Mail Index

• Thread Index

• [RHSA-2003:291-01] Updated OpenSSL packages fix vulnerabilities
  • From: bugzilla@redhat.com
• Gamespy3d <= 263015 lets code execution through long IRC answer
  • From: Luigi Auriemma <aluigi@altervista.org>
• CERT Advisory Notice: Clarifications regarding recent vulnerabilities in OpenSSH
  • From: CERT Advisory <cert-advisory@cert.org>
• Subject: [OpenPKG-SA-2003.044] OpenPKG Security Advisory (openssl)
  • From: OpenPKG <openpkg@openpkg.org>
• Immunix Secured OS 7+ OpenSSL update
  • From: Immunix Security Team <security@immunix.com>
• [ESA-20030930-027] OpenSSL ASN.1 parsing vulnerabilities.
  • From: EnGarde Secure Linux <security@guardiandigital.com>
• Multiple OpenSSH/OpenSSL Vulnerabilities on IRIX
  • From: SGI Security Coordinator <agent99@sgi.com>
• GLSA: teapop (200309-18)
  • From: aliz@gentoo.org (Daniel Ahlberg)
• Local stackbased overflow found for silly Poker v0.25.5 (advisory + poc exploit)
  • From: "demz" <demz@c-code.net>
• [CLA-2003:751] Conectiva Security Announcement - openssl
  • From: Conectiva Updates <secure@conectiva.com.br>
• MDKSA-2003:097 - Updated mplayer packages fix buffer overflow vulnerability
  • From: Mandrake Linux Security Team <security@linux-mandrake.com>
• GLSA: openssl (200309-19)
  • From: aliz@gentoo.org (Daniel Ahlberg)
• SuSE Security Announcement: mysql (SuSE-SA:2003:042)
  • From: krahmer@suse.de (Sebastian Krahmer)
• [Full-Disclosure] [SECURITY] [DSA-393-1] New OpenSSL packages correct denial of service issues
  • From: debian-security-announce@lists.debian.org
• MDKSA-2003:098 - Updated openssl packages fix vulnerabilities
  • From: Mandrake Linux Security Team <security@linux-mandrake.com>
• [slackware-security] OpenSSL security update (SSA:2003-273-01)
  • From: Slackware Security Team <security@slackware.com>
• Cisco Security Advisory: SSL Implementation Vulnerabilities
  • From: Cisco Systems Product Security Incident Response Team <psirt@cisco.com>
• DCP Portal - 5.5 holes
  • From: Lifo Fifo <lifofifo20@yahoo.com>
• Re: Local stackbased overflow found for silly Poker v0.25.5 (advisory + poc exploit)
  • From: steve@uk.intasys.com
• SuSE Security Announcement: openssl (SuSE-SA:2003:043)
  • From: Thomas Biege <thomas@suse.de>
• NOVL-2003-10087450 - Novell Response to NISCC/CERT Advisories re: OpenSSL
  • From: "Ed Reed" <ereed@novell.com>
• ptl-2003-01: IBM DB2 LOAD Command Stack Overflow Vulnerability
  • From: Pentest Security Advisories <alerts@pentest.co.uk>
• ptl-2003-02: IBM DB2 INVOKE Command Stack Overflow Vulnerability
  • From: Pentest Security Advisories <alerts@pentest.co.uk>
• SuSE Security Announcement: lsh (SuSE-SA:2003:041)
  • From: krahmer@suse.de (Sebastian Krahmer)
• Multiple vulnerabilities in WinShadow
  • From: Bahaa Naamneh <b_naamneh@hotmail.com>
• NOVL-2003-10087450 - Novell Response to NISCC/CERT Advisories re: OpenSSL - revised url
  • From: "Ed Reed" <ereed@novell.com>
• Re: SSGbook (ASP)
  • From: Terry Bankert <tbankert@script-shed.com>
• CERT Advisory CA-2003-26 Multiple Vulnerabilities in SSL/TLS Implementations
  • From: CERT Advisory <cert-advisory@cert.org>
• MOSDEF Initial Release
  • From: <dave@immunitysec.com>
• New OpenSSL remote vulnerability (issue date 2003/10/02)
  • From: Patrik Hornik <patrik.hornik@ebitech.sk>
• New Tool: MetaCoretex (DB Security Scanner)
  • From: visigoth <visigoth@securitycentric.com>
• Visualroute Server - reverse tracerouting
  • From: "morning_wood" <se_cur_ity@hotmail.com>
• TSLSA-2003-0001 - openssl
  • From: Tawie Security Advisor <tsl@tawie.org>
• Process Killing - Playing with PostThreadMessage
  • From: "Brett Moore" <brett.moore@security-assessment.com>
• FreeBSD Security Advisory FreeBSD-SA-03:17.procfs
  • From: FreeBSD Security Advisories <security-advisories@freebsd.org>
• Re: Process Killing - Playing with PostThreadMessage
  • From: "Thor Larholm" <thor@pivx.com>
• PINE-CERT-20030902: Integer Overflow in FreeBSD Kernel [uio]
  • From: Joost Pol <joost@pine.nl>
• Class-action suit points to Microsoft security flaws
  • From: "Richard M. Smith" <rms@computerbytesman.com>
• Webmails + Internet Explorer can create unwanted javascript execution
  • From: Jedi/Sector One <j@pureftpd.org>
• exploiting fortigate firewall through webinterface
  • From: "Maarten Hartsuijker" <secfocus@hartsuijker.com>
• Dictionary attack against Cisco's LEAP, Wireless LANs vulnerable
  • From: Michael Renzmann <security@dylanic.de>
• Is it safe yet?
  • From: HCTITS Security Division <security@humancentrictech.com>
• UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : OpenSSL Multiple Vulnerabilities
  • From: security@sco.com
• Half-Life 2 source code stolen through IE exploit
  • From: "Thor Larholm" <thor@pivx.com>
• Free OverflowGuard Personal Edition Released
  • From: "Paul Webster" <ptwebster@datasecuritysoftware.com>
• FreeBSD Security Advisory FreeBSD-SA-03:16.filedesc
  • From: FreeBSD Security Advisories <security-advisories@freebsd.org>
• [ESA-20031003-028] Potential OpenSSL DoS.
  • From: EnGarde Secure Linux <security@guardiandigital.com>
• [RHSA-2003:256-02] Updated Perl packages fix security issues.
  • From: bugzilla@redhat.com
• EartStation 5 P2P application contains malicious code
  • From: random nut <randnut@yahoo.com>
• Cafelog WordPress / b2 SQL injection vulnerabilities discovered and fixed in CVS
  • From: Seth Woolley <seth@tautology.org>
• OpenServer 5.0.7 : OpenSSH: multiple buffer handling problems
  • From: security@sco.com
• Minihttpserver File-Sharing for NET Directory Traversal Vulnerability
  • From: Bahaa Naamneh <b_naamneh@hotmail.com>
• New IE crash: CSS + HTML
  • From: arachnid__notdot_net@meta.net.nz
• PINE-CERT-20030901: Integer Overflow in FreeBSD Kernel [fhold]
  • From: Joost Pol <joost@pine.nl>
• RE: Process Killing - Playing with PostThreadMessage
  • From: Vitor Ventura <vventura@sia.pt>
• Re: Webmails + Internet Explorer can create unwanted javascript execution
  • From: "Jason Munro" <jason@stdbev.com>
• TSLSA-2003-0003 - openssl
  • From: Tawie Security Advisor <tsl@tawie.org>
• RE: New IE crash: CSS + HTML
  • From: "Brian Paulson" <bpaulson@chieftain.com>
• Re: Process Killing - Playing with PostThreadMessage
  • From: "Maxime Ducharme" <maxime@pandore-design.com>
• patch for vulnerability in cgiemail
  • From: Matt Riffle <matt@pair.com>
• RE: New IE crash: CSS + HTML
  • From: "Drew Copley" <dcopley@eeye.com>
• RE: New IE crash: CSS + HTML
  • From: "Robert Ahnemann" <rahnemann@affinity-mortgage.com>
• RE: New IE crash: CSS + HTML
  • From: "Russ Uhte (Lists)" <russlists@mailtest.parallax.ws>
• Cisco LEAP Insecurities + POC
  • From: evol@ruiner.halo.nu
• RE: Webmails + Internet Explorer can create unwanted javascript execution
  • From: "Drew Copley" <dcopley@eeye.com>
• RE: Half-Life 2 source code stolen through IE exploit
  • From: "Thor Larholm" <thor@pivx.com>
• [CLA-2003:757] Conectiva Security Announcement - vixie-cron
  • From: Conectiva Updates <secure@conectiva.com.br>
• RE: Half-Life 2 source code stolen through IE exploit
  • From: "Thor Larholm" <thor@pivx.com>
• RE: Half-Life 2 source code stolen through IE exploit
  • From: "Mattox, Norman" <NMattox@scor.com>
• Re: Half-Life 2 source code stolen through IE exploit
  • From: spackard@fastlink.com
• Re: Webmails + Internet Explorer can create unwanted javascript execution
  • From: Jedi/Sector One <j@pureftpd.org>
• [CLA-2003:758] Conectiva Security Announcement - vixie-cron
  • From: Conectiva Updates <secure@conectiva.com.br>
• Re: Half-Life 2 source code stolen through IE exploit
  • From: jelmer <jkuperus@planet.nl>
• Cisco 6509 switch telnet vulnerability
  • From: Chris Norton <kicktd@hotmail.com>
• Divine OpenMarket Content Server XSS
  • From: "Valgasu" <valgasu@rstack.org>
• Cobalt RaQ Control Panel Cross Site Scripting
  • From: "Lorenzo Hernandez Garcia-Hierro" <lorenzohgh@nsrg-security.com>
• Re: Cisco 6509 switch telnet vulnerability
  • From: Wendy Garvin <wgarvin@cisco.com>
• FreeBSD Security Advisory FreeBSD-SA-03:18.openssl
  • From: FreeBSD Security Advisories <security-advisories@freebsd.org>
• OpenLinux: wu-ftpd fb_realpath() off-by-one bug
  • From: security@sco.com
• EMML, EMGB : Include() hole
  • From: "Frog Man" <leseulfrog@hotmail.com>
• PHP-Nuke v 6.7 + Windows = File Upload
  • From: "Frog Man" <leseulfrog@hotmail.com>
• Re: New IE crash: CSS + HTML
  • From: Sherlock <sherl0ck@comcast.net>
• Conexant Access Runner DSL Console login bypass vulnerability
  • From: Chris Norton <kicktd@hotmail.com>
• Re: Cisco 6509 switch telnet vulnerability
  • From: Bob Niederman <btrq@bob-n.com>
• [CLA-2003:760] Conectiva Security Announcement - mplayer
  • From: Conectiva Updates <secure@conectiva.com.br>
• Local root exploit in SuSE Linux 7.3Pro
  • From: Stefan Nordhausen <deletethis.nordhaus@informatik.hu-berlin.de>
• [PAPER] Juggling with packets: floating data storage
  • From: Wojciech Purczynski <cliph@isec.pl>
• Weaknesses in LEAP Challenge/Response
  • From: "Joshua Wright" <Joshua.Wright@jwu.edu>
• Re: I have fixes for the Geeklog vulnerabilities
  • From: "Dirk Haun" <dirk@haun-online.de>
• FreeBSD Security Advisory FreeBSD-SA-03:15.openssh
  • From: FreeBSD Security Advisories <security-advisories@freebsd.org>
• RE: New IE crash: CSS + HTML
  • From: psz@maths.usyd.edu.au (Paul Szabo)
• Local root exploit in SuSE Linux 8.2Pro
  • From: Stefan Nordhausen <deletethis.nordhaus@informatik.hu-berlin.de>
• JBoss 3.2.1: Remote Command Injection
  • From: Marc Schoenefeld <schonef@uni-muenster.de>
• GLSA: cfengine (200310-02)
  • From: Kurt Lieber <klieber@gentoo.org>
• GuppY : XSS, Files Reading/Writing
  • From: "Frog Man" <leseulfrog@hotmail.com>
• Re: Cisco 6509 switch telnet vulnerability
  • From: twig les <twigles@yahoo.com>
• RE: Cobalt RaQ Control Panel Cross Site Scripting
  • From: "Steve Manzuik" <steve@entrenchtech.com>
• SNAP Innovation's PrimeBase Database 4.2 poor default file permissions.
  • From: "Larry W. Cashdollar" <lwc@vapid.ath.cx>
• Verisign fighting back at ICANN
  • From: "Thor Larholm" <thor@pivx.com>
• Access Runner DSL Console vulnerability update
  • From: Chris Norton <kicktd@hotmail.com>
• Vulnerabilities in Easy File Sharing Web Server (1.2 NEW).
  • From: "nimber" <nimber@mail.ru>
• SA-20031006 slocate vulnerability
  • From: Patrik Hornik <patrik.hornik@ebitech.sk>
• Re: Local root exploit in SuSE Linux 8.2Pro
  • From: Roman Drahtmueller <draht@suse.de>
• JS/HTML code injection in File-Sharing for NET v1.5 and Forums Web Server v1.5
  • From: "nimber" <nimber@mail.ru>
• Update JBoss 308 & 321: Remote Command Injection
  • From: Marc Schoenefeld <schonef@uni-muenster.de>
• The joys of impurity (was: MOSDEF, InlineEgg)
  • From: "Alexander E. Cuttergo" <cuttergo@gmx.net>
• Adobe SVG Viewer Active Scripting Bypass (GM#002-MC)
  • From: GreyMagic Software <security@greymagic.com>
• PeopleSoft Grid Option Vulnerability
  • From: <info@i-assure.com>
• Adobe SVG Viewer Cross Domain and Zone Access (GM#004-MC)
  • From: GreyMagic Software <security@greymagic.com>
• IE 6 XML Patch Bypass
  • From: "Mindwarper *" <mindwarper@linuxmail.org>
• Medieval Total War <= 1.1 broadcast crash
  • From: Luigi Auriemma <aluigi@altervista.org>
• Re: The joys of impurity (was: MOSDEF, InlineEgg)
  • From: <dave@immunitysec.com>
• Adobe SVG Viewer Local and Remote File Reading (GM#003-MC)
  • From: GreyMagic Software <security@greymagic.com>
• ZH2003-3SP (security patch): multiple vulnerabilities in mod_gzip 1.3.x debug mode
  • From: Astharot <secfoc@email.it>
• Medieval Total War <= 1.1 broadcast Connection expired
  • From: Luigi Auriemma <aluigi@altervista.org>
• [RHSA-2003:278-01] Updated SANE packages fix remote vulnerabilities
  • From: bugzilla@redhat.com
• Re: Weaknesses in LEAP Challenge/Response
  • From: Sharad Ahlawat <sahlawat@cisco.com>
• New FAQ on worm/worm containment
  • From: Stuart Staniford <stuart@silicondefense.com>
• Betr.: IE 6 XML Patch Bypass
  • From: "Philip Wagenaar" <p.wagenaar@accon.nl>
• ZH2003-28SA (security advisory): file inclusion vulnerability in PayPal Store Front
  • From: Astharot <secfoc@email.it>
• Openoffice 1.1.0 DoS
  • From: Marc Schoenefeld <schonef@uni-muenster.de>
• PHP-Nuke SQL Injection
  • From: mod <rottyfig12@hotmail.com>
• HPUX dtprintinfo buffer overflow vulnerability
  • From: "Davide Del Vecchio" <dante@alighieri.org>
• Microsoft Windows Server 2003 "Shell Folders" Directory Traversal Vulnerability
  • From: "Eiji James Yoshida" <ptrs-ejy@bp.iij4u.or.jp>
• Re: [Full-Disclosure] Re: I have fixes for the Geeklog vulnerabilities
  • From: jelmer <jkuperus@planet.nl>
• PeopleSoft <LONGCHAR >and <VARCHAR> Data Upload
  • From: <info@i-assure.com>
• PeopleSoft <Control><J> Information Disclosure
  • From: <info@i-assure.com>
• RE: IE 6 XML Patch Bypass
  • From: "GreyMagic Software" <security@greymagic.com>
• Re: PHP-Nuke SQL Injection
  • From: 3APA3A <3APA3A@SECURITY.NNOV.RU>
• Re: [Full-Disclosure] Re: I have fixes for the Geeklog vulnerabilities
  • From: Chris.Kulish@us.ing.com
• RE: [PAPER] Juggling with packets: floating data storage
  • From: "Alun Jones" <alun@texis.com>
• Re: [PAPER] Juggling with packets: floating data storage
  • From: Nicholas Weaver <nweaver@CS.berkeley.edu>
• Re: [PAPER] Juggling with packets: floating data storage
  • From: Rick Wash <rwash@citi.umich.edu>
• Re: [Full-Disclosure] Re: [PAPER] Juggling with packets: floating data storage
  • From: Valdis.Kletnieks@vt.edu
• Re: [PAPER] Juggling with packets: floating data storage
  • From: Michal Zalewski <lcamtuf@ghettot.org>
• Re: [PAPER] Juggling with packets: floating data storage
  • From: Eugen Leitl <eugen@leitl.org>
• Re: [Full-Disclosure] RE: [PAPER] Juggling with packets: floating data storage
  • From: Michal Zalewski <lcamtuf@ghettot.org>
• Re: [PAPER] Juggling with packets: floating data storage
  • From: "Doug Moen" <doug.moen@bluecoat.com>
• Re: [PAPER] Juggling with packets: floating data storage
  • From: Michal Zalewski <lcamtuf@ghettot.org>
• Re: [PAPER] Juggling with packets: floating data storage
  • From: "David Heigl" <davidh@braunlift.com>
• Re: [PAPER] Juggling with packets: floating data storage
  • From: Adeel Hussain <ad33lh@hotmail.com>
• Re: [PAPER] Juggling with packets: floating data storage
  • From: der Mouse <mouse@Rodents.Montreal.QC.CA>
• Re: [PAPER] Juggling with packets: floating data storage
  • From: Aron Nimzovitch <bugout@clouddancer.com>
• [RHSA-2003:281-01] Updated MySQL packages fix vulnerability
  • From: bugzilla@redhat.com
• NetBSD Security Advisory 2003-016: Sendmail - another prescan() bug CAN-2003-0694
  • From: NetBSD Security Officer <security-officer@NetBSD.org>
• NetBSD Security Advisory 2003-017: OpenSSL multiple vulnerabilities
  • From: NetBSD Security Officer <security-officer@NetBSD.org>
• NetBSD Security Advisory 2003-015: Remote and local vulnerabilities in XFree86 font libraries
  • From: NetBSD Security Officer <security-officer@NetBSD.org>
• Shattering By Example
  • From: "Brett Moore" <brett.moore@security-assessment.com>
• Bad news on RPC DCOM vulnerability
  • From: 3APA3A <3APA3A@SECURITY.NNOV.RU>
• Re: [PAPER] Juggling with packets: floating data storage
  • From: Darren Reed <avalon@caligula.anu.edu.au>
• MDKSA-2003:099 - Updated sane packages fix remote vulnerabilities
  • From: Mandrake Linux Security Team <security@linux-mandrake.com>
• Re: [PAPER] Juggling with packets: floating data storage
  • From: Brandon Eisenmann <beisenmann@earthlink.net>
• [SECURITY] [DSA 394-1] New openssl095 packages fix denial of service
  • From: joey@infodrom.org (Martin Schulze)
• Concern about Checkpoint and SSL Vulnerability
  • From: <seeker@hush.ai>
• RE: Bad news on RPC DCOM vulnerability
  • From: "VigilantMinds Security Operations Center" <soc.rpc@vigilantminds.com>
• SA-20031006 slocate buffer overflow - exploitation proof
  • From: Patrik Hornik <patrik.hornik@ebitech.sk>
• Gallery 1.4 including file vulnerability
  • From: Peter "Stöckli" <pcs@rootquest.com>
• TRACKtheCLICK Script Injection Vulnerabilities
  • From: "BrainRawt" <brainrawt@haxworx.com>
• Re: Bad news on RPC DCOM vulnerability
  • From: K-OTiK Security <Special-Alerts@k-otik.com>
• *ADDENDUM* New AIM Expliot/Worm/Adware-script (realphx.com related)
  • From: "Michael A. Nunes" <p@pcmike.net>
• New AIM Expliot/Worm/Adware-script (realphx.com related)
  • From: "Michael A. Nunes" <p@pcmike.net>
• RE: Gallery 1.4 including file vulnerability
  • From: "Brent Meshier" <brent@meshier.com>
• Re: New AIM Expliot/Worm/Adware-script (realphx.com related)
  • From: "Thor Larholm" <thor@pivx.com>
• Re: Bad news on RPC DCOM vulnerability
  • From: Terence Runge <terencerunge@sbcglobal.net>
• Re: Gallery 1.4 including file vulnerability
  • From: "Bharat Mediratta" <bharat@menalto.com>
• buffer overflow in IRCD software
  • From: Piotr KUCHARSKI <chopin@sgh.waw.pl>
• myPHPCalendar : Informations Disclosure, File Include
  • From: "Frog Man" <leseulfrog@hotmail.com>
• Re: Bad news on RPC DCOM vulnerability
  • From: Terence Runge <terencerunge@sbcglobal.net>
• Remote root exploit for proftpd \n bug
  • From: Carl Livitt <carl@learningshophull.co.uk>
• Tool Release: Xprobe2 0.2
  • From: Ofir Arkin <ofir@sys-security.com>
• UK's Internet Infrastructure Open to Prying Eyes
  • From: <root@networkpenetration.com>
• What software breaks because of this DNS feature?
  • From: "Richard M. Smith" <rms@computerbytesman.com>
• Re: What software breaks because of this DNS feature?
  • From: Michael Sierchio <kudzu@tenebras.com>
• RE: What software breaks because of this DNS feature?
  • From: Michael Wojcik <Michael.Wojcik@microfocus.com>
• RE: What software breaks because of this DNS feature?
  • From: "Rob Mayoff" <mayoff@dqd.com>
• Finjan Software Discovers a New Critical Vulnerability In Microsoft Hotmail
  • From: "Menashe Eliezer" <menashe@finjan.com>
• LinkSys EtherFast Router Denial of Service Attack
  • From: DigitalPranksters <secteam@digitalpranksters.com>
• [SECURITY] [DSA 395-1] New tomcat4 packages fix denial of service
  • From: joey@infodrom.org (Martin Schulze)
• [CLA-2003:762] Conectiva Security Announcement - glibc
  • From: Conectiva Updates <secure@conectiva.com.br>
• Re: What software breaks because of this DNS feature?
  • From: Kevin George <kevin-bugtraq@raindrop.net>
• Few issues previously unpublished in English
  • From: 3APA3A <3APA3A@SECURITY.NNOV.RU>
• Gaim festival plugin exploit
  • From: error <error@lostinthenoise.net>
• New CERT Coordination Center (CERT/CC) PGP Key
  • From: CERT Advisory <cert-advisory@cert.org>
• Microsoft Windows Security Bulletin Summary October
  • From: Giovanni Campagnoli <bioia@yahoo.com>
• Microsoft got it wrong
  • From: "Richard M. Smith" <rms@computerbytesman.com>
• ColdFusion SQL Error Pages XSS
  • From: "Lorenzo Hernandez Garcia-Hierro" <lorenzohgh@nsrg-security.com>
• Microsoft PCHealth 2003/XP Buffer Overflow (#NISR15102003)
  • From: "NGSSoftware Insight Security Research" <nisr@nextgenss.com>
• Vulnerability in Exchange Server 5.5 Outlook Web Access Could Allow Cross-Site Scripting Attack (Microsoft Security Bulletin MS03-047)
  • From: Ory Segal <ory.segal@sanctuminc.com>
• CSS Vulnerability in Bajie HTTP JServer
  • From: "Oliver Karow" <Oliver.Karow@gmx.de>
• Listbox And Combobox Control Buffer Overflow
  • From: "Brett Moore" <brett.moore@security-assessment.com>
• OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : Multiple security vulnerabilities in Xsco
  • From: security@sco.com
• RE: Microsoft Windows Security Bulletin Summary October
  • From: "Thor Larholm" <thor@pivx.com>
• Cross-Site Scripting Vulnerability in Wrensoft Zoom Search Engine
  • From: "Sintelli SINTRAQ" <sintraq@sintelli.com>
• Re: Microsoft got it wrong
  • From: "T.A. Adjuster" <adjuster@peeved.org>
• CERT Advisory CA-2003-27 Multiple Vulnerabilities in Microsoft Windows and Exchange
  • From: CERT Advisory <cert-advisory@cert.org>
• MDKSA-2003:100 - Updated gdm packages fix local vulnerabilities
  • From: Mandrake Linux Security Team <security@linux-mandrake.com>
• MDKSA-2003:101 - Updated fetchmail packages fix DoS vulnerability
  • From: Mandrake Linux Security Team <security@linux-mandrake.com>
• [CLA-2003:766] Conectiva Security Announcement - gdm
  • From: Conectiva Updates <secure@conectiva.com.br>
• [CLA-2003:765] Conectiva Security Announcement - ircd
  • From: Conectiva Updates <secure@conectiva.com.br>
• Re: [CLA-2003:765] Conectiva Security Announcement - ircd
  • From: Florian Weimer <fw@deneb.enyo.de>
• Proof of concept for Windows Messenger Service overflow
  • From: "Hanabishi Recca" <recca@mail.ru>
• PHP-Nuke Path Disclosure Vulnerability
  • From: Bahaa Naamneh <b_naamneh@hotmail.com>
• IE remote code execution
  • From: Marcin Ulikowski <r3b00t@tx.pl>
• Opera HREF escaped server name overflow
  • From: "@stake Advisories" <advisories@atstake.com>
• Re: [Full-Disclosure] Re: Gaim festival plugin exploit
  • From: Cael Abal <lists@onryou.com>
• JAP Wins Court Victory
  • From: Tarapia Tapioco <comesefosse@ntani.firenze.linux.it>
• @stake tool announcement: RedFang 2.5: The Bluetooth Hunter
  • From: "Ollie Whitehouse" <ollie@atstake.com>
• Geeklog exploit
  • From: Jouko Pynnonen <jouko@iki.fi>
• Origo ASR-8100 ADSL router remote factory reset
  • From: Theo Markettos <theo@markettos.org.uk>
• eMule 2.2 [0.29c] - Web Control Panel - DOS(Denial Of Service)
  • From: "The-Insider" <nuritrv18@bezeqint.net>
• [OpenPKG-SA-2003.045] OpenPKG Security Advisory (ircd)
  • From: OpenPKG <openpkg@openpkg.org>
• Re: Multiple Heap Overflows in FTP Desktop
  • From: Vlad M <v_lion_77@mail.ru>
• ZH2003-31SA (security advisory): file inclusion vulnerability in cpCommerce
  • From: Astharot <secfoc@email.it>
• Unpatched Internet Explorer Bugs
  • From: Liu Die Yu <liudieyuinchina@yahoo.com.cn>
• ByteHoard Directory Traversal Vulnerability
  • From: "Sintelli SINTRAQ" <sintraq@sintelli.com>
• Re: IE remote code execution
  • From: K-OTiK Security <Special-Alerts@k-otik.com>
• Re: Gaim festival plugin exploit
  • From: HCTITS Security Division <security@humancentrictech.com>
• [ANNOUNCE] mod_security 1.7 released
  • From: Ivan Ristic <ivanr@webkreator.com>
• Multiple SQL Injection Vulnerabilities in DeskPRO
  • From: Aviram Jenik <aviram@beyondsecurity.com>
• Get admin level on Goldlink script v3.0
  • From: "Weke" <weke@programas-hacker.com>
• Re: IE remote code execution
  • From: Jouko Pynnonen <jouko@iki.fi>
• Re: Gaim festival plugin exploit
  • From: merlyn@stonehenge.com (Randal L. Schwartz)
• Cross Site Java applets
  • From: Marc Schoenefeld <schonef@uni-muenster.de>
• Gast Arbeiter Privilege Escalation
  • From: <natok@hush.com>
• RE: IE remote code execution
  • From: "Thor Larholm" <thor@pivx.com>
• Immunix Secured OS 7+ fetchmail update
  • From: Immunix Security Team <security@immunix.com>
• SQL Injection Vulnerability in FuzzyMonkey MyClassifieds SQL Version
  • From: "Sintelli SINTRAQ" <sintraq@sintelli.com>
• OpenServer 5.0.5 : Insecure creation of files in /tmp
  • From: security@sco.com
• Web Wiz Forums ver. 7.01
  • From: HEX <hex@hex.net.ru>
• IE6 & Java 1.4.2_02 applet: Hardware stress on floppy drive
  • From: Marc Schoenefeld <schonef@uni-muenster.de>
• MS03-046 Microsoft Exchange 2000 Heap Overflow
  • From: H D Moore <sflist@digitaloffense.net>
• IE6 CSS-Crash
  • From: Andreas Boeckler <abo@netlands.de>
• mah-jong[v1.4]: server/client remote buffer overflow exploit.
  • From: Vade 79 <v9@fakehalo.deadpig.org>
• [CLA-2003:768] Conectiva Security Announcement - fileutils
  • From: Conectiva Updates <secure@conectiva.com.br>
• Re: Web Wiz Forums ver. 7.01
  • From: <bruce@webwizguide.info>
• Re: IE6 CSS-Crash
  • From: xenophi1e <oliver.lavery@sympatico.ca>
• [CLA-2003:769] Conectiva Security Announcement - sane
  • From: Conectiva Updates <secure@conectiva.com.br>
• "Local" and "Remote" considered insufficient
  • From: "Steven M. Christey" <coley@mitre.org>
• [LSD] Security vulnerability in SUN's Java Virtual Machine implementation
  • From: Last Stage of Delirium <contact@lsd-pl.net>
• Re: "Local" and "Remote" considered insufficient
  • From: Ejovi Nuwere <ejovi@ejovi.net>
• Shatter XP
  • From: xenophi1e <oliver.lavery@sympatico.ca>
• CensorNet: Cross Site Scripting Vulnerability
  • From: "Richard Maudsley" <maudr001@rbwm.org>
• Re: "Local" and "Remote" considered insufficient
  • From: "Eric Knight" <eric@swordsoft.com>
• (Fw) : mIRC 6.12 (latest) DCC Exploit
  • From: K-OTiK Security <Special-Alerts@k-otik.com>
• Re: "Local" and "Remote" considered insufficient
  • From: Florian Weimer <fw@deneb.enyo.de>
• HTML Help API - Privilege Escalation
  • From: "Brett Moore" <brett.moore@security-assessment.com>
• Internet Explorer and Opera local zone restriction bypass
  • From: "Mindwarper *" <mindwarper@linuxmail.org>
• [CLA-2003:771] Conectiva Security Announcement - anonftp
  • From: Conectiva Updates <secure@conectiva.com.br>
• XLS Attack on AES (Rijndael)
  • From: <latte1@hushmail.com>
• Re: Internet Explorer and Opera local zone restriction bypass
  • From: Jort Slobbe <jortslobbe@hetnet.nl>
• Re: XLS Attack on AES (Rijndael)
  • From: Michael Sierchio <kudzu@tenebras.com>
• SiteKiosk terminal software
  • From: Zrekam <zrekam@badsystems.com>
• Re: SiteKiosk terminal software
  • From: Godwin Stewart <gstewart@spamcop.net>
• RE: Internet Explorer and Opera local zone restriction bypass
  • From: "Thor Larholm" <thor@pivx.com>
• Buffer Overflow in Yahoo messenger Client
  • From: Hat-Squad Security Team <service@hat-squad.com>
• RE: Internet Explorer and Opera local zone restriction bypass
  • From: "Mindwarper *" <mindwarper@linuxmail.org>
• sh-httpd `wildcard character' vulnerability
  • From: "dong-h0un U" <xploit@hackermail.com>
• New Vulnerability
  • From: "Joshua P. Miller" <jpmiller@tds.net>
• Musicqueue multiple local vulnerabilities
  • From: "dong-h0un U" <xploit@hackermail.com>
• a dangerous fast spreading (yet simple) trojan horse.
  • From: "Gadi Evron" <ge@egotistical.reprehensible.net>
• Re: Internet Explorer and Opera local zone restriction bypass
  • From: jelmer <jkuperus@planet.nl>
• Re: XLS Attack on AES (Rijndael)
  • From: Christian Ruediger Bahls <christian.bahls@gmx.de>
• Re: Internet Explorer and Opera local zone restriction bypass
  • From: Mohsen Hariri <mohsen_hariri@yahoo.com>
• Dansie Shopping Cart Discloses Installation Path to Remote Users
  • From: "Dr`Ponidi Haryanto" <drponidi@hackermail.com>
• Some serious security holes in 'The Bat!'
  • From: Bipin Gautam hUNT3R <door_hunt3r@blackcodemail.com>
• Re: Internet Explorer and Opera local zone restriction bypass
  • From: psz@maths.usyd.edu.au (Paul Szabo)
• Java 1.4.2_02 InsecurityManager JVM crash
  • From: Marc Schoenefeld <schonef@uni-muenster.de>
• MDKSA-2003:096-1 - Updated apache2 packages fix CGI scripting deadlock
  • From: Mandrake Linux Security Team <security@linux-mandrake.com>
• Re: [LSD] Security vulnerability in SUN's Java Virtual Machine implementation
  • From: Alla Bezroutchko <alla@scanit.be>
• Re: a dangerous fast spreading (yet simple) trojan horse.
  • From: K-OTiK Security <Special-Alerts@k-otik.com>
• Re: Internet Explorer and Opera local zone restriction bypass
  • From: Heikki Toivonen <hjtoi@comcast.net>
• Libnids <= 1.17 buffer overflow
  • From: rafal.wojtczuk@7bulls.com (Rafal Wojtczuk)
• Advanced Poll : PHP Code Injection, File Include, Phpinfo
  • From: "Frog Man" <leseulfrog@hotmail.com>
• SGI Advanced Linux Environment security update #4
  • From: SGI Security Coordinator <agent99@sgi.com>
• SGI Advanced Linux Environment security update #3
  • From: SGI Security Coordinator <agent99@sgi.com>
• Norton Internet Security 2003 XSS
  • From: DigitalPranksters <secteam@digitalpranksters.com>
• Re: CensorNet: Cross Site Scripting Vulnerability
  • From: "Dan Searle" <dan.searle@adelix.com>
• Les Visiteurs v2.0.1 code injection vulnerability
  • From: Matthieu Peschaud <bugtrack@chezwam.net>
• Re: Java 1.4.2_02 InsecurityManager JVM crash
  • From: Francisco Andrades <fandrades@nextj.com>
• Re: a dangerous fast spreading (yet simple) trojan horse.
  • From: Andreas Reich <cyraxx@scention.de>
• Re: CensorNet: Cross Site Scripting Vulnerability
  • From: "Richard Maudsley" <maudr001@rbwm.org>
• Root Directory Listing on RH default apache
  • From: <tfm@tfm.org>
• Re: [LSD] Security vulnerability in SUN's Java Virtual Machine implementation
  • From: Marc Schoenefeld <schonef@uni-muenster.de>
• Re: Internet Explorer and Opera local zone restriction bypass
  • From: Andreas Sandblad <sandblad@acc.umu.se>
• Re: Internet Explorer and Opera local zone restriction bypass
  • From: Andreas Sandblad <sandblad@acc.umu.se>
• SGI Advanced Linux Environment security update #2
  • From: SGI Security Coordinator <agent99@sgi.com>
• Re: [LSD] Security vulnerability in SUN's Java Virtual Machine implementation
  • From: "Michael Earls" <Michael.Earls@cchmc.org>
• Remote overflow in thttpd
  • From: "advisories(-at-)texonet.com" <advisories@texonet.com>
• [slackware-security] fetchmail security update (SSA:2003-300-02)
  • From: Slackware Security Team <security@slackware.com>
• [slackware-security] gdm security update (SSA:2003-300-01)
  • From: Slackware Security Team <security@slackware.com>
• Re: Java 1.4.2_02 InsecurityManager JVM crash
  • From: Marc Schoenefeld <schonef@uni-muenster.de>
• Nachi/Welchia/LovSan.D version 2 appears to be spreading
  • From: "Young, Keith" <Keith.Young@montgomerycountymd.gov>
• Re: a dangerous fast spreading (yet simple) trojan horse.
  • From: Craig Holmes <Leusent@absolut.intellihost.ca>
• [OpenPKG-SA-2003.046] OpenPKG Security Advisory (apache)
  • From: OpenPKG <openpkg@openpkg.org>
• Re: a dangerous fast spreading (yet simple) trojan horse (Now IRC.Trojan.Fgt)
  • From: K-OTiK Security <Special-Alerts@k-otik.com>
• Re: Nachi/Welchia/LovSan.D version 2 appears to be spreading
  • From: "Peter Kieser" <pfak@telus.net>
• Fastream NetFile FTP/WebServer 6.0 CSS Vulnerability
  • From: "Oliver Karow" <Oliver.Karow@gmx.de>
• Re: Internet Explorer and Opera local zone restriction bypass
  • From: jelmer <jkuperus@planet.nl>
• RE: Internet Explorer and Opera local zone restriction bypass
  • From: "Thor Larholm" <thor@pivx.com>
• [securemac] Local vulnerability: MacOSX Screensaver locking bypass.
  • From: kang <kang@insecure.ws>
• Mac OS X Systemic Insecure File Permissions
  • From: "@stake Advisories" <advisories@atstake.com>
• Mac OS X Arbitrary File Overwrite via Core Files
  • From: "@stake Advisories" <advisories@atstake.com>
• Mac OS X Long argv[] buffer overflow
  • From: "@stake Advisories" <advisories@atstake.com>
• Local root vuln in kpopup
  • From: "b0f www.b0f.net" <b0fnet@yahoo.com>
• RE: Norton Internet Security Blocked Sites XSS
  • From: Sym Security <symsecurity@symantec.com>
• Wildcard exportfs issue in NFS on IRIX
  • From: SGI Security Coordinator <agent99@sgi.com>
• FirstClass 7.1 HTTP Server: Remote Directory Listing
  • From: "Richard Maudsley" <maudr001@rbwm.org>
• Re: sh-httpd `wildcard character' vulnerability
  • From: Richard Brittain <richard@northstar.dartmouth.edu>
• mod_security 1.7RC1 to 1.7.1 vulnerability
  • From: Adam Dyga <adeon@o2.pl>
• Re: Internet Explorer and Opera local zone restriction bypass
  • From: Bipin Gautam hUNT3R <door_hunt3r@blackcodemail.com>
• Re: Mac OS X vulnerabilities
  • From: "Thor Larholm" <thor@pivx.com>
• STG Security Advisory: [SSA-20031025-05] InfronTech WebTide 7.04 Directory and File Disclosure Vulnerability
  • From: <advisory@stgsecurity.com>
• possible issue with IPv4 mapped address and $REMOTE_ADDR in CGI
  • From: itojun@iijlab.net
• [SECURITY] [DSA 396-1] New thttpd packages fix information leak, DoS and arbitrary code execution
  • From: joey@infodrom.org (Martin Schulze)
• TelCondex SimpleWebserver Buffer Overflow
  • From: "Oliver Karow" <Oliver.Karow@gmx.de>
• Re: Mac OS X vulnerabilities
  • From: "Joshua Levitsky" <jlevitsk@joshie.com>
• RE: Mac OS X vulnerabilities ['Virus checked"]
  • From: "Thor Larholm" <thor@pivx.com>
• RE: Mac OS X vulnerabilities ['Virus checked"]
  • From: graham.coles@retail-logic.com
• Re: Root Directory Listing on RH default apache
  • From: Stephen Samuel <samuel@bcgreen.com>
• Re: possible issue with IPv4 mapped address and $REMOTE_ADDR in CGI
  • From: Colm MacCarthaigh <colmmacc@redbrick.dcu.ie>
• Re: Mac OS X vulnerabilities ['Virus checked"]
  • From: Steve Clement <steve@ion.lu>
• Re: Mac OS X vulnerabilities ['Virus checked"]
  • From: graham.coles@retail-logic.com
• Re: Mac OS X vulnerabilities ['Virus checked"]
  • From: Adam Shostack <adam@homeport.org>
• Re: possible issue with IPv4 mapped address and $REMOTE_ADDR in CGI
  • From: der Mouse <mouse@Rodents.Montreal.QC.CA>
• [CLA-2003:773] Conectiva Security Announcement - libnids
  • From: Conectiva Updates <secure@conectiva.com.br>
• Re: possible issue with IPv4 mapped address and $REMOTE_ADDR in CGI
  • From: Colm MacCarthaigh <colmmacc@redbrick.dcu.ie>
• Re: Mac OS X vulnerabilities ['Virus checked"]
  • From: Ragnar Sundblad <ragge@nada.kth.se>
• Re: Mac OS X vulnerabilities ['Virus checked"]
  • From: Chris Wysopal <cwysopal@atstake.com>
• E107 DoS vulnerability
  • From: "Blademaster" <blademaster@msbx.net>
• Immunix Secured OS 7+ apache update
  • From: Immunix Security Team <security@immunix.com>
• Re: Mac OS X vulnerabilities
  • From: James Kelly <macubergeek@comcast.net>
• Re: FirstClass 7.1 HTTP Server: Remote Directory Listing
  • From: Graham Morley <GMorley_Public@firstclass.com>
• [OpenPKG-SA-2003.047] OpenPKG Security Advisory (postgresql)
  • From: OpenPKG <openpkg@openpkg.org>
• Multiple Vulnerabilities in Led-Forums
  • From: ProXy - <proxy@excluded.org>
• Re: Mac OS X vulnerabilities ['Virus checked"]
  • From: Kurt Harvey <k_harvey@mac.com>
• Re: Mac OS X vulnerabilities
  • From: Radoslav Dejanovic <radoslav.dejanovic@opsus.hr>
• Re: Internet Explorer and Opera local zone restriction bypass
  • From: william schulze <was@macromedia.com>
• IE bug: loading HTML under a graphic file name - summary
  • From: "Gadi Evron" <ge@egotistical.reprehensible.net>
• Re: Mac OS X vulnerabilities
  • From: Mike Stark <mstark@ucsd.edu>
• RE: Internet Explorer and Opera local zone restriction bypass
  • From: Francis Favorini <francis.favorini@duke.edu>
• Re: Mac OS X vulnerabilities
  • From: gabriel rosenkoetter <gr@eclipsed.net>
• Serious Sam is not so serious
  • From: Luigi Auriemma <aluigi@altervista.org>
• Re: Mac OS X vulnerabilities
  • From: gabriel rosenkoetter <gr@eclipsed.net>
• Re: Internet Explorer and Opera local zone restriction bypass
  • From: psz@maths.usyd.edu.au (Paul Szabo)
• Re: Mac OS X vulnerabilities
  • From: Lyndon Nerenberg <lyndon@orthanc.ca>
• RE: Internet Explorer and Opera local zone restriction bypass
  • From: "Thor Larholm" <thor@pivx.com>