Mail Thread Index

Date Index

MDKSA-2004:024 - Updated ethereal packages fix multiple vulnerabilities, Mandrake Linux Security Team
MDKSA-2004:025 - Updated squid packages fix vulnerability, Mandrake Linux Security Team
CactuSoft CactuShop v5.x shopping cart software multiple security vulnerabilities, S-Quadra Security Research
[ GLSA 200403-10 ] Fetchmail 6.2.5 fixes a remote DoS, Kurt Lieber
[ GLSA 200403-13 ] Remote buffer overflow in MPlayer, Kurt Lieber
cdp buffer overflow vulnerability, Shaun Colley
- RE: cdp buffer overflow vulnerability, Dave Paris
- <Possible follow-ups>
- Re: cdp buffer overflow vulnerability, Vade 79
[ GLSA 200403-11 ] Squid ACL [url_regex] bypass vulnerability, Kurt Lieber
[ GLSA 200403-14 ] Multiple Security Vulnerabilities in Monit, Aida Escriva-Sammer
[ GLSA 200403-12 ] OpenLDAP DoS Vulnerability, Joshua J. Berry
[RHSA-2004:137-01] Updated Ethereal packages fix security issues, bugzilla
Re: new internet explorer exploit (was new worm), roozbeh afrasiabi
- Re: new internet explorer exploit (was new worm), mgotts
Re: IE ms-its: and mk:@MSITStore: vulnerability, roozbeh afrasiabi
Re: security enforcement - new monitor for winnt, Liu Die Yu
- <Possible follow-ups>
- RE: security enforcement - new monitor for winnt, Oliver Lavery
  - RE: security enforcement - new monitor for winnt, Liu Die Yu
Followup: vuln in WinBlox monitor for winnt, Oliver Lavery
- <Possible follow-ups>
- RE: Followup: vuln in WinBlox monitor for winnt, Drew Copley
  - RE: Followup: vuln in WinBlox monitor for winnt, Oliver Lavery
    - Releasing full source code of WinBlox, Liu Die Yu
NOT GOOD: Outlook Express 6 + Internet Explorer 6, http-equiv@xxxxxxxxxx
RogerWilco: new funny bugs, Luigi Auriemma
[CLA-2004:833] Conectiva Security Announcement - mc, Conectiva Updates
IPv4 fragmentation --> The Rose Attack, gandalf
- Re: IPv4 fragmentation --> The Rose Attack, stanislav shalunov
  - Re: IPv4 fragmentation --> The Rose Attack, Crist J. Clark
    - Re: IPv4 fragmentation --> The Rose Attack, stanislav shalunov
- Re: IPv4 fragmentation --> The Rose Attack, Chris Brenton
- <Possible follow-ups>
- Re: IPv4 fragmentation --> The Rose Attack, Paul Starzetz
Re: cdp buffer overflow vulnerability - updated details, Shaun Colley
Bugfinder Being Indicted As Criminal ("Counterfeiter") in France, Drew Copley
- <Possible follow-ups>
- Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France, K-OTiK Security
- Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France, Chris Wysopal
  - Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France, Fozzy
  - Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France, Renaud Deraison
    - Vuln Info Disclosure may become illegal in France [was: Re: Bugfinder Being Indicted As Criminal], Fozzy
- Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France, K-OTiK Security
- Re: Bugfinder Being Indicted As Criminal ("Counterfeiter") in France, K-OTiK Security
[CLA-2004:834] Conectiva Security Announcement - openssl, Conectiva Updates
[CLA-2004:835] Conectiva Security Announcement - ethereal, Conectiva Updates
TOOL: Adder - runtime patching in python, Oliver Lavery
Open Source Vulnerability Database Opens for Public Access, fbr
OpenLinux: util-linux could leak sensitive data, please_reply_to_security
Google using Expired Cert and SSLv2, Matthew S. Hamrick
- Re: Google using Expired Cert and SSLv2, Ivaylo Kostadinov
UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : perl unsafe Safe compartment, please_reply_to_security
OpenLinux: vim arbitrary commands execution through modelines, please_reply_to_security
[CLA-2004:836] Conectiva Security Announcement - libxml2, Conectiva Updates
Re: NetSky.q Virus. Looking for more detailed information on how the DOS will be performed., Paul
Pikachu -Turn on WEP !, Himanshu Singh
- Re: Pikachu -Turn on WEP !, christophe barbe
Index viewing in imgSvr 0.4, Donato Ferrante
[SECURITY] [DSA 470-1] New Linux 2.4.17 packages fix several local root exploits (hppa), Martin Schulze
[OpenPKG-SA-2004.008] OpenPKG Security Advisory (squid), OpenPKG
Netsky.R, auto execute w/ IE6 ?, BugtraQ
- <Possible follow-ups>
- RE: Netsky.R, auto execute w/ IE6 ?, BugtraQ
- Re: Netsky.R, auto execute w/ IE6 ?, vbsubmit
Enterprise Application Security, Dave Aitel
[SECURITY] [DSA 471-1] New interchange packages fix information leak, Martin Schulze
IRIX ftpd ftp_syslog issue with anonymous FTP, SGI Security Coordinator
Remote Exploit for Aborior's Encore Web Forum, XNUXER RESEARCH
eMule v0.42d Buffer Overflow, Kostya Kortchinsky
IRIX Update Some Network Drivers May Leak Data, SGI Security Coordinator
[securityzone@macromedia.com: New Macromedia Security Zone Bulletin Posted], David Ahmad
- <Possible follow-ups>
- [securityzone@macromedia.com: New Macromedia Security Zone Bulletin Posted], David Ahmad
[SECURITY] [DSA 472-1] New fte packages fix buffer overflows, Matt Zimmerman
[SECURITY] [DSA 475-1] New Linux 2.4.18 packages fix several local root exploits (hppa), Martin Schulze
[SECURITY] [DSA 473-1] New oftpd packages fix denial of service, Matt Zimmerman
[SECURITY] [DSA 474-1] New squid packages fix ACL bypass, Matt Zimmerman
[SECURITY] [DSA 460-2] New sysstat packages fix insecure temporary file creation, Matt Zimmerman
[OpenPKG-SA-2004.009] OpenPKG Security Advisory (mc), OpenPKG
SuSEs YaST Online Update - possible symlink attack, Rene
- Re: SuSEs YaST Online Update - possible symlink attack, Roman Drahtmueller
NGSSoftware Insight Security Research Advisory, Peter Winter-Smith
Fw: new IE vurn, Philip Barnham
- Re: new IE vurn, Gavin Hanover
Texutil symlink vulnerability., Shaun Colley
Multiple XSS vulnerabilities in Microsoft SharePoint Portal Server 2001, Ory Segal
Automated wireless client penetration tool "hotspotter" released., Max Moser
Macromedia Dreamweaver Remote Database Scripts (#NISR05042004B), NGSSoftware Insight Security Research
[Full-Disclosure] iDEFENSE Security Advisory 04.05.04: Perl win32_stat Function Buffer Overflow Vulnerability, idlabs-advisories
Advisory: Multiple Vulnerabilities in Monit, mattmurphy@xxxxxxxxx
IBM Director 3.1 Windows Agent Remote DoS, Juanma Merino
- <Possible follow-ups>
- Re: IBM Director 3.1 Windows Agent Remote DoS, Vess Nedevski
Format string bug in IGI 2: Covert Strike 1.3, Luigi Auriemma
Paper: Comparing binaries with graph isomorphisms, Todd Sabin
MDKSA-2004:026 - Updated mplayer packages fix remotely exploitable vulnerability, Mandrake Linux Security Team
[SECURITY] [DSA 477-1] New xine-ui packages fix insecure temporary file creation, Martin Schulze
Support Contact Info, Mark Litchfield
[ GLSA 200404-01 ] Insecure sandbox temporary lockfile vulnerabilities in Portage, Tim Yamin
[SECURITY] [DSA 476-1] New heimdal packages fix cross-realm vulnerability, Matt Zimmerman
blaxxun3D(blaxxun Platform) 7 - Remote Buffer Overflow, Rafel Ivgi, The-Insider
[product-security@apple.com: APPLE-SA-2004-04-05 Security Update 2004-04-05]], David Ahmad
[ GLSA 200404-02 ] KDE Personal Information Management Suite Remote Buffer Overflow Vulnerability, Aida Escriva-Sammer
GNU Sharutils buffer overflow vulnerability., Shaun Colley
- Re: GNU Sharutils buffer overflow vulnerability., Didier Arenzana
  - Re: GNU Sharutils buffer overflow vulnerability., Carlos Eduardo Pinheiro
- Re: GNU Sharutils buffer overflow vulnerability., Dan Yefimov
Foundstone Labs Advisory: Citrix MetaFrame Password Manager 2.0, Foundstone Labs
[ GLSA 200404-03 ] Tcpdump Vulnerabilities in ISAKMP Parsing, Joshua J. Berry
LNSA-#2004-0008: Multiple security problems in Monit, Vincenzo Ciaglia
Papers: The Invisible Catalog, Pete Herzog
Panda ActiveScan 5.0 - Remote Buffer Overflow and A Crash(D.O.S), Rafel Ivgi, The-Insider
[SECURITY] [DSA 478-1] New tcpdump packages fix denial of service, Matt Zimmerman
[ GLSA 200404-05 ] ipsec-tools contains an X.509 certificates vulnerability, Kurt Lieber
Re: eSignal v7 remote buffer overflow, Scott Johnson
Release of Cisco Attack tool Asleap, Joshua Wright
REAL One Player R3T File Format Stack Overflow, NGSSoftware Insight Security Research
Kerio Personal Firewall 4 and IE 6 "Bug", E.Kellinis
- <Possible follow-ups>
- RE: Kerio Personal Firewall 4 and IE 6 "Bug", Noah Dunker
  - Re: Kerio Personal Firewall 4 and IE 6 "Bug", E.Kellinis
- RE: Kerio Personal Firewall 4 and IE 6 "Bug", Noah Dunker
Cisco Security Advisory: A default Username and Password in WLSE and HSE devices, Cisco Systems Product Security Incident Response Team
CAN-2004-0155: The KAME IKE Daemon Racoon does not verify RSA Signatures during Phase 1, allows man-in-the-middle attacks and unauthorized connections, Ralf Spenneberg
Re: [waraxe-2004-SA#013 - Critical sql injection bug in PhpBB 2.0.8 and in older versions], T.J. Ferraro
[ GLSA 200404-06 ] Util-linux login may leak sensitive data, Kurt Lieber
Re: IPv4 fragmentation --> The Rose Attack, Ventsislav Genchev
- Re: IPv4 fragmentation --> The Rose Attack, Darren Reed
  - Re: IPv4 fragmentation --> The Rose Attack, gandalf
    - Re: IPv4 fragmentation --> The Rose Attack, Darren Reed
      - Re: IPv4 fragmentation --> The Rose Attack, gandalf
        
        Re: IPv4 fragmentation --> The Rose Attack, Darren Reed
        
        Re: IPv4 fragmentation --> The Rose Attack, gandalf
- RE: IPv4 fragmentation --> The Rose Attack, Taylan Develioglu
[ GLSA 200404-07 ] ClamAV RAR Archive Remote Denial Of Service Vulnerability, Kurt Lieber
Solaris vfs_getvfssw() local kernel exploit, Sam
[OpenPKG-SA-2004.010] OpenPKG Security Advisory (tcpdump), OpenPKG
[ GLSA 200404-04 ] Multiple vulnerabilities in sysstat, Kurt Lieber
Metasploit Framework 2.0 Released!, H D Moore
[OpenPKG-SA-2004.011] OpenPKG Security Advisory (sharutils), OpenPKG
Kerio Personal Firewall 4.0.13 - Remote DoS (Crash), E.Kellinis
Re: GNU Sharutils buffer overflow vulnerability, Shaun Colley
McAfee Freescan ActiveX Information Disclosure [Additional Details & PoC], S G Masood
Internet Explorer 6 - Crash, E.Kellinis
Symantec Virus Detection(Free ActiveX) - Remote Buffer Overflow, Rafel Ivgi, The-Insider
Mcafee FreeScan - Remote Buffer Overflow and Private Information Disclosure, Rafel Ivgi, The-Insider
Re: Symantec Virus Detection(Free ActiveX) - Remote Buffer Overflow, Apr 7 2004 2:22AM, Sym Security
[ GLSA 200404-08 ] GNU Automake symbolic link vulnerability, Kurt Lieber
[waraxe-2004-SA#014 - Cross-Site Scripting aka XSS in AzDGDatingLite], Janek Vind
Cisco Security Advisory: Cisco IPSec VPN Services Module Malformed IKE Packet Vulnerability, Cisco Systems Product Security Incident Response Team
SGI Advanced Linux Environment security update #17, SGI Security Coordinator
[waraxe-2004-SA#015 - Multiple vulnerabilities in NukeCalendar v1.1.a], Janek Vind
Phrack #62 Call for Papers, Richard Miller
[OpenPKG-SA-2004.012] OpenPKG Security Advisory (fetchmail), OpenPKG
LNSA-#2004-0010: login may leak sensitive data, Vincenzo Ciaglia
Microsoft IE iframe src DoS already reported to Microsoft, 'ken'@FTU
- Re: Microsoft IE iframe src DoS already reported to Microsoft, Valdis . Kletnieks
RE: [AppSec-research] New Worm/Virus April 8th, Polazzo Justin
LNSA-#2004-0009: GNU Automake symbolic link vulnerability, Vincenzo Ciaglia
- <Possible follow-ups>
- LNSA-#2004-0009: GNU Automake symbolic link vulnerability, Vincenzo Ciaglia
Heap Overflow in Oracle 9iAS / 10g Application Server Web Cache, Ioannis Migadakis
New Worm/Virus April 8th, Polazzo Justin
- <Possible follow-ups>
- RE: New Worm/Virus April 8th, securityguy
PSR - #2004-001 Remote - LCDProc, Priv8 Security Research
PSR - #2004-002 Remote - LCDProc, Priv8 Security Research
US-CERT Technical Cyber Security Alert TA04-099A -- Vulnerability in Internet Explorer ITS Protocol Handler, CERT Advisory
Full-Disclosure is now ILLEGAL in France ! (Vulnerabilties, Technical details, Exploits ...), K-OTiK Security
- Re: Full-Disclosure is now ILLEGAL in France ! (Vulnerabilties, Technical details, Exploits ...), Chris Johnson
  - Re: Full-Disclosure is now ILLEGAL in France ! (Vulnerabilties, Technical details, Exploits ...), Geoffrey
    - Re: Full-Disclosure is now ILLEGAL in France ! (Vulnerabilties, Technical details, Exploits ...), Chris Johnson
      - Re: Full-Disclosure is now ILLEGAL in France ! (Vulnerabilties, Technical details, Exploits ...), Romain Francoise
- RE: Full-Disclosure is now ILLEGAL in France ! (Vulnerabilties, Technical details, Exploits ...), Richard M. Smith
- <Possible follow-ups>
- Re: Full-Disclosure is now ILLEGAL in France ! (Vulnerabilties, Technical details, Exploits ...), Chris Wysopal
- RE: Full-Disclosure is now ILLEGAL in France ! (Vulnerabilties, Technical details, Exploits ...), Amer Karim
MDKSA-2004:027 - Updated ipsec-tools packages fix vulnerability in racoon, Mandrake Linux Security Team
[ GLSA 200404-12 ] Scorched 3D server chat box format string vulnerability, Kurt Lieber
monit 4.1 POC, gsicht gsicht
Browser bugs [DoS] ... where will you draw a line?, Bipin Gautam
- <Possible follow-ups>
- RE: Browser bugs [DoS] ... where will you draw a line?, Drew Copley
DoS in Rsniff 1.0, Luigi Auriemma
- <Possible follow-ups>
- Re: DoS in Rsniff 1.0, Luigi Auriemma
[ GLSA 200404-09 ] Cross-realm trust vulnerability in Heimdal, Kurt Lieber
[ GLSA 200404-11 ] Multiple Vulnerabilities in pwlib, Aida Escriva-Sammer
DoS in Crackalaka 1.0.8, Donato Ferrante
ANNOUNCE: SecLegal mailing list, Thor Larholm
Backdoor in X-Micro WLAN 11b Broadband Router, RISKO Gergely
- <Possible follow-ups>
- Re: Backdoor in X-Micro WLAN 11b Broadband Router, Mariano Firpo
  - NEW backdoor in X-Micro WLAN 11b Broadband Router, RISKO Gergely
Monit <= 4.2 Remote Root Exploit, Eye on Security India
Possible DoS on Linux kernel 2.4 and 2.6 using sigqueue overflow., Nikita V. Youshchenko
UPDATE: Cisco Security Notice: Dictionary Attack on Cisco LEAP Vulnerability, Cisco Systems Product Security Incident Response Team
Gnome nautilus bug, gsicht gsicht
Multiple Vulnerabilities In Tiki CMS/Groupware [ TikiWiki ], JeiAr
eMule <= 0.42d Remote Exploit, kcope
IE 6 Print Without Prompt, Ben Garvey
[waraxe-2004-SA#017 - User-level authentication bypass in phpnuke 6.x-7.2], Janek Vind
BID 7482, bug in OpenSSH (Still in FreeBSD-STABLE), Felipe Neuwald
Citadel/UX 6.20 fixes local permissions vulnerability, IO ERROR
Adobe Acrobat Reader PDF file DoS vulnerability, Arman Nayyeri
[CLA-2004:838] Conectiva Security Announcement - squid, Conectiva Updates
Microsoft Outlook Express EML file Crash vulnerability, Arman Nayyeri
[waraxe-2004-SA#018 - Admin-level authentication bypass in phpnuke 6.x-7.2], Janek Vind
[CLA-2004:837] Conectiva Security Announcement - mod_python, Conectiva Updates
new strange worm, Alex Gen
Microsoft Internet Explorer BMP file memory DoS vulnerability, Arman Nayyeri
[waraxe-2004-SA#016 - Cross-Site Scripting aka XSS in phpnuke 6.x-7.2 part 3], Janek Vind
[SECURITY] [DSA 479-2] New Linux 2.4.18 packages fix local root exploit (i386), Martin Schulze
US-CERT Technical Cyber Security Alert TA04-104A -- Multiple Vulnerabilities in Microsoft Products, CERT Advisory
FW: [Unpatched] 4 new Microsoft patches, 4 old updated, 24 vulnerabilities, Thor Larholm
[RHSA-2004:159-01] Updated Subversion packages fix security vulnerability in neon, bugzilla
Cisco Security Notice: Cisco IPsec VPN Implementation Group Password Usage Vulnerability, Cisco Systems Product Security Incident Response Team
Include vulnerability in GEMITEL v 3.50, jaguar
ZA Security Hole, Damjan Kreft
- Re: ZA Security Hole, Samps
  - Re: ZA Security Hole, Patrick Brauch
- Re: ZA Security Hole, Pablo G. Sabbatella
- Re: ZA Security Hole, Hugo van der Kooij
- Re: ZA Security Hole, David Wilson
[OpenPKG-SA-2004.014] OpenPKG Security Advisory (mysql), OpenPKG
[Full-Disclosure] iDEFENSE Security Advisory 04.15.04: RealNetworks Helix Universal Server Denial of Service Vulnerability, idlabs-advisories
Re: XSS, Admin Access via Cookie and File Upload vulnerability in NewsPHP., Manuel Lopez
FreeBSD Security Advisory FreeBSD-SA-04:07.cvs, FreeBSD Security Advisories
SCT javascript execution vulnerability, spiffomatic 64
TSLSA-2004-0020 - kernel, Trustix Security Advisor
[OpenPKG-SA-2004.015] OpenPKG Security Advisory (ethereal), OpenPKG
[OpenPKG-SA-2004.016] OpenPKG Security Advisory (neon), OpenPKG
After Ms patches last Wed ..., aborg
- Re: After Ms patches last Wed ..., phaser-X
  - Re: After Ms patches last Wed ..., Andy Shaw
  - Re: After Ms patches last Wed ..., Dan Harkless
  - Re: After Ms patches last Wed ..., Scott Gifford
    - Re: After Ms patches last Wed ..., Jerry Winegarden
  - RE: After Ms patches last Wed ..., Alun Jones
    - RE: After Ms patches last Wed ..., phaser-X
  - Re: After Ms patches last Wed ..., plasmahh
    - Re: After Ms patches last Wed ..., Alex Cruz
  - Re: After Ms patches last Wed ..., T.H. Haymore
- <Possible follow-ups>
- RE: After Ms patches last Wed ..., Brito, Nelson (ISS Brazil)
- RE: After Ms patches last Wed ..., David Hayden
- Re: After Ms patches last Wed ..., geoff . froh
- Re: After Ms patches last Wed ..., Greg Kujawa
void.at - neon format string bugs, Thomas Wana
"Delete anti-virus and firewall software" --Microsoft, Kim Scarborough
- <Possible follow-ups>
- RE: "Delete anti-virus and firewall software" --Microsoft, Thor Larholm
Norton AntiVirus nested file manual scan bypass....., Bipin Gautam
- <Possible follow-ups>
- Re: Norton AntiVirus nested file manual scan bypass....., Bipin Gautam
[SECURITY] [DSA 486-1] New cvs packages fix multiple vulnerabilities, Matt Zimmerman
Squirrelmail Chpasswod bof, Matias Neiff
- Re: Squirrelmail Chpasswod bof, martin f krafft
- Re: Squirrelmail Chpasswod bof, Jonathan Angliss
- <Possible follow-ups>
- Re: Squirrelmail Chpasswod bof, rip
- Re: Squirrelmail Chpasswod bof, Peter Geissler
- Re: Squirrelmail Chpasswod bof, p dont think
Internet Explorer XSS published unpatched in SP1 AND SP2, Rafel Ivgi, The-Insider
[SCSA-028] Nuked-Klan Multiple Vulnerabilities, advisory
Network Intelligence Advisory - Denial of Service Vulnerability in ColdFusion MX, K. K. Mookhey
[SECURITY] [DSA 491-1] New Linux 2.4.19 packages fix local root exploit (mips), Martin Schulze
[SECURITY] [DSA 490-1] New Zope packages fix arbitrary code execution, Martin Schulze
MS04-011 SSL Remote DoS PoC, David Barroso Berrueta
[SECURITY] [DSA 431-2] New perl packages fix information leak in suidperl, Matt Zimmerman
[SECURITY] [DSA 487-1] New neon packages fix format string vulnerabilities, Matt Zimmerman
[BUG-CORRECTION] IISShield "Server" header costumization, Tiago Halm
[SECURITY] [DSA 488-1] New logcheck packages fix insecure temporary directory, Matt Zimmerman
[SECURITY] [DSA 489-1] New Linux 2.4.17 packages fix local root exploit (mips+mipsel), Martin Schulze
[slackware-security] tcpdump denial of service (SSA:2004-108-01), Slackware Security Team
[SECURITY] [DSA 492-1] New iproute packages fix denial of service, Matt Zimmerman
DoS in NETFile FTP/Web Server, Donato Ferrante
after ms patches..., kincses zoli
RE: MS04-011 Break SSL support in IE 6.0.3790.0 with Windows 2003, Thor Larholm
[ GLSA 200404-14 ] Multiple format string vulnerabilities in cadaver, Kurt Lieber
Idea of CAW (Creation of Attack Wood), kincses zoli
- Re: Idea of CAW (Creation of Attack Wood), Magosányi Árpád
  - Re: Idea of CAW (Creation of Attack Wood), Jan Minar
[ GLSA 200404-16 ] Multiple new security vulnerabilities in monit, Kurt Lieber
[ GLSA 200404-15 ] XChat 2.0.x SOCKS5 Vulnerability, Kurt Lieber
ssmtp insecure file creation, priestmaster
New Paper - SQL Injection Signatures Evasion, Imperva Application Defense Center
- <Possible follow-ups>
- Re: New Paper - SQL Injection Signatures Evasion, K. K. Mookhey
- RE: New Paper - SQL Injection Signatures Evasion, Imperva Application Defense Center
MDKSA-2004:031 - Updated utempter packages fix several vulnerabilities, Mandrake Linux Security Team
BitDefender Scan Online(ActiveX) - Remote File Download & Execute & Private Information Disclosure, Rafel Ivgi, The-Insider
- Re: BitDefender Scan Online(ActiveX) - Remote File Download & Execute & Private Information Disclosure, Sami POTIRCA
phpBB modified by Przemo arbitary code execution, Dariusz 'Officerrr' Kolasinski
- <Possible follow-ups>
- phpBB modified by Przemo arbitary code execution, Dariusz 'Officerrr' Kolasinski
Microsoft Help and Support Center argument injection vulnerability, Jouko Pynnonen
MS Patches last Wed - SOLUTION, aborg
LNSA-#2004-0012: Multiple format string vulnerabilities in neon, Vincenzo Ciaglia
[waraxe-2004-SA#019 - Critical sql injection bug in Phorum 3.4.7], Janek Vind
phpBB 2.0.8a and lower - IP spoofing vulnerability, Ready Response
- Re: phpBB 2.0.8a and lower - IP spoofing vulnerability, Shaun Colley
- Re: phpBB 2.0.8a and lower - IP spoofing vulnerability, 3APA3A
  - Re: phpBB 2.0.8a and lower - IP spoofing vulnerability, Xin LI
    - Re: phpBB 2.0.8a and lower - IP spoofing vulnerability, BlueRaven
      - Re: phpBB 2.0.8a and lower - IP spoofing vulnerability, Xin LI
MS Patches last Mon - Recap, aborg
LNSA-#2004-0011: CVS Server and Client Vulnerabilities, Vincenzo Ciaglia
[slackware-security] utempter security update (SSA:2004-110-01), Slackware Security Team
Eudora 6.1 is evil, Paul Szabo
Zaep AntiSpam Cross Site Scripting, Aviram Jenik
Solaris 9 patch 113579-03 introduces a NIS security bug, Chris Thompson
KPhone STUN DoS (Malformed STUN Packets), Aviram Jenik
[slackware-security] cvs security update (SSA:2004-108-02), Slackware Security Team
MDKSA-2004:032 - Updated libneon packages fix temporary file insecurities, Mandrake Linux Security Team
MDKSA-2004:034 - Updated MySQL packages fix temporary file insecurities, Mandrake Linux Security Team
Exchange pop3 remote exploit, securma massine
NcFTP - password leaking, Konstantin Gavrilenko
- Re: NcFTP - password leaking, Frank v Waveren
- Re: NcFTP - password leaking, Alex Behar
MDKSA-2004:033 - Updated xine-ui packages fix temporary file insecurities, Mandrake Linux Security Team
NISCC Vulnerability Advisory 236929: Vulnerability Issues in TCP, David Ahmad
MDKSA-2004:035 - Updated samba packages fix privilege escalation vulnerability, Mandrake Linux Security Team
US-CERT Technical Cyber Security Alert TA04-111A -- Vulnerabilities in TCP, CERT Advisory
- <Possible follow-ups>
- RE: US-CERT Technical Cyber Security Alert TA04-111A -- Vulnerabilities in TCP, soby
Format String in Cherokee, CoKi
Cisco Security Advisory: TCP Vulnerabilities in Multiple Non-IOS-Based Cisco Products, Cisco Systems Product Security Incident Response Team
[cliph@isec.pl: Linux kernel setsockopt MCAST_MSFILTER integer overflow], David Ahmad
WinSCP Denial of Service, Luca Ercoli
Cisco Security Advisory: TCP Vulnerabilities in Multiple IOS Based Cisco Products, Cisco Systems Product Security Incident Response Team
Cisco Security Advisory: Vulnerabilities in SNMP Message Processing, Cisco Systems Product Security Incident Response Team
Linux kernel setsockopt MCAST_MSFILTER integer overflow, Wojciech Purczynski
US-CERT Technical Cyber Security Alert TA04-111B -- Cisco IOS SNMP Message Handling Vulnerability, CERT Advisory
[PNSA 2004-2] PostNuke Security Advisory PNSA 2004-2, Valerio Santinelli
IETF Draft on Transmission Control Protocol security considerations, Thor Larholm
[RHSA-2004:166-01] Updated kernel packages resolve security vulnerabilities, bugzilla
[SECURITY] [DSA 493-1] New xchat packages fix arbitrary code execution, Martin Schulze
Advanced Guestbook 2.2 -- SQL Injection Exploit, JQ
[waraxe-2004-SA#022 - Multiple vulnerabilities in PostNuke 0.726 Phoenix - part 2], Janek Vind
NetBSD Security Advisory 2004-006: TCP protocol and implementation vulnerability, NetBSD Security-Officer
EEYE: Yahoo! Mail Account Filter Overflow Hijack, Drew Copley
[waraxe-2004-SA#021 - Multiple vulnerabilities in phprofession 2.5 module for PostNuke], Janek Vind
NetBSD Security Advisory 2004-005: Denial of service vulnerabilities in OpenSSL, NetBSD Security-Officer
Vulnerabilities in long-lived TCP connections on SGI systems, SGI Security Coordinator
MDKSA-2004:031-1 - Updated utempter packages fix several vulnerabilities, Mandrake Linux Security Team
SGI Advanced Linux Environment security update #18, SGI Security Coordinator
[slackware-security] xine security update (SSA:2004-111-01), Slackware Security Team
Arbitrary file overwriting in Unreal engine through UMOD, Luigi Auriemma
TCP Reset Attacks: Paper and Code Now Availble, sullo
Netegrity SiteMinder Affiliate Agent Cookie Overflow, advisories
- <Possible follow-ups>
- Netegrity SiteMinder Affiliate Agent Cookie Overflow, advisories
Potential Microsoft PCT worm (MS04-011), advisories
RE: [Full-Disclosure] EEYE: Symantec Multiple Firewall TCP Options Denial of Service, Sym Security
EEYE: Symantec Multiple Firewall TCP Options Denial of Service, Derek Soeder
[waraxe-2004-SA#025 - Multiple vulnerabilities in Protector System 1.15b1 for PhpNuke], Janek Vind
[waraxe-2004-SA#024 - XSS and full path disclosure in Network Query Tool 1.6], Janek Vind
[ GLSA 200404-17 ] ipsec-tools and iputils contain a remote DoS vulnerability, Kurt Lieber
Apache - all versions vulnerability in OLD procesors., Adam Zabrocki
- Re: Apache - all versions vulnerability in OLD procesors., Peter J. Holzer
- Re: Apache - all versions vulnerability in OLD procesors., Chris Adams
- Re: Apache - all versions vulnerability in OLD procesors., Chris Adams
- <Possible follow-ups>
- Re: Apache - all versions vulnerability in OLD procesors., Adam Zabrocki
  - Re: Apache - all versions vulnerability in OLD procesors., Peter Pentchev
Microsoft's Explorer and Internet Explorer long share name buffer overflow., Rodrigo Gutierrez
- <Possible follow-ups>
- RE: Microsoft's Explorer and Internet Explorer long share name buffer overflow., Rodrigo Gutierrez
- Microsoft's Explorer and Internet Explorer long share name buffer overflow., Rodrigo Gutierrez
[HOTFIX] setsockopt kernel vulnerability, nolife
Samsung SmartEther SS6215S Switch, Kyle Duren
Spammers can hide behind 'Email a friend/article' scripts., cyber_flash
- Re: Spammers can hide behind 'Email a friend/article' scripts., matthias
- Re: Spammers can hide behind 'Email a friend/article' scripts., 3APA3A
Horde webmail: mysql access, sig
- <Possible follow-ups>
- Re: Horde webmail: mysql access, Christopher T. Beers
Perl code exploting TCP not checking RST ACK., K sPecial
- <Possible follow-ups>
- Re: Perl code exploting TCP not checking RST ACK., Michael Gschwandtner
Multiple Vulnerabilities In OpenBB, JeiAr
[SECURITY] [DSA 495-1] New Linux 2.4.16 packages fix local root exploit (arm), Martin Schulze
Remote Format String Vulnerabilities in eXtremail, Luca Ercoli
Re: HP Web JetAdmin vulnerabilities., FX
- <Possible follow-ups>
- Re: HP Web JetAdmin vulnerabilities., Samuel Walker
[ GLSA 200404-19 ] Buffer overflows and format string, Joshua J. Berry
Source Code To Test IPv4 fragmentation --> The Rose Attack, Gandalf The White
Multiple vulnerabilities PHP-Nuke Video Gallery Module for PHP-Nuke, k1LL3r B0y
Re: [Full-Disclosure] Microsoft's Explorer and Internet Explorer long share name buffer overflow., KF (lists)
- <Possible follow-ups>
- RE: [Full-Disclosure] Microsoft's Explorer and Internet Explorer long share name buffer overflow., Bryce Porter
- Re[2]: [Full-Disclosure] Microsoft's Explorer and Internet Explorer long share name buffer overflow., 3APA3A
[ GLSA 200404-20 ] Multiple vulnerabilities in xine, Joshua J. Berry
[ GLSA 200404-18 ] Multiple Vulnerabilities in ssmtp, Joshua J. Berry
MDKSA-2004:037 - Updated kernel packages fix multiple vulnerabilities, Mandrake Linux Security Team
Multiple vulnerabilities paFileDB, k1LL3r B0y
resources consumption in DiGi WWW Server, Donato Ferrante
SGI ProPack v2.4: Kernel update #3, SGI Security Coordinator
[ESA-20040428-004] 'kernel' Several security and bug fixes, EnGarde Secure Linux
SMC Routers have remote administration enabled by default, user86
- Re: SMC Routers have remote administration enabled by default, user86
  - Re: SMC Routers have remote administration enabled by default, user86
- Re: SMC Routers have remote administration enabled by default, Michael Curtis
SGI Advanced Linux Environment security update #19, SGI Security Coordinator
MDKSA-2004:038 - Updated sysklogd packages fix vulnerability, Mandrake Linux Security Team
[slackware-security] kernel security updates (SSA:2004-119-01), Slackware Security Team
MS04011 Lsasrv.dll RPC buffer overflow remote exploit (PoC), houseofdabus HOD
[SECURITY] [DSA 496-1] New eterm packages fix indirect arbitrary command execution, Martin Schulze
New Worm??? - High level of activity on port 445, Tony Abell
- <Possible follow-ups>
- RE: New Worm??? - High level of activity on port 445, Roger A. Grimes
- RE: New Worm??? - High level of activity on port 445, Jodrell Dimaculangan
- RE: New Worm??? - High level of activity on port 445, Thor Larholm

Mail converted by MHonArc 2.6.8