Bugtraq: by thread
330 messages
starting Apr 30 04 and
ending May 31 04
Date index |
Thread index |
Author index
- Re: http://www.smashguard.org Pavel Machek (Apr 30)
- Re: http://www.smashguard.org Crispin Cowan (Apr 30)
- Re: http://www.smashguard.org Pavel Machek (Apr 30)
- Re: http://www.smashguard.org Nicholas Weaver (May 01)
- Re: http://www.smashguard.org Theo de Raadt (May 01)
- Re: http://www.smashguard.org Pavel Machek (Apr 30)
- Re: http://www.smashguard.org Coleman Kane (May 01)
- Re: http://www.smashguard.org Theo de Raadt (May 01)
- Re: http://www.smashguard.org Crispin Cowan (Apr 30)
- [product-security () apple com: APPLE-SA-2004-04-30 QuickTime 6.5.1] David Ahmad (Apr 30)
- LNSA-#2004-0013: Multiple Vulnerabilities in Samba Vincenzo Ciaglia (May 01)
- RE: IE Certificate Stealing (Phising) bug Michael Wojcik (May 01)
- Props 0.6.1 XSS and Remote File Viewing Vulnerability Manuel Lopez (May 01)
- LNSA-#2004-0014: X-Chat vulnerability in Socks-5 proxy Vincenzo Ciaglia (May 01)
- Will the Sasser worm become the next Blaster? kers0r (May 01)
- Re: Will the Sasser worm become the next Blaster? Gadi Evron (May 01)
- <Possible follow-ups>
- Re: Will the Sasser worm become the next Blaster? Damian Menscher (May 03)
- RE: Will the Sasser worm become the next Blaster? Pullum, Stephen (May 03)
- New LSASS-based worm finally here (Sasser) Ben Ryan (May 01)
- Re: New LSASS-based worm finally here (Sasser) Javier Fernandez-Sanguino (May 03)
- Re: [Full-Disclosure] Re: New LSASS-based worm finally here (Sasser) Jason (May 04)
- Re: [Full-Disclosure] Re: New LSASS-based worm finally here (Sasser) Javier Fernandez-Sanguino (May 04)
- Re: [Full-Disclosure] Re: New LSASS-based worm finally here (Sasser) Jason (May 04)
- <Possible follow-ups>
- RE: New LSASS-based worm finally here (Sasser) Marc Maiffret (May 04)
- Re: New LSASS-based worm finally here (Sasser) Javier Fernandez-Sanguino (May 03)
- [SECURITY] [DSA 500-1] New flim packages fix insecure temporary file creation Matt Zimmerman (May 03)
- W32/Sasser a and b SNORT Sigs Martin Overton (May 03)
- [SECURITY] [DSA 499-1] New rsync packages fix directory traversal bug Matt Zimmerman (May 03)
- PaX Linux Kernel 2.6 Patches DoS Advisory chris (May 03)
- EEYE: Apple QuickTime (QuickTime.qts) Heap Overflow Marc Maiffret (May 03)
- [waraxe-2004-SA#026 - Multiple vulnerabilities in Coppermine Photo Gallery for PhpNuke] Janek Vind (May 03)
- X-Chat[v1.8.0-v2.0.8]: socks-5 remote buffer overflow exploit. Vade 79 (May 03)
- Serv-U LIST -l Parameter Buffer Overflow Aviram Jenik (May 03)
- RE: After Ms patches last Wed ... InfoSec (May 03)
- Re: After Ms patches last Wed ... James Riden (May 03)
- Re: After Ms patches last Wed ... Nicholas Weaver (May 04)
- RE: After Ms patches last Wed ... Nick FitzGerald (May 04)
- Re: After Ms patches last Wed ... James Riden (May 03)
- Crystal Reports Vulnerabilities Imperva Application Defense Center (May 03)
- Re: Crystal Reports Vulnerabilities Michael Ray (May 05)
- <Possible follow-ups>
- RE: Crystal Reports Vulnerabilities Imperva Application Defense Center (May 05)
- Vulnerability in YaBB forum (Perl version without SQL) Dmitry Shurupov (May 03)
- Multible Vulnerabilites in Aldos Webserver oliver (May 03)
- [slackware-security] rsync update (SSA:2004-124-01) Slackware Security Team (May 03)
- [slackware-security] xine-lib update (SSA:2004-124-03) Slackware Security Team (May 03)
- [slackware-security] sysklogd update (SSA:2004-124-02) Slackware Security Team (May 03)
- [slackware-security] libpng update (SSA:2004-124-04) Slackware Security Team (May 03)
- [product-security () apple com: APPLE-SA-2004-05-03 Security Update 2004-05-03] David Ahmad (May 04)
- @stake: AppleFileServer Remote Command Execution @stake Advisories (May 04)
- SUSE Security Announcement: kernel (SuSE-SA:2004:010) Roman Drahtmueller (May 04)
- Sasser worm and Embedded Support Partner (ESP) port 5554/tcp SGI Security Coordinator (May 04)
- remote root exec vulnerability in omail Thijs Dalhuijsen (May 05)
- Re: (HOAX) Dameware Mini Remote Control Version 4.2 ? Weak Key Agreement Scheme DameWare Support (May 05)
- Vulnerabilities In PHPX 3.26 And Earlier JeiAr (May 05)
- [slackware-security] lha update in bin package (SSA:2004-125-01) Slackware Security Team (May 05)
- UnixWare 7.1.3 Open UNIX 8.0.0 UnixWare 7.1.1 : apache multiple vulnerabilities, upgraded to apache-1.3.29 please_reply_to_security (May 05)
- SMF SIZE Tag Script Injection Vulnerability Cheng Peng Su (May 05)
- Corsaire Security Advisory - Verity Ultraseek path disclosure issue advisories (May 05)
- Fuse Talk Vunerabilities Stuart Jamieson (May 05)
- [OpenPKG-SA-2004.019] OpenPKG Security Advisory (kolab) OpenPKG (May 05)
- Titan FTP Server Aborted LIST DoS Aviram Jenik (May 05)
- Re: Titan FTP Server Aborted LIST DoS Gene Ken (May 07)
- Re: Titan FTP Server Aborted LIST DoS Noam Rathaus (May 07)
- Re: Titan FTP Server Aborted LIST DoS Gene Ken (May 07)
- [waraxe-2004-SA#027 - Once again - critical vulnerabilities in PhpNuke 6.x - 7.2] Janek Vind (May 05)
- IRIX Networking Security Updates SGI Security Coordinator (May 05)
- Multiple vulnerabilities in P4DB Jon McClintock (May 05)
- FreeBSD Security Advisory FreeBSD-SA-04:08.heimdal FreeBSD Security Advisories (May 05)
- FreeBSD Security Advisory FreeBSD-SA-04:09.kadmind FreeBSD Security Advisories (May 05)
- [AppSecInc Security Alert] Microsoft Active Server Pages Cookie Retrieval Issue Aaron C. Newman (Application Security, Inc.) (May 06)
- Advisory: Heimdal kadmind version4 remote heap overflow Evgeny Demidov (May 06)
- [0xbadc0ded #03] DeleGate (SSL-filter) <= 8.9.2 Joel Eriksson (May 06)
- SUSE Security Announcement: Live CD 9.1 (SuSE-SA:2004:011) Roman Drahtmueller (May 06)
- Will a smart worm be made in the near future? Taeho Oh (May 07)
- Re: Will a smart worm be made in the near future? Jose Nazario (May 07)
- Fwd: [Re: cvs commit: src/sys/vm vm_map.c] Jacques A. Vidrine (May 07)
- Security issue with Trend OfficeScan Corporate Edition Matt (May 07)
- [SECURITY] [DSA 501-1] New exim packages fix buffer overflows Martin Schulze (May 07)
- Remote DoS IE Memory Access Violation E.Kellinis (May 07)
- Windows IPSec Vulnerabilty Steffen Pfendtner (May 07)
- Eudora file URL buffer overflow Paul Szabo (May 07)
- Status bar exploit hides spoofed URLs Eudora, possibly other e-mail clients Brett Glass (May 08)
- [CLA-2004:840] Conectiva Security Announcement - lha Conectiva Updates (May 07)
- Streaming Video and Audio security lists (May 07)
- [OpenPKG-SA-2004.020] OpenPKG Security Advisory (ssmtp) OpenPKG (May 08)
- FW: [security bulletin] SSRT4717 Management Agents for HP-UX Remote DoS Boren, Rich (SSRT) (May 08)
- [FLSA-2004:1395] Updated OpenSSL resolves security vulnerability Jesse Keating (May 08)
- [waraxe-2004-SA#028 - Multiple vulnerabilities in NukeJokes module for PhpNuke] Janek Vind (May 08)
- [ GLSA 200405-01 ] Multiple format string vulnerabilities in neon 0.24.4 and earlier Kurt Lieber (May 10)
- PaX DoS proof-of-concept Michel Blomgren (May 10)
- OUTLOOK 2003: OuchLook http-equiv () excite com (May 10)
- a litle bypass with IE Nuno Costa (May 10)
- Re: a litle bypass with IE Neil Briscoe (May 10)
- RE: a litle bypass with IE Eric Norbut (May 10)
- Re: a litle bypass with IE Emilio Casbas (May 11)
- <Possible follow-ups>
- RE: a litle bypass with IE Thor Larholm (May 11)
- [ GLSA 200405-02 ] Multiple vulnerabilities in LHa Thierry Carrez (May 10)
- Monit 4.1 remote shell exploit (HTTP) Michel Blomgren (May 10)
- RE: An undetectable Online Bank Vulnerability? M Peterson (May 10)
- Arbitrary code inclusion in phpShop Calum Power (May 10)
- Emule 0.42e Remote Denial Of Service Exploit Rafel Ivgi, The-Insider (May 10)
- msxml3.dll Parsing Error Crashes Internet Explorer Remotely Upon Refresh Rafel Ivgi, The-Insider (May 10)
- [Ulf Harnhammar]: LHA Advisory + Patch David Ahmad (May 10)
- DEEP SEA PHISHING: Internet Explorer / Outlook Express http-equiv () excite com (May 10)
- PING: Outlook 2003 Spam http-equiv () excite com (May 11)
- Somebody exploiting (badly designed) yahoo service? Aleksandar Milivojevic (May 11)
- Re: Somebody exploiting (badly designed) yahoo service? Nick FitzGerald (May 12)
- <Possible follow-ups>
- Re: Somebody exploiting (badly designed) yahoo service? Charles Mansmann (May 11)
- MDKSA-2004:042 - Updated rsync packages fixes potential to write outside of directory tree. Mandrake Linux Security Team (May 11)
- [SECURITY] [DSA 502-1] New exim-tls packages fix buffer overflows Martin Schulze (May 11)
- MDKSA-2004:043 - Updated apache2 packages fixes a denial of service vulnerability in mod_ssl Mandrake Linux Security Team (May 11)
- Linux Kernel sctp_setsockopt() Integer Overflow Shaun Colley (May 11)
- Re: [Full-Disclosure] Linux Kernel sctp_setsockopt() Integer Overflow Tom Rini (May 12)
- Re: Linux Kernel sctp_setsockopt() Integer Overflow Michael Tokarev (May 15)
- Re: Linux Kernel sctp_setsockopt() Integer Overflow Michael Tokarev (May 28)
- Re: Linux Kernel sctp_setsockopt() Integer Overflow Jirka Kosina (May 31)
- Re: Linux Kernel sctp_setsockopt() Integer Overflow Shaun Colley (May 31)
- Re: Linux Kernel sctp_setsockopt() Integer Overflow Michael Tokarev (May 28)
- Re: NISCC Vulnerability Advisory 236929: Vulnerability Issues in TCP Florian Weimer (May 11)
- Re: NISCC Vulnerability Advisory 236929: Vulnerability Issues in TCP Bob Beck (May 12)
- Re: NISCC Vulnerability Advisory 236929: Vulnerability Issues in TCP Darren Reed (May 13)
- Re: NISCC Vulnerability Advisory 236929: Vulnerability Issues in TCP Bob Beck (May 12)
- [ GLSA 200405-04 ] OpenOffice.org vulnerability when using DAV servers Thierry Carrez (May 11)
- [ GLSA 200405-03 ] ClamAV VirusEvent parameter vulnerability Thierry Carrez (May 11)
- Advisory 04/2004: Net(Free)BSD Systrace local root vulnerabilitiy Stefan Esser (May 11)
- Hiding URLs from Outlook and other mail clients Carl (May 11)
- OpenServer 5.0.5 OpenServer 5.0.6 OpenServer 5.0.7 : X sessions which are not started by scologin cannot use the X authorization protocol please_reply_to_security (May 11)
- MS04-015 - Windows Help Center - Dvdupgrade morning_wood (May 12)
- [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache) OpenPKG (May 12)
- surfboard1.1.6 local exploit. Anonymous (May 12)
- Re: surfboard1.1.6 local exploit. Meredydd (May 13)
- NetBSD Security Advisory 2004-007: Systrace systrace_exit() local root NetBSD Security-Officer (May 12)
- EEYE: Symantec Multiple Firewall NBNS Response Processing Stack Overflow Marc Maiffret (May 13)
- EEYE: Symantec Multiple Firewall DNS Response Denial-of-Service Marc Maiffret (May 13)
- EEYE: Symantec Multiple Firewall Remote DNS KERNEL Overflow Marc Maiffret (May 13)
- EEYE: Symantec Multiple Firewall NBNS Response Remote Heap Corruption Marc Maiffret (May 13)
- Showhelp() local CHM file execution roozbeh afrasiabi (May 13)
- <Possible follow-ups>
- Re: Showhelp() local CHM file execution roozbeh afrasiabi (May 14)
- [ GLSA 200405-05 ] Utempter symlink vulnerability Kurt Lieber (May 13)
- [SECURITY] [DSA 503-1] New mah-jong packages fix denial of service Martin Schulze (May 13)
- [slackware-security] apache (SSA:2004-133-01) Slackware Security Team (May 13)
- Opera Telnet URI Handler Vulnerability also applies to other browsers Jannes (May 13)
- SYM04-008, Symantec Client Firewall Remote Access and Denial of Service Issues Sym Security (May 13)
- [security bulletin] SSRT4722 rev.0 HP-UX Mozilla denial of service Boren, Rich (SSRT) (May 13)
- POA: Outlook Expresss 6.00 http-equiv () excite com (May 13)
- IE URL Issue Being Used In Phishing In the Wild [USBank] Drew Copley (May 14)
- Re: IE URL Issue Being Used In Phishing In the Wild [USBank] Todd C. Campbell (May 14)
- Re: IE URL Issue Being Used In Phishing In the Wild [USBank] Nick FitzGerald (May 15)
- <Possible follow-ups>
- RE: IE URL Issue Being Used In Phishing In the Wild [USBank] Drew Copley (May 14)
- Vulnerability Scanning on Windows 2003 localhost will crash RPC farking (May 14)
- <Possible follow-ups>
- RE: Vulnerability Scanning on Windows 2003 localhost will crash RPC Drew Copley (May 14)
- [security bulletin] SSRT4721 rev.0 HP-UX dtlogin unauthorized privileged access, DoS Boren, Rich (SSRT) (May 14)
- SUSE Security Announcement: mc (SuSE-SA:2004:012) Thomas Biege (May 14)
- DOE updated cybersecurity //no code or 0day sploits// just info System Administrator (May 14)
- Curious fileutils/coreutils behaviour. David Malone (May 14)
- Re: Curious fileutils/coreutils behaviour. Nicolas Rachinsky (May 14)
- <Possible follow-ups>
- RE: Curious fileutils/coreutils behaviour. Michael Wojcik (May 14)
- Re: Curious fileutils/coreutils behaviour. David Malone (May 14)
- Re: Curious fileutils/coreutils behaviour. Michael Shigorin (May 15)
- Re: Curious fileutils/coreutils behaviour. Luciano Miguel Ferreira Rocha (May 15)
- Re: Curious fileutils/coreutils behaviour. Martin (May 15)
- Re: Curious fileutils/coreutils behaviour. David Malone (May 14)
- TSLSA-2004-0027 - apache Trustix Security Advisor (May 14)
- Still Vulnerable in MSIE Greg Kujawa (May 14)
- <Possible follow-ups>
- RE: Still Vulnerable in MSIE Thor Larholm (May 15)
- RE: Still Vulnerable in MSIE Drew Copley (May 17)
- [security bulletin] SSRT3613 rev.0 HP-UX B6848AB GTK+ Support Libraries - elevated privileges Boren, Rich (SSRT) (May 14)
- Symantec Multiple Firewall DNS Response Denial-of-Service Exploit (PoC) houseofdabus HOD (May 14)
- TSLSA-2004-0029 - kernel Trustix Security Advisor (May 14)
- [ GLSA 200405-07 ] Exim verify=header_syntax buffer overflow Thierry Carrez (May 14)
- [ GLSA 200405-06 ] libpng denial of service vulnerability Thierry Carrez (May 15)
- Denial of Service Vulnerability in IEEE 802.11 Wireless Devices albatross (May 15)
- Re: Denial of Service Vulnerability in IEEE 802.11 Wireless Devices Casper Dik (May 15)
- Re[2]: Denial of Service Vulnerability in IEEE 802.11 Wireless Devices Jason Ostrom (May 17)
- Re: Denial of Service Vulnerability in IEEE 802.11 Wireless Devices Niels Bakker (May 17)
- Re[2]: Denial of Service Vulnerability in IEEE 802.11 Wireless Devices Jason Ostrom (May 17)
- Re: Denial of Service Vulnerability in IEEE 802.11 Wireless Devices Casper Dik (May 15)
- lha buffer overflow(s) again lw (May 15)
- more simple and flexible WinBlox(GET CONTROL OF WINNT SYSTEM) Liu Die Yu (May 15)
- CiSCO IOS 12.* source code stolen Alexander Antipo (May 15)
- Wget race condition vulnerability Vázquez (May 17)
- WebCT: Cross Site Scripting Vulnerability spiffomatic 64 (May 17)
- Multiple TTT-C XSS vulnerabilities Kaloyan Georgiev (May 17)
- [slackware-security] mc (SSA:2004-136-01) Slackware Security Team (May 17)
- KDE Security Advisory: URI Handler Vulnerabilities Waldo Bastian (May 17)
- NetChat HTTP Server Stack Overflow dbd (May 17)
- Safari remote arbitrary code execution kang (May 17)
- Re: Safari remote arbitrary code execution Adam Shostack (May 17)
- RE: Remote Buffer Overflow in MailEnable HTTPMail MailEnable Sales (May 17)
- Microsoft Internet Explorer ImageMap URL Spoof Vulnerability Kurczaba Associates advisories (May 17)
- <Possible follow-ups>
- RE: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability Drew Copley (May 17)
- Re: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability thegeekmeister (May 17)
- Re: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability Jan Kluka (May 18)
- Re: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability sandrijeski (May 27)
- Re: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability Robert J Taylor (May 31)
- Re: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability Valdis . Kletnieks (May 31)
- Re: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability Peter Pentchev (May 31)
- Re: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability http-equiv () excite com (May 27)
- [waraxe-2004-SA#029 - Possible remote file inclusion in PhpNuke 6.x - 7.3] Janek Vind (May 17)
- oscommerce 2.2 file_manager.php file browsing Rene (May 17)
- [waraxe-2004-SA#030 - Multiple vulnerabilities in PhpNuke 6.x - 7.3] Janek Vind (May 17)
- Desktop.ini flaw results in executing folders roozbeh afrasiabi (May 17)
- ROCKET SCIENCE: Outllook 2003 http-equiv () excite com (May 17)
- Buffer Overflow in ActivePerl ? Oliver () greyhat de (May 17)
- Re: Buffer Overflow in ActivePerl ? rich . sf (May 18)
- RE: [Full-Disclosure] Re: Buffer Overflow in ActivePerl ? Bill Royds (May 18)
- Re: Buffer Overflow in ActivePerl ? Josh Tolley (May 18)
- Re: Buffer Overflow in ActivePerl? Axel Beckert (May 18)
- Re: Buffer Overflow in ActivePerl ? Nick FitzGerald (May 18)
- <Possible follow-ups>
- Re: Buffer Overflow in ActivePerl ? noderat (May 18)
- RE: Buffer Overflow in ActivePerl ? Drew Copley (May 18)
- Re: Buffer Overflow in ActivePerl ? David Cantrell (May 19)
- Re: Buffer Overflow in ActivePerl ? David Ahmad (May 19)
- Re: Buffer Overflow in ActivePerl ? David Cantrell (May 19)
- Re: Buffer Overflow in ActivePerl ? rich . sf (May 18)
- MDKSA-2004:044 - Updated libuser packages fix vulnerability Mandrake Linux Security Team (May 17)
- MDKSA-2004:045 - Updated passwd packages fix vulnerabilities Mandrake Linux Security Team (May 17)
- MDKSA-2004:046 - Updated apache packages fix a number of vulnerabilities Mandrake Linux Security Team (May 17)
- Advisory 05/2004: phpMyFAQ local file inclusion vulnerability Stefan Esser (May 18)
- [slackware-security] kdelibs (SSA:2004-238-01) Slackware Security Team (May 18)
- Zen Cart login.php SQL Injection Vulnerability Oliver Minack (May 18)
- [SECURITY] [DSA 504-1] New heimdal packages fix potential buffer overflow Martin Schulze (May 18)
- IRIX 6.5.24 rpc.mountd infinte loop SGI Security Coordinator (May 18)
- Overflow@OmniHTTPd Han_B (May 18)
- Vapid Labs Security Advisory for PrimeBase Database 4.2 (update) Larry W. Cashdollar (May 18)
- Unknown IE bug with css-styles henkie_is_leet (May 18)
- Re: Unknown IE bug with css-styles Paolo Mattiangeli (May 18)
- [ GLSA 200405-08 ] Pound format string vulnerability Thierry Carrez (May 18)
- MDKSA-2004:047 - Updated kdelibs packages fix URI handling vulnerabilities Mandrake Linux Security Team (May 18)
- [FLSA-2004:1546] Updated utempter resolves security vulnerability -- Reissue: updated 8.0 version numbers Jesse Keating (May 19)
- [ GLSA 200405-09 ] ProFTPD Access Control List bypass vulnerability Kurt Lieber (May 19)
- Advisory 06/2004: libneon date parsing vulnerability Stefan Esser (May 19)
- Advisory 07/2004: CVS remote vulnerability Stefan Esser (May 19)
- FreeBSD Security Advisory FreeBSD-SA-04:10.cvs FreeBSD Security Advisories (May 19)
- [SECURITY] [DSA 506-1] New neon packages fix buffer overflow Martin Schulze (May 19)
- [SECURITY] [DSA 505-1] New cvs packages fix remote exploit Martin Schulze (May 19)
- A new Sanctum paper: "Blind XPath Injection" Amit Klein (May 19)
- SUSE Security Announcement: cvs (SuSE-SA:2004:013) Sebastian Krahmer (May 19)
- Advisory 08/2004: Subversion remote vulnerability Stefan Esser (May 19)
- Idea for proactive worm protection Peter Surda (May 19)
- Non-logged Brute Force Attack Vulnerability for Fantastico-Created Databases on cPanel Based Hosts Michael Curtis (May 19)
- [SECURITY] [DSA 507-1] New cadaver packages fix buffer overflow Martin Schulze (May 19)
- [ GLSA 200405-10 ] Icecast denial of service vulnerability Thierry Carrez (May 19)
- Reporting a Security Vulnerability in a Microsoft Product Microsoft Security Response Center (May 19)
- MDKSA-2004:048 - Updated cvs packages fix remotely exploitable vulnerability Mandrake Linux Security Team (May 19)
- [ GLSA 200405-11 ] KDE URI Handler Vulnerabilities Thierry Carrez (May 19)
- MDKSA-2004:049 - Updated libneon packages fix heap variable overflow issues Mandrake Linux Security Team (May 19)
- [OpenPKG-SA-2004.023] OpenPKG Security Advisory (subversion) OpenPKG (May 19)
- [OpenPKG-SA-2004.022] OpenPKG Security Advisory (cvs) OpenPKG (May 19)
- [OpenPKG-SA-2004.024] OpenPKG Security Advisory (neon) OpenPKG (May 19)
- SGI ProPack v2.4: Kernel Update #4 - Security and other fixes SGI Security Coordinator (May 20)
- [slackware-security] cvs (SSA:2004-140-01) Slackware Security Team (May 20)
- SGI ProPack 3: Kernel Update #1 - Security and other fixes SGI Security Coordinator (May 20)
- [security bulletin] SSRT4696 rev. 0 HP ProCurve Routing Switches TCP Denial of Service (DoS) Boren, Rich (SSRT) (May 20)
- [ GLSA 200405-14 ] Buffer overflow in Subversion Joshua J. Berry (May 20)
- [ GLSA 200405-13 ] neon heap-based buffer overflow Thierry Carrez (May 20)
- [ GLSA 200405-12 ] CVS heap overflow vulnerability Thierry Carrez (May 20)
- [ GLSA 200405-15 ] cadaver heap-based buffer overflow Thierry Carrez (May 20)
- Question About Ethics and Full Disclosure Tom (May 20)
- Re: Question About Ethics and Full Disclosure T.J. (May 20)
- Re: Question About Ethics and Full Disclosure Michal Zalewski (May 21)
- <Possible follow-ups>
- RE: Question About Ethics and Full Disclosure Drew Copley (May 20)
- RE: Question About Ethics and Full Disclosure Kevin E. Casey (May 20)
- Auditor security collection released - a swiss army knife for security assessments. Max (May 20)
- Internet explorer .clsid vulnerability roozbeh afrasiabi (May 20)
- <Possible follow-ups>
- RE: Internet explorer .clsid vulnerability Thor Larholm (May 21)
- Re: Internet explorer .clsid vulnerability roozbeh afrasiabi (May 22)
- [SNS Advisory No.72] Symantec Norton AntiVirus 2004 ActiveX Control Vulnerability snsadv (May 21)
- Stupid Phishing Tricks http-equiv () excite com (May 21)
- e107 web portal Referers HTTP Injection Chinchilla (May 21)
- MDKSA-2004:046-1 - apache-mod_perl packages are now available Mandrake Linux Security Team (May 21)
- [OpenPKG-SA-2004.025] OpenPKG Security Advisory (rsync) OpenPKG (May 21)
- Eudora 6.1.1 attachment spoof, LaunchProtect Paul Szabo (May 21)
- [ GLSA 200405-16 ] Multiple XSS Vulnerabilities in SquirrelMail Rajiv Aaron Manglani (May 21)
- BNBT BitTorrent Tracker Denial Of Service badpack3t (May 22)
- Exploit codes for CVS Vulnerability and snort rules from ISC K-OTiK Security (May 22)
- Allegro RomPager/2.10 DoS exploit Seth Alan Woolley (May 22)
- MDKSA-2004:050 - Updated kernel packages fix multiple vulnerabilities Mandrake Linux Security Team (May 22)
- Liferay Cross Site Scripting Flaw Giri, Sandeep (May 22)
- e107 web portal user.php XSS (Cross Site Scripting) Chris Norton (May 24)
- [SECURITY] [DSA 508-1] New xpcd packages fix buffer overflow Matt Zimmerman (May 24)
- Netgear RP114 URL filter fails if URL is too long Marc Ruef (May 24)
- [ GLSA 200405-18 ] Buffer Overflow in Firebird Thierry Carrez (May 24)
- <Possible follow-ups>
- Re: [ GLSA 200405-18 ] Buffer Overflow in Firebird b0f www . b0f . net (May 26)
- Re: [ GLSA 200405-18 ] Buffer Overflow in Firebird KF (lists) (May 27)
- Re: [ GLSA 200405-18 ] Buffer Overflow in Firebird KF (lists) (May 27)
- Re: [ GLSA 200405-18 ] Buffer Overflow in Firebird KF (lists) (May 27)
- cPanel mod_phpsuexec Vulnerability Rob Brown (May 24)
- [ GLSA 200405-19 ] Opera telnet URI handler file creation/truncation vulnerability Kurt Lieber (May 25)
- SSH URI handler remote arbitrary code execution kang (May 25)
- [CLA-2004:841] Conectiva Security Announcement - libneon Conectiva Updates (May 25)
- ERRATA: [ GLSA 200405-16 ] Multiple XSS Vulnerabilities in SquirrelMail Kurt Lieber (May 25)
- [CLA-2004:842] Conectiva Security Announcement - mailman Conectiva Updates (May 25)
- [ GLSA 200405-20 ] Insecure Temporary File Creation In MySQL Thierry Carrez (May 25)
- [security bulletin] SSRT4749 HP-UX Java Runtime Environment (JRE) remote DoS Boren, Rich (SSRT) (May 26)
- FreeBSD Security Advisory FreeBSD-SA-04:11.msync FreeBSD Security Advisories (May 26)
- SUSE Security Announcement: kdelibs (SuSE-SA:2004:014) Sebastian Krahmer (May 26)
- [security bulletin] SSRT4719 hp OpenView Select Access remote unauthorized access Boren, Rich (SSRT) (May 26)
- IEBUG: Archives of Internet Explorer Liu Die Yu (May 26)
- [Full-Disclosure] iDEFENSE Security Advisory 05.26.04: 3Com OfficeConnect Remote 812 ADSL Router Telnet Protocol Denial of Service Vulnerability idlabs-advisories (May 26)
- [ GLSA 200405-21 ] Midnight Commander: Multiple vulnerabilities Kurt Lieber (May 26)
- IRIX libcpr vulnerability SGI Security Coordinator (May 26)
- Re: IRIX libcpr vulnerability Jan Schaumann (May 26)
- [ GLSA 200405-22 ] Apache 1.3: Multiple vulnerabilities Kurt Lieber (May 26)
- [security bulletin]SSRT4724 HP integrated Lights Out (iLO) Denial of Service (DoS) using port zero Boren, Rich (SSRT) (May 26)
- Orenosv HTTP/FTP Server Denial Of Service badpack3t (May 26)
- [CLA-2004:843] Conectiva Security Announcement - kde Conectiva Updates (May 26)
- SGI Advanced Linux Environment 3 Security Update #1 SGI Security Coordinator (May 26)
- DoS in MiniShare 1.3.2 Donato Ferrante (May 26)
- [OpenPKG-SA-2004.026] OpenPKG Security Advisory (apache) OpenPKG (May 27)
- [ GLSA 200405-23 ] Heimdal: Kerberos 4 buffer overflow in kadmin Kurt Lieber (May 27)
- The Dangers of Cross-Site-Scripting: Rogers Hi-Speed Internet Network [Canada] http-equiv () excite com (May 27)
- Re: Exchange pop3 remote exploit Tal Schaeffer (May 27)
- MDKSA-2004:051 - Updated mailman packages fix password retrieval vulnerability Mandrake Linux Security Team (May 27)
- Sun-Java-App-Server PE 8.0 path disclosure Marc Schoenefeld (May 27)
- WildTangent Web Driver Long FileName Stack Overflow NGSSoftware Insight Security Research (May 27)
- Re: WildTangent Web Driver Long FileName Stack Overflow Cesar (May 28)
- MDKSA-2004:052 - Updated kolab-server package fixes world readable file vulnerability Mandrake Linux Security Team (May 27)
- [PHP] include() bypassing filter with php://input Himeur Nourredine (May 27)
- Re: [PHP] include() bypassing filter with php://input Keary Suska (May 28)
- Re: [PHP] include() bypassing filter with php://input clez (May 28)
- Re: [PHP] include() bypassing filter with php://input Ali Campbell (May 31)
- Re: [PHP] include() bypassing filter with php://input bugtraq subscriber (May 31)
- Re: [PHP] include() bypassing filter with php://input clez (May 28)
- Re: [PHP] include() bypassing filter with php://input Keary Suska (May 28)
- [ GLSA 200405-24 ] MPlayer, xine-lib: vulnerabilities in RTSP stream handling Thierry Carrez (May 28)
- SGI Advanced Linux Environment security update #20 SGI Security Coordinator (May 28)
- SGI Advanced Linux Environment 3 Security Update #2 SGI Security Coordinator (May 28)
- JPortal SQL Injects Maciek Wierciski (May 28)
- Mollensoft ftp Server ver 3.6 Buffer overflow Chintan Trivedi (May 28)
- EnderUNIX Security Anouncement (Isoqlog and Spamguard) Murat Balaban (May 29)
- LDU (land down under) xss vulnerability tim de gier (May 29)
- [waraxe-2004-SA#031 - Multiple vulnerabilities in e107 version 0.615] Janek Vind (May 29)
- [SECURITY] [DSA 509-1] New gatos packages fix privilege escalation Matt Zimmerman (May 29)
- [SECURITY] [DSA 510-1] New jftpgw packages fix format string vulnerability Matt Zimmerman (May 29)
- [Full-Disclosure] iDEFENSE Security Advisory 05.27.04: 3Com OfficeConnect Remote 812 ADSL Router Authentication Bypass Vulnerability idlabs-advisories (May 29)
- [ GLSA 200405-25 ] tla: Heap-based buffer overflow in included libneon Thierry Carrez (May 31)
- Users who have expired passwords can still log on to the domain if the FQDN is exactly eight characters long in Windows 2000 albatross (May 31)
- Looking for a security contact of RealNetworks Live Rhapsody Philip Stoev (May 31)
- [SECURITY] [DSA 511-1] New ethereal packages fix buffer overflows Matt Zimmerman (May 31)
- Possible bug in PHPNuke and other CMS Luca Falavigna (May 31)
- LinkSys WRT54G administration page availble to WAN Alan W. Rateliff, II (May 31)