Mail Index

• Thread Index

• WU-FTPD 2.6.2 Freezer
  • From: Angelo Rosiello <angelo.rosiello@katamail.com>
• Mimail.C
  • From: Alan <alan.tennent@y3kgroup.com>
• GLSA: apache (200310-04)
  • From: Rajiv Aaron Manglani <rajiv@gentoo.org>
• Advisory: Sun's jre/jdk 1.4.2 multiple vulernabilities in linux installers
  • From: Stan Bubrouski <stan@ccs.neu.edu>
• IRM 008: Citrix Metaframe XP is vulnerable to Cross Site Scripting
  • From: "IRM Advisories" <advisories@irmplc.com>
• RE: Internet Explorer and Opera local zone restriction bypass
  • From: psz@maths.usyd.edu.au (Paul Szabo)
• VMWare GSX Server Authentication Server Buffer Overflow Vulnerability - Update
  • From: Darryl Swofford <dswofford@kpmg.com>
• Corsaire Security Advisory: BEA WebLogic example InteractiveQuery.jsp XSS issue
  • From: "advisories" <advisories@corsaire.com>
• Corsaire Security Advisory: BEA Tuxedo Administration CGI multiple argument issues
  • From: "advisories" <advisories@corsaire.com>
• SUSE Security Announcement: thttpd (SuSE-SA:2003:044)
  • From: Thomas Biege <thomas@suse.de>
• Redirection and refresh parses local file
  • From: Liu Die Yu <liudieyuinchina@yahoo.com.cn>
• VMware GSX Server and ESX Server OpenSSL vulnerability patches
  • From: VMware <vmware-security-alert@vmware.com>
• DoS in Plug and Play Web Server Proxy Server
  • From: "Oliver Karow" <Oliver.Karow@gmx.de>
• Re: Mac OS X vulnerabilities
  • From: Adam Shostack <adam@homeport.org>
• Console Root On OSX up to 10.2.8
  • From: Jason Storm <jms@lasergun.org>
• Macos 10.2.8
  • From: Adam Shostack <adam@homeport.org>
• Re: WU-FTPD 2.6.2 Freezer
  • From: Seth Arnold <sarnold@wirex.com>
• Virginity Security Advisory 2003-002 : Tritanium Bulletin Board - Read and write from/to internal (protected) Threads
  • From: Virginity Security <advisory@konfiweb.de>
• Re: Mimail.C (Denial of Service Attack)
  • From: K-OTiK Security <Special-Alerts@k-otik.com>
• New Varient Of Irc Worm Spreading
  • From: Craig Holmes <Leusent@absolut.intellihost.ca>
• Immunix Secured OS 7+ fileutils update
  • From: Immunix Security Team <security@immunix.com>
• Re: WU-FTPD 2.6.2 Freezer
  • From: Luca Berra <bluca@comedia.it>
• Memory-leak vulnerability in EServ/3.00
  • From: d4rkgr3y <d4rk@securitylab.ru>
• Re: New Varient Of Irc Worm Spreading
  • From: "bob" <hackerbob@cox.net>
• BRS WebWeaver 1.06 remote DoS vulnerability
  • From: d4rkgr3y <d4rk@securitylab.ru>
• Re: WU-FTPD 2.6.2 Freezer
  • From: Rossen Petrov <rpetrov@gmx.net>
• Internet Explorer Vulnerability: Content-Location works with both triple and double slash
  • From: "Mindwarper *" <mindwarper@linuxmail.org>
• [RHSA-2003:275-01] Updated CUPS packages fix denial of service
  • From: bugzilla@redhat.com
• [RHSA-2003:309-01] Updated fileutils/coreutils package fix ls vulnerabilities
  • From: bugzilla@redhat.com
• ShoutCast server 1.9.2/win32
  • From: HEX <hex@hex_net_ru.securityfocus.com>
• Unauthorized access in Web Wiz Forum
  • From: "Alexander Antipov" <pk95@yandex.ru>
• Re: Root Directory Listing on RH default apache
  • From: "M.Hirsch" <M.Hirsch@gmx.de>
• Unichat Vulnerabilities
  • From: DarkKnight <mbuzz04@yahoo.com>
• Re: Immunix Secured OS 7+ fileutils update
  • From: Seth Arnold <sarnold@wirex.com>
• [BUGZILLA] Security Advisory - SQL injection, information leak
  • From: David Miller <justdave@bugzilla.org>
• multiple payload handling flaws in isakmpd
  • From: Thomas Walpuski <thomas@thinknerd.de>
• SRT2003-11-02-0115 - NIPrint LPD-LPR Remote overflow
  • From: KF <dotslash@snosoft.com>
• SRT2003-11-02-0218 - NIPrint LPD-LPR Local Help API SYSTEM exploit
  • From: KF <dotslash@snosoft.com>
• MDKSA-2003:103 - Updated apache packages fix vulnerabilities
  • From: Mandrake Linux Security Team <security@linux-mandrake.com>
• [OpenSSL Advisory] Denial of Service in ASN.1 parsing
  • From: Mark J Cox <mark@openssl.org>
• NIPrint remote exploit
  • From: Crazy Einstein <crazy_einstein@yahoo.com>
• Liteserve Buffer Overflow in Handling Server's Log.
  • From: "Tri Huynh" <trihuynh@zeeup.com>
• Re: Unauthorized access in Web Wiz Forum
  • From: <bruce@webwizguide.info>
• [ESA-20031104-029] 'openssl' ASN.1 parsing denial of service
  • From: EnGarde Secure Linux <security@guardiandigital.com>
• MDKSA-2003:102 - Updated postgresql packages fix buffer overflow vulnerability
  • From: Mandrake Linux Security Team <security@linux-mandrake.com>
• UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : CDE libDtHelp buffer overflow
  • From: security@sco.com
• [ESA-20031105-030] 'apache' buffer overflow in mod_alias and mod_rewrite
  • From: EnGarde Secure Linux <security@guardiandigital.com>
• Six Step IE Remote Compromise Cache Attack
  • From: Liu Die Yu <liudieyuinchina@yahoo.com.cn>
• [slackware-security] apache security update (SSA:2003-308-01)
  • From: Slackware Security Team <security@slackware.com>
• MSIE clientCaps "isComponentInstalled" and "getComponentVersion" registry information leakage
  • From: Sam Schinke <sschinke@myrealbox.com>
• IE: double slash moves cache from INTERNET zone to MYCOMPUTER zone
  • From: Liu Die Yu <liudieyuinchina@yahoo.com.cn>
• Multiple SQL Injection Vulnerabilities in Oracle Application Server 9i and RDBMS (#NISR05112003)
  • From: "NGSSoftware Insight Security Research" <nisr@nextgenss.com>
• [CLA-2003:774] Conectiva Security Announcement - bugzilla
  • From: Conectiva Updates <secure@conectiva.com.br>
• POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part III
  • From: "http-equiv@excite.com" <1@malware.com>
• RE: double slash moves cache from INTERNET zone to MYCOMPUTER zone
  • From: "Thor Larholm" <thor@pivx.com>
• [CLA-2003:775] Conectiva Security Announcement - apache
  • From: Conectiva Updates <secure@conectiva.com.br>
• RE: Six Step IE Remote Compromise Cache Attack
  • From: "Thor Larholm" <thor@pivx.com>
• RE: Six Step IE Remote Compromise Cache Attack
  • From: "Steve Hillier" <steve@mastermindtoys.com>
• RE: Six Step IE Remote Compromise Cache Attack
  • From: "Thor Larholm" <thor@pivx.com>
• RE: Six Step IE Remote Compromise Cache Attack
  • From: Benjamin Franz <snowhare@nihongo.org>
• RE: Six Step IE Remote Compromise Cache Attack
  • From: white colin john <cjwhite1@ehlnx13.ews.uiuc.edu>
• Re: Six Step IE Remote Compromise Cache Attack
  • From: Florian Weimer <fw@deneb.enyo.de>
• Re: Six Step IE Remote Compromise Cache Attack
  • From: Seth Arnold <sarnold@wirex.com>
• RE: Six Step IE Remote Compromise Cache Attack
  • From: psz@maths.usyd.edu.au (Paul Szabo)
• Re: Six Step IE Remote Compromise Cache Attack
  • From: Jelmer <jkuperus@planet.nl>
• RE: Six Step IE Remote Compromise Cache Attack
  • From: "Drew Copley" <dcopley@eeye.com>
• MDKSA-2003:104 - Updated CUPS packages fix denial of service vulnerability
  • From: Mandrake Linux Security Team <security@linux-mandrake.com>
• Re: Six Step IE Remote Compromise Cache Attack
  • From: "http-equiv@excite.com" <1@malware.com>
• [bWM#017] Cross-Site-Scripting @ PHPKIT
  • From: ben moeckel <badwebmasters@online.de>
• Re: POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part III
  • From: "Kurt Seifried" <kurt@seifried.org>
• Re: RE: Six Step IE Remote Compromise Cache Attack
  • From: "Steven M. Christey" <coley@mitre.org>
• RE: Six Step IE Remote Compromise Cache Attack
  • From: Tyler Larson <noreply@tlarson.com>
• DoS for Ganglia
  • From: Jim Prewett <download@hpc.unm.edu>
• [CLA-2003:777] Conectiva Security Announcement - thttpd
  • From: Conectiva Updates <secure@conectiva.com.br>
• Re: RE: Six Step IE Remote Compromise Cache Attack
  • From: Paul Schmehl <pauls@utdallas.edu>
• UPDATE: PSK Cracking using IKE Aggressive Mode
  • From: Michael Thumann <mlthumann@ids-guide.de>
• [CLA-2003:779] Conectiva Security Announcement - cups
  • From: Conectiva Updates <secure@conectiva.com.br>
• Re: multiple payload handling flaws in isakmpd
  • From: Thomas Walpuski <thomas@thinknerd.de>
• PowerPortal v1.1b Cross-Site Scripting Vulnerability
  • From: David Ferreira <iamroot@systemsecure.org>
• SRT2003-11-06-0710 - IBM DB2 Multiple local security issues
  • From: KF <dotslash@snosoft.com>
• Re: Six Step IE Remote Compromise Cache Attack
  • From: Florian Weimer <fw@deneb.enyo.de>
• [CLA-2003:778] Conectiva Security Announcement - net-snmp
  • From: Conectiva Updates <secure@conectiva.com.br>
• OpenAutoClassifieds XSS attack
  • From: David Ferreira <iamroot@systemsecure.org>
• Re: POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part III
  • From: Art Manion <amanion@cert.org>
• [Full-Disclosure] [SECURITY] [DSA 397-1] New PostgreSQL packages fix buffer overflow
  • From: debian-security-announce@lists.debian.org
• OpenServer 5.0.5 OpenServer 5.0.6 OpenServer 5.0.7: Multiple vulnerabilities affecting several components of gwxlibs
  • From: security@sco.com
• OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : Various Apache security fixes
  • From: security@sco.com
• OpenServer 5.0.7 : OpenSSH: multiple buffer handling problems
  • From: security@sco.com
• OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : Perl cross-site scripting vulnerability.
  • From: security@sco.com
• terminatorX 3.8.1 local vulnerabilities
  • From: "c0wboy@0x333" <c0wboy@tiscali.it>
• [CLA-2003:780] Conectiva Security Announcement - ethereal
  • From: Conectiva Updates <secure@conectiva.com.br>
• UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : CDE libDtHelp buffer overflow
  • From: security@sco.com
• OpenLinux: ucd-snmp remote heap overflow
  • From: security@sco.com
• RE: Six Step IE Remote Compromise Cache Attack
  • From: "Steven M. Christey" <coley@mitre.org>
• Re: POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part III
  • From: "Kurt Seifried" <bt@seifried.org>
• rpc remote return-into-libc exploit
  • From: Jack Trixter <trixterjack@yahoo.com>
• Re: POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part III
  • From: Mike Healan <mike@spywareinfo.com>
• RE: POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part III
  • From: "Cowperthwaite, Eric" <eric.cowperthwaite@eds.com>
• OpenLinux: Multiple vulnerabilities have reported in Ethereal 0.9.12
  • From: security@sco.com
• Re: POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part III
  • From: "James C. Slora Jr." <Jim.Slora@phra.com>
• Re: POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part III
  • From: teemu schaabl <teemu@lynix.net>
• sql injection in phpbb
  • From: jocanor jocanor <jocanor2002@hotmail.com>
• Re: sql injection in phpbb
  • From: Marius Kaase <marius@kaase.net>
• DoS in PureFTPd
  • From: Adam Zabrocki <pi3ki31ny@wp.pl>
• [BUGZILLA] Security Advisory - information leak
  • From: David Miller <justdave@bugzilla.org>
• [SECURITY] [DSA 398-1] New conquest packages fix local conquest exploit
  • From: joey@infodrom.org (Martin Schulze)
• nCUBE Server Manager
  • From: <bug_hunt@hotmail.com>
• [SECURITY] [DSA 399-1] New epic4 packages fix denial of service
  • From: joey@infodrom.org (Martin Schulze)
• Re: POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part III
  • From: "Thor Larholm" <thor@pivx.com>
• SUSE Security Announcement: hylafax (SuSE-SA:2003:045)
  • From: krahmer@suse.de (Sebastian Krahmer)
• Directory traversal in The TelCondex SimpleWebserver 2.13.31027 Build 3289.
  • From: "nimber" <nimber@mail.ru>
• [RHSA-2003:323-01] Updated Ethereal packages fix security issues
  • From: bugzilla@redhat.com
• Re: Six Step IE Remote Compromise Cache Attack
  • From: Goetz Babin-Ebell <babin-ebell@trustcenter.de>
• DailyDose v 1.1
  • From: Alexey Sintsov <huan@xp-team.spb.su>
• Re: DoS in PureFTPd
  • From: Jedi/Sector One <j@pureftpd.org>
• [SNS Advisory No.69] Eudora "Reply-To-All" Buffer Overflow Vulnerability
  • From: "Secure Net Service(SNS) Security Advisory" <snsadv@lac.co.jp>
• A resource for the Fake players bug
  • From: Luigi Auriemma <aluigi@altervista.org>
• RE: POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part III
  • From: "Robert C. Auch" <RAuch@totalnetsolutions.net>
• Re: Six Step IE Remote Compromise Cache Attack
  • From: Byron Sonne <blsonne@rogers.com>
• Symbol Technologies Default WEP KEYS Vulnerability
  • From: "Michael Scheidell" <scheidell@secnap.net>
• Re: sql injection in phpbb
  • From: <telli@codezwiz.com>
• Re: IE: double slash moves cache from INTERNET zone to MYCOMPUTER zone
  • From: 3APA3A <3APA3A@SECURITY.NNOV.RU>
• RE: POS#1 Self-Executing HTML: Internet Explorer 5.5 and 6.0 Part III
  • From: "Evans, Arian" <Arian.Evans@fishnetsecurity.com>
• Re: sql injection in phpbb
  • From: Jort Slobbe <jortslobbe@hetnet.nl>
• buffer overflow in unace (linux extractor for .ace files)
  • From: "Andreas Constantinides (MegaHz)" <megahz@megahz.org>
• Re: Six Step IE Remote Compromise Cache Attack
  • From: "Steven M. Christey" <coley@mitre.org>
• Re: Fw: sql injection in phpbb
  • From: Micheal Cottingham <micheal@michealcottingham.com>
• Gaim IRC Local Account Information Leakage
  • From: "'ken'@FTU" <ken@ftusecurity.com>
• [SECURITY] [DSA 400-1] New omega-rpg packages fix local games exploit
  • From: joey@infodrom.org (Martin Schulze)
• MDKSA-2003:105 - Updated hylafax packages fix remote root vulnerability
  • From: Mandrake Linux Security Team <security@linux-mandrake.com>
• Re: sql injection in phpbb
  • From: Jayson Anderson <bugtraq@sonick.com>
• PHP-Coolfile version 1.4 unauthorized access
  • From: r00t@rsteam.ru
• RE: Six Step IE Remote Compromise Cache Attack
  • From: "Alun Jones" <alun@texis.com>
• Re[2]: sql injection in phpbb
  • From: Alexander GQ Gerasiov <bugtaq@gq.pp.ru>
• DoS in PureFTPd - continue.
  • From: Adam Zabrocki <pi3ki31ny@wp.pl>
• Local PoC exploit for Unace v2.2
  • From: "demz" <demz@geekz.nl>
• RE: Six Step IE Remote Compromise Cache Attack
  • From: Michael Wojcik <Michael.Wojcik@microfocus.com>
• HylaFAX - Format String Vulnerability Fixed
  • From: Lee Howard <lee.howard@hylafax.org>
• [OpenPKG-SA-2003.048] OpenPKG Security Advisory (postgresql)
  • From: OpenPKG <openpkg@openpkg.org>
• Re: Six Step IE Remote Compromise Cache Attack
  • From: Goetz Babin-Ebell <babin-ebell@trustcenter.de>
• EEYE: Windows Workstation Service Remote Buffer Overflow
  • From: "Derek Soeder" <dsoeder@eeye.com>
• Proof of concept for Windows Workstation Service overflow
  • From: "Hanabishi Recca" <recca@mail.ru>
• Gamespy uses DMCA to destroy bug research and full disclosure
  • From: Luigi Auriemma <aluigi@altervista.org>
• MS03-048: Thor and unpatched?
  • From: psz@maths.usyd.edu.au (Paul Szabo)
• Nokia IPSO Script Injection Vulnerability leads to Passive Remote Root, via Network Voyager
  • From: "FishNet Security CSIRT" <CSIRT@fishnetsecurity.com>
• Insecure handling of procfs descriptors in UnixWare 7.1.1, 7.1.3 and Open UNIX 8.0.0 can lead to local privilege escalation.
  • From: "advisories(-at-)texonet.com" <advisories@texonet.com>
• The Developer Implications of Windows XP SP2
  • From: "Michael Howard" <mikehow@microsoft.com>
• Opera Skinned : Arbitrary File Dropping And Execution (Advisory)
  • From: S G Masood <sgmasood@yahoo.com>
• Frontpage Extensions Remote Command Execution
  • From: "Brett Moore" <brett.moore@security-assessment.com>
• Opera Skinned & Opera Directory Traversal (Additional Details & a Simple Exploit)
  • From: S G Masood <sgmasood@yahoo.com>
• Opera Directory Traversal in Internal URI Protocol (Advisory)
  • From: S G Masood <sgmasood@yahoo.com>
• UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : Insecure handling of procfs descriptors in UnixWare can lead to local privilege escalation.
  • From: security@sco.com
• [RHSA-2003:325-01] Updated glibc packages provide security and bug fixes
  • From: bugzilla@redhat.com
• Funny article
  • From: Paulo Ferreira <paulof@bellsouth.net>
• RE: [Full-Disclosure] Proof of concept for Windows Workstation Se rvice overflow
  • From: "Anderson, Dan" <DanAnderson@ferrellgas.com>
• [CLA-2003:781] Conectiva Security Announcement - mpg123
  • From: Conectiva Updates <secure@conectiva.com.br>
• Re: Funny article
  • From: Valdis.Kletnieks@vt.edu
• Serious flaws in bluetooth security lead to disclosure of personal data
  • From: Adam Laurie <adam@algroup.co.uk>
• Re: [Full-Disclosure] Microsoft prepares security assault on Linux
  • From: Jason Coombs <jasonc@science.org>
• Re: Gamespy uses DMCA to destroy bug research and full disclosure
  • From: "C Ryll" <carolynryll@hotmail.com>
• Re: Funny article
  • From: martin f krafft <madduck@madduck.net>
• [CLA-2003:783] Conectiva Security Announcement - hylafax
  • From: Conectiva Updates <secure@conectiva.com.br>
• SRT2003-11-11-1151 - clamav-milter remote exploit / DoS
  • From: KF <dotslash@snosoft.com>
• [CLA-2003:782] Conectiva Security Announcement - xinetd
  • From: Conectiva Updates <secure@conectiva.com.br>
• RE: Funny article
  • From: Lance James <lance.james@bakbone.com>
• iwconfig vulnerability - the last code was demaged sending by email
  • From: "hekuran doli" <hekuran.doli@atikos.info>
• RE: Gamespy uses DMCA to destroy bug research and full disclosure
  • From: "Ed Carp" <erc@pobox.com>
• Re: Funny article
  • From: dphull@ku.edu
• OpenLinux: unzip directory traversal
  • From: security@sco.com
• Corsaire Security Advisory: PeopleSoft PeopleBooks Search CGI multiple argument issues
  • From: "advisories" <advisories@corsaire.com>
• NSFOCUS SA2003-07: HP-UX Software Distributor Buffer Overflow Vulnerability
  • From: NSFOCUS Security Team <security@nsfocus.com>
• Corsaire Security Advisory: PeopleSoft IScript XSS issue
  • From: "advisories" <advisories@corsaire.com>
• [RHSA-2003:307-01] Updated zebra packages fix security vulnerabilities
  • From: bugzilla@redhat.com
• Eudora 6.0.1 attachment spoof
  • From: psz@maths.usyd.edu.au (Paul Szabo)
• NSFOCUS SA2003-08: HP-UX libc NLSPATH Environment Variable Privilege Elevation Vulnerability
  • From: NSFOCUS Security Team <security@nsfocus.com>
• MDKSA-2003:106 - Updated fileutils and coreutils packages fix vulnerabilities
  • From: Mandrake Linux Security Team <security@linux-mandrake.com>
• [RHSA-2003:313-01] Updated PostgreSQL packages fix buffer overflow
  • From: bugzilla@redhat.com
• Corsaire Security Advisory: PeopleSoft Gateway Administration servlet path disclosure issue
  • From: "advisories" <advisories@corsaire.com>
• terminatorX stack-based overflow (exploit)
  • From: <Li0n7@voila.fr>
• Local PoC exploit terminatorX v3.81
  • From: "demz" <demz@geekz.nl>
• SRT2003-11-13-0218 - PCAnywhere local SYSTEM exploit
  • From: KF <dotslash@snosoft.com>
• [CLA-2003:784] Conectiva Security Announcement - postgresql
  • From: Conectiva Updates <secure@conectiva.com.br>
• Web Wiz Forums ver. 7.01
  • From: HEX <hex@hex.net.ru>
• Webwasher Classic Error-Message XSS Vulnerability
  • From: "Oliver Karow" <Oliver.Karow@gmx.de>
• Minor OpenSSH/pam vuln (non-exploitable)
  • From: <das@decisionsoft.com>
• RE: Secure Network Operations SRT2003-11-13-0218, PCAnywhere allows local users to become SYSTEM
  • From: Sym Security <symsecurity@symantec.com>
• [RHSA-2003:325-01] Updated glibc packages provide security and bug fixes
  • From: bugzilla@redhat.com
• Re: Serious flaws in bluetooth security lead to disclosure of personal data
  • From: Pentest Security Advisories <alerts@pentest.co.uk>
• Re: Funny article
  • From: "Steven M. Christey" <coley@mitre.org>
• PHPlist, file injection vulnerability
  • From: Michiel Dethmers <secfoc@kipu.co.uk>
• Quagga remote vulnerability
  • From: Paul Jakma <paul@clubi.ie>
• Re: Serious flaws in bluetooth security lead to disclosure of personal data
  • From: Adam Laurie <adam@algroup.co.uk>
• RE: [Full-Disclosure] Re: Serious flaws in bluetooth security lead to disclosure of personal data
  • From: "Schmehl, Paul L" <pauls@utdallas.edu>
• Re: [Full-Disclosure] Re: Serious flaws in bluetooth security lead to disclosure of personal data
  • From: Nicholas Weaver <nweaver@CS.berkeley.edu>
• Re: [Full-Disclosure] Re: Serious flaws in bluetooth security lead to disclosure of personal data
  • From: nosp <nosp@xades.com>
• Re: Funny article
  • From: Systems Administrator <sysadmin@sunet.com.au>
• Re: Web Wiz Forums ver. 7.01
  • From: <bruce@webwizguide.info>
• Re: [Full-Disclosure] Re: Serious flaws in bluetooth security lead to disclosure of personal data
  • From: Jordan Wiens <jwiens@nersp.nerdc.ufl.edu>
• Re: Serious flaws in bluetooth security lead to disclosure of personal data
  • From: Andreas Steinmetz <ast@domdv.de>
• Re: [Full-Disclosure] Re: Serious flaws in bluetooth security lead to disclosure of personal data
  • From: Pentest Security Advisories <alerts@pentest.co.uk>
• Re: [Full-Disclosure] Re: Serious flaws in bluetooth security lead to disclosure of personal data
  • From: "Kurt Seifried" <listuser@seifried.org>
• Re: Funny article
  • From: Doug <dmr@agnosticjihad.com>
• Re: Web Wiz Forums ver. 7.01
  • From: "Thor" <thor@hammerofgod.com>
• Vulnerability Disclosure Formats (was "Re: Funny article")
  • From: "Steven M. Christey" <coley@mitre.org>
• RE: Vulnerability Disclosure Formats (was "Re: Funny article")
  • From: "Russ" <Russ.Cooper@rc.on.ca>
• UnAce 2.20 Exploitable Stack-Based Overflow (exploit code)
  • From: <Li0n7@voila.fr>
• idsearch.com and googleMS.DLL
  • From: trappers <trappers@mail15.com>
• [Exploit]: Microsoft FPSE fp30reg.dll Overflow Remote Exploit (MS03-051)
  • From: Adik <netninja@hotmail.kg>
• pServ 2.0.x:beta webserver remote buffer overflow exploit by jsk
  • From: yan feng <jsk@ph4nt0m.net>
• phpWebFileManager v2.0.0 - Directory traversal
  • From: r00t@rsteam.ru
• [SECURITY] [DSA 402-1] New minimalist package fixes remote command execution
  • From: joey@infodrom.org (Martin Schulze)
• [SECURITY] [DSA 401-1] New hylafax packages fix remote root exploit
  • From: joey@infodrom.org (Martin Schulze)
• SAP DB priv. escalation/remote code execution
  • From: "@stake Advisories" <advisories@atstake.com>
• Re: idsearch.com and googleMS.DLL
  • From: Jelmer <jkuperus@planet.nl>
• Rolis Guestbook v1.0 - PHP injection
  • From: r00t@rsteam.ru
• SAP DB web-tools multiple issues
  • From: Chris Wysopal <cwysopal@atstake.com>
• Multiple vulnerability in NetServe 1.0.7
  • From: "nimber" <nimber@mail.ru>
• PCL-0002: Session Hijacking in "Sqwebmail"
  • From: Vincenzo Ciaglia <puccio@pucciolab.org>
• OpenLinux: Key validity bug in GnuPG 1.2.1 and earlier
  • From: security@sco.com
• Re: VMWare GSX Server Authentication Server Buffer Overflow Vulnerability - Update
  • From: VMware <vmware-security-alert@vmware.com>
• Re: PCL-0002: Session Hijacking in "Sqwebmail"
  • From: Christophe Casalegno <christophe.casalegno@digital-network.net>
• Security researchers organization
  • From: "Thor Larholm" <thor@pivx.com>
• OpenLinux: Webmin/Usermin Session ID Spoofing Vulnerability
  • From: security@sco.com
• OpenLinux: Sendmail prescan remotely exploitable vulnerability
  • From: security@sco.com
• SUSE Security Announcement: sane (SuSE-SA:2003:046)
  • From: Thomas Biege <thomas@suse.de>
• Re: idsearch.com and googleMS.DLL
  • From: Gary Flynn <flynngn@jmu.edu>
• OpenLinux: Linux NFS utils package contains remotely exploitable off-by-one bug
  • From: security@sco.com
• Apple Safari 1.1 (v100)
  • From: Austin Gilbert <austin@breakingrobots.net>
• Re: Vulnerability Disclosure Formats (was "Re: Funny article")
  • From: Javier Fernandez-Sanguino <jfernandez@germinus.com>
• Re: Funny article
  • From: Javier Fernandez-Sanguino <jfernandez@germinus.com>
• OpenBSD kernel holes ...
  • From: noir@uberhax0r.net
• Re: Security researchers organization
  • From: "http-equiv@excite.com" <1@malware.com>
• [RHSA-2003:288-01] Updated XFree86 packages provide security and bug fixes
  • From: bugzilla@redhat.com
• Re: OpenBSD kernel holes ...
  • From: Steve Tornio <steve@vitriol.net>
• Re: Security researchers organization
  • From: "Steven M. Christey" <coley@mitre.org>
• Re: OpenBSD kernel holes ...
  • From: noir@uberhax0r.net
• FW: Security researchers organization
  • From: "Keving Wong" <kevin.wong@bbc.co.uk>
• Re: OpenBSD kernel holes ...
  • From: Coleman Kane <cokane@cokane.org>
• Re: OpenBSD kernel holes ...
  • From: noir@uberhax0r.net
• Re: Apple Safari 1.1 (v100)
  • From: Christian Horchert <chorchert@veedev.de>
• YAK! 2.1.0 still vulnerable
  • From: bil <bil_912@coolgoose.com>
• [securitylab.ru & security.nnov] Kerio Winroute Firewall Xroxy problem
  • From: 3APA3A <3APA3A@SECURITY.NNOV.RU>
• Half Life dedicated server information leak and DoS
  • From: 3APA3A <3APA3A@SECURITY.NNOV.RU>
• RE: Security researchers organization
  • From: Jeremy Epstein <jeremy.epstein@webmethods.com>
• Router Worm?
  • From: Chris Strom <cstrom@cos.com>
• MDKSA-2003:107 - Updated glibc packagess fix vulnerabilities
  • From: Mandrake Linux Security Team <security@linux-mandrake.com>
• Re: Security researchers organization
  • From: John C Borkowski III <borkowsj@spawar.navy.mil>
• Microsoft SharePoint Portal and Team Services
  • From: <arkanian@hacker.am>
• IA WebMail 3.x PoC
  • From: Peter Winter-Smith <peter4020@hotmail.com>
• Re: IA WebMail 3.x PoC Code
  • From: Peter Winter-Smith <peter4020@hotmail.com>
• HPUX dtmailpr buffer overflow vulnerability
  • From: Davide Del Vecchio <dante@alighieri.org>
• Re: Router Worm?
  • From: Fred Laxton <securitynotice@laxton.net>
• Re: Router Worm?
  • From: Niels Bakker <niels=bugtraq@bakker.net>
• Re: Security researchers organization
  • From: Crispin Cowan <crispin@immunix.com>
• SGI Advanced Linux Environment security update #5
  • From: SGI Security Coordinator <agent99@sgi.com>
• Re: Router Worm?
  • From: "Jay D. Dyson" <jdyson@treachery.net>
• Re: Router Worm?
  • From: Jay Jacobson <jay@edgeos.com>
• GLSA: kdebase (200311-01)
  • From: Rajiv Aaron Manglani <rajiv@gentoo.org>
• GLSA: apache (200310-03)
  • From: Rajiv Aaron Manglani <rajiv@gentoo.org>
• GLSA: opera (200311-02)
  • From: Rajiv Aaron Manglani <rajiv@gentoo.org>
• GLSA: hylafax (200311-03)
  • From: Rajiv Aaron Manglani <rajiv@gentoo.org>
• [CLA-2003:786] Conectiva Security Announcement - zebra
  • From: Conectiva Updates <secure@conectiva.com.br>
• Re: Router Worm?
  • From: Jose Nazario <jose@monkey.org>
• remote exploit for mod_gzip (with debug_mode)
  • From: Crazy Einstein <crazy_einstein@yahoo.com>
• RE: Router Worm?
  • From: "David Gillett" <gillettdavid@fhda.edu>
• SIRCD: Anyone can set umode +o(oper).
  • From: Victor Jerlin <vigge@vigge.fulhack.nu>
• [securitylab.ru] EffectOffice Server 2.9 problem
  • From: "Alexander Antipov" <antipov@SecurityLab.ru>
• Re: OpenBSD kernel holes ...
  • From: Thamer Al-Harbash <tmh@whitefang.com>
• Remote DoS in FreeRADIUS, all versions.
  • From: "Alan DeKok" <aland@freeradius.org>
• R7-0016: Sybase ASE 12.5 Remote Password Array Denial of Service
  • From: advisory@rapid7.com
• RE: Router Worm?
  • From: "BugTrap" <bugtrap@intercept.net>
• [aadams@securityfocus.com: Linux Kernel <= 2.4.21 MXCSR Local DOS Exploitation]
  • From: David Ahmad <da@securityfocus.com>
• Re: Apple Safari 1.1 (v100)
  • From: vm_converter <vm_converter@mac.com>
• Xitami Denial of Service in Handling malformed request
  • From: "Tri Huynh" <trihuynh@zeeup.com>
• MSN messenger improper file transfer ip-address field parsing
  • From: ronan o kane <hi_t3ch_ass4ssin@hotmail.com>
• [SECURITY] Some Debian Project machines have been compromised
  • From: Martin Schulze <joey@infodrom.org>
• DOE Releases Interim Report on Blackouts/Power Outages, Focus on Cyber Security
  • From: "Geoff Shively" <gshively@pivx.com>
• help needed with DotGNU security review (was Re: ..researchers org..)
  • From: Norbert Bollow <nb@SoftwareEconomics.biz>
• FreeRADIUS 0.9.2 "Tunnel-Password" attribute Handling Vulnerability
  • From: S-Quadra Security Research <research@s-quadra.com>
• PrimeBase SQL Database server cleartext password storage. (fwd)
  • From: "Larry W. Cashdollar" <lwc@vapid.ath.cx>
• [SCSA-021] Anonymous Mail Forwarding Vulnerabilities in vbPortal
  • From: Gregory LEBRAS <gregory.lebras@security-corporation.com>
• rpc.mountd Vulnerabilities on SGI IRIX
  • From: SGI Security Coordinator <agent99@sgi.com>
• Opera directory traversal and buffer overflow
  • From: Jouko Pynnonen <jouko@iki.fi>
• Re: help needed with DotGNU security review (was Re: ..researchers org..)
  • From: Crispin Cowan <crispin@immunix.com>
• webfs 1.7.x:webserver remote file overflow exploit (use ftpd to mkdir)
  • From: yan feng <jsk@ph4nt0m.net>
• Re: [aadams@securityfocus.com: Linux Kernel <= 2.4.21 MXCSR Local DOS Exploitation]
  • From: Thilo Schulz <arny@ats.s.bawue.de>
• yet another panic() in OpenBSD
  • From: noir@uberhax0r.net
• [Opera 7] Arbitrary File Auto-Saved Vulnerability.
  • From: ":: Operash ::" <nesumin@softhome.net>
• Re: yet another panic() in OpenBSD
  • From: Henning Brauer <henning@openbsd.org>
• [CommerceSQL] Remote File Read Vulnerability
  • From: Mariusz Ciesla <craig@tenbit.pl>
• simple buffer overflow in gedit
  • From: Andreas "Constantinides (MegaHz)" <megahz@megahz.org>
• Thomnson TCM315 Denial of service
  • From: Administrador de ShellSec <admin@shellsec.net>
• Re: [aadams@securityfocus.com: Linux Kernel <= 2.4.21 MXCSR Local DOS Exploitation]
  • From: Matt Zimmerman <mdz@debian.org>
• [RHSA-2003:342-01] Updated EPIC packages fix security vulnerability
  • From: bugzilla@redhat.com
• Monit 4.1 HTTP interface multiple security vulnerabilities
  • From: S-Quadra Security Research <e.legerov@s-quadra.com>
• [RHSA-2003:311-01] Updated Pan packages fix denial of service vulnerability
  • From: bugzilla@redhat.com
• [RHSA-2003:316-01] Updated iproute packages fix local security vulnerability
  • From: bugzilla@redhat.com
• [RHSA-2003:296-01] Updated stunnel packages available
  • From: bugzilla@redhat.com
• New version of ike-scan (IPsec IKE scanner) available - v1.5.1
  • From: Roy Hills <Roy.Hills@nta-monitor.com>
• Re: DOE Releases Interim Report on Blackouts/Power Outages, Focus on Cyber Security
  • From: Charley Hamilton <chamilto@uci.edu>
• Unhackable network really unhackable?
  • From: ジースポート　黒田 <akuroda@mx5.nisiq.net>
• RE: DOE Releases Interim Report on Blackouts/Power Outages, Focus on Cyber Security
  • From: "Russ" <Russ.Cooper@rc.on.ca>
• RE: DOE Releases Interim Report on Blackouts/Power Outages, Focus on Cyber Security
  • From: Richard.Bertolett@ci.austin.tx.us
• hard links on Linux create local DoS vulnerability and security problems
  • From: Jakob Lell <jlell@JakobLell.de>
• Re: hard links on Linux create local DoS vulnerability and security problems
  • From: flaps@dgp.toronto.edu (Alan J Rosenthal)
• GLSA: libnids (200311-07)
  • From: Andrea Barisani <lcars@gentoo.org>
• GLSA: ethereal (200311-04)
  • From: Andrea Barisani <lcars@gentoo.org>
• GLSA: phpsysinfo (200311-06)
  • From: Andrea Barisani <lcars@gentoo.org>
• Re: hard links on Linux create local DoS vulnerability and security problems
  • From: Brian Bennett <bahamat@digitalelf.net>
• Re: hard links on Linux create local DoS vulnerability and security problems
  • From: Bruno Lustosa <bruno@lustosa.net>
• Re: hard links on Linux create local DoS vulnerability and security problems
  • From: Steven Leikeim <steven@enel.ucalgary.ca>
• Re: hard links on Linux create local DoS vulnerability and security problems
  • From: Carl Ekman <calle@gosig.nu>
• Re: Unhackable network really unhackable?
  • From: vb@dontpanic.ulm.ccc.de
• Re: yet another panic() in OpenBSD
  • From: Coleman Kane <cokane@cokane.org>
• Re: hard links on Linux create local DoS vulnerability and security problems
  • From: Casper Dik <casper@holland.sun.com>
• Re: [Full-Disclosure] hard links on Linux create local DoS vulnerability and security problems
  • From: Michal Zalewski <lcamtuf@ghettot.org>
• Re: hard links on Linux create local DoS vulnerability and security problems
  • From: "David F. Skoll" <dfs@roaringpenguin.com>
• GLSA: glibc (200311-05)
  • From: Andrea Barisani <lcars@gentoo.org>
• Re: m00-mod_gzip.c
  • From: Przemyslaw Frasunek <venglin@freebsd.lublin.pl>
• RE: Unhackable network really unhackable?
  • From: "Bohling James CONT JBC" <james.bohling@JBC.JFCOM.MIL>
• Re: simple buffer overflow in gedit
  • From: Matthias Buelow <mkb@mukappabeta.de>
• CERT Summary CS-2003-04
  • From: CERT Advisory <cert-advisory@cert.org>
• Eudora 6.0.1 LaunchProtect
  • From: psz@maths.usyd.edu.au (Paul Szabo)
• BackToFramedJpu - a successor of BackToJpu attack
  • From: Liu Die Yu <liudieyuinchina@yahoo.com.cn>
• IE Remote Compromise by Getting Cache Location
  • From: Liu Die Yu <liudieyuinchina@yahoo.com.cn>
• [RHSA-2003:287-01] Updated XFree86 packages provide security and bug fixes
  • From: bugzilla@redhat.com
• Geeklog exploit
  • From: Jouko Pynnonen <jouko@iki.fi>
• [RHSA-2003:286-01] Updated XFree86 packages provide security and bug fixes
  • From: bugzilla@redhat.com
• "Security at Microsoft" document available
  • From: "Michael Howard" <mikehow@microsoft.com>
• Note for "Invalid ContentType may disclose cache directory"
  • From: Liu Die Yu <liudieyuinchina@yahoo.com.cn>
• Cache Disclosure Leads to MYCOMPUTER Zone and Remote Compromise
  • From: Liu Die Yu <liudieyuinchina@yahoo.com.cn>
• [OpenPKG-SA-2003.049] OpenPKG Security Advisory (zebra)
  • From: OpenPKG <openpkg@openpkg.org>
• HijackClickV2 - a successor of HijackClick attack
  • From: Liu Die Yu <liudieyuinchina@yahoo.com.cn>
• MHTML Redirection Leads to Downloading EXE and Executing
  • From: Liu Die Yu <liudieyuinchina@yahoo.com.cn>
• New "Clean" IE Remote Compromise
  • From: Liu Die Yu <liudieyuinchina@yahoo.com.cn>
• Invalid ContentType may disclose cache directory
  • From: Liu Die Yu <liudieyuinchina@yahoo.com.cn>
• Speedtouch 510 DOS
  • From: "Kevin Milne" <kevin.milne@email.com>
• SQL Injection
  • From: Lifo Fifo <lifofifo20@yahoo.com>
• Re: Speedtouch 510 DOS
  • From: "Kenny Gryp" <gryp@dakin.be>
• MDKSA-2003:108 - Updated stunnel packagess fix vulnerabilities
  • From: Mandrake Linux Security Team <security@linux-mandrake.com>
• FreeRADIUS <= 0.9.3 rlm_smb module stack overflow vulnerability
  • From: S-Quadra Security Research <e.legerov@s-quadra.com>
• RE: MHTML Redirection Leads to Downloading EXE and Executing
  • From: "James C. Slora, Jr." <james.slora@phra.com>
• Remote execution in My_eGallery
  • From: "Bojan Zdrnja" <Bojan.Zdrnja@LSS.hr>
• SGI ProPack v2.3 security update
  • From: SGI Security Coordinator <agent99@sgi.com>
• EPIC4 remote client-side stack-based overflow(exploit)
  • From: <Li0n7@voila.fr>
• Re: Unhackable network really unhackable?
  • From: Julian Wynne <bugjules@anarkey.org>
• [ESA-20031126-031] BIND cache poisoning vulnerability
  • From: EnGarde Secure Linux <security@guardiandigital.com>
• Immunix Secured OS 7+ bind update
  • From: Immunix Security Team <security@immunix.com>
• SRT2003-TURKEY-DAY - *novelty* - detecttr.c Trace Route detection vulnerability
  • From: KF <dotslash@snosoft.com>
• GNU screen buffer overflow
  • From: Timo Sirainen <tss@iki.fi>
• GnuPG's ElGamal signing keys compromised
  • From: Werner Koch <wk@gnupg.org>
• RNN's Guestbook 1.2 Multiple Vulnerabilities
  • From: "BrainRawt" <brainrawt@haxworx.com>
• Re: Speedtouch 510 DOS
  • From: "Thomas Chopitea" <tomchop@netgate.com.uy>
• phpBB 2.06 search.php SQL injection
  • From: n.teusink@planet.nl
• Re: Unhackable network really unhackable?
  • From: Niels Bakker <niels-bugtraq@bakker.net>
• [ANNOUNCE] Python network security tools: Pcapy, Impacket, InlineEgg
  • From: CORE Security Technologies <oss@oss.coresecurity.com>
• SUSE Security Announcement: bind8 (SuSE-SA:2003:047)
  • From: Thomas Biege <thomas@suse.de>
• [OpenPKG-SA-2003.050] OpenPKG Security Advisory (screen)
  • From: OpenPKG <openpkg@openpkg.org>
• [OpenCA Advisory] Vulnerabilities in signature verification
  • From: Michael Bell <michael.bell@cms.hu-berlin.de>
• MDKSA-2003:109 - Updated gnupg packages fix vulnerability with ElGamal signing keys
  • From: Mandrake Linux Security Team <security@linux-mandrake.com>
• Multiple Remote Issues in Applied Watch IDS Suite (advisory attached)
  • From: Bugtraq Security Systems <research@bugtraq.org>
• Re: Multiple Remote Issues in Applied Watch IDS Suite (advisory attached)
  • From: "Chris Mann" <christopher@stonebridgebank.com>
• Applied Watch Response to Bugtraq.org post - Was: Multiple Remote Issues in Applied Watch IDS Suite (advisory attached)
  • From: Eric Hines <eric.hines@appliedwatch.com>
• [Hat-Squad] phpBB search_id injection exploit
  • From: Hat-Squad Security Team <service@hat-squad.com>
• TSLSA-2003-0045 - stunnel
  • From: Trustix Security Advisor <tsl@trustix.org>
• Re: phpBB 2.06 search.php SQL injection
  • From: n.teusink@planet.nl
• TSLSA-2003-0044 - bind
  • From: Trustix Security Advisor <tsl@trustix.org>
• Re: Unhackable network really unhackable?
  • From: Crispin Cowan <crispin@immunix.com>
• Re: phpBB 2.06 search.php SQL injection
  • From: Jay Gates <zarath@knightsofchaos.com>
• Re: Speedtouch 510 DOS
  • From: Astharot <secfoc@email.it>
• FreeBSD Security Advisory FreeBSD-SA-03:19.bind
  • From: FreeBSD Security Advisories <security-advisories@freebsd.org>
• Pieterpost - access to "vitual" account
  • From: datasink@op.pl
• Re: Unhackable network really unhackable?
  • From: "Kurt Seifried" <bt@seifried.org>
• Re: Unhackable network really unhackable?
  • From: "Thor" <thor@hammerofgod.com>
• Re: phpBB 2.06 search.php SQL injection
  • From: Hat-Squad Security Team <service@hat-squad.com>