Buqtraq Archiv September 2002

• Thread Index

• The ScrollKeeper Root Trap
  • From: Spybreak
• XSS in Null HTTPd
  • From: Matthew Murphy
• [RHSA-2002:186-07] Updated scrollkeeper packages fix tempfile vulnerability
  • From: bugzilla
• One step easier password guessing on Windows
  • From: NP-completer
• SECNAP Security Alert: Radmin Default install options vulnerability
  • From: Michael Scheidell
• Re: Trillian XML parser buffer overflow
  • From: soulshock
• Happy Labor Day from Snosoft
  • From: KF
• Outlook S/MIME Vulnerability
  • From: Mike Benham
• Windows .NET Server (RC1) and MSDE (#NISR03092002B)
  • From: NGSSoftware Insight Security Research
• Microsoft SQL Server Stored procedures [sp_MSSetServerPropertiesn and sp_MSsetalertinfo] (#NISR03092002A)
  • From: NGSSoftware Insight Security Research
• New Paper: Threat profiling Microsoft SQL Server
  • From: NGSSoftware Insight Security Research
• SWS Web Server v0.1.0 Exploit
  • From: saman
• [SECURITY] [DSA 160-1] New scrollkeeper packages fix insecure temporary file creation
  • From: Martin Schulze
• Compaq mount patch broken
  • From: Paul Szabo
• Re: Outlook S/MIME Vulnerability
  • From: Spyder
• Re: CacheFlow CacheOS Cross-site Scripting Vulnerability
  • From: Blue
• SecuRemote usernames can be guessed or sniffed using IKE exchange
  • From: Roy Hills
• Cisco Security Advisory: Cisco VPN 3000 Concentrator Multiple Vulnerabilities
  • From: Cisco Systems Product Security Incident Response Team
• MSIEv6 % encoding causes a problem again
  • From: Liu Die Yu
• Re: SUMMARY: Disabling Port 445 (SMB) Entirely
  • From: Shaolin Tiger
• Re: One step easier password guessing on Windows
  • From: Howard Yeend
• Re: Security side-effects of Word fields
  • From: Woody Leonhard
• [security bulletin] SSRT2310a HP Tru64 UNIX & HP OpenVMS Potential OpenSSL Security Vulnerability (fwd)
  • From: Dave Ahmad
• Re: Compaq mount patch broken
  • From: Florian Weimer
• [CLA-2002:522] Conectiva Linux Security Announcement - mailman
  • From: secure
• Re: **maillist:: Outlook S/MIME Vulnerability
  • From: Thomas Seliger
• Cross-Site Scripting in Aestiva's HTML/OS
  • From: eax
• GLSA: scrollkeeper
  • From: Daniel Ahlberg
• Cacti security issues
  • From: Knights of the Routing Table
• Re: MSIEv6 % encoding causes a problem again
  • From: Dave Ahmad
• AFD 1.2.14 multiple local root compromises
  • From: Bert Vanmanshoven
• Re: **maillist:: Outlook S/MIME Vulnerability
  • From: Timothy J . Miller
• [SECURITY] [DSA 161-1] New Mantis package fixes privilege escalation
  • From: Martin Schulze
• TRU64 formal disclosure from Snosoft.
  • From: KF
• SPIKE 2.6 Released...
  • From: Dave Aitel
• Bypassing the Finjan SurfinGate URL filter
  • From: Marc Ruef
• Re: **maillist:: Outlook S/MIME Vulnerability
  • From: Torbjörn Hovmark
• Re: MSIEv6 % encoding causes a problem again
  • From: jelmer
• Re: MSIEv6 % encoding causes a problem again
  • From: Dave Ahmad
• Re: Compaq mount patch broken
  • From: Paul Szabo
• SuSE Security Announcement: glibc (SuSE-SA:2002:031)
  • From: Roman Drahtmueller
• GLSA: amavis
  • From: Daniel Ahlberg
• Cisco Security Advisory: Cisco VPN Client Multiple Vulnerabilities - Second Set
  • From: Cisco Systems Product Security Incident Response Team
• RE: SecuRemote usernames can be guessed or sniffed using IKE exchange
  • From: Scott Walker Register
• RE: Bypassing the Finjan SurfinGate URL filter
  • From: Menashe Eliezer
• advisory
  • From: UkR security team™
• RE: (Fwd) MSIEv6 % encoding causes a problem again
  • From: Thor Larholm
• Re: SWS Web Server v0.1.0 Exploit
  • From: 3APA3A
• MSIEv6 % encoding - Konqueror 3.0.3 also vulnerable
  • From: Piotr Pawłow
• zero-width gif: exploit PoC for NS6.2.3 (fixed in 7.0) [Was: GIFs Good, Flash Executable Bad]
  • From: zen-parse
• Foundstone Labs Advisory - Remotely Exploitable Buffer Overflow in PGP
  • From: Foundstone Labs
• Rapid 7 Advisory R7-0005: ZMerge Insecure Default ACLs
  • From: Rapid 7 Security Advisories
• Veritas Backup Exec opens networks for NetBIOS based attacks?
  • From: Geoff Craig
• Re: Security side-effects of Word fields
  • From: B . Goodman
• [SECURITY] [DSA 162-1] New ethereal packages fix buffer overflow
  • From: Martin Schulze
• RE: Veritas Backup Exec opens networks for NetBIOS based attacks?
  • From: Gino Genari
• UPDATE: (Was Veritas Backup Exec opens networks for NetBIOS based attacks?)
  • From: Geoff Craig
• Next-hop scanning for open firewall ports
  • From: David G. Andersen
• KSTAT (and maybe others) bypass
  • From: Dark Angel
• Re: MSIEv6 % encoding - Konqueror 3.0.3 also vulnerable
  • From: Dirk Mueller
• MDKSA-2002:054-1 - gaim update
  • From: Mandrake Linux Security Team
• All versions of windows infected?
  • From: Iamhatingit
• Re: All versions of windows infected?
  • From: Walter Hop
• NetGear FM114P URL filter bypassing vulnerability
  • From: Marc Ruef
• Re: Next-hop scanning for open firewall ports
  • From: Chris Brenton
• Re: All versions of windows infected?
  • From: Axel Pettinger
• Re: Next-hop scanning for open firewall ports
  • From: Darren Reed
• PHP header() CRLF Injection
  • From: Matthew Murphy
• Vulnerabilities in Microsoft's Java implementation
  • From: Jouko Pynnonen
• Who framed Internet Explorer (GM#010-IE)
  • From: GreyMagic Software
• Guardent Client Advisory: Multiple wordtrans-web Vulnerabilities
  • From: Allen . Wilson
• GLSA: glibc
  • From: Daniel Ahlberg
• [SECURITY] [DSA 159-2] New Python packages fix problem introduced by security fix
  • From: Martin Schulze
• phpGB: cross site scripting bug
  • From: ppp-design
• [RHSA-2002:188-08] New wordtrans packages fix remote vulnerabilities
  • From: bugzilla
• phpGB: mysql injection bug
  • From: ppp-design
• phpGB: DoS and executing_arbitrary_commands
  • From: ppp-design
• sql injection vulnerability in WBB 2.0 RC1 and below
  • From: Cano2
• Trillian weakly encrypts saved passwords
  • From: Evan Nemerson
• Unmask 1.0 Release Party at My House!
  • From: Dave Aitel
• [SECURITY] [DSA 163-1] New mhonarc packages fix cross site scripting problems
  • From: Martin Schulze
• Re: Trillian weakly encrypts saved passwords
  • From: Mike Benham
• RE: Trillian weakly encrypts saved passwords
  • From: Brenna Primrose
• Small bug crashes OE
  • From: Raistlin
• Small correction...
  • From: Raistlin
• RE: PHP header() CRLF Injection
  • From: Eric Stevens
• PHP fopen() CRLF Injection
  • From: Ulf Harnhammar
• Strange Attractors and TCP/IP Sequence Number Analysis - One Year Later
  • From: Michal Zalewski
• MDKSA-2002:058 - kdelibs update
  • From: Mandrake Linux Security Team
• [SECURITY] [DSA 164-1] New cacti package fixes arbitrary code execution
  • From: Martin Schulze
• IE6 SP1 Notes
  • From: Thor Larholm
• MDKSA-2002:057 - krb5 update
  • From: Mandrake Linux Security Team
• Re: Trillian weakly encrypts saved passwords
  • From: jelmer
• [RHSA-2002:189-08] Updated gaim client fixes URL vulnerability
  • From: bugzilla
• Re: Small bug crashes OE
  • From: Kilian CAVALOTTI
• RE: Who framed Internet Explorer and IE6 SP1
  • From: GreyMagic Software
• Password Security Policy Question
  • From: L. Adrian Griffis
• Re: Password Security Policy Question
  • From: Roman Drahtmueller
• Re: Password Security Policy Question
  • From: bugtraq
• Apple QuickTime ActiveX v5.0.2 Buffer Overrun (a091002-1)
  • From: @stake Advisories
• Foundstone Labs Advisory - Buffer Overflow in Savant Web Server
  • From: Foundstone Labs
• [security bulletin] SSRT-547 HP Tru64 UNIX Potential Security Vulnerabilities TPC/IP, FTPD, ARP (fwd)
  • From: Dave Ahmad
• Buffer over/underflows in ssldump prior to 0.9b3
  • From: Eric Rescorla
• KDE Security Advisory: Secure Cookie Vulnerability
  • From: Dirk Mueller
• KDE Security Advisory: Konqueror Cross Site Scripting Vulnerability
  • From: Dirk Mueller
• MDKSA-2002:059 - php update
  • From: Mandrake Linux Security Team
• Re: Vulnerabilities in Microsoft's Java implementation
  • From: Damon McMahon
• Re: Foundstone Labs Advisory - Buffer Overflow in Savant Web Server
  • From: zeno
• RE: SecuRemote usernames can be guessed or sniffed using IKE exchange
  • From: Roy Hills
• Final Speakers for HiverCon 2002 Announced
  • From: Mark Anderson
• Re: Small bug crashes OE
  • From: Berend-Jan Wever
• Norton AntiVirus 2001 POP3 Proxy local DoS
  • From: Berend-Jan Wever
• Re: Vulnerabilities in Microsoft's Java implementation
  • From: Gwendal Stevanazzi
• slashdot / slashcode disclosing passwords
  • From: Michal Zalewski
• Privacy leak in mozilla
  • From: Sven Neuhaus
• Some unpatched vulnerabilities fixed
  • From: Auriemma Luigi
• Re: Vulnerabilities in Microsoft's Java implementation
  • From: Mike Duncan
• Re: slashdot / slashcode disclosing passwords
  • From: Craig Dickson
• Re: slashdot / slashcode disclosing passwords
  • From: Michal Zalewski
• Re: Password Security Policy Question
  • From: Greg A. Woods
• efstool slackware 7.1 local root exploit exploit included
  • From: Cloud Ass
• Re: slashdot / slashcode disclosing passwords
  • From: Jamie McCarthy
• Re: slashdot / slashcode disclosing passwords
  • From: Michal Zalewski
• Bypassing SMTP Content Protection with a Flick of a Button
  • From: Aviram Jenik
• ht://Check XSS
  • From: Ulf Harnhammar
• the attachement
  • From: jelmer
• LEVERAGING CROSS-PROTOCOL SCRIPTING IN MSIE
  • From: jelmer
• [SECURITY] [DSA 165-1] New PostgreSQL packages fix several vulnerabilities
  • From: Martin Schulze
• MIMEDefang update (was Re: Bypassing SMTP Content Protection )
  • From: David F. Skoll
• Re: efstool slackware 7.1 local root exploit exploit included
  • From: Jeffrey Denton
• Bypassing TrendMicro InterScan VirusWall
  • From: Vincent Royer
• xbreaky symlink vulnerability
  • From: Marco van Berkum
• Re: PHP fopen() CRLF Injection
  • From: Ulf Harnhammar
• Re: Small bug crashes OE
  • From: David Komanek
• FW: Bypassing SMTP Content Protection with a Flick of a Button
  • From: Menashe Eliezer
• Roaring Penguin fixes for "Bypassing SMTP Content Protection with a Flick of a Button"
  • From: David F. Skoll
• Re: xbreaky symlink vulnerability
  • From: Jeremy C. Reed
• [CLA-2002:523] Conectiva Linux Security Announcement - util-linux
  • From: secure
• Re: PHP fopen() CRLF Injection
  • From: Stefan Esser
• Re: xbreaky symlink vulnerability
  • From: Marco van Berkum
• Re: Bypassing SMTP Content Protection with a Flick of a Button
  • From: Gossi The Dog
• [SECURITY] [DSA 166-1] New purity packages fix potential buffer overflows
  • From: Martin Schulze
• Scan against Enterasys SSR8000 crash the system
  • From: Mella Marco
• [securitydigest.org]: Changes in August/September 2002
  • From: Curator at Security Digest Archives
• Re: Password Security Policy Question
  • From: Nick Lamb
• Re: Password Security Policy Question
  • From: Solar Designer
• RE: Apache worm in the wild
  • From: Sandu Mihai
• bugtraq.c httpd apache ssl attack
  • From: Fernando Nunes
• Re: Multiple vulnerabilities in Avaya Argent Office
  • From: Russell Garrett
• Race condition in BRU Workstation 17.0
  • From: prophecy
• OpenSSL worm in the wild
  • From: Ben Laurie
• Security Issue with Mac OS X
  • From: Christopher Allene
• Cobalt 6.0 Local Root
  • From: Brendan C. Johnson
• Savant 3.1 multiple vulnerabilities
  • From: Auriemma Luigi
• Re: OpenSSL worm in the wild
  • From: Dave Ahmad
• Re: bugtraq.c httpd apache ssl attack
  • From: The Little Prince
• Re: Race condition in BRU Workstation 17.0
  • From: Peter Watkins
• Re: bugtraq.c httpd apache ssl attack
  • From: adamkuj
• RE: bugtraq.c httpd apache ssl attack
  • From: Sandu Mihai
• [RHSA-2002:036-26] Updated ethereal packages available
  • From: bugzilla
• Re: OpenSSL worm in the wild
  • From: Eric Rescorla
• Re: OpenSSL worm in the wild
  • From: Eric Rescorla
• Re: bugtraq.c httpd apache ssl attack
  • From: Fernando Nunes
• Re: Race condition in BRU Workstation 17.0
  • From: prophecy
• nidump on OS X
  • From: Dale Harris
• RE: bugtraq.c httpd apache ssl attack
  • From: Sandu Mihai Eduard
• NSSI-2002-sygatepfw5: Sygate Personal Firewall IP Spoofing Vulnerability
  • From: Abraham Lincoln
• OpenSSH 3.4p1 Privsep
  • From: Andrew Danforth
• iDEFENSE Security Advisory 09.16.2002: FreeBSD Ports libkvm Security Vulnerabilities
  • From: David Endler
• [SECURITY] [DSA-136-2] Multiple OpenSSL problems (update)
  • From: Michael Stone
• Re: Linux Slapper Worm code
  • From: KF
• [SECURITY] [DSA 167-1] New kdelibs fix cross site scripting bug
  • From: Martin Schulze
• NetBSD Security Advisory 2002-011: Sun RPC XDR decoder contains buffer overflow
  • From: NetBSD Security Officer
• NetBSD Security Advisory 2002-009:
  • From: NetBSD Security Officer
• NetBSD Security Advisory 2002-017: shutdown(s, SHUT_RD) on TCP socket does not work as intended
  • From: NetBSD Security Officer
• Re: bugtraq.c httpd apache ssl attack
  • From: Ben Kittridge
• Microsoft Windows XP Remote Desktop denial of service vulnerability
  • From: Ben Cohen
• Re: Bug in Opera and Konqueror
  • From: Dirk Mueller
• Microsoft Windows Remote Desktop Protocol checksum and keystroke vulnerabilities
  • From: Ben Cohen
• Re: Password Security Policy Question
  • From: Nate Lawson
• NetBSD Security Advisory 2002-007: Repeated TIOCSCTTY ioctl can corrupt session hold counts
  • From: NetBSD Security Officer
• [SECURITY] [DSA-136-3] Multiple OpenSSL problems (update)
  • From: Michael Stone
• Lycos HTMLGear Guestbook Script Injection Vulnerability
  • From: Matthew Murphy
• NetBSD Security Advisory 2002-006: buffer overrun in libc/libresolv DNS resolver
  • From: NetBSD Security Officer
• NetBSD Security Advisory 2002-012: buffer overrun in setlocale
  • From: NetBSD Security Officer
• joe editor backup problem
  • From: Ondrej Suchy
• Re: Bypassing SMTP Content Protection with a Flick of a Button
  • From: Steven M. Bellovin
• NetBSD Security Advisory 2002-013: Bug in NFS server code allows remote denial of service
  • From: NetBSD Security Officer
• Advisory: File disclosure in DB4Web
  • From: Stefan . Bagdohn
• Bug in Opera and Konqueror
  • From: Zeux
• Remote detection of vulnerable OpenSSL versions
  • From: Florian Weimer
• NetBSD Security Advisory 2002-010: symlink race in pppd
  • From: NetBSD Security Officer
• Planet Web Software Buffer Overflow
  • From: UkR security team™
• Multiple NetBSD Security Advisories Released/Updated
  • From: NetBSD Security Officer
• FreeBSD Security Advisory FreeBSD-SA-02:39.libkvm
  • From: FreeBSD Security Advisories
• Analysis of Modap worm
  • From: Mario van Velzen
• NetBSD Security Advisory 2002-018: Multiple security isses with kfd daemon
  • From: NetBSD Security Officer
• Re: bugtraq.c httpd apache ssl attack
  • From: Ben Laurie
• Re: Remote detection of vulnerable OpenSSL versions
  • From: Eric Rescorla
• [SECURITY] [DSA 168-1] New PHP packages fix several vulnerabilities
  • From: Martin Schulze
• Microsoft Windows Terminal Services vulnerabilities
  • From: Ben Cohen
• Re: OpenSSH 3.4p1 Privsep
  • From: eric
• Re: nidump on OS X
  • From: Bryan Blackburn
• Advisory: TCP-Connection risk in DB4Web
  • From: Stefan . Bagdohn
• Re: nidump on OS X
  • From: Jason A. Fager
• Re: nidump on OS X
  • From: Martin
• Re: Password Security Policy Question
  • From: Crispin Cowan
• Cisco VPN 5000 client buffer overflow vulnerabilities.
  • From: Niels Heinen
• Trillian .74 and below, ident flaw.
  • From: Lance Fitz-Herbert
• IRIX default root umask and coredumps
  • From: SGI Security Coordinator
• Cisco Security Advisory: Cisco VPN 5000 Client Multiple Vulnerabilities
  • From: Cisco Systems Product Security Incident Response Team
• Cisco Security Advisory: Microsoft Windows SMB Denial of Service Vulnerabilities in Cisco Products - MS02-045
  • From: Cisco Systems Product Security Incident Response Team
• SuSE Security Announcement: xf86 (SuSE-SA:2002:032)
  • From: Sebastian Krahmer
• NetBSD Security Advisory 2002-014: fd_set overrun in mbone tools and pppd
  • From: NetBSD Security Officer
• Execution Rights Not Checked Correctly For 16-bit Applications
  • From: Torbjörn Hovmark
• Fw: [ut2003bugs] remote denial of service in ut2003 demo
  • From: Arne Schwerdtfegger
• Re: OpenSSH 3.4p1 Privsep
  • From: Peter J. Holzer
• Re: OpenSSH 3.4p1 Privsep
  • From: Just Marc
• Web browser certificate Validation flaw: Netscape, Mozilla, MSIE vulnerable - still?
  • From: Pidgorny, Slav
• Re: Trillian .74 and below, ident flaw.
  • From: Jason Barbour
• Re: slashdot / slashcode disclosing passwords
  • From: Jamie McCarthy
• Re: OpenSSH 3.4p1 Privsep
  • From: Artem Chuprina
• Firewall-1 –HTTP Security Server - Proxy vulnerability
  • From: Mark van Gelder
• iDEFENSE Security Advisory 09.18.2002: Security Vulnerabilities in OSF1/Tru64 3.
  • From: David Endler
• Re: nidump on OS X
  • From: John C. Welch
• RE: Execution Rights Not Checked Correctly For 16-bit Application s
  • From: Vigneau, Steve
• Foundstone Research Labs Advisory - Remotely Exploitable Buffer Overflow in ISS Scanner
  • From: Marshall Beddoe
• Re: Bug in Opera and Konqueror
  • From: Andy Spiers
• trillian DoS: trillian 1.0 pro also vulnerable
  • From: Jose Nazario
• Re: Linux Slapper Worm
  • From: Ajai Khattri
• Mozilla vulnerabilities, an update
  • From: Thor Larholm
• The Art of Unspoofing
  • From: eric.prince
• NetMeeting 3.01 Local RDS Session Hijacking
  • From: Paul A Roberts
• Re: Bug in Opera and Konqueror
  • From: Michael McCallum
• Re: Execution Rights Not Checked Correctly For 16-bit Applications
  • From: Torbjörn Hovmark
• KPMG-2002035: IBM Websphere Large Header DoS
  • From: Peter Gründl
• The Trivial Cisco IP Phones Compromise
  • From: Ofir Arkin
• Re: Web browser certificate Validation flaw: Netscape, Mozilla, MSIE vulnerable - still?
  • From: nestler
• Trillian .73 & .74 "PRIVMSG" Overflow.
  • From: Lance Fitz-Herbert
• Re: The Art of Unspoofing
  • From: Euan
• Re: The Art of Unspoofing
  • From: Darren Reed
• Re: Linux Slapper Worm
  • From: Miroslaw Jaworski
• http://online.securityfocus.com/archive/1/291358/2002-09-08/2002-09-14/0, Subj: Norton AintiVirus 2001 POPROXY DoS
  • From: Sym Security
• [CLA-2002:524] Conectiva Linux Security Announcement - postgresql
  • From: secure
• Re: nidump on OS X
  • From: Blake Watters
• Re: [Full-Disclosure] iDEFENSE Security Advisory 09.18.2002: Security Vulnerabilities in OSF1/Tru64 3.
  • From: Steven M. Christey
• Re: Linux Slapper Worm
  • From: Charles Stevenson
• Squirrel Mail 1.2.7 XSS Exploit
  • From: DarC KonQuesT
• Re: Squirrel Mail 1.2.7 XSS Exploit
  • From: Jason Munro
• iDEFENSE OSF1/Tru64 3.x vuln clarification
  • From: KF
• More vulnerabilities (Re: Security side-effects of Word fields)
  • From: Alex Gantman
• CanSecWest/core03
  • From: Dragos Ruiu
• Re: The Trivial Cisco IP Phones Compromise
  • From: Jim Duncan
• [CLA-2002:525] Conectiva Linux Security Announcement - kdelibs
  • From: secure
• ANNOUNCE: Egads 0.9.5
  • From: EGADS Team
• ANNOUNCE: RATS 2.0
  • From: RATS Team
• Re: Trillian .74 and below, ident flaw.
  • From: netmask {enZo}
• Re: Microsoft Windows Terminal Services vulnerabilities
  • From: Ben Cohen
• Yet Another. Trillian 'JOIN' Overflow.
  • From: Lance Fitz-Herbert
• Re: NetMeeting 3.01 Local RDS Session Hijacking
  • From: proberts
• ShadowCon 2002
  • From: Sharla Warren
• Re: The Trivial Cisco IP Phones Compromise
  • From: Peter Peters
• SuSE Security Announcement: Slapper worm (SuSE-SA:2002:033)
  • From: Olaf Kirch
• Re: The Art of Unspoofing
  • From: Sean Trifero
• RE: The Trivial Cisco IP Phones Compromise
  • From: Ofir Arkin
• Re: [UPDATED] Advisory: Multiple 602Pro LAN SUITE 2002 Denial of Service Attacks
  • From: Brandon Sturgeon
• And Again. Trillian 'raw 221' Overflow.
  • From: Lance Fitz-Herbert
• Sendmail logging and short string precision allows anonymous commands/relay
  • From: netmask {enZo}
• *sigh* Trillian multiple DoS's flaws.
  • From: Lance Fitz-Herbert
• remote exploitable heap overflow in Null HTTPd 0.5.0
  • From: Bert Vanmanshoven
• JAWmail XSS
  • From: Ulf Harnhammar
• ToorCon 2002 This Weekend
  • From: h1kari
• NetBSD Security Advisory 2002-009: Multiple vulnerabilities in OpenSSL code (updated 2002/9/22)
  • From: NetBSD Security Officer
• RE: NetMeeting 3.01 Local RDS Session Hijacking
  • From: Adcock, Matt
• Technical information about the vulnerabilities fixed by MS-02-52
  • From: Jouko Pynnonen
• IE6 SSL Certificate Chain Verification
  • From: Zoltán Nochta
• PHP source injection in phpWebSite
  • From: Tim Vandermeersch
• [security bulletin] SSRT2362 WEBES Service Tools (HP Tru64 UNIX, HP OpenVMS, Windows) Potential File Access Vulnerability (fwd)
  • From: Dave Ahmad
• iDEFENSE Security Advisory 09.23.2002: Directory Traversal in Dino's Webserver
  • From: David Endler
• [CLA-2002:526] Conectiva Linux Security Announcement - xchat
  • From: secure
• Wireless Networking Frailty
  • From: gregh
• Now Online: OWASP Guide to Building Secure Web Applications v1.1
  • From: David Endler
• Trillian Remote DoS Attack - AIM
  • From: Spikeman
• Kondara MNU/Linux
  • From: Kurt Seifried
• HP Procurve 4000M Stacked Switch HTTP Reset Vulnerability
  • From: Brook Powers
• Slapper worm redux;
  • From: Ron DuFresne
• JSP source code exposure in Tomcat 4.x
  • From: Rossen Raykov
• Xoops RC3 script injection vulnerability
  • From: das
• Re: JSP source code exposure in Tomcat 4.x
  • From: DominusQ
• Apache 2.0.(39|40) DOS (PHP!)
  • From: shaddup
• RE: Trillian Remote DoS Attack - AIM
  • From: Joshua Wright
• Re: IE6 SSL Certificate Chain Verification
  • From: Jason
• Re: PHP source injection in phpWebSite
  • From: Matthias Bauer
• PHPNUKE 6 XSS Vulnerabilities
  • From: Mark Grimes
• Re: JSP source code exposure in Tomcat 4.x
  • From: Marcin Jackowski
• RE: Trillian Remote DoS Attack - AIM
  • From: Eric Stevens
• Information Disclosure with Invision Board installation (fwd)
  • From: Gossi The Dog
• [RHSA-2002:060-17] Updated Zope packages are available
  • From: bugzilla
• RE: JSP source code exposure in Tomcat 4.x
  • From: Martin Robson
• Shana Informed 3.05 information disclosure
  • From: sullo
• IIL Advisory: Format String bug in Null Webmail (0.6.3)
  • From: DownBload
• IIL Advisory: Vulnerabilities in acWEB HTTP server
  • From: DownBload
• Re: Information Disclosure with Invision Board installation (fwd)
  • From: Gossi The Dog
• OpenVMS POP server local vulnerability
  • From: Mike Riley
• GLSA: tomcat
  • From: Daniel Ahlberg
• ECHU Alert #2: IMG Attack in the news : 6 CMS vulnerables
  • From: das
• IIL Advisory: Reverse traversal vulnerability in Monkey (0.1.4) HTTP server
  • From: DownBload
• PHP-Nuke x.x SQL Injection
  • From: Pedro Inacio
• Not a bug: IIL Advisory: Format String bug in Null Webmail (0.6.3)
  • From: Andrew Church
• Fwd: QuickTime for Windows ActiveX security advisory
  • From: Marc Bejarano
• Re: Information Disclosure with Invision Board installation (fwd)
  • From: Ka
• Borland Interbase local root exploit
  • From: grazer
• iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv
  • From: David Endler
• Re: Xoops RC3 script injection vulnerability fixed
  • From: Sergio
• Errata: iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv
  • From: David Endler
• Microsoft PPTP Server and Client remote vulnerability
  • From: sh
• Re: iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv
  • From: Boris Veytsman
• [SECURITY] [DSA 149-2] New glibc packages fix
  • From: Martin Schulze
• RE: iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv
  • From: David Endler
• Postnuke XSS issues
  • From: Mark Grimes
• PHP-Nuke x.x AND PostNuke SQL Injection
  • From: Pedro Inacio
• Postnuke XSS issues [correction]
  • From: Mark Grimes
• remote SYSTEM compromise in WASD OpenVMS http server
  • From: Jean-loup Gailly
• Re: IIL Advisory: Reverse traversal vulnerability in Monkey (0.1.4) HTTP server
  • From: Daniel R. Ome
• Watchguard firewall appliances security issues
  • From: Joao Gouveia
• GLSA: dietlibc
  • From: Daniel Ahlberg
• Yet another XSS vulnerability in PHP NUKE
  • From: ersatz
• GLSA: glibc (update)
  • From: Daniel Ahlberg
• Allot Netenforcer problems, GNU TAR flaw
  • From: Bencsath Boldizsar
• Re: Hacking Citrix Faq (fwd)
  • From: Dave Ahmad
• Another possible RFC 2046 vulnerability.
  • From: Jose Marcio Martins da Cruz
• Re: Information Disclosure with Invision Board installation (fwd)
  • From: Bonemach
• Re: Xoops RC3 script injection vulnerability
  • From: Sergio
• Software Update Available for Legacy RapidStream Appliances and W atchGuard Firebox Vclass appliances
  • From: Steve Fallin
• Re: Yet another XSS vulnerability in PHP NUKE
  • From: Muhammad Faisal Rauf Danka
• Jetty jsp/servlet engine xss / uname disclosure vuln
  • From: skinnay
• SafeTP coughs up internal server IP addresses
  • From: Jonathan G. Lampe
• Re: Xoops RC3 script injection vulnerability
  • From: RuIezz
• iDEFENSE Security Advisory 09.30.2002: Buffer Overflow in WN Server
  • From: David Endler
• Advisory 03/2002: Fetchmail remote vulnerabilities
  • From: Stefan Esser
• [RHSA-2002:096-24] Updated unzip and tar packages fix vulnerabilities
  • From: bugzilla
• [LoWNOISE] "Get Knowledge" SunONE Starter Kit - Sun Microsystems/Astaware
  • From: ET LoWNOISE
• XSS bug in Monkey (0.5.0) HTTP server
  • From: DownBload
• QT Assistant leaves port unfiltered
  • From: Rohit Sharma
• Re: Another possible RFC 2046 vulnerability.
  • From: Daniel Pittman
• SuSE Security Announcement: heimdal (SuSE-SA:2002:034)
  • From: Sebastian Krahmer
• MyNewsGroups :) XSS patch
  • From: Ulf Harnhammar
• IIL Advisory: Winamp 3 (1.0.0.488) XML parser buffer overflow vulnerability
  • From: annihilator
• local exploitable overflow in rogue/FreeBSD
  • From: stanojr
• NETGEAR FVS318 Information Disclosure
  • From: Fab\\AIS
• Re: Another possible RFC 2046 vulnerability.
  • From: Earl Hood
• Re: Postnuke XSS issues [correction]
  • From: Brian E
• GNU tar (Re: Allot Netenforcer problems, GNU TAR flaw)
  • From: Solar Designer
• XSS bug in MyMarket 1.71
  • From: qber66