Vulnwatch: by author

Previous period
Next period

103 messages starting Oct 16 02 and ending Nov 25 02
Date index | Thread index | Author index

Abraham Lincoln

NSSI-2002-zonealarm3: ZoneAlarm Pro Denial of Service Vulnerability Abraham Lincoln (Oct 16)

Aviram Jenik

TFTPD32 Buffer Overflow Vulnerability (Long filename) Aviram Jenik (Nov 18)
TFTPD32 Directory Traversal Vulnerability Aviram Jenik (Nov 18)

Casper Aleva

Potential DOS attack with Web-CyrAdm. Casper Aleva (Dec 29)

Chris Wysopal

Administrivia Chris Wysopal (Dec 10)

CORE Advisories

CORE-20021005: Vulnerability Report For Linksys Devices CORE Advisories (Dec 10)

D4rkGr3y

TFTP Server DoS D4rkGr3y (Oct 24)

Dave Aitel

[Immunity, Inc.]Vulnerability: RPC Service DoS (port 135/tcp) on Windows 2000 SP3 Dave Aitel (Oct 18)

David Endler

iDEFENSE Security Advisory 10.31.02c: PHP-Nuke SQL Injection Vulnerability David Endler (Oct 31)
iDEFENSE Security Advisory 10.31.02a: Denial of Service Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router David Endler (Oct 31)
iDEFENSE Security Advisory 11.11.02: Buffer Overflow in KDE resLISa David Endler (Nov 11)
iDEFENSE Security Advisory 11.08.02b: Non-Explicit Path Vulnerability in QNX Neutrino RTOS David Endler (Nov 08)
iDEFENSE Security Advisory 11.04.02b: Denial of Service Vulnerability in Xeneo Web Server David Endler (Nov 04)
iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse David Endler (Nov 01)
iDEFENSE Security Advisory 10.24.02: Directory Traversal in SolarWinds TFTP Server David Endler (Oct 24)
iDEFENSE Security Advisory 10.16.02: Denial of Service in Sabre Desktop Reservation Client for Windows David Endler (Oct 16)
iDEFENSE Security Advisory 11.19.02b: Eudora Script Execution Vulnerability David Endler (Nov 19)
iDEFENSE Security Advisory 10.31.02b: Prometheus Application Framework Code Injection David Endler (Oct 31)
iDEFENSE Security Advisory 10.15.02: DoS and Directory Traversal Vulnerabilities in WebServer 4 Everyone David Endler (Oct 15)
iDEFENSE Security Advisory 11.04.02a: Pablo FTP Server DoS Vulnerability David Endler (Nov 04)
iDEFENSE Security Advisory 11.08.02a: File Disclosure Vulnerability in Simple Web Server David Endler (Nov 08)
iDEFENSE Security Advisory 11.06.02: Non-Explicit Path Vulnerability in LuxMan David Endler (Nov 06)
iDEFENSE Security Advisory 11.19.02c: Netscape Predictable Directory Structure Allows Theft of Preferences File David Endler (Nov 19)

David Litchfield

Microsoft SQL Server Webtasks privilege upgrade (#NISR17102002) David Litchfield (Oct 17)

dev-null

IPSwitch, Inc. WS_FTP Server dev-null (Oct 25)

dong-h0un U

Remote Heap malloc/free & multiple Overflow vulnerability in WSMP3. dong-h0un U (Nov 25)
Directory traversing bug in 'myServer' webserver. dong-h0un U (Dec 11)

Erik Parker

Netscreen SSH1 CRC32 Compensation Denial of service Erik Parker (Nov 01)
(Correction) Netscreen SSH1 CRC32 Compensation Denial of service Erik Parker (Nov 01)

GreyMagic Software

Vulnerable cached objects in IE (9 advisories in 1) GreyMagic Software (Oct 22)
Internet Explorer : The D-Day GreyMagic Software (Oct 15)

guejez

SCAN Associates Advisory: Molly 0.5 - Remote Command Execution guejez (Oct 18)
perlbot 1.9.2 - Remote Command Execution guejez (Oct 21)
SCAN Associates Advisory: madhater perlbot 1.0 beta - Remote Command Execution guejez (Oct 18)

iDEFENSE Labs

iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS) iDEFENSE Labs (Dec 19)
iDEFENSE Security Advisory 12.23.02: Integer Overflow in pdftops iDEFENSE Labs (Dec 24)

kalif

Virgil CGI Scanner Vulnerability kalif (Oct 22)

Kanatoko

AN HTTPD SOCKS4 username Buffer Overflow Vulnerability Kanatoko (Oct 21)

K. K. Mookhey

Weak Password Encryption Scheme in MS SQL Server K. K. Mookhey (Nov 02)
Password Disclosure in Cryptainer K. K. Mookhey (Dec 16)
Buffer Overflow in iSMTP Gateway K. K. Mookhey (Nov 11)

Kurt Seifried

Re: proftpd <=1.2.7rc3 DoS Kurt Seifried (Dec 10)

labs@NGSEC

iPlanet WebServer, remote root compromise labs@NGSEC (Nov 18)

li0n

[A3SC] MS IIS out of process privilege elevation vulnerability(A3CR@K-Vul-2002-06-002) li0n (Nov 04)

Marc Maiffret

PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability Marc Maiffret (Dec 11)
Macromedia Shockwave Flash Malformed Header Overflow #2 Marc Maiffret (Dec 17)
EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities Marc Maiffret (Nov 12)
Update: EEYE: Macromedia ColdFusion/JRun Remote SYSTEM Buffer Overflow Vulnerabilities Marc Maiffret (Nov 19)

marek . rouchal

ClearCase DoS vulnerabilty marek . rouchal (Nov 22)

Mark Litchfield

Re: IDEFENSE DOS in Linksys BEFSR41 EtherFast Cable/DSL Router + More issues DLINK & LINKSYS Mark Litchfield (Nov 01)

matt

fragrouter trojan matt (Oct 21)

Matthew Murphy

acFTP Authentication Issue Matthew Murphy (Nov 24)
LiteServe URL Decoding DoS Matthew Murphy (Nov 17)
acFreeProxy Cross-Site Scripting Vulnerability/Possible DoS Matthew Murphy (Nov 24)
LiteServe Directory Index Cross-Site Scripting Matthew Murphy (Nov 08)
PHP Information Functions May Allow Cross-Site Scripting Matthew Murphy (Oct 13)

Matthias Andree

gfxboot allows boot password circumvention, SuSE 8.1 GRUB Matthias Andree (Dec 13)
Leafnode security announcement SA:2002:01 Matthias Andree (Dec 29)

mattmurphy () kc rr com

Zeroo Folder Traversal Vulnerability mattmurphy () kc rr com (Nov 21)
Perception LiteServe HTTP CGI Disclosure Vulnerability mattmurphy () kc rr com (Nov 14)
KeyFocus KF Web Server File Disclosure Vulnerability mattmurphy () kc rr com (Nov 13)

Michal Zalewski

RAZOR advisory: Linux 2.2.xx /proc/<pid>/mem mmap() vulnerability Michal Zalewski (Dec 17)
[RAZOR] Problems with mkstemp() Michal Zalewski (Dec 20)

Mitja Kolsek (ACROS Lists)

Security Paper: Session Fixation Vulnerability in Web-based Applications Mitja Kolsek (ACROS Lists) (Dec 18)

Muhammad Faisal Rauf Danka

XSS in Postnuke Rogue release (0.72) Muhammad Faisal Rauf Danka (Nov 08)

NetScreen Security Response Team

Predictable TCP Initial Sequence Numbers NetScreen Security Response Team (Nov 26)
'Malicious-URL' Feature may be Circumvented Using IP Fragmentation NetScreen Security Response Team (Nov 25)
Potential H.323 Denial of Service NetScreen Security Response Team (Nov 26)

NGSSoftware Insight Security Research

RealNetworks HELIX Server Buffer Overflow Vulnerabilities (#NISR20122002) NGSSoftware Insight Security Research (Dec 20)
Microsoft Internet Information Server 5/5.1 Denial of Service (#NISR31102002) NGSSoftware Insight Security Research (Oct 31)
PFinger 0.7.8 format string vulnerability (#NISR16122002B) NGSSoftware Insight Security Research (Dec 16)
zkfingerd 0.9.1 format string vulnerabilities (#NISR16122002A) NGSSoftware Insight Security Research (Dec 16)
Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002) NGSSoftware Insight Security Research (Nov 04)
Mulitple Buffer Overflow conditions in RealPlayer/RealOne (#NISR22112002) NGSSoftware Insight Security Research (Nov 22)

Ofir Arkin

Paper Release: Security Risk Factors with IP Telephony based Networks Ofir Arkin (Nov 23)

Peter Kruse

Denial of Service vulnerability in VisNetic Website Peter Kruse (Dec 11)

Rain Forest Puppy

Administrivia: where did your post go? Rain Forest Puppy (Oct 14)
Perl Safe.pm compartment reuse vuln Rain Forest Puppy (Nov 05)

Rapid 7 Security Advisories

R7-0008: IBM WebSphere Edge Server Caching Proxy Cross-Site Scripting Issues Rapid 7 Security Advisories (Oct 23)
R7-0007: IBM WebSphere Edge Server Caching Proxy Denial of Service Rapid 7 Security Advisories (Oct 23)
R7-0009: Vulnerabilities in SSH2 Implementations from Multiple Vendors Rapid 7 Security Advisories (Dec 16)

Rob klein Gunnewiek

proftpd <=1.2.7rc3 DoS Rob klein Gunnewiek (Dec 10)

@stake advisories

Oracle9iAS Web Cache Denial of Service (a102802-1) @stake advisories (Oct 28)

Stefan Esser

Advisory 05/2002: Another Fetchmail Remote Vulnerability Stefan Esser (Dec 13)
Advisory 04/2002: Multiple MySQL vulnerabilities Stefan Esser (Dec 12)

Steven M. Christey

Directory Traversal Vulnerabilities in FTP Clients Steven M. Christey (Dec 10)

Steve W. Manzuik

Foundstone Advisory Steve W. Manzuik (Nov 21)

subversive

SFAD02-002: Calisto Internet Talker Remote DOS subversive (Nov 25)

Tamer Sahin

[SecurityOffice] Hyperion Ftp Server v2.8.1 Directory Traversal Vulnerability Tamer Sahin (Nov 12)
[SecurityOffice] BRS WebWeaver Web Server v1.01 Protected File Access Vulnerability Tamer Sahin (Oct 24)
[SecurityOffice] Enceladus Server Suite v3.9 Buffer Overflow Vulnerability Tamer Sahin (Dec 10)
[SecurityOffice] INweb Mail Server v2.01 Denial of Service Vulnerability Tamer Sahin (Nov 12)
[SecurityOffice] Liteserve Web Server v2.0 Authorization Bypass Vulnerability Tamer Sahin (Oct 24)
[SecurityOffice] Web Server 4 Everyone v1.28 Host Field Denial of Service Vulnerability Tamer Sahin (Oct 23)
[SecurityOffice] BadBlue Web Server v1.7 Protected File Access Vulnerability Tamer Sahin (Oct 24)
[SecurityOffice] Polycom Video Conference System Management Server Authentication Bypass Vulnerability Tamer Sahin (Dec 20)

Ulf Harnhammar

PHP-Nuke mail CRLF Injection vulnerabilities Ulf Harnhammar (Dec 20)
PHP-Nuke code execution and XSS vulnerabilities Ulf Harnhammar (Dec 16)
NOCC: XSS Ulf Harnhammar (Oct 20)

Vagner Sacramento

CAIS-ALERT: Vulnerability in the sending requests control of BIND (fwd) Vagner Sacramento (Nov 24)

X-Force

ISS Security Advisory: Multiple Remote Vulnerabilities in BIND4 and BIND8 X-Force (Nov 12)
ISS Security Brief: Solaris fs.auto Remote Compromise Vulnerability X-Force (Nov 25)

zel

Netscreen Malicious URL feature can be bypassed by fragmenting the request zel (Nov 25)
Previous period
Next period