Mail Thread Index
- [ GLSA 200406-22 ] Pavuk: Remote buffer overflow,
Kurt Lieber
- MDKSA-2004:065 - Updated apache packages fix buffer overflow vulnerability in mod_proxy,
Mandrake Linux Security Team
- MDKSA-2004:063 - Updated libpng packages fix potential remote compromise,
Mandrake Linux Security Team
- MDKSA-2004:064 - Updated apache2 packages fix DoS vulnerability,
Mandrake Linux Security Team
- rsbac 1.2.3 jail security problems,
Bencsath Boldizsar
- Re: Java applet crashing with native assertion,
Luciano Miguel Ferreira Rocha
- Microsoft technologies. By default, non-HIPAA compliant?,
Anything But Microsoft
- Re: Microsoft technologies. By default, non-HIPAA compliant?,
Nick FitzGerald
- <Possible follow-ups>
- RE: Microsoft technologies. By default, non-HIPAA compliant?,
Jeremy Epstein
- RE: Microsoft technologies. By default, non-HIPAA compliant?,
Cameron, Thomas
- RE: Microsoft technologies. By default, non-HIPAA compliant?,
Boring, Andrew
- RE: Microsoft technologies. By default, non-HIPAA compliant?,
bob@xxxxxxxxx
- RE: Microsoft technologies. By default, non-HIPAA compliant?,
Anything But Microsoft
- BHO Trojan follow-up information,
Hubbard, Dan
- Remote DoS vulnerability in Linux kernel 2.6.x,
Adam Osuchowski
- linux kernel Sbus PROM driver multiple integer overflows,
infamous41md
- SUPER SPOOF DELUXE Re: [Full-Disclosure] Microsoft and Security,
http-equiv@xxxxxxxxxx
- DSL router Prestige 650HW-31,
Sami Gascón
- FW: [security bulletin] SSRT4758 rev. 0 HP-UX ObAM WebAdmin unauthorized access,
Boren, Rich (SSRT)
- Cisco Security Advisory: Cisco Collaboration Server Vulnerability,
Cisco Systems Product Security Incident Response Team
- Unprevileged user can change quota on Domino,
Andreas Klein
- (IE/SCOB) Switching Software Because of Bugs: Some Facts About Software and Security bugs,
Drew Copley
- Re: php codes injection in phpMyAdmin version 2.5.7.,
Marc Delisle
- SecurityLab report: The Top 10 Most Critical Vulnerabilities in June 2004,
Alexander
- DoS against Domino 6.5.1,
Andreas Klein
- FW: [security bulletin] SSRT3552 HP-UX running ARPA transport local Denial of Service (DoS),
Boren, Rich (SSRT)
- MD5 hash cracking service,
md5er
- [ GLSA 200407-01 ] Esearch: Insecure temp file handling,
Joshua J. Berry
- Brightmail leaks other user's spam,
Thomas Springer
- SUSE Security Announcement: kernel (SUSE-SA:2004:020),
Roman Drahtmueller
- FreeBSD Security Advisory FreeBSD-SA-04:13.linux,
FreeBSD Security Advisories
- Multiple Vulnerabilities in Easy Chat Server 1.2,
Donato Ferrante
- DLINK 624, script injection vulnerability,
Gregory Duchemin
- Sanity check in Centre,
Manip
- Registry fixes for the recent IE vulnerabilities,
Mike Cheng
- Announce: RSBAC v1.2.3 released,
Amon Ott
- XSS in SCI Photo Chat Server 3.4.9,
Donato Ferrante
- [HW-MED] XSS in Netegrity IdentityMinder,
vuln
- Registry Fix For Variant of Scob,
Drew Copley
- Public Review of OIS Security Vulnerability Reporting and Response Guidelines,
OIS
- Re: [Full-Disclosure] Fix for IE ADODB.Stream vulnerability is out,
http-equiv@xxxxxxxxxx
- THE INSIDER VULNERABILITY STILL WORKS AFTER TODAY'S PATCH,
liudieyu
- Enterasys XSR Security Routers DoS,
Frederico Queiroz
- The 3 D's: Demo for the Dullards and Dunces,
http-equiv@xxxxxxxxxx
- Cart32 Input Validation Flaw in 'GetLatestBuilds?cart32=' Permits Remote Cross-Site Scripting Attacks,
Dr Ponidi
- Re: DLINK 614+ - SOHO routers, system DOS,
Gregory Duchemin
- [SECURITY] [DSA 527-1] New pavuk packages fix buffer overflow,
Matt Zimmerman
- [SECURITY] [DSA 526-1] New webmin packages fix multiple vulnerabilities,
Matt Zimmerman
- [ GLSA 200407-04 ] Pure-FTPd: Potential DoS when maximum connections is reached,
Thierry Carrez
- XSS in 12Planet Chat Server 2.9,
Donato Ferrante
- [ GLSA 200407-03 ] Apache 2: Remote denial of service attack,
Thierry Carrez
- unreal ircd ip cloaking subsystem vulnerability,
bartavelle
- Fastream NETFile FTP/Web Server Input validation Errors,
at4r
- MySQL Authentication Bypass,
NGSSoftware Insight Security Research
- Linux Virtual Server/Secure Context procfs shared permissions flaw,
Veit Wahlich
- RE: Microsoft and Security,
Alun Jones
- Do not adopt OIS standards (Was: Public Review of OIS Security Vulnerability Reporting and Response Guidelines),
Ferguson, Ann
- [ GLSA 200407-05 ] XFree86, X.org: XDM ignores requestPort setting,
Thierry Carrez
- xingtone opens server on desktop using undocumented protocol (probably http),
Burton M. Strauss III
- [OpenPKG-SA-2004.030] OpenPKG Security Advisory (png),
OpenPKG
- Re: [ISN] E-Mail Snooping Ruled Permissible,
Jason Coombs
- backdoor menu on conexant chipset dsl router (Zoom X3),
Adam Laurie
- Eudora 6.1.2 attachment spoof,
Paul Szabo
- Enterasys XSR Security Router Record Route Denial Of Service Vulnerability (More information),
Frederico Queiroz
- Can we prevent IE exploits a priori?,
security-bugtraq
- MDKSA-2004:066 - Updated kernel packages fix multiple vulnerabilities,
Mandrake Linux Security Team
- Comersus Cart Improper Request Handling,
Thomas Ryan
- FW: [security bulletin] SSRT4718 rev.0 HP Tru64 UNIX NTP Integer Overflow,
Boren, Rich (SSRT)
- Comersus Cart Cross-Site Scripting Vulnerability,
Thomas Ryan
- Npds BB HTML Injection,
Benjamin Tolman
- Scob variant using IIS 6.0 or just upgrades ?,
Hubbard, Dan
- Suggestion: erase data posted to the Web,
Andrew Daviel
- Security contact wanted,
S G Masood
- [ GLSA 200407-07 ] Shorewall : Insecure temp file handling,
Thierry Carrez
- [GLSA 200407-06] libpng: Buffer overflow on row buffers,
Sune Kloppenborg Jeppesen
- MOZILLA: execute local file and its fix,
liudieyu
- [ GLSA 200407-08 ] Ethereal: Multiple security problems,
Kurt Lieber
- CYBSEC - Security Advisory: Denial of Service in IBM WebSphere Edge Server,
Leandro Meiners
- Norton AntiVirus Denial Of Service Vulnerability [Part: !!!],
Bipin Gautam
- [OpenPKG-SA-2004.031] OpenPKG Security Advisory (dhcpd),
OpenPKG
- Mozilla Security Advisory 2004-07-08,
dveditz
- Microsoft Word Email Object Data Vulnerability,
James C. Slora, Jr.
- MDKSA-2004:067 - Updated ethereal packages fix multiple vulnerabilities,
Mandrake Linux Security Team
- Covert Channels allow Cross-Site-Java in Microsoft VM,
Marc Schoenefeld
- current leading bots used in drone armies [June/July 2004],
Gadi Evron
- [tool] p0f 2.0.4 is out,
Michal Zalewski
- MSOE Javascript Execution Vulnerability,
Paul
- RE: MSIE Download Window Filename + Filetype Spoofing Vulnerability,
Drew Copley
- [ GLSA 200407-10 ] rsync: Directory traversal in rsync daemon,
Kurt Lieber
- MOZILLA: SHELL can execute remote EXE program,
liudieyu
- [BUGZILLA] Multiple vulnerabilities in Bugzilla 2.16.5 and 2.17.7,
David Miller
- Media Preview Script Execution Vulnerability,
Paul
- Re: HijackClick 3,
http-equiv@xxxxxxxxxx
- I small poem in JScript,
Berend-Jan Wever
- [ GLSA 200407-09 ] MoinMoin: Group ACL bypass,
Kurt Lieber
- Remote crash of Half-Life servers and clients (versions before the 07 July 2004),
Luigi Auriemma
- MSIE Similar Method Name Redirection Cross Site/Zone Scripting Vulnerability,
Paul
- Two Vulnerabilities in Mozilla may lead to remote compromise,
Mind Warper
- Moodle XSS Vulnerability,
Thomas Waldegger
- @stake advisory: WebSTAR (5.3.2 and below) Multiple Vulnerabilities,
Advisories
- IE Shell URI Download and Execute, POC,
Ferruh Mavituna
- Microsoft Window Utility Manager Local Elevation of Privileges,
Vivek Rathod (Application Security, Inc.)
- phrack #62 has been released,
phrack staff
- Re: MSIE Similar Method Name Redirection Cross Site/Zone Scripting Vulnerability,
http-equiv@xxxxxxxxxx
- aterm 0.4.2 tty permission weakness,
Maarten Tielemans
- Find the tag continued,
James C. Slora, Jr.
- HtmlHelp - .CHM File Heap Overflow,
Brett Moore
- Microsoft Windows Task Scheduler '.job' Stack Overflow,
NGSSoftware Insight Security Research
- [ GLSA 200407-11 ] wv: Buffer overflow vulnerability,
Thierry Carrez
- Advisory 12/2004: PHP strip_tags() bypass vulnerability,
Stefan Esser
- Ref: http://www.securityfocus.com/archive/1/367866, Jul 1 2004 1:19PM, Subj: Brightmail leaks other user's spam,
Sym Security
- Unchecked buffer in mstask.dll,
Brett Moore
- Advisory 11/2004: PHP memory_limit remote vulnerability,
Stefan Esser
- RE: [Full-Disclosure] Re: IE Shell URI Download and Execute, POC,
Ferruh Mavituna
- TSSA-2004-013 - php,
tinysofa Security Team
- PHP BB bug,
sasan hezarkhani
- [security bulletin] SSRT4741 rev.1 DCE for HP OpenVMS Potential RPC Buffer Overflow Attack VU#259796, VU#568148, VU#326746,
Boren, Rich (SSRT)
- [HV-MED] DoS in Microsoft SMS Client,
vuln
- MDKSA-2004:070 - Updated freeswan and super-freeswan packages fix certificate chain authentication vulnerability,
Mandrake Linux Security Team
- MDKSA-2004:068 - Updated php packages fix multiple vulnerabilities,
Mandrake Linux Security Team
- [CLA-2004:846] Conectiva Security Announcement - kernel,
Conectiva Updates
- [ GLSA 200407-13 ] PHP: Multiple security vulnerabilities,
Kurt Lieber
- White Paper: 0x00 vs ASP file upload scripts,
Brett Moore
- The Impact of RFC Guidelines on DNS Spoofing Attacks,
have2Banonymous
- Trend Micro Officescan for Win2k strange behaviour,
Marco Monicelli
- MDKSA-2004:069 - Updated ipsec-tools packages fix multiple vulnerabilities,
Mandrake Linux Security Team
- SUSE Security Announcement: php4 (SUSE-SA:2004:021),
Sebastian Krahmer
- [waraxe-2004-SA#034 - XSS and path full path disclosure in PhpBB 2.0.8],
Janek Vind
- [security bulletin] SSRT4704 rev.0 HP-UX wu-ftpd local unauthorized access,
Boren, Rich (SSRT)
- [waraxe-2004-SA#035 - Multiple security holes in PhpNuke - part 2],
Janek Vind
- [ GLSA 200407-12 ] Linux Kernel: Remote DoS vulnerability with IPTables TCP Handling,
Tim Yamin
- [OpenPKG-SA-2004.032] OpenPKG Security Advisory (apache),
OpenPKG
- [tool] webstretch 0.1.6 http inspection proxy,
Simon Shanks
- Hotmail Cross Site Scripting Vulnerability,
Paul
- [CLA-2004:847] Conectiva Security Announcement - php4,
Conectiva Updates
- [CLA-2004:848] Conectiva Security Announcement - webmin,
Conectiva Updates
- MSIE Overly Trusted Location Variant Method Cache Vulnerability,
Paul
- [FMADV] Format String Bug in OllyDbg 1.10,
ned
- Re: Mac OS X stores login/Keychain/FileVault passwords on disk,
Theo Van Dinter
- Medal of Honor remote buffer-overflow,
Luigi Auriemma
- Web_Store.cgi allows Command Execution,
Zero_X www.lobnan.de Team
- utilman.exe exploit,
Iván Rodriguez Almuiña
- What A Drag,
http-equiv@xxxxxxxxxx
- Mozilla Bug Isn't So Bad,
Paul
- Artmedic kleinanzeigen include vulnerability,
Francisco Alisson
- [SECURITY] [DSA 529-1] New netkit-telnet-ssl package fixes format string vulnerability,
Matt Zimmerman
- new utilman.exe exploit (allinone remote exploitation),
Iván Rodriguez Almuiña
- [waraxe-2004-SA#036 - Multiple security holes in PhpNuke - part 3],
Janek Vind
- [SECURITY] [DSA 530-1] New l2tpd packages fix buffer overflow,
Matt Zimmerman
- [SECURITY] [DSA 528-1] New ethereal packages fix denial of service,
Matt Zimmerman
- OpenServer 5.0.6 OpenServer 5.0.7 : MMDF Various buffer overflows and other security issues,
please_reply_to_security
- Inappropriate methods exposed in XML -what's the essence?,
portsmut
- PhpBB HTTP Response Splitting & Cross Site Scripting vulnerabilities,
Ory Segal
- [ GLSA 200407-14 ] Unreal Tournament 2003/2004: Buffer overflow in 'secure' queries,
Thierry Carrez
- [FLSA-2004:1734] Updated mailman resolves security vulnerability,
Jesse Keating
- More Webserver / IE Exploits,
Hubbard, Dan
- [ GLSA 200407-15 ] Opera: Multiple spoofing vulnerabilities,
Sune Kloppenborg Jeppesen
- dos_in_file_share_2.6,
nekd0
- Denial of Service vulnerability in several Lexmark HTTP servers,
Peter Kruse
- [FLSA-2004:1324] Updated libxml2 resolves security vulnerabilities,
Jesse Keating
- Buffer overflow in Whisper FTP Surfer 1.0.7,
Komrade
- Denial of Service in Conceptronic CADSLR1 Router,
Administrador de 'Shell Security'
- [SECURITY] [DSA 531-1] New php4 packages fix multiple vulnerabilities,
Matt Zimmerman
- mi2g - fud, lies and libel,
not-mi2g
- Bug@FlashFTPd,
CoolICE
- DOS@XitamiHTTPd,
CoolICE
- Security Release - Samba 3.0.5 and 2.2.10,
Gerald (Jerry) Carter
- Comcast(tm) Email Manager allows arbitrary java and activex code execution,
Michael Scheidell
- [OpenPKG-SA-2004.033] OpenPKG Security Advisory (samba),
OpenPKG
- [ GLSA 200407-17 ] l2tpd: Buffer overflow,
Kurt Lieber
- [OpenPKG-SA-2004.034] OpenPKG Security Advisory (php),
OpenPKG
- [CLA-2004:851] Conectiva Security Announcement - samba,
Conectiva Updates
- TSSA-2004-014 - samba,
tinysofa Security Team
- SWAT PreAuthorization PoC,
bugtraq
- @stake advisory: HP dced Remote Command Execution Multiple OSes,
Advisories
- Samba 3.x swat preauthentication buffer overflow,
Evgeny Demidov
- MDKSA-2004:071 - Updated samba packages fix vulnerability in SWAT, samba-server.,
Mandrake Linux Security Team
- Forward:FullDisclosure/IE - Possible Address Spoofing,
Liu Die Yu
- [SECURITY] [DSA 533-1] New courier packages fix cross-site scripting vulnerability,
Matt Zimmerman
- SUSE Security Announcement: samba (SUSE-SA:2004:022),
Thomas Biege
- [SECURITY] [DSA 534-1] New mailreader packages fix directory traversal vulnerability,
Matt Zimmerman
- Apache 1.3.x mod_userdir Exploit (wgetusr.c),
John Bissell
- OpenServer 5.0.7 : Mozilla Multiple issues,
please_reply_to_security
- mi2g attacks "so-called" security sites,
Rob Rosenberger
- eSafe: Could this be exploited?,
Hugo van der Kooij
- LNSA-#2004-0015: buffer overflow in samba (Jul, 23 2004),
Vincenzo Ciaglia
- [security bulletin] SSRT4773 HP-UX xfs and stmkfont remote unauthorized access,
Boren, Rich (SSRT)
- APC Security Advisory Denial of Service Vulnerability with PowerChuteBusinessEdition,
security.advisory
- LNSA-#2004-0016: Multiple problems in Ethereal 0.10.4 (Jul, 23 2004),
Vincenzo Ciaglia
- FW: [Full-Disclosure] Progress and Challenges,
{tonyFelice}
- eSeSIX Thintune thin client multiple vulnerabilities,
Loss, Dirk
- EasyWeb FileManager Directory Traversal,
sullo
- MS SMS DOS Proof-of-concept code and Snort sig,
wang
- Easyins Stadtportal,
Francisco Alisson
- TSL-2004-0039 - multi,
Trustix Security Advisor
- [ GLSA 200407-19 ] Pavuk: Digest authentication helper buffer overflow,
Kurt Lieber
- Linux Netwosix Bugzilla - Bugtracking System,
Vincenzo Ciaglia
- Mozilla Firefox Certificate Spoofing,
E.Kellinis
- QUESTION,
Alex Mega
- NucleusCMS 3.01 SQL Injection Vulnerability,
acidbits
- ASPRunner Multiple Vulnerabilities,
Ferruh Mavituna
- CVS woes: .cvspass,
Chiaki
- [ GLSA 200407-20 ] Subversion: Vulnerability in mod_authz_svn,
Joshua J. Berry
- OSX Panther Internet Connect - Local root,
br00t
- [security bulletin] SSRT4782 rev. 0 HP-UX CIFS Server potential remote root access,
Boren, Rich (SSRT)
- [SECURITY] [DSA 532-2] New libapache-mod-ssl packages fix multiple vulnerabilities,
Matt Zimmerman
- IRM 009: RiSearch and RiSearch ProPro are vulnerable to open FTP/HTTP proxy, directory listings and file disclosure vulnerabilities,
IRM Advisories
- WASC Releases Web Security Threat Classification,
Jeremiah Grossman
- MDKSA-2004:075 - Updated mod_ssl packages fix potential vulnerabilities,
Mandrake Linux Security Team
- [CLA-2004:852] Conectiva Security Announcement - kernel,
Conectiva Updates
- Re: [Full-Disclosure] Internet Explorer Remote Null Pointer Crash(mshtml.dll),
Berend-Jan Wever
- MDKSA-2004:073 - Updated XFree86 packages fix issue with xdm opening random sockets,
Mandrake Linux Security Team
- AntiBoard <= 0.7.2 XSS/SQL Injection,
Josh Gilmour
- [Paper] Small XSS Paper,
Ferruh Mavituna
- UnixWare 7.1.3up : tcpdump several vulnerabilities in tcpdump.,
please_reply_to_security
- Re: [Full-Disclosure] Crash IE with 11 bytes ;),
Berend-Jan Wever
- MDKSA-2004:072 - Updated postgresql packages fix buffer overflow in odbc driver,
Mandrake Linux Security Team
- Aladdin response regarding eSafe,
Ofer Elzam
- Pavuk Digest Authentication Buffer Overflow,
mattmurphy@xxxxxxxxx
- MDKSA-2004:074 - Updated webmin packages correct remote attacker vulnerabilities,
Mandrake Linux Security Team
- ERRATA: [ GLSA 200407-21 ] Samba: Multiple buffer overflows,
Thierry Carrez
- [ GLSA 200407-21 ] Samba: Multiple buffer overflows,
Kurt Lieber
- OpenServer 5.0.6 OpenServer 5.0.7 : Multiple Vulnerabilities in Sendmail,
please_reply_to_security
- Linpha 0.9.4: authentication bypass,
Rubén Molina
- lostBook v1.1 Javascript Execution,
Joseph Moniz
- MDKSA-2004:076 - Updated sox packages fix buffer overflows with malicious .wav files,
Mandrake Linux Security Team
- DansGuardian Hex Encoding URL Banned Extension Filter Bypass Vulnerability,
Rubén Molina
- File downloads in Opera at known locations,
Rohit Dube
- Jaws 0.4: authentication bypass,
Rubén Molina
- [ GLSA 200407-22 ] phpMyAdmin: Multiple vulnerabilities,
Thierry Carrez
- [CLA-2004:854] Conectiva Security Announcement - samba,
Conectiva Updates
- MDKSA-2004:077 - Updated wv packages fix vulnerability,
Mandrake Linux Security Team
- Citadel/UX Remote DoS Vulnerability,
CoKi
- WpQuiz Gain Admin Rightd Exploit found,
jonathan tough
- [ GLSA 200407-23 ] SoX: Multiple buffer overflows,
Thierry Carrez
- Fwd: New possible scam method : forged websites using XUL (Firefox),
David Ahmad
- UnixWare 7.1.3 Open UNIX 8.0.0 : Xsco contains a buffer overflow that could be exploited to gain root privileges.,
please_reply_to_security
- OpenServer 5.0.6 OpenServer 5.0.7 : OpenSSL Multiple Vulnerabilities,
please_reply_to_security
- OpenServer 5.0.6 OpenServer 5.0.7 : uudecode does not check for symlink or pipe,
please_reply_to_security
- [CLA-2004:855] Conectiva Security Announcement - sox,
Conectiva Updates
- Fusion News Yet Another Unauthorized Account Addition Vulnerability,
Joseph Moniz
Mail converted by MHonArc 2.6.8