Bugtraq: by date
RSS Feed
About List
All Lists
Previous period
278 messages
starting Dec 01 02 and
ending Dec 31 02
Date index |
Thread index |
Author index
Sunday, 01 December
RE: User downgraded from Administrator to User retains the ability to list other user's running tasks John Tolmachofft
RE: User downgraded from Administrator to User retains the ability to list other user's running tasks Eitan Caspi
Monday, 02 December
Thatware (PHP) Frog Man
Multiple pServ Remote Buffer Overflow Vulnerabilities Matthew Murphy
Re: CAIS-ALERT: Vulnerability in the sending requests control of BIND Robert Tracz
Cross-site Scripting Vulnerability in YaBB 1 Gold - SP1! Fabricio Angeletti
[SECURITY] [DSA 201-1] New Free/SWan packages fix denial of service Martin Schulze
RE: CAIS-ALERT: Vulnerability in the sending requests control of BIND Vagner Sacramento
GLSA: pine Daniel Ahlberg
Potential Vuln in McAfee VirusScan 451 jari.helenius
Re: [Full-Disclosure] Netscape Problems. Ben Bucksch
Lag Security Advisory - Com21 cable modem configuration file feeding vulnerability David Laganière
Advisory: Lawson Financials RDBMS Insecurity John Eisenschmidt
Advisory: Webster HTTP Server Matthew Murphy
RE: Kerberos login sniffer and cracker for Windows 2000/XP Jason Coombs
Re: Solaris priocntl exploit Jay Beale
RE: Exploit for traceroute-nanog overflow Carl Livitt
pre-login buffer overflow in Cyrus IMAP server Timo Sirainen
[RHSA-2002:196-19] Updated xinetd packages fix denial of service vulnerability bugzilla
possible virus break in german exchange option of Inoculate IT 6.0 tigerblue
ShopFactory shopping cart price manipulation Richard van den Berg
Cyrus Sieve / libSieve buffer overflow Timo Sirainen
[VU#317417] Denial of Service condition in vxworks ftpd/3com nbx Michael S. Scheidell
Bypassing Integrity Protection Driver (time vulnerability) Jan Rutkowski
Tuesday, 03 December
CORE-20021005: Vulnerability Report For Linksys Devices Carlos Sarraute
MDKSA-2002:085 - Updated WindowMaker packages fix buffer overflow vulnerability Mandrake Linux Security Team
[SNS Advisory No.59] Buffalo Wireless LAN Access Point Denial of Service Vulnerability (was Re: Buffalo AP Denial of Service) snsadv
Local Netfilter / IPTables IP Queue PID Wrap Flaw James Morris
Poisonous Style for Dialog window turns the zone off. Liu Die Yu
SquirrelMail v1.2.9 XSS bugs euronymous
Zeroo Webserver remote directory traversal exploit Mike Cramp
[SECURITY] [DSA 202-1] New IM packages fix insecure temporary file creation Martin Schulze
Re: Local Netfilter / IPTables IP Queue PID Wrap Flaw James Morris
MDKSA-2002:084 - Updated pine packages fix buffer overflow vulnerability Mandrake Linux Security Team
Fw: CERT Advisory CA-2002-34 Buffer Overflow in Solaris X Window Font Service Muhammad Faisal Rauf Danka
Wednesday, 04 December
Local root vulnerability found in exim 4.x (and 3.x) Wana Thomas
SAP database local root via symlink KF
[SECURITY] [DSA 203-1] New smb2www packages fix arbitrary command execution Martin Schulze
[CLA-2002:551] Conectiva Linux Security Announcement - pine secure
Security Update: [CSSA-2002-054.0] Linux: exploitable memory leak in ypserv security
[RHSA-2002:220-40] Updated KDE packages fix security issues bugzilla
[RHSA-2002:254-05] Updated Webalizer packages fix vulnerability bugzilla
Windows XP Disclosure of Registered AP Information snsadv
Buffer Overflow Vulnerability in X Font Server on IRIX SGI Security Coordinator
Multiple Vulnerabilities in BIND Name Service Daemon on IRIX SGI Security Coordinator
Sygate Personal Firewall can be shut down without a need to supply a password - although one is required Eitan Caspi
Security Update: [CSSA-2002-055.0] Linux: RPC XDR buffer overflow security
Thursday, 05 December
Apache/Tomcat Denial Of Service And Information Leakage Vulnerability alias
[SECURITY] [DSA 204-1] New kdlibs packages fix arbitrary program execution Martin Schulze
Re: Fw: CERT Advisory CA-2002-34 Buffer Overflow in Solaris X Window Font Service Jim Knoble
Multiple vulnerabilities in akfingerd Gianni Tedesco
Proxy vulnerability in TrendMicro InterScan-VirusWall V3.6 Volker Tanger
BIND Name Server DNS Spoofing Vulnerability on IRIX SGI Security Coordinator
Samba Security Vulnerability on IRIX SGI Security Coordinator
Cross-site Scripting Vulnerability in phpBB 2.0.3 Fabricio Angeletti
Re: SquirrelMail v1.2.9 XSS bugs Jonathan Angliss
[Fwd: [RHSA-2002:196-09] Updated xinetd packages fix denial of service vulnerability] Dan Rowles
Cobalt RaQ4 Remote root exploit grazer
Re: TracerouteNG - never ending story Thomas Biege
Re: [Fwd: [RHSA-2002:196-09] Updated xinetd packages fix denial of service vulnerability] Ryan Cleary
Sygate Personal Firewall can be shut down without a need to suppl y Seth Knox
RE: Sygate Personal Firewall can be shut down without a need to supply Eitan Caspi
Re: Local root vulnerability found in exim 4.x (and 3.x) Tabor J. Wells
Re: Local root vulnerability found in exim 4.x (and 3.x) Tabor J. Wells
Notes on MS02-068, extensive downplaying of severity Thor Larholm
Friday, 06 December
RE: Sygate Personal Firewall can be shut down without a need to supply a password - although one is required Russ
Security Update: [CSSA-2002-056.0] Linux: apache vulnerabilities in shared memory, DNS, and ApacheBench security
SuSE Security Announcement: OpenLDAP2 (SuSE-SA:2002:047) Sebastian Krahmer
[SECURITY] [DSA 202-2] New IM packages correct hidden architecture dependency Martin Schulze
WebReflex Directory Traversal Vulnerability luca.ercoli () inwind it
[SECURITY] [DSA 192-2] New html2ps packages correct fix against arbitrary code execution Martin Schulze
APBoard-Bug DNA ESC
Saturday, 07 December
Security Update: [CSSA-2002-057.0] Linux: groff pic buffer overflow security
XSS and Path Disclosure in UPB euronymous
Monday, 09 December
Re: Proxy vulnerability in TrendMicro InterScan-VirusWall V3.6 - and 3.7 Build 1190 Dr. Peter Bieringer
SECURITY.NNOV: more Ikonboard 3.1.1 crossite scriptings 3APA3A
[SecurityOffice] Enceladus Server Suite v3.9 Buffer Overflow Vulnerability Tamer Sahin
Cyrus SASL library buffer overflows Timo Sirainen
Security Update: [CSSA-2002-SCO.43] UnixWare 7.1.1 Open UNIX 8.0.0 : closed file descriptor race vulnerability security
[RHSA-2002:196-19] Updated xinetd packages fix denial of service vulnerability Derek Luce
Tuesday, 10 December
[RHSA-2002:246-18] Updated Canna packages fix vulnerabilities bugzilla
Unchecked buffer in PC-cillin advisories () texonet com
Remote multiple vulnerability in apt-www-proxy. dong-h0un U
Re: Cyrus SASL library buffer overflows Matthias Andree
Re: [VulnWatch] proftpd <=1.2.7rc3 DoS Kurt Seifried
TFTP32 DOS securma massine
[RHSA-2002:229-10] Updated wget packages fix directory traversal bug bugzilla
MDKSA-2002:082-1 - Updated python packages fix local arbitrary code execution vulnerability Mandrake Linux Security Team
RE: Sygate Personal Firewall can be shut down without a need to supply a password - although one is required Eitan Caspi
RE: Sygate Personal Firewall can be shut down without a need to s upply a password - although one is required Seth Knox
KunaniFTP-Server v.1.0.10 allows dictionary traversal Zero-X www.lobnan.de Team
[SECURITY] [DSA-206-1] tcpdump BGP decoding error Wichert Akkerman
Re: XSS and Path Disclosure in UPB Frog Man
[SECURITY] [DSA-205-1] gtetrinet buffer overflows Wichert Akkerman
Wednesday, 11 December
Directory traversing bug in 'myServer' webserver. dong-h0un U
Directory Traversal Vulnerabilities in FTP Clients Steven M. Christey
Cisco Security Advisory: OSM Line Card Header Corruption Vulnerability Cisco Systems Product Security Incident Response Team
Security Update: [CSSA-2002-058.0] Linux: buffer overflow in nss_ldap DNS SRV security
Re: Zeus Admin Server v4.1r2 index.fcgi XSS bug Colin Watson
Remote multiple vulnerability in apt-www-proxy. dong-h0un U
[SECURITY] [DSA 207-1] New tetex-lib packages fix arbitrary command execution Martin Schulze
Denial of Service vulnerability in VisNetic Website Peter Kruse
Re: KunaniFTP-Server v.1.0.10 allows dictionary traversal Alun Jones
proftpd <=1.2.7rc3 DoS Rob klein Gunnewiek
Re: [VulnWatch] proftpd <=1.2.7rc3 DoS Rob klein Gunnewiek
Input Validation Error in vbulletin 2.2.x Dorin Balanica
MTPSR1-120 Firewall Proxy configuration software UkR security team™
Security Update: [CSSA-2002-SCO.44] UnixWare 7.1.1 Open UNIX 8.0.0 : uudecode performs inadequate checks on user-specified output files security
Enceladus Server Suite traversal directory vulnerability luca.ercoli () inwind it
Thursday, 12 December
CERT Advisory CA-2002-35 Vulnerability in RaQ 4 Servers (fwd) Muhammad Faisal Rauf Danka
Advisory 04/2002: Multiple MySQL vulnerabilities Stefan Esser
[RHSA-2002:222-21] Updated apache, httpd, and mod_ssl packages available bugzilla
Multiple Mambo Site Server sec-weaknesses euronymous
[SECURITY] [DSA 208-1] New Perl packages correct Safe handling Martin Schulze
VisNetic WebSite XSS vulnerability through HTTP referer header Ory Segal
Re: Directory Traversal Vulnerabilities in FTP Clients Stephen Samuel
PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability Marc Maiffret
MDKSA-2002:086 - Updated wget packages fix directory traversal vulnerability Mandrake Linux Security Team
Password Hole Found In Webshots Brian Carpenter
XSS flaw found at "https://www.e-gold.com" Liu Die Yu
Adelphia Powerlink service vulnerable to man in the middle attacks by cable modem users. 0x90
iDefense Security Advisory gobbles
[SECURITY] [DSA-209-1] two wget problems Wichert Akkerman
Re: [VulnWatch] proftpd <=1.2.7rc3 DoS Kurt Seifried
[SECURITY] [DSA-210-1] lynx CRLF injection Wichert Akkerman
Re: Password Hole Found In Webshots Ian Nguyen
Friday, 13 December
[SECURITY] [DSA 211-1] New mICQ packages fix denial of service Martin Schulze
Eserv remote denial of service securma massine
Advisory Title: iASP Remote Console Applet Allows Remote ph33r
Anyone can read all XOOPS private messages Val Deux
[ESA-20021213-033] Several MySQL vulnerabilities. EnGarde Secure Linux
Advisory 05/2002: Another Fetchmail Remote Vulnerability Stefan Esser
RE: iDefense Security Advisory David Endler
Directory Traversal Vulnerability in FTP Client on IRIX SGI Security Coordinator
[CLA-2002:552] Conectiva Linux Security Announcement - wget secure
FW: SQL Injection Solved Louie Conceicao
Saturday, 14 December
MyPHPLinks (PHP) : SQL Injection Frog Man
Monday, 16 December
GLSA: mysql Daniel Ahlberg
GLSA: fetchmail Daniel Ahlberg
GLSA: squirrelmail Daniel Ahlberg
GLSA: mysql Daniel Ahlberg
Password Disclosure in Cryptainer K. K. Mookhey
Multiple vendors XML parser (and SOAP/WebServices server) Denial of Service attack using DTD Amit Klein
[OpenPKG-SA-2002.014] OpenPKG Security Advisory (perl) OpenPKG
PHP-Nuke code execution and XSS vulnerabilities Ulf Harnhammar
[OpenPKG-SA-2002.015] OpenPKG Security Advisory (tetex) OpenPKG
GLSA: exim Daniel Ahlberg
[OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql) OpenPKG
PHP-Nuke 6.0 : Path Disclosure & Cross Site Scripting Frog Man
R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors Rapid 7 Security Advisories
RE: Cross-site scripting vulnerability in CF 5.0 CORREIA, PATRICK
Cross-site scripting vulnerability in CF 5.0 KiLL CoLe
Re: Cross-site scripting vulnerability in CF 5.0 SecurityFocus
zkfingerd 0.9.1 format string vulnerabilities (#NISR16122002A) NGSSoftware Insight Security Research
PFinger 0.7.8 format string vulnerability (#NISR16122002B) NGSSoftware Insight Security Research
RE: PFinger 0.7.8 format string vulnerability (#NISR16122002B) Stefan Esser
[CLA-2002:554] Conectiva Linux Security Announcement - fetchmail secure
[CLA-2002:553] Conectiva Linux Security Announcement - kernel 2.4 secure
Security Patchs for PHP Products Frog Man
Captaris (Infinite) WebMail XSS Pedram Amini
Tuesday, 17 December
Macromedia Shockwave Flash Malformed Header Overflow #2 Marc Maiffret
[CLA-2002:555] Conectiva Linux Security Announcement - MySQL secure
[SECURITY] [DSA-212-1] Multiple MySQL vulnerabilities Wichert Akkerman
[RHSA-2002:228-11] Updated Net-SNMP packages fix security and other bugs bugzilla
Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B) Stefan Esser
[RHSA-2002:293-09] Updated Fetchmail packages fix security vulnerability bugzilla
Re: [VulnWatch] Password Disclosure in Cryptainer Kurt Seifried
Re: adelphia vulnerability within subnets 0x90
Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B) der Mouse
[OpenPKG-SA-2002.016] OpenPKG Security Advisory (fetchmail) OpenPKG
Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B) der Mouse
Re: Directory traversal vulnerabilities in several archivers processing .tar der Mouse
export LD_LIBRARY_PATH in /etc/profile.d/* files rich
Fwd: CERT Advisory CA-2002-36 Multiple Vulnerabilities in SSH Implementations Muhammad Faisal Rauf Danka
Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B) Valdis . Kletnieks
Directory traversal vulnerabilities in several archivers processing .tar Florian Schafferhans
RAZOR advisory: Linux 2.2.xx /proc/<pid>/mem mmap() vulnerability Michal Zalewski
Re: export LD_LIBRARY_PATH in /etc/profile.d/* files mlh
Wednesday, 18 December
Missing admin sql password in Okena StormWatch Marc Ruef
Security Paper: Session Fixation Vulnerability in Web-based Applications Mitja Kolsek (ACROS Lists)
gfxboot allows boot password circumvention, SuSE 8.1 GRUB Matthias Andree
[securitydigest.org]: Changes for December 2002 Curator at Security Digest Archives
MDKSA-2002:087 - Updated MySQL packages fix multiple vulnerabilities Mandrake Linux Security Team
MDKSA-2002:068-1 - Updated apache packages fix multiple vulnerabilities Mandrake Linux Security Team
RE: Directory traversal vulnerabilities in several archivers processing .tar Andrew Kopp
Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B) Andreas Borchert
Re: export LD_LIBRARY_PATH in /etc/profile.d/* files Antonomasia
Historic blackhat archives exposed Pry
Foundstone Research Labs Advisory - Exploitable Windows XP Media Files (fwd) Dave Ahmad
Foundstone Research Labs Advisory - Multiple Exploitable Buffer Overflows in Winamp (fwd) Dave Ahmad
Thursday, 19 December
RE: Missing admin sql password in Okena StormWatch Marcus Gavel
[SECURITY] [DSA 213-1] New libpng packages fix buffer overflow Martin Schulze
[CLA-2002:556] Conectiva Linux Security Announcement - openldap secure
WAnewsletter (PHP) Frog Man
Openwebmail 1.71 remote root compromise Dmitry Guyvoronsky
Multiple vulnerability in Enceladus Server securma massine
Re: Cisco IOS EIGRP Network DoS Damir Rajnovic
Re: Directory traversal vulnerabilities in several archivers processing .tar Stephen Samuel
TSLSA-2002-0086 - mysql Trustix Secure Linux Advisor
Re: Foundstone Research Labs Advisory - Multiple Exploitable Buffer Overflows in Winamp (fwd) David Howe
TSLSA-2002-0089 - wget Trustix Secure Linux Advisor
TSLSA-2002-0085 - lynx-ssl Trustix Secure Linux Advisor
TSLSA-2002-0087 - perl Trustix Secure Linux Advisor
TSLSA-2002-0084 - tcpdump Trustix Secure Linux Advisor
TSLSA-2002-0083 - kernel Trustix Secure Linux Advisor
RE: Password Hole Found In Webshots - (Webshots Confirmed) Shutters, Mike
Cisco IOS EIGRP Network DoS FX
[Fix] Openwebmail 1.71 remote root compromise Dmitry Guyvoronsky
iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) iDEFENSE Labs
Friday, 20 December
Web server vulnerability in Axis Network Cameras, Video Servers and DVRs Axis Product Security
[RAZOR] Problems with mkstemp() Michal Zalewski
RE: Directory traversal vulnerabilities in several archivers processing .tar konto mailingowe
GLSA: perl Daniel Ahlberg
GLSA: canna Daniel Ahlberg
[SecurityOffice] Polycom Video Conference System Management Server Authentication Bypass Vulnerability Tamer Sahin
SuSE Security Announcement: cyrus-imapd (SuSE-SA:2002:048) Sebastian Krahmer
SPGpartenaires (PHP) Frog Man
nCipher Advisory #6: Access control defects in PKCS#11 keys nCipher Support
GLSA: wget Daniel Ahlberg
RealNetworks HELIX Server Buffer Overflow Vulnerabilities (#NISR20122002) NGSSoftware Insight Security Research
PHP-Nuke mail CRLF Injection vulnerabilities Ulf Harnhammar
RE: Foundstone Research Labs Advisory - Multiple Exploitable Buff er Overflows in Winamp (fwd) Shutters, Mike
Re: Foundstone Research Labs Advisory - Multiple Exploitable Buff er Overflows in Winamp (fwd) Mischa Krilov
[SECURITY] [DSA 214-1] New kdentwork packages fix buffer overflows Martin Schulze
Re: XSS and PHP include bug in W-Agora Marc Druilhe
Cisco Security Advisory: Cisco Security Advisory: SSH Malformed Packet Vulnerabilities Cisco Systems Product Security Incident Response Team
Security Update: [CSSA-2002-059.0] Linux: multiple vulnerabilities in BIND (CERT CA-2002-31) security
XSS and PHP include bug in W-Agora xatr0z
Saturday, 21 December
KDE Security Advisory: Multiple vulnerabilities in KDE Dirk Mueller
RE: Foundstone Research Labs Advisory - Multiple Exploitable Buffer Overflows in Winamp (fwd) Richard Stanway
RE: Foundstone Research Labs Advisory - Multiple Exploitable Buffer Overflows in Winamp (fwd) Russell Garrett
Re: iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) Joe Testa
Re: iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) zen-parse
Monday, 23 December
Matlab /tmp usage Paul Szabo
Re: KDE Security Advisory: Multiple vulnerabilities in KDE fozzy
'printenv' XSS vulnerability Dr . Tek
[SECURITY] [DSA 215-1] New cyrus-imapd packages fix remote command execution Martin Schulze
zkfingerd remote exploit security
Re: Foundstone Research Labs Advisory - Multiple Exploitable Buffer Overflows in Winamp (fwd) Hacknisty
Hyperion FTP Server buffer overflow securma massine
PHPNuke 6.0 path disclosure [again] Ing. Bernardo Lopez
GLSA: kde-3.0.x Daniel Ahlberg
junkbuster 2.0-1 proxy relaying spam Andrew Daviel
Antwort: Openwebmail 1.71 remote root compromise Stephan Sachweh
Re: 'printenv' XSS vulnerability Marc Slemko
Re: KDE Security Advisory: Multiple vulnerabilities in KDE Florian Weimer
Proxy vulnerability in TrendMicro InterScan-VirusWall V3.6 jrodriga
Re: Solaris priocntl exploit Pavel Kankovsky
iDEFENSE Security Advisory 12.23.02: Integer Overflow in pdftops iDEFENSE Labs
Tuesday, 24 December
[SNS Advisory No.60 rev.2] Windows XP Disclosure of Registered AP Information snsadv () lac co jp
[SECURITY] [DSA 216-1] New fetchmail packages fix buffer overflow Martin Schulze
Thursday, 26 December
Full Disclosure: Windows File Protection Arbitrary Certificate Chain Vulnerability FORENSICS.ORG Security Coordinator
Full Disclosure: Windows File Protection Old Security Catalog Vulnerability FORENSICS.ORG Security Coordinator
(MSIE)A rather old trick for web server is now played on MSIE. Liu Die Yu
Friday, 27 December
Re: Solaris priocntl exploit - Sol8 patches available Scott Howard
Re: PFinger 0.7.8 format string vulnerability (#NISR16122002B) Andreas Tscharner
[SECURITY] [DSA 217-1] New typespeed packages fix buffer overflow Martin Schulze
[GIS 2002101601] SkyStream Admin Shell Privilege Escalation. Global InterSec Research
[CLA-2002:557] Conectiva Linux Security Announcement - cyrus-imapd secure
Buffer overflow in PHP "wordwrap" function David F. Skoll
GLSA: cyrus-sasl Daniel Ahlberg
Saturday, 28 December
[IPS] PUTTY SSH-Client Exploit Daniel Alcántara de la Hoz
Gallery v1.3.2 allows remote exploit (fixed in 1.3.3) Bharat Mediratta
PHRACK #60 HAS BEEN RELEASED phrackstaff
Monday, 30 December
Telindus 112x ADSL Router - Weak Password Encryption eflorio
GLSA: openldap Daniel Ahlberg
GLSA: cups Daniel Ahlberg
Potential DOS attack with Web-CyrAdm. Casper Aleva
Leafnode security announcement SA:2002:01 Matthias Andree
[SECURITY] [DSA 218-1] New bugzilla packages fix cross site scripting problem Martin Schulze
Multiple vulnerabilities found in PlatinumFTPserver V1.0.6 Dennis Rand
CITIBANK [CANADA]: INTERNET EXPLORER BROWSERS http-equiv () excite com
Visual SourceSafe - Preliminary Observations Joel Maslak
Wired.com: So Many Holes, So Few Hacks Richard M. Smith
Tuesday, 31 December
Updated "Secure Programming for Linux and Unix HOWTO" now available. David Wheeler
[SECURITY] [DSA 219-1] New dhcpcd packages fix remote command execution vulnerability Martin Schulze
Re: CITIBANK [CANADA]: INTERNET EXPLORER BROWSERS Ben Laurie
PEEL (PHP) Frog Man