Buqtraq Archiv Dezember 2002
- RE: User downgraded from Administrator to User retains the ability to list other user's running tasks,
John Tolmachofft
- Advisory: Webster HTTP Server,
Matthew Murphy
- Thatware (PHP),
Frog Man
- Multiple pServ Remote Buffer Overflow Vulnerabilities,
Matthew Murphy
- Cross-site Scripting Vulnerability in YaBB 1 Gold - SP1!,
Fabricio Angeletti
- Re: [Full-Disclosure] Netscape Problems.,
Ben Bucksch
- Re: CAIS-ALERT: Vulnerability in the sending requests control of BIND,
Robert Tracz
- RE: CAIS-ALERT: Vulnerability in the sending requests control ofBIND,
Vagner Sacramento
- [SECURITY] [DSA 201-1] New Free/SWan packages fix denial of service,
Martin Schulze
- RE: Kerberos login sniffer and cracker for Windows 2000/XP,
Jason Coombs
- Lag Security Advisory - Com21 cable modem configuration file feedingvulnerability,
David Laganière
- GLSA: pine,
Daniel Ahlberg
- Potential Vuln in McAfee VirusScan 451,
jari.helenius
- Advisory: Lawson Financials RDBMS Insecurity,
John Eisenschmidt
- Re: Solaris priocntl exploit,
Jay Beale
- RE: Exploit for traceroute-nanog overflow,
Carl Livitt
- Cyrus Sieve / libSieve buffer overflow,
Timo Sirainen
- possible virus break in german exchange option of Inoculate IT 6.0,
tigerblue
- ShopFactory shopping cart price manipulation,
Richard van den Berg
- pre-login buffer overflow in Cyrus IMAP server,
Timo Sirainen
- [VU#317417] Denial of Service condition in vxworks ftpd/3com nbx,
Michael S. Scheidell
- Bypassing Integrity Protection Driver (time vulnerability),
Jan Rutkowski
- [RHSA-2002:196-19] Updated xinetd packages fix denial of service vulnerability,
bugzilla
- CORE-20021005: Vulnerability Report For Linksys Devices,
Carlos Sarraute
- MDKSA-2002:085 - Updated WindowMaker packages fix buffer overflow vulnerability,
Mandrake Linux Security Team
- [SNS Advisory No.59] Buffalo Wireless LAN Access Point Denial of Service Vulnerability (was Re: Buffalo AP Denial of Service),
snsadv
- [SECURITY] [DSA 202-1] New IM packages fix insecure temporary file creation,
Martin Schulze
- SquirrelMail v1.2.9 XSS bugs,
euronymous
- Poisonous Style for Dialog window turns the zone off.,
Liu Die Yu
- Zeroo Webserver remote directory traversal exploit,
Mike Cramp
- Fw: CERT Advisory CA-2002-34 Buffer Overflow in Solaris X Window Font Service,
Muhammad Faisal Rauf Danka
- MDKSA-2002:084 - Updated pine packages fix buffer overflow vulnerability,
Mandrake Linux Security Team
- Local Netfilter / IPTables IP Queue PID Wrap Flaw,
James Morris
- [CLA-2002:551] Conectiva Linux Security Announcement - pine,
secure
- Local root vulnerability found in exim 4.x (and 3.x),
Wana Thomas
- Security Update: [CSSA-2002-054.0] Linux: exploitable memory leak in ypserv,
security
- [RHSA-2002:220-40] Updated KDE packages fix security issues,
bugzilla
- SAP database local root via symlink,
KF
- [RHSA-2002:254-05] Updated Webalizer packages fix vulnerability,
bugzilla
- [SECURITY] [DSA 203-1] New smb2www packages fix arbitrary command execution,
Martin Schulze
- Windows XP Disclosure of Registered AP Information,
snsadv
- Security Update: [CSSA-2002-055.0] Linux: RPC XDR buffer overflow,
security
- Multiple Vulnerabilities in BIND Name Service Daemon on IRIX,
SGI Security Coordinator
- Buffer Overflow Vulnerability in X Font Server on IRIX,
SGI Security Coordinator
- Sygate Personal Firewall can be shut down without a need to supply a password - although one is required,
Eitan Caspi
- Apache/Tomcat Denial Of Service And Information Leakage Vulnerability,
alias
- [SECURITY] [DSA 204-1] New kdlibs packages fix arbitrary program execution,
Martin Schulze
- Notes on MS02-068, extensive downplaying of severity,
Thor Larholm
- [Fwd: [RHSA-2002:196-09] Updated xinetd packages fix denial of service vulnerability],
Dan Rowles
- Re: TracerouteNG - never ending story,
Thomas Biege
- Cross-site Scripting Vulnerability in phpBB 2.0.3,
Fabricio Angeletti
- Proxy vulnerability in TrendMicro InterScan-VirusWall V3.6,
Volker Tanger
- BIND Name Server DNS Spoofing Vulnerability on IRIX,
SGI Security Coordinator
- Samba Security Vulnerability on IRIX,
SGI Security Coordinator
- Multiple vulnerabilities in akfingerd,
Gianni Tedesco
- Cobalt RaQ4 Remote root exploit,
grazer
- RE: Sygate Personal Firewall can be shut down without a need to supply,
Eitan Caspi
- Sygate Personal Firewall can be shut down without a need to suppl y,
Seth Knox
- Security Update: [CSSA-2002-056.0] Linux: apache vulnerabilities in shared memory, DNS, and ApacheBench,
security
- WebReflex Directory Traversal Vulnerability,
luca.ercoli@xxxxxxxxx
- [SECURITY] [DSA 192-2] New html2ps packages correct fix against arbitrary code execution,
Martin Schulze
- [SECURITY] [DSA 202-2] New IM packages correct hidden architecture dependency,
Martin Schulze
- SuSE Security Announcement: OpenLDAP2 (SuSE-SA:2002:047),
Sebastian Krahmer
- APBoard-Bug,
DNA ESC
- Security Update: [CSSA-2002-057.0] Linux: groff pic buffer overflow,
security
- XSS and Path Disclosure in UPB,
euronymous
- SECURITY.NNOV: more Ikonboard 3.1.1 crossite scriptings,
3APA3A
- [SecurityOffice] Enceladus Server Suite v3.9 Buffer Overflow Vulnerability,
Tamer Sahin
- [RHSA-2002:196-19] Updated xinetd packages fix denial of service vulnerability,
Derek Luce
- Cyrus SASL library buffer overflows,
Timo Sirainen
- Security Update: [CSSA-2002-SCO.43] UnixWare 7.1.1 Open UNIX 8.0.0 : closed file descriptor race vulnerability,
security
- [RHSA-2002:246-18] Updated Canna packages fix vulnerabilities,
bugzilla
- [RHSA-2002:229-10] Updated wget packages fix directory traversal bug,
bugzilla
- Unchecked buffer in PC-cillin,
advisories@xxxxxxxxxxx
- Remote multiple vulnerability in apt-www-proxy.,
dong-h0un U
- TFTP32 DOS,
securma massine
- [SECURITY] [DSA-205-1] gtetrinet buffer overflows,
Wichert Akkerman
- [SECURITY] [DSA-206-1] tcpdump BGP decoding error,
Wichert Akkerman
- KunaniFTP-Server v.1.0.10 allows dictionary traversal,
Zero-X www.lobnan.de Team
- MDKSA-2002:082-1 - Updated python packages fix local arbitrary code execution vulnerability,
Mandrake Linux Security Team
- RE: Sygate Personal Firewall can be shut down without a need to s upply a password - although one is required,
Seth Knox
- Directory traversing bug in 'myServer' webserver.,
dong-h0un U
- Cisco Security Advisory: OSM Line Card Header Corruption Vulnerability,
Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 207-1] New tetex-lib packages fix arbitrary command execution,
Martin Schulze
- Directory Traversal Vulnerabilities in FTP Clients,
Steven M. Christey
- Security Update: [CSSA-2002-058.0] Linux: buffer overflow in nss_ldap DNS SRV,
security
- Re: Zeus Admin Server v4.1r2 index.fcgi XSS bug,
Colin Watson
- proftpd <=1.2.7rc3 DoS,
Rob klein Gunnewiek
- Enceladus Server Suite traversal directory vulnerability,
luca.ercoli@xxxxxxxxx
- MTPSR1-120 Firewall Proxy configuration software,
UkR security team™
- Denial of Service vulnerability in VisNetic Website,
Peter Kruse
- Security Update: [CSSA-2002-SCO.44] UnixWare 7.1.1 Open UNIX 8.0.0 : uudecode performs inadequate checks on user-specified output files,
security
- CERT Advisory CA-2002-35 Vulnerability in RaQ 4 Servers (fwd),
Muhammad Faisal Rauf Danka
- MDKSA-2002:086 - Updated wget packages fix directory traversal vulnerability,
Mandrake Linux Security Team
- PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability,
Marc Maiffret
- Multiple Mambo Site Server sec-weaknesses,
euronymous
- [SECURITY] [DSA 208-1] New Perl packages correct Safe handling,
Martin Schulze
- VisNetic WebSite XSS vulnerability through HTTP referer header,
Ory Segal
- Advisory 04/2002: Multiple MySQL vulnerabilities,
Stefan Esser
- [RHSA-2002:222-21] Updated apache, httpd, and mod_ssl packages available,
bugzilla
- Password Hole Found In Webshots,
Brian Carpenter
- [SECURITY] [DSA-209-1] two wget problems,
Wichert Akkerman
- Adelphia Powerlink service vulnerable to man in the middle attacks by cable modem users.,
0x90
- XSS flaw found at "https://www.e-gold.com",
Liu Die Yu
- iDefense Security Advisory,
gobbles
- [SECURITY] [DSA-210-1] lynx CRLF injection,
Wichert Akkerman
- [SECURITY] [DSA 211-1] New mICQ packages fix denial of service,
Martin Schulze
- Eserv remote denial of service,
securma massine
- Advisory 05/2002: Another Fetchmail Remote Vulnerability,
Stefan Esser
- Anyone can read all XOOPS private messages,
Val Deux
- [ESA-20021213-033] Several MySQL vulnerabilities.,
EnGarde Secure Linux
- Directory Traversal Vulnerability in FTP Client on IRIX,
SGI Security Coordinator
- [CLA-2002:552] Conectiva Linux Security Announcement - wget,
secure
- FW: SQL Injection Solved,
Louie Conceicao
- MyPHPLinks (PHP) : SQL Injection,
Frog Man
- GLSA: mysql,
Daniel Ahlberg
- GLSA: fetchmail,
Daniel Ahlberg
- GLSA: squirrelmail,
Daniel Ahlberg
- Password Disclosure in Cryptainer,
K. K. Mookhey
- Multiple vendors XML parser (and SOAP/WebServices server) Denial of Service attack using DTD,
Amit Klein
- [OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql),
OpenPKG
- [OpenPKG-SA-2002.014] OpenPKG Security Advisory (perl),
OpenPKG
- [OpenPKG-SA-2002.015] OpenPKG Security Advisory (tetex),
OpenPKG
- PHP-Nuke 6.0 : Path Disclosure & Cross Site Scripting,
Frog Man
- R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors,
Rapid 7 Security Advisories
- GLSA: exim,
Daniel Ahlberg
- PHP-Nuke code execution and XSS vulnerabilities,
Ulf Harnhammar
- Cross-site scripting vulnerability in CF 5.0,
KiLL CoLe
- PFinger 0.7.8 format string vulnerability (#NISR16122002B),
NGSSoftware Insight Security Research
- zkfingerd 0.9.1 format string vulnerabilities (#NISR16122002A),
NGSSoftware Insight Security Research
- [CLA-2002:554] Conectiva Linux Security Announcement - fetchmail,
secure
- [CLA-2002:553] Conectiva Linux Security Announcement - kernel 2.4,
secure
- Security Patchs for PHP Products,
Frog Man
- Captaris (Infinite) WebMail XSS,
Pedram Amini
- Macromedia Shockwave Flash Malformed Header Overflow #2,
Marc Maiffret
- [CLA-2002:555] Conectiva Linux Security Announcement - MySQL,
secure
- [SECURITY] [DSA-212-1] Multiple MySQL vulnerabilities,
Wichert Akkerman
- [RHSA-2002:228-11] Updated Net-SNMP packages fix security and other bugs,
bugzilla
- [RHSA-2002:293-09] Updated Fetchmail packages fix security vulnerability,
bugzilla
- [OpenPKG-SA-2002.016] OpenPKG Security Advisory (fetchmail),
OpenPKG
- Re: adelphia vulnerability within subnets,
0x90
- Directory traversal vulnerabilities in several archivers processing .tar,
Florian Schafferhans
- Fwd: CERT Advisory CA-2002-36 Multiple Vulnerabilities in SSH Implementations,
Muhammad Faisal Rauf Danka
- export LD_LIBRARY_PATH in /etc/profile.d/* files,
rich
- RAZOR advisory: Linux 2.2.xx /proc/<pid>/mem mmap() vulnerability,
Michal Zalewski
- Missing admin sql password in Okena StormWatch,
Marc Ruef
- Security Paper: Session Fixation Vulnerability in Web-based Applications,
Mitja Kolsek (ACROS Lists)
- gfxboot allows boot password circumvention, SuSE 8.1 GRUB,
Matthias Andree
- [securitydigest.org]: Changes for December 2002,
Curator at Security Digest Archives
- MDKSA-2002:087 - Updated MySQL packages fix multiple vulnerabilities,
Mandrake Linux Security Team
- MDKSA-2002:068-1 - Updated apache packages fix multiple vulnerabilities,
Mandrake Linux Security Team
- Historic blackhat archives exposed,
Pry
- Foundstone Research Labs Advisory - Exploitable Windows XP Media Files (fwd),
Dave Ahmad
- Foundstone Research Labs Advisory - Multiple Exploitable Buffer Overflows in Winamp (fwd),
Dave Ahmad
- [SECURITY] [DSA 213-1] New libpng packages fix buffer overflow,
Martin Schulze
- [CLA-2002:556] Conectiva Linux Security Announcement - openldap,
secure
- WAnewsletter (PHP),
Frog Man
- Multiple vulnerability in Enceladus Server,
securma massine
- Openwebmail 1.71 remote root compromise,
Dmitry Guyvoronsky
- RE: Password Hole Found In Webshots - (Webshots Confirmed),
Shutters, Mike
- iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS),
iDEFENSE Labs
- Cisco IOS EIGRP Network DoS,
FX
- [Fix] Openwebmail 1.71 remote root compromise,
Dmitry Guyvoronsky
- TSLSA-2002-0084 - tcpdump,
Trustix Secure Linux Advisor
- TSLSA-2002-0089 - wget,
Trustix Secure Linux Advisor
- TSLSA-2002-0083 - kernel,
Trustix Secure Linux Advisor
- TSLSA-2002-0087 - perl,
Trustix Secure Linux Advisor
- TSLSA-2002-0086 - mysql,
Trustix Secure Linux Advisor
- TSLSA-2002-0085 - lynx-ssl,
Trustix Secure Linux Advisor
- GLSA: perl,
Daniel Ahlberg
- RE: Foundstone Research Labs Advisory - Multiple Exploitable Buff er Overflows in Winamp (fwd),
Shutters, Mike
- [SecurityOffice] Polycom Video Conference System Management Server Authentication Bypass Vulnerability,
Tamer Sahin
- PHP-Nuke mail CRLF Injection vulnerabilities,
Ulf Harnhammar
- Cisco Security Advisory: Cisco Security Advisory: SSH Malformed Packet Vulnerabilities,
Cisco Systems Product Security Incident Response Team
- SPGpartenaires (PHP),
Frog Man
- nCipher Advisory #6: Access control defects in PKCS#11 keys,
nCipher Support
- GLSA: wget,
Daniel Ahlberg
- [SECURITY] [DSA 214-1] New kdentwork packages fix buffer overflows,
Martin Schulze
- Web server vulnerability in Axis Network Cameras, Video Servers and DVRs,
Axis Product Security
- [RAZOR] Problems with mkstemp(),
Michal Zalewski
- GLSA: canna,
Daniel Ahlberg
- SuSE Security Announcement: cyrus-imapd (SuSE-SA:2002:048),
Sebastian Krahmer
- RealNetworks HELIX Server Buffer Overflow Vulnerabilities (#NISR20122002),
NGSSoftware Insight Security Research
- Security Update: [CSSA-2002-059.0] Linux: multiple vulnerabilities in BIND (CERT CA-2002-31),
security
- XSS and PHP include bug in W-Agora,
xatr0z
- KDE Security Advisory: Multiple vulnerabilities in KDE,
Dirk Mueller
- Matlab /tmp usage,
Paul Szabo
- 'printenv' XSS vulnerability,
Dr . Tek
- [SECURITY] [DSA 215-1] New cyrus-imapd packages fix remote command execution,
Martin Schulze
- zkfingerd remote exploit,
security
- Hyperion FTP Server buffer overflow,
securma massine
- GLSA: kde-3.0.x,
Daniel Ahlberg
- junkbuster 2.0-1 proxy relaying spam,
Andrew Daviel
- Antwort: Openwebmail 1.71 remote root compromise,
Stephan Sachweh
- iDEFENSE Security Advisory 12.23.02: Integer Overflow in pdftops,
iDEFENSE Labs
- [SNS Advisory No.60 rev.2] Windows XP Disclosure of Registered AP Information,
snsadv@xxxxxxxxx
- [SECURITY] [DSA 216-1] New fetchmail packages fix buffer overflow,
Martin Schulze
- Full Disclosure: Windows File Protection Arbitrary Certificate Chain Vulnerability,
FORENSICS.ORG Security Coordinator
- Full Disclosure: Windows File Protection Old Security Catalog Vulnerability,
FORENSICS.ORG Security Coordinator
- (MSIE)A rather old trick for web server is now played on MSIE.,
Liu Die Yu
- Re: Solaris priocntl exploit - Sol8 patches available,
Scott Howard
- [SECURITY] [DSA 217-1] New typespeed packages fix buffer overflow,
Martin Schulze
- [GIS 2002101601] SkyStream Admin Shell Privilege Escalation.,
Global InterSec Research
- [CLA-2002:557] Conectiva Linux Security Announcement - cyrus-imapd,
secure
- Buffer overflow in PHP "wordwrap" function,
David F. Skoll
- GLSA: cyrus-sasl,
Daniel Ahlberg
- [IPS] PUTTY SSH-Client Exploit,
Daniel Alcántara de la Hoz
- PHRACK #60 HAS BEEN RELEASED,
phrackstaff
- Gallery v1.3.2 allows remote exploit (fixed in 1.3.3),
Bharat Mediratta
- Telindus 112x ADSL Router - Weak Password Encryption,
eflorio
- GLSA: openldap,
Daniel Ahlberg
- GLSA: cups,
Daniel Ahlberg
- Potential DOS attack with Web-CyrAdm.,
Casper Aleva
- [SECURITY] [DSA 218-1] New bugzilla packages fix cross site scripting problem,
Martin Schulze
- Leafnode security announcement SA:2002:01,
Matthias Andree
- Multiple vulnerabilities found in PlatinumFTPserver V1.0.6,
Dennis Rand
- CITIBANK [CANADA]: INTERNET EXPLORER BROWSERS,
http-equiv@xxxxxxxxxx
- Visual SourceSafe - Preliminary Observations,
Joel Maslak
- Wired.com: So Many Holes, So Few Hacks,
Richard M. Smith
- Updated "Secure Programming for Linux and Unix HOWTO" now available.,
David Wheeler
- [SECURITY] [DSA 219-1] New dhcpcd packages fix remote command execution vulnerability,
Martin Schulze
- PEEL (PHP),
Frog Man
- BDT_AV200212140001: Insecure default: Using pam_xauth for su from sh-utils package,
Andreas Beck
Mail converted by MHonArc