Buqtraq Archiv Januar 2003
- Filtering devices spotting,
Ed3f
- Potential disclosure of sensitive information in Netscape 7.0 email client,
Michael Puchol
- SuSE Security Announcement: cups (SuSE-SA:2003:002),
Thomas Biege
- GLSA: xpdf,
Daniel Ahlberg
- GLSA: leafnode,
Daniel Ahlberg
- SuSE Security Announcement: mysql (SuSE-SA:2003:003),
Sebastian Krahmer
- [SECURITY] [DSA 220-1] New squirrelmail packages fix cross site scripting problem,
Martin Schulze
- N/X (PHP),
Frog Man
- SuSE Security Announcement: fetchmail (SuSE-SA:2003:001),
Thomas Biege
- [BUGZILLA] Security Advisory - remote database password disclosure,
David Miller
- Re: Potential disclosure of sensitive information in Netscape 7.0 email client,
Blud Clot
- ical 3.7 remote dos,
securma massine
- Pedestal Software Security Notice,
Keith Woodard
- Another way to bypass Integrity Protection Driver ('subst' vuln),
Jan Rutkowski
- [RHSA-2002:270-16] Updated pine packages available,
bugzilla
- Solaris 2.x /usr/sbin/wall Advisory,
Brant Roman
- Re: JS Bug makes it possible to deliberately crash Pocket PC IE (fwd),
angus
- JS Bug makes it possible to deliberately crash Pocket PC IE,
Christopher Sogge Røtnes
- [SECURITY] [DSA 221-1] New mhonarc packages fix cross site scripting,
Martin Schulze
- fam Vulnerability Update,
SGI Security Coordinator
- Multiple libmcrypt vulnerabilities,
Ilia A.
- OpenTopic security hole,
Frog Man
- CuteFTP: buffer overflow,
D4rkGr3y
- AN HTTPd v.1.41e: DoS, CSS, real patch attack,
D4rkGr3y
- EServ/2.97 remote DoS,
D4rkGr3y
- WinAmp v.3.0: buffer overflow,
D4rkGr3y
- Re: [IPS] PUTTY SSH-Client Exploit,
Owen Dunn
- PDS: Integer overflow in FreeBSD kernel,
Joost Pol
- ps information leak in FreeBSD,
Cache
- OPENSSH REMOTE ROOT COMPROMISE ALL VERSIONS,
mmhs
- Remote root vuln in HSphere WebShell,
Carl Livitt
- Etherleak: Ethernet frame padding information leakage (A010603-1),
@stake Advisories
- [INetCop Security Advisory] Buffer Overflow vulnerability in HTTP Fetcher Library.,
dong-h0un yoU
- S-plus /tmp usage,
Paul Szabo
- Longshine WLAN Access-Point LCS-883R VU#310201,
Lukas Grunwald
- ipfilter denial of service problem,
Yiming Gong
- DCP-Portal (PHP),
Frog Man
- phpmynuke css and phpinfo() vuls,
Mindwarper
- GLSA: libmcrypt,
Daniel Ahlberg
- E-theni (PHP),
Frog Man
- Opentype font file causes Windows to restart.,
Andrew
- Message not available
Re: Opentype font file causes Windows to restart.,
Steven Tucker
Re: Opentype font file causes Windows to restart.,
Floyd Russell
Message not available
Re: Opentype font file causes Windows to restart.,
Kaspar Brand
<Possible follow-ups>
Fw: Opentype font file causes Windows to restart.,
Leonardo Rodrigues ( listas )
Re: Opentype font file causes Windows to restart.,
dildog
RE: Opentype font file causes Windows to restart.,
Ben Naylor
RE: Opentype font file causes Windows to restart.,
Discini, Sonny
Re: Opentype font file causes Windows to restart.,
Vess Nedevski
RE: Opentype font file causes Windows to restart.,
Armstrong, Richard
Bookmar4U and Active PHP Bookmarks Vulnerabilities,
itzhak
Directory traversal bug in Communigate Pro 4's Webmail service,
G.P.de.Boer
GLSA: dhcpcd,
Daniel Ahlberg
Multiple Issues in Nettelephone Dialer,
S G Masood
A security vulnerability in S8Forum,
nmsh_sa
GLSA: http-fetcher,
Daniel Ahlberg
[INetCop Security Advisory] Remote format string vulnerability in Tanne.,
dong-h0un yoU
[SECURITY] [DSA 223-1] New geneweb packages fix information exposure,
Martin Schulze
[SECURITY] [DSA 222-1] New xpdf packages fix arbitrary command execution,
Martin Schulze
Multiple cgihtml vulnerabilities,
Chris Leishman
[RHSA-2002:283-09] Updated cyrus-sasl packages fix buffer overflows,
bugzilla
Multiple Vulnerabilities in Sendmail on IRIX,
SGI Security Coordinator
KaZaA - Bad Zone,
David Krum
FreeBSD Security Advisory FreeBSD-SA-02:44.filedesc,
FreeBSD Security Advisories
GLSA: lcdproc,
Daniel Ahlberg
Tanne Remote format string exploit (Proof of Concept),
dong-h0un yoU
GLSA: libpng,
Daniel Ahlberg
[SECURITY] [DSA 224-1] New canna packages fix buffer overflow and denial of service,
Martin Schulze
IEHK Project,
Valgasu
Netscape Browsers Vulnerabilities on IRIX,
SGI Security Coordinator
a.shopKart Shopping Cart remote vulnerabilities,
Ignacio Vazquez
IMP 2.x SQL injection vulnerabilities,
Jouko Pynnonen
Security Update: [CSSA-2003-001.0] Linux: fetchmail at-sign buffer overflow vulnerability,
security
WebIntelligence session hijacking vulnerability,
Dirk Van Droogenbroeck
[RHSA-2002:290-07] Updated Ethereal packages are available,
bugzilla
Efficient Networks 5861 DSL Router,
Greg Bolshaw
MDKSA-2003:003 - Updated dhcpcd packages fix character expansion vulnerability,
Mandrake Linux Security Team
MDKSA-2003:001 - Updated CUPS packages fix multiple vulnerabilities,
Mandrake Linux Security Team
BRS WebWeaver FTP Server vulnerabilities,
euronymous
More information regarding Etherleak,
Ofir Arkin
[VSA0301] Half-Life Clanmod remote (root) hole,
VOID.AT Security
[VSA0304] Half-Life Client remote hole via Adminmod plugin,
VOID.AT Security
[VSA0305] HLTV remote DoS,
VOID.AT Security
Mambo Site Server Remote Code Execution,
Mindwarper
Security Update: [CSSA-2003-SCO.1] UnixWare 7.1.1 Open UNIX 8.0.0 : command line argument buffer overflow in ps,
security
[SECURITY] [DSA 225-1] New tomcat packages fix source disclosure vulnerability,
Martin Schulze
[VSA0303] Half-Life StatsMe remote (root) hole,
VOID.AT Security
middleman-1.2 and prior off-by-one bug,
qitest1
BitKeeper remote shell command execution/local vulnerability,
Maurycy Prodeus
Security Update: [CSSA-2003-002.0] Linux: Webmin Cross-site Scripting and Session ID Spoofing Vulnerabilities,
security
[VSA0302] Half-Life Adminmod remote (root) hole,
VOID.AT Security
[VSA0306] YABBSE 1.4.1 SQL Injection Bugs,
VOID.AT Security
XSS (Cross Site Scripting) on FormMail.CGI,
Rynho Zeros Web
isc dhcpd 3.0 format string exploit,
VOID.AT Security
Vulnerabilties in Xynph FTP Server 1.0,
Zero-X www.lobnan.de Team
[SECURITY] [DSA 227-1] New openldap packages fix buffer overflows and remote exploit,
Martin Schulze
A patch for "Windows WM_TIMER Message Handling flaw" causes random crashes on Windows NT,
Tomasz Ostrowski
GLSA: mod_php php,
Daniel Ahlberg
Bug in w-agora,
sonyy
[RHSA-2002:295-07] Updated CUPS packages fix various vulnerabilities,
bugzilla
SIGCHLD problem in Stunnel,
Jonas Eriksson
Local/remote mpg123 exploit,
gobbles
Buffer Overflow in uucp of SunOS 5.8,
hipnosis hipnosis
MDKSA-2003:004 - Updated KDE packages fix multiple vulnerabilities,
Mandrake Linux Security Team
SuSE Security Announcement: libpng (SuSE-SA:2003:0004),
Thomas Biege
Vulnerability in WebCollection Plus (TM),
f0urtyfive
MDKSA-2003:002 - Updated xpdf packages fix integer overflow vulnerability,
Mandrake Linux Security Team
MDKSA-2003:005 - Updated leafnode packages fix remote DoS vulnerability,
Mandrake Linux Security Team
[SECURITY] [DSA 229-1] New IMP packages fix SQL injection,
Martin Schulze
Request for assistance: trying to find Zardoz Security Digest Files,
Curator at The 'Security Digest' Archives
[RHSA-2003:001-16] Updated PostgreSQL packages fix security issues and bugs,
bugzilla
[OpenPKG-SA-2003.001] OpenPKG Security Advisory (png),
OpenPKG
stunnel - exploit,
Darell Esfandia
Security Update: [CSSA-2003-SCO.2] UnixWare 7.1.1 : multiple vulnerabilities in BIND (CERT CA-2002-31),
security
[SECURITY] [DSA 229-2] New IMP packages fix SQL injection and typo,
Martin Schulze
MDKSA-2003:006 - Updated OpenLDAP packages fix multiple vulnerabilities,
Mandrake Linux Security Team
D-Link DWL-900AP+ Security Hole,
Jason Tedesco
Multiple XSS in Geeklog 1.3.7,
snooq
NIS 2003,
Pavel P .
Outreach Project Tool,
Martin Eiszner
Security Update: [CSSA-2003.003.0] Linux: wget directory traversal and buffer overrun vulnerabilities,
security
[SECURITY] [DSA 231-1] New dhcp3 packages fix arbitrary code execution,
Martin Schulze
phpPass (PHP),
Frog Man
phpBB SQL Injection vulnerability,
Ulf Harnhammar
Re: NIS 2003 crash,
Sym Security
CuteFTP 5.0 XP, Buffer Overflow,
Lance Fitz-Herbert
[OpenPKG-SA-2003.002] OpenPKG Security Advisory (dhcpd),
OpenPKG
Cyboards Remote Code Execution,
mindwarper
Microsoft-ds xploit (UDP/TCP)...,
Daniel Nyström
DoS against DHCP infrastructure with isc dhcrelay,
Florian Lohoff
GLSA: kde-2.2.x,
Daniel Ahlberg
Multiple PHP Topsites Vulnerabities found,
Cyberarmy Application and Code Auditing Team
MDKSA-2002:073-1 - Updated krb5 packages fix incorrect initscripts,
Mandrake Linux Security Team
[RHSA-2003:006-06] Updated libpng packages fix buffer overflow,
bugzilla
php-nuke again ...,
Karol Więsek
Gabber 0.8.7 leaks presence information without user authorization,
Greg Troxel
RUXCON - 12/13 April, 2003. SYDNEY, Australia.,
RuxCon
FTP delete file problem,
K B
MyRoom (PHP),
Frog Man
PHPMyPub (PHP),
Frog Man
IRIX ToolTalk RPC Server Format String Vulnerability update,
SGI Security Coordinator
[RHSA-2003:012-07] Updated CVS packages available,
bugzilla
GLSA: cvs,
Daniel Ahlberg
RE: Attacking EFS through cached domain logon credentials,
John Howie
More Critical Vulnerabilities In PHP Topsites,
JeiAr
Security Update: [CSSA-2003-005.0] Linux: canna buffer overflow and denial of service,
security
New Web Vulnerability - Cross-Site Tracing,
Pete Soderling
[RHSA-2002:202-25] Updated python packages fix predictable temporary file,
bugzilla
YabbSE Remote Code Execution Vulnerability,
mindwarper
Blackboard 5.x Password Retrieval,
Pedram Amini
Entercept Ricochet Advisory: Sun Solaris KCMS Library Service Daemon Arbitrary File Retrieval Vulnerability,
Entercept Ricochet Team
WinRAR buffer overflow vulnerability,
nesumin
iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package,
iDEFENSE Labs
Whitepaper - Detecting Wireless LAN MAC Address Spoofing,
Joshua Wright
[SECURITY] [DSA 234-1] New kdeadmin packages fix several vulnerabilities,
Martin Schulze
[SECURITY] [DSA 235-1] New kdegraphics packages fix several vulnerabilities,
Martin Schulze
MDKSA-2003:010 - Updated printer-drivers packages fix local vulnerabilities,
Mandrake Linux Security Team
[SECURITY] [DSA 233-1] New cvs packages fix arbitrary code execution,
Martin Schulze
Path Parsing Errata in Apache HTTP Server,
mattmurphy@xxxxxxxxx
Zorum Portal (PHP),
MGhz
TRACE used to increase the dangerous of XSS.,
Jeremiah Grossman
[OpenPKG-SA-2003.004] OpenPKG Security Advisory (cvs),
OpenPKG
Advisory 01/2003: CVS remote vulnerability,
Stefan Esser
SuSE Security Announcement: susehelp (SuSE-SA:2003:005),
Sebastian Krahmer
ISS Security Brief: PeopleSoft XML External Entities Vulnerability (fwd),
Dave Ahmad
[SCSA-001] Sambar Server Cross-Site Scripting vulnerability,
Grégory
[OpenPKG-SA-2003.003] OpenPKG Security Advisory (vim),
OpenPKG
Updated patches for SGI Advisories 20020903-02-P and 20021103-01-P,
SGI Security Coordinator
[security@xxxxxxxxxxxxx: [slackware-security] New CVS packages available],
White Vampire
[OpenPKG-SA-2003.006] OpenPKG Security Advisory (python),
OpenPKG
[ANNOUNCE] Apache 2.0.44 Released,
Lars Eilebrecht
[SECURITY] [DSA 238-1] New kdepim packages fix several vulnerabilities,
Martin Schulze
[SECURITY] [DSA 237-1] New kdenetwork packages fix several vulnerabilities,
Martin Schulze
SPRINT ADSL [Zyxel 645 Series Modem],
http-equiv@xxxxxxxxxx
[SECURITY] [DSA 239-1] New kdesdk packages fix several vulnerabilities,
Martin Schulze
[CLA-2003:561] Conectiva Linux Security Announcement - cvs,
secure
DoS in Hotsync Manager (with network hotsync enabled),
Gary H. Jones II
IE chain vulnerability,
Alex Loots
SuSE Security Announcement: dhcp (SuSE-SA:2003:0006),
Thomas Biege
phpLinks mail() abuse Vulnerability,
mindwarper
[OpenPKG-SA-2003.007] OpenPKG Security Advisory (wget),
OpenPKG
[security@xxxxxxxxxxxxx: [slackware-security] New DHCP packages available],
White Vampire
[SECURITY] [DSA 240-1] New kdegames packages fix several vulnerabilities,
Martin Schulze
Astaro Security Linux Firewall - HTTP Proxy vulnerability,
Volker Tanger
Security Update: [CSSA-2003-004.0] Linux: Multiple Security Vulnerabilities in the Common Unix Printing System (CUPS),
security
MDKSA-2003:009 - Updated cvs packages fix multiple vulnerabilities,
Mandrake Linux Security Team
[CLA-2003:564] Conectiva Linux Security Announcement - libpng,
secure
5861 IP Filtering issues,
Edward wilkinson
[CLA-2003:562] Conectiva Linux Security Announcement - dhcp,
secure
DoS attack on Windows 2000 Terminal Server,
Jonathan Hunter
Another YabbSE Remote Code Execution Vulnerability,
mindwarper
Nokia Product Security Contact?,
Ollie Whitehouse
Re: Other Security Contacts Required (AutoDesk, Motorola and Vignette),
Ollie Whitehouse
Test program for CVS double-free.,
Joe Testa
[SECURITY] [DSA 242-1] New kdebase packages fix several vulnerabilities,
Martin Schulze
[SECURITY] [DSA 243-1] New kdemultimedia packages fix several vulnerabilities,
Martin Schulze
Mailman: cross-site scripting bug,
webmaster
Vulnerability in edittag.pl,
kers0r
[SECURITY] [DSA 241-1] New kdeutils packages fix several vulnerabilities,
Martin Schulze
[USG- SA- 2003.001] USG Security Advisory (slocate),
inkubus
SpamAssassin / spamc+BSMTP remote buffer overflow,
Timo Sirainen
Eudora Message Deletion Weakness,
Blud Clot
List Site Pro v2 user account Hijacking vulnerablity,
StatiX Statix
Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!,
Umit Tiric
- Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!,
Jay D. Dyson
- <Possible follow-ups>
- Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!,
Carlos Eduardo Vianna
- Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!,
Mike Tindor
- Fw: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!,
Jeremy Kister
- Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!,
George William Herbert
- MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!,
Michael Bacarella
- RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!,
Jeff Mills
- Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!,
H D Moore
- Re: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!,
Byron Morton
- RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!,
John Howie
- RE: MS SQL WORM IS DESTROYING INTERNET BLOCK PORT 1434!,
trent dilkie
ftls.org Guestbook 1.1 Script Injection,
BrainRawt .
SQL Sapphire Worm Analysis,
Marc Maiffret
Cisco Security Advisory: MS SQL "Sapphire" Worm Mitigation Recommendations,
Cisco Systems Product Security Incident Response Team
Blackboard 5.x & patched 5.x systems Password Retrieval,
Cory Michal
Sapphire SQL Worm Analysis Complete,
Matthew Murphy
Tool: Sapphire SQL Worm Scanner,
Marc Maiffret
Re: Zorum Portal (PHP),
Frog Man
dotproject Remote File Access Vulnerability,
mindwarper
[SECURITY] [DSA 244-1] New noffle packages fix buffer overflows,
Martin Schulze
New security tool: ike-scan (IPsec IKE scanner) released,
Roy Hills
Sun Microsystems Solaris at -r job name handling and race condition vulnerabilities,
Wojciech Purczynski
[ESA-20030127-002] fetchmail-ssl: heap overflow vulnerability,
EnGarde Secure Linux
Hypermail buffer overflows,
Ulf Harnhammar
[ESA-20030127-001] MySQL vulnerabilities,
EnGarde Secure Linux
[SCSA-003] Multiple Cross Site Scripting & Script Injection Vulnerabilities in Nuked-Klan,
Grégory
Security Issues in Rediff Bol Messenger,
S G Masood
[ANNOUNCE] WaveLock 1.0 Released,
Marco Peretti
MDKSA-2003:011 - Updated fetchmail packages fix remote exploit vulnerability,
Mandrake Linux Security Team
Incorrect Certificate Validation in Java Secure Socket Extension,
Alex Loots
ProxyView default undocumented password,
Michael Brown
Black Hat Announcements,
Jeff Moss
[SECURITY] [DSA 245-1] New dhcp3 packages fix potential network flood,
Martin Schulze
Cisco Security Advisory: Cisco Security Advisory: Microsoft SQL Server 2000 Vulnerabilities in Cisco Products - MS02-061,
Cisco Systems Product Security Incident Response Team
Tech Article: HTTP Content Filter Analysis - Finjan SurfinGate V5.6,
ivan.buetler@xxxxxxx
Re: MSDE contained in...,
monty solomon
VERITAS Software Technical Advisory (fwd),
Dave Ahmad
MITKRB5-SA-2003-001: Multiple vulnerabilities in old releases of MIT Kerberos,
Ken Raeburn
dotproject Remote Code Execution Vulnerability,
mindwarper
[OpenPKG-SA-2003.008] OpenPKG Security Advisory (mysql),
OpenPKG
[SECURITY] [DSA 246-1] New tomcat packages fix information exposure and cross site scripting,
Martin Schulze
Local root vuln in SuSE 8.0 plptools package,
Carl Livitt
Re: dotproject Remote Code Execution Vulnerability : Patch,
Frog Man
David Litchfield talks about the SQL Worm in the Washington Post,
Richard M. Smith
iDEFENSE Security Advisory 01.28.03: SSH2 Clients Insecurely Store Passwords,
iDEFENSE Labs
SPIKE Proxy 1.4.7 is now available,
Dave Aitel
Microsoft RPC Locator Buffer Overflow Vulnerability (#NISR29012003),
NGSSoftware Insight Security Research
Response to David Litchfield on Responsible Disclosure and Infosec Research,
Jason Coombs
3Ware 3DM denial of service attack,
Neulinger, Nathan
Apache Jakarta Tomcat 3 URL parsing vulnerability,
Jouko Pynnonen
"Compaq Web Agent" management session can be re-used without the need to perform authentication,
Eitan Caspi
[RHSA-2003:020-10] Updated kerberos packages fix vulnerability in ftp client,
bugzilla
Security Update: [CSSA-2003-006.0] Linux: CVS double free vulnerability,
security
The Spread of the Sapphire/Slammer SQL Worm,
Nicholas Weaver
silc question - insecure memory,
cdowns
To diversify and survive: the application of population biology concept into computer,
Peter Huang
[SECURITY] [DSA 248-1] New hypermail packages fix arbitrary code execution,
Martin Schulze
Re: .MHT Buffer Overflow in Internet Explorer,
Thor Larholm
Mail converted by MHonArc