Mail Index
- Re: Remote exploit in Gallery 1.3.1, 1.3.2, 1.3.3, 1.4 and 1.4.1
- From: Matus UHLAR - fantomas
- http://www.smashguard.org
- Advisory !
- Re: new WIN virus?
- Re: new WIN virus?
- Re: RFC: virus handling
- Mydoom DDoS attack time table
- MDKSA-2004:006-1 - Updated gaim packages fix multiple vulnerabilities
- From: Mandrake Linux Security Team
- RE: virus handling
- Re: Major hack attack on the U.S. Senate
- outbreak warning: new Myydoom.B is out
- Re: RFC: virus handling
- 0verkill - little simple vulnerability.
- Re: RFC: virus handling
- Re: new WIN virus?
- RFC: content-filter and AV notifications (Was: Re: RFC: virus handling)
- From: Andrey G. Sergeev (AKA Andris)
- [SECURITY] [DSA 431-1] New perl packages fix information leak in suidperl
- MS to stop allowing passwords in URLs
- Re: Oracle toplink mapping workbench password algorithm
- Re: [Full-Disclosure] outbreak warning: new Myydoom.B is out
- Re: RFC: virus handling
- [FLSA-2004:1193] Updated ethereal resolves security vulnerabilites
- sqwebmail web login
- Re: new WIN virus?
- Re: RFC: virus handling
- Web Blog 1.1 Remote Execute Commands Bug
- Re: new WIN virus?
- [SCSA-027] PHP-Nuke 6.9 SQL Injection Vulnerability
- Re: vulnerabilities of postscript printers
- CoDeX-W0rm - what happened here?
- [FLSA-2004:1222] Updated tcpdump resolves security vulnerabilites (resend with correct paths)
- another Trojan with the ADO hole? + a twist in the story
- Re: RFC: virus handling
- Vulnerabilities in Crob FTP Server V3.5.1
- From: Zero_X www.lobnan.de Team
- Re: Oracle toplink mapping workbench password algorithm
- Refuting tall-tales and stories about the Mydoom worms
- Symlink Vulnerability in GNU libtool <1.5.2
- Re: RFC: virus handling
- Re: new WIN virus?
- Re: virus handling
- Denial Of Service in ChatterBox 2.0
- Directory Traversal in Aprox PHP Portal.
- From: Zero_X www.lobnan.de Team
- BUG IN APACHE HTTPD SERVER (current version 2.0.47)
- From: Vietnamese Security Group
- Re: RFC: virus handling
- Re: RFC: virus handling
- Re: vulnerabilities of postscript printers
- Re: GOOROO CROSSING: File Spoofing Internet Explorer 6
- Re: RFC: virus handling
- [HUC] Serv-U FTPD 3.x/4.x "SITE CHMOD" Command remote exploit V2.0
- US CERT Technical Alert TA04-028A MyDoom.B Rapidly Spreading
- Re: RFC: virus handling
- Re: Fw: phpBB privmsg.php XSS vulnerability patch.
- ZH2004-03SA (security advisory): Photopost PHP Pro 4.6 Sql Injection Vulnerability
- Re: BUG IN APACHE HTTPD SERVER (current version 2.0.47)
- From: Vietnamese Security Group
- [SECURITY] [DSA 432-1] New crawl packages fix potential local games exploit
- RE: http://www.smashguard.org
- X-Cart vulnerability
- [waraxe-2004-SA#001] - Script injection in GBook for Php-Nuke ver. 1.0
- PHP Code Injection Vulnerabilities in phpGedView 2.65.1 and prior
- Re: MS to stop allowing passwords in URLs
- Re: sqwebmail web login
- Arbitrary File Disclosure Vulnerability in phpMyAdmin 2.5.5-pl1 and prior
- Re: Symlink Vulnerability in GNU libtool <1.5.2
- Re: BUG IN APACHE HTTPD SERVER (current version 2.0.47)
- Re: Symlink Vulnerability in GNU libtool <1.5.2
- Cisco Security Advisory: Cisco 6000/6500/7600 Crafted Layer 2 Frame Vulnerability
- From: Cisco Systems Product Security Incident Response Team
- RE: MS to stop allowing passwords in URLs
- Re: MS to stop allowing passwords in URLs
- RE: virus handling
- getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling]
- Re: RFC: virus handling
- Re: MS to stop allowing passwords in URLs
- Re: sqwebmail web login
- Re: [security] Re: Major hack attack on the U.S. Senate
- Re: sqwebmail web login
- Re: RFC: virus handling
- Re: Major hack attack on the U.S. Senate
- TA04-033A: Multiple Vulnerabilities in Microsoft Internet Explorer
- Re: MS to stop allowing passwords in URLs
- From: Ansgar -59cobalt- Wiechers
- Les Commentaires (PHP) Include file
- Remote crash of Chaser game <= 1.50
- RE: MS to stop allowing passwords in URLs
- Hysterical first technical alert from US-CERT
- RE: MS to stop allowing passwords in URLs
- DIMVA 2004 deadline extended
- Re: RFC: content-filter and AV notifications (Was: Re: RFC: virus handling)
- Re: MS to stop allowing passwords in URLs
- Sandblad #12: Inject javascript url in history list (revisited)
- Re: MS to stop allowing passwords in URLs
- Re: RFC: virus handling
- Re: MS to stop allowing passwords in URLs
- Re: CoDeX-W0rm - what happened here?
- Re: RFC: virus handling
- RE: RFC: virus handling
- RE: CoDeX-W0rm - what happened here?
- RE: MS to stop allowing passwords in URLs
- Decompression Bombs
- Re: MS to stop allowing passwords in URLs
- Re: MS to stop allowing passwords in URLs
- Re: http://www.smashguard.org
- RE: MS to stop allowing passwords in URLs
- Web Crossing 4.x/5.x Denial of Service Vulnerability
- Re: Major hack attack on the U.S. Senate
- RE: MS to stop allowing passwords in URLs
- Re: MS to stop allowing passwords in URLs
- RE: MS to stop allowing passwords in URLs (Summary)
- Re: Major hack attack on the U.S. Senate
- RE: Major hack attack on the U.S. Senate
- Multiple Vulnerabilities in PHPX
- Re: Technical Details of Urlcount.cgi Vulnerability
- Re: RFC: virus handling
- Re: BUG IN APACHE HTTPD SERVER (current version 2.0.47)
- From: langtuhaohoa caothuvolam
- Re: Fw: phpBB privmsg.php XSS vulnerability patch.
- Re: [Full-Disclosure] smbmount disrupts Windows file sharing.
- TYPSoft FTP Server 1.10 may be crashed
- RE: [Full-Disclosure] smbmount disrupts Windows file sharing.
- Re: getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling]
- Re: RFC: virus handling
- smbmount disrupts Windows file sharing.
- Re: BUG IN APACHE HTTPD SERVER (current version 2.0.47)
- ZH2004-04SA (security advisory): Multiple Sql Injection Vulnerabilities in ReviewPost PHP Pro
- iDEFENSE Security Advisory 02.04.04: GNU Radius Remote Denial of Service Vulnerability
- Re: [security] Re: Major hack attack on the U.S. Senate
- rxgoogle.cgi XSS Vulnerability.
- Re: CoDeX-W0rm - what happened here?
- Re: Hysterical first technical alert from US-CERT
- Re: Snort-inline
- Re: sqwebmail web login
- Re: RFC: virus handling
- Re: getting rid of outbreaks and spam (junk)
- Re: Hysterical first technical alert from US-CERT
- Re: MS to stop allowing passwords in URLs
- Re: http://www.smashguard.org
- RE: CoDeX-W0rm - what happened here?
- Security Advisory: CSS Vulnerability in Web Froums Server 1.6
- RE: Hysterical first technical alert from US-CERT
- RE: Hysterical first technical alert from US-CERT
- From: Eggers, Bill A [LTD]
- announce: new mailing list - application security research - from vulnerabilities to code injection.
- RE: MS to stop allowing passwords in URLs
- From: NESTING, DAVID M (SBCSI)
- Re: Symlink Vulnerability in GNU libtool <1.5.2
- [PINE-CERT-20040201] reference count overflow in shmat()
- IRIX userland binary vulnerabilities update
- From: SGI Security Coordinator
- IBM cloudscape SQL Database (DB2J) vulnerable to remote command injection
- Re: http://www.smashguard.org
- FreeBSD Security Advisory FreeBSD-SA-04:02.shmat
- From: FreeBSD Security Advisories
- RE: Hacking USB Thumbdrives, Thumprint authentication
- Re: TYPSoft FTP Server 1.10 may be crashed
- Re: BUG IN APACHE HTTPD SERVER (current version 2.0.47)
- [CLA-2004:811] Conectiva Security Announcement - libtool
- Checkpoint 4.1 Vulnerability
- From: Macroscape Solutions
- Re: X-Cart vulnerability
- Two checkpoint fw-1/vpn-1 vulns
- From: Bjørnar Bjørgum Larsen
- [RHSA-2004:020-01] Updated mailman packages close cross-site scripting vulnerabilities
- OpenBSD IPv6 remote kernel crash
- Re: Symlink Vulnerability in GNU libtool <1.5.2
- From: Scott James Remnant
- [SECURITY] [DSA 434-1] New gaim packages fix several vulnerabilities
- Multiple File Format Vulnerabilities (Overruns) in REALOne & RealPlayer
- From: NGSoftware Insight Security Research
- [SECURITY] [DSA 433-1] New Linux 2.4.17 packages fix local root exploit (mips+mipsel)
- Re: MS to stop allowing passwords in URLs
- Re: Hysterical first technical alert from US-CERT
- RE: Hysterical first technical alert from US-CERT - CERT#25304
- Re: getting rid of outbreaks and spam
- [RHSA-2004:030-01] Updated NetPBM packages fix multiple temporary file vulnerabilities
- Re: getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling]
- Re: BUG IN APACHE HTTPD SERVER 2.0.47/48 (to who replied me)
- From: William A. Rowe, Jr.
- Re: BUG IN APACHE HTTPD SERVER 2.0.47/48 (to who replied me)
- From: langtuhaohoa caothuvolam
- US-CERT Technical Cyber Security Alert TA04-036A -- HTTP Parsing Vulnerabilities in Check Point Firewall-1
- Re: Symlink Vulnerability in GNU libtool <1.5.2
- Re: getting rid of outbreaks and spam (junk) [WAS: Re: RFC: virus handling]
- Remote crash Xlight ftp server 1.52
- MDKSA-2004:009 - Updated glibc packages fix resolver vulnerabilities
- From: Mandrake Linux Security Team
- Possible Cross Site Scripting in Discuz! Board
- Re: Two checkpoint fw-1/vpn-1 vulns
- Re: Hysterical first technical alert from US-CERT
- Re: Two checkpoint fw-1/vpn-1 vulns
- Re: BUG IN APACHE HTTPD SERVER (current version 2.0.47)
- Re: Hysterical first technical alert from US-CERT
- Re: Arbitrary File Disclosure Vulnerability in phpMyAdmin 2.5.5-pl1 and prior
- Re: MS to stop allowing passwords in URLs
- RE: Decompression Bombs
- formmail (PHP) Upload file using CSS
- Re: Hysterical first technical alert from US-CERT
- Re: Major hack attack on the U.S. Senate
- Open Journal Blog Authenticaion Bypassing Vulnerability
- RE: getting rid of outbreaks and spam (junk)
- Linux 2.4.24 with vserver 1.24 exploit
- Re: BUG IN APACHE HTTPD SERVER (current version 2.0.47)
- Re: Hysterical first technical alert from US-CERT
- Re: getting rid of outbreaks and spam
- Re: BUG IN APACHE HTTPD SERVER (current version 2.0.47)
- RE: Hacking USB Thumbdrives, Thumprint authentication
- Biometric systems security [WAS: Re: Hacking USB Thumbdrives, Thumprint authentication]
- RE: Hysterical first technical alert from US-CERT
- RE: [security] Re: Major hack attack on the U.S. Senate
- Re: BUG IN APACHE HTTPD SERVER 2.0.47/48 (to who replied me)
- [SECURITY] [DSA 435-1] New mpg123 packages fix heap overflow
- Re: RFC: virus handling
- Re: Hysterical first technical alert from US-CERT
- Re: Decompression Bombs [...missed something]
- CactuSoft CactuShop 5.0 Lite shopping cart software backdoor
- From: S-Quadra Security Research
- Dotnetnuke Multiple Vulnerabilities
- Apache-SSL security advisory - apache_1.3.28+ssl_1.52 and prior
- RE: http://www.smashguard.org
- [ GLSA 200402-01 ] PHP setting leaks from .htaccess files on virtual hosts
- Re: http://www.smashguard.org
- [Fwd: zyxel prestige ethernet information leakage]
- Re: Hacking USB Thumbdrives, Thumprint authentication
- RE: Decompression Bombs
- RE: getting rid of outbreaks and spam
- RE: Hacking USB Thumbdrives, Thumprint authentication
- Re: Decompression Bombs [...missed something]
- The Palace 3.x (Client) Stack Overflow Vulnerability
- [SECURITY] [DSA 436-1] New mailman packages fix several vulnerabilities
- Re: [ GLSA 200402-01 ] PHP setting leaks from .htaccess files on virtual hosts
- From: Alexander GQ Gerasiov
- TrackMania Demo Denial of Service
- clamav 0.65 remote DOS exploit
- Re: clamav 0.65 remote DOS exploit
- PalmOS httpd accept() queue overflow DoS vulnerability.
- ptl-2004-01: Multiple vulnerabilities in Nokia phones
- From: Pentest Security Advisories
- Re: clamav 0.65 remote DOS exploit
- [waraxe-2004-SA#002] - Cross-Site Scripting (XSS) in Php-Nuke 7.1.0
- Outbreak warning: possibly Mydoom.C
- Eggrop bug
- From: cyborgirl@xxxxxxxxx
- Re: Outbreak warning: possibly Mydoom.C (Now Deadhat/Vesser)
- Apache Http Server Reveals Script Source Code to Remote Users And Any Users Can Access The Forbidden Directory ("/WEB-INF/")
- Re: Decompression Bombs
- [waraxe-2004-SA#003] - SQL injection in Php-Nuke 7.1.0
- RE: Decompression Bombs
- Re: Outbreak warning: possibly Mydoom.C (Now Deadhat/Vesser)
- Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer
- From: Disclosure From OSSI
- Re: Outbreak warning: possibly Mydoom.C (Now Deadhat/Vesser)
- RE: Outbreak warning: possibly Mydoom.C
- Red-M Red-Alert Multiple Vulnerabilities
- Re: BUG IN APACHE HTTPD SERVER 2.0.47/48 (to who replied me)
- [local problems] eTrust Virus Protection 6.0 InoculateIT for linux
- Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer
- Re: TrackMania Demo Denial of Service
- Samba 3.x + kernel 2.6.x local root vulnerability
- Brinkster Multiple Vulnerabilities
- Re: Samba 3.x + kernel 2.6.x local root vulnerability
- RE: Outbreak warning: possibly Mydoom.C (Now Deadhat/Vesser)
- Re: Samba 3.x + kernel 2.6.x local root vulnerability
- From: Patrick J. Volkerding
- Re: http://www.smashguard.org
- Re: http://www.smashguard.org
- Re[2]: http://www.smashguard.org
- Re: Samba 3.x + kernel 2.6.x local root vulnerability
- RE: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer
- Re: clamav 0.65 remote DOS exploit
- RE: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer
- Re: clamav 0.65 remote DOS exploit
- RE: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer
- HelpCtr - allow open any page or run
- Re: Decompression Bombs
- Directory traversal in RealPlayer allows code execution
- Re: HelpCtr - allow open any page or run
- Possible new cross zone scripting in IE
- Re: HelpCtr - allow open any page or run
- XSS, Sql Injection and Avatar ScriptCode Injection in MaxWebPortal
- Re: Eggrop bug
- Re: Outbreak warning: possibly Mydoom.C (Now Deadhat/Vesser)
- Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer
- Re: clamav 0.65 remote DOS exploit
- Re: http://www.smashguard.org
- Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer
- Re: Hysterical first technical alert from US-CERT
- Re: Eggrop bug
- Re: Possible new cross zone scripting in IE
- From: http-equiv@xxxxxxxxxx
- EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
- Another Low Blow From Microsoft: MBSA Failure!
- MyDoom.A Machines : The new P2P Sharing Network ...
- RE: Another Low Blow From Microsoft: MBSA Failure!
- Re: clamav 0.65 remote DOS exploit
- ASPR #2004-01-20-1: Internet Explorer/Outlook double null character DoS
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
- [SCAN Associates Sdn Bhd Security Advisory] PHPNuke 6.9 > and below SQL Injection in multiple module.
- XBOX EvolutionX ftp 'cd' command and telnet 'dir' buffer overflow
- EEYE: Microsoft ASN.1 Library Bit String Heap Corruption
- [CLA-2004:812] Conectiva Security Announcement - vim
- Why are postmasters distributing the MyDoom virus?
- iDEFENSESecurityAdvisory02.10.04: XFree86FontInformationFileBufferOverflow
- US-CERT Technical Cyber Security Alert TA04-041A -- Multiple Vulnerabilities in Microsoft ASN.1 Library
- Re: Why are postmasters distributing the MyDoom virus?
- Re: Apache Http Server Reveals Script Source Code to Remote Users And Any Users Can Access The Forbidden Directory ("/WEB-INF/")
- Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer
- Re: Outbreak warning: possibly Mydoom.C (Now Deadhat/Vesser)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
- RE: Why are postmasters distributing the MyDoom virus?
- RE: Another Low Blow From Microsoft: MBSA Failure!
- Re: Samba 3.x + kernel 2.6.x local root vulnerability
- RE: Outbreak warning: possibly Mydoom.C (Now Deadhat/Vesser)
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
- [CLA-2004:813] Conectiva Security Announcement - gaim
- Re: vulnerabilities of postscript printers
- RE: getting rid of outbreaks and spam
- Microsoft Virtual PC Services Insecure Temporary File Creation
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
- Re: Outbreak warning: possibly Mydoom.C (Now Doomjuice.A)
- Scope of latest RealPlayer vuln
- Re: Hacking USB Thumbdrives, Thumprint authentication
- Mutt-1.4.2 fixes buffer overflow.
- [RHSA-2004:051-01] Updated mutt packages fix remotely-triggerable crash
- PHP Code Injection Vulnerabilities in ezContents 2.0.2 and prior
- ZH2004-05SA (security advisory): Sql Injection Vulnerability in BosDates
- RE: Hacking USB Thumbdrives, Thumprint authentication
- Re: Samba 3.x + kernel 2.6.x local root vulnerability
- Re: clamav 0.65 remote DOS exploit
- Re: Samba 3.x + kernel 2.6.x local root vulnerability
- Re: MyDoom.A Machines : The new P2P Sharing Network ...
- RE: Hysterical first technical alert from US-CERT
- Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer
- AIX password enumeration possible
- RE: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Interne t Explorer
- From: Johnson, Jeff FOR:EX
- RE: Another Low Blow From Microsoft: MBSA Failure!
- Re: Hacking USB Thumbdrives, Thumprint authentication
- From: Eric 'MightyE' Stevens
- RE: Another Low Blow From Microsoft: MBSA Failure
- Re: HelpCtr - allow open any page or run
- Denial of Service in Monkey httpd <= 0.8.1
- RE: Hacking USB Thumbdrives, Thumprint authentication
- RE: Another Low Blow From Microsoft: MBSA Failure!
- Re: Decompression Bombs
- Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer
- RE: Samba 3.x + kernel 2.6.x local root vulnerability
- ISS Security Brief: Microsoft ASN.1 Integer Manipulation Vulnerabilities
- SGI Advanced Linux Environment security update #10
- From: SGI Security Coordinator
- Re: Decompression Bombs
- Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer
- RE: Another Low Blow From Microsoft: MBSA Failure!
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
- XFree86 vulnerability exploit
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
- Internet Explorer and Microsoft clipboard poor security policy
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
- Re: [Full-Disclosure] Another Low Blow From Microsoft: MBSA Failure!
- RE: Another Low Blow From Microsoft: MBSA Failure!
- Denial of Service in Ratbag's game engine
- Re: AIX password enumeration possible
- Re: Why are postmasters distributing the MyDoom virus?
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
- Re: [Full-Disclosure] DreamFTP Server 1.02 Buffer Overflow
- Re: [Full-Disclosure] Another Low Blow From Microsoft: MBSA Failure!
- AIM worm spreading around?
- Update - CheckPoint Vulnerabilities
- [ GLSA 200402-04 ] Gallery <= 1.4.1 and below remote exploit vulnerability
- [ GLSA 200402-03 ] Monkeyd Denial of Service vulnerability
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
- Re: Apache Http Server Reveals Script Source Code to Remote Users And Any Users Can Access The Forbidden Directory ("/WEB-INF/")
- Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer
- Re: Why are postmasters distributing the MyDoom virus?
- MDKSA-2004:011 - Updated NetPBM packages fix a number of temporary file bugs.
- From: Mandrake Linux Security Team
- Re: Update - CheckPoint Vulnerabilities
- aimSniff.pl file "deletion" (local)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
- Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer
- FW: CA Response: eTrust InoculateIT/Antivirus 6.0 for Linux vulnerability
- Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer
- Cross Site Scripting in VBulletin forum software
- iDEFENSE Security Advisory 02.11.04: XFree86 Font Information File Buffer Overflow II
- RE: W2K source "leaked"?
- W2K source "leaked"?
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
- CA Response: eTrust InoculateIT/Antivirus 6.0 for Linux vulnerability
- Re: Apache Http Server Reveals Script Source Code to Remote Users And Any Users Can Access The Forbidden Directory ("/WEB-INF/")
- Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer
- Re: Update - CheckPoint Vulnerabilities
- MDKSA-2004:010 - Updated mutt packages fix remote crash
- From: Mandrake Linux Security Team
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
- phpnuke 6.9 search module exploit.
- [slackware-security] XFree86 security update (SSA:2004-043-02)
- From: Slackware Security Team
- Re: Samba 3.x + kernel 2.6.x local root vulnerability
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
- [slackware-security] mutt security update (SSA:2004-043-01)
- From: Slackware Security Team
- [ GLSA 200402-02 ] XFree86 Font Information File Buffer Overflow
- OpenLinux: slocate local user buffer overflow
- From: please_reply_to_security
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
- RE: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer
- From: Disclosure From OSSI
- Symlink vulnerabilities in mailmgr
- Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer
- RE: W2K source "leaked"?
- Re: Scope of latest RealPlayer vuln
- Sami FTP Server 1.1.3 multiple vulnerabilities
- Re: W2K source "leaked"?
- Windows 2000 Source Leak Verified. Get ready for the havoc.
- Re: W2K source "leaked"?
- Re: W2K source "leaked"?
- Re: W2K source "leaked"?
- RE: [Full-Disclosure] RE: W2K source "leaked"?
- Windows2000 who relase the code?
- crob ftpd Denial of Service
- Microsoft Windows 2000 source code leaked
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
- RE: AIM worm spreading around?
- [SECURITY] [DSA 437-1] New cgiemail packages fix open mail relaying
- Re: Samba 3.x + kernel 2.6.x local root vulnerability
- Re: Apache Http Server Reveals Script Source Code to Remote Users And Any Users Can Access The Forbidden Directory ("/WEB-INF/")
- MDKSA-2004:013 - Updated mailman packages close various cross-site scripting vulnerabilities.
- From: Mandrake Linux Security Team
- RE: W2K source "leaked"?
- RE: Apache Http Server Reveals Script Source Code to Remote Users And Any Users Can Access The Forbidden Directory ("/WEB-INF/")
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
- From: Thor Lancelot Simon
- TSLSA-2004-0006 - mutt
- From: Trustix Security Advisor
- MDKSA-2004:012 - Updated XFree86 packages fix buffer overflow vulnerabilities
- From: Mandrake Linux Security Team
- Re: XFree86 vulnerability exploit
- [RHSA-2004:059-01] Updated XFree86 packages fix privilege escalation vulnerability
- [RHSA-2004:048-01] Updated PWLib packages fix protocol security issues
- Immunix Secured OS 7.3 XFree86 update
- From: Immunix Security Team
- DallasCon 2004 Information Security Conference and Boot Camp
- RE: ISS Security Rip: Microsoft ASN.1 (Half a sploit)
- vBulletin PHP Forum Version
- From: Rafel Ivgi, The-Insider
- [FLSA-2004:1232] Updated slocate resolves security vulnerabilites
- Re: Round One: "DLL Proxy" Attack Easily Hijacks SSL from Internet Explorer
- RE: [Full-Disclosure] Re: W2K source "leaked"?
- Re: Apache Http Server Reveals Script Source Code to Remote Users And Any Users Can Access The Forbidden Directory ("/WEB-INF/")
- RE: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
- Re: AIX password enumeration possible
- Possible race condition in Symantec AntiVirus Scan Engine for Red Hat Linux during LiveUpdate
- From: Dr. Peter Bieringer
- Symantec FireWall/VPN Appliance model 200 leak of security
- Exploit based on leaked code released.
- From: Christopher Carboni
- Broadcast client buffer-overflow in Purge Jihad <= 2.0.1
- problems with database files in 'SignatureDB'
- Buffer overflow in mnoGoSearch
- Re: Microsoft ASN.1 (Half a sploit)
- Xlight ftp server 1.52 RETR bug
- [SECURITY] [DSA 429-2] New gnupg packages fix cryptographic weakness
- Re: iDEFENSESecurityAdvisory02.10.04: XFree86FontInformationFileBufferOverflow
- From: Dr Andrew C Aitchison
- ASP Portal Multiple Vulnerabilities
- Misinformation in Security Advisories (ASN.1)
- Fwd: Re: NT/W2K Source leak
- Re: Apache Http Server Reveals Script Source Code to Remote Users And Any Users Can Access The Forbidden Directory ("/WEB-INF/")
- From: Axel Beckert - ecos gmbh
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
- RE: W2K source "leaked"?
- buffer overflow in Robot FTP Server
- RE: [inbox] W2K source "leaked"?
- RE: Hacking USB Thumbdrives, Thumprint authentication
- AllMyLinks PHP Code Injection vulnerability
- Bypassing PatchFinder 2
- Another YabbSE SQL Injection
- RE: Exploit based on leaked code released.
- Re: W2K source "leaked"?
- Re: Another YabbSE SQL Injection
- Re: Misinformation in Security Advisories (ASN.1)
- Re: Misinformation in Security Advisories (ASN.1)
- Re: Asp Portal Multiple Vulnerabilities
- Re: Misinformation in Security Advisories (ASN.1)
- RE: [Full-Disclosure] Re: W2K source "leaked"?
- Re: Misinformation in Security Advisories (ASN.1)
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
- Re: EEYE: Microsoft ASN.1 Library Length Overflow Heap Corruption
- Re: W2K source "leaked"?
- AllMyGuests PHP Code Injection vulnerability
- AllMyVisitors PHP Code Injection vulnerability
- LNSA-#2004-0001: mutt remote crash
- [ GLSA 200402-05 ] phpMyAdmin < 2.5.6-rc1 directory traversal attack
- YABB information leakage on failed login
- Denial Of Service in Vizer Web Server 1.9.1
- KarjaSoft Sami HTTP Server 1.0.4 Buffer Overflow
- ZH2004-06SA (security advisory): ShopCartCGI v2.3 Remote arbitrary file retrieving
- APC 9606 SmartSlot Web/SNMP management card "backdoor"
- [ GLSA 200402-06 ] Linux kernel AMD64 ptrace vulnerability
- Re: ISS Security Rip: Microsoft ASN.1 (Half a sploit)
- Re: [Full-Disclosure] Misinformation in Security Advisories (ASN.1)
- RE: Apache Http Server Reveals Script Source Code to Remote Users And Any Users Can Access The Forbidden Directory ("/WEB-INF/")
- Re: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP
- Re: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP
- Re: [Full-Disclosure] Possible race condition in Symantec AntiVirus Scan Engine for Red Hat Linux during LiveUpdate
- Re: Misinformation in Security Advisories (ASN.1)
- RE: [Full-Disclosure] Misinformation in Security Advisories (ASN.1)
- Re: [work] Re: W2K source "leaked"?
- ASN.1 telephony critical infrastructure warning - VOIP
- RE: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP
- Fw: APC 9606 SmartSlot Web/SNMP management card "backdoor" - MORE PROBLEMS
- Re: iDEFENSESecurityAdvisory02.10.04: XFree86FontInformationFileBufferOverflow
- Broker FTP DoS (Message Server)
- Re: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP
- From: daniel uriah clemens
- iDEFENSE Security Advisory 02.17.04: Ipswitch IMail LDAP Daemon Remote Buffer Overflow
- Beagle.b@mm spreading at a steady pace.
- RE: Apache Http Server Reveals Script Source Code to Remote Users And Any Users Can Access The Forbidden Directory ("/WEB-INF/")
- ASN.1 vulnerability -is- on Win98
- Second critical mremap() bug found in all Linux kernels
- CesarFTP 0.99 : 100% employment of computer resources
- EarlyImpact ProductCart shopping cart software multiple security vulnerabilities
- From: S-Quadra Security Research
- [ GLSA 200402-07 ] Clamav 0.65 DoS vulnerability
- [slackware-security] Kernel security update (SSA:2004-049-01)
- From: Slackware Security Team
- Remote Administrator 2.x: highly possible remote hole or backdoor
- SNMP community string disclosure in Linksys WAP55AG
- WebCortex Webstores2000 version 6.0 multiple security vulnerabilities
- TSLSA-2004-0007 - kernel
- From: Trustix Security Advisor
- [SECURITY] [DSA 438-1] New Linux 2.4.18 packages fix local root exploit (alpha+i386+powerpc)
- [SECURITY] [DSA 440-1] New Linux 2.4.17 packages fix several local root exploits (powerpc/apus)
- [RHSA-2004:065-01] Updated kernel packages resolve security vulnerabilities
- ZH2004-08SA (security advisory): OWLS 1.0 Remote arbitrary files retrieving
- Re: Microsoft ASN.1 (Half a sploit)
- [slackware-security] metamail security update (SSA:2004-049-02)
- From: Slackware Security Team
- [SECURITY] [DSA 439-1] New Linux 2.4.16 packages fix several local root exploits (arm)
- Re: Second critical mremap() bug found in all Linux kernels
- [SECURITY] [DSA 441-1] New Linux 2.4.17 packages fix local root exploit (mips+mipsel)
- OT: reports of a Trojan horse in the Arrow project
- ZH2004-07SA (security advisory): Multiple Sql injection vulnerabilities in Online Store Kit 3.0 Products (Lite - Standard and Pro)
- article: Alleged Trojan horse in Israeli Anti-Ballistic Missile System
- metamail format string bugs and buffer overflows
- Re: EarlyImpact ProductCart shopping cart software multiple security vulnerabilities
- Re: APC 9606 SmartSlot Web/SNMP management card "backdoor"
- Re: Misinformation in Security Advisories (ASN.1)
- Re: Fw: APC 9606 SmartSlot Web/SNMP management card "backdoor" - MORE PROBLEMS
- bid: 9660 : Microsoft IIS Unspecified Remote Denial Of Service Vu lnerability
- Smallftpd 1.0.3 DoS
- Re: Fw: APC 9606 SmartSlot Web/SNMP management card "backdoor" - MORE PROBLEMS
- Re: ASN.1 telephony critical infrastructure warning - VOIP
- Re[2]: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP
- Multiple WinXP kernel vulns can give user mode programs kernel mode privileges
- Re: AIX password enumeration possible
- Re: ASN.1 telephony critical infrastructure warning - VOIP
- From: Michael H. Warfield
- Re: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP
- Re: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP
- Re: APC 9606 SmartSlot Web/SNMP management card "backdoor"
- From: Charles R. Anderson
- Microsoft Internet Explorer Unspecified CHM File Processing Arbitrary Code Execution Vulnerability (bid 9658)
- Re: Fw: APC 9606 SmartSlot Web/SNMP management card "backdoor" - MORE PROBLEMS
- RE: 9660 : Microsoft IIS Unspecified Remote Denial Of Service Vu lnerability
- Re: Second critical mremap() bug found in all Linux kernels
- MDKSA-2004:014 - Updated metamail packages fix buffer overflow vulnerabilities
- From: Mandrake Linux Security Team
- Re: Multiple WinXP kernel vulns can give user mode programs kernel mode privileges
- Aol Instant Messenger/Microsoft Internet Explorer remote code execution
- Zone Labs Security Advisory ZL04-08 - SMTP processing vulnerability
- From: Zone Labs Product Security
- APC Security Advisory - Static factory password vulnerability
- Re: Fw: APC 9606 SmartSlot Web/SNMP management card "backdoor" - MORE PROBLEMS
- PunkBuster SQL Injection Attack
- RE: Multiple WinXP kernel vulns can give user mode programs kernel mode privileges
- RE: Multiple WinXP kernel vulns can give user mode programs kernel mode privileges
- [SECURITY] [DSA 442-1] New Linux 2.4.17 packages fix local root exploits and more (s390)
- APC 9606 SmartSlot Web/SNMP management card "backdoor" - Telnet can't be disabled.
- iMail 8.05 LDAP service remote exploit
- From: Iván Rodriguez Almuiña
- Re: Fw: APC 9606 SmartSlot Web/SNMP management card "backdoor" - MORE PROBLEMS
- Cisco Security Advisory: Cisco ONS 15327, ONS 15454, ONS 15454 SDH, and ONS 15600 Vulnerabilities
- From: Cisco Systems Product Security Incident Response Team
- RE: Aol Instant Messenger/Microsoft Internet Explorer remote code execution
- NetBSD Security Advisory 2004-001: Insufficient packet validation in racoon IKE daemon
- From: NetBSD Security-Officer
- NetBSD Security Advisory 2004-004: shmat reference counting bug
- From: NetBSD Security-Officer
- Re: APC 9606 SmartSlot Web/SNMP management card "backdoor" - Telnet can't be disabled.
- RE: Second critical mremap() bug found in all Linux kernels
- RE: Remote Administrator 2.x: highly possible remote hole or back door
- RE: APC 9606 SmartSlot Web/SNMP management card "backdoor" - Telnet can't be disabled.
- Re: Microsoft ASN.1 (Half a sploit)
- Re: Apache Http Server Reveals Script Source Code to Remote Users And Any Users Can Access The Forbidden Directory ("/WEB-INF/")
- Re: ASN.1 vulnerability -is- on Win98
- LiveJournal XSS
- Re: Second critical mremap() bug found in all Linux kernels
- Re: [RHSA-2004:065-01] Updated kernel packages resolve security vulnerabilities
- OpenLinux: mpg123 remote denial of service and heap-based buffer overflow
- From: please_reply_to_security
- OpenLinux: Bind: cache poisoning BIND 8 prior to 8.3.7 and BIND 8.4.x prior 8.4.2
- From: please_reply_to_security
- OpenLinux: Fetchmail 6.2.4 and earlier remote dennial of service
- From: please_reply_to_security
- PGP signatures on recent NetBSD Security Advisories
- From: NetBSD Security-Officer
- Re: SNMP community string disclosure in Linksys WAP55AG
- SUSE Security Announcement: Linux Kernel (SuSE-SA:2004:005)
- EEYE: ZoneLabs SMTP Processing Buffer Overflow
- NetBSD Security Advisory 2004-003: OpenSSL 0.9.6 ASN.1 parser vulnerability
- From: NetBSD Security-Officer
- NetBSD Security Advisory 2004-002: Inconsistent IPv6 path MTU discovery handling
- From: NetBSD Security-Officer
- OpenLinux: Multiple vulnerabilities were discovered in the saned daemon
- From: please_reply_to_security
- [SECURITY] [DSA 443-1] New xfree86 packages fix multiple vulnerabilities
- [SECURITY] [DSA 444-1] New Linux 2.4.17 packages fix local root exploit (ia64)
- [CLA-2004:820] Conectiva Security Announcement - kernel
- fix for recently disclosed Oracle interval conversion overflows?
- article: Theft of Client Information at a Major Israeli Bank's "Information Fortress".
- Hotfix for new mremap vulnerability
- From: Pavel harry_x Palát
- Re: SNMP community string disclosure in Linksys WAP55AG
- From: Nicolai van der Smagt
- RE: Remote Administrator 2.x: highly possible remote hole or back door
- [CLA-2004:821] Conectiva Security Announcement - XFree86
- Re: Remote Administrator 2.x: highly possible remote hole or backdoor
- Remote Buffer Overflow in PSOProxy 0.91
- Re: SNMP community string disclosure in Linksys WAP55AG
- RE: is predicatable file location a vuln? (was RE: Aol Instant Messenger/Microsoft Internet Explorer remote code execution)
- Bank of America contact
- OpenLinux: Perl Safe.pm unsafe access
- From: please_reply_to_security
- is predicatable file location a vuln? (was RE: Aol Instant Messenger/Microsoft Internet Explorer remote code execution)
- Re: is predicatable file location a vuln? (was RE: Aol Instant Messenger/Microsoft Internet Explorer remote code execution)
- From: http-equiv@xxxxxxxxxx
- LNSA-#2004-0002: Fetchmail 6.2.4 and earlier remote denial of service
- LNSA-#2004-0003: Linux Kernel
- RE: Re: is predicatable file location a vuln? (was RE: Aol Instant Messenger/Microsoft Internet Explorer remote code execution)
- GateKeeper Pro 4.7 buffer overflow
- From: Iván Rodriguez Almuiña
- FYI: CAIF Format Specification
- [SECURITY] [DSA 436-2] New mailman packages fix bug introduced in DSA 436-1
- Re: APC 9606 SmartSlot Web/SNMP management card "backdoor"
- Remote server crash in Team Factor <= 1.25
- PSOProxy <= 0.91 remote buffer overflow (exploit)
- nCipher Advisory #9: Host-side attackers can access secret data
- SUSE Security Announcement: xf86/XFree86 (SuSE-SA:2004:006)
- [SECURITY] [DSA 447-1] New hsftp packages fix format string vulnerability
- lbreakout2 < 2.4beta-2 local exploit
- [SECURITY] [DSA 446-1] New synaesthesia packages fix insecure file creation
- [SECURITY] [DSA 445-1] New lbreakout2 packages fix buffer overflow
- [SECURITY] [DSA 448-1] New pwlib packages fix multiple vulnerabilities
- Lam3rZ Security Advisory #2/2004: LSF eauth vulnerability leads to a possibility of controlling cluster jobs on behalf of other users
- Somewhat new SQL Injection concept
- Windows XP explorer.exe heap overflow.
- [waraxe-2004-SA#004] - Multiple vulnerabilities in XMB 1.8 Partagium Final SP2
- Lam3rZ Security Advisory #1/2004: LSF eauth vulnerability leads to remote code execution
- Multiple Remote Buffer Overflow in Avirt Soho 4.3
- Re: is predicatable file location a vuln? (was RE: Aol Instant Messenger/Microsoft
- Re: lbreakout2 < 2.4beta-2 local exploit
- TSLSA-2004-0008 - kernel
- From: Trustix Security Advisor
- 3Com DSL Router Long Request DoS exploit.
- RE: [Full-Disclosure] ASN.1 telephony critical infrastructure warning - VOIP
- Re: Bank of America Contact
- Cross Site Scripting in WebzEdit
- ezBoard Cross Site Scripting Vulnerability
- Re: Remote Administrator 2.x: highly possible remote hole or back door
- From: Ari Gordon-Schlosberg
- Re: Bank of America Contact
- Lam3rZ Security Advisory #3/2004: A bug in Confirm leads to remote command execution
- Remote Buffer Overflow in Avirt Voice 4.0
- Re: Hotfix for new mremap vulnerability
- From: Marc-Christian Petersen
- Re: Windows XP explorer.exe heap overflow.
- Web Crossing 4.x/5.x Denial of Service Vulnerability (FIX)
- blocking gzip encoded files
- RE: Windows XP explorer.exe heap overflow.
- Mac OS X pppd format string vulnerability
- Re: blocking gzip encoded files
- TYPSoft FTP Server 1.10 multiple vulnerabilities
- MDKSA-2004:015 - Updated kernel packages fix multiple vulnerabilities
- From: Mandrake Linux Security Team
- Remote server crash in Haegemonia <= 1.07
- FlexWATCH-Webs 2.2 (NTSC) Authorization Bypass
- From: Rafel Ivgi, The-Insider
- iDEFENSE Security Advisory 02.23.04: Darwin Streaming Server Remote Denial of Service Vulnerability
- STG Security Advisory: [SSA-20040217-06] Apache for cygwin directory traversal vulnerability
- Remote crash in Ghost Recon engine
- Gigabyte Broadband Router - Multiple Vulnerabilities
- From: Rafel Ivgi, The-Insider
- Re: Windows XP explorer.exe heap overflow.
- Re: Bank of America Contact
- ZH2004-09SA (security advisory): PhpNewsManager Remote arbitrary files retrieving
- jgs webserver 0.1.0 Cross Site Scripting Vulnerabillity
- From: Rafel Ivgi, The-Insider
- MS ASN library is fraught not only with integer overflow, but also with stack overflow.
- MDKSA-2004:016 - Updated mtools packages fix local root vulnerability
- From: Mandrake Linux Security Team
- Alcatel Omniswitch 7000 series
- Re: Windows XP explorer.exe heap overflow.
- Re: Windows XP explorer.exe heap overflow.
- snort rules for ICQ http/https tunnels
- Hidden Gamespy code leads to vulnerabilities in diffused games (BF1942, Halo, Dredd and more)
- Re: blocking gzip encoded files
- From: Josep L. Guallar-Esteve
- New ICQ WORM
- From: Rafel Ivgi, The-Insider
- Advisory 02/2004: Trillian remote overflows
- RE: blocking gzip encoded files
- BadBlue 2.4 Local Path Disclosure By phptest.php
- From: Rafel Ivgi, The-Insider
- RE: Windows XP explorer.exe heap overflow.
- Fw: [Unpatched] The Bizex worm
- Sandblad #13: Cross-domain exploit on zombie document with event handlers
- PSOProxy's exploit for Windows by Rosiello Security
- Re: [waraxe-2004-SA#004] - Multiple vulnerabilities in XMB 1.8 Partagium Final SP2
- MDKSA-2004:015-1 - Updated x86_64 kernel packages fix multiple vulnerabilities
- From: Mandrake Linux Security Team
- [RHSA-2004:091-01] Updated libxml2 packages fix security vulnerability
- Denial Of Service in FreeChat 1.1.1a
- [RHSA-2004:063-01] Updated mod_python packages fix denial of service vulnerability
- Dell OpenManage Web Server Heap Overflow
- Dell OpenManage Web Server Heap Overflow (Pre-Auth)
- SmoothWall Project Security Advisory SWP-2004:002
- Serv-U "MDTM" buffer overflow PoC DoS exploit
- [vulnwatch] Serv-U MDTM Command Buffer Overflow Vulnerability
- SGI ProPack v2.4: Kernel fixes and security update
- From: SGI Security Coordinator
- SGI Advanced Linux Environment security update #12
- From: SGI Security Coordinator
- Re: Windows XP explorer.exe heap overflow.
- SGI Advanced Linux Environment security update #11
- From: SGI Security Coordinator
- Nmap Security Scanner 3.50 Released
- Immunix Secured OS 7+ kernel update
- From: Immunix Security Team
- RE: Serv-U "MDTM" buffer overflow PoC DoS exploit
- Extremail Security Problem
- [SECURITY] [DSA 450-1] New Linux 2.4.19 packages fix several local root exploits (mips)
- Calife heap corrupt / potential local root exploit
- iDEFENSE Security Advisory 02.27.04b: Microsoft Internet Explorer Cross Frame Scripting Restriction Bypass
- New version of ike-scan (IPsec IKE scanner) available - v1.6
- iDEFENSE Security Advisory 02.27.04a: WinZip MIME Parsing Buffer Overflow Vulnerability
- EEYE: RealSecure/BlackICE Server Message Block (SMB) Processing Overflow
- Serv-U MDTM exploits
- Multiple issues with Mac OS X AFP client
- Symantec Gateway Security Management Service Cross Site Scripting
- FreeBSD Security Advisory FreeBSD-SA-04:03.jail
- From: FreeBSD Security Advisories
- Re: Calife heap corrupt / potential local root exploit
- [HUC] Serv-U FTPD 2.x/3.x/4.x/5.x "MDTM" Command Remote Exploit
- Re: Calife heap corrupt / potential local root exploit
- Re: Calife heap corrupt / potential local root exploit
- [SECURITY] [DSA 451-1] New xboing packages fix buffer overflows
- Re: [SECURITY] [DSA 451-1] New xboing packages fix buffer overflows
- New phpBB ViewTopic.php Cross Site Scripting Vulnerability
- InnoMedia VideoPhone Authorization Bypass
- From: Rafel Ivgi, The-Insider
- laptop security
- Re: Multiple issues with Mac OS X AFP client
- LAN SUITE Web Mail 602Pro Multiple Vulnerabilities
- From: Rafel Ivgi, The-Insider
- Invision Power Board SQL injection!
- Multiple WFTPD Denial of Service vulnerabilities
- Critical WFTPD buffer overflow vulnerability
Mail converted by MHonArc 2.6.8