Buqtraq Archiv November 2002

• Thread Index

• MDKSA-2002:074 - mozilla update
  • From: Mandrake Linux Security Team
• Cisco Security Advisory: Cisco ONS15454 and Cisco ONS15327 Vulnerabilities
  • From: Cisco Systems Product Security Incident Response Team
• iDEFENSE Security Advisory 10.31.02b: Prometheus Application Framework Code Injection
  • From: David Endler
• iDEFENSE Security Advisory 10.31.02a: Denial of Service Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router
  • From: David Endler
• iDEFENSE Security Advisory 10.31.02c: PHP-Nuke SQL Injection Vulnerability
  • From: David Endler
• [SECURITY] [DSA 186-1] New log2mail packages fix several vulnerabilities
  • From: Martin Schulze
• M$ VPN hole reported
  • From: AK
• Re: IP SmartSpoofing : How to bypass all IP filters relying on source IPaddress
  • From: Ossian Vitek
• Re: Motorola Cable Modem DOS
  • From: Sam Hayes Merritt, III
• Re: Gimp: Erased sections of images print in some cases
  • From: Clark Mills
• Weak Password Encryption Scheme in Integrated Dialer
  • From: Arjun Pednekar
• RE: Motorola Cable Modem DOS
  • From: Jeroen Kessenich
• ion-p.exe allows Remote File Retrieving
  • From: Zero-X www.lobnan.de Team
• Netscreen SSH1 CRC32 Compensation Denial of service
  • From: Erik Parker
• Re: iDEFENSE Security Advisory 10.31.02a: Denial of Service Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router
  • From: Alex Harasic
• Iomega NAS A300U security and inter-operability issues
  • From: Keith R. Watson
• RE: Netscreen SSH1 CRC32 Compensation Denial of service
  • From: John
• (Correction) Netscreen SSH1 CRC32 Compensation Denial of service
  • From: Erik Parker
• iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse
  • From: David Endler
• Bug in EventSave
  • From: Frank Heyne
• Mindwall Project
  • From: Tamer Sahin
• RE: Bypassing website filter in SonicWall
  • From: Brian J. Gaia
• Re: ion-p.exe allows Remote File Retrieving
  • From: Stuart Moore
• Weak Password Encryption Scheme in MS SQL Server
  • From: K. K. Mookhey
• [SECURITY] [DSA 187-1] New Apache packages fix several vulnerabilities
  • From: Martin Schulze
• iDEFENSE Security Advisory 11.04.02b: Denial of Service Vulnerability in Xeneo Web Server
  • From: David Endler
• iDEFENSE Security Advisory 11.04.02a: Pablo FTP Server DoS Vulnerability
  • From: David Endler
• [A3SC] MS IIS out of process privilege elevation vulnerability(A3CR@K-Vul-2002-06-002)
  • From: li0n
• [Announce] AngeL v0.9.0
  • From: Paolo Perego
• Accesspoints disclose wep keys, password and mac filter (fwd)
  • From: Tom Knienieder
• Re: Allot Netenforcer problems, GNU TAR flaw
  • From: Felix Radensky
• Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002)
  • From: NGSSoftware Insight Security Research
• Re: Accesspoints disclose wep keys, password and mac filter (fwd)
  • From: Frank Louwers
• Re: Accesspoints disclose wep keys, password and mac filter (fwd)
  • From: Cliff Albert
• RE: Accesspoints disclose wep keys, password and mac filter (fwd)
  • From: Melson, Paul
• Re: Motorola Cable Modem DOS
  • From: Juraj Ziegler
• [SNS Advisory No.58] Microsoft IIS Local Cross-site Scripting Vulnerability
  • From: snsadv@xxxxxxxxx
• Re: Accesspoints disclose wep keys, password and mac filter (fwd)
  • From: d k
• ZoneEdit Account Hijack Vulnerability
  • From: [secondmotion]-Matt Thompson
• IRIX CDE ToolTalk rpc.ttdbserverd vulnerabilities
  • From: SGI Security Coordinator
• SuSE Security Announcement: perl-MailTools (SuSE-SA:2002:041)
  • From: Sebastian Krahmer
• RE: [security bulletin] SSRT2265 HP TruCluster Server Interconnect Potential Security Vulnerability (fwd)
  • From: Dave Ahmad
• SnortCenter 0.9.5 temp file naming problems...
  • From: Clint Byrum
• networking_utils.php
  • From: Tacettin Karadeniz
• Re: A technique to mitigate cookie-stealing XSS attacks
  • From: Florian Weimer
• Bug in Monkey Webserver 0.5.0 or minors versions
  • From: Daniel
• When scrubbing secrets in memory doesn't work
  • From: Michael Howard
• RE: A technique to mitigate cookie-stealing XSS attacks
  • From: NESTING, DAVID M (SBCSI)
• Re: When scrubbing secrets in memory doesn't work
  • From: Perry E. Metzger
• A technique to mitigate cookie-stealing XSS attacks
  • From: Michael Howard
• GLSA: MailTools
  • From: Daniel Ahlberg
• [CLA-2002:539] Conectiva Linux Security Announcement - ypserv
  • From: secure
• [CLA-2002:541] Conectiva Linux Security Announcement - mod_ssl
  • From: secure
• [CLA-2002:540] Conectiva Linux Security Announcement - heartbeat
  • From: secure
• [CLA-2002:537] Conectiva Linux Security Announcement - tetex
  • From: secure
• [CLA-2002:534] Conectiva Linux Security Announcement - krb5
  • From: secure
• [CLA-2002:542] Conectiva Linux Security Announcement - gv/kghostview
  • From: secure
• [CLA-2002:538] Conectiva Linux Security Announcement - tar/unzip
  • From: secure
• [CLA-2002:535] Conectiva Linux Security Announcement - glibc
  • From: secure
• Re: ZoneEdit Account Hijack Vulnerability
  • From: securityfocus
• iDEFENSE Security Advisory 11.06.02: Non-Explicit Path Vulnerability in LuxMan
  • From: David Endler
• [SECURITY] [DSA 189-1] New luxman packages fix local root exploit
  • From: Martin Schulze
• Re: Oracle Security Contact
  • From: Steven M. Christey
• Re: [Full-Disclosure] Re: Oracle Security Contact
  • From: Chris Wysopal
• QNX 6.1 TimeCreate weakness
  • From: Pawel Pisarczyk
• IRIX ToolTalk rpc.ttdbserverd vulnerabilities
  • From: SGI Security Coordinator
• How to execute programs with parameters in IE - Sandblad advisory #10
  • From: Andreas Sandblad
• [CLA-2002:544] Conectiva Linux Security Announcement - linuxconf
  • From: secure
• Linksys security contact
  • From: David Endler
• Remote pine Denial of Service
  • From: Linus Sjöberg
• RE: How to execute programs with parameters in IE - Sandblad advisory #10
  • From: Thor Larholm
• Re: Accesspoints disclose wep keys, password and mac filter (fwd)
  • From: informatik.koerfer
• Re: Motorola Cable Modem DOS
  • From: Peter Jeremy
• Yahoo Messenger: Invisible User Detect
  • From: cringe
• Re: When scrubbing secrets in memory doesn't work
  • From: Gianni Tedesco
• [SECURITY] [DSA 191-1] New squirrelmail packages fix cross site scripting bugs
  • From: Martin Schulze
• [RHSA-2002:197-09] Updated glibc packages fix vulnerabilities in resolver
  • From: bugzilla
• Vulnerability in Cutecast Forum v1.2
  • From: Zero-X www.lobnan.de Team
• Re: When scrubbing secrets in memory doesn't work
  • From: Andy Polyakov
• Re: A technique to mitigate cookie-stealing XSS attacks
  • From: Matthew Collins
• Re: Remote pine Denial of Service
  • From: Erik Parker
• RES: A technique to mitigate cookie-stealing XSS attacks
  • From: AQBARROS
• Re: Yahoo Messenger: Invisible User Detect
  • From: Chris Caydes
• RE: Motorola Cable Modem DOS
  • From: Fulton Preston
• Re: A technique to mitigate cookie-stealing XSS attacks
  • From: Valdis . Kletnieks
• [SECURITY] [DSA-190-1] buffer overflow in Window Maker
  • From: Wichert Akkerman
• Re: Accesspoints disclose wep keys, password and mac filter (fwd)
  • From: informatik.koerfer
• Re: Accesspoints disclose wep keys, password and mac filter (fwd)
  • From: Hakan Carlsson
• Lotus Domino HTTP Server security issue
  • From: Frank Perreault
• Help Please
  • From: Mark Litchfield
• Re: Bypassing website filter in SonicWall
  • From: Justin King
• Re: When scrubbing secrets in memory doesn't work
  • From: Valdis . Kletnieks
• Re: A technique to mitigate cookie-stealing XSS attacks
  • From: Nick Simicich
• Re: A technique to mitigate cookie-stealing XSS attacks
  • From: Florian Weimer
• Re: How to execute programs with parameters in IE - Sandblad advisory #10
  • From: jelmer
• Re: How to execute programs with parameters in IE - Sandblad advisory #10
  • From: Gert Fokkema
• Re: A technique to mitigate cookie-stealing XSS attacks
  • From: Steven M. Christey
• Re: RES: A technique to mitigate cookie-stealing XSS attacks
  • From: Florian Weimer
• [RHSA-2002:242-06] Updated kerberos packages available
  • From: bugzilla
• Re: A technique to mitigate cookie-stealing XSS attacks
  • From: Peter Watkins
• iDEFENSE Security Advisory 11.08.02a: File Disclosure Vulnerability in Simple Web Server
  • From: David Endler
• iDEFENSE Security Advisory 11.08.02b: Non-Explicit Path Vulnerability in QNX Neutrino RTOS
  • From: David Endler
• MDKSA-2002:076 - perl-MailTools update
  • From: Mandrake Linux Security Team
• MDKSA-2002:075 - nss_ldap update
  • From: Mandrake Linux Security Team
• Re: Accesspoints disclose wep keys, password and mac filter (fwd)
  • From: Thomas Sarlandie
• Re: A technique to mitigate cookie-stealing XSS attacks
  • From: David Wagner
• RE: A technique to mitigate cookie-stealing XSS attacks
  • From: Michael Howard
• LiteServe Directory Index Cross-Site Scripting
  • From: Matthew Murphy
• Re: Accesspoints disclose wep keys, password and mac filter (fwd)
  • From: Casper Dik
• Re: PHP-Nuke SQL Injection Vulnerability
  • From: Predrag Damnjanovic
• Re: Accesspoints disclose wep keys, password and mac filter (fwd)
  • From: Alex Harasic
• Re: [VulnWatch] Netscreen SSH1 CRC32 Compensation Denial of service
  • From: quentyn
• Re: Help Please
  • From: Patrick Oonk
• [SECURITY] [DSA 188-1] New Apache-SSL packages fix several vulnerabilities
  • From: Martin Schulze
• When scrubbing secrets in memory doesn't work
  • From: Michael Howard
• Re: Accesspoints disclose wep keys, password and mac filter (fwd)
  • From: Tollef Fog Heen
• Re: Accesspoints disclose wep keys, password and mac filter (fwd)
  • From: tenty
• NetBSD Security Advisory 2002-024: IPFilter FTP proxy
  • From: NetBSD Security Officer
• Oracle iSQL*Plus buffer Overflow..
  • From: deadbeat
• [Security Announce] Re: MDKSA-2002:076 - perl-MailTools update
  • From: Vincent Danen
• Cisco PIX SSH/telnet dDOS vulnerability CSCdy51810
  • From: Nils Reichen
• Re: A technique to mitigate cookie-stealing XSS attacks
  • From: Justin King
• Technical information about unpatched MS Java vulnerabilities
  • From: Jouko Pynnonen
• Re: Motorola Cable Modem DOS
  • From: Peter Arnts
• Potential Denial of Service Vulnerability in IRIX RPC-based libc
  • From: SGI Security Coordinator
• [SECURITY] [DSA 192-1] New html2ps packages fix arbitrary code execution
  • From: Martin Schulze
• Securing OWA on public computers.
  • From: Alex T.
• RhinoSoft Serv-U FTP Anonymous Remote DoS Vulnerability
  • From: [secondmotion]-Matt Thompson
• Re: How to execute programs with parameters in IE - Sandblad advisory #10
  • From: hysterix1
• Re: Remote pine Denial of Service
  • From: Erik Parker
• Finding Vendor Security Contacts
  • From: Ed Ravin
• Re: When scrubbing secrets in memory doesn't work
  • From: Michael Zimmermann
• Zeus Admin Server v4.1r2 index.fcgi XSS bug
  • From: euronymous
• XSS in Postnuke Rogue release (0.72)
  • From: Muhammad Faisal Rauf Danka
• GLSA: kgpg
  • From: Daniel Ahlberg
• Layer 2 Analysis of WLAN Discovery Applications for Intrusion Detection
  • From: Joshua Wright
• Re: How to execute programs with parameters in IE - Sandblad advisory #10
  • From: Andreas Sandblad
• Buffer Overflow in iSMTP Gateway
  • From: K. K. Mookhey
• Multiple Vuln. in Hotfoon.com's Hotfoon4.exe dialer
  • From: S G Masood
• benchmark tool for HTTP pages.
  • From: Tacettin Karadeniz
• NOVL-2002-2963651 - iManager (eMFrame) Buffer Overflow
  • From: Ed Reed
• Re: Cisco PIX SSH/telnet dDOS vulnerability CSCdy51810
  • From: Sharad Ahlawat
• [SECURITY] [DSA 191-2] New squirrelmail packages fix problem in options page
  • From: Martin Schulze
• Multiple vulnerabilities in Tiny HTTPd
  • From: dong-h0un U
• Re: A technique to mitigate cookie-stealing XSS attacks
  • From: Ulf Harnhammar
• [RHSA-2002:213-06] New PHP packages fix vulnerability in mail function
  • From: bugzilla
• Re: A technique to mitigate cookie-stealing XSS attacks
  • From: Jeremiah Grossman
• RE: Motorola Cable Modem DOS
  • From: Dan Taylor Jr.
• [SECURITY] [DSA 193-1] New klisa packages fix buffer overflow
  • From: Martin Schulze
• Re: SuSE Security Announcement: perl-MailTools (SuSE-SA:2002:041)
  • From: Sebastian Krahmer
• iDEFENSE Security Advisory 11.11.02: Buffer Overflow in KDE resLISa
  • From: David Endler
• RE: How to execute programs with parameters in IE - Sandblad advisory #10
  • From: Russ
• RE: A technique to mitigate cookie-stealing XSS attacks
  • From: Michael Howard
• Security Update: [CSSA-2002-044.0] Linux: Preboot eXecution Environment (PXE) server denial-of-service attacks
  • From: security
• xoops Quizz Module IMG bug
  • From: magistrat
• Timing the Application of Security Patches for Optimal Uptime
  • From: Crispin Cowan
• ISS Security Advisory: Multiple Remote Vulnerabilities in BIND4 and BIND8 (fwd)
  • From: Dave Ahmad
• RE: A technique to mitigate cookie-stealing XSS attacks
  • From: Jason Coombs
• SuSE Security Announcement: KDE lanbrowser vulnerability (SuSE-SA:2002:042)
  • From: Olaf Kirch
• KDE Security Advisory: resLISa / LISa Vulnerabilities
  • From: Andreas Pour
• [SecurityOffice] INweb Mail Server v2.01 Denial of Service Vulnerability
  • From: Tamer Sahin
• [SecurityOffice] Hyperion Ftp Server v2.8.1 Directory Traversal Vulnerability
  • From: Tamer Sahin
• SuSE Security Announcement: SuSE-SA:2002:043 (traceroute-nanog/nkitb)
  • From: Thomas Biege
• WebChat for XOOPS RC3 SQL INJECTION
  • From: vALDEUx
• NOVL-2002-2963767 - Remote Manager Security Issue - eDir 8.6.2
  • From: Ed Reed
• KDE Security Advisory: rlogin.protocol and telnet.protocol URL KIO Vulnerability
  • From: Andreas Pour
• GLSA: apache
  • From: Daniel Ahlberg
• [SECURITY] [DSA 194-1] New masqmail packages fix buffer overflows
  • From: Martin Schulze
• Remote Buffer Overflow vulnerability in Light HTTPd
  • From: dong-h0un U
• RE: When scrubbing secrets in memory doesn't work
  • From: Michael Wojcik
• NOVL-2002-2963827 - Remote Manager Security Issue - NW5.1
  • From: Ed Reed
• [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8]
  • From: Aaron Howell
• Exploit code for IP Smart Spoofing
  • From: Laurent Licour
• RE: A technique to mitigate cookie-stealing XSS attacks
  • From: jasonk
• APBoard - post threads to protected forums and possibility to hijack forum-password
  • From: ProXy
• EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities
  • From: Marc Maiffret
• RE: Motorola Cable Modem DOS
  • From: Chris Wilson
• i386 Linux kernel DoS
  • From: Christophe Devine
• Security Update: [CSSA-2002-042.0] Linux: libpng progressive image loading vulnerabilities and other buffer overflows
  • From: security
• IRIX lpd daemon vulnerabilities via sendmail and dns
  • From: SGI Security Coordinator
• Fresh hole in W3Mail (fwd)
  • From: Tim Brown
• The Unix Auditor's Practical Handbook
  • From: K. K. Mookhey
• Re: A technique to mitigate cookie-stealing XSS attacks
  • From: Seth Arnold
• FreeBSD Security Advisory FreeBSD-SA-02:40.kadmind
  • From: FreeBSD Security Advisories
• [SECURITY] [DSA 195-1] New Apache-Perl packages fix several vulnerabilities
  • From: Martin Schulze
• Remote Buffer Overflow vulnerability in Lib HTTPd.
  • From: dong-h0un U
• Bind 8 bug experience
  • From: Michael Brennen
• Apache Security Vulnerabilities on IRIX
  • From: SGI Security Coordinator
• FreeBSD Security Advisory FreeBSD-SA-02:42.resolv
  • From: FreeBSD Security Advisories
• RE: i386 Linux kernel DoS
  • From: Leif Sawyer
• Re: When scrubbing secrets in memory doesn't work
  • From: Jan Echternach
• IceWarp 3.4.5 XSS *AGAIN*
  • From: DarC KonQuesT
• Re: i386 Linux kernel DoS
  • From: Christophe Devine
• Well known flaw in web cart software remains wide open
  • From: whitehat2004
• Latest libpcap & tcpdump sources from tcpdump.org contain a trojan
  • From: Mincu Alexandru
• Default SNMP community in Surecom Broadband Router
  • From: Andrei Mikhailovsky
• FreeBSD Security Advisory FreeBSD-SA-02:41.smrsh
  • From: FreeBSD Security Advisories
• Gnujsp and Domino R5.0.10
  • From: YM Barusseau
• Security Update: [CSSA-2002-SCO.42] UnixWare 7.1.1 Open UNIX 8.0.0 : in.talkd format string vulnerabilities
  • From: security
• Eudora 5.2 attachment spoof
  • From: Paul Szabo
• KeyFocus KF Web Server File Disclosure Vulnerability
  • From: mattmurphy@xxxxxxxxx
• RE: Exploit code for IP Smart Spoofing
  • From: Stephen Gill
• RE: A technique to mitigate cookie-stealing XSS attacks
  • From: Steven M. Christey
• Buffalo AP Denial of Service
  • From: Andrei Mikhailovsky
• Re: Linksys security contact
  • From: Jim Knoble
• RE: ISS Security Advisory: Multiple Remote Vulnerabilities in BIND4 andBIND8 (fwd)
  • From: Russ
• Office XP document numbers can be linked to individual machines
  • From: Woody Leonhard
• JSP processor 1.1 information disclosure
  • From: Andy
• Re: Bind 8 bug experience
  • From: Matthew Dixon Cowles
• ZDnet forum: IE formatting local drive
  • From: Alan Rouse
• [CLA-2002:545] Conectiva Linux Security Announcement - php4
  • From: secure
• Re: Bind 8 bug experience
  • From: Jeremy C. Reed
• [CLA-2002:546] Conectiva Linux Security Announcement - bind
  • From: secure
• arp spoofing defence
  • From: Ilya Teterin
• MDKSA-2002:077 - bind update
  • From: Mandrake Linux Security Team
• Re: i386 Linux kernel DoS
  • From: Jirka Kosina
• Re: MS02-064 fix time
  • From: Steven M. Christey
• [ESA-20021114-029] BIND buffer overflow, DoS attacks.
  • From: EnGarde Secure Linux
• RE: A technique to mitigate cookie-stealing XSS attacks
  • From: Ulf Harnhammar
• Re: Bind 8 bug experience
  • From: Olaf Kirch
• Re: Bind 8 bug experience
  • From: Glen Bishop
• GLSA: kdelibs
  • From: Daniel Ahlberg
• FreeBSD Security Advisory FreeBSD-SA-02:43.bind
  • From: FreeBSD Security Advisories
• RE: A technique to mitigate cookie-stealing XSS attacks
  • From: Eric Stevens
• RE: Opera 7 vulnerabilities
  • From: Thor Larholm
• Re: Bind 8 bug experience
  • From: Chris Adams
• IISPop remote DOS
  • From: securma massine
• Perception LiteServe HTTP CGI Disclosure Vulnerability
  • From: mattmurphy@xxxxxxxxx
• RE: Exploit code for IP Smart Spoofing
  • From: Stephen Gill
• Unofficial statement re: tcpdump and libpcap
  • From: Alan DeKok
• Security Update: [CSSA-2002-045.0] Linux: python insecure temporary files in os._execvpe
  • From: security
• Opera 7 vulnerabilities
  • From: GreyMagic Software
• Re: ZDnet forum: IE formatting local drive
  • From: Gossi The Dog
• Security holes... Who cares?
  • From: Eric Rescorla
• [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)
  • From: OpenPKG
• [SECURITY] [DSA-196-1] New BIND packages fix several vulnerabilities
  • From: Daniel Jacobowitz
• FreeBSD Security Advisory FreeBSD-SA-02:43.bind [REVISED]
  • From: FreeBSD Security Advisories
• FreeBSD Security Advisory FreeBSD-SA-02:41.smrsh [REVISED]
  • From: FreeBSD Security Advisories
• Remote Buffer Overflow vulnerability in Zeroo HTTP Server.
  • From: dong-h0un U
• [RHSA-2002:262-07] New kernel fixes local denial of service issue
  • From: bugzilla
• NBActiveX Sure ActiveX Big Vulnerability
  • From: Webmaster, Lorenzo Hernandez Garcia-Hierro
• bind 8 info update regarding ISS
  • From: mark_sala
• [SECURITY] [DSA 197-1] New sqwebmail packages fix local information exposure
  • From: Martin Schulze
• patch for named buffer overflow now available (fwd)
  • From: Jonas Eriksson
• [tcpdump-announce] initial comments on trojan attack (fwd)
  • From: Jonas Eriksson
• GNU GCC: Optimizer Removes Code Necessary for Security
  • From: Joseph Wagner
• Security Update: [CSSA-2002-046.0] Linux: buffer overflows and other security issues in squid
  • From: security
• Re: Bind 8 bug experience
  • From: Paul Theodoropoulos
• Re: When scrubbing secrets in memory doesn't work
  • From: Nicholas Weaver
• TSLSA-2002-0076 - bind
  • From: Trustix Secure Linux Advisor
• [SECURITY] [DSA 198-1] New nullmailer packages fix local denial of service
  • From: Martin Schulze
• AIM 5.1.3036 buffer overflow
  • From: husun arner
• LOM: Multiple vulnerabilities in Macromedia Flash ActiveX
  • From: 3APA3A
• [CLA-2002:548] Conectiva Linux Security Announcement - windowmaker
  • From: secure
• Re: GNU GCC: Optimizer Removes Code Necessary for Security
  • From: Florian Weimer
• TSLSA-2002-0077 - kernel
  • From: Trustix Secure Linux Advisor
• Re: When scrubbing secrets in memory doesn't work
  • From: Richard Moore
• Re: When scrubbing secrets in memory doesn't work
  • From: Florian Weimer
• XOOPS WebChat module - patch UPDATE
  • From: Val Deux
• PlanetWeb Web Server Buffer Overflow in processing GET requests
  • From: PlanetDNS Support
• Re: LOM: Multiple vulnerabilities in Macromedia Flash ActiveX
  • From: Troy Evans
• RE: Exploit code for IP Smart Spoofing
  • From: shannong
• Paketto Keiretsu 1.0
  • From: Dan Kaminsky
• XSS bug in phpBB
  • From: Arab VieruZ
• Re: When scrubbing secrets in memory doesn't work
  • From: Peter Watkins
• Update to LOM's advisory
  • From: 3APA3A
• [CLA-2002:549] Conectiva Linux Security Announcement - dhcpcd
  • From: secure
• MailEnable POP3 Server remote shutdown !:/ -newest ~ (and previous) bufferoverflow-
  • From: Ketil Braun Larsen
• TFTPD32 Buffer Overflow Vulnerability (Long filename)
  • From: Aviram Jenik
• Linksys router vulnerability
  • From: Seth Bromberger
• TFTPD32 Directory Traversal Vulnerability
  • From: Aviram Jenik
• RE: AIM 5.1.3036 buffer overflow
  • From: josh
• iPlanet WebServer, remote root compromise
  • From: labs@NGSEC
• [SECURITY] [DSA 199-1] New mhonarc packages fix cross site scripting
  • From: Martin Schulze
• RE: When scrubbing secrets in memory doesn't work
  • From: Michael Wojcik
• Re: (MSIE) when parent gives his son bad things ;) --"dialogArguments " again
  • From: Dave Ahmad
• NetBSD Security Advisory 2002-029: named(8) multiple denial of service and remote execution of code
  • From: NetBSD Security Officer
• Update: EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities
  • From: Marc Maiffret
• NetBSD Security Advisory 2002-028: Buffer overrun in getnetbyname/getnetbyaddr
  • From: NetBSD Security Officer
• Multiple incorrect permissions in QNX.
  • From: One Semicolon
• NetBSD Security Advisory 2002-027: ftpd STAT output non-conformance can deceive firewall devices
  • From: NetBSD Security Officer
• (MSIE) when parent gives his son bad things ;) --"dialogArguments " again
  • From: Liu Die Yu
• Updated ypserv packages fix memory leak
  • From: Mandrake Linux Security Team
• Security Update: [CSSA-2002-048.0] Linux: wwwoffled remote access vulnerability
  • From: security
• Security Update: [CSSA-2002-049.0] Linux: lynx CRLF injection vulnerability
  • From: security
• Re: AIM 5.1.3036 buffer overflow
  • From: Alan MacDonald
• Update: iDEFENSE Security Advisory 11.19.02b: Eudora Script Execution Vulnerability
  • From: David Endler
• Re: [Full-Disclosure] Security Update: [CSSA-2002-050.0] Linux: tcpdump denial-of-service in print-bgp.c
  • From: Silvio Cesare
• GLSA: courier
  • From: Daniel Ahlberg
• Sun Security Bulletin #00220
  • From: Matt Selsky
• GLSA: gtetrinet
  • From: Daniel Ahlberg
• Cisco Security Advisory: Cisco PIX Multiple Vulnerabilities
  • From: Cisco Systems Product Security Incident Response Team
• RE: (MSIE) -"dialogArguments" (extended)
  • From: GreyMagic Software
• iDEFENSE Security Advisory 11.19.02a: Denial of Service Vulnerability in Linksys Cable/DSL Routers
  • From: David Endler
• CERT Advisory CA-2002-32 Backdoor in Alcatel OmniSwitch AOS (fwd)
  • From: Dave Ahmad
• iDEFENSE Security Advisory 11.19.02b: Eudora Script Execution Vulnerability
  • From: David Endler
• [LSD] Java and JVM security vulnerabilities
  • From: Last Stage of Delirium
• Clipboard in QNX Photon
  • From: One Semicolon
• iDEFENSE Security Advisory 11.19.02c: Netscape Predictable Directory Structure Allows Theft of Preferences File
  • From: David Endler
• [OpenBSD] [syslogd] false src-IP when logging to remote syslogd
  • From: Torsten Valentin
• SuSE Security Announcement: samba (SuSE-SA:2002:045)
  • From: Roman Drahtmueller
• GLSA: php
  • From: Daniel Ahlberg
• GLSA: samba
  • From: Daniel Ahlberg
• XSS bug in vBulletin
  • From: Arab VieruZ
• Security Update: [CSSA-2002-052.0] Linux: sendmail smrsh bypass vulnerabilities
  • From: security
• MDKSA-2002:079 - Updated kdelibs packages fix remote command execution vulnerabilites
  • From: Mandrake Linux Security Team
• Zeroo Folder Traversal Vulnerability
  • From: mattmurphy@xxxxxxxxx
• MDKSA-2002:080 - Updated kdenetwork packages fix remote command execution vulnerabilites
  • From: Mandrake Linux Security Team
• Open WebMail 1.71 "background" magic info
  • From: FreeBSDbr Bugtraq DataBase
• ClearCase DoS vulnerabilty
  • From: marek . rouchal
• [RHSA-2002:266-05] New samba packages available to fix potential security vulnerability
  • From: bugzilla
• [CLA-2002:550] Conectiva Linux Security Announcement - samba
  • From: secure
• [ESA-20021122-030] local kernel vulnerabilities
  • From: EnGarde Secure Linux
• Mulitple Buffer Overflow conditions in RealPlayer/RealOne (#NISR22112002)
  • From: NGSSoftware Insight Security Research
• [ESA-20021122-031] php upgrade, security fixes
  • From: EnGarde Secure Linux
• UPDATE: Linksys router vulnerability (add'l models affected)
  • From: Seth Bromberger
• Allied Telesyn switches & routers vulnerability
  • From: Oleg A. Lebedev
• Remote Heap malloc/free & multiple Overflow vulnerability in WSMP3.
  • From: dong-h0un U
• SuSE Security Announcement: pine (SuSE-SA:2002:046)
  • From: Thomas Biege
• Re: Alert: Microsoft Security Bulletin - MS02-066
  • From: Lise
• TSLSA-2002-0080 - samba
  • From: Trustix Secure Linux Advisor
• acFreeProxy Cross-Site Scripting Vulnerability/Possible DoS
  • From: Matthew Murphy
• acFTP Authentication Issue
  • From: Matthew Murphy
• Remote POST Buffer Overflow vulnerability in Pserv.
  • From: dong-h0un U
• Multiple phpNuke Modules Vulnerable to Cross-Site Scripting
  • From: Matthew Murphy
• Netscreen Malicious URL feature can be bypassed by fragmenting the request
  • From: zel
• ISS Security Brief: Solaris fs.auto Remote Compromise Vulnerability (fwd)
  • From: Dave Ahmad
• Web Server Creator - Web Portal 0.1 (PHP)
  • From: Frog Man
• [Sec-Tec Advisory] Local scripting vulnerability in phpBB
  • From: Pete Foster
• RE: MS02-066 - fixes, gaps and incorrect statements
  • From: GreyMagic Software
• Immobilier 1 (PHP)
  • From: Frog Man
• SFAD02-002: Calisto Internet Talker Remote DOS
  • From: subversive
• BadBlue XSS/Information Disclosure Vulnerabilities
  • From: Matthew Murphy
• LibHTTPD Vulnerability and fix
  • From: David J. Hughes
• 'Malicious-URL' Feature may be Circumvented Using IP Fragmentation
  • From: NetScreen Security Response Team
• [RHSA-2002:264-05] New kernel 2.2 packages fix local denial of service issue
  • From: bugzilla
• CAIS-ALERT: Vulnerability in the sending requests control of BIND
  • From: Vagner Sacramento
• Potential H.323 Denial of Service
  • From: NetScreen Security Response Team
• vBulletin XSS Injection Vulnerability
  • From: Sp . IC
• Predictable TCP Initial Sequence Numbers
  • From: NetScreen Security Response Team
• Netscape Problems.
  • From: zen-parse
• [security bulletin] SSRT2301 - HP Tru64 UNIX uudecode Potential Security Vulnerability (fwd)
  • From: Dave Ahmad
• [security bulletin] SSRT2385 OSIS V5.4 LDAP Module for System Authentication Potential Security Vulnerability (fwd)
  • From: Dave Ahmad
• Re: ISS Security Brief: Solaris fs.auto Remote Compromise Vulnerability (fwd)
  • From: Florian Weimer
• MDKSA-2002:082 - Updated python packages fix local arbitrary code execution vulnerability
  • From: Mandrake Linux Security Team
• MDKSA-2002:081 - Updated samba packages fix potential root compromise
  • From: Mandrake Linux Security Team
• Oracle TNS SEH Exploit
  • From: benjurry
• Cracking OpenVMS passwords with John the Ripper
  • From: Jean-loup Gailly
• Linksys not fixed
  • From: Will
• Netscape 4 Java buffer overflow
  • From: Jouko Pynnonen
• Re: Netscape Problems.
  • From: Dave Aitel
• File reading vulnerable in PHP and MySQL (Local Exploit)
  • From: Hai Nam Luke
• FreeNews & News Evolution (PHP)
  • From: Frog Man
• [Security bulletin] SSRT2266 HP Tru64 UNIX IGMP Potential (DoS) Security Vulnerability (fwd)
  • From: Dave Ahmad
• XSS vulnerability in Bugzilla if upgraded from 2.10 or earlier
  • From: David Miller
• Opera 6.03/Linux crashes on HTTPS over Squid Proxy on a site
  • From: Peter Bieringer
• AIM Bug
  • From: Dave B.
• Remote Frame Pointer Overwrite vulnerability in LIB CGI in Language C.
  • From: dong-h0un U
• [ESA-20021127-032] 'pine' version upgrade, security fixes.
  • From: EnGarde Secure Linux
• Solaris priocntl exploit
  • From: 蔺毅?
• Cross-site Scripting Vulnerability in ImageFolio Image Gallery Software
  • From: Stuart Moore
• ASI Sybase Security Alert: Buffer overflow in xp_freedll
  • From: Aaron C. Newman (Application Security, Inc.)
• ASI Sybase Security Alert: Buffer overflow in DROP DATABASE
  • From: Aaron C. Newman (Application Security, Inc.)
• Re: Solaris priocntl exploit
  • From: Casper Dik
• ASI Sybase Security Alert: Buffer overflow in DBCC CHECKVERIFY
  • From: Aaron C. Newman (Application Security, Inc.)
• RE: CAIS-ALERT: Vulnerability in the sending requests control of BIND
  • From: Iván Arce
• Re: CAIS-ALERT: Vulnerability in the sending requests control of BIND
  • From: D. J. Bernstein
• pWins Perl Web Server Directory Transversal Vulnerability
  • From: Matthew Wagenknecht
• Remote Multiple Buffer Overflow(s) vulnerability in Libcgi-tuxbr.
  • From: dong-h0un U
• Re: d_path() truncating excessive long path name vulnerability
  • From: Paul Szabo
• On vulnerabilities in open and closed source products
  • From: Steven M. Christey
• TracerouteNG - never ending story
  • From: Paul Starzetz
• Re: File reading vulnerable in PHP and MySQL (Local Exploit)
  • From: Dave Wilson
• Re: Solaris priocntl exploit
  • From: Casper Dik
• Kerberos login sniffer and cracker for Windows 2000/XP
  • From: Arne Vidstrom
• RE: Cracking OpenVMS passwords with John the Ripper
  • From: moose
• Re: Netscape Problems.
  • From: zen-parse
• MDKSA-2002:083 - Updated sendmail packages fix smrsh insecurities
  • From: Mandrake Linux Security Team
• RE: CAIS-ALERT: Vulnerability in the sending requests control of BIND
  • From: Iván Arce
• RE: CAIS-ALERT: Vulnerability in the sending requests control of BIND
  • From: Vagner Sacramento
• Re: d_path() truncating excessive long path name vulnerability
  • From: Solar Designer
• Security Patch for PortailPHP 0.99
  • From: vALDEUx
• User downgraded from Administrator to User retains the ability to list other user's running tasks
  • From: Eitan Caspi
• Exploit for traceroute-nanog overflow
  • From: Carl Livitt
• re: Solaris priocntl exploit
  • From: Jeff Damens
• Moby NetSuite POST Denial of Service Vulnerability
  • From: Matthew Murphy
• [OpenPKG-SA-2002.012] OpenPKG Security Advisory (samba)
  • From: OpenPKG
• bogofilter contrib/bogopass temp file vulnerability
  • From: Matthias Andree
• [ElectronicSouls] - BOOZT CGI Exploit
  • From: es
• RE: User downgraded from Administrator to User retains the ability to list other user's running tasks
  • From: John Tolmachofft
• RE: User downgraded from Administrator to User retains the ability to list other user's running tasks
  • From: Eitan Caspi
• RE: CAIS-ALERT: Vulnerability in the sending requests control of BIND
  • From: Vagner Sacramento
• Lag Security Advisory - Com21 cable modem configuration file feeding vulnerability
  • From: David Laganière
• Potential Vuln in McAfee VirusScan 451
  • From: jari.helenius