Bugtraq: by date
RSS Feed
About List
All Lists
Previous period
435 messages
starting Oct 01 02 and
ending Oct 31 02
Date index |
Thread index |
Author index
Tuesday, 01 October
GLSA: tar Daniel Ahlberg
Insecure XML-RPC handling in Zope reveals the distribution physic al location. Rossen Raykov
ASA-0000: GV Execution of Arbitrary Shell Commands Marc Bevand
GLSA: fetchmail Daniel Ahlberg
[CLA-2002:527] Conectiva Linux Security Announcement - python secure
Postnuke XSS patch Mark Grimes
NETGEAR FVS318 Information Disclosure Fab\AIS
PPTP Dave Aitel
GLSA: unzip Daniel Ahlberg
Re: Another possible RFC 2046 vulnerability. Earl Hood
iDEFENSE Security Advisory 10.01.02: Sendmail smrsh bypass vulnerabilities David Endler
XSS bug in Compaq Insight Manager Http server Taylor Huff
[BUGZILLA] Security Advisory David Miller
MSIE:"SaveRef" turns Zone off Liu Die Yu
[security bulletin] SSRT2371 HP OpenVMS Potential POP server local vulnerability (fwd) Dave Ahmad
Wednesday, 02 October
RE: MSIE:"SaveRef" turns Zone off Thor Larholm
Apache 2 Cross-Site Scripting mattmurphy () kc rr com
Citrix Published Application Brute Forcer wirepair
Solaris 2.6, 7, 8 Jonathan S
Re: Solaris 2.6, 7, 8 Dave Ahmad
Multiple Web Security Holes Frog Man
Postnuke XSS fixed Muhammad Faisal Rauf Danka
Re: Solaris 2.6, 7, 8 buzheng
wp-02-0012: Carello 1.3 Remote File Execution (Updated 1/10/2002) Matt Moore
wp-02-0011: Jetty CGIServlet Arbitrary Command Execution Matt Moore
Re: Solaris 2.6, 7, 8 Christopher X. Candreva
iDEFENSE Security Advisory 10.02.2002: Net-SNMP DoS Vulnerability David Endler
RE: Solaris 2.6, 7, 8 Sinan Eren
Re: Postnuke XSS fixed Daniel Woods
wp--02-0005: Multiple Vulnerabilities in SuperScout Web Reports Server Matt Moore
MySimpleNews (PHP) Frog Man
phpWebSite XSS Vulnerability Sp . IC
Kill a Unisys Clearpath with nmap port scan Jonathan G. Lampe
wp-02-0003: MySQL Locally Exploitable Buffer Overflow Matt Moore
Thursday, 03 October
Re: Solaris 2.6, 7, 8 tb0b
[ESA-20021003-021] glibc: several security-related updates. EnGarde Secure Linux
[ESA-20021003-022] tar: directory traversal vulnerability. EnGarde Secure Linux
GLSA: gv Daniel Ahlberg
[CLA-2002:529] Conectiva Linux Security Announcement - XFree86 secure
Re: Postnuke XSS fixed Sebastian Konstanty Zdrojewski
Re: Solaris 2.6, 7, 8 Roy Kidder
Re: Solaris 2.6, 7, 8 Dan Diamond
Re: Solaris 2.6, 7, 8 Ido Dubrawsky
RE: CommonName Toolbar potentially exposes LAN web addresses Mustafa Deeb
Re: Solaris 2.6, 7, 8 Ramon Kagan
Xerox DocuShare Internal IP address disclosure Ryan Purita
RE: CommonName Toolbar potentially exposes LAN web addresses Eric Stevens
CommonName Toolbar potentially exposes LAN web addresses Eric Stevens
Buffer Overflow in IE/Outlook HTML Help NGS Insight Security Research
SSL certificate validation problems in Ximian Evolution Veit Wahlich
GLSA: python Daniel Ahlberg
[ESA-20021003-023] fetchmail-ssl: buffer overflows and broken boundary checks. EnGarde Secure Linux
Re: Solaris 2.6, 7, 8 Marco Ivaldi
Re: [VulnWatch] Notes on the SQL Cumulative patch Dave Aitel
Re: Solaris 2.6, 7, 8 Ramon Kagan
Re: Kondara MNU/Linux Shin SHIRAHATA
Re: [VulnDiscuss] XSS bug in Compaq Insight Manager Http server sullo
Re: Solaris 2.6, 7, 8 Gert-Jan Hagenaars
Re: Postnuke XSS issues [correction] Brian E
Re: iDEFENSE Security Advisory 10.02.2002: Net-SNMP DoS Vulnerability Wes Hardaker
Re: Postnuke XSS fixed Muhammad Faisal Rauf Danka
iDEFENSE Security Advisory 10.03.2002: Apache 1.3.x shared memory scoreboard vulnerabilities David Endler
The Books Module for the PostNuke CMS XSS Vulnerability Pistone
phpMyNewsletter Frog Man
Friday, 04 October
Notes on the SQL Cumulative patch David Litchfield
rpcbind/fsr_efs/mv/errhook/uux vulnerabilities SGI Security Coordinator
[SECURITY] [DSA 169-1] New tomcat packages fix unintended source code disclosure Martin Schulze
RE: Solaris 2.6, 7, 8 Morgan
phpLinkat XSS Security Bug Sp . IC
[RHSA-2002:212-06] Updated packages fix PostScript and PDF security issue bugzilla
Cisco Secure Content Accelerator vulnerable to SSL worm Matt Zimmerman
BearShare Directory Traversal Issue Resurfaces Aviram Jenik
Cisco Security Advisory: Predefined Restriction Tables Allow Calls to International Operator Cisco Systems Product Security Incident Response Team
SECURITY.NNOV: ikonboard 3.1.1 CSS 3APA3A
WinXP Pro(Gold) Insecure System Restore File Permissions Makoto Shiotsuki
Re: Cisco Secure Content Accelerator vulnerable to SSL worm Mike Caudill
vulnerabilities in logsurfer Jan Kohlrausch
[OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache) OpenPKG
injecting commands on a ptraced telnet/ssh session xenion
Saturday, 05 October
Vulnerabilitie in PowerFTP server Armand Morgan
[RHSA-2002:197-06] Updated glibc packages fix vulnerabilities in resolver bugzilla
[RHSA-2002:175-16] Updated nss_ldap packages fix buffer overflow bugzilla
RE: XSS bug in Compaq Insight Manager Http server Toni Lassila
Re: Solaris 2.6, 7, 8 Sebastian
phpLinkat XSS Security Bug Sp . IC
Re: Kill a Unisys Clearpath with nmap port scan Michael.Kain
Re: Kill a Unisys Clearpath with nmap port scan Mike Shaw
Monday, 07 October
Flash player can read local files jelmer
[CLA-2002:530] Conectiva Linux Security Announcement - apache secure
ArGoSoft Web-Mail security problem Z0rbaS
SuSE Security Announcement: mod_php4 (SuSE-SA:2002:036) Thomas Biege
phpSecurePages & Killer Protection ( PHP ) Frog Man
XSS bug in hotmail login page Peter Rdam
SuSE Security Announcement: hylafax (SuSE-SA:2002:035) Thomas Biege
Re: Insecure XML-RPC handling in Zope reveals the distribution physic al location. BlueRaven
Filters on url shortening services Andrew Hodgson
SPIKE 2.7 Released: There's a party at my house, so bring the beer and follow me.... Dave Aitel
Re: SECURITY.NNOV: ikonboard 3.1.1 CSS Rajkumar S.
Re: Filters on url shortening services Florian Weimer
Re: iDEFENSE Security Advisory 09.26.2002: Exploitable Buffer Overflow in gv juergen.daubert
Re: Postnuke XSS fixed Muhammad Faisal Rauf Danka
Re: Filters on url shortening services Andrew Hodgson
RE: CommonName Toolbar potentially exposes LAN web addresses Anders Blockmar
Re: CommonName Toolbar potentially exposes LAN web addresses Andrew Clover
macromedia flash mx bypasses cookie settings jelmer
RE: XSS bug in hotmail login page Thor Larholm
Tuesday, 08 October
NetBSD Security Advisory 2002-023: sendmail smrsh bypass vulnerability NetBSD Security Officer
NetBSD Security Advisory 2002-015: (another) buffer overrun in libc/libresolv DNS resolver NetBSD Security Officer
NetBSD Security Advisory 2002-022: buffer overrun in pic(1) NetBSD Security Officer
RE: XSS bug in hotmail login page Thor Larholm
SSGbook (ASP) Frog Man
[SECURITY] [DSA 172-1] New tkmail packages fix insecure temporary file creation Martin Schulze
[SECURITY] [DSA 169-1] New ht://Check packages fix cross site scripting problem Martin Schulze
Re: XSS bug in hotmail login page Muhammad Faisal Rauf Danka
NetBSD Security Advisory 2002-021: rogue vulnerability NetBSD Security Officer
Reset any user's password in VBZoom forums hish _ hish
[ESA-20021007-024] apache: potential DoS, cross-site scripting, and buffer overflow vulnerabilities. EnGarde Secure Linux
[SECURITY] [DSA 171-1] New fetchmail packages fix buffer overflows Martin Schulze
NetBSD Security Advisory 2002-019: Buffer overrun in talkd NetBSD Security Officer
Re: XSS bug in hotmail login page Berend-Jan Wever
RE: XSS bug in hotmail login page Russell Harding
Multiple Vendor PC firewall remote denial of services Vulnerability Yiming Gong
CERT Advisory CA-2002-28 Trojan Horse Sendmail Distribution (fwd) Dave Ahmad
Wednesday, 09 October
[security bulletin] SSRT2208 - HP Tru64 UNIX /usr/sbin/routed Potential Security Vulnerability (fwd) Dave Ahmad
[RHSA-2002:215-09] Updated fetchmail packages fix vulnerabilities bugzilla
CSS on Microsoft Content Management Server overclocking_a_la_abuela
Flood ACK packets cause an IBM SecureWay FireWall DoS Mauro Flores
CfP: 19C3 Chaos Communication Congress 2002 Pluto
new vulnerability inPowerFTP Personal FTP Server securma massine
phpBB2 Showing users ip adresses Priamus
upload malicious file in VBZooM forums hish _ hish
Flood ACK packets cause AIX DoS Mauro Flores
Re: Flood ACK packets cause AIX DoS Doug Brenner
Re: XSS bug in hotmail login page Inderjeet S Sodhi
[SECURITY] [DSA 173-1] New bugzilla packages fix privilege escalation Martin Schulze
GNU tar (Re: Allot Netenforcer problems, GNU TAR flaw) Solar Designer
Thor Larholm security advisory TL#004 Thor Larholm
Re: CERT Advisory CA-2002-28 Trojan Horse Sendmail Kim Scarborough
Re: injecting commands on a ptraced telnet/ssh session Paul Starzetz
[security bulletin] SSRT2339 (ypxfrd) and SSRT2368 (ypserv) HP Tru64 UNIX Potential Security Vulnerability (fwd) Dave Ahmad
Four Vulnerabilities in SurfControl's SuperScout Email Filter Administrative Server 'ken'@FTU
MDKSA-2002:064 - kdelibs update Mandrake Linux Security Team
XSS in Authoria HR Suite Max
Thursday, 10 October
Multiple vendor ypxfrd map handling vulnerability Janusz Niewiadomski
XSS bug in php(Reactor) Arab VieruZ
more silly bugs in cooolsoft 'personal ftp server' Knud Erik Højgaard
phpBBmod contains an open phpinfo Roland Verlander
TCP flood against NetGear FM114P Marc Ruef
Re: phpBB2 Showing users ip adresses Gerben Wijnja
nylon 0.2 (0.3?) DoS 3APA3A
MondoSearch show the source of all files thefastkid
Multiple vulnerabilities in phpRank Jedi/Sector One
Re: upload malicious file in VBZooM forums M. Zeeshan Mustafa
Re: TCP flood against NetGear FM114P Stephen Samuel
syslog-ng buffer overflow Holtzl Peter
XSS bug in Zorum 2.4 Arab VieruZ
R7-0004: Multiple Vendor Long ZIP Entry Filename Processing bugtraq-return-6791
Plain text DDNS password in NetGear FM114P backups Marc Ruef
[RHSA-2002:207-14] Updated packages fix PostScript and PDF security issue bugzilla
Re: Multiple Vendor PC firewall remote denial of services Vulnerability Sym Security
Friday, 11 October
Security Update: [CSSA-2002-SCO.40] OpenServer 5.0.5 OpenServer 5.0.6 : ypxfrd remote file access vulnerability security
XSS bug in PHPNuke 6.0 Arab VieruZ
prover of concept code of windows help overflow buzheng
[RHSA-2002:204-10] Updated squirrelmail packages close cross-site scripting vulnerabilities bugzilla
OpenOffice 1.0.1 Race condition during installation. Larry W. Cashdollar
Outlook Express Remote Code Execution in Preview Pane (S/MIME) Aviram Jenik
KDE Security Advisory: KGhostview Arbitary Code Execution Dirk Mueller
KDE Security Advisory: kpf Directory traversal Dirk Mueller
[SNS Advisory No.56] TSAC Web package/IIS 5.1 connect.asp Cross-site Scripting Vulnerability snsadv
Re: The Books Module for the PostNuke CMS XSS Vulnerability Michael Schatz
Multiple firewalls ruleset bypass through FTP. Again. (CERT VU#328867) Mikael Olsson
Saturday, 12 October
Security hole in kpf - KDE personal fileserver. Ajay R Ramjatan
[SecurityOffice] Webserver 4D v3.6 Weak Password Preservation Vulnerability Tamer Sahin
Security Update: [CSSA-2002-SCO.39] OpenServer 5.0.5 OpenServer 5.0.6 : Buffer Overflow in Multiple DNS Resolver Libraries security
Multiple XSS vulnerabilites in PHPNuke Bruno Morisson
R7-0006: Oracle 8i/9i Listener SERVICE_CURLOAD Denial of Service Rapid 7 Security Advisories
Long URL crashes My Web Server 1.0.2 Marc Ruef
Monday, 14 October
CALL FOR PAPERS - SANTA DIED LAST YEAR staff
Input requested for second edition of "Firewalls and Internet Security" Steve Bellovin
GLSA: nss_ldap Daniel Ahlberg
GLSA: heimdal Daniel Ahlberg
GLSA: net-snmp Daniel Ahlberg
ECHU Alert #3 : Meunity 1.1 script injection vulnerability das
Researcher seeking 'phage' and other security mailing list archives Curator at Security Digest Archive
Directory traversal in Daniel Arenz' Mini Server Marc Ruef
[SECURITY] [DSA 174-1] New heartbeat packages fix buffer overflows Martin Schulze
GLSA: sendmail Daniel Ahlberg
Pyramid Research Project - ghttpd security advisorie pyramid-rp
J2EE EJB privacy leak and DOS. Sylvia
[RHSA-2002:194-18] Command execution vulnerability in dvips bugzilla
Pyramid Research Project - atphttpd security advisorie pyramid-rp
SuSE Security Announcement: Heartbeat (SuSE-SA:2002:037) Olaf Kirch
Multiple Symantec Firewall Secure Webserver timeout DoS AI-SEC Security Advisories
Symantec Enterprise Firewall Secure Webserver info leak AI-SEC Security Advisories
Security vulnerabilities in Polycom ViaVideo Web component advisory
Long URL causes TelCondex SimpleWebServer to crash Marc Ruef
Re: phpBB2 Showing users ip adresses nick84
Coolsoft PowerFTP <= v2.24 Denial of Service (Linux Source) a b
Tuesday, 15 October
GLSA: apache Daniel Ahlberg
Internet Explorer : The D-Day GreyMagic Software
GLSA: tomcat Daniel Ahlberg
securitybugware new network tool Jitsu-Disk
Re: J2EE EJB privacy leak and DOS. Rudolf Schreiner
MDKSA-2002:065 - unzip update Mandrake Linux Security Team
Ingenium Admin Password Vulnerability Brian Enigma
"Camera/Shy the Steganographical Browser" ttudia () yahoo com tw
rpcbind/fsr_efs/mv/errhook/uux vulnerabilities update SGI Security Coordinator
Re: Symantec Enterprise Firewall Secure Webserver info leak Sym Security
TheServer log file access password in cleartext w/vendor resolution. Larry W. Cashdollar
A full event log does not send administrative alerts Eitan Caspi
Re: Multiple Symantec Firewall Secure Webserver timeout DoS Sym Security
[RHSA-2002:196-09] Updated xinetd packages fix denial of service vulnerability bugzilla
Who Need Friends ? IE & MSN expose contact list & other info drorshalev
RE: "Camera/Shy the Steganographical Browser" the Pull
Undocumented account vulnerability in Avaya P550R/P580/P880/P882 switches Jacek Lipkowski
RE: J2EE EJB privacy leak and DOS. Alan Rouse
[SECURITY] [DSA 175-1] New syslog-ng packages fix buffer overflow Martin Schulze
iDEFENSE Security Advisory 10.15.02: DoS and Directory Traversal Vulnerabilities in WebServer 4 Everyone David Endler
CoolForum v 0.5 beta shows content of PHP files scrap
MDKSA-2002:066 - tar update Mandrake Linux Security Team
Wednesday, 16 October
iDEFENSE Security Advisory 10.16.02: Denial of Service in Sabre Desktop Reservation Client for Windows David Endler
NSSI-2002-zonealarm3: ZoneAlarm Pro Denial of Service Vulnerability Abraham Lincoln
Re: CoolForum v 0.5 beta shows content of PHP files David Woods
Linux Security Protection System Bosko Radivojevic
Cisco Security Advisory: Cisco CatOS Embedded HTTP Server Buffer Overflow Cisco Systems Product Security Incident Response Team
X Windows zlib/MIT-SHM/huge font DoS vulnerabilities SGI Security Coordinator
Designing Shellcode Demystified Murat Balaban
RE: Who Need Friends ? IE & MSN expose contact list & other info Thor Larholm
phptonuke allows Remote File Retrieving Zero-X ScriptKiddy
[SECURITY] [DSA 176-1] New gv packages fix buffer overflow Martin Schulze
[CLA-2002:533] Conectiva Linux Security Announcement - XFree86 secure
[CLA-2002:531] Conectiva Linux Security Announcement - fetchmail secure
Apache 1.3.26 David Wagner
MSN Moster Strike Back ?! drorshalev
Re: Undocumented account vulnerability in Avaya P550R/P580/P880/P882 switches Mike Scher
[CLA-2002:532] Conectiva Linux Security Announcement - sendmail secure
[GIS 2002021001] SkyStream EMR5000 DVB router DoS. Global InterSec Research
Openwall GNU/*/Linux (Owl) 1.0 release Solar Designer
Re: J2EE EJB privacy leak and DOS. Ari Gordon-Schlosberg
Thursday, 17 October
New buffer overflow in plaetDNS securma massine
NFS Denial of Service advisory from Sun m g
Re: NSSI-2002-zonealarm3: ZoneAlarm Pro Denial of Service Vulnerability Te Smith
[SECURITY] [DSA 178-1] New Heimdal packages fix remote command execution Martin Schulze
Re: Linux Kernel Exploits / ABFrag h2g . sec . list
GLSA: ggv Daniel Ahlberg
[SECURITY] [DSA 177-1] New PAM packages fix serious security violation in Debian/unstable Martin Schulze
Microsoft SQL Server Webtasks privilege upgrade (#NISR17102002) David Litchfield
Linux Kernel Exploits / ABFrag daniel . roberts
Re: Linux Kernel Exploits / ABFrag huang po
PGP Corporation Beta License Agreement er t
Re: phptonuke allows Remote File Retrieving BlueRaven
[RHSA-2002:206-12] New kernel fixes local security issues bugzilla
[RHSA-2002:205-15] New kernel fixes local security issues bugzilla
TSLSA-2002-0068-kernel Trustix Secure Linux Advisor
[RHSA-2002:210-06] New kernel 2.2 packages fix local vulnerabilities bugzilla
Solution: Kill a Unisys Clearpath with nmap port scan Michael.Kain
Re: Linux Kernel Exploits / ABFrag Cedric Blancher
Re: PGP Corporation Beta License Agreement Juraj Bednar
Re: Linux Kernel Exploits / ABFrag dr john halewood
Re: Undocumented account vulnerability in Avaya P550R/P580/P880/P882 switches Jacek Lipkowski
Re: [SECURITY] [DSA 177-1] New PAM packages fix serious security violation in Debian/unstable Samuele Giovanni Tonon
Friday, 18 October
TSLSA-2002-0069-apache Trustix Secure Linux Advisor
New buffer overflow in PlanetDNS securma massine
Microsoft Windows Media Player for Sparc/Solaris vulnerability Samuel Tardieu
[SECURITY] [DSA 179-1] New gnome-gv packages fix buffer overflow Martin Schulze
Re: PGP Corporation Beta License Agreement Jon Callas
[Immunity, Inc.]Vulnerability: RPC Service DoS (port 135/tcp) on Windows 2000 SP3 Dave Aitel
KaZaA David Krum
interSEC security advisory - Multiple bugs in Web602 web server Jan Kachlik
New Vulnerability on YaBB 1.4.0 and YaBB 1.4.1 forums Nir Adar
Re: Ambiguities in TCP/IP - firewall bypassing Alan DeKok
SCAN Associates Advisory: perlbot 1.9.2 - Remote Command Execution guejez
Re: Ambiguities in TCP/IP - firewall bypassing Benjamin Krueger
Ambiguities in TCP/IP - firewall bypassing Paul Starzetz
vBulletin XSS Security Bug Sp . IC
Re: Ambiguities in TCP/IP - firewall bypassing Alun Jones
SCAN Associates Advisory: madhater perlbot 1.0 beta - Remote Command Execution guejez
RE: KaZaA Christopher Wagner
Re: Ambiguities in TCP/IP - firewall bypassing Florian Weimer
Re: KaZaA Nicholas C. Weaver
GLSA: tetex Daniel Ahlberg
[RHSA-2002:192-13] Updated Mozilla packages fix security vulnerabilities bugzilla
Re: NFS Denial of Service advisory from Sun Edsel Adap
RE: J2EE EJB privacy leak and DOS. Sylvia Else
RE: KaZaA Brenna Primrose
[security bulletin] SSRT0818U HP Tru64 UNIX V5.1A zlib Potential Security Vulnerability (fwd) Dave Ahmad
Re: KaZaA Alex Lambert
Re: Ambiguities in TCP/IP - firewall bypassing Alan DeKok
Full zone information disclosure on top level domain name servers Max
Chrooting Daemons and System Processes HOWTO Jonathan A. Zdziarski
Saturday, 19 October
Re: 3Com TelnetD COMPLETE CODE bladebla
Re: KaZaA eD\/ARd0 F/\KEn^M3
Re: Ambiguities in TCP/IP - firewall bypassing cbrenton
Re: Linux Kernel Exploits / ABFrag Muhammad Faisal Rauf Danka
RE: Ambiguities in TCP/IP - firewall bypassing John Fitzgerald
Re: Ambiguities in TCP/IP - firewall bypassing Luis Bruno
Re: Full zone information disclosure on top level domain name servers Måns Nilsson
Re: Ambiguities in TCP/IP - firewall bypassing David Wagner
Re: Ambiguities in TCP/IP - firewall bypassing Aaron Hopkins
Re: MondoSearch show the source of all files Orp 664
Re: Ambiguities in TCP/IP - firewall bypassing Tony Finch
GLSA: groff Daniel Ahlberg
Monday, 21 October
[SECURITY] [DSA 180-1] New NIS packages fix information leak Martin Schulze
Re: [VulnWatch] NOCC: XSS Ulf Harnhammar
AN HTTPD SOCKS4 username Buffer Overflow Vulnerability Kanatoko
MSIE:"SaveRef" cracks "(VictimWindow).document.write" Liu Die Yu
NOCC: XSS Ulf Harnhammar
Re: Ambiguities in TCP/IP - firewall bypassing Lyndon Nerenberg
SuSE Security Announcement: postgresql (SuSE-SA:2002:038) Thomas Biege
XSS vulnerabilites in Pafiledb ersatz
Re: MSIE:"SaveRef" cracks "(VictimWindow).document.write" jelmer
Re: [VulnWatch] NOCC: XSS ppp-design
Reproducing the MS DCE-RPC DOS. Joe Testa
D-Link Access Point DWL-900AP+ TFTP Vulnerability security
Re: MSIE:"SaveRef" cracks "(VictimWindow).document.write" jelmer
fragrouter trojan matt
RE: vBulletin XSS Security Bug Alex Yu
Security Update: [CSSA-2002-SCO.41] UnixWare 7.1.1 Open UNIX 8.0.0 : rcp of /proc causes denial-of-service security
LinuxSecurity Brasil Magazine Online - Second Edition Renato Murilo Langona
Re: Full zone information disclosure on top level domain name servers Jim Reid
Tuesday, 22 October
Sniffing Administrator's Password in Symantec Firewall/VPN Appliance V. 200R Juan de la Fuente Costa
[SECURITY] [DSA 181-1] New mod_ssl packages fix cross site scripting Martin Schulze
Vulnerable cached objects in IE (9 advisories in 1) GreyMagic Software
RE: Ambiguities in TCP/IP - firewall bypassing Ofir Arkin
Windows 2000 SNMP DoS Chris Anley
AIM 4.8.2790 remote file execution vulnerability Blud Clot
Call For Papers Announcement: Black Hat Windows Security Jeff Moss
MS WIN RPC DoS CODE FROM SPIKE v2.7 lion
NetBSD Security Advisory 2002-026: Buffer overflow in kadmind daemon NetBSD Security Officer
MDKSA-2002:069 - gv update Mandrake Linux Security Team
Virgil CGI Scanner Vulnerability kalif
Re: Vulnerable cached objects in IE (9 advisories in 1) jelmer
Re: Ambiguities in TCP/IP - firewall bypassing Florian Weimer
[ESA-20021022-026] local kernel vulnerabilities EnGarde Secure Linux
FlashFXP 1.4 Local Password Disclosure Vulnerability Blud Clot
gBook Frog Man
Re: Sniffing Administrator's Password in Symantec Firewall/VPN Appliance V. 200R Sym Security
Re: MS WIN RPC DoS CODE FROM SPIKE v2.7 Dave Aitel
Wednesday, 23 October
[OpenPKG-SA-2002.010] OpenPKG Security Advisory (apache) OpenPKG
[SecurityOffice] Web Server 4 Everyone v1.28 Host Field Denial of Service Vulnerability Tamer Sahin
RE: Vulnerable cached objects in IE (9 advisories in 1) Thor Larholm
does Xandros have anyone answering the security phone? Eric L. Howard
MDKSA-2002:070 - tetex update Mandrake Linux Security Team
MITKRB5-SA-2002-002: Buffer overflow in kadmind4 Tom Yu
Security Update: [CSSA-2002-036.0] Linux: remote buffer overflow in webalizer reverse lookup code security
RE: Vulnerable cached objects in IE (9 advisories in 1) GreyMagic Software
Re: does Xandros have anyone answering the security phone? KF
XSS bug in MyMarket 1.71 qber66
R7-0008: IBM WebSphere Edge Server Caching Proxy Cross-Site Scripting Issues Rapid 7 Security Advisories
R7-0007: IBM WebSphere Edge Server Caching Proxy Denial of Service Rapid 7 Security Advisories
Thursday, 24 October
Router DSL Dlink Linux
GLSA: xfree Daniel Ahlberg
TFTP Server DoS D4rkGr3y
[RHSA-2002:223-07] Updated ypserv packages fixes memory leak bugzilla
DH team: Norton Antivirus Corporate Edition Privilege Escalation 3APA3A
NetBSD Security Advisory 2002-025: trek(6) buffer overrun NetBSD Security Officer
Re: vpopmail CGIapps vpasswd vulnerabilities Jeremy C. Reed
Multiple issues in internet explorer/outlook John C. Hennessy
Security Update: [CSSA-2002-037.0] Linux: various packet handling vunerabilities in ethereal security
ABfrag followup / WITHOUT ATTACHMENT daniel . roberts
XSS vulnerability in Mojo Mail Sign-Up Form Daniel Boland
vpopmail CGIapps vpasswd vulnerabilities Ignacio Vazquez
Re: Router DSL Dlink Markus Garscha
vpopmail CGIapps vadddomain multiple vulnerabilities Ignacio Vazquez
Reminder: Call for Papers IWIA 2003 Ends Soon Stephen D. B. Wolthusen
[SecurityOffice] Liteserve Web Server v2.0 Authorization Bypass Vulnerability Tamer Sahin
[SecurityOffice] BadBlue Web Server v1.7 Protected File Access Vulnerability Tamer Sahin
[SecurityOffice] BRS WebWeaver Web Server v1.01 Protected File Access Vulnerability Tamer Sahin
MDKSA-2002:071 - kdegraphics update Mandrake Linux Security Team
MDKSA-2002:072 - mod_ssl update Mandrake Linux Security Team
iDEFENSE Security Advisory 10.24.02: Directory Traversal in SolarWinds TFTP Server David Endler
Friday, 25 October
GLSA: zope Daniel Ahlberg
IBM Infoprint Remote Management Simple DoS Toni Lassila
Security Update: [CSSA-2002-038.0] Linux: inn format string and insecure open vulnerabilities security
Sec-Tec advisory 24.10.02 Unauthorised file acces in Acuma's Acusend David Wray
IPSwitch, Inc. WS_FTP Server dev-null
Re: IPSwitch, Inc. WS_FTP Server Alun Jones
RE: DH team: Norton Antivirus Corporate Edition Privilege Escalation, http://online.securityfocus.com/archive/1/296979/2002-10-22/2002-10-28/0 Sym Security
Saturday, 26 October
Updated: MITKRB5-SA-2002-002: Buffer overflow in kadmind4 Tom Yu
TCP/IP Printer Configuration Utility for Apple.LaserWriter 12/640 PS security problem UkR security team™
GLSA: kth-krb Daniel Ahlberg
Re[2]: IPSwitch, Inc. WS_FTP Server 3APA3A
Monday, 28 October
GLSA: mod_ssl Daniel Ahlberg
Re: Buffer overflow in kadmind4 Chris Barnes
Substitution of document signed under new American format ECDSA. Alexander Komlin
Oracle9iAS Web Cache Denial of Service (a102802-1) @stake advisories
Re: IBM Infoprint Remote Management Simple DoS Fredrik Björk
Re: Privilege Escalation Vulnerability In phpBB 2.0.0 x x
MDaemon SMTP/POP/IMAP server DoS D4rkGr3y
CISCO as5350 crashes with nmap connect scan Thomas Munn
GLSA: ypserv Daniel Ahlberg
Privilege Escalation Vulnerability In phpBB 2.0.0 nick84
[SNS Advisory No.57] AN HTTPD Cross-site Scripting Vulnerability snsadv () lac co jp
[SECURITY] [DSA 182-1] New kghostview packages fix buffer overflow Martin Schulze
SCAN Associates Advisory : Multiple vurnerabilities on mailreader.com pokleyzz
dobermann FORUM (php) Frog Man
Security Update: [CSSA-2002-040.0] Linux: uudecode performs inadequate checks on user-specified output files security
Tuesday, 29 October
GLSA: krb5 Daniel Ahlberg
[ESA-20021029-027] mod_ssl cross-site scripting vulnerability. EnGarde Secure Linux
[ESA-20021029-028] syslog-ng: buffer overflow in macro handling code (UPDATED) EnGarde Secure Linux
RE: dobermann FORUM (php) Mark Stunnenberg
Further problems with Arescom NetDSL-800 MSN Firmware version 5.4.x and up Justin Cervero
Security Update: [CSSA-2002-041.0] Linux: pam_ldap format string vulnerability security
Security Update: [CSSA-2002-039.0] Linux: bzip2 file creation and symbolic link vulnerabilities security
RE: MDaemon SMTP/POP/IMAP server DoS Basil Hussain
Re: CISCO as5350 crashes with nmap connect scan Thomas Munn
KRB5-SORCERER2002-10-27 Security Update ask33
Re: CISCO as5350 crashes with nmap connect scan Thomas Munn
RE: MDaemon SMTP/POP/IMAP server DoS Robert Feldbauer
IP SmartSpoofing : How to bypass all IP filters relying on sourc e IP address Vincent Royer
Re: SUMMARY: Disabling Port 445 (SMB) Entirely dan hayden
Re: MDaemon SMTP/POP/IMAP server DoS Muhammad Faisal Rauf Danka
Bypassing website filter in SonicWall Marc Ruef
[SECURITY] [DSA 183-1] New krb5 packages fix buffer overflow Martin Schulze
Re: Bypassing website filter in SonicWall Kurt Seifried
MDKSA-2002:073 - krb5 update Mandrake Linux Security Team
Gimp: Erased sections of images print in some cases Clark Mills
Re: CISCO as5350 crashes with nmap connect scan Wendy Garvin
XXE (Xml eXternal Entity) attack Gregory Steuck
Wednesday, 30 October
GLSA: sharutils Daniel Ahlberg
Re: Gimp: Erased sections of images print in some cases Robert Bihlmeyer
RE: MDaemon SMTP/POP/IMAP server DoS Basil Hussain
Re: XXE (Xml eXternal Entity) attack Miles Sabin
[SECURITY] [DSA 184-1] New krb4 packages fix buffer overflow Martin Schulze
GLSA: pam_ldap Daniel Ahlberg
Thursday, 31 October
SuSE Security Announcement: syslog-ng (SuSE-SA:2002:039) Sebastian Krahmer
[SECURITY] [DSA 185-1] New heimdal packages fix buffer overflows Martin Schulze
SmartMail server DOS securma massine
SuSE Security Announcement: lprng/html2ps (SuSE-SA:2002:040) Sebastian Krahmer
Microsoft Internet Information Server 5/5.1 Denial of Service (#NISR31102002) NGSSoftware Insight Security Research
Anyone know the security alert contact for 3com? Michael Scheidell
Re: Bypassing website filter in SonicWall Robert Bihlmeyer
Security Update: [CSSA-2002-043.0] Linux: chfn (util-linux) temp file race vulnerability security
MDKSA-2002:074 - mozilla update Mandrake Linux Security Team
Re: Gimp: Erased sections of images print in some cases Earl Hood