localhost will crash RPC farking (May 14)
- <Possible follow-ups>
- RE: Vulnerability Scanning on Windows 2003 localhost will crash RPC Drew Copley (May 14)
[security bulletin] SSRT4721 rev.0 HP-UX dtlogin unauthorized privileged access, DoS Boren, Rich (SSRT) (May 14)
SUSE Security Announcement: mc (SuSE-SA:2004:012) Thomas Biege (May 14)
DOE updated cybersecurity //no code or 0day sploits// just info System Administrator (May 14)
Curious fileutils/coreutils behaviour. David Malone (May 14)
- Re: Curious fileutils/coreutils behaviour. Nicolas Rachinsky (May 14)
- <Possible follow-ups>
- RE: Curious fileutils/coreutils behaviour. Michael Wojcik (May 14)
  - Re: Curious fileutils/coreutils behaviour. David Malone (May 14)
    - Re: Curious fileutils/coreutils behaviour. Michael Shigorin (May 15)
    - Re: Curious fileutils/coreutils behaviour. Luciano Miguel Ferreira Rocha (May 15)
    - Re: Curious fileutils/coreutils behaviour. Martin (May 15)
TSLSA-2004-0027 - apache Trustix Security Advisor (May 14)
Still Vulnerable in MSIE Greg Kujawa (May 14)
- <Possible follow-ups>
- RE: Still Vulnerable in MSIE Thor Larholm (May 15)
- RE: Still Vulnerable in MSIE Drew Copley (May 17)
[security bulletin] SSRT3613 rev.0 HP-UX B6848AB GTK+ Support Libraries - elevated privileges Boren, Rich (SSRT) (May 14)
Symantec Multiple Firewall DNS Response Denial-of-Service Exploit (PoC) houseofdabus HOD (May 14)
TSLSA-2004-0029 - kernel Trustix Security Advisor (May 14)
[ GLSA 200405-07 ] Exim verify=header_syntax buffer overflow Thierry Carrez (May 14)
[ GLSA 200405-06 ] libpng denial of service vulnerability Thierry Carrez (May 15)
Denial of Service Vulnerability in IEEE 802.11 Wireless Devices albatross (May 15)
- Re: Denial of Service Vulnerability in IEEE 802.11 Wireless Devices Casper Dik (May 15)
  - Re[2]: Denial of Service Vulnerability in IEEE 802.11 Wireless Devices Jason Ostrom (May 17)
    - Re: Denial of Service Vulnerability in IEEE 802.11 Wireless Devices Niels Bakker (May 17)
lha buffer overflow(s) again lw (May 15)
more simple and flexible WinBlox(GET CONTROL OF WINNT SYSTEM) Liu Die Yu (May 15)
CiSCO IOS 12.* source code stolen Alexander Antipo (May 15)
Wget race condition vulnerability V�zquez (May 17)
WebCT: Cross Site Scripting Vulnerability spiffomatic 64 (May 17)
Multiple TTT-C XSS vulnerabilities Kaloyan Georgiev (May 17)
[slackware-security] mc (SSA:2004-136-01) Slackware Security Team (May 17)
KDE Security Advisory: URI Handler Vulnerabilities Waldo Bastian (May 17)
NetChat HTTP Server Stack Overflow dbd (May 17)
Safari remote arbitrary code execution kang (May 17)
- Re: Safari remote arbitrary code execution Adam Shostack (May 17)
RE: Remote Buffer Overflow in MailEnable HTTPMail MailEnable Sales (May 17)
Microsoft Internet Explorer ImageMap URL Spoof Vulnerability Kurczaba Associates advisories (May 17)
- <Possible follow-ups>
- RE: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability Drew Copley (May 17)
- Re: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability thegeekmeister (May 17)
  - Re: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability Jan Kluka (May 18)
- Re: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability sandrijeski (May 27)
  - Re: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability Robert J Taylor (May 31)
  - Re: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability Valdis . Kletnieks (May 31)
  - Re: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability Peter Pentchev (May 31)
- Re: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability http-equiv () excite com (May 27)
[waraxe-2004-SA#029 - Possible remote file inclusion in PhpNuke 6.x - 7.3] Janek Vind (May 17)
oscommerce 2.2 file_manager.php file browsing Rene (May 17)
[waraxe-2004-SA#030 - Multiple vulnerabilities in PhpNuke 6.x - 7.3] Janek Vind (May 17)
Desktop.ini flaw results in executing folders roozbeh afrasiabi (May 17)
ROCKET SCIENCE: Outllook 2003 http-equiv () excite com (May 17)
Buffer Overflow in ActivePerl ? Oliver () greyhat de (May 17)
- Re: Buffer Overflow in ActivePerl ? rich . sf (May 18)
  - RE: [Full-Disclosure] Re: Buffer Overflow in ActivePerl ? Bill Royds (May 18)
  - Re: Buffer Overflow in ActivePerl ? Josh Tolley (May 18)
- Re: Buffer Overflow in ActivePerl? Axel Beckert (May 18)
- Re: Buffer Overflow in ActivePerl ? Nick FitzGerald (May 18)
- <Possible follow-ups>
- Re: Buffer Overflow in ActivePerl ? noderat (May 18)
- RE: Buffer Overflow in ActivePerl ? Drew Copley (May 18)
  - Re: Buffer Overflow in ActivePerl ? David Cantrell (May 19)
    - Re: Buffer Overflow in ActivePerl ? David Ahmad (May 19)
MDKSA-2004:044 - Updated libuser packages fix vulnerability Mandrake Linux Security Team (May 17)
MDKSA-2004:045 - Updated passwd packages fix vulnerabilities Mandrake Linux Security Team (May 17)
MDKSA-2004:046 - Updated apache packages fix a number of vulnerabilities Mandrake Linux Security Team (May 17)
Advisory 05/2004: phpMyFAQ local file inclusion vulnerability Stefan Esser (May 18)
[slackware-security] kdelibs (SSA:2004-238-01) Slackware Security Team (May 18)
Zen Cart login.php SQL Injection Vulnerability Oliver Minack (May 18)
[SECURITY] [DSA 504-1] New heimdal packages fix potential buffer overflow Martin Schulze (May 18)
IRIX 6.5.24 rpc.mountd infinte loop SGI Security Coordinator (May 18)
Overflow () OmniHTTPd Han_B (May 18)
Vapid Labs Security Advisory for PrimeBase Database 4.2 (update) Larry W. Cashdollar (May 18)
Unknown IE bug with css-styles henkie_is_leet (May 18)
- Re: Unknown IE bug with css-styles Paolo Mattiangeli (May 18)
[ GLSA 200405-08 ] Pound format string vulnerability Thierry Carrez (May 18)
MDKSA-2004:047 - Updated kdelibs packages fix URI handling vulnerabilities Mandrake Linux Security Team (May 18)
[FLSA-2004:1546] Updated utempter resolves security vulnerability -- Reissue: updated 8.0 version numbers Jesse Keating (May 19)
[ GLSA 200405-09 ] ProFTPD Access Control List bypass vulnerability Kurt Lieber (May 19)
Advisory 06/2004: libneon date parsing vulnerability Stefan Esser (May 19)
Advisory 07/2004: CVS remote vulnerability Stefan Esser (May 19)
FreeBSD Security Advisory FreeBSD-SA-04:10.cvs FreeBSD Security Advisories (May 19)
[SECURITY] [DSA 506-1] New neon packages fix buffer overflow Martin Schulze (May 19)
[SECURITY] [DSA 505-1] New cvs packages fix remote exploit Martin Schulze (May 19)
A new Sanctum paper: "Blind XPath Injection" Amit Klein (May 19)
SUSE Security Announcement: cvs (SuSE-SA:2004:013) Sebastian Krahmer (May 19)
Advisory 08/2004: Subversion remote vulnerability Stefan Esser (May 19)
Idea for proactive worm protection Peter Surda (May 19)
Non-logged Brute Force Attack Vulnerability for Fantastico-Created Databases on cPanel Based Hosts Michael Curtis (May 19)
- Re: Non-logged Brute Force Attack Vulnerability for Fantastico-Created Databases on cPanel Based Hosts Kenneth Peiruza (May 21)
  - Re: Non-logged Brute Force Attack Vulnerability forFantastico-Created Databases on cPanel Based Hosts Michael Curtis (May 21)
[SECURITY] [DSA 507-1] New cadaver packages fix buffer overflow Martin Schulze (May 19)
[ GLSA 200405-10 ] Icecast denial of service vulnerability Thierry Carrez (May 19)
Reporting a Security Vulnerability in a Microsoft Product Microsoft Security Response Center (May 19)
MDKSA-2004:048 - Updated cvs packages fix remotely exploitable vulnerability Mandrake Linux Security Team (May 19)
[ GLSA 200405-11 ] KDE URI Handler Vulnerabilities Thierry Carrez (May 19)
MDKSA-2004:049 - Updated libneon packages fix heap variable overflow issues Mandrake Linux Security Team (May 19)
[OpenPKG-SA-2004.023] OpenPKG Security Advisory (subversion) OpenPKG (May 19)
[OpenPKG-SA-2004.022] OpenPKG Security Advisory (cvs) OpenPKG (May 19)
[OpenPKG-SA-2004.024] OpenPKG Security Advisory (neon) OpenPKG (May 19)
SGI ProPack v2.4: Kernel Update #4 - Security and other fixes SGI Security Coordinator (May 20)
[slackware-security] cvs (SSA:2004-140-01) Slackware Security Team (May 20)
SGI ProPack 3: Kernel Update #1 - Security and other fixes SGI Security Coordinator (May 20)
[security bulletin] SSRT4696 rev. 0 HP ProCurve Routing Switches TCP Denial of Service (DoS) Boren, Rich (SSRT) (May 20)
[ GLSA 200405-14 ] Buffer overflow in Subversion Joshua J. Berry (May 20)
[ GLSA 200405-13 ] neon heap-based buffer overflow Thierry Carrez (May 20)
[ GLSA 200405-12 ] CVS heap overflow vulnerability Thierry Carrez (May 20)
[ GLSA 200405-15 ] cadaver heap-based buffer overflow Thierry Carrez (May 20)
Question About Ethics and Full Disclosure Tom (May 20)
- Re: Question About Ethics and Full Disclosure T.J. (May 20)
- Re: Question About Ethics and Full Disclosure Michal Zalewski (May 21)
- <Possible follow-ups>
- RE: Question About Ethics and Full Disclosure Drew Copley (May 20)
- RE: Question About Ethics and Full Disclosure Kevin E. Casey (May 20)
Auditor security collection released - a swiss army knife for security assessments. Max (May 20)
Internet explorer .clsid vulnerability roozbeh afrasiabi (May 20)
- <Possible follow-ups>
- RE: Internet explorer .clsid vulnerability Thor Larholm (May 21)
- Re: Internet explorer .clsid vulnerability roozbeh afrasiabi (May 22)
[SNS Advisory No.72] Symantec Norton AntiVirus 2004 ActiveX Control Vulnerability snsadv (May 21)
Stupid Phishing Tricks http-equiv () excite com (May 21)
e107 web portal Referers HTTP Injection Chinchilla (May 21)
MDKSA-2004:046-1 - apache-mod_perl packages are now available Mandrake Linux Security Team (May 21)
[OpenPKG-SA-2004.025] OpenPKG Security Advisory (rsync) OpenPKG (May 21)
Eudora 6.1.1 attachment spoof, LaunchProtect Paul Szabo (May 21)
[ GLSA 200405-16 ] Multiple XSS Vulnerabilities in SquirrelMail Rajiv Aaron Manglani (May 21)
BNBT BitTorrent Tracker Denial Of Service badpack3t (May 22)
Exploit codes for CVS Vulnerability and snort rules from ISC K-OTiK Security (May 22)
Allegro RomPager/2.10 DoS exploit Seth Alan Woolley (May 22)
MDKSA-2004:050 - Updated kernel packages fix multiple vulnerabilities Mandrake Linux Security Team (May 22)
Liferay Cross Site Scripting Flaw Giri, Sandeep (May 22)
e107 web portal user.php XSS (Cross Site Scripting) Chris Norton (May 24)
[SECURITY] [DSA 508-1] New xpcd packages fix buffer overflow Matt Zimmerman (May 24)
Netgear RP114 URL filter fails if URL is too long Marc Ruef (May 24)
[ GLSA 200405-18 ] Buffer Overflow in Firebird Thierry Carrez (May 24)
- <Possible follow-ups>
- Re: [ GLSA 200405-18 ] Buffer Overflow in Firebird b0f www . b0f . net (May 26)
  - Re: [ GLSA 200405-18 ] Buffer Overflow in Firebird KF (lists) (May 27)
    - Re: [ GLSA 200405-18 ] Buffer Overflow in Firebird KF (lists) (May 27)
cPanel mod_phpsuexec Vulnerability Rob Brown (May 24)
[ GLSA 200405-19 ] Opera telnet URI handler file creation/truncation vulnerability Kurt Lieber (May 25)
SSH URI handler remote arbitrary code execution kang (May 25)
[CLA-2004:841] Conectiva Security Announcement - libneon Conectiva Updates (May 25)
ERRATA: [ GLSA 200405-16 ] Multiple XSS Vulnerabilities in SquirrelMail Kurt Lieber (May 25)
[CLA-2004:842] Conectiva Security Announcement - mailman Conectiva Updates (May 25)
[ GLSA 200405-20 ] Insecure Temporary File Creation In MySQL Thierry Carrez (May 25)
[security bulletin] SSRT4749 HP-UX Java Runtime Environment (JRE) remote DoS Boren, Rich (SSRT) (May 26)
FreeBSD Security Advisory FreeBSD-SA-04:11.msync FreeBSD Security Advisories (May 26)
SUSE Security Announcement: kdelibs (SuSE-SA:2004:014) Sebastian Krahmer (May 26)
[security bulletin] SSRT4719 hp OpenView Select Access remote unauthorized access Boren, Rich (SSRT) (May 26)
IEBUG: Archives of Internet Explorer Liu Die Yu (May 26)
[Full-Disclosure] iDEFENSE Security Advisory 05.26.04: 3Com OfficeConnect Remote 812 ADSL Router Telnet Protocol Denial of Service Vulnerability idlabs-advisories (May 26)
[ GLSA 200405-21 ] Midnight Commander: Multiple vulnerabilities Kurt Lieber (May 26)
IRIX libcpr vulnerability SGI Security Coordinator (May 26)
- Re: IRIX libcpr vulnerability Jan Schaumann (May 26)
[ GLSA 200405-22 ] Apache 1.3: Multiple vulnerabilities Kurt Lieber (May 26)
[security bulletin]SSRT4724 HP integrated Lights Out (iLO) Denial of Service (DoS) using port zero Boren, Rich (SSRT) (May 26)
Orenosv HTTP/FTP Server Denial Of Service badpack3t (May 26)
[CLA-2004:843] Conectiva Security Announcement - kde Conectiva Updates (May 26)
SGI Advanced Linux Environment 3 Security Update #1 SGI Security Coordinator (May 26)
DoS in MiniShare 1.3.2 Donato Ferrante (May 26)
[OpenPKG-SA-2004.026] OpenPKG Security Advisory (apache) OpenPKG (May 27)
[ GLSA 200405-23 ] Heimdal: Kerberos 4 buffer overflow in kadmin Kurt Lieber (May 27)
The Dangers of Cross-Site-Scripting: Rogers Hi-Speed Internet Network [Canada] http-equiv () excite com (May 27)
Re: Exchange pop3 remote exploit Tal Schaeffer (May 27)
MDKSA-2004:051 - Updated mailman packages fix password retrieval vulnerability Mandrake Linux Security Team (May 27)
Sun-Java-App-Server PE 8.0 path disclosure Marc Schoenefeld (May 27)
WildTangent Web Driver Long FileName Stack Overflow NGSSoftware Insight Security Research (May 27)
- Re: WildTangent Web Driver Long FileName Stack Overflow Cesar (May 28)
MDKSA-2004:052 - Updated kolab-server package fixes world readable file vulnerability Mandrake Linux Security Team (May 27)
[PHP] include() bypassing filter with php://input Himeur Nourredine (May 27)
- Re: [PHP] include() bypassing filter with php://input Keary Suska (May 28)
  - Re: [PHP] include() bypassing filter with php://input clez (May 28)
    - Re: [PHP] include() bypassing filter with php://input Ali Campbell (May 31)
    - Re: [PHP] include() bypassing filter with php://input bugtraq subscriber (May 31)
[ GLSA 200405-24 ] MPlayer, xine-lib: vulnerabilities in RTSP stream handling Thierry Carrez (May 28)
SGI Advanced Linux Environment security update #20 SGI Security Coordinator (May 28)
SGI Advanced Linux Environment 3 Security Update #2 SGI Security Coordinator (May 28)
JPortal SQL Injects Maciek Wierciski (May 28)
Mollensoft ftp Server ver 3.6 Buffer overflow Chintan Trivedi (May 28)
EnderUNIX Security Anouncement (Isoqlog and Spamguard) Murat Balaban (May 29)
LDU (land down under) xss vulnerability tim de gier (May 29)
[waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615] Janek Vind (May 29)
[SECURITY] [DSA 509-1] New gatos packages fix privilege escalation Matt Zimmerman (May 29)
[SECURITY] [DSA 510-1] New jftpgw packages fix format string vulnerability Matt Zimmerman (May 29)
[Full-Disclosure] iDEFENSE Security Advisory 05.27.04: 3Com OfficeConnect Remote 812 ADSL Router Authentication Bypass Vulnerability idlabs-advisories (May 29)
- Re: [Full-Disclosure] iDEFENSE Security Advisory 05.27.04: 3Com OfficeConnect Remote 812 ADSL Router Authentication Bypass Vulnerability Seth Alan Woolley (May 28)
[ GLSA 200405-25 ] tla: Heap-based buffer overflow in included libneon Thierry Carrez (May 31)
Users who have expired passwords can still log on to the domain if the FQDN is exactly eight characters long in Windows 2000 albatross (May 31)
Looking for a security contact of RealNetworks Live Rhapsody Philip Stoev (May 31)
[SECURITY] [DSA 511-1] New ethereal packages fix buffer overflows Matt Zimmerman (May 31)
Possible bug in PHPNuke and other CMS Luca Falavigna (May 31)
LinkSys WRT54G administration page availble to WAN Alan W. Rateliff, II (May 31)

Previous period

Next period