Buqtraq Archiv April 2003

• Thread Index

• NSFOCUS SA2003-03: Solaris dtsession Heap Buffer Overflow Vulnerability
  • From: NSFCOSU Security Team
• OpenSSH 3.6 released (fwd)
  • From: Jonas Eriksson
• [RHSA-2003:034-01] Updated dhcp packages fix possible packet storm
  • From: bugzilla
• Security issues in D-Link DSL-300/DSL-300G+ Broadband Modem/Router
  • From: Arhont Information Security
• NSFOCUS SA2003-02: Solaris lpq Stack Buffer Overflow Vulnerability
  • From: NSFCOSU Security Team
• [DDI-1012] Malformed request causes denial of service in HP InstantTopTools
  • From: Erik Parker
• Personal FTP Server
  • From: subj
• [OpenPKG-SA-2003.027] OpenPKG Security Advisory (sendmail)
  • From: OpenPKG
• Ericsson Mobile Phones Security Contact?
  • From: Ollie Whitehouse
• GLSA: krb5 & mit-krb5 (200303-28)
  • From: Daniel Ahlberg
• GLSA: sendmail (200303-27)
  • From: Daniel Ahlberg
• serious vulnerability present. all doomed. over.
  • From: Security Experts, Liability Limited
• GLSA: openafs (200303-26)
  • From: Daniel Ahlberg
• MiniPortal
  • From: subj
• FreeBSD Security Advisory FreeBSD-SA-03:07.sendmail
  • From: FreeBSD Security Advisories
• Buffer Overflow in Broker FTP Server
  • From: subj
• Re: IRM 004: ActiveSync Version 3.5 Denial of Service Vulnerability
  • From: panic
• Immunix Secured OS 7+ openssl update
  • From: Immunix Security Team
• BRS WebWeaver: full disclosure
  • From: euronymous
• [RHSA-2003:084-01] Updated vsftpd packages re-enable tcp_wrappers support
  • From: bugzilla
• Fwd: QuickTime 6.1 for Windows is available
  • From: Bryan Blackburn
• Sambar Server "Buffer OverFlow" Vulnerabilities
  • From: Lorenzo Manuel Hernandez Garcia-Hierro
• [RHSA-2003:101-01] Updated OpenSSL packages fix vulnerabilities
  • From: bugzilla
• TYPSoft FTP Server
  • From: subj
• Immunix Secured OS 7+ samba update
  • From: Immunix Security Team
• [RHSA-2003:095-03] New samba packages fix security vulnerabilities
  • From: bugzilla
• iDEFENSE Security Advisory 03.31.03: Buffer Overflow in Windows QuickTime Player
  • From: iDEFENSE Labs
• [SCSA-015] Remote Denial of Service Vulnerability in PowerFTP
  • From: Grégory
• @(#)Mordred Labs advisory - Integer overflow in PHP str_repeat() function
  • From: Sir Mordred
• [ANNOUNCE] Apache 2.0.45 Released
  • From: Lars Eilebrecht
• @(#)Mordred Labs advisory - Integer overflow in PHP array_pad() function
  • From: Sir Mordred
• Inaccurate Reports Concerning PHP Vulnerabilities
  • From: mattmurphy@xxxxxxxxx
• Phorum 3.4 Cross Site Scripting
  • From: Stöckli
• RE: Netscape and Opera crash via java
  • From: Zelena Endre
• [INetCop Security Advisory] Remote Multiple Buffer Overflow vulnerability in passlogd sniffer.
  • From: dong-h0un U
• BEA WebLogic internal hostname disclosure
  • From: Michael Hendrickx
• OpenSSH 3.6.1 released
  • From: Markus Friedl
• [SECURITY] [DSA 275-1] New lpr-ppd packages fix local root exploit
  • From: Martin Schulze
• XSS in Python Documentation Server
  • From: euronymous
• re:3com RAS 1500 Remote vulnerabilities.
  • From: Jan Kachlik
• Re: Positive Technologies Security Advisory 2003-0307: DoS-attack in Kerio WinRoute Firewall
  • From: Peter Pentchev
• Css in Xoops module glossary 1.3.x
  • From: magistrat
• Re: PHP-Nuke block-Forums.php subject vulnerabilities
  • From: Frog Man
• Viewpoint Server
  • From: Ben Maynard
• IkonBoard v3.1.1: arbitrary command execution
  • From: Nick Cleaton
• [RHSA-2003:091-01] Updated kerberos packages fix various vulnerabilities
  • From: bugzilla
• Java and Javascript
  • From: David F. Madrid
• Re: Oracle JDBC: Inconsistent handling of timestamps
  • From: Peter J. Holzer
• Microsoft Terminal Services vulnerable to MITM-attacks.
  • From: Erik Forsberg
• MDKSA-2003:040 - Updated Eterm packages fix escape sequence insecurities
  • From: Mandrake Linux Security Team
• Re: NSFOCUS SA2003-03: Solaris dtsession Heap Buffer Overflow Vulnerability
  • From: Alan Kong
• Re: BEA WebLogic internal hostname disclosure
  • From: Kurt Seifried
• Re: Phorum 3.4 Cross Site Scripting
  • From: Hagen Kühnel - HagK
• [RHSA-2003:128-01] Updated Eye of GNOME packages fix vulnerability
  • From: bugzilla
• [SECURITY] [DSA 276-1] New Linux kernel packages (s390) fix local root exploit
  • From: Martin Schulze
• Multiple vulnerabilities in AutomatedShops WebC shopping cart
  • From: Carl Livitt
• Re: Phorum 3.4 Cross Site Scripting
  • From: Brian Moon
• [RHSA-2003:060-01] Updated NetPBM packages fix multiple vulnerabilities
  • From: bugzilla
• Security Update: [CSSA-2003-016.0] OpenLinux: sendmail sign extension buffer overflow (CERT CA-2003-12)
  • From: security
• [RHSA-2003:109-03] Updated balsa and mutt packages fix vulnerabilities
  • From: bugzilla
• Sendmail parseaddr security vulnerability on IRIX
  • From: SGI Security Coordinator
• [SECURITY] [DSA 277-1] New apcupsd packages fix remote root exploit
  • From: Martin Schulze
• SRT2003-04-02-1735 - Progress PROSTARTUP root owned file read
  • From: KF
• RE: Microsoft Terminal Services vulnerable to MITM-attacks.
  • From: Larry Seltzer
• Another security problem in Netgear FM114P ProSafe Wireless Router firmware
  • From: Björn Stickler
• passlogd sniffer remote buffer overflow root exploit.
  • From: dong-h0un U
• Sakki's guestbook V.1.01 script injection vulnerability.
  • From: drG4njubas
• Re: @(#)Mordred Labs advisory - Integer overflow in PHP str_repeat() function
  • From: Goran Krajnovic
• SRT2003-04-03-1300 - Interbase ISC_LOCK_ENV overflow
  • From: KF
• RE: Another security problem in Netgear FM114P ProSafe Wireless Router firmware (also level-one)
  • From: Björn Stickler
• Using Java from Javascript
  • From: David F. Madrid
• NetBIOS could be used as network flood amplier
  • From: Francesco Vigo
• RE: Microsoft Terminal Services vulnerable to MITM-attacks.
  • From: Devin Heitmueller
• Re: Microsoft Terminal Services vulnerable to MITM-attacks.
  • From: Erik Forsberg
• Re: Multiple vulnerabilities in AutomatedShops WebC shopping cart
  • From: Carl Livitt
• [SECURITY] [DSA 278-1] New sendmail packages fix denial of service
  • From: Martin Schulze
• Syscall implementation could lead to whether or not a file exists
  • From: Andrew Griffiths
• SuSE Security Announcement: openssl (SuSE-SA:2003:024)
  • From: Sebastian Krahmer
• [SECURITY] [DSA 278-2] New sendmail packages fix DoS and arbitrary code execution
  • From: Martin Schulze
• AspJar guestbook script injection vulnerability.
  • From: drG4njubas
• TA-2003-03 Buffer Overflow Vulnerability in Hyperion FTP Server 3.0
  • From: Rushjo@xxxxxxxxxxx
• NetBSD Security Advisory 2003-006: Cryptographic weaknesses in Kerberos v4 protocol
  • From: NetBSD Security Officer
• NetBSD Security Advisory 2003-009: sendmail buffer overrun in prescan() address parser
  • From: NetBSD Security Officer
• Re: Vulnerability (critical): Digital signature for Adobe Acrobat/Reader plug-in can be forged
  • From: Vladimir Katalov
• [CLA-2003:613] Conectiva Security Announcement - snort
  • From: Conectiva Updates
• Re: SRT2003-04-03-1300 - Interbase ISC_LOCK_ENV overflow
  • From: Marius Popa Adrian
• An Alternate View of Recently Reported PHP Vulnerabilities
  • From: Steven M. Christey
• RE: NetBIOS could be used as network flood amplier
  • From: Russ
• RE: Netscape and Opera crash via java
  • From: Richard H. Cotterell
• Re: passlogd sniffer remote buffer overflow root exploit.
  • From: Dragos Ruiu
• Re: @(#)Mordred Labs advisory - Integer overflow in PHP str_repeat() function
  • From: Jedi/Sector One
• [CLA-2003:614] Conectiva Security Announcement - sendmail
  • From: Conectiva Updates
• Re: @(#)Mordred Labs advisory - Integer overflow in PHP str_repeat() function
  • From: Javi Lavandeira
• Re: Microsoft Terminal Services vulnerable to MITM-attacks.
  • From: Henrik Storner
• buffalo AirStation G54 - (WBR-G54 ) DoS
  • From: Pavel shpac
• [CLA-2003:616] Conectiva Security Announcement - dhcp
  • From: Conectiva Updates
• Re: @(#)Mordred Labs advisory - Integer overflow in PHP str_repeat() function
  • From: Jon Ribbens
• Re: An Alternate View of Recently Reported PHP Vulnerabilities
  • From: Sascha Schumann
• [CLA-2003:617] Conectiva Security Announcement - file
  • From: Conectiva Updates
• SRT2003-04-04-1106 - AOLServer Proxy Daemon API unformatted syslog() call
  • From: KF
• [CLA-2003:615] Conectiva Security Announcement - samba
  • From: Conectiva Updates
• LocalSystem account in Windows 2000/XP
  • From: Pavel
• Re: @(#)Mordred Labs advisory - Integer overflow in PHP str_repeat() function
  • From: Muhammad Faisal Rauf Danka
• SignHere guestbook vulnerability.
  • From: drG4njubas
• Re: An Alternate View of Recently Reported PHP Vulnerabilities
  • From: Goran Krajnovic
• Abyss X1 1.1.2 remote crash
  • From: Auriemma Luigi
• RE: LocalSystem account in Windows 2000/XP
  • From: Russ
• Two Invision Power Board 1.1.x vulns
  • From: Gossi The Dog
• Interbase/Firebird - external file security bug
  • From: Kotala Zdeněk
• Re: An Alternate View of Recently Reported PHP Vulnerabilities
  • From: dullien
• [DDI-1013] Buffer Overflow in Samba allows remote root compromise
  • From: Erik Parker
• [CLA-2003:618] Conectiva Security Announcement - kernel
  • From: Conectiva Updates
• [SECURITY] [DSA 279-1] New metrics packages fix insecure temporary file creation
  • From: Martin Schulze
• [OpenPKG-SA-2003.028] OpenPKG Security Advisory (samba)
  • From: OpenPKG
• Vignette Story Server sensitive information disclosure (a040703-1)
  • From: @stake Advisories
• Java Agent freezes Lotus Notes and Domino 6.0.1
  • From: Marc Schoenefeld
• JpegX 2.0.0.3 Password Bypass Vulnerability
  • From: JeiAr
• Immunix Secured OS 7+ cvs update
  • From: Immunix Security Team
• [SECURITY] [DSA 280-1] New samba packages fix remote root exploit
  • From: Martin Schulze
• Immunix Secured OS 7+ samba update
  • From: Immunix Security Team
• [CLA-2003:619] Conectiva Security Announcement - zlib
  • From: Conectiva Updates
• SuSE Security Announcement: samba (SuSE-SA:2003:025)
  • From: Roman Drahtmueller
• Re: NetBIOS could be used as network flood amplier
  • From: Francesco Vigo
• Coppermine Photo Gallery remote compromise
  • From: Berend-Jan Wever
• MDKSA-2003:044 - Updated samba packages fix remote root vulnerability
  • From: Mandrake Linux Security Team
• Immunix Secured OS 7+ Kerberos update
  • From: Immunix Security Team
• Unchecked Buffer in Opera 7.02
  • From: David F.Madrid
• TSLSA-2003-0019 - samba
  • From: Trustix Secure Linux Advisor
• [RHSA-2003:137-01] New samba packages fix security vulnerability
  • From: bugzilla
• [Sorcerer-spells] SAMBA--SORCERER2003-04-08
  • From: Michael Walton
• [SECURITY] [DSA 281-1] New xftp packages fix arbitrary code execution
  • From: Martin Schulze
• mIRC "dcc filename spoofing"
  • From: Knud Erik Højgaard
• [RHSA-2003:036-01] Updated mgetty packages available
  • From: bugzilla
• [CLA-2003:620] Conectiva Security Announcement - man
  • From: Conectiva Updates
• AMaViS-ng 0.1.6.x and postfix: possible open relay and mail loss
  • From: Phil Cyc
• False-negatives in several Vulnerability Assessment tools
  • From: Nicolas Gregoire
• Orplex guestbook script injection.
  • From: drG4njubas
• iDEFENSE Security Advisory 04.08.03: Denial of Service in Apache HTTP Server 2.x
  • From: iDEFENSE Labs
• Re: False-negatives in several Vulnerability Assessment tools
  • From: Geoff Shively
• Multiple Vulnerabilities in libc RPC functions on IRIX
  • From: SGI Security Coordinator
• samba 2.x call_trans2open() exploit
  • From: noir sin
• [ARL03-A16] Multiple Security Issues in phPay
  • From: Ahmet Sabri ALPER
• GLSA: apache (200304-01)
  • From: Daniel Ahlberg
• [RHSA-2003:137-02] New samba packages fix security vulnerability
  • From: bugzilla
• Immunix Secured OS 7+ PostgreSQL update
  • From: WireX Security
• [CLA-2003:624] Conectiva Security Announcement - samba
  • From: Conectiva Updates
• Exploit Code Released for Apache 2.x Memory Leak
  • From: mattmurphy@xxxxxxxxx
• Hyperion FTP server Remote DOS and unauthorised remote access.
  • From: moran zavdi
• GLSA: setiathome (200304-03)
  • From: Daniel Ahlberg
• PoPToP PPTP server remotely exploitable buffer overflow
  • From: Timo Sirainen
• ISC guestbook script injection vulnerability.
  • From: drG4njubas
• Re: Buffer Overflow in Broker FTP Server
  • From: Knud Erik Højgaard
• Samba Security Vulnerability on IRIX
  • From: SGI Security Coordinator
• iDEFENSE Security Advisory 04.09.03: Denial of Service in Microsoft Proxy Server and Internet Security and Acceleration (ISA) S
  • From: iDEFENSE Labs
• Immunix Secured OS 7+ MySQL update
  • From: WireX Security
• GLSA: samba (200304-02)
  • From: Daniel Ahlberg
• [SECURITY] [DSA 269-2] New heimdal packages fix authentication failure
  • From: Martin Schulze
• Re: AMaViS-ng 0.1.6.x and postfix: possible open relay and mail loss
  • From: Phil Cyc
• Vulnerabilities in Portable Executable (PE) File Format For Win32 Architecture
  • From: Exurity Inc.
• Admin access in GuestBook r4
  • From: Over_G
• Disclosing information in Super GuestBook
  • From: Over_G
• MDKSA-2003:038-1 - Updated 2.4 kernel packages fix ptrace vulnerability
  • From: Mandrake Linux Security Team
• KDE Security Advisory: PS/PDF file handling vulnerability
  • From: Dirk Mueller
• Re: Unchecked Buffer in Opera 7.02
  • From: nesumin
• GLSA: kde-3.x (200304-04)
  • From: Daniel Ahlberg
• Re: Microsoft Terminal Services vulnerable to MITM-attacks.
  • From: Carlos Branco
• Re: Exploit Code Released for Apache 2.x Memory Leak
  • From: Serban Murariu
• xfsdump creates files insecurely on IRIX
  • From: SGI Security Coordinator
• Re: PoPToP PPTP server remotely exploitable buffer overflow
  • From: Dick St.Peters
• Flaw in Microsoft VM Could Enable System Compromise
  • From: K-Otik . com
• working apache <= 2.0.44 DoS exploit for linux.
  • From: Daniel Nyström
• [CLA-2003:625] Conectiva Security Announcement - openssl
  • From: Conectiva Updates
• Integrigy Security Advisory - Oracle Applications FNDFS Vulnerability
  • From: Integrigy Security Alerts
• [RHSA-2003:089-00] Updated glibc packages fix vulnerabilities in RPC XDR decoder
  • From: bugzilla
• [SECURITY] [DSA 283-1] New xfsdump packages fix insecure file creation
  • From: Martin Schulze
• Medium Vulnerability in SNMP on Linsys BEFVP41
  • From: Branson Matheson
• MacOS X DirectoryService Privilege Escalation (a041003-1)
  • From: @stake Advisories
• Buffer Overflow Vulnerability Found in MailMax Version 5
  • From: Dennis Rand
• Immunix Secured OS 7+ MySQL update
  • From: WireX Security Team
• GLSA: kde-2.x (200304-05)
  • From: Daniel Ahlberg
• FileMaker Pro network protocol sends passwords to any client attempting to connect to a shared database.
  • From: Stephen White
• Re: Netscape and Opera crash via java
  • From: Dan Harkless
• Re: AMaViS-ng 0.1.6.x and postfix: possible open relay and mail loss
  • From: Hilko Bengen
• repost: SRT2003-04-01-1231 - Progress DLC overflows
  • From: KF
• Ocean12 ASP Guestbook Manager v1.00
  • From: drG4njubas
• Protection against buffer overflows: when your anchor is washed away, then you are overflowed and refuse to RET
  • From: Exurity Inc.
• Immunix Secured OS 7+ PostgreSQL update
  • From: WireX Security Team
• IRIX ToolTalk Vulnerabilities Update
  • From: SGI Security Coordinator
• R7-0013: Heap Corruption in Gaim-Encryption Plugin
  • From: Rapid 7 Security Advisories
• Brocade Firmware SNMP Vulnerability
  • From: SGI Security Coordinator
• PATCH: [CAN-2003-0132] Apache 2.0.44 Denial of Service Vulnerability
  • From: William A. Rowe, Jr.
• [SECURITY] [DSA 284-1] New kdegraphics packages fix arbitrary command execution
  • From: Martin Schulze
• [Sorcerer-spells] KDE-SORCERER2003-04-12
  • From: Michael Walton
• Re: Medium Vulnerability in SNMP on Linsys BEFVP41
  • From: Stefan Laudat
• Re: working apache <= 2.0.44 DoS exploit for linux.
  • From: Paul Johnston
• Arp records in solaris
  • From: Edward J. Aivazian
• [SECURITY] [DSA 274-2] New mutt packages fix arbitrary code execution in potato
  • From: Martin Schulze
• Multiple vulnerabilities in SheerDNS
  • From: Jedi/Sector One
• Misuse of Macromedia Flash Ads clickTAG Option May Lead to Privacy Breach
  • From: Aviram Jenik
• [SECURITY] [DSA 286-1] New gs-common packages fix insecure temporary file creation
  • From: Martin Schulze
• [SECURITY] [DSA 285-1] New lprng packages fix insecure temporary file creation
  • From: Martin Schulze
• Instaboard 1.3 SQL Injection
  • From: Jim Dew
• Web Wiz Site News realease v3.06 administration access.
  • From: drG4njubas
• FipsGuestbook Version 1.12.7 script injection.
  • From: drG4njubas
• Multiple Vulnerabilities in BSD LPR Subsystem on IRIX
  • From: SGI Security Coordinator
• bitchx sources backdoored on distribution site
  • From: Michał Szwaczko
• ActivCard password cache memory leakage
  • From: OTERO Hernan Gustavo EDS
• GLSA: kde-2.x (200304-05.1)
  • From: Daniel Ahlberg
• [RHSA-2003:126-01] Updated gtkhtml packages fix vulnerability
  • From: bugzilla
• Re: bitchx sources backdoored on distribution site
  • From: Neeko Oni
• bitchx sources trojaned - follow up
  • From: Michał Szwaczko
• Re: Arp records in solaris
  • From: Brad Arlt
• [CLA-2003:626] Conectiva Security Announcement - mutt
  • From: Conectiva Updates
• GLSA: kdegraphics-3.1.x (200304-04.1)
  • From: Daniel Ahlberg
• MDKSA-2003:046 - Updated gtkhtml packages fix vulnerability
  • From: Mandrake Linux Security Team
• [SCSA-016] Multiple vulnerabilities in Ez publish
  • From: Grégory
• BitchX trojan, the real follow up.
  • From: Rob Andrews
• SRT2003-04-15-1029 - Progres BINPATHX overflow
  • From: KF
• [SECURITY] [DSA 287-1] New EPIC packages fix DoS and arbitrary code execution
  • From: Martin Schulze
• MDKSA-2003:045 - Updated evolution packages fix multiple vulnerabilities
  • From: Mandrake Linux Security Team
• nb1300 router - default settings expose password
  • From: denote
• [SECURITY] [DSA 267-2] New lpr packages fix local root exploit (potato)
  • From: Martin Schulze
• Windows 2003 win2k.sys vulnerability
  • From: securityfocus.com
• Oddities in Windows ACL inheritance
  • From: Nicolas RUFF (lists)
• CORE-2003-0307: Snort TCP Stream Reassembly Integer Overflow Vulnerability
  • From: CORE Security Technologies Advisories
• Re: ActivCard password cache memory leakage
  • From: Massimo Cereda
• Immunix Secured OS 7+ glibc update
  • From: Immunix Security Team
• Veritas BackupExec 9.0 may ship with upatched MS SQL Desktop Engine
  • From: Marcus Beaman
• SFAD03-001: iWeb Mini Web Server Remote Directory Traversal
  • From: subversive
• i cracked restriction of 'zone' in mozilla.
  • From: Liu Die Yu
• MDKSA-2003:047 - Updated xfsdump packages fix insecure file creation
  • From: Mandrake Linux Security Team
• MDKSA-2003:048 - Updated eog packages fix arbitrary command execution
  • From: Mandrake Linux Security Team
• Netgear Logging Vulnerability
  • From: { }
• [CLA-2003:627] Conectiva Security Announcement - ethereal
  • From: Conectiva Updates
• Exploit/DoS in MS Internet Explorer 6.0 (OBJECT Tag)
  • From: Ryan Emerle
• [SCSA-017] Directory Traversal Vulnerability in EZ Server
  • From: Grégory
• [SECURITY] [DSA 290-1] New sendmail-wide packages fix DoS and arbitrary code execution
  • From: Martin Schulze
• Vulnerability in rinetd
  • From: Martin Schulze
• [SECURITY] [DSA 289-1] New rinetd packages fix denial of service
  • From: Martin Schulze
• IE 6.0 - trivial crash
  • From: Adam [ckkl]
• RE: Exploit/DoS in MS Internet Explorer 6.0 (OBJECT Tag)
  • From: Steve Ryan
• Re: Exploit/DoS in MS Internet Explorer 6.0 (OBJECT Tag)
  • From: Roland Postle
• Re: IE 6.0 - trivial crash
  • From: Richard Moore
• [SECURITY] [DSA 288-1] New OpenSSL packages fix decipher vulnerability
  • From: Martin Schulze
• Re: i cracked restriction of 'zone' in mozilla.
  • From: Alla Bezroutchko
• Web Wiz Forums all version db stealing
  • From: Uziel aka nuJIurpuM
• Fwd: CERT Advisory CA-2003-13 Multiple Vulnerabilities in Snort Preprocessors
  • From: Muhammad Faisal Rauf Danka
• CrossSite Scripting @ Snitz Forums 2000
  • From: badwebmasters
• Re: IE 6.0 - trivial crash
  • From: Geoff Shively
• [CLA-2003:628] Conectiva Security Announcement - vixie-cron
  • From: Conectiva Updates
• Re: False-negatives in several Vulnerability Assessment tools
  • From: Nicolas Gregoire
• MDKSA-2003:049 - Updated kde3 packages fix arbitrary command execution
  • From: Mandrake Linux Security Team
• Xinetd 2.3.10 Memory Leaks
  • From: Steve Grubb
• Exploit for PoPToP PPTP server
  • From: einstein, dhtm
• Authentication flaw in microsoft SMB protocol
  • From: seclab
• IE 6.0 - trivial crash - part II
  • From: Adam [ckkl]
• Re: Authentication flaw in microsoft SMB protocol
  • From: Dave Aitel
• Race in XP SCM Service Shutdown Mechanism
  • From: Matthew Murphy
• BadBlue Remote Administrative Access Vulnerability
  • From: Matthew Murphy
• Monkey HTTPd Remote Buffer Overflow
  • From: Matthew Murphy
• ACER Travelmate 600 and 800 series - Smartcard flawed Implementation
  • From: Leonard.Ong
• MPCSoftWeb Guest Book vulnerabilities.
  • From: drG4njubas
• Remote Vulnerabilties in mod_ntlm
  • From: Matthew Murphy
• Re: Exploit/DoS in MS Internet Explorer 6.0 (OBJECT Tag)
  • From: mattmurphy
• PTNews v1.7.7 - Access to administrator functions without authentification
  • From: scrap
• RE: Authentication flaw in microsoft SMB protocol
  • From: Jesper Johansson
• GLSA: snort (200304-05)
  • From: Daniel Ahlberg
• AN HTTPd Sample Script File Truncation
  • From: Matthew Murphy
• [NGSEC-2003-5] YABB SE, remote command execution
  • From: labs
• [SECURITY] [DSA 291-1] New ircII packages fix DoS and arbitrary code execution
  • From: Martin Schulze
• [CLA-2003:629] Conectiva Security Announcement - tcpdump
  • From: Conectiva Updates
• [SECURITY] [DSA 292-1] New mime-support packages fix temporary file race conditions
  • From: Martin Schulze
• Stealth DMCA. Be afraid. Be very afraid...
  • From: alaskan
• IE / Outlook / MS SHLWAPI Render - more trivial crash
  • From: Ramon Pinuaga Cascales
• SRT2003-04-22-1336 - SAP DB Development Tools install flaw
  • From: KF
• XMB 1.8 Partagium SQL Injection Bug
  • From: zeez
• [CLA-2003:630] Conectiva Security Announcement - balsa
  • From: Conectiva Updates
• Defeating HTML "Encryption"
  • From: rjfix
• RE : IE / Outlook / MS SHLWAPI Render - more trivial crash
  • From: Gervaize Maquard
• Re: [mail_lists] Stealth DMCA. Be afraid. Be very afraid...
  • From: Jim
• Re: Stealth DMCA. Be afraid. Be very afraid...
  • From: Darren Pilgrim
• Re: Authentication flaw in microsoft SMB protocol
  • From: Chris Wysopal
• Re: Exploit for PoPToP PPTP server - Linux version
  • From: John Leach
• [RHSA-2003:032-01] Updated tcpdump packages fix various vulnerabilities
  • From: bugzilla
• Cisco Security Advisory: Cisco Secure Access Control Server for Windows Admin Buffer Overflow Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Snort <=1.9.1 exploit
  • From: truff
• Cracking preshared keys
  • From: Michael Thumann
• Re: IE / Outlook / MS SHLWAPI Render - more trivial crash
  • From: Berend-Jan Wever
• [SECURITY] [DSA 292-2] New mime-support packages fix temporary file race conditions
  • From: Martin Schulze
• Security problems in gkrellm-newsticker
  • From: Martin Schulze
• Re[2]: Authentication flaw in microsoft SMB protocol
  • From: 3APA3A
• [SECURITY] [DSA 293-1] New kdelibs packages fix arbitrary command execution
  • From: Martin Schulze
• Format strings vuln in CGIwrap
  • From: b0f www . b0f . net
• [SECURITY] [DSA 294-1] New gkrellm-newsticker packages fix DoS and arbitrary command execution
  • From: Martin Schulze
• RE: Format strings vuln in CGIwrap
  • From: Neulinger, Nathan
• RE: [cgiwrap-users] RE: Format strings vuln in CGIwrap
  • From: Neulinger, Nathan
• Re: Cracking preshared keys
  • From: Damir Rajnovic
• [RHSA-2003:076-01] Updated ethereal packages fix security vulnerabilities
  • From: bugzilla
• Cisco Security Advisory: Cisco Catalyst Enable Password Bypass Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• Nokia IPSO Vulnerability
  • From: Jonas Eriksson
• Re: Cracking preshared keys
  • From: David Wagner
• SQL injection in BttlxeForum
  • From: SecurityTracker
• NSFOCUS SA2003-04 : Remote Buffer Overflow Vulnerability in Web Management Interface of Cisco Secure ACS
  • From: NSFOCUS Security Team
• Re: Cracking preshared keys
  • From: Derek
• BRS WebWeaver: Ftpd Lockdown via RETR cmd
  • From: euronymous
• SuSE Security Announcement: KDE (SuSE-SA:2003:026)
  • From: Sebastian Krahmer
• Internet Explorer Plugin.ocx heap overflow (#NISR24042003)
  • From: NGSSoftware Insight Security Research
• RE: Nokia IPSO Vulnerability
  • From: Jorge Merlino
• Positive Technologies SA2003-0310: DoS-attack in VisNetic ActiveDefense
  • From: Dmitry Maksimov
• Permanent crash in Opera 7.10
  • From: David F. Madrid
• DNS vulnerabilities in shared host environments
  • From: Chris Leishman
• An Implementation of a Birthday Attack in a DNS Spoofing
  • From: Ramon Izaguirre
• [RHSA-2003:112-01] Updated squirrelmail packages fix cross-site scripting vulnerabilities
  • From: bugzilla
• Re: Cracking preshared keys
  • From: Gary Flynn
• Re: DNS vulnerabilities in shared host environments
  • From: Frank Tegtmeyer
• Re: Cracking preshared keys
  • From: Michael Thumann
• [RHSA-2003:142-01] Updated LPRng packages fix psbanner vulnerability
  • From: bugzilla
• RE: Cracking preshared keys
  • From: Rager, Anton (Anton)
• Re: Nokia IPSO Vulnerability
  • From: Damieon Stark
• Re: Cracking preshared keys
  • From: Michael Thumann
• SRT2003-04-24-1532 - Options Parsing Tool library buffer overflows.
  • From: KF
• Re: Cracking preshared keys
  • From: Gary Flynn
• address for postini security
  • From: Hamby, Charles D.
• Re: Nokia IPSO Vulnerability
  • From: Valdis . Kletnieks
• RE: Nokia IPSO Vulnerability
  • From: Jorge Merlino
• PHP-Nuke 6.5 FINAL Cross Site Scripting
  • From: Frog Man
• [RHSA-2003:118-01] Updated mICQ packages fix vulnerability
  • From: bugzilla
• Re: Permanent crash in Opera 7.10
  • From: Dmitrij Lukasevic
• RE: Nokia IPSO Vulnerability
  • From: Miller, Rick
• RE: Nokia IPSO Vulnerability
  • From: Iain.King
• Re: Nokia IPSO Vulnerability
  • From: Shawn Duffy
• MDKSA-2003:051 - Updated ethereal packages fix remote vulnerability
  • From: Mandrake Linux Security Team
• Windows Server 2003 Security Guide available
  • From: Michael Howard
• Re: Cracking preshared keys
  • From: Curt Sampson
• [BUGZILLA] Security Advisory - XSS, insecure temporary filenames
  • From: David Miller
• SonicWall Pro DoS?
  • From: Greg Smith
• Multiple SQL injection on OpenBB forums
  • From: Albert Puigsech Galicia
• Unauthorized reading files on phpSysInfo
  • From: Albert Puigsech Galicia
• XOOPS MyTextSanitizer CSS 1.3x & 2.x
  • From: magistrat
• Multiple Vulnerabilities in BSD LPR Subsystem on IRIX update
  • From: SGI Security Coordinator
• Path disclosure and file access on WebAdmin
  • From: David A . Pérez
• Re: Exploit for PopPToP PPTP server - Working version
  • From: blightninjas
• Invision Power Board Plaintext Password Disclosure Vuln
  • From: JeiAr
• Microsoft IIS Integrated Authentication
  • From: skybristol
• Re: Cracking preshared keys
  • From: hank
• Re: Unauthorized reading files on phpSysInfo
  • From: Wolter Kamphuis
• Cross site scripting in Onecenter forum 4.0
  • From: David F. Madrid
• Vulnerability in nsd LDAP Implementation on IRIX
  • From: SGI Security Coordinator
• Album.pl Vulnerability - Remote Command Execution
  • From: aresu
• Buffer overflow in Internet Explorer's HTTP parsing code
  • From: Jouko Pynnonen
• Re: Cracking preshared keys
  • From: Stefan Laudat
• 3com NBX IP Phone Call manager Denial of Service - Update
  • From: Michael Scheidell
• GLSA: mgetty (200304-09)
  • From: Daniel Ahlberg
• ATM on Linux Exploit Code Release (les, local)
  • From: Angelo Rosiello
• Qpopper v4.0.x poppassd local root exploit
  • From: dong-h0un U
• GLSA: monkeyd (200304-07.1)
  • From: Daniel Ahlberg
• [Opera 7/6] Long File Extension Heap Buffer Overrun Vulnerability in Download.
  • From: nesumin
• [Opera 7] Yet Another Story of "Phantom of the Opera"
  • From: nesumin
• GLSA: snort (200304-06)
  • From: Daniel Ahlberg
• GLSA: pptpd (200304-08)
  • From: Daniel Ahlberg
• Buffer overflow in 3D-ftp
  • From: Over_G
• s0h: Remote/Local exploit and patch for regedit.exe.
  • From: descript
• IIS Security and Programming Countermeasures e-book
  • From: Jason Coombs
• MDaemon SMTP/POP/IMAP server =>v.6.7.5: IMAP buffer overflow
  • From: D4rkGr3y
• MDaemon SMTP/POP/IMAP server: =>6.0.7: POP remote DoS
  • From: D4rkGr3y
• CORE-2003-0305-02: Vulnerabilities in Kerio Personal Firewall
  • From: CORE Security Technologies Advisories
• Pi3Web 2.0.1 DoS
  • From: aT4r InsaN3
• Windows 2000 Security Hardening Guide Available
  • From: Michael Howard
• NII Advisory - Path Disclosure in Cold Fusion MX Server
  • From: Network Intelligence India Pvt. Ltd.
• RE: Windows Server 2003 Security Guide available
  • From: Jason Coombs
• RE: MDaemon SMTP/POP/IMAP server: =>6.0.7: POP remote DoS
  • From: William Pratt
• Oracle Database Server Buffer Overflow Vulnerability (#NISR29042003)
  • From: NGSSoftware Insight Security Research
• IdeaBox: Remote Command Execution
  • From: euronymous
• "netscape navigator" is cracked.
  • From: Liu Die Yu
• RE: Windows Server 2003 Security Guide available
  • From: J.'LoneWolf' Mattsson
• Re: Microsoft IIS Integrated Authentication
  • From: Michael . vonGlasow
• RE: Windows Server 2003 Security Guide available
  • From: Jason Coombs
• RE: Windows Server 2003 Security Guide available
  • From: Frank Knobbe
• [RHSA-2003:079-01] Updated zlib packages fix gzprintf buffer overflow vulnerability
  • From: bugzilla
• MDKSA-2003:052 - Updated snort packages fix remote vulnerability
  • From: Mandrake Linux Security Team
• Re: PTNews v1.7.7 - Access to administrator functions without authentification
  • From: Rui Pimenta
• RE: Windows Server 2003 Security Guide available
  • From: paul
• RE: Windows Server 2003 Security Guide available
  • From: David F. Skoll
• Coldfusion MX: Java in CFM causes Crash
  • From: Marc Schoenefeld
• Auerswald COMsuite/ Back Door
  • From: Kroma Pierre
• HPUX rexec buffer overflow vulnerability
  • From: Davide Del Vecchio
• April appeared to be a month of IE bugs. Here's another one.
  • From: ERRor
• RE: Windows Server 2003 Security Guide available
  • From: Uwe Betz
• [RHSA-2003:093-01] Updated MySQL packages fix vulnerabilities
  • From: bugzilla
• RE: RE : IE / Outlook / MS SHLWAPI Render - more trivial crash
  • From: kajbaf
• Re: Windows Server 2003 Security Guide available
  • From: Lucas Holt
• Latest MS SQL Server vulnerabilities revealed
  • From: Cesar
• GLSA: balsa (200304-10)
  • From: Daniel Ahlberg
• Cisco Security Advisory: Cisco Content Service Switch 11000 Series DNS Negative Cache of Information Denial-of-Service
  • From: Cisco Systems Product Security Incident Response Team
• [SECURITY] [DSA 292-3] New mime-support packages really fix temporary file race conditions
  • From: Martin Schulze
• RE: [Opera 7] Yet Another Story of "Phantom of the Opera"
  • From: GreyMagic Software
• OpenSSH/PAM timing attack allows remote users identification
  • From: Marco Ivaldi
• Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv)
  • From: Damien Miller
• [ESA-20030430-014] 'tcpdump' multiple vulnerabilities
  • From: EnGarde Secure Linux
• [ESA-20030430-013] 'snort' stream4 preprocessor integer overflow vulnerability
  • From: EnGarde Secure Linux
• [CLA-2003:632] Conectiva Security Announcement - apache
  • From: Conectiva Updates
• Re: Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv)
  • From: Valdis . Kletnieks
• [CLA-2003:614] REVISED: Conectiva Security Announcement - sendmail
  • From: Conectiva Updates
• [CLA-2003:633] Conectiva Security Announcement - glibc
  • From: Conectiva Updates
• [CLA-2003:635] Conectiva Security Announcement - balsa
  • From: Conectiva Updates
• Re: Qpopper v4.0.x poppassd local root exploit
  • From: Randall Gellens
• Re: April appeared to be a month of IE bugs. Here's another one.
  • From: Cove Schneider
• RE: MDaemon SMTP/POP/IMAP server: =>6.0.7: POP remote DoS
  • From: jasonk
• [SECURITY] [DSA 296-1] New kdebase packages fix arbitrary command execution
  • From: Martin Schulze
• [SECURITY] [DSA 295-1] New pptpd packages fix remote root exploit
  • From: Martin Schulze
• Re: April appeared to be a month of IE bugs. Here's another one.
  • From: Cove Schneider
• [CLA-2003:633] REVISED: Conectiva Security Announcement - glibc
  • From: Conectiva Updates
• Red Hat IA64 products still missing fixes for the ptrace vs kmod vulnerability
  • From: Christoph Hellwig
• Re: Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv)
  • From: Darren Tucker
• Re: Latest MS SQL Server vulnerabilities revealed
  • From: Jeff Moss
• re:Latest MS SQL Server vulnerabilities revealed
  • From: Michael -