Buqtraq Archiv Oktober 2003

• Thread Index

• Local stackbased overflow found for silly Poker v0.25.5 (advisory + poc exploit)
  • From: demz
• [CLA-2003:751] Conectiva Security Announcement - openssl
  • From: Conectiva Updates
• MDKSA-2003:097 - Updated mplayer packages fix buffer overflow vulnerability
  • From: Mandrake Linux Security Team
• GLSA: openssl (200309-19)
  • From: Daniel Ahlberg
• SuSE Security Announcement: mysql (SuSE-SA:2003:042)
  • From: Sebastian Krahmer
• MDKSA-2003:098 - Updated openssl packages fix vulnerabilities
  • From: Mandrake Linux Security Team
• [slackware-security] OpenSSL security update (SSA:2003-273-01)
  • From: Slackware Security Team
• Cisco Security Advisory: SSL Implementation Vulnerabilities
  • From: Cisco Systems Product Security Incident Response Team
• DCP Portal - 5.5 holes
  • From: Lifo Fifo
• Re: Local stackbased overflow found for silly Poker v0.25.5 (advisory + poc exploit)
  • From: steve
• SuSE Security Announcement: openssl (SuSE-SA:2003:043)
  • From: Thomas Biege
• NOVL-2003-10087450 - Novell Response to NISCC/CERT Advisories re: OpenSSL
  • From: Ed Reed
• ptl-2003-01: IBM DB2 LOAD Command Stack Overflow Vulnerability
  • From: Pentest Security Advisories
• ptl-2003-02: IBM DB2 INVOKE Command Stack Overflow Vulnerability
  • From: Pentest Security Advisories
• Multiple vulnerabilities in WinShadow
  • From: Bahaa Naamneh
• SuSE Security Announcement: lsh (SuSE-SA:2003:041)
  • From: Sebastian Krahmer
• [SECURITY] [DSA-393-1] New OpenSSL packages correct denial of service issues
  • From: Michael Stone
• NOVL-2003-10087450 - Novell Response to NISCC/CERT Advisories re: OpenSSL - revised url
  • From: Ed Reed
• Re: SSGbook (ASP)
  • From: Terry Bankert
• CERT Advisory CA-2003-26 Multiple Vulnerabilities in SSL/TLS Implementations
  • From: CERT Advisory
• MOSDEF Initial Release
  • From: dave
• New OpenSSL remote vulnerability (issue date 2003/10/02)
  • From: Patrik Hornik
• New Tool: MetaCoretex (DB Security Scanner)
  • From: visigoth
• Visualroute Server - reverse tracerouting
  • From: morning_wood
• TSLSA-2003-0001 - openssl
  • From: Tawie Security Advisor
• Process Killing - Playing with PostThreadMessage
  • From: Brett Moore
• Dictionary attack against Cisco's LEAP, Wireless LANs vulnerable
  • From: Michael Renzmann
• UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : OpenSSL Multiple Vulnerabilities
  • From: security
• Half-Life 2 source code stolen through IE exploit
  • From: Thor Larholm
• Free OverflowGuard Personal Edition Released
  • From: Paul Webster
• FreeBSD Security Advisory FreeBSD-SA-03:16.filedesc
  • From: FreeBSD Security Advisories
• [ESA-20031003-028] Potential OpenSSL DoS.
  • From: EnGarde Secure Linux
• [RHSA-2003:256-02] Updated Perl packages fix security issues.
  • From: bugzilla
• EartStation 5 P2P application contains malicious code
  • From: random nut
• OpenServer 5.0.7 : OpenSSH: multiple buffer handling problems
  • From: security
• Cafelog WordPress / b2 SQL injection vulnerabilities discovered and fixed in CVS
  • From: Seth Woolley
• Class-action suit points to Microsoft security flaws
  • From: Richard M. Smith
• Minihttpserver File-Sharing for NET Directory Traversal Vulnerability
  • From: Bahaa Naamneh
• New IE crash: CSS + HTML
  • From: arachnid__notdot_net
• Re: Process Killing - Playing with PostThreadMessage
  • From: Thor Larholm
• FreeBSD Security Advisory FreeBSD-SA-03:17.procfs
  • From: FreeBSD Security Advisories
• exploiting fortigate firewall through webinterface
  • From: Maarten Hartsuijker
• PINE-CERT-20030902: Integer Overflow in FreeBSD Kernel [uio]
  • From: Joost Pol
• Webmails + Internet Explorer can create unwanted javascript execution
  • From: Jedi/Sector One
• Is it safe yet?
  • From: HCTITS Security Division
• PINE-CERT-20030901: Integer Overflow in FreeBSD Kernel [fhold]
  • From: Joost Pol
• RE: Process Killing - Playing with PostThreadMessage
  • From: Vitor Ventura
• Re: Process Killing - Playing with PostThreadMessage
  • From: Maxime Ducharme
• Re: Webmails + Internet Explorer can create unwanted javascript execution
  • From: Jason Munro
• TSLSA-2003-0003 - openssl
  • From: Tawie Security Advisor
• RE: New IE crash: CSS + HTML
  • From: Brian Paulson
• [CLA-2003:757] Conectiva Security Announcement - vixie-cron
  • From: Conectiva Updates
• patch for vulnerability in cgiemail
  • From: Matt Riffle
• RE: New IE crash: CSS + HTML
  • From: Drew Copley
• Re: Half-Life 2 source code stolen through IE exploit
  • From: spackard
• RE: New IE crash: CSS + HTML
  • From: Robert Ahnemann
• RE: New IE crash: CSS + HTML
  • From: Russ Uhte (Lists)
• Cisco LEAP Insecurities + POC
  • From: evol
• RE: Webmails + Internet Explorer can create unwanted javascript execution
  • From: Drew Copley
• RE: Half-Life 2 source code stolen through IE exploit
  • From: Thor Larholm
• [CLA-2003:758] Conectiva Security Announcement - vixie-cron
  • From: Conectiva Updates
• RE: Half-Life 2 source code stolen through IE exploit
  • From: Thor Larholm
• RE: Half-Life 2 source code stolen through IE exploit
  • From: Mattox, Norman
• Re: Webmails + Internet Explorer can create unwanted javascript execution
  • From: Jedi/Sector One
• Re: Half-Life 2 source code stolen through IE exploit
  • From: jelmer
• Cisco 6509 switch telnet vulnerability
  • From: Chris Norton
• Divine OpenMarket Content Server XSS
  • From: Valgasu
• Cobalt RaQ Control Panel Cross Site Scripting
  • From: Lorenzo Hernandez Garcia-Hierro
• Re: Cisco 6509 switch telnet vulnerability
  • From: Wendy Garvin
• FreeBSD Security Advisory FreeBSD-SA-03:18.openssl
  • From: FreeBSD Security Advisories
• OpenLinux: wu-ftpd fb_realpath() off-by-one bug
  • From: security
• EMML, EMGB : Include() hole
  • From: Frog Man
• PHP-Nuke v 6.7 + Windows = File Upload
  • From: Frog Man
• Re: New IE crash: CSS + HTML
  • From: Sherlock
• Re: Cisco 6509 switch telnet vulnerability
  • From: Bob Niederman
• Conexant Access Runner DSL Console login bypass vulnerability
  • From: Chris Norton
• Weaknesses in LEAP Challenge/Response
  • From: Joshua Wright
• Re: I have fixes for the Geeklog vulnerabilities
  • From: Dirk Haun
• FreeBSD Security Advisory FreeBSD-SA-03:15.openssh
  • From: FreeBSD Security Advisories
• RE: New IE crash: CSS + HTML
  • From: Paul Szabo
• GLSA: cfengine (200310-02)
  • From: Kurt Lieber
• Local root exploit in SuSE Linux 7.3Pro
  • From: Stefan Nordhausen
• Local root exploit in SuSE Linux 8.2Pro
  • From: Stefan Nordhausen
• [CLA-2003:760] Conectiva Security Announcement - mplayer
  • From: Conectiva Updates
• [PAPER] Juggling with packets: floating data storage
  • From: Wojciech Purczynski
• Re: Cisco 6509 switch telnet vulnerability
  • From: twig les
• JBoss 3.2.1: Remote Command Injection
  • From: Marc Schoenefeld
• RE: Cobalt RaQ Control Panel Cross Site Scripting
  • From: Steve Manzuik
• Access Runner DSL Console vulnerability update
  • From: Chris Norton
• Vulnerabilities in Easy File Sharing Web Server (1.2 NEW).
  • From: "nimber"
• SNAP Innovation's PrimeBase Database 4.2 poor default file permissions.
  • From: Larry W. Cashdollar
• GuppY : XSS, Files Reading/Writing
  • From: Frog Man
• Re: Local root exploit in SuSE Linux 8.2Pro
  • From: Roman Drahtmueller
• Verisign fighting back at ICANN
  • From: Thor Larholm
• JS/HTML code injection in File-Sharing for NET v1.5 and Forums Web Server v1.5
  • From: "nimber"
• Update JBoss 308 & 321: Remote Command Injection
  • From: Marc Schoenefeld
• SA-20031006 slocate vulnerability
  • From: Patrik Hornik
• The joys of impurity (was: MOSDEF, InlineEgg)
  • From: Alexander E. Cuttergo
• Adobe SVG Viewer Active Scripting Bypass (GM#002-MC)
  • From: GreyMagic Software
• PeopleSoft Grid Option Vulnerability
  • From: info
• Adobe SVG Viewer Cross Domain and Zone Access (GM#004-MC)
  • From: GreyMagic Software
• IE 6 XML Patch Bypass
  • From: Mindwarper *
• Medieval Total War <= 1.1 broadcast crash
  • From: Luigi Auriemma
• Medieval Total War <= 1.1 broadcast Connection expired
  • From: Luigi Auriemma
• Adobe SVG Viewer Local and Remote File Reading (GM#003-MC)
  • From: GreyMagic Software
• Re: The joys of impurity (was: MOSDEF, InlineEgg)
  • From: dave
• ZH2003-3SP (security patch): multiple vulnerabilities in mod_gzip 1.3.x debug mode
  • From: Astharot
• [RHSA-2003:278-01] Updated SANE packages fix remote vulnerabilities
  • From: bugzilla
• Re: Weaknesses in LEAP Challenge/Response
  • From: Sharad Ahlawat
• New FAQ on worm/worm containment
  • From: Stuart Staniford
• Betr.: IE 6 XML Patch Bypass
  • From: Philip Wagenaar
• ZH2003-28SA (security advisory): file inclusion vulnerability in PayPal Store Front
  • From: Astharot
• Openoffice 1.1.0 DoS
  • From: Marc Schoenefeld
• PHP-Nuke SQL Injection
  • From: mod
• HPUX dtprintinfo buffer overflow vulnerability
  • From: Davide Del Vecchio
• Microsoft Windows Server 2003 "Shell Folders" Directory Traversal Vulnerability
  • From: Eiji James Yoshida
• Re: [Full-Disclosure] Re: I have fixes for the Geeklog vulnerabilities
  • From: jelmer
• PeopleSoft <LONGCHAR >and <VARCHAR> Data Upload
  • From: info
• PeopleSoft <Control><J> Information Disclosure
  • From: info
• RE: IE 6 XML Patch Bypass
  • From: GreyMagic Software
• Re: PHP-Nuke SQL Injection
  • From: 3APA3A
• Re: [Full-Disclosure] Re: I have fixes for the Geeklog vulnerabilities
  • From: Chris . Kulish
• RE: [PAPER] Juggling with packets: floating data storage
  • From: Alun Jones
• Re: [PAPER] Juggling with packets: floating data storage
  • From: Nicholas Weaver
• Re: [PAPER] Juggling with packets: floating data storage
  • From: Rick Wash
• Re: [Full-Disclosure] Re: [PAPER] Juggling with packets: floating data storage
  • From: Valdis . Kletnieks
• Re: [PAPER] Juggling with packets: floating data storage
  • From: Michal Zalewski
• Re: [PAPER] Juggling with packets: floating data storage
  • From: Eugen Leitl
• Re: [Full-Disclosure] RE: [PAPER] Juggling with packets: floating data storage
  • From: Michal Zalewski
• Re: [PAPER] Juggling with packets: floating data storage
  • From: Doug Moen
• Re: [PAPER] Juggling with packets: floating data storage
  • From: Michal Zalewski
• Re: [PAPER] Juggling with packets: floating data storage
  • From: David Heigl
• Re: [PAPER] Juggling with packets: floating data storage
  • From: Adeel Hussain
• Re: [PAPER] Juggling with packets: floating data storage
  • From: der Mouse
• [RHSA-2003:281-01] Updated MySQL packages fix vulnerability
  • From: bugzilla
• Re: [PAPER] Juggling with packets: floating data storage
  • From: Aron Nimzovitch
• NetBSD Security Advisory 2003-017: OpenSSL multiple vulnerabilities
  • From: NetBSD Security Officer
• NetBSD Security Advisory 2003-016: Sendmail - another prescan() bug CAN-2003-0694
  • From: NetBSD Security Officer
• NetBSD Security Advisory 2003-015: Remote and local vulnerabilities in XFree86 font libraries
  • From: NetBSD Security Officer
• Shattering By Example
  • From: Brett Moore
• Bad news on RPC DCOM vulnerability
  • From: 3APA3A
• Re: [PAPER] Juggling with packets: floating data storage
  • From: Darren Reed
• MDKSA-2003:099 - Updated sane packages fix remote vulnerabilities
  • From: Mandrake Linux Security Team
• Re: [PAPER] Juggling with packets: floating data storage
  • From: Brandon Eisenmann
• [SECURITY] [DSA 394-1] New openssl095 packages fix denial of service
  • From: Martin Schulze
• Concern about Checkpoint and SSL Vulnerability
  • From: seeker
• RE: Bad news on RPC DCOM vulnerability
  • From: VigilantMinds Security Operations Center
• SA-20031006 slocate buffer overflow - exploitation proof
  • From: Patrik Hornik
• TRACKtheCLICK Script Injection Vulnerabilities
  • From: BrainRawt
• Gallery 1.4 including file vulnerability
  • From: Stöckli
• New AIM Expliot/Worm/Adware-script (realphx.com related)
  • From: Michael A. Nunes
• Re: Bad news on RPC DCOM vulnerability
  • From: K-OTiK Security
• *ADDENDUM* New AIM Expliot/Worm/Adware-script (realphx.com related)
  • From: Michael A. Nunes
• RE: Gallery 1.4 including file vulnerability
  • From: Brent Meshier
• Re: New AIM Expliot/Worm/Adware-script (realphx.com related)
  • From: Thor Larholm
• Re: Bad news on RPC DCOM vulnerability
  • From: Terence Runge
• Re: Bad news on RPC DCOM vulnerability
  • From: Terence Runge
• Re: Gallery 1.4 including file vulnerability
  • From: Bharat Mediratta
• buffer overflow in IRCD software
  • From: Piotr KUCHARSKI
• myPHPCalendar : Informations Disclosure, File Include
  • From: Frog Man
• Remote root exploit for proftpd \n bug
  • From: Carl Livitt
• Tool Release: Xprobe2 0.2
  • From: Ofir Arkin
• UK's Internet Infrastructure Open to Prying Eyes
  • From: root
• What software breaks because of this DNS feature?
  • From: Richard M. Smith
• Re: What software breaks because of this DNS feature?
  • From: Michael Sierchio
• RE: What software breaks because of this DNS feature?
  • From: Michael Wojcik
• RE: What software breaks because of this DNS feature?
  • From: Rob Mayoff
• Finjan Software Discovers a New Critical Vulnerability In Microsoft Hotmail
  • From: Menashe Eliezer
• LinkSys EtherFast Router Denial of Service Attack
  • From: DigitalPranksters
• [SECURITY] [DSA 395-1] New tomcat4 packages fix denial of service
  • From: Martin Schulze
• [CLA-2003:762] Conectiva Security Announcement - glibc
  • From: Conectiva Updates
• Re: What software breaks because of this DNS feature?
  • From: Kevin George
• Few issues previously unpublished in English
  • From: 3APA3A
• Gaim festival plugin exploit
  • From: error
• New CERT Coordination Center (CERT/CC) PGP Key
  • From: CERT Advisory
• Microsoft Windows Security Bulletin Summary October
  • From: Giovanni Campagnoli
• Microsoft got it wrong
  • From: Richard M. Smith
• ColdFusion SQL Error Pages XSS
  • From: Lorenzo Hernandez Garcia-Hierro
• Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting Attack (Microsoft Security Bulletin MS03-047)
  • From: Ory Segal
• Microsoft PCHealth 2003/XP Buffer Overflow (#NISR15102003)
  • From: NGSSoftware Insight Security Research
• CSS Vulnerability in Bajie HTTP JServer
  • From: Oliver Karow
• Listbox And Combobox Control Buffer Overflow
  • From: Brett Moore
• OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : Multiple security vulnerabilities in Xsco
  • From: security
• RE: Microsoft Windows Security Bulletin Summary October
  • From: Thor Larholm
• Cross-Site Scripting Vulnerability in Wrensoft Zoom Search Engine
  • From: Sintelli SINTRAQ
• Re: Microsoft got it wrong
  • From: T.A. Adjuster
• CERT Advisory CA-2003-27 Multiple Vulnerabilities in Microsoft Windows and Exchange
  • From: CERT Advisory
• [CLA-2003:766] Conectiva Security Announcement - gdm
  • From: Conectiva Updates
• [CLA-2003:765] Conectiva Security Announcement - ircd
  • From: Conectiva Updates
• Re: [CLA-2003:765] Conectiva Security Announcement - ircd
  • From: Florian Weimer
• Proof of concept for Windows Messenger Service overflow
  • From: "Hanabishi Recca"
• PHP-Nuke Path Disclosure Vulnerability
  • From: Bahaa Naamneh
• IE remote code execution
  • From: Marcin Ulikowski
• ByteHoard Directory Traversal Vulnerability
  • From: Sintelli SINTRAQ
• MDKSA-2003:101 - Updated fetchmail packages fix DoS vulnerability
  • From: Mandrake Linux Security Team
• Opera HREF escaped server name overflow
  • From: @stake Advisories
• Re: [Full-Disclosure] Re: Gaim festival plugin exploit
  • From: Cael Abal
• JAP Wins Court Victory
  • From: Tarapia Tapioco
• @stake tool announcement: RedFang 2.5: The Bluetooth Hunter
  • From: Ollie Whitehouse
• Re: Gaim festival plugin exploit
  • From: HCTITS Security Division
• Origo ASR-8100 ADSL router remote factory reset
  • From: Theo Markettos
• eMule 2.2 [0.29c] - Web Control Panel - DOS(Denial Of Service)
  • From: The-Insider
• MDKSA-2003:100 - Updated gdm packages fix local vulnerabilities
  • From: Mandrake Linux Security Team
• [OpenPKG-SA-2003.045] OpenPKG Security Advisory (ircd)
  • From: OpenPKG
• Re: Multiple Heap Overflows in FTP Desktop
  • From: Vlad M
• ZH2003-31SA (security advisory): file inclusion vulnerability in cpCommerce
  • From: Astharot
• Unpatched Internet Explorer Bugs
  • From: Liu Die Yu
• Get admin level on Goldlink script v3.0
  • From: Weke
• Re: IE remote code execution
  • From: K-OTiK Security
• [ANNOUNCE] mod_security 1.7 released
  • From: Ivan Ristic
• Multiple SQL Injection Vulnerabilities in DeskPRO
  • From: Aviram Jenik
• Re: IE remote code execution
  • From: Jouko Pynnonen
• Re: Gaim festival plugin exploit
  • From: Randal L. Schwartz
• Cross Site Java applets
  • From: Marc Schoenefeld
• Gast Arbeiter Privilege Escalation
  • From: natok
• RE: IE remote code execution
  • From: Thor Larholm
• Immunix Secured OS 7+ fetchmail update
  • From: Immunix Security Team
• SQL Injection Vulnerability in FuzzyMonkey MyClassifieds SQL Version
  • From: Sintelli SINTRAQ
• OpenServer 5.0.5 : Insecure creation of files in /tmp
  • From: security
• IE6 & Java 1.4.2_02 applet: Hardware stress on floppy drive
  • From: Marc Schoenefeld
• Web Wiz Forums ver. 7.01
  • From: HEX
• MS03-046 Microsoft Exchange 2000 Heap Overflow
  • From: H D Moore
• IE6 CSS-Crash
  • From: Andreas Boeckler
• mah-jong[v1.4]: server/client remote buffer overflow exploit.
  • From: Vade 79
• [CLA-2003:768] Conectiva Security Announcement - fileutils
  • From: Conectiva Updates
• Re: Web Wiz Forums ver. 7.01
  • From: bruce
• Re: IE6 CSS-Crash
  • From: xenophi1e
• [CLA-2003:769] Conectiva Security Announcement - sane
  • From: Conectiva Updates
• "Local" and "Remote" considered insufficient
  • From: Steven M. Christey
• [LSD] Security vulnerability in SUN's Java Virtual Machine implementation
  • From: Last Stage of Delirium
• Re: "Local" and "Remote" considered insufficient
  • From: Ejovi Nuwere
• CensorNet: Cross Site Scripting Vulnerability
  • From: Richard Maudsley
• Shatter XP
  • From: xenophi1e
• (Fw) : mIRC 6.12 (latest) DCC Exploit
  • From: K-OTiK Security
• Re: "Local" and "Remote" considered insufficient
  • From: Eric Knight
• Re: "Local" and "Remote" considered insufficient
  • From: Florian Weimer
• HTML Help API - Privilege Escalation
  • From: Brett Moore
• Internet Explorer and Opera local zone restriction bypass
  • From: Mindwarper *
• [CLA-2003:771] Conectiva Security Announcement - anonftp
  • From: Conectiva Updates
• XLS Attack on AES (Rijndael)
  • From: latte1
• Re: XLS Attack on AES (Rijndael)
  • From: Michael Sierchio
• Re: Internet Explorer and Opera local zone restriction bypass
  • From: Jort Slobbe
• SiteKiosk terminal software
  • From: Zrekam
• Re: SiteKiosk terminal software
  • From: Godwin Stewart
• RE: Internet Explorer and Opera local zone restriction bypass
  • From: Thor Larholm
• Re: Internet Explorer and Opera local zone restriction bypass
  • From: Paul Szabo
• Buffer Overflow in Yahoo messenger Client
  • From: Hat-Squad Security Team
• RE: Internet Explorer and Opera local zone restriction bypass
  • From: Mindwarper *
• sh-httpd `wildcard character' vulnerability
  • From: dong-h0un U
• New Vulnerability
  • From: Joshua P. Miller
• Musicqueue multiple local vulnerabilities
  • From: dong-h0un U
• a dangerous fast spreading (yet simple) trojan horse.
  • From: Gadi Evron
• Re: Internet Explorer and Opera local zone restriction bypass
  • From: jelmer
• Re: XLS Attack on AES (Rijndael)
  • From: Christian Ruediger Bahls
• Re: Internet Explorer and Opera local zone restriction bypass
  • From: Mohsen Hariri
• Dansie Shopping Cart Discloses Installation Path to Remote Users
  • From: Dr`Ponidi Haryanto
• Some serious security holes in 'The Bat!'
  • From: Bipin Gautam hUNT3R
• Java 1.4.2_02 InsecurityManager JVM crash
  • From: Marc Schoenefeld
• MDKSA-2003:096-1 - Updated apache2 packages fix CGI scripting deadlock
  • From: Mandrake Linux Security Team
• Advanced Poll : PHP Code Injection, File Include, Phpinfo
  • From: Frog Man
• Re: [LSD] Security vulnerability in SUN's Java Virtual Machine implementation
  • From: Alla Bezroutchko
• Re: a dangerous fast spreading (yet simple) trojan horse.
  • From: K-OTiK Security
• Re: Internet Explorer and Opera local zone restriction bypass
  • From: Heikki Toivonen
• Libnids <= 1.17 buffer overflow
  • From: Rafal Wojtczuk
• SGI Advanced Linux Environment security update #4
  • From: SGI Security Coordinator
• SGI Advanced Linux Environment security update #3
  • From: SGI Security Coordinator
• Re: Internet Explorer and Opera local zone restriction bypass
  • From: Andreas Sandblad
• Norton Internet Security 2003 XSS
  • From: DigitalPranksters
• Re: CensorNet: Cross Site Scripting Vulnerability
  • From: Dan Searle
• Les Visiteurs v2.0.1 code injection vulnerability
  • From: Matthieu Peschaud
• Re: Java 1.4.2_02 InsecurityManager JVM crash
  • From: Francisco Andrades
• Re: a dangerous fast spreading (yet simple) trojan horse.
  • From: Andreas Reich
• Re: CensorNet: Cross Site Scripting Vulnerability
  • From: Richard Maudsley
• Root Directory Listing on RH default apache
  • From: tfm
• Re: [LSD] Security vulnerability in SUN's Java Virtual Machine implementation
  • From: Marc Schoenefeld
• Re: Internet Explorer and Opera local zone restriction bypass
  • From: Andreas Sandblad
• SGI Advanced Linux Environment security update #2
  • From: SGI Security Coordinator
• Re: [LSD] Security vulnerability in SUN's Java Virtual Machine implementation
  • From: Michael Earls
• Remote overflow in thttpd
  • From: advisories(-at-)texonet.com
• [slackware-security] fetchmail security update (SSA:2003-300-02)
  • From: Slackware Security Team
• [slackware-security] gdm security update (SSA:2003-300-01)
  • From: Slackware Security Team
• Re: Java 1.4.2_02 InsecurityManager JVM crash
  • From: Marc Schoenefeld
• Nachi/Welchia/LovSan.D version 2 appears to be spreading
  • From: Young, Keith
• Re: a dangerous fast spreading (yet simple) trojan horse.
  • From: Craig Holmes
• RE: Internet Explorer and Opera local zone restriction bypass
  • From: Thor Larholm
• [OpenPKG-SA-2003.046] OpenPKG Security Advisory (apache)
  • From: OpenPKG
• Re: a dangerous fast spreading (yet simple) trojan horse (Now IRC.Trojan.Fgt)
  • From: K-OTiK Security
• Re: Nachi/Welchia/LovSan.D version 2 appears to be spreading
  • From: Peter Kieser
• Re: Internet Explorer and Opera local zone restriction bypass
  • From: jelmer
• Fastream NetFile FTP/WebServer 6.0 CSS Vulnerability
  • From: Oliver Karow
• [securemac] Local vulnerability: MacOSX Screensaver locking bypass.
  • From: kang
• Mac OS X Systemic Insecure File Permissions
  • From: @stake Advisories
• Mac OS X Arbitrary File Overwrite via Core Files
  • From: @stake Advisories
• Mac OS X Long argv[] buffer overflow
  • From: @stake Advisories
• Local root vuln in kpopup
  • From: b0f www . b0f . net
• RE: Norton Internet Security Blocked Sites XSS
  • From: Sym Security
• Wildcard exportfs issue in NFS on IRIX
  • From: SGI Security Coordinator
• FirstClass 7.1 HTTP Server: Remote Directory Listing
  • From: Richard Maudsley
• Re: sh-httpd `wildcard character' vulnerability
  • From: Richard Brittain
• mod_security 1.7RC1 to 1.7.1 vulnerability
  • From: Adam Dyga
• Re: Internet Explorer and Opera local zone restriction bypass
  • From: Bipin Gautam hUNT3R
• Re: Mac OS X vulnerabilities
  • From: Thor Larholm
• STG Security Advisory: [SSA-20031025-05] InfronTech WebTide 7.04 Directory and File Disclosure Vulnerability
  • From: advisory
• possible issue with IPv4 mapped address and $REMOTE_ADDR in CGI
  • From: itojun
• [SECURITY] [DSA 396-1] New thttpd packages fix information leak, DoS and arbitrary code execution
  • From: Martin Schulze
• TelCondex SimpleWebserver Buffer Overflow
  • From: Oliver Karow
• Re: Mac OS X vulnerabilities
  • From: Joshua Levitsky
• Re: Mac OS X vulnerabilities ['Virus checked"]
  • From: graham . coles
• RE: Mac OS X vulnerabilities ['Virus checked"]
  • From: Thor Larholm
• RE: Mac OS X vulnerabilities ['Virus checked"]
  • From: graham . coles
• Re: Root Directory Listing on RH default apache
  • From: Stephen Samuel
• Re: possible issue with IPv4 mapped address and $REMOTE_ADDR in CGI
  • From: Colm MacCarthaigh
• Re: Mac OS X vulnerabilities ['Virus checked"]
  • From: Steve Clement
• Re: Mac OS X vulnerabilities ['Virus checked"]
  • From: Adam Shostack
• Re: possible issue with IPv4 mapped address and $REMOTE_ADDR in CGI
  • From: der Mouse
• [CLA-2003:773] Conectiva Security Announcement - libnids
  • From: Conectiva Updates
• Re: possible issue with IPv4 mapped address and $REMOTE_ADDR in CGI
  • From: Colm MacCarthaigh
• Re: Mac OS X vulnerabilities ['Virus checked"]
  • From: Ragnar Sundblad
• Re: Mac OS X vulnerabilities ['Virus checked"]
  • From: Chris Wysopal
• E107 DoS vulnerability
  • From: Blademaster
• Immunix Secured OS 7+ apache update
  • From: Immunix Security Team
• Re: Mac OS X vulnerabilities
  • From: James Kelly
• Re: FirstClass 7.1 HTTP Server: Remote Directory Listing
  • From: Graham Morley
• Re: Internet Explorer and Opera local zone restriction bypass
  • From: william schulze
• [OpenPKG-SA-2003.047] OpenPKG Security Advisory (postgresql)
  • From: OpenPKG
• Multiple Vulnerabilities in Led-Forums
  • From: ProXy -
• Re: Mac OS X vulnerabilities ['Virus checked"]
  • From: Kurt Harvey
• Re: Mac OS X vulnerabilities
  • From: Radoslav Dejanovic
• IE bug: loading HTML under a graphic file name - summary
  • From: Gadi Evron
• Re: Mac OS X vulnerabilities
  • From: Mike Stark
• RE: Internet Explorer and Opera local zone restriction bypass
  • From: Francis Favorini
• Re: Mac OS X vulnerabilities
  • From: gabriel rosenkoetter
• Serious Sam is not so serious
  • From: Luigi Auriemma
• Re: Mac OS X vulnerabilities
  • From: gabriel rosenkoetter
• Re: Internet Explorer and Opera local zone restriction bypass
  • From: Paul Szabo
• Re: Mac OS X vulnerabilities
  • From: Lyndon Nerenberg
• RE: Internet Explorer and Opera local zone restriction bypass
  • From: Thor Larholm
• SUSE Security Announcement: thttpd (SuSE-SA:2003:044)
  • From: Thomas Biege
• WU-FTPD 2.6.2 Freezer
  • From: Angelo Rosiello
• Mimail.C
  • From: Alan
• GLSA: apache (200310-04)
  • From: Rajiv Aaron Manglani
• Corsaire Security Advisory: BEA Tuxedo Administration CGI multiple argument issues
  • From: advisories
• Advisory: Sun's jre/jdk 1.4.2 multiple vulernabilities in linux installers
  • From: Stan Bubrouski
• IRM 008: Citrix Metaframe XP is vulnerable to Cross Site Scripting
  • From: IRM Advisories
• RE: Internet Explorer and Opera local zone restriction bypass
  • From: Paul Szabo
• VMWare GSX Server Authentication Server Buffer Overflow Vulnerability - Update
  • From: Darryl Swofford
• Corsaire Security Advisory: BEA WebLogic example InteractiveQuery.jsp XSS issue
  • From: advisories
• Redirection and refresh parses local file
  • From: Liu Die Yu
• VMware GSX Server and ESX Server OpenSSL vulnerability patches
  • From: VMware
• DoS in Plug and Play Web Server Proxy Server
  • From: Oliver Karow
• Macos 10.2.8
  • From: Adam Shostack
• Re: Mac OS X vulnerabilities
  • From: Adam Shostack
• Console Root On OSX up to 10.2.8
  • From: Jason Storm
• Re: WU-FTPD 2.6.2 Freezer
  • From: Seth Arnold
• Virginity Security Advisory 2003-002 : Tritanium Bulletin Board - Read and write from/to internal (protected) Threads
  • From: Virginity Security
• Re: Mimail.C (Denial of Service Attack)
  • From: K-OTiK Security
• New Varient Of Irc Worm Spreading
  • From: Craig Holmes
• Immunix Secured OS 7+ fileutils update
  • From: Immunix Security Team
• Re: New Varient Of Irc Worm Spreading
  • From: bob
• Geeklog exploit
  • From: Jouko Pynnonen