Buqtraq Archiv April 2003
- NSFOCUS SA2003-03: Solaris dtsession Heap Buffer Overflow Vulnerability,
NSFCOSU Security Team
- OpenSSH 3.6 released (fwd),
Jonas Eriksson
- [RHSA-2003:034-01] Updated dhcp packages fix possible packet storm,
bugzilla
- Security issues in D-Link DSL-300/DSL-300G+ Broadband Modem/Router,
Arhont Information Security
- NSFOCUS SA2003-02: Solaris lpq Stack Buffer Overflow Vulnerability,
NSFCOSU Security Team
- [DDI-1012] Malformed request causes denial of service in HP InstantTopTools,
Erik Parker
- Personal FTP Server,
subj
- [OpenPKG-SA-2003.027] OpenPKG Security Advisory (sendmail),
OpenPKG
- Ericsson Mobile Phones Security Contact?,
Ollie Whitehouse
- GLSA: krb5 & mit-krb5 (200303-28),
Daniel Ahlberg
- GLSA: sendmail (200303-27),
Daniel Ahlberg
- serious vulnerability present. all doomed. over.,
Security Experts, Liability Limited
- GLSA: openafs (200303-26),
Daniel Ahlberg
- MiniPortal,
subj
- FreeBSD Security Advisory FreeBSD-SA-03:07.sendmail,
FreeBSD Security Advisories
- Buffer Overflow in Broker FTP Server,
subj
- Re: IRM 004: ActiveSync Version 3.5 Denial of Service Vulnerability,
panic
- Immunix Secured OS 7+ openssl update,
Immunix Security Team
- BRS WebWeaver: full disclosure,
euronymous
- [RHSA-2003:084-01] Updated vsftpd packages re-enable tcp_wrappers support,
bugzilla
- Fwd: QuickTime 6.1 for Windows is available,
Bryan Blackburn
- Sambar Server "Buffer OverFlow" Vulnerabilities,
Lorenzo Manuel Hernandez Garcia-Hierro
- [RHSA-2003:101-01] Updated OpenSSL packages fix vulnerabilities,
bugzilla
- TYPSoft FTP Server,
subj
- Immunix Secured OS 7+ samba update,
Immunix Security Team
- [RHSA-2003:095-03] New samba packages fix security vulnerabilities,
bugzilla
- iDEFENSE Security Advisory 03.31.03: Buffer Overflow in Windows QuickTime Player,
iDEFENSE Labs
- [SCSA-015] Remote Denial of Service Vulnerability in PowerFTP,
Grégory
- @(#)Mordred Labs advisory - Integer overflow in PHP str_repeat() function,
Sir Mordred
- [ANNOUNCE] Apache 2.0.45 Released,
Lars Eilebrecht
- @(#)Mordred Labs advisory - Integer overflow in PHP array_pad() function,
Sir Mordred
- Inaccurate Reports Concerning PHP Vulnerabilities,
mattmurphy@xxxxxxxxx
- Phorum 3.4 Cross Site Scripting,
Stöckli
- RE: Netscape and Opera crash via java,
Zelena Endre
- [INetCop Security Advisory] Remote Multiple Buffer Overflow vulnerability in passlogd sniffer.,
dong-h0un U
- BEA WebLogic internal hostname disclosure,
Michael Hendrickx
- OpenSSH 3.6.1 released,
Markus Friedl
- [SECURITY] [DSA 275-1] New lpr-ppd packages fix local root exploit,
Martin Schulze
- XSS in Python Documentation Server,
euronymous
- re:3com RAS 1500 Remote vulnerabilities.,
Jan Kachlik
- Re: Positive Technologies Security Advisory 2003-0307: DoS-attack in Kerio WinRoute Firewall,
Peter Pentchev
- Css in Xoops module glossary 1.3.x,
magistrat
- Re: PHP-Nuke block-Forums.php subject vulnerabilities,
Frog Man
- Viewpoint Server,
Ben Maynard
- IkonBoard v3.1.1: arbitrary command execution,
Nick Cleaton
- [RHSA-2003:091-01] Updated kerberos packages fix various vulnerabilities,
bugzilla
- Java and Javascript,
David F. Madrid
- Re: Oracle JDBC: Inconsistent handling of timestamps,
Peter J. Holzer
- Microsoft Terminal Services vulnerable to MITM-attacks.,
Erik Forsberg
- MDKSA-2003:040 - Updated Eterm packages fix escape sequence insecurities,
Mandrake Linux Security Team
- [RHSA-2003:128-01] Updated Eye of GNOME packages fix vulnerability,
bugzilla
- [SECURITY] [DSA 276-1] New Linux kernel packages (s390) fix local root exploit,
Martin Schulze
- Multiple vulnerabilities in AutomatedShops WebC shopping cart,
Carl Livitt
- [RHSA-2003:060-01] Updated NetPBM packages fix multiple vulnerabilities,
bugzilla
- Security Update: [CSSA-2003-016.0] OpenLinux: sendmail sign extension buffer overflow (CERT CA-2003-12),
security
- [RHSA-2003:109-03] Updated balsa and mutt packages fix vulnerabilities,
bugzilla
- Sendmail parseaddr security vulnerability on IRIX,
SGI Security Coordinator
- [SECURITY] [DSA 277-1] New apcupsd packages fix remote root exploit,
Martin Schulze
- SRT2003-04-02-1735 - Progress PROSTARTUP root owned file read,
KF
- Another security problem in Netgear FM114P ProSafe Wireless Router firmware,
Björn Stickler
- passlogd sniffer remote buffer overflow root exploit.,
dong-h0un U
- Sakki's guestbook V.1.01 script injection vulnerability.,
drG4njubas
- SRT2003-04-03-1300 - Interbase ISC_LOCK_ENV overflow,
KF
- RE: Another security problem in Netgear FM114P ProSafe Wireless Router firmware (also level-one),
Björn Stickler
- Using Java from Javascript,
David F. Madrid
- NetBIOS could be used as network flood amplier,
Francesco Vigo
- [SECURITY] [DSA 278-1] New sendmail packages fix denial of service,
Martin Schulze
- Syscall implementation could lead to whether or not a file exists,
Andrew Griffiths
- SuSE Security Announcement: openssl (SuSE-SA:2003:024),
Sebastian Krahmer
- [SECURITY] [DSA 278-2] New sendmail packages fix DoS and arbitrary code execution,
Martin Schulze
- AspJar guestbook script injection vulnerability.,
drG4njubas
- TA-2003-03 Buffer Overflow Vulnerability in Hyperion FTP Server 3.0,
Rushjo@xxxxxxxxxxx
- NetBSD Security Advisory 2003-006: Cryptographic weaknesses in Kerberos v4 protocol,
NetBSD Security Officer
- NetBSD Security Advisory 2003-009: sendmail buffer overrun in prescan() address parser,
NetBSD Security Officer
- Re: Vulnerability (critical): Digital signature for Adobe Acrobat/Reader plug-in can be forged,
Vladimir Katalov
- [CLA-2003:613] Conectiva Security Announcement - snort,
Conectiva Updates
- An Alternate View of Recently Reported PHP Vulnerabilities,
Steven M. Christey
- [CLA-2003:614] Conectiva Security Announcement - sendmail,
Conectiva Updates
- buffalo AirStation G54 - (WBR-G54 ) DoS,
Pavel shpac
- [CLA-2003:616] Conectiva Security Announcement - dhcp,
Conectiva Updates
- [CLA-2003:617] Conectiva Security Announcement - file,
Conectiva Updates
- SRT2003-04-04-1106 - AOLServer Proxy Daemon API unformatted syslog() call,
KF
- [CLA-2003:615] Conectiva Security Announcement - samba,
Conectiva Updates
- LocalSystem account in Windows 2000/XP,
Pavel
- Re: @(#)Mordred Labs advisory - Integer overflow in PHP str_repeat() function,
Muhammad Faisal Rauf Danka
- SignHere guestbook vulnerability.,
drG4njubas
- Abyss X1 1.1.2 remote crash,
Auriemma Luigi
- Two Invision Power Board 1.1.x vulns,
Gossi The Dog
- Interbase/Firebird - external file security bug,
Kotala Zdeněk
- [DDI-1013] Buffer Overflow in Samba allows remote root compromise,
Erik Parker
- [CLA-2003:618] Conectiva Security Announcement - kernel,
Conectiva Updates
- [SECURITY] [DSA 279-1] New metrics packages fix insecure temporary file creation,
Martin Schulze
- [OpenPKG-SA-2003.028] OpenPKG Security Advisory (samba),
OpenPKG
- Vignette Story Server sensitive information disclosure (a040703-1),
@stake Advisories
- Java Agent freezes Lotus Notes and Domino 6.0.1,
Marc Schoenefeld
- JpegX 2.0.0.3 Password Bypass Vulnerability,
JeiAr
- Immunix Secured OS 7+ cvs update,
Immunix Security Team
- [SECURITY] [DSA 280-1] New samba packages fix remote root exploit,
Martin Schulze
- [CLA-2003:619] Conectiva Security Announcement - zlib,
Conectiva Updates
- SuSE Security Announcement: samba (SuSE-SA:2003:025),
Roman Drahtmueller
- Coppermine Photo Gallery remote compromise,
Berend-Jan Wever
- MDKSA-2003:044 - Updated samba packages fix remote root vulnerability,
Mandrake Linux Security Team
- Immunix Secured OS 7+ Kerberos update,
Immunix Security Team
- Unchecked Buffer in Opera 7.02,
David F.Madrid
- TSLSA-2003-0019 - samba,
Trustix Secure Linux Advisor
- [RHSA-2003:137-01] New samba packages fix security vulnerability,
bugzilla
- [Sorcerer-spells] SAMBA--SORCERER2003-04-08,
Michael Walton
- [SECURITY] [DSA 281-1] New xftp packages fix arbitrary code execution,
Martin Schulze
- mIRC "dcc filename spoofing",
Knud Erik Højgaard
- [RHSA-2003:036-01] Updated mgetty packages available,
bugzilla
- [CLA-2003:620] Conectiva Security Announcement - man,
Conectiva Updates
- AMaViS-ng 0.1.6.x and postfix: possible open relay and mail loss,
Phil Cyc
- False-negatives in several Vulnerability Assessment tools,
Nicolas Gregoire
- Orplex guestbook script injection.,
drG4njubas
- iDEFENSE Security Advisory 04.08.03: Denial of Service in Apache HTTP Server 2.x,
iDEFENSE Labs
- Multiple Vulnerabilities in libc RPC functions on IRIX,
SGI Security Coordinator
- samba 2.x call_trans2open() exploit,
noir sin
- [ARL03-A16] Multiple Security Issues in phPay,
Ahmet Sabri ALPER
- GLSA: apache (200304-01),
Daniel Ahlberg
- [RHSA-2003:137-02] New samba packages fix security vulnerability,
bugzilla
- Immunix Secured OS 7+ PostgreSQL update,
WireX Security
- [CLA-2003:624] Conectiva Security Announcement - samba,
Conectiva Updates
- Exploit Code Released for Apache 2.x Memory Leak,
mattmurphy@xxxxxxxxx
- Hyperion FTP server Remote DOS and unauthorised remote access.,
moran zavdi
- GLSA: setiathome (200304-03),
Daniel Ahlberg
- PoPToP PPTP server remotely exploitable buffer overflow,
Timo Sirainen
- ISC guestbook script injection vulnerability.,
drG4njubas
- Samba Security Vulnerability on IRIX,
SGI Security Coordinator
- iDEFENSE Security Advisory 04.09.03: Denial of Service in Microsoft Proxy Server and Internet Security and Acceleration (ISA) S,
iDEFENSE Labs
- Immunix Secured OS 7+ MySQL update,
WireX Security
- GLSA: samba (200304-02),
Daniel Ahlberg
- [SECURITY] [DSA 269-2] New heimdal packages fix authentication failure,
Martin Schulze
- Vulnerabilities in Portable Executable (PE) File Format For Win32 Architecture,
Exurity Inc.
- Admin access in GuestBook r4,
Over_G
- Disclosing information in Super GuestBook,
Over_G
- MDKSA-2003:038-1 - Updated 2.4 kernel packages fix ptrace vulnerability,
Mandrake Linux Security Team
- KDE Security Advisory: PS/PDF file handling vulnerability,
Dirk Mueller
- GLSA: kde-3.x (200304-04),
Daniel Ahlberg
- xfsdump creates files insecurely on IRIX,
SGI Security Coordinator
- Flaw in Microsoft VM Could Enable System Compromise,
K-Otik . com
- working apache <= 2.0.44 DoS exploit for linux.,
Daniel Nyström
- [CLA-2003:625] Conectiva Security Announcement - openssl,
Conectiva Updates
- Integrigy Security Advisory - Oracle Applications FNDFS Vulnerability,
Integrigy Security Alerts
- [RHSA-2003:089-00] Updated glibc packages fix vulnerabilities in RPC XDR decoder,
bugzilla
- [SECURITY] [DSA 283-1] New xfsdump packages fix insecure file creation,
Martin Schulze
- Medium Vulnerability in SNMP on Linsys BEFVP41,
Branson Matheson
- MacOS X DirectoryService Privilege Escalation (a041003-1),
@stake Advisories
- Buffer Overflow Vulnerability Found in MailMax Version 5,
Dennis Rand
- GLSA: kde-2.x (200304-05),
Daniel Ahlberg
- FileMaker Pro network protocol sends passwords to any client attempting to connect to a shared database.,
Stephen White
- repost: SRT2003-04-01-1231 - Progress DLC overflows,
KF
- Ocean12 ASP Guestbook Manager v1.00,
drG4njubas
- IRIX ToolTalk Vulnerabilities Update,
SGI Security Coordinator
- R7-0013: Heap Corruption in Gaim-Encryption Plugin,
Rapid 7 Security Advisories
- Brocade Firmware SNMP Vulnerability,
SGI Security Coordinator
- PATCH: [CAN-2003-0132] Apache 2.0.44 Denial of Service Vulnerability,
William A. Rowe, Jr.
- [SECURITY] [DSA 284-1] New kdegraphics packages fix arbitrary command execution,
Martin Schulze
- [Sorcerer-spells] KDE-SORCERER2003-04-12,
Michael Walton
- [SECURITY] [DSA 274-2] New mutt packages fix arbitrary code execution in potato,
Martin Schulze
- Multiple vulnerabilities in SheerDNS,
Jedi/Sector One
- Misuse of Macromedia Flash Ads clickTAG Option May Lead to Privacy Breach,
Aviram Jenik
- [SECURITY] [DSA 286-1] New gs-common packages fix insecure temporary file creation,
Martin Schulze
- [SECURITY] [DSA 285-1] New lprng packages fix insecure temporary file creation,
Martin Schulze
- Instaboard 1.3 SQL Injection,
Jim Dew
- Web Wiz Site News realease v3.06 administration access.,
drG4njubas
- FipsGuestbook Version 1.12.7 script injection.,
drG4njubas
- Multiple Vulnerabilities in BSD LPR Subsystem on IRIX,
SGI Security Coordinator
- bitchx sources backdoored on distribution site,
Michał Szwaczko
- ActivCard password cache memory leakage,
OTERO Hernan Gustavo EDS
- GLSA: kde-2.x (200304-05.1),
Daniel Ahlberg
- [RHSA-2003:126-01] Updated gtkhtml packages fix vulnerability,
bugzilla
- bitchx sources trojaned - follow up,
Michał Szwaczko
- [CLA-2003:626] Conectiva Security Announcement - mutt,
Conectiva Updates
- GLSA: kdegraphics-3.1.x (200304-04.1),
Daniel Ahlberg
- MDKSA-2003:046 - Updated gtkhtml packages fix vulnerability,
Mandrake Linux Security Team
- [SCSA-016] Multiple vulnerabilities in Ez publish,
Grégory
- BitchX trojan, the real follow up.,
Rob Andrews
- SRT2003-04-15-1029 - Progres BINPATHX overflow,
KF
- [SECURITY] [DSA 287-1] New EPIC packages fix DoS and arbitrary code execution,
Martin Schulze
- MDKSA-2003:045 - Updated evolution packages fix multiple vulnerabilities,
Mandrake Linux Security Team
- nb1300 router - default settings expose password,
denote
- [SECURITY] [DSA 267-2] New lpr packages fix local root exploit (potato),
Martin Schulze
- Windows 2003 win2k.sys vulnerability,
securityfocus.com
- Oddities in Windows ACL inheritance,
Nicolas RUFF (lists)
- CORE-2003-0307: Snort TCP Stream Reassembly Integer Overflow Vulnerability,
CORE Security Technologies Advisories
- Immunix Secured OS 7+ glibc update,
Immunix Security Team
- Veritas BackupExec 9.0 may ship with upatched MS SQL Desktop Engine,
Marcus Beaman
- SFAD03-001: iWeb Mini Web Server Remote Directory Traversal,
subversive
- i cracked restriction of 'zone' in mozilla.,
Liu Die Yu
- MDKSA-2003:047 - Updated xfsdump packages fix insecure file creation,
Mandrake Linux Security Team
- MDKSA-2003:048 - Updated eog packages fix arbitrary command execution,
Mandrake Linux Security Team
- Netgear Logging Vulnerability,
{ }
- [CLA-2003:627] Conectiva Security Announcement - ethereal,
Conectiva Updates
- Exploit/DoS in MS Internet Explorer 6.0 (OBJECT Tag),
Ryan Emerle
- [SCSA-017] Directory Traversal Vulnerability in EZ Server,
Grégory
- [SECURITY] [DSA 290-1] New sendmail-wide packages fix DoS and arbitrary code execution,
Martin Schulze
- Vulnerability in rinetd,
Martin Schulze
- [SECURITY] [DSA 289-1] New rinetd packages fix denial of service,
Martin Schulze
- IE 6.0 - trivial crash,
Adam [ckkl]
- [SECURITY] [DSA 288-1] New OpenSSL packages fix decipher vulnerability,
Martin Schulze
- Web Wiz Forums all version db stealing,
Uziel aka nuJIurpuM
- Fwd: CERT Advisory CA-2003-13 Multiple Vulnerabilities in Snort Preprocessors,
Muhammad Faisal Rauf Danka
- CrossSite Scripting @ Snitz Forums 2000,
badwebmasters
- [CLA-2003:628] Conectiva Security Announcement - vixie-cron,
Conectiva Updates
- MDKSA-2003:049 - Updated kde3 packages fix arbitrary command execution,
Mandrake Linux Security Team
- Xinetd 2.3.10 Memory Leaks,
Steve Grubb
- Exploit for PoPToP PPTP server,
einstein, dhtm
- Authentication flaw in microsoft SMB protocol,
seclab
- IE 6.0 - trivial crash - part II,
Adam [ckkl]
- Race in XP SCM Service Shutdown Mechanism,
Matthew Murphy
- BadBlue Remote Administrative Access Vulnerability,
Matthew Murphy
- Monkey HTTPd Remote Buffer Overflow,
Matthew Murphy
- ACER Travelmate 600 and 800 series - Smartcard flawed Implementation,
Leonard.Ong
- MPCSoftWeb Guest Book vulnerabilities.,
drG4njubas
- Remote Vulnerabilties in mod_ntlm,
Matthew Murphy
- PTNews v1.7.7 - Access to administrator functions without authentification,
scrap
- GLSA: snort (200304-05),
Daniel Ahlberg
- AN HTTPd Sample Script File Truncation,
Matthew Murphy
- [NGSEC-2003-5] YABB SE, remote command execution,
labs
- [SECURITY] [DSA 291-1] New ircII packages fix DoS and arbitrary code execution,
Martin Schulze
- [CLA-2003:629] Conectiva Security Announcement - tcpdump,
Conectiva Updates
- [SECURITY] [DSA 292-1] New mime-support packages fix temporary file race conditions,
Martin Schulze
- Stealth DMCA. Be afraid. Be very afraid...,
alaskan
- SRT2003-04-22-1336 - SAP DB Development Tools install flaw,
KF
- XMB 1.8 Partagium SQL Injection Bug,
zeez
- [CLA-2003:630] Conectiva Security Announcement - balsa,
Conectiva Updates
- Defeating HTML "Encryption",
rjfix
- [RHSA-2003:032-01] Updated tcpdump packages fix various vulnerabilities,
bugzilla
- Cisco Security Advisory: Cisco Secure Access Control Server for Windows Admin Buffer Overflow Vulnerability,
Cisco Systems Product Security Incident Response Team
- Snort <=1.9.1 exploit,
truff
- Cracking preshared keys,
Michael Thumann
- [SECURITY] [DSA 292-2] New mime-support packages fix temporary file race conditions,
Martin Schulze
- Security problems in gkrellm-newsticker,
Martin Schulze
- [SECURITY] [DSA 293-1] New kdelibs packages fix arbitrary command execution,
Martin Schulze
- Format strings vuln in CGIwrap,
b0f www . b0f . net
- [SECURITY] [DSA 294-1] New gkrellm-newsticker packages fix DoS and arbitrary command execution,
Martin Schulze
- RE: [cgiwrap-users] RE: Format strings vuln in CGIwrap,
Neulinger, Nathan
- [RHSA-2003:076-01] Updated ethereal packages fix security vulnerabilities,
bugzilla
- Cisco Security Advisory: Cisco Catalyst Enable Password Bypass Vulnerability,
Cisco Systems Product Security Incident Response Team
- Nokia IPSO Vulnerability,
Jonas Eriksson
- SQL injection in BttlxeForum,
SecurityTracker
- NSFOCUS SA2003-04 : Remote Buffer Overflow Vulnerability in Web Management Interface of Cisco Secure ACS,
NSFOCUS Security Team
- BRS WebWeaver: Ftpd Lockdown via RETR cmd,
euronymous
- SuSE Security Announcement: KDE (SuSE-SA:2003:026),
Sebastian Krahmer
- Internet Explorer Plugin.ocx heap overflow (#NISR24042003),
NGSSoftware Insight Security Research
- Positive Technologies SA2003-0310: DoS-attack in VisNetic ActiveDefense,
Dmitry Maksimov
- Permanent crash in Opera 7.10,
David F. Madrid
- DNS vulnerabilities in shared host environments,
Chris Leishman
- An Implementation of a Birthday Attack in a DNS Spoofing,
Ramon Izaguirre
- [RHSA-2003:112-01] Updated squirrelmail packages fix cross-site scripting vulnerabilities,
bugzilla
- [RHSA-2003:142-01] Updated LPRng packages fix psbanner vulnerability,
bugzilla
- SRT2003-04-24-1532 - Options Parsing Tool library buffer overflows.,
KF
- address for postini security,
Hamby, Charles D.
- PHP-Nuke 6.5 FINAL Cross Site Scripting,
Frog Man
- [RHSA-2003:118-01] Updated mICQ packages fix vulnerability,
bugzilla
- MDKSA-2003:051 - Updated ethereal packages fix remote vulnerability,
Mandrake Linux Security Team
- Windows Server 2003 Security Guide available,
Michael Howard
- [BUGZILLA] Security Advisory - XSS, insecure temporary filenames,
David Miller
- SonicWall Pro DoS?,
Greg Smith
- Multiple SQL injection on OpenBB forums,
Albert Puigsech Galicia
- Unauthorized reading files on phpSysInfo,
Albert Puigsech Galicia
- XOOPS MyTextSanitizer CSS 1.3x & 2.x,
magistrat
- Multiple Vulnerabilities in BSD LPR Subsystem on IRIX update,
SGI Security Coordinator
- Path disclosure and file access on WebAdmin,
David A . Pérez
- Re: Exploit for PopPToP PPTP server - Working version,
blightninjas
- Invision Power Board Plaintext Password Disclosure Vuln,
JeiAr
- Microsoft IIS Integrated Authentication,
skybristol
- Cross site scripting in Onecenter forum 4.0,
David F. Madrid
- Vulnerability in nsd LDAP Implementation on IRIX,
SGI Security Coordinator
- Album.pl Vulnerability - Remote Command Execution,
aresu
- Buffer overflow in Internet Explorer's HTTP parsing code,
Jouko Pynnonen
- 3com NBX IP Phone Call manager Denial of Service - Update,
Michael Scheidell
- GLSA: mgetty (200304-09),
Daniel Ahlberg
- ATM on Linux Exploit Code Release (les, local),
Angelo Rosiello
- Qpopper v4.0.x poppassd local root exploit,
dong-h0un U
- GLSA: monkeyd (200304-07.1),
Daniel Ahlberg
- [Opera 7/6] Long File Extension Heap Buffer Overrun Vulnerability in Download.,
nesumin
- [Opera 7] Yet Another Story of "Phantom of the Opera",
nesumin
- GLSA: snort (200304-06),
Daniel Ahlberg
- GLSA: pptpd (200304-08),
Daniel Ahlberg
- Buffer overflow in 3D-ftp,
Over_G
- s0h: Remote/Local exploit and patch for regedit.exe.,
descript
- IIS Security and Programming Countermeasures e-book,
Jason Coombs
- MDaemon SMTP/POP/IMAP server =>v.6.7.5: IMAP buffer overflow,
D4rkGr3y
- MDaemon SMTP/POP/IMAP server: =>6.0.7: POP remote DoS,
D4rkGr3y
- CORE-2003-0305-02: Vulnerabilities in Kerio Personal Firewall,
CORE Security Technologies Advisories
- Pi3Web 2.0.1 DoS,
aT4r InsaN3
- Windows 2000 Security Hardening Guide Available,
Michael Howard
- NII Advisory - Path Disclosure in Cold Fusion MX Server,
Network Intelligence India Pvt. Ltd.
- Oracle Database Server Buffer Overflow Vulnerability (#NISR29042003),
NGSSoftware Insight Security Research
- IdeaBox: Remote Command Execution,
euronymous
- "netscape navigator" is cracked.,
Liu Die Yu
- [RHSA-2003:079-01] Updated zlib packages fix gzprintf buffer overflow vulnerability,
bugzilla
- MDKSA-2003:052 - Updated snort packages fix remote vulnerability,
Mandrake Linux Security Team
- Coldfusion MX: Java in CFM causes Crash,
Marc Schoenefeld
- Auerswald COMsuite/ Back Door,
Kroma Pierre
- HPUX rexec buffer overflow vulnerability,
Davide Del Vecchio
- April appeared to be a month of IE bugs. Here's another one.,
ERRor
- [RHSA-2003:093-01] Updated MySQL packages fix vulnerabilities,
bugzilla
- Latest MS SQL Server vulnerabilities revealed,
Cesar
- GLSA: balsa (200304-10),
Daniel Ahlberg
- Cisco Security Advisory: Cisco Content Service Switch 11000 Series DNS Negative Cache of Information Denial-of-Service,
Cisco Systems Product Security Incident Response Team
- [SECURITY] [DSA 292-3] New mime-support packages really fix temporary file race conditions,
Martin Schulze
- OpenSSH/PAM timing attack allows remote users identification,
Marco Ivaldi
- Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv),
Damien Miller
- [ESA-20030430-014] 'tcpdump' multiple vulnerabilities,
EnGarde Secure Linux
- [ESA-20030430-013] 'snort' stream4 preprocessor integer overflow vulnerability,
EnGarde Secure Linux
- [CLA-2003:632] Conectiva Security Announcement - apache,
Conectiva Updates
- [CLA-2003:614] REVISED: Conectiva Security Announcement - sendmail,
Conectiva Updates
- [CLA-2003:633] Conectiva Security Announcement - glibc,
Conectiva Updates
- [CLA-2003:635] Conectiva Security Announcement - balsa,
Conectiva Updates
- [SECURITY] [DSA 296-1] New kdebase packages fix arbitrary command execution,
Martin Schulze
- [SECURITY] [DSA 295-1] New pptpd packages fix remote root exploit,
Martin Schulze
- [CLA-2003:633] REVISED: Conectiva Security Announcement - glibc,
Conectiva Updates
- Red Hat IA64 products still missing fixes for the ptrace vs kmod vulnerability,
Christoph Hellwig
Mail converted by MHonArc