Bugtraq: by author

• RSS Feed
• About List
• All Lists

Previous period

Next period

387 messages starting Nov 19 02 and ending Nov 27 02
Date index | Thread index | Author index

3APA3A

Update to LOM's advisory 3APA3A (Nov 19)
LOM: Multiple vulnerabilities in Macromedia Flash ActiveX 3APA3A (Nov 19)

Aaron C. Newman (Application Security, Inc.)

ASI Sybase Security Alert: Buffer overflow in xp_freedll Aaron C. Newman (Application Security, Inc.) (Nov 27)
ASI Sybase Security Alert: Buffer overflow in DBCC CHECKVERIFY Aaron C. Newman (Application Security, Inc.) (Nov 27)
ASI Sybase Security Alert: Buffer overflow in DROP DATABASE Aaron C. Newman (Application Security, Inc.) (Nov 27)

Aaron Howell

[Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8] Aaron Howell (Nov 12)

AK

M$ VPN hole reported AK (Nov 01)

Alan DeKok

Unofficial statement re: tcpdump and libpcap Alan DeKok (Nov 17)

Alan Rouse

ZDnet forum: IE formatting local drive Alan Rouse (Nov 16)

Alex Harasic

Re: Accesspoints disclose wep keys, password and mac filter (fwd) Alex Harasic (Nov 08)
Re: iDEFENSE Security Advisory 10.31.02a: Denial of Service Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router Alex Harasic (Nov 01)

Alex T.

Securing OWA on public computers. Alex T. (Nov 09)

Andreas Pour

KDE Security Advisory: rlogin.protocol and telnet.protocol URL KIO Vulnerability Andreas Pour (Nov 12)
KDE Security Advisory: resLISa / LISa Vulnerabilities Andreas Pour (Nov 12)

Andreas Sandblad

Re: How to execute programs with parameters in IE - Sandblad advisory #10 Andreas Sandblad (Nov 11)
How to execute programs with parameters in IE - Sandblad advisory #10 Andreas Sandblad (Nov 06)

Andrei Mikhailovsky

Default SNMP community in Surecom Broadband Router Andrei Mikhailovsky (Nov 15)

Andy

JSP processor 1.1 information disclosure Andy (Nov 16)

Andy Polyakov

Re: When scrubbing secrets in memory doesn't work Andy Polyakov (Nov 07)

AQBARROS

RES: A technique to mitigate cookie-stealing XSS attacks AQBARROS (Nov 07)

Arab VieruZ

XSS bug in vBulletin Arab VieruZ (Nov 23)
XSS bug in phpBB Arab VieruZ (Nov 20)

Arjun Pednekar

Weak Password Encryption Scheme in Integrated Dialer Arjun Pednekar (Nov 01)

Arne Vidstrom

Kerberos login sniffer and cracker for Windows 2000/XP Arne Vidstrom (Nov 28)

Aviram Jenik

TFTPD32 Directory Traversal Vulnerability Aviram Jenik (Nov 20)
TFTPD32 Buffer Overflow Vulnerability (Long filename) Aviram Jenik (Nov 18)

benjurry

Oracle TNS SEH Exploit benjurry (Nov 26)

Brian J. Gaia

RE: Bypassing website filter in SonicWall Brian J. Gaia (Nov 01)

bugzilla

[RHSA-2002:264-05] New kernel 2.2 packages fix local denial of service issue bugzilla (Nov 26)
[RHSA-2002:213-06] New PHP packages fix vulnerability in mail function bugzilla (Nov 11)
[RHSA-2002:242-06] Updated kerberos packages available bugzilla (Nov 07)
[RHSA-2002:266-05] New samba packages available to fix potential security vulnerability bugzilla (Nov 23)
[RHSA-2002:197-09] Updated glibc packages fix vulnerabilities in resolver bugzilla (Nov 07)
[RHSA-2002:262-07] New kernel fixes local denial of service issue bugzilla (Nov 18)

Carl Livitt

Exploit for traceroute-nanog overflow Carl Livitt (Nov 29)

Casper Dik

Re: Solaris priocntl exploit Casper Dik (Nov 28)
Re: Solaris priocntl exploit Casper Dik (Nov 27)
Re: Accesspoints disclose wep keys, password and mac filter (fwd) Casper Dik (Nov 08)

Chris Adams

Re: Bind 8 bug experience Chris Adams (Nov 15)

Chris Caydes

Re: Yahoo Messenger: Invisible User Detect Chris Caydes (Nov 08)

Christophe Devine

i386 Linux kernel DoS Christophe Devine (Nov 13)
Re: i386 Linux kernel DoS Christophe Devine (Nov 15)

Chris Wilson

RE: Motorola Cable Modem DOS Chris Wilson (Nov 13)

Chris Wysopal

Re: [Full-Disclosure] Re: Oracle Security Contact Chris Wysopal (Nov 06)

Cisco Systems Product Security Incident Response Team

Cisco Security Advisory: Cisco PIX Multiple Vulnerabilities Cisco Systems Product Security Incident Response Team (Nov 23)
Cisco Security Advisory: Cisco ONS15454 and Cisco ONS15327 Vulnerabilities Cisco Systems Product Security Incident Response Team (Oct 31)

Clark Mills

Re: Gimp: Erased sections of images print in some cases Clark Mills (Nov 01)

Cliff Albert

Re: Accesspoints disclose wep keys, password and mac filter (fwd) Cliff Albert (Nov 04)

Clint Byrum

SnortCenter 0.9.5 temp file naming problems... Clint Byrum (Nov 05)

cringe

Yahoo Messenger: Invisible User Detect cringe (Nov 07)

Crispin Cowan

Timing the Application of Security Patches for Optimal Uptime Crispin Cowan (Nov 11)

Daniel

Bug in Monkey Webserver 0.5.0 or minors versions Daniel (Nov 05)

Daniel Ahlberg

GLSA: gtetrinet Daniel Ahlberg (Nov 23)
GLSA: MailTools Daniel Ahlberg (Nov 06)
GLSA: kgpg Daniel Ahlberg (Nov 11)
GLSA: apache Daniel Ahlberg (Nov 12)
GLSA: samba Daniel Ahlberg (Nov 23)
GLSA: courier Daniel Ahlberg (Nov 23)
GLSA: php Daniel Ahlberg (Nov 23)
GLSA: kdelibs Daniel Ahlberg (Nov 15)
GLSA: kdenetwork Daniel Ahlberg (Nov 16)

Daniel Jacobowitz

[SECURITY] [DSA-196-1] New BIND packages fix several vulnerabilities Daniel Jacobowitz (Nov 17)

Dan Taylor Jr.

RE: Motorola Cable Modem DOS Dan Taylor Jr. (Nov 11)

DarC KonQuesT

IceWarp 3.4.5 XSS *AGAIN* DarC KonQuesT (Nov 15)

Dave Ahmad

[security bulletin] SSRT2385 OSIS V5.4 LDAP Module for System Authentication Potential Security Vulnerability (fwd) Dave Ahmad (Nov 27)
ISS Security Advisory: Multiple Remote Vulnerabilities in BIND4 and BIND8 (fwd) Dave Ahmad (Nov 12)
ISS Security Brief: Solaris fs.auto Remote Compromise Vulnerability (fwd) Dave Ahmad (Nov 25)
[Security bulletin] SSRT2266 HP Tru64 UNIX IGMP Potential (DoS) Security Vulnerability (fwd) Dave Ahmad (Nov 27)
RE: [security bulletin] SSRT2265 HP TruCluster Server Interconnect Potential Security Vulnerability (fwd) Dave Ahmad (Nov 05)
Re: (MSIE) when parent gives his son bad things ;) --"dialogArguments " again Dave Ahmad (Nov 19)
[security bulletin] SSRT2301 - HP Tru64 UNIX uudecode Potential Security Vulnerability (fwd) Dave Ahmad (Nov 27)
CERT Advisory CA-2002-32 Backdoor in Alcatel OmniSwitch AOS (fwd) Dave Ahmad (Nov 25)

Dave Aitel

Re: Netscape Problems. Dave Aitel (Nov 27)

Dave B.

AIM Bug Dave B. (Nov 27)

Dave Wilson

Re: File reading vulnerable in PHP and MySQL (Local Exploit) Dave Wilson (Nov 28)

David Endler

iDEFENSE Security Advisory 10.31.02a: Denial of Service Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router David Endler (Nov 01)
iDEFENSE Security Advisory 11.19.02a: Denial of Service Vulnerability in Linksys Cable/DSL Routers David Endler (Nov 24)
iDEFENSE Security Advisory 11.04.02b: Denial of Service Vulnerability in Xeneo Web Server David Endler (Nov 04)
iDEFENSE Security Advisory 11.11.02: Buffer Overflow in KDE resLISa David Endler (Nov 11)
iDEFENSE Security Advisory 11.04.02a: Pablo FTP Server DoS Vulnerability David Endler (Nov 04)
iDEFENSE Security Advisory 11.19.02c: Netscape Predictable Directory Structure Allows Theft of Preferences File David Endler (Nov 23)
iDEFENSE Security Advisory 11.08.02a: File Disclosure Vulnerability in Simple Web Server David Endler (Nov 08)
iDEFENSE Security Advisory 11.08.02b: Non-Explicit Path Vulnerability in QNX Neutrino RTOS David Endler (Nov 08)
iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse David Endler (Nov 01)
iDEFENSE Security Advisory 11.06.02: Non-Explicit Path Vulnerability in LuxMan David Endler (Nov 06)
iDEFENSE Security Advisory 10.31.02b: Prometheus Application Framework Code Injection David Endler (Nov 01)
Linksys security contact David Endler (Nov 07)
Update: iDEFENSE Security Advisory 11.19.02b: Eudora Script Execution Vulnerability David Endler (Nov 21)
iDEFENSE Security Advisory 11.19.02b: Eudora Script Execution Vulnerability David Endler (Nov 25)
iDEFENSE Security Advisory 10.31.02c: PHP-Nuke SQL Injection Vulnerability David Endler (Nov 01)

David J. Hughes

LibHTTPD Vulnerability and fix David J. Hughes (Nov 26)

David Litchfield

MS02-064 fix time David Litchfield (Nov 16)

David Miller

XSS vulnerability in Bugzilla if upgraded from 2.10 or earlier David Miller (Nov 27)

David Wagner

Re: A technique to mitigate cookie-stealing XSS attacks David Wagner (Nov 08)

deadbeat

Oracle iSQL*Plus buffer Overflow.. deadbeat (Nov 09)

D. J. Bernstein

Re: CAIS-ALERT: Vulnerability in the sending requests control of BIND D. J. Bernstein (Nov 27)

d k

Re: Accesspoints disclose wep keys, password and mac filter (fwd) d k (Nov 05)

dong-h0un U

Remote Multiple Buffer Overflow(s) vulnerability in Libcgi-tuxbr. dong-h0un U (Nov 28)
Remote Buffer Overflow vulnerability in Lib HTTPd. dong-h0un U (Nov 15)
Multiple vulnerabilities in Tiny HTTPd dong-h0un U (Nov 11)
Remote Buffer Overflow vulnerability in Light HTTPd dong-h0un U (Nov 12)
Remote Buffer Overflow vulnerability in Zeroo HTTP Server. dong-h0un U (Nov 17)
Remote POST Buffer Overflow vulnerability in Pserv. dong-h0un U (Nov 27)
Remote Heap malloc/free & multiple Overflow vulnerability in WSMP3. dong-h0un U (Nov 25)
Remote Frame Pointer Overwrite vulnerability in LIB CGI in Language C. dong-h0un U (Nov 27)

Ed Ravin

Finding Vendor Security Contacts Ed Ravin (Nov 09)

Ed Reed

NOVL-2002-2963651 - iManager (eMFrame) Buffer Overflow Ed Reed (Nov 11)
NOVL-2002-2963767 - Remote Manager Security Issue - eDir 8.6.2 Ed Reed (Nov 12)
NOVL-2002-2963827 - Remote Manager Security Issue - NW5.1 Ed Reed (Nov 12)

Eitan Caspi

User downgraded from Administrator to User retains the ability to list other user's running tasks Eitan Caspi (Nov 29)

Elio Grieco

Re: Gimp: Erased sections of images print in some cases Elio Grieco (Oct 31)

EnGarde Secure Linux

[ESA-20021122-030] local kernel vulnerabilities EnGarde Secure Linux (Nov 23)
[Full-Disclosure] [ESA-20021029-028] syslog-ng: buffer overflow in macro handling code (UPDATED) EnGarde Secure Linux (Nov 10)
[ESA-20021122-031] php upgrade, security fixes EnGarde Secure Linux (Nov 23)
[ESA-20021127-032] 'pine' version upgrade, security fixes. EnGarde Secure Linux (Nov 27)
[ESA-20021114-029] BIND buffer overflow, DoS attacks. EnGarde Secure Linux (Nov 15)

Eric Rescorla

Security holes... Who cares? Eric Rescorla (Nov 17)

Eric Stevens

RE: A technique to mitigate cookie-stealing XSS attacks Eric Stevens (Nov 15)

Erik Parker

Netscreen SSH1 CRC32 Compensation Denial of service Erik Parker (Nov 01)
(Correction) Netscreen SSH1 CRC32 Compensation Denial of service Erik Parker (Nov 01)

es

[ElectronicSouls] - BOOZT CGI Exploit es (Nov 29)

euronymous

Zeus Admin Server v4.1r2 index.fcgi XSS bug euronymous (Nov 09)

Felix Radensky

Re: Allot Netenforcer problems, GNU TAR flaw Felix Radensky (Nov 04)

Florian Weimer

Re: ISS Security Brief: Solaris fs.auto Remote Compromise Vulnerability (fwd) Florian Weimer (Nov 27)
Re: A technique to mitigate cookie-stealing XSS attacks Florian Weimer (Nov 05)
Re: RES: A technique to mitigate cookie-stealing XSS attacks Florian Weimer (Nov 08)
Re: GNU GCC: Optimizer Removes Code Necessary for Security Florian Weimer (Nov 19)
Re: When scrubbing secrets in memory doesn't work Florian Weimer (Nov 18)
Re: A technique to mitigate cookie-stealing XSS attacks Florian Weimer (Nov 08)

Frank Heyne

Bug in EventSave Frank Heyne (Nov 01)

Frank Louwers

Re: Accesspoints disclose wep keys, password and mac filter (fwd) Frank Louwers (Nov 04)

Frank Perreault

Lotus Domino HTTP Server security issue Frank Perreault (Nov 08)

FreeBSDbr Bugtraq DataBase

Open WebMail 1.71 "background" magic info FreeBSDbr Bugtraq DataBase (Nov 23)

FreeBSD Security Advisories

FreeBSD Security Advisory FreeBSD-SA-02:40.kadmind FreeBSD Security Advisories (Nov 13)
FreeBSD Security Advisory FreeBSD-SA-02:42.resolv FreeBSD Security Advisories (Nov 14)
FreeBSD Security Advisory FreeBSD-SA-02:41.smrsh [REVISED] FreeBSD Security Advisories (Nov 17)
FreeBSD Security Advisory FreeBSD-SA-02:43.bind [REVISED] FreeBSD Security Advisories (Nov 17)
FreeBSD Security Advisory FreeBSD-SA-02:43.bind FreeBSD Security Advisories (Nov 15)

Frog Man

Immobilier 1 (PHP) Frog Man (Nov 26)
FreeNews & News Evolution (PHP) Frog Man (Nov 27)
Web Server Creator - Web Portal 0.1 (PHP) Frog Man (Nov 25)

Fulton Preston

RE: Motorola Cable Modem DOS Fulton Preston (Nov 08)

Gert Fokkema

Re: How to execute programs with parameters in IE - Sandblad advisory #10 Gert Fokkema (Nov 08)

Gianni Tedesco

Re: When scrubbing secrets in memory doesn't work Gianni Tedesco (Nov 07)

Glen Bishop

Re: Bind 8 bug experience Glen Bishop (Nov 15)

Gossi The Dog

Re: ZDnet forum: IE formatting local drive Gossi The Dog (Nov 17)

GreyMagic Software

RE: MS02-066 - fixes, gaps and incorrect statements GreyMagic Software (Nov 26)
Opera 7 vulnerabilities GreyMagic Software (Nov 15)
RE: (MSIE) -"dialogArguments" (extended) GreyMagic Software (Nov 23)

Hai Nam Luke

Code Injection in phpBB Advanced Quick Reply Mod Hai Nam Luke (Nov 15)
File reading vulnerable in PHP and MySQL (Local Exploit) Hai Nam Luke (Nov 27)

Hakan Carlsson

Re: Accesspoints disclose wep keys, password and mac filter (fwd) Hakan Carlsson (Nov 07)

hysterix1

Re: How to execute programs with parameters in IE - Sandblad advisory #10 hysterix1 (Nov 09)

Ilya Teterin

arp spoofing defence Ilya Teterin (Nov 15)

informatik.koerfer

Re: Accesspoints disclose wep keys, password and mac filter (fwd) informatik.koerfer (Nov 07)
Re: Accesspoints disclose wep keys, password and mac filter (fwd) informatik.koerfer (Nov 07)

Iván Arce

RE: CAIS-ALERT: Vulnerability in the sending requests control of BIND Iván Arce (Nov 27)
RE: CAIS-ALERT: Vulnerability in the sending requests control of BIND Iván Arce (Nov 28)

Jan Echternach

Re: When scrubbing secrets in memory doesn't work Jan Echternach (Nov 14)

Jason Coombs

RE: A technique to mitigate cookie-stealing XSS attacks Jason Coombs (Nov 12)

jasonk

RE: A technique to mitigate cookie-stealing XSS attacks jasonk (Nov 12)

Jean-loup Gailly

Cracking OpenVMS passwords with John the Ripper Jean-loup Gailly (Nov 27)

Jeff Damens

re: Solaris priocntl exploit Jeff Damens (Nov 29)

jelmer

Re: How to execute programs with parameters in IE - Sandblad advisory #10 jelmer (Nov 08)

Jeremiah Grossman

Re: A technique to mitigate cookie-stealing XSS attacks Jeremiah Grossman (Nov 11)

Jeremy C. Reed

Re: Bind 8 bug experience Jeremy C. Reed (Nov 16)

Jeroen Kessenich

RE: Motorola Cable Modem DOS Jeroen Kessenich (Nov 01)

Jim Knoble

Re: Linksys security contact Jim Knoble (Nov 14)

Jirka Kosina

Re: i386 Linux kernel DoS Jirka Kosina (Nov 17)

John

RE: Netscreen SSH1 CRC32 Compensation Denial of service John (Nov 01)

Jonas Eriksson

[tcpdump-announce] initial comments on trojan attack (fwd) Jonas Eriksson (Nov 18)
patch for named buffer overflow now available (fwd) Jonas Eriksson (Nov 18)

Joseph Wagner

GNU GCC: Optimizer Removes Code Necessary for Security Joseph Wagner (Nov 19)

josh

RE: AIM 5.1.3036 buffer overflow josh (Nov 20)

Joshua Wright

Layer 2 Analysis of WLAN Discovery Applications for Intrusion Detection Joshua Wright (Nov 11)

Jouko Pynnonen

Technical information about unpatched MS Java vulnerabilities Jouko Pynnonen (Nov 09)
Netscape 4 Java buffer overflow Jouko Pynnonen (Nov 27)

Juraj Ziegler

Re: Motorola Cable Modem DOS Juraj Ziegler (Nov 05)

Justin King

Re: Bypassing website filter in SonicWall Justin King (Nov 08)
Re: A technique to mitigate cookie-stealing XSS attacks Justin King (Nov 09)

Keith R. Watson

Iomega NAS A300U security and inter-operability issues Keith R. Watson (Nov 01)

Ketil Braun Larsen

MailEnable POP3 Server remote shutdown !:/ -newest ~ (and previous) bufferoverflow- Ketil Braun Larsen (Nov 18)

K. K. Mookhey

Weak Password Encryption Scheme in MS SQL Server K. K. Mookhey (Nov 02)
The Unix Auditor's Practical Handbook K. K. Mookhey (Nov 14)
Buffer Overflow in iSMTP Gateway K. K. Mookhey (Nov 11)

labs@NGSEC

iPlanet WebServer, remote root compromise labs@NGSEC (Nov 19)

Last Stage of Delirium

[LSD] Java and JVM security vulnerabilities Last Stage of Delirium (Nov 25)

Laurent Licour

Exploit code for IP Smart Spoofing Laurent Licour (Nov 12)

Leif Sawyer

RE: i386 Linux kernel DoS Leif Sawyer (Nov 15)

li0n

[A3SC] MS IIS out of process privilege elevation vulnerability(A3CR@K-Vul-2002-06-002) li0n (Nov 04)

Linus Sjöberg

Remote pine Denial of Service Linus Sjöberg (Nov 07)

Lise

Re: Alert: Microsoft Security Bulletin - MS02-066 Lise (Nov 25)

Liu Die Yu

(MSIE) when parent gives his son bad things ;) --"dialogArguments " again Liu Die Yu (Nov 19)

magistrat

xoops Quizz Module IMG bug magistrat (Nov 11)

Mandrake Linux Security Team

MDKSA-2002:075 - nss_ldap update Mandrake Linux Security Team (Nov 08)
MDKSA-2002:076 - perl-MailTools update Mandrake Linux Security Team (Nov 08)
MDKSA-2002:082 - Updated python packages fix local arbitrary code execution vulnerability Mandrake Linux Security Team (Nov 27)
MDKSA-2002:079 - Updated kdelibs packages fix remote command execution vulnerabilites Mandrake Linux Security Team (Nov 22)
Updated ypserv packages fix memory leak Mandrake Linux Security Team (Nov 22)
MDKSA-2002:080 - Updated kdenetwork packages fix remote command execution vulnerabilites Mandrake Linux Security Team (Nov 23)
MDKSA-2002:083 - Updated sendmail packages fix smrsh insecurities Mandrake Linux Security Team (Nov 28)
MDKSA-2002:081 - Updated samba packages fix potential root compromise Mandrake Linux Security Team (Nov 27)

Marc Maiffret

EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities Marc Maiffret (Nov 12)

marek . rouchal

ClearCase DoS vulnerabilty marek . rouchal (Nov 23)

Mark Litchfield

Help Please Mark Litchfield (Nov 07)

mark_sala

bind 8 info update regarding ISS mark_sala (Nov 18)

Martin Schulze

[SECURITY] [DSA 191-2] New squirrelmail packages fix problem in options page Martin Schulze (Nov 11)
[SECURITY] [DSA 187-1] New Apache packages fix several vulnerabilities Martin Schulze (Nov 04)
[SECURITY] [DSA 198-1] New nullmailer packages fix local denial of service Martin Schulze (Nov 19)
[SECURITY] [DSA 191-1] New squirrelmail packages fix cross site scripting bugs Martin Schulze (Nov 07)
[SECURITY] [DSA 188-1] New Apache-SSL packages fix several vulnerabilities Martin Schulze (Nov 09)
[SECURITY] [DSA 189-1] New luxman packages fix local root exploit Martin Schulze (Nov 06)
[SECURITY] [DSA 192-1] New html2ps packages fix arbitrary code execution Martin Schulze (Nov 09)
[SECURITY] [DSA 195-1] New Apache-Perl packages fix several vulnerabilities Martin Schulze (Nov 13)
[SECURITY] [DSA 193-1] New klisa packages fix buffer overflow Martin Schulze (Nov 11)
[SECURITY] [DSA 186-1] New log2mail packages fix several vulnerabilities Martin Schulze (Nov 01)
[SECURITY] [DSA 199-1] New mhonarc packages fix cross site scripting Martin Schulze (Nov 19)
[SECURITY] [DSA 194-1] New masqmail packages fix buffer overflows Martin Schulze (Nov 12)
[SECURITY] [DSA 197-1] New sqwebmail packages fix local information exposure Martin Schulze (Nov 18)

Matthew Collins

Re: A technique to mitigate cookie-stealing XSS attacks Matthew Collins (Nov 07)

Matthew Dixon Cowles

Re: Bind 8 bug experience Matthew Dixon Cowles (Nov 16)

Matthew Murphy

Multiple phpNuke Modules Vulnerable to Cross-Site Scripting Matthew Murphy (Nov 25)
BadBlue XSS/Information Disclosure Vulnerabilities Matthew Murphy (Nov 26)
LiteServe Directory Index Cross-Site Scripting Matthew Murphy (Nov 08)
acFTP Authentication Issue Matthew Murphy (Nov 25)
Moby NetSuite POST Denial of Service Vulnerability Matthew Murphy (Nov 29)
acFreeProxy Cross-Site Scripting Vulnerability/Possible DoS Matthew Murphy (Nov 25)

Matthew Wagenknecht

pWins Perl Web Server Directory Transversal Vulnerability Matthew Wagenknecht (Nov 28)

Matthias Andree

bogofilter contrib/bogopass temp file vulnerability Matthias Andree (Nov 29)

mattmurphy () kc rr com

KeyFocus KF Web Server File Disclosure Vulnerability mattmurphy () kc rr com (Nov 13)
Zeroo Folder Traversal Vulnerability mattmurphy () kc rr com (Nov 23)
Perception LiteServe HTTP CGI Disclosure Vulnerability mattmurphy () kc rr com (Nov 15)

Matt Selsky

Sun Security Bulletin #00220 Matt Selsky (Nov 23)

Melson, Paul

RE: Accesspoints disclose wep keys, password and mac filter (fwd) Melson, Paul (Nov 04)

Michael Bacarella

Better security through shame Michael Bacarella (Nov 16)

Michael Brennen

Bind 8 bug experience Michael Brennen (Nov 14)

Michael Howard

RE: A technique to mitigate cookie-stealing XSS attacks Michael Howard (Nov 11)
When scrubbing secrets in memory doesn't work Michael Howard (Nov 05)
When scrubbing secrets in memory doesn't work Michael Howard (Nov 09)
A technique to mitigate cookie-stealing XSS attacks Michael Howard (Nov 05)
RE: A technique to mitigate cookie-stealing XSS attacks Michael Howard (Nov 08)

Michael Wojcik

RE: When scrubbing secrets in memory doesn't work Michael Wojcik (Nov 17)
RE: When scrubbing secrets in memory doesn't work Michael Wojcik (Nov 12)

Michael Zimmermann

Re: When scrubbing secrets in memory doesn't work Michael Zimmermann (Nov 09)

Mincu Alexandru

Latest libpcap & tcpdump sources from tcpdump.org contain a trojan Mincu Alexandru (Nov 15)

moose

RE: Cracking OpenVMS passwords with John the Ripper moose (Nov 28)

Muhammad Faisal Rauf Danka

XSS in Postnuke Rogue release (0.72) Muhammad Faisal Rauf Danka (Nov 09)

NESTING, DAVID M (SBCSI)

RE: A technique to mitigate cookie-stealing XSS attacks NESTING, DAVID M (SBCSI) (Nov 09)

NetBSD Security Officer

NetBSD Security Advisory 2002-024: IPFilter FTP proxy NetBSD Security Officer (Nov 09)

NetScreen Security Response Team

Predictable TCP Initial Sequence Numbers NetScreen Security Response Team (Nov 25)
'Malicious-URL' Feature may be Circumvented Using IP Fragmentation NetScreen Security Response Team (Nov 26)
Potential H.323 Denial of Service NetScreen Security Response Team (Nov 26)

NGSSoftware Insight Security Research

Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002) NGSSoftware Insight Security Research (Nov 04)
Mulitple Buffer Overflow conditions in RealPlayer/RealOne (#NISR22112002) NGSSoftware Insight Security Research (Nov 23)

Nicholas Weaver

Re: When scrubbing secrets in memory doesn't work Nicholas Weaver (Nov 18)

Nick Simicich

Re: A technique to mitigate cookie-stealing XSS attacks Nick Simicich (Nov 08)

Nils Reichen

Cisco PIX SSH/telnet dDOS vulnerability CSCdy51810 Nils Reichen (Nov 09)

Olaf Kirch

SuSE Security Announcement: Multiple vulnerabilities in BIND8 (SuSE-SA:2002:044) Olaf Kirch (Nov 16)
Re: Bind 8 bug experience Olaf Kirch (Nov 15)
SuSE Security Announcement: KDE lanbrowser vulnerability (SuSE-SA:2002:042) Olaf Kirch (Nov 12)

Oleg A. Lebedev

Allied Telesyn switches & routers vulnerability Oleg A. Lebedev (Nov 24)

One Semicolon

Multiple incorrect permissions in QNX. One Semicolon (Nov 19)
Clipboard in QNX Photon One Semicolon (Nov 23)

OpenPKG

[OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8) OpenPKG (Nov 17)
[OpenPKG-SA-2002.012] OpenPKG Security Advisory (samba) OpenPKG (Nov 29)

Ossian Vitek

Re: IP SmartSpoofing : How to bypass all IP filters relying on source IP address Ossian Vitek (Nov 01)

Paolo Perego

[Announce] AngeL v0.9.0 Paolo Perego (Nov 04)

Patrick Oonk

Re: Help Please Patrick Oonk (Nov 09)

Paul Starzetz

TracerouteNG - never ending story Paul Starzetz (Nov 28)

Paul Szabo

Eudora 5.2 attachment spoof Paul Szabo (Nov 13)
Re: d_path() truncating excessive long path name vulnerability Paul Szabo (Nov 28)

Paul Theodoropoulos

Re: Bind 8 bug experience Paul Theodoropoulos (Nov 18)

Pawel Pisarczyk

QNX 6.1 TimeCreate weakness Pawel Pisarczyk (Nov 06)

Perry E. Metzger

Re: When scrubbing secrets in memory doesn't work Perry E. Metzger (Nov 05)

Pete Foster

[Sec-Tec Advisory] Local scripting vulnerability in phpBB Pete Foster (Nov 27)

Peter Arnts

Re: Motorola Cable Modem DOS Peter Arnts (Nov 09)

Peter Bieringer

Opera 6.03/Linux crashes on HTTPS over Squid Proxy on a site Peter Bieringer (Nov 23)

Peter Jeremy

Re: Motorola Cable Modem DOS Peter Jeremy (Nov 07)

Peter Watkins

Re: A technique to mitigate cookie-stealing XSS attacks Peter Watkins (Nov 08)
Re: When scrubbing secrets in memory doesn't work Peter Watkins (Nov 19)

PlanetDNS Support

PlanetWeb Web Server Buffer Overflow in processing GET requests PlanetDNS Support (Nov 19)

Predrag Damnjanovic

Re: PHP-Nuke SQL Injection Vulnerability Predrag Damnjanovic (Nov 08)

ProXy

APBoard - post threads to protected forums and possibility to hijack forum-password ProXy (Nov 12)

quentyn

Re: [VulnWatch] Netscreen SSH1 CRC32 Compensation Denial of service quentyn (Nov 08)

Richard Moore

Re: When scrubbing secrets in memory doesn't work Richard Moore (Nov 20)

Roman Drahtmueller

SuSE Security Announcement: samba (SuSE-SA:2002:045) Roman Drahtmueller (Nov 23)

Russ

RE: How to execute programs with parameters in IE - Sandblad advisory #10 Russ (Nov 12)
RE: ISS Security Advisory: Multiple Remote Vulnerabilities in BIND4 andBIND8 (fwd) Russ (Nov 16)

Ryan Sweat

Motorola Cable Modem DOS Ryan Sweat (Oct 31)

Sebastian Krahmer

Re: SuSE Security Announcement: perl-MailTools (SuSE-SA:2002:041) Sebastian Krahmer (Nov 11)
SuSE Security Announcement: perl-MailTools (SuSE-SA:2002:041) Sebastian Krahmer (Nov 05)

[secondmotion]-Matt Thompson

ZoneEdit Account Hijack Vulnerability [secondmotion]-Matt Thompson (Nov 05)

secure

[CLA-2002:538] Conectiva Linux Security Announcement - tar/unzip secure (Nov 06)
[CLA-2002:542] Conectiva Linux Security Announcement - gv/kghostview secure (Nov 06)
[CLA-2002:535] Conectiva Linux Security Announcement - glibc secure (Nov 06)
[CLA-2002:534] Conectiva Linux Security Announcement - krb5 secure (Nov 06)
[CLA-2002:537] Conectiva Linux Security Announcement - tetex secure (Nov 06)
[CLA-2002:546] Conectiva Linux Security Announcement - bind secure (Nov 17)
[CLA-2002:550] Conectiva Linux Security Announcement - samba secure (Nov 23)
[CLA-2002:549] Conectiva Linux Security Announcement - dhcpcd secure (Nov 18)
[CLA-2002:540] Conectiva Linux Security Announcement - heartbeat secure (Nov 06)
[CLA-2002:544] Conectiva Linux Security Announcement - linuxconf secure (Nov 06)
[CLA-2002:539] Conectiva Linux Security Announcement - ypserv secure (Nov 06)
[CLA-2002:547] Conectiva Linux Security Announcement - syslog-ng secure (Nov 16)
[CLA-2002:541] Conectiva Linux Security Announcement - mod_ssl secure (Nov 06)
[CLA-2002:545] Conectiva Linux Security Announcement - php4 secure (Nov 16)

security

Security Update: [CSSA-2002-047.0] Linux: KDE SSL and XSS vulnerabilities security (Nov 17)
Security Update: [CSSA-2002-042.0] Linux: libpng progressive image loading vulnerabilities and other buffer overflows security (Nov 12)
Security Update: [CSSA-2002-044.0] Linux: Preboot eXecution Environment (PXE) server denial-of-service attacks security (Nov 11)
Security Update: [CSSA-2002-048.0] Linux: wwwoffled remote access vulnerability security (Nov 22)
[Full-Disclosure] Security Update: [CSSA-2002-052.0] Linux: sendmail smrsh bypass vulnerabilities security (Nov 22)
[Full-Disclosure] Security Update: [CSSA-2002-039.0] Linux: bzip2 file creation and symbolic link vulnerabilities security (Nov 12)
Security Update: [CSSA-2002-SCO.42] UnixWare 7.1.1 Open UNIX 8.0.0 : in.talkd format string vulnerabilities security (Nov 15)
Security Update: [CSSA-2002-046.0] Linux: buffer overflows and other security issues in squid security (Nov 17)
Security Update: [CSSA-2002-049.0] Linux: lynx CRLF injection vulnerability security (Nov 22)
[Full-Disclosure] Security Update: [CSSA-2002-041.0] Linux: pam_ldap format string vulnerability security (Nov 12)
Security Update: [CSSA-2002-045.0] Linux: python insecure temporary files in os._execvpe security (Nov 15)
[Full-Disclosure] Security Update: [CSSA-2002-043.0] Linux: chfn (util-linux) temp file race vulnerability security (Nov 12)

securityfocus

Re: ZoneEdit Account Hijack Vulnerability securityfocus (Nov 06)

securma massine

IISPop remote DOS securma massine (Nov 15)

Seth Arnold

Re: A technique to mitigate cookie-stealing XSS attacks Seth Arnold (Nov 14)

Seth Bromberger

Linksys router vulnerability Seth Bromberger (Nov 20)
UPDATE: Linksys router vulnerability (add'l models affected) Seth Bromberger (Nov 24)

SGI Security Coordinator

Apache Security Vulnerabilities on IRIX SGI Security Coordinator (Nov 14)
IRIX CDE ToolTalk rpc.ttdbserverd vulnerabilities SGI Security Coordinator (Nov 05)
Potential Denial of Service Vulnerability in IRIX RPC-based libc SGI Security Coordinator (Nov 09)
IRIX lpd daemon vulnerabilities via sendmail and dns SGI Security Coordinator (Nov 13)
IRIX ToolTalk rpc.ttdbserverd vulnerabilities SGI Security Coordinator (Nov 06)

S G Masood

Multiple Vuln. in Hotfoon.com's Hotfoon4.exe dialer S G Masood (Nov 11)

shannong

RE: Exploit code for IP Smart Spoofing shannong (Nov 19)

Sharad Ahlawat

Re: Cisco PIX SSH/telnet dDOS vulnerability CSCdy51810 Sharad Ahlawat (Nov 11)

Silvio Cesare

Re: [Full-Disclosure] Security Update: [CSSA-2002-050.0] Linux: tcpdump denial-of-service in print-bgp.c Silvio Cesare (Nov 23)

snsadv () lac co jp

[SNS Advisory No.58] Microsoft IIS Local Cross-site Scripting Vulnerability snsadv () lac co jp (Nov 05)

Solar Designer

Re: d_path() truncating excessive long path name vulnerability Solar Designer (Nov 28)

Sp . IC

vBulletin XSS Injection Vulnerability Sp . IC (Nov 27)

Stephen Gill

RE: Exploit code for IP Smart Spoofing Stephen Gill (Nov 15)
RE: Exploit code for IP Smart Spoofing Stephen Gill (Nov 16)

Steven M. Christey

RE: A technique to mitigate cookie-stealing XSS attacks Steven M. Christey (Nov 13)
Re: MS02-064 fix time Steven M. Christey (Nov 17)
[Full-Disclosure] Re: Oracle Security Contact Steven M. Christey (Nov 06)
Re: A technique to mitigate cookie-stealing XSS attacks Steven M. Christey (Nov 08)
On vulnerabilities in open and closed source products Steven M. Christey (Nov 28)

Stuart Moore

Re: ion-p.exe allows Remote File Retrieving Stuart Moore (Nov 01)
Cross-site Scripting Vulnerability in ImageFolio Image Gallery Software Stuart Moore (Nov 27)

subversive

SFAD02-002: Calisto Internet Talker Remote DOS subversive (Nov 27)

Tacettin Karadeniz

benchmark tool for HTTP pages. Tacettin Karadeniz (Nov 11)
networking_utils.php Tacettin Karadeniz (Nov 05)

Tamer Sahin

[SecurityOffice] INweb Mail Server v2.01 Denial of Service Vulnerability Tamer Sahin (Nov 12)
[SecurityOffice] Hyperion Ftp Server v2.8.1 Directory Traversal Vulnerability Tamer Sahin (Nov 12)
Mindwall Project Tamer Sahin (Nov 01)

tenty

Re: Accesspoints disclose wep keys, password and mac filter (fwd) tenty (Nov 09)

Thomas Biege

SuSE Security Announcement: pine (SuSE-SA:2002:046) Thomas Biege (Nov 27)
SuSE Security Announcement: SuSE-SA:2002:043 (traceroute-nanog/nkitb) Thomas Biege (Nov 13)

Thomas Sarlandie

Re: Accesspoints disclose wep keys, password and mac filter (fwd) Thomas Sarlandie (Nov 08)

Thor Larholm

RE: How to execute programs with parameters in IE - Sandblad advisory #10 Thor Larholm (Nov 07)
RE: Opera 7 vulnerabilities Thor Larholm (Nov 15)
RE: ZDnet forum: IE formatting local drive Thor Larholm (Nov 16)

Tim Brown

Fresh hole in W3Mail (fwd) Tim Brown (Nov 12)

Tollef Fog Heen

Re: Accesspoints disclose wep keys, password and mac filter (fwd) Tollef Fog Heen (Nov 09)

Tom Knienieder

Accesspoints disclose wep keys, password and mac filter (fwd) Tom Knienieder (Nov 04)

Toni Lassila

RE: IBM Infoprint Remote Management Simple DoS (update) Toni Lassila (Oct 31)

Torsten Valentin

[OpenBSD] [syslogd] false src-IP when logging to remote syslogd Torsten Valentin (Nov 23)

Troy Evans

Re: LOM: Multiple vulnerabilities in Macromedia Flash ActiveX Troy Evans (Nov 19)

Trustix Secure Linux Advisor

TSLSA-2002-0077 - kernel Trustix Secure Linux Advisor (Nov 19)
TSLSA-2002-0080 - samba Trustix Secure Linux Advisor (Nov 27)

Ulf Harnhammar

RE: A technique to mitigate cookie-stealing XSS attacks Ulf Harnhammar (Nov 15)
Re: A technique to mitigate cookie-stealing XSS attacks Ulf Harnhammar (Nov 11)

Vagner Sacramento

RE: CAIS-ALERT: Vulnerability in the sending requests control of BIND Vagner Sacramento (Nov 29)
CAIS-ALERT: Vulnerability in the sending requests control of BIND Vagner Sacramento (Nov 26)

vALDEUx

Security Patch for PortailPHP 0.99 vALDEUx (Nov 28)
WebChat for XOOPS RC3 SQL INJECTION vALDEUx (Nov 12)

Valdis . Kletnieks

Re: When scrubbing secrets in memory doesn't work Valdis . Kletnieks (Nov 08)
Re: A technique to mitigate cookie-stealing XSS attacks Valdis . Kletnieks (Nov 07)

Vincent Danen

[Security Announce] Re: MDKSA-2002:076 - perl-MailTools update Vincent Danen (Nov 08)

Webmaster, Lorenzo Hernandez Garcia-Hierro

NBActiveX Sure ActiveX Big Vulnerability Webmaster, Lorenzo Hernandez Garcia-Hierro (Nov 18)

whitehat2004

Well known flaw in web cart software remains wide open whitehat2004 (Nov 15)

Wichert Akkerman

[SECURITY] [DSA-190-1] buffer overflow in Window Maker Wichert Akkerman (Nov 07)

Will

Linksys not fixed Will (Nov 27)

Woody Leonhard

Office XP document numbers can be linked to individual machines Woody Leonhard (Nov 16)

YM Barusseau

Gnujsp and Domino R5.0.10 YM Barusseau (Nov 13)

zel

Netscreen Malicious URL feature can be bypassed by fragmenting the request zel (Nov 27)

zen-parse

Re: Netscape Problems. zen-parse (Nov 28)
Netscape Problems. zen-parse (Nov 26)
Netscape/Mozilla: Exploitable heap corruption via jar: URI handler. zen-parse (Nov 16)

Zero-X www.lobnan.de Team

ion-p.exe allows Remote File Retrieving Zero-X www.lobnan.de Team (Nov 01)
Vulnerability in Cutecast Forum v1.2 Zero-X www.lobnan.de Team (Nov 07)

蔺毅��

Solaris priocntl exploit 蔺毅�� (Nov 27)

Previous period

Next period