Bugtraq: by thread
393 messages
starting Jan 01 02 and
ending Jan 31 02
Date index |
Thread index |
Author index
- IE GetObject() problems Georgi Guninski (Jan 01)
- Re: IE GetObject() problems the Pull (Jan 02)
- Re: IE GetObject() problems Michael Fellows (Jan 03)
- Re: IE GetObject() problems Georgi Guninski (Jan 04)
- [Announce] SECURITY: mutt-1.2.5.1 and mutt-1.3.25 released. Thomas Roessler (Jan 01)
- w00w00 on AOL Instant Messenger (serious vulnerability) Matt Conover (Jan 02)
- <Possible follow-ups>
- RE: w00w00 on AOL Instant Messenger (serious vulnerability) Moorhouse, Walt P (Jan 02)
- [RHSA-2001:170-06] Updated Mailman packages available bugzilla (Jan 02)
- AIM addendum Matt Conover (Jan 02)
- Re: AIM addendum Paul Schmehl (Jan 02)
- Re: AIM addendum Matt Conover (Jan 02)
- Heap overflow in snmpnetstat Juan M. de la Torre (Jan 03)
- Re: AIM addendum Mark Coleman (Jan 03)
- Re: AIM addendum Paul Schmehl (Jan 03)
- Re: AIM addendum Matt Conover (Jan 02)
- <Possible follow-ups>
- Re: AIM addendum austin naremore (Jan 03)
- Re: AIM addendum Tyler (Jan 04)
- Re: AIM addendum Paul Schmehl (Jan 02)
- [SECURITY] [DSA-096-1] mutt buffer overflow Wichert Akkerman (Jan 02)
- Vulnerability in encrypted loop device for linux Jerome Etienne (Jan 02)
- <Possible follow-ups>
- Re: Vulnerability in encrypted loop device for linux Alfonso De Gregorio (Jan 02)
- BSCW: Vulnerabilities and Problems SQEHXLLBQUJX (Jan 02)
- [SECURITY] [DSA-096-2] mutt buffer overflow, sparc update Wichert Akkerman (Jan 02)
- Mail.com Cross Site Scripting Vulnerability Digital Shadow (Jan 03)
- <Possible follow-ups>
- Mail.com Cross Site Scripting Vulnerability Keith Dallara (Jan 04)
- [CLA-2002:447] Conectiva Linux Security Announcement - glibc secure (Jan 03)
- [CLA-2002:448] Conectiva Linux Security Announcement - libgtop secure (Jan 03)
- Serious IE privacy issues Tom Micklovitch (Jan 03)
- Stunnel: Format String Bug update Brian Hatch (Jan 03)
- Re: Stunnel: Format String Bug update Roman Drahtmueller (Jan 08)
- [AP] awhttpd v2.2 local DoS methodic (Jan 03)
- Format string bug in awhttpd (Re: [AP] awhttpd v2.2 local DoS) 3APA3A (Jan 05)
- <Possible follow-ups>
- Re: [AP] awhttpd v2.2 local DoS D. (Jan 07)
- Vulnerability in new user creation in Geeklog 1.3 Woody Hughes (Jan 04)
- [SECURITY] [DSA 097-1] New versions of Exim fix uncontrolled program execution Martin Schulze (Jan 04)
- Vulnerability in user posting in Nick.com forums Danny Ricci (Jan 04)
- More reading of local files in MSIE jelmer (Jan 04)
- Re: More reading of local files in MSIE Dave Ahmad (Jan 04)
- Re: More reading of local files in MSIE the Pull (Jan 05)
- VERISIGN "PAYFLOW LINK" PAYMENT SERVICE SECURITY FAILURE keith royster (Jan 04)
- <Possible follow-ups>
- Re: VERISIGN "PAYFLOW LINK" PAYMENT SERVICE SECURITY FAILURE David Frascone (Jan 05)
- Security Advisory for Bugzilla v2.15 (cvs20020103) and older Dave Miller (Jan 05)
- Re: Security Advisory for Bugzilla v2.15 (cvs20020103) and older David Miller (Jan 07)
- Savant Webserver Buffer Overflow Vulnerability Tamer Sahin (Jan 05)
- BOOZT! Standard 's administration cgi vulnerable to buffer overflow rsanmcar (Jan 05)
- Pine 4.33 (at least) URL handler allows embedded commands. zen-parse (Jan 05)
- Re: Pine 4.33 (at least) URL handler allows embedded commands. Michal Zalewski (Jan 07)
- Re: Pine 4.33 (at least) URL handler allows embedded commands. zen-parse (Jan 08)
- Re: Pine 4.33 (at least) URL handler allows embedded commands. Roman Drahtmueller (Jan 08)
- Re: Pine 4.33 (at least) URL handler allows embedded commands. Michal Zalewski (Jan 07)
- CSS Daryl (Jan 05)
- Hosting Controller's - Multiple Security Vulnerabilities Phuong Nguyen (Jan 05)
- Re: gzip bug w/ patch.. Jonathan A. Zdziarski (Jan 05)
- AW: IE https certificate attack K . J . Mueller (Jan 05)
- Re: AW: IE https certificate attack Florian Weimer (Jan 07)
- Re: IE https certificate attack Helmut Springer (Jan 07)
- Re: IE https certificate attack Jim Knoble (Jan 08)
- Re: AW: IE https certificate attack Ben Laurie (Jan 07)
- Re: AW: IE https certificate attack George Staikos (Jan 07)
- CrossSiteScripting PostNuke. rolphin (Jan 06)
- Denial of Service flaw in Apache Tozz (Jan 06)
- Re: Denial of Service flaw in Apache Marc Slemko (Jan 07)
- RE: Re : Fw: VERISIGN "PAYFLOW LINK" PAYMENT SERVICE SECURITY FAI LURE (#5947-000093-7546\939465) vps-support (Jan 06)
- Inproper input validation in Bugzilla <=2.14 - exploit funkysh (Jan 07)
- <Possible follow-ups>
- Re: Inproper input validation in Bugzilla <=2.14 - exploit David Miller (Jan 10)
- Cross Site Scripting in microsoft.com frog frog (Jan 07)
- AOLserver 3.4.2 Unauthorized File Disclosure Vulnerability Tamer Sahin (Jan 07)
- HP Secure OS Software for Linux security bulletins digest IT Resource Center (Jan 07)
- <Possible follow-ups>
- HP Secure OS Software for Linux security bulletins digest IT Resource Center (Jan 25)
- Internet Explorer Javascript Modeless Popup Local Denial of Service Vulnerability Lance Hitchcock Jr . (Jan 07)
- Linksys 'routers', SNMP issues Matthew S. Hallacy (Jan 07)
- Re: Linksys 'routers', SNMP issues John Duksta (Jan 07)
- Re: Linksys 'routers', SNMP issues The Cyberiad (Jan 08)
- <Possible follow-ups>
- Re: Linksys 'routers', SNMP issues Ken . Williams (Jan 09)
- Re: Linksys 'routers', SNMP issues John Duksta (Jan 07)
- Aftpd core dump vulnerability Nu Omega Tau (Jan 07)
- Re: Aftpd core dump vulnerability Neeko Oni (Jan 08)
- <Possible follow-ups>
- Re: Aftpd core dump vulnerability Nu Omega Tau (Jan 08)
- [PTL-2002-01] Vulnerabilities in Oracle9iAS Web Cache Mark A. Rowe (PenTest) (Jan 07)
- Faqmanager.cgi file read vulnerability Nu Omega Tau (Jan 07)
- ICQ remote buffer overflow vulnerability Daniel Tan (Jan 07)
- Re: ICQ remote buffer overflow vulnerability Daniel Tan (Jan 07)
- Re: ICQ remote buffer overflow vulnerability elijah wright (Jan 08)
- Re: ICQ remote buffer overflow vulnerability Daniel Tan (Jan 08)
- Re: ICQ remote buffer overflow vulnerability 'ken'@FTU (Jan 08)
- Re: ICQ remote buffer overflow vulnerability Nick FitzGerald (Jan 08)
- SuSE Security Announcement: mutt (SuSE-SA:2002:001) Roman Drahtmueller (Jan 07)
- C2IT.com Cross Site Scripting Vulnerability security (Jan 07)
- Network Queuing Environment (NQE) contains vulnerabilities SGI Security Coordinator (Jan 07)
- [RHSA-2002:003-10] New mutt packages available to fix security problem bugzilla (Jan 07)
- [CLA-2002:449] Conectiva Linux Security Announcement - mutt secure (Jan 07)
- TSLSA-2002-0003 - mutt Trustix Secure Linux Advisor (Jan 07)
- [RHSA-2002:002-10] Updated stunnel packages available. bugzilla (Jan 07)
- [RHSA-2001:176-05] Updated exim packages fix security problem bugzilla (Jan 08)
- KPMG-2002003: Bea Weblogic DOS-device Denial of Service Peter Gründl (Jan 08)
- w00w00 on AIM Filter (Backdoors & SpyWare) Jordan Ritter (Jan 08)
- <Possible follow-ups>
- RE: w00w00 on AIM Filter (Backdoors & SpyWare) Tim Yardley (Jan 08)
- svindel.net security advisory - web admin vulnerability in CacheOS Bjorn Djupvik (Jan 08)
- Allaire Forums Vulnerability John Cantu (Jan 09)
- CSS vulnerabilities in YaBB and UBB allow account hijack [Multiple Vendor] Obscure (Jan 09)
- LIDS Security Advisory 1 Huagang Xie (Jan 09)
- <Possible follow-ups>
- RE: CSS vulnerabilities in YaBB and UBB allow account hijack [Multiple Vendor] Obscure (Jan 10)
- Re: CSS vulnerabilities in YaBB and UBB allow account hijack [Multiple Vendor] Andrew Clover (Jan 11)
- [SECURITY] [DSA-098-1] two libgtop security problems Wichert Akkerman (Jan 09)
- xchat IRC session hijacking vulnerability (versions 1.4.1, 1.4.2) zen-parse (Jan 09)
- MDKSA-2002:001 - bind update Mandrake Linux Security Team (Jan 09)
- [CLA-2002:450] Conectiva Linux Security Announcement - proftpd secure (Jan 09)
- Paper: Unicode overflow technique Chris Anley (Jan 09)
- xterm exploit in Unixware 7.0.1 jG gM (Jan 09)
- Announcing a new DNS server implementation bugtraq (Jan 09)
- Re: Announcing a new DNS server implementation D. J. Bernstein (Jan 09)
- [RHSA-2001:179-05] Updated namazu packages are available bugzilla (Jan 09)
- Details on the updated namazu packages that are available KF (Jan 10)
- Re: Details on the updated namazu packages that are available NOKUBI Takatsugu (Jan 10)
- Details on the updated namazu packages that are available KF (Jan 10)
- CDE bug in Unixware 7.1 jG gM (Jan 09)
- dtterm exploit in Unixware 7.1.1 jG gM (Jan 09)
- MDKSA-2002:002 - mutt update Mandrake Linux Security Team (Jan 09)
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco SN 5420 Storage Router Cisco Systems Product Security Incident Response Team (Jan 09)
- Security flaws in tinc Jerome Etienne (Jan 09)
- HP-UX security bulletins digest IT Resource Center (Jan 09)
- <Possible follow-ups>
- HP-UX security bulletins digest IT Resource Center (Jan 25)
- File Transversal Vulnerability in Dino's WebServer Franc Ruiz Arenas (Jan 09)
- Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability Tamer Sahin (Jan 09)
- FWD: Sun Microsystems, Inc. Security Bulletin Dave Ahmad (Jan 09)
- BOOZT! Standard CGI Vulnerability : Exploit Released NIKEBOY (Jan 09)
- myvoicestream.com vulnerability Trey Valenta (Jan 09)
- Re: myvoicestream.com vulnerability Scott Dier (Jan 09)
- MiraMail 1.04 can give POP account access and details Chris Lathem (Jan 09)
- UPNP Denial of Service Gabriel Maggiotti (Jan 09)
- Re: UPNP Denial of Service Patrick Chambet (Jan 10)
- Security weaknesses of VTun Jerome Etienne (Jan 10)
- [SA-2002:00] Slashcode login vulunerability Chris Nandor (Jan 10)
- Snort core dumped Sinbad (Jan 10)
- Re: Snort core dumped KF (Jan 10)
- Re: Snort core dumped Martin Roesch (Jan 11)
- Unixware 7.1.1 rpc.cmsd remote exploit code. jGgM . (Jan 10)
- Re: Unixware 7.1.1 rpc.cmsd remote exploit code. Dave Ahmad (Jan 10)
- Cookie modification allows unauthenticated user login in Geeklog 1.3 Adrian Chung (Jan 10)
- Handspring Visor D.O.S Jason Lutz (Jan 10)
- Re: Handspring Visor D.O.S Roger H. Goun (Jan 10)
- Re: Handspring Visor D.O.S ark (Jan 10)
- Re: Handspring Visor D.O.S Simon Dick (Jan 11)
- Re: Handspring Visor D.O.S Raistlin (Jan 11)
- Re: Handspring Visor D.O.S Roger H. Goun (Jan 10)
- Legato Vulnerable Venkatesh babu Sira (Jan 10)
- Re: Legato Vulnerable Wolfgang Fischer (Jan 10)
- Security Update: [CSSA-2002-SCO.1] OpenServer: wu-ftpd ftpglob() vulnerability security (Jan 10)
- MDKSA-2001:095-1 - glibc update Mandrake Linux Security Team (Jan 10)
- Shockwave Flash player issue Peter Santangeli (Jan 10)
- autoresponder program could be tricked by spamers to send unsolicited mail to victim's address user (Jan 10)
- address.com: email vulnerability wannabe anonymousplease (Jan 10)
- <Possible follow-ups>
- RE: address.com: email vulnerability Robert Ellis (Jan 12)
- cgiaudit release information Derek Callaway (Jan 10)
- Security Update: [CSSA-2001-039.0] Linux - IMP/HORDE cross site scripting vulnerability Support Info (Jan 11)
- Announce: NGSSniff David Litchfield (Jan 11)
- Kerberos 5 ftp client Core Dump Replugge [Rod] (Jan 11)
- Re: autoresponder program could be tricked by spamers to send unsolicitedmail to victim's address (fwd) Rodent of Unusual Size (Jan 11)
- Automated remote CGI vulnerability discovery Samy Kamkar (Jan 11)
- Novell Netware Login "bypass" to execute programs Philip Wagenaar (Jan 11)
- ASP Application Security: CDONTS.NEWMAIL David Litchfield (Jan 11)
- Eserv 2.97 Password Protected File Arbitrary Read Access Vulnerability (Solution) Tamer Sahin (Jan 11)
- Bug in alcatel speed touch home adsl modem Hacknisty (Jan 11)
- cdrdao insecure filehandling Jens Steube (Jan 14)
- Re: cdrdao insecure filehandling Guillaume PELAT (Jan 15)
- Re: cdrdao insecure filehandling Anthony DeRobertis (Jan 15)
- Re: cdrdao insecure filehandling martin f krafft (Jan 16)
- Re: cdrdao insecure filehandling Luciano Miguel Ferreira Rocha (Jan 17)
- Re: cdrdao insecure filehandling Pavel Kankovsky (Jan 21)
- Re: cdrdao insecure filehandling martin f krafft (Jan 16)
- Eterm SGID utmp Buffer Overflow (Local) Charles 'core' Stevenson (Jan 14)
- Re: Eterm SGID utmp Buffer Overflow (Local) Michael Jennings (Jan 21)
- Palm Desktop 4.0b76-77 for Mac OS X Victor Kruger (Jan 14)
- [RHSA-2002:004-06] New groff packages available to fix security problems bugzilla (Jan 14)
- Message not available
- Re: [RHSA-2002:004-06] New groff packages available to fix security problems Colin Watson (Jan 16)
- Message not available
- Addendum Re: Internet Explorer Pop-Up OBJECT Tag Bug the Pull (Jan 16)
- <Possible follow-ups>
- Re: FW: PHP 4.x session spoofing Gunzour (Jan 15)
- <Possible follow-ups>
- Re: Pi3Web Webserver v2.0 Buffer Overflow Vulnerability Holger Zimmermann (Jan 21)
- Re: IE Clipboard Stealing Vulnerability TAKAGI, Hiromitsu (Jan 15)
- MSIE 6.0 will rollback during XP Pro Install -- Ref: MSIE may download and run programs automatically - details Jeffrey W. Dronenburg (Jan 15)
- <Possible follow-ups>
- Re: ZBServer Pro DoS Vulnerability Steven M. Christey (Jan 16)
- <Possible follow-ups>
- Re: Vulnerability Netgear RP-114 Router - nmap causes DOS Zoid (Jan 16)
- <Possible follow-ups>
- RE: Authorize.Net Plain Text Login Transmission Robert Brewer (Jan 16)
- Re: Serious privacy leak in Python for Windows Alan Caulkins (Jan 16)
- <Possible follow-ups>
- Re: IE FORM DOS SkyLined (Jan 21)
- <Possible follow-ups>
- RE: Breakable Jonathan A. Zdziarski (Jan 18)
- RE: Breakable bugtraq () t-swat com (Jan 18)
- RE: Breakable Jonathan A. Zdziarski (Jan 18)
- Re: Breakable Pete Finnigan (Jan 21)
- Re: Breakable uid0 (Jan 21)
- RE: Breakable bugtraq () t-swat com (Jan 18)
- RE: Breakable Greg Williamson (Jan 23)
- <Possible follow-ups>
- Re: PHP-Nuke allows Command Execution & Much more truff (Jan 21)
- Re: PHP-Nuke allows Command Execution & Much more RoMaNSoFt (Jan 24)
- Re: efax H D Moore (Jan 16)
- Re: uucp --config patch -- not sufficient Charles 'core' Stevenson (Jan 21)
- Re: uucp --config patch -- not sufficient zen-parse (Jan 21)
- <Possible follow-ups>
- Re: USPS Online Bill Pay - Cleartext Password Leakage KF (Jan 22)
- Re: remote memory reading through tcp/icmp Fyodor (Jan 21)
- RE: remote memory reading through tcp/icmp David LeBlanc (Jan 22)
- Re: remote memory reading through tcp/icmp Casper Dik (Jan 31)
- <Possible follow-ups>
- Re: remote memory reading through tcp/icmp Andi Kleen (Jan 22)
- Re: remote memory reading through tcp/icmp (linux) Martin Mačok (Jan 22)
- RE: remote memory reading through tcp/icmp Michael Wojcik (Jan 22)
- Re: Maelstrom 1.4.3 abartity file overwrite Chris Gragsone (Jan 21)
- <Possible follow-ups>
- Re: Cross-Site Vulnerabilities (Still) Found in Major Web Sites Andrew Wason (Jan 22)
- Re: Shoutcast server 1.8.3 win32 ellipse (Jan 22)
- Re: Shoutcast server 1.8.3 win32 Austin Ensminger (Jan 23)
- Re: remote buffer overflow in sniffit Edwin Groothuis (Jan 22)
- Re: remote buffer overflow in sniffit Brad (Jan 22)
- <Possible follow-ups>
- RE: Citrix NFuse 1.6 Jeff Mills (Jan 22)
- RE: Citrix NFuse 1.6 steven.sporen (Jan 23)
- RE: The "Lunch Break Hole" David LeBlanc (Jan 28)
- <Possible follow-ups>
- Re: squirrelmail bug Konstantin Riabitsev (Jan 24)
- Re: squirrelmail bug Adam Herscher (Jan 24)
- <Possible follow-ups>
- Re: Agoracgi v3.3e Cross Site Scripting Vulnerability Steve Kneizys (Jan 25)
- Vulnerability report for Tarantella Enterprise 3. Larry W. Cashdollar (Jan 26)
- Re: Sapgui 4.6D for Windows Falk Siemonsmeier (Jan 28)
- Re: user-mode-linux problems Ajax (Jan 31)
- <Possible follow-ups>
- sastcpd Buffer Overflow and Format String Vulnerabilities Wodahs Latigid (Jan 29)
- Re: [VulnWatch] sastcpd Buffer Overflow and Format String Vulnerabilities William D. Colburn (aka Schlake) (Jan 29)
- RE: Long path exploit on NTFS Gavin Lowe (Jan 30)
- RE: Long path exploit on NTFS David LeBlanc (Jan 31)
- <Possible follow-ups>
- RE: Long path exploit on NTFS Leif Sawyer (Jan 30)
- RE: Long path exploit on NTFS Moorhouse, Walt P (Jan 31)
- Re: DoS bug on Tru64 Dennis Jenkins (Jan 30)
- Re: DoS bug on Tru64 Matt Chapman (Jan 31)
- <Possible follow-ups>
- Re: DoS bug on Tru64 ellipse (Jan 30)
- RE: DoS bug on Tru64 Roberts Ross (Jan 30)
- Re: DoS bug on Tru64 Bob Dog (Jan 30)
- Re: DoS bug on Tru64 Chris Adams (Jan 31)
- Re: DoS bug on Tru64 UCX Foe (Jan 31)
- Re: DoS bug on Tru64 Scott Brewster (Jan 31)
- <Possible follow-ups>
- Re: Script for find domino's users Simon Delicata (Jan 31)
- Re: tac_plus version F4.0.4.alpha on at least Solaris 8 sparc ellipse (Jan 31)
- Re: tac_plus version F4.0.4.alpha on at least Solaris 8 sparc Jarno Huuskonen (Jan 31)
- Re: Fairly serious vulnerability in vBulletin 2.2.0 Sam Sargeant (Jan 31)