Mail Index

• Thread Index

• [ GLSA 200406-22 ] Pavuk: Remote buffer overflow
  • From: Kurt Lieber
• MDKSA-2004:065 - Updated apache packages fix buffer overflow vulnerability in mod_proxy
  • From: Mandrake Linux Security Team
• MDKSA-2004:063 - Updated libpng packages fix potential remote compromise
  • From: Mandrake Linux Security Team
• MDKSA-2004:064 - Updated apache2 packages fix DoS vulnerability
  • From: Mandrake Linux Security Team
• rsbac 1.2.3 jail security problems
  • From: Bencsath Boldizsar
• Re: Java applet crashing with native assertion
  • From: Luciano Miguel Ferreira Rocha
• Re: Java applet crashing with native assertion
  • From: Cheese Whiz
• Microsoft technologies. By default, non-HIPAA compliant?
  • From: Anything But Microsoft
• Re: Java applet crashing with native assertion
  • From: Defakto
• BHO Trojan follow-up information
  • From: Hubbard, Dan
• Remote DoS vulnerability in Linux kernel 2.6.x
  • From: Adam Osuchowski
• linux kernel Sbus PROM driver multiple integer overflows
  • From: infamous41md
• RE: Microsoft technologies. By default, non-HIPAA compliant?
  • From: Jeremy Epstein
• RE: Microsoft technologies. By default, non-HIPAA compliant?
  • From: Cameron, Thomas
• SUPER SPOOF DELUXE Re: [Full-Disclosure] Microsoft and Security
  • From: http-equiv@xxxxxxxxxx
• DSL router Prestige 650HW-31
  • From: Sami Gascón
• FW: [security bulletin] SSRT4758 rev. 0 HP-UX ObAM WebAdmin unauthorized access
  • From: Boren, Rich (SSRT)
• Cisco Security Advisory: Cisco Collaboration Server Vulnerability
  • From: Cisco Systems Product Security Incident Response Team
• RE: Microsoft technologies. By default, non-HIPAA compliant?
  • From: Boring, Andrew
• Unprevileged user can change quota on Domino
  • From: Andreas Klein
• (IE/SCOB) Switching Software Because of Bugs: Some Facts About Software and Security bugs
  • From: Drew Copley
• Re: php codes injection in phpMyAdmin version 2.5.7.
  • From: Marc Delisle
• SecurityLab report: The Top 10 Most Critical Vulnerabilities in June 2004
  • From: Alexander
• Re: php codes injection in phpMyAdmin version 2.5.7.
  • From: Marc Delisle
• Re: Microsoft technologies. By default, non-HIPAA compliant?
  • From: Dave Paris
• DoS against Domino 6.5.1
  • From: Andreas Klein
• FW: [security bulletin] SSRT3552 HP-UX running ARPA transport local Denial of Service (DoS)
  • From: Boren, Rich (SSRT)
• RE: Microsoft technologies. By default, non-HIPAA compliant?
  • From: bob@xxxxxxxxx
• MD5 hash cracking service
  • From: md5er
• Re: Microsoft technologies. By default, non-HIPAA compliant?
  • From: Nicholas Weaver
• [ GLSA 200407-01 ] Esearch: Insecure temp file handling
  • From: Joshua J. Berry
• Re: Microsoft technologies. By default, non-HIPAA compliant?
  • From: Nick FitzGerald
• Brightmail leaks other user's spam
  • From: Thomas Springer
• SUSE Security Announcement: kernel (SUSE-SA:2004:020)
  • From: Roman Drahtmueller
• FreeBSD Security Advisory FreeBSD-SA-04:13.linux
  • From: FreeBSD Security Advisories
• Multiple Vulnerabilities in Easy Chat Server 1.2
  • From: Donato Ferrante
• DLINK 624, script injection vulnerability
  • From: Gregory Duchemin
• Sanity check in Centre
  • From: Manip
• Registry fixes for the recent IE vulnerabilities
  • From: Mike Cheng
• Announce: RSBAC v1.2.3 released
  • From: Amon Ott
• XSS in SCI Photo Chat Server 3.4.9
  • From: Donato Ferrante
• [HW-MED] XSS in Netegrity IdentityMinder
  • From: vuln
• Registry Fix For Variant of Scob
  • From: Drew Copley
• Public Review of OIS Security Vulnerability Reporting and Response Guidelines
  • From: OIS
• Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out
  • From: http-equiv@xxxxxxxxxx
• RE: RE: SUPER SPOOF DELUXE Re: [Full-Disclosure] Microsoft and Security
  • From: http-equiv@xxxxxxxxxx
• THE INSIDER VULNERABILITY STILL WORKS AFTER TODAY'S PATCH
  • From: liudieyu
• Enterasys XSR Security Routers DoS
  • From: Frederico Queiroz
• RE: [Full-Disclosure] THE VULNERABILITY STILL WORKS AFTER TODAY'S PATCH
  • From: Jelmer
• The 3 D's: Demo for the Dullards and Dunces
  • From: http-equiv@xxxxxxxxxx
• Cart32 Input Validation Flaw in 'GetLatestBuilds?cart32=' Permits Remote Cross-Site Scripting Attacks
  • From: Dr Ponidi
• Re: DLINK 614+ - SOHO routers, system DOS
  • From: Gregory Duchemin
• [SECURITY] [DSA 527-1] New pavuk packages fix buffer overflow
  • From: Matt Zimmerman
• [SECURITY] [DSA 526-1] New webmin packages fix multiple vulnerabilities
  • From: Matt Zimmerman
• [ GLSA 200407-04 ] Pure-FTPd: Potential DoS when maximum connections is reached
  • From: Thierry Carrez
• XSS in 12Planet Chat Server 2.9
  • From: Donato Ferrante
• [ GLSA 200407-03 ] Apache 2: Remote denial of service attack
  • From: Thierry Carrez
• Re: Public Review of OIS Security Vulnerability Reporting and ResponseGuidelines
  • From: Fred Mobach
• unreal ircd ip cloaking subsystem vulnerability
  • From: bartavelle
• Fastream NETFile FTP/Web Server Input validation Errors
  • From: at4r
• MySQL Authentication Bypass
  • From: NGSSoftware Insight Security Research
• Re: Java applet crashing with native assertion
  • From: Ronald Oussoren
• Linux Virtual Server/Secure Context procfs shared permissions flaw
  • From: Veit Wahlich
• RE: Microsoft and Security
  • From: Alun Jones
• Do not adopt OIS standards (Was: Public Review of OIS Security Vulnerability Reporting and Response Guidelines)
  • From: Ferguson, Ann
• [ GLSA 200407-05 ] XFree86, X.org: XDM ignores requestPort setting
  • From: Thierry Carrez
• RE: Registry Fix For Variant of Scob
  • From: Thor Larholm
• RE: Microsoft and Security
  • From: Radoslav Dejanovic
• Re: [Dailydave] Re: [Full-Disclosure] Public Review of OIS Security Vulnerability Reporting and Response Guidelines
  • From: Halvar Flake
• Re: [Full-Disclosure] Public Review of OIS Security Vulnerability Reporting and Response Guidelines
  • From: dave
• Re: Microsoft and Security
  • From: Justin Wheeler
• Re: Public Review of OIS Security Vulnerability Reporting and Response Guidelines
  • From: Pete Herzog
• RE: Registry Fix For Variant of Scob
  • From: Jelmer
• BENCHMARK() is not the only way to determine successfull MySQL injection
  • From: Philip Stoev
• RE: Microsoft and Security
  • From: Alun Jones
• RE: Microsoft technologies. By default, non-HIPAA compliant?
  • From: Anything But Microsoft
• RE: Registry Fix For Variant of Scob
  • From: Drew Copley
• xingtone opens server on desktop using undocumented protocol (probably http)
  • From: Burton M. Strauss III
• [OpenPKG-SA-2004.030] OpenPKG Security Advisory (png)
  • From: OpenPKG
• Re: Microsoft and Security
  • From: Jason Coombs
• Re: [ISN] E-Mail Snooping Ruled Permissible
  • From: Jason Coombs
• Re: Registry Fix For Variant of Scob
  • From: http-equiv@xxxxxxxxxx
• RE: Microsoft technologies. By default, non-HIPAA compliant?
  • From: Tina Bird
• backdoor menu on conexant chipset dsl router (Zoom X3)
  • From: Adam Laurie
• Eudora 6.1.2 attachment spoof
  • From: Paul Szabo
• RE: Microsoft and Security
  • From: David F. Skoll
• Re: [Full-Disclosure] Public Review of OIS Security Vulnerability Reporting and Response Guidelines
  • From: rsh
• Enterasys XSR Security Router Record Route Denial Of Service Vulnerability (More information)
  • From: Frederico Queiroz
• Can we prevent IE exploits a priori?
  • From: security-bugtraq
• MDKSA-2004:066 - Updated kernel packages fix multiple vulnerabilities
  • From: Mandrake Linux Security Team
• Comersus Cart Improper Request Handling
  • From: Thomas Ryan
• Re: (IE/SCOB) Switching Software Because of Bugs: Some Facts About Software and Security bugs
  • From: Thomas C. Greene
• FW: [security bulletin] SSRT4718 rev.0 HP Tru64 UNIX NTP Integer Overflow
  • From: Boren, Rich (SSRT)
• Comersus Cart Cross-Site Scripting Vulnerability
  • From: Thomas Ryan
• Npds BB HTML Injection
  • From: Benjamin Tolman
• Re: Microsoft and Security
  • From: Adam Shostack
• Scob variant using IIS 6.0 or just upgrades ?
  • From: Hubbard, Dan
• Suggestion: erase data posted to the Web
  • From: Andrew Daviel
• RE: Can we prevent IE exploits a priori?
  • From: Drew Copley
• Re: Suggestion: erase data posted to the Web
  • From: Nick Lamb
• RE: Suggestion: erase data posted to the Web
  • From: Michael Wojcik
• Security contact wanted
  • From: S G Masood
• [ GLSA 200407-07 ] Shorewall : Insecure temp file handling
  • From: Thierry Carrez
• Re: Public Review of OIS Security Vulnerability Reporting and ResponseGuidelines
  • From: ET LoWNOISE
• [GLSA 200407-06] libpng: Buffer overflow on row buffers
  • From: Sune Kloppenborg Jeppesen
• Re: Suggestion: erase data posted to the Web
  • From: Luciano Miguel Ferreira Rocha
• RE: Can we prevent IE exploits a priori?
  • From: James C Slora Jr
• MOZILLA: execute local file and its fix
  • From: liudieyu
• [ GLSA 200407-08 ] Ethereal: Multiple security problems
  • From: Kurt Lieber
• CYBSEC - Security Advisory: Denial of Service in IBM WebSphere Edge Server
  • From: Leandro Meiners
• Re: Can we prevent IE exploits a priori?
  • From: Thor Larholm
• Norton AntiVirus Denial Of Service Vulnerability [Part: !!!]
  • From: Bipin Gautam
• [OpenPKG-SA-2004.031] OpenPKG Security Advisory (dhcpd)
  • From: OpenPKG
• Re: Microsoft and Security
  • From: Valdis . Kletnieks
• Mozilla Security Advisory 2004-07-08
  • From: dveditz
• Re: Can we prevent IE exploits a priori?
  • From: Jason Coombs
• Microsoft Word Email Object Data Vulnerability
  • From: James C. Slora, Jr.
• Re: Norton AntiVirus Denial Of Service Vulnerability [Part: !!!]
  • From: Tom Spencer
• Re: Microsoft Word Email Object Data Vulnerability
  • From: http-equiv@xxxxxxxxxx
• Re: Suggestion: erase data posted to the Web
  • From: devnull
• MDKSA-2004:067 - Updated ethereal packages fix multiple vulnerabilities
  • From: Mandrake Linux Security Team
• RE: Norton AntiVirus Denial Of Service Vulnerability [Part: !!!]
  • From: Eric McCarty
• RE: Microsoft Word Email Object Data Vulnerability
  • From: Drew Copley
• Covert Channels allow Cross-Site-Java in Microsoft VM
  • From: Marc Schoenefeld
• current leading bots used in drone armies [June/July 2004]
  • From: Gadi Evron
• [tool] p0f 2.0.4 is out
  • From: Michal Zalewski
• Re: Norton AntiVirus Denial Of Service Vulnerability [Part: !!!]
  • From: Bipin Gautam
• RE: Norton AntiVirus Denial Of Service Vulnerability [Part: !!!]
  • From: DaiTengu
• MSOE Javascript Execution Vulnerability
  • From: Paul
• RE: MSIE Download Window Filename + Filetype Spoofing Vulnerability
  • From: Drew Copley
• Re: Covert Channels allow Cross-Site-Java in Microsoft VM
  • From: Siva Subbu
• [ GLSA 200407-10 ] rsync: Directory traversal in rsync daemon
  • From: Kurt Lieber
• MOZILLA: SHELL can execute remote EXE program
  • From: liudieyu
• [BUGZILLA] Multiple vulnerabilities in Bugzilla 2.16.5 and 2.17.7
  • From: David Miller
• Media Preview Script Execution Vulnerability
  • From: Paul
• Re: HijackClick 3
  • From: http-equiv@xxxxxxxxxx
• MSIE Download Window Filename + Filetype Spoofing Vulnerability
  • From: Paul
• HijackClick 3
  • From: Paul
• I small poem in JScript
  • From: Berend-Jan Wever
• [ GLSA 200407-09 ] MoinMoin: Group ACL bypass
  • From: Kurt Lieber
• Re: Covert Channels allow Cross-Site-Java in Microsoft VM
  • From: Marc Schoenefeld
• Remote crash of Half-Life servers and clients (versions before the 07 July 2004)
  • From: Luigi Auriemma
• MSIE Similar Method Name Redirection Cross Site/Zone Scripting Vulnerability
  • From: Paul
• RE: MSIE Download Window Filename + Filetype Spoofing Vulnerability
  • From: Polazzo Justin
• Two Vulnerabilities in Mozilla may lead to remote compromise
  • From: Mind Warper
• RE: MSIE Download Window Filename + Filetype Spoofing Vulnerability
  • From: Drew Copley
• Moodle XSS Vulnerability
  • From: Thomas Waldegger
• Re: Two Vulnerabilities in Mozilla may lead to remote compromise
  • From: Philliph
• @stake advisory: WebSTAR (5.3.2 and below) Multiple Vulnerabilities
  • From: Advisories
• Re: Two Vulnerabilities in Mozilla may lead to remote compromise
  • From: Daniel Veditz
• RE: Two Vulnerabilities in Mozilla may lead to remote compromise
  • From: Jelmer
• RE: Norton AntiVirus Denial Of Service Vulnerability [Part: !!!]
  • From: Sym Security
• IE Shell URI Download and Execute, POC
  • From: Ferruh Mavituna
• Microsoft Window Utility Manager Local Elevation of Privileges
  • From: Vivek Rathod (Application Security, Inc.)
• phrack #62 has been released
  • From: phrack staff
• Re: MSIE Similar Method Name Redirection Cross Site/Zone Scripting Vulnerability
  • From: http-equiv@xxxxxxxxxx
• aterm 0.4.2 tty permission weakness
  • From: Maarten Tielemans
• RE: Re: HijackClick 3
  • From: Drew Copley
• Re: Two Vulnerabilities in Mozilla may lead to remote compromise
  • From: Mind Warper
• RE: Two Vulnerabilities in Mozilla may lead to remote compromise
  • From: Darren Pilgrim
• RE: Norton AntiVirus Denial Of Service Vulnerability [Part: !!!]
  • From: Sym Security
• Find the tag continued
  • From: James C. Slora, Jr.
• HtmlHelp - .CHM File Heap Overflow
  • From: Brett Moore
• Microsoft Windows Task Scheduler '.job' Stack Overflow
  • From: NGSSoftware Insight Security Research
• [ GLSA 200407-11 ] wv: Buffer overflow vulnerability
  • From: Thierry Carrez
• Advisory 12/2004: PHP strip_tags() bypass vulnerability
  • From: Stefan Esser
• Ref: http://www.securityfocus.com/archive/1/367866, Jul 1 2004 1:19PM, Subj: Brightmail leaks other user's spam
  • From: Sym Security
• Unchecked buffer in mstask.dll
  • From: Brett Moore
• Advisory 11/2004: PHP memory_limit remote vulnerability
  • From: Stefan Esser
• Re: Microsoft Window Utility Manager Local Elevation of Privileges
  • From: Chris Paget
• RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC
  • From: Ferruh Mavituna
• RE: HijackClick 3
  • From: http-equiv@xxxxxxxxxx
• TSSA-2004-013 - php
  • From: tinysofa Security Team
• PHP BB bug
  • From: sasan hezarkhani
• [security bulletin] SSRT4741 rev.1 DCE for HP OpenVMS Potential RPC Buffer Overflow Attack VU#259796, VU#568148, VU#326746
  • From: Boren, Rich (SSRT)
• RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC
  • From: Drew Copley
• [HV-MED] DoS in Microsoft SMS Client
  • From: vuln
• RE: Unchecked buffer in mstask.dll
  • From: Thor Larholm
• MDKSA-2004:070 - Updated freeswan and super-freeswan packages fix certificate chain authentication vulnerability
  • From: Mandrake Linux Security Team
• MDKSA-2004:068 - Updated php packages fix multiple vulnerabilities
  • From: Mandrake Linux Security Team
• [CLA-2004:846] Conectiva Security Announcement - kernel
  • From: Conectiva Updates
• [ GLSA 200407-13 ] PHP: Multiple security vulnerabilities
  • From: Kurt Lieber
• RE: Unchecked buffer in mstask.dll
  • From: Paul Szabo
• Re: Security contact wanted
  • From: Patrick van Zweden
• Re: current leading bots used in drone armies [June/July 2004]
  • From: Jan Knutar
• White Paper: 0x00 vs ASP file upload scripts
  • From: Brett Moore
• RE: Two Vulnerabilities in Mozilla may lead to remote compromise
  • From: Pavel Kankovsky
• The Impact of RFC Guidelines on DNS Spoofing Attacks
  • From: have2Banonymous
• Trend Micro Officescan for Win2k strange behaviour
  • From: Marco Monicelli
• RE: Unchecked buffer in mstask.dll
  • From: Thor Larholm
• Re: aterm 0.4.2 tty permission weakness
  • From: Coleman Kane
• Re: aterm 0.4.2 tty permission weakness
  • From: Armin Wolfermann
• Re: aterm 0.4.2 tty permission weakness
  • From: Sebastian Hans
• Re: [security] aterm 0.4.2 tty permission weakness
  • From: lorenzo
• RE: phrack #62 has been released
  • From: Glenn_Everhart
• MDKSA-2004:069 - Updated ipsec-tools packages fix multiple vulnerabilities
  • From: Mandrake Linux Security Team
• Re: Microsoft Window Utility Manager Local Elevation of Privileges
  • From: KF (lists)
• Re: Unchecked buffer in mstask.dll
  • From: Mark Litchfield
• SUSE Security Announcement: php4 (SUSE-SA:2004:021)
  • From: Sebastian Krahmer
• [waraxe-2004-SA#034 - XSS and path full path disclosure in PhpBB 2.0.8]
  • From: Janek Vind
• RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC
  • From: Todd Towles
• Re: PHP BB bug
  • From: Rich Lafferty
• [security bulletin] SSRT4704 rev.0 HP-UX wu-ftpd local unauthorized access
  • From: Boren, Rich (SSRT)
• RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC
  • From: Ferruh Mavituna
• Re: PHP BB bug
  • From: micheal@xxxxxxxxxxxxxxxxxxxxx
• [waraxe-2004-SA#035 - Multiple security holes in PhpNuke - part 2]
  • From: Janek Vind
• Re: Re: HijackClick 3
  • From: Paul
• Re: Microsoft and Security
  • From: Charles Otstot
• RE: MSIE Similar Method Name Redirection Cross Site/Zone Scripting Vulnerability
  • From: Thor Larholm
• RE: RE: HijackClick 3
  • From: Thor Larholm
• [ GLSA 200407-12 ] Linux Kernel: Remote DoS vulnerability with IPTables TCP Handling
  • From: Tim Yamin
• Re: Can we prevent IE exploits a priori?
  • From: bugtraq223344
• RE: Trend Micro Officescan for Win2k strange behaviour
  • From: Seth Hall
• [OpenPKG-SA-2004.032] OpenPKG Security Advisory (apache)
  • From: OpenPKG
• Re: Microsoft Window Utility Manager Local Elevation of Privileges
  • From: Cesar
• [tool] webstretch 0.1.6 http inspection proxy
  • From: Simon Shanks
• RE: MSIE Download Window Filename + Filetype Spoofing Vulnerability
  • From: Eric McCarty
• Hotmail Cross Site Scripting Vulnerability
  • From: Paul
• [CLA-2004:847] Conectiva Security Announcement - php4
  • From: Conectiva Updates
• [CLA-2004:848] Conectiva Security Announcement - webmin
  • From: Conectiva Updates
• MSIE Overly Trusted Location Variant Method Cache Vulnerability
  • From: Paul
• Re: Hotmail Cross Site Scripting Vulnerability
  • From: GreyMagic Security
• [FMADV] Format String Bug in OllyDbg 1.10
  • From: ned
• Re: Mac OS X stores login/Keychain/FileVault passwords on disk
  • From: Theo Van Dinter
• Medal of Honor remote buffer-overflow
  • From: Luigi Auriemma
• Re: Moodle XSS Vulnerability
  • From: Martin Dougiamas
• Web_Store.cgi allows Command Execution
  • From: Zero_X www.lobnan.de Team
• utilman.exe exploit
  • From: Iván Rodriguez Almuiña
• Re: White Paper: 0x00 vs ASP file upload scripts
  • From: Martin Eiszner
• Re: Trend Micro Officescan for Win2k strange behaviour
  • From: 3APA3A
• Re: Mac OS X stores login/Keychain/FileVault passwords on disk
  • From: Ray Slakinski
• [Tool] HardTCP "Hardening TCP/IP" + SOURCE
  • From: D'Amato Luigi
• Re: MSOE Javascript Execution Vulnerability
  • From: Fabricio A. Angeletti
• Re: Mac OS X stores login/Keychain/FileVault passwords on disk
  • From: johnny
• Re: MSOE Javascript Execution Vulnerability
  • From: Monu
• Re: Norton AntiVirus Denial Of Service Vulnerability [Part: !!!]
  • From: Bipin Gautam
• Re: Hotmail Cross Site Scripting Vulnerability
  • From: Andrew Hunter
• What A Drag
  • From: http-equiv@xxxxxxxxxx
• Re: [Full-Disclosure] RE: Unchecked buffer in mstask.dll
  • From: Nick FitzGerald
• RE: Unchecked buffer in mstask.dll
  • From: Dmitry Yu. Bolkhovityanov
• RE: [ok] [Full-Disclosure] RE: Unchecked buffer in mstask.dll
  • From: Curt Purdy
• Re: [Full-Disclosure] RE: Unchecked buffer in mstask.dll
  • From: Jordan Cole (stilist)
• Re: Mac OS X stores login/Keychain/FileVault passwords on disk
  • From: Kurt Seifried
• Re: Microsoft and Security
  • From: Lucas Holt
• RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC
  • From: Ferruh Mavituna
• Mozilla Bug Isn't So Bad
  • From: Paul
• Re: Mac OS X stores login/Keychain/FileVault passwords on disk
  • From: James Goodlet
• Re: [Full-Disclosure] RE: Unchecked buffer in mstask.dll
  • From: Curt Purdy
• Re: Mac OS X stores login/Keychain/FileVault passwords on disk
  • From: Chris Boyd
• Re: Mozilla Bug Isn't So Bad
  • From: Bill
• Re: PHP BB bug
  • From: Micheal Cottingham
• Artmedic kleinanzeigen include vulnerability
  • From: Francisco Alisson
• RE: Mac OS X stores login/Keychain/FileVault passwords on disk
  • From: Michael Shirk
• RE: The Impact of RFC Guidelines on DNS Spoofing Attacks
  • From: have2Banonymous
• [SECURITY] [DSA 529-1] New netkit-telnet-ssl package fixes format string vulnerability
  • From: Matt Zimmerman
• Re: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC
  • From: Fabricio A. Angeletti
• new utilman.exe exploit (allinone remote exploitation)
  • From: Iván Rodriguez Almuiña
• [waraxe-2004-SA#036 - Multiple security holes in PhpNuke - part 3]
  • From: Janek Vind
• [SECURITY] [DSA 530-1] New l2tpd packages fix buffer overflow
  • From: Matt Zimmerman
• [SECURITY] [DSA 528-1] New ethereal packages fix denial of service
  • From: Matt Zimmerman
• Re: More Webserver / IE Exploits
  • From: Benjamin Franz
• OpenServer 5.0.6 OpenServer 5.0.7 : MMDF Various buffer overflows and other security issues
  • From: please_reply_to_security
• Inappropriate methods exposed in XML -what's the essence?
  • From: portsmut
• PhpBB HTTP Response Splitting & Cross Site Scripting vulnerabilities
  • From: Ory Segal
• [ GLSA 200407-14 ] Unreal Tournament 2003/2004: Buffer overflow in 'secure' queries
  • From: Thierry Carrez
• [FLSA-2004:1734] Updated mailman resolves security vulnerability
  • From: Jesse Keating
• More Webserver / IE Exploits
  • From: Hubbard, Dan
• [ GLSA 200407-15 ] Opera: Multiple spoofing vulnerabilities
  • From: Sune Kloppenborg Jeppesen
• dos_in_file_share_2.6
  • From: nekd0
• Denial of Service vulnerability in several Lexmark HTTP servers
  • From: Peter Kruse
• [FLSA-2004:1324] Updated libxml2 resolves security vulnerabilities
  • From: Jesse Keating
• Buffer overflow in Whisper FTP Surfer 1.0.7
  • From: Komrade
• Denial of Service in Conceptronic CADSLR1 Router
  • From: Administrador de 'Shell Security'
• [SECURITY] [DSA 531-1] New php4 packages fix multiple vulnerabilities
  • From: Matt Zimmerman
• Re: Denial of Service vulnerability in several Lexmark HTTP servers
  • From: Eric Sesterhenn / snakebyte
• mi2g - fud, lies and libel
  • From: not-mi2g
• Bug@FlashFTPd
  • From: CoolICE
• DOS@XitamiHTTPd
  • From: CoolICE
• Security Release - Samba 3.0.5 and 2.2.10
  • From: Gerald (Jerry) Carter
• Comcast(tm) Email Manager allows arbitrary java and activex code execution
  • From: Michael Scheidell
• [OpenPKG-SA-2004.033] OpenPKG Security Advisory (samba)
  • From: OpenPKG
• [ GLSA 200407-17 ] l2tpd: Buffer overflow
  • From: Kurt Lieber
• [OpenPKG-SA-2004.034] OpenPKG Security Advisory (php)
  • From: OpenPKG
• [CLA-2004:851] Conectiva Security Announcement - samba
  • From: Conectiva Updates
• TSSA-2004-014 - samba
  • From: tinysofa Security Team
• SWAT PreAuthorization PoC
  • From: bugtraq
• @stake advisory: HP dced Remote Command Execution Multiple OSes
  • From: Advisories
• Samba 3.x swat preauthentication buffer overflow
  • From: Evgeny Demidov
• MDKSA-2004:071 - Updated samba packages fix vulnerability in SWAT, samba-server.
  • From: Mandrake Linux Security Team
• Forward:FullDisclosure/IE - Possible Address Spoofing
  • From: Liu Die Yu
• [SECURITY] [DSA 533-1] New courier packages fix cross-site scripting vulnerability
  • From: Matt Zimmerman
• SUSE Security Announcement: samba (SUSE-SA:2004:022)
  • From: Thomas Biege
• [SECURITY] [DSA 534-1] New mailreader packages fix directory traversal vulnerability
  • From: Matt Zimmerman
• Apache 1.3.x mod_userdir Exploit (wgetusr.c)
  • From: John Bissell
• OpenServer 5.0.7 : Mozilla Multiple issues
  • From: please_reply_to_security
• mi2g attacks "so-called" security sites
  • From: Rob Rosenberger
• eSafe: Could this be exploited?
  • From: Hugo van der Kooij
• LNSA-#2004-0015: buffer overflow in samba (Jul, 23 2004)
  • From: Vincenzo Ciaglia
• [security bulletin] SSRT4773 HP-UX xfs and stmkfont remote unauthorized access
  • From: Boren, Rich (SSRT)
• APC Security Advisory Denial of Service Vulnerability with PowerChuteBusinessEdition
  • From: security.advisory
• LNSA-#2004-0016: Multiple problems in Ethereal 0.10.4 (Jul, 23 2004)
  • From: Vincenzo Ciaglia
• FW: [Full-Disclosure] Progress and Challenges
  • From: {tonyFelice}
• eSeSIX Thintune thin client multiple vulnerabilities
  • From: Loss, Dirk
• EasyWeb FileManager Directory Traversal
  • From: sullo
• Re: eSafe: Could this be exploited?
  • From: Oliver@xxxxxxxxxx
• Re: eSafe: Could this be exploited?
  • From: Nick FitzGerald
• Re: eSafe: Could this be exploited?
  • From: 3APA3A
• MS SMS DOS Proof-of-concept code and Snort sig
  • From: wang
• Re: DoS against Domino 6.5.1
  • From: Andreas Klein
• Re: Mac OS X stores login/Keychain/FileVault passwords on disk
  • From: Adi Kriegisch
• Easyins Stadtportal
  • From: Francisco Alisson
• TSL-2004-0039 - multi
  • From: Trustix Security Advisor
• [ GLSA 200407-19 ] Pavuk: Digest authentication helper buffer overflow
  • From: Kurt Lieber
• Linux Netwosix Bugzilla - Bugtracking System
  • From: Vincenzo Ciaglia
• Re: eSafe: Could this be exploited?
  • From: MegaHz
• Mozilla Firefox Certificate Spoofing
  • From: E.Kellinis
• QUESTION
  • From: Alex Mega
• NucleusCMS 3.01 SQL Injection Vulnerability
  • From: acidbits
• Re: EasyWeb FileManager Directory Traversal
  • From: Noam Rathaus
• Re: eSafe: Could this be exploited?
  • From: Andreas Constantinides (MegaHz)
• ASPRunner Multiple Vulnerabilities
  • From: Ferruh Mavituna
• CVS woes: .cvspass
  • From: Chiaki
• [ GLSA 200407-20 ] Subversion: Vulnerability in mod_authz_svn
  • From: Joshua J. Berry
• OSX Panther Internet Connect - Local root
  • From: br00t
• [security bulletin] SSRT4782 rev. 0 HP-UX CIFS Server potential remote root access
  • From: Boren, Rich (SSRT)
• [SECURITY] [DSA 532-2] New libapache-mod-ssl packages fix multiple vulnerabilities
  • From: Matt Zimmerman
• Re: CVS woes: .cvspass
  • From: Valdis . Kletnieks
• Re: QUESTION
  • From: Viktor Larionov
• RE: Forward:FullDisclosure/IE - Possible Address Spoofing
  • From: Chenghuai Lu
• Re: eSafe: Could this be exploited?
  • From: Hugo van der Kooij
• Re: Mozilla Firefox Certificate Spoofing
  • From: Chris Brown
• IRM 009: RiSearch and RiSearch ProPro are vulnerable to open FTP/HTTP proxy, directory listings and file disclosure vulnerabilities
  • From: IRM Advisories
• Re: CVS woes: .cvspass
  • From: Greg A. Woods
• WASC Releases Web Security Threat Classification
  • From: Jeremiah Grossman
• MDKSA-2004:075 - Updated mod_ssl packages fix potential vulnerabilities
  • From: Mandrake Linux Security Team
• [CLA-2004:852] Conectiva Security Announcement - kernel
  • From: Conectiva Updates
• Re: [Full-Disclosure] Internet Explorer Remote Null Pointer Crash(mshtml.dll)
  • From: Berend-Jan Wever
• MDKSA-2004:073 - Updated XFree86 packages fix issue with xdm opening random sockets
  • From: Mandrake Linux Security Team
• AntiBoard <= 0.7.2 XSS/SQL Injection
  • From: Josh Gilmour
• [Paper] Small XSS Paper
  • From: Ferruh Mavituna
• UnixWare 7.1.3up : tcpdump several vulnerabilities in tcpdump.
  • From: please_reply_to_security
• Re: [Full-Disclosure] Crash IE with 11 bytes ;)
  • From: Berend-Jan Wever
• MDKSA-2004:072 - Updated postgresql packages fix buffer overflow in odbc driver
  • From: Mandrake Linux Security Team
• Aladdin response regarding eSafe
  • From: Ofer Elzam
• Re: CVS woes: .cvspass
  • From: Andreas Beck
• Re: [ GLSA 200407-20 ] Subversion: Vulnerability in mod_authz_svn
  • From: Jack Repenning
• Pavuk Digest Authentication Buffer Overflow
  • From: mattmurphy@xxxxxxxxx
• Re: eSafe: Could this be exploited?
  • From: Kev Ford
• MDKSA-2004:074 - Updated webmin packages correct remote attacker vulnerabilities
  • From: Mandrake Linux Security Team
• ERRATA: [ GLSA 200407-21 ] Samba: Multiple buffer overflows
  • From: Thierry Carrez
• [ GLSA 200407-21 ] Samba: Multiple buffer overflows
  • From: Kurt Lieber
• OpenServer 5.0.6 OpenServer 5.0.7 : Multiple Vulnerabilities in Sendmail
  • From: please_reply_to_security
• Linpha 0.9.4: authentication bypass
  • From: Rubén Molina
• lostBook v1.1 Javascript Execution
  • From: Joseph Moniz
• MDKSA-2004:076 - Updated sox packages fix buffer overflows with malicious .wav files
  • From: Mandrake Linux Security Team
• DansGuardian Hex Encoding URL Banned Extension Filter Bypass Vulnerability
  • From: Rubén Molina
• File downloads in Opera at known locations
  • From: Rohit Dube
• Jaws 0.4: authentication bypass
  • From: Rubén Molina
• RE: Forward:FullDisclosure/IE - Possible Address Spoofing
  • From: Michael Silk
• RE: Forward:FullDisclosure/IE - Possible Address Spoofing
  • From: Chenghuai Lu
• Re: Aladdin response regarding eSafe
  • From: 3APA3A
• Re: OpenServer 5.0.6 OpenServer 5.0.7 : Multiple Vulnerabilities in Sendmail
  • From: George Capehart
• [ GLSA 200407-22 ] phpMyAdmin: Multiple vulnerabilities
  • From: Thierry Carrez
• [CLA-2004:854] Conectiva Security Announcement - samba
  • From: Conectiva Updates
• MDKSA-2004:077 - Updated wv packages fix vulnerability
  • From: Mandrake Linux Security Team
• Re: Aladdin response regarding eSafe
  • From: Aleksandar Milivojevic
• Citadel/UX Remote DoS Vulnerability
  • From: CoKi
• Re: File downloads in Opera at known locations
  • From: Josh Tolley
• WpQuiz Gain Admin Rightd Exploit found
  • From: jonathan tough
• [ GLSA 200407-23 ] SoX: Multiple buffer overflows
  • From: Thierry Carrez
• Fwd: New possible scam method : forged websites using XUL (Firefox)
  • From: David Ahmad
• Re: eSafe: Could this be exploited?
  • From: Nick FitzGerald
• UnixWare 7.1.3 Open UNIX 8.0.0 : Xsco contains a buffer overflow that could be exploited to gain root privileges.
  • From: please_reply_to_security
• OpenServer 5.0.6 OpenServer 5.0.7 : OpenSSL Multiple Vulnerabilities
  • From: please_reply_to_security
• OpenServer 5.0.6 OpenServer 5.0.7 : uudecode does not check for symlink or pipe
  • From: please_reply_to_security
• [CLA-2004:855] Conectiva Security Announcement - sox
  • From: Conectiva Updates
• Fusion News Yet Another Unauthorized Account Addition Vulnerability
  • From: Joseph Moniz