Bugtraq (date)
August 31, 2004
- [SECURITY] [DSA 542-1] New Qt packages fix arbitrary code execution and denial of service, Martin Schulze, 23:52
- [VulnWatch] Patch available for multiple critical flaws in Oracle, NGSSoftware Insight Security Research, 23:02
- [Full-Disclosure] UPDATED OpenServer 5.0.6 OpenServer 5.0.7 : OpenSSL Multiple Vulnerabilities, please_reply_to_security, 20:51
- DOS@TFS, CoolICE, 18:30
- [Full-Disclosure] OpenServer 5.0.6 OpenServer 5.0.7 : apache mod_digest Incorrect Client Response Verification Vulnerability, please_reply_to_security, 18:20
- [Full-Disclosure] OpenServer 5.0.6 OpenServer 5.0.7 : squid %-encoded characters in a URL, please_reply_to_security, 18:10
- Security Center and Windows XP clients in domain, albatross, 18:00
- Linux OpenExchange - cleartext rootpw in swap, Rene, 17:50
- [Full-Disclosure] Axis Network Camera and Video Server Security Advisory, product-security, 16:49
- D-Link DCS-900 IP camera remote exploit that change the IP, Jérôme, 16:09
- [vulnwatch] Titan FTP Server Long Command Heap Overflow Vulnerability, lion, 15:08
- Cross Site Scripting in XOOPS Version 2.x Dictionary module, CyruxNET, 14:07
- Re: NETGEAR DG834G SPECIAL FEATURES, Luca Berra, 13:57
- Multiple Vulnerabilities In Xedus Webserver, GulfTech Security, 13:47
- [vulnwatch] WFTPD Pro Server 3.21 MLST Command Denial of Service Vulnerability, lion, 12:26
- Possible root compromose with bsdmainutils 6.0.x < 6.0.15 (Debian testing/unstable), Steven Van Acker, 11:56
- RE: CDE libDtHelp LOGNAME Buffer Overflow Vulnerability, Thor Larholm, 02:12
- DoS in Chat Anywhere 2.72a, Donato Ferrante, 02:02
August 28, 2004
- Check Point - Zone Labs Division - Response to "Weak Default Permissions Vulnerability", Zone Labs Product Security, 23:10
- Re: NETGEAR DG834G SPECIAL FEATURES, Rodrigo Barbosa, 16:37
- Re: Kaspersky Labs says Electronic Jihad on the Internet quite possible tomorrow, Jérôme, 16:17
- RE: IE, Firefox, Opera DoS (*not* a DoS, not even close), Steve R, 16:07
- Hastymail security update, Jason Munro, 13:46
- RE: Unsecure file permission of ZoneAlarm pro., Simon Zuckerbraun, 06:47
- Re: NETGEAR DG834G SPECIAL FEATURES, Paul James, 05:25
- 0day critical vulnerability/exploit targets Winamp users in the wild, K-OTiK Security, 01:54
August 27, 2004
- Cisco Security Advisory: Multiple Vulnerabilities in Cisco Secure Access Control Server, Cisco Systems Product Security Incident Response Team, 23:53
- Broadcast forced exit in Ground Control II 1.0.0.7, Luigi Auriemma, 23:23
- [OpenPKG-SA-2004.038] OpenPKG Security Advisory (zlib), OpenPKG, 22:02
- Re: [Full-Disclosure] [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers, bashis, 21:52
- Re: Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State), Rishi Khan, 21:32
- Re: New google's top query?, Justin Wheeler, 21:22
- MDKSA-2004:087 - Updated kernel packages fix multiple vulnerabilities, Mandrake Linux Security Team, 20:01
- Gaucho v1.4 Build 145 Buffer Overflow, Jirtme, 19:41
- Keene Digital Media Server Directory Traversal, GulfTech Security, 19:21
- TSL-2004-0043 - multi, Trustix Security Advisor, 17:40
- Alpha Phising [IE 6 WinXP SP2], mikx, 17:20
- [Full-Disclosure] [ GLSA 200408-27 ] Gaim: New vulnerabilities, Sune Kloppenborg Jeppesen, 17:10
- [Full-Disclosure] [ GLSA 200408-26 ] zlib: Denial of service vulnerability, Sune Kloppenborg Jeppesen, 17:10
- Re: Kaspersky Labs says Electronic Jihad on the Internet quite possible tomorrow, Jay D. Dyson, 16:29
- Re: Kaspersky Labs says Electronic Jihad on the Internet quite possible tomorrow, Kyle Maxwell, 15:59
- RE: NETGEAR DG834G SPECIAL FEATURES, prj, 14:08
- MS XP SP2 Windows Security Center allows spoofing, Jirtme, 13:48
- Re: New google's top query?, Alex Keller, 12:58
- RE: Kaspersky Labs says Electronic Jihad on the Internet quite possible tomorrow, Andreas Freyvogel, 12:28
- Re: Hafiye-1.0 Terminal Escape Sequence Injection Vulnerability, Serkan Akpolat, 06:35
- Re: Anonymous Surfing Via Gmail Login Window - Poor Sanitization, Markus Ackermann, 05:44
- [security bulletin] SSRT4779 - rev.0 HP-UX Netscape NSS Library Suite SSLv2 remote buffer overflow, Boren, Rich (SSRT), 05:14
- Netscape Navigator 7.2 failure to isolate browser tabs (was Re: Computer Network Defence Vulnerability Alert State), john . courcoul, 01:23
August 26, 2004
- Re: Unsecure file permission of ZoneAlarm pro., Bipin Gautam, 23:52
- [Full-Disclosure] SGI ProPack 3: Kernel Update #3 - Security and other fixes, SGI Security Coordinator, 21:21
- Squirrelmail chpasswd local root bruteforce exploit, Jirtme, 18:39
- [Full-Disclosure] [ GLSA 200408-25 ] MoinMoin: Group ACL bypass, Joshua J. Berry, 18:19
- Easy File Sharing Webserver v1.25 Vulnerabilities, GulfTech Security, 16:28
- bug found, Mathieu Lacroix, 12:26
- Ipswitch WhatsUp Gold Remote Buffer Overflow Vulnerability - [Full-Disclosure] iDEFENSE Security Advisory 08.25.04, Jérôme, 12:06
- CDE libDtHelp LOGNAME Buffer Overflow Vulnerability, Jérôme, 09:14
- [NGSEC-2004-7] NtRegmon, local system denial of service., labs@NGSEC, 07:54
- Computer Network Defence Vulnerability Alert State, Andy Cuff, 06:43
- Vulnerability: OpenBSD 3.5 Kernel Panic., Vafa Izadinia, 06:13
- RealVNC 4.0 DoS, Allan Zhang, 06:03
- RE: Running renamed executables with CMD.EXE, Michael Wojcik, 05:12
- multiple vulnerabilities in lukemftpd/tnftpd, venglin, 03:01
- RE: IE, Firefox, Opera DoS, GulfTech Security, 03:01
- Dynix Webpac Input Validation, Wil Allsopp, 02:51
- Re: MDKSA-2004:084 - Updated spamassassin packages fixes possible malformed message vulnerability (OpenBSD 3.5 too??), Gabriel Kihlman, 02:41
- Anonymous Surfing Via Gmail Login Window - Poor Sanitization, Punabi MC, 00:40
- Re: New google's top query?, Luke Burton, 00:00
- Kaspersky Labs says Electronic Jihad on the Internet quite possible tomorrow, Steve, 00:00
August 25, 2004
- IRM 010: Top Layer Attack Mitigator IPS 5500 Denial of Service, Advisories, 21:39
- A new website to search & submit win exploits, Dav1d, 21:19
- [Full-Disclosure] [ GLSA 200408-24 ] Linux Kernel: Multiple information leaks, Tim Yamin, 21:09
- Re: [Full-Disclosure] [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers, morning_wood, 13:14
- [Full-Disclosure] [sb] [ GLSA 200408-22 ] Mozilla, Firefox, Thunderbird: New releases fix vulnerabilities, Kurt Lieber, 11:53
- RE: Third party cookie handling in Opera can lead to potential compromises in Servers relying on redirection, Rohit Dube, 09:02
- Re: IE, Firefox, Opera DoS, Dan Pixley, 08:52
- Re: MDKSA-2004:084 - Updated spamassassin packages fixes possible malformed message vulnerability (OpenBSD 3.5 too??), Joel D. Kinard, 07:31
- Window Washer 5.5: False Sense of Security, First Last, 06:51
- Re: Hafiye-1.0 Terminal Escape Sequence Injection Vulnerability, Jan Minar, 04:10
- Yahoo! E-mail Service Vulnerability, Dror Shalev, 04:00
- [Full-Disclosure] Re: Images being pulled in Outlook 2003 even though don't download pictures is set?, vesselen.mironov, 04:00
- [Full-Disclosure] Re: Images being pulled in Outlook 2003 even though don't download pictures is set?, Jason Coombs PivX Solutions, 02:40
- WebAPP directory traversal and ability to retrieve the DES encrypted password hash, Jérôme, 02:40
- What A Drag! -revisited-, mikx, 01:59
- PHP Code Snippet Library Multiple Cross-Site Scripting (XSS) Vulnerabilities, Nikyt0x Argentina, 00:59
- Re: [ GLSA 200408-19 ] courier-imap: Remote Format String Vulnerability, ktha, 00:19
- Possible Security Issues In LiveWorld Products, GulfTech Security, 00:08
August 24, 2004
- RE: [Full-Disclosure] Microsoft updates documentation on Windows time synchronization, Nicolas villatte, 19:26
- [Full-Disclosure] [ GLSA 200408-23 ] kdelibs: Cross-domain cookie injection vulnerability, Joshua J. Berry, 19:16
- Internet Explorer Local File/Directory Detection, Rynho Zeros Web, 16:55
- RE: First vulnerabilities in the SP2 - XP ?..., Larry Seltzer, 16:25
- [Full-Disclosure] Re: Hafiye-1.0 Terminal Escape Sequence Injection Vulnerability, Serkan Akpolat, 15:54
- [Full-Disclosure] Limited buffer overflow in Painkiller 1.31, Luigi Auriemma, 15:34
- [Full-Disclosure] Re: Hafiye-1.0 Terminal Escape Sequence Injection Vulnerability, Rodrigo Barbosa, 14:13
- [Full-Disclosure] ANNOUNCE: VulnDisco RADIUS protocol testsuite v1.0, Evgeny Demidov, 09:41
- [Full-Disclosure] RE: [ GLSA 200408-22 ] Mozilla, Firefox, Thunderbird: New releases fix vulnerabilities, Gervase Markham, 09:31
- Re: [Full-Disclosure] [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers, bashis, 08:41
- [Full-Disclosure] Microsoft updates documentation on Windows time synchronization, 3APA3A, 07:40
- A word of caution on the use of suphp, Steven Van Acker, 01:48
- New google's top query?, Jérôme, 01:28
- Multiple Cross Site Scripting Vulnerabilities in eGroupWare, Joxean Koret, 00:27
- Re: Fwd: Re: Posible security bug in phpMyWebhosting, Matias Neiff, 00:17
August 23, 2004
- DoS in Bird Chat 1.61, Donato Ferrante, 23:27
- MusicDaemon <= 0.0.3 /etc/shadow Stealer / DoS Exploit, Tal0n, 22:57
- Bugs fixed in Version 1.4.3, Joxean Koret, 22:36
- IE, Firefox, Opera DoS, exploits, 22:26
- KDE Security Advisory: Konqueror Cross-Domain Cookie Injection, Waldo Bastian, 19:15
- [Full-Disclosure] Hafiye-1.0 Terminal Escape Sequence Injection Vulnerability, Serkan Akpolat, 17:14
- [Full-Disclosure] [ GLSA 200408-21 ] Cacti: SQL injection vulnerability, Kurt Lieber, 13:02
- JShop Input Validation Hole in 'page.php' Permits Cross-Site Scripting Attacks, Dr Ponidi, 13:02
- [Full-Disclosure] ERRATA: [ GLSA 200406-14 ] aspell: Buffer overflow in word-list-compress, Kurt Lieber, 12:52
- [Full-Disclosure] [gentoo-announce] ERRATA: [ GLSA 200408-21 ] Cacti: SQL injection vulnerability, Sune Kloppenborg Jeppesen, 12:02
- [Full-Disclosure] [gentoo-announce] [ GLSA 200408-22 ] Mozilla, Firefox, Thunderbird: New releases fix vulnerabilities, Kurt Lieber, 11:11
August 22, 2004
- Multiple vulnerabilities in MyDMS, Jose Antonio, 22:45
- Mantis Bugtracker Remote PHP Code Execution Vulnerability, Jose Antonio, 19:53
- [Full-Disclosure] [ GLSA 200408-20 ] Qt: Image loader overflows, Joshua J. Berry, 19:33
- Cross Site Scripting Vulnerability in Sympa, Jose Antonio, 17:02
- Multiple Vulnerabilities in Mantis Bugtracker, Jose Antonio, 16:21
- Re: [Full-Disclosure] [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers, morning_wood, 16:11
- EXPLOIT: Qt bmp heap overflow, infamous41md, 14:10
- Re: Third party cookie handling in Opera can lead to potential compromises in Servers relying on redirection, George Capehart, 12:50
- MDKSA-2004:086 - Updated kdelibs and kdebase packages fix multiple vulnerabilities, Mandrake Linux Security Team, 12:30
- Re: [ GLSA 200408-16 ] glibc: Information leak with LD_DEBUG, Solar Designer, 11:59
- [Full-Disclosure] [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers, bashis, 11:29
- Re: [ GLSA 200408-19 ] courier-imap: Remote Format String Vulnerability, infamous41md, 11:19
- Re: [ GLSA 200408-16 ] glibc: Information leak with LD_DEBUG, Jim Paris, 10:49
- What A Drag II XP SP2, http-equiv@excite.com, 10:18
- NetBSD Security Advisory 2004-009: ftpd root escalation, NetBSD Security-Officer, 08:37
- Cross-Site Scripting (XSS) in Nihuo Web Log Analyzer, Audun Larsen, 05:16
- BadBlue Webserver v2.5 Denial Of Service Vulnerability, GulfTech Security, 04:25
- [Fwd: Re: [vchkpw] vpopmail <= 5.4.2 (sybase vulnerability) (fwd)], Myron Davis, 03:45
August 21, 2004
- Re: SHA-0 Broken, MD5 Rumored Broken, stanislav shalunov, 19:32
- Buffer overflow in sarad, Matthias Bethke, 13:49
- What A Drag II XP SP2, http-equiv@excite.com, 13:49
- Unsecure file permission of ZoneAlarm pro., Bipin Gautam, 13:39
- XV multiple buffer overflows, exploit included, infamous41md, 13:19
- Re: Posible security bug in phpMyWebhosting, Daniel Souza, 04:15
- Re: First vulnerabilities in the SP2 - XP ?..., Matthew Roberts, 03:45
- Re: Posible security bug in phpMyWebhosting, Udo Mueller, 03:15
- RE: Driver for display goes to a infinite loop by viewing a html!, Christopher Wagner, 03:05
- Xines_Mine.c Open Security Group Advisory, c0ntex, 02:45
- Re: Cross-Site Scripting (XSS) in Php-Nuke 7.1.0, Anthony Petito, 02:35
- [2Cents on] vpopmail <= 5.4.2 (sybase vulnerability), bugtraq, 02:15
August 20, 2004
- [Full-Disclosure] CAU-2004-0002 - imwheel Predictable PidFile Name Race Condition, I)ruid, 22:13
- RE: Re[2]: [Full-Disclosure] Security aspects of time synchronization infrastructure, joe, 13:58
- Re: SQL Injection in CACTI, Cedric Blancher, 11:27
- RE: First vulnerabilities in the SP2 - XP ?..., Thor Larholm, 11:17
- [security bulletin] SSRT3460 rev.3 HP-UX Network traffic can cause programs to fail, Boren, Rich (SSRT), 11:17
- SUSE Security Announcement: qt3 (SUSE-SA:2004:027), Thomas Biege, 10:57
- Re[2]: [Full-Disclosure] Security aspects of time synchronization infrastructure, 3APA3A, 04:34
- RE: First vulnerabilities in the SP2 - XP ?..., Larry Seltzer, 04:34
- Breaking windows LM hashes using the Time-Memory Trade-Off : Optimization & new tool, Jérôme, 04:13
- recent iDefense advisories not being posted to bugtraq includes CVS information disclosure bug (CAN-2004-0778), Marc Bejarano, 04:03
- Re: First vulnerabilities in the SP2 - XP ?..., Robert Decker, 03:53
- Re: SHA-0 Broken, MD5 Rumored Broken, Anthony Nemmer, 03:33
- SHA-0 Broken, MD5 Rumored Broken, Jérôme, 02:33
- Re: Posible security bug in phpMyWebhosting, Müller, 01:32
- Immunity, Inc. Release: libdisassemble, dave, 01:12
- Open Security Group Advisory #6, c0ntex, 00:42
August 19, 2004
- MDKSA-2004:085 - Updated qt3 packages fix multiple vulnerabilities, Mandrake Linux Security Team, 23:31
- CESA-2004-004: qt, chris, 22:31
- Re: SQL Injection in CACTI, Andy Markert, 22:31
- MDKSA-2004:084 - Updated spamassassin packages fixes possible malformed message vulnerability, Mandrake Linux Security Team, 22:01
- [Full-Disclosure] [gentoo-announce] [ GLSA 200408-19 ] courier-imap: Remote Format String Vulnerability, Joshua J. Berry, 21:41
- RE: [Full-Disclosure] Security aspects of time synchronization infrastructure, joe, 20:50
- MDKSA-2004:083 - Updated rsync packages fix remotely-exploitable vulnerability, Mandrake Linux Security Team, 20:40
- [Full-Disclosure] Security aspects of time synchronization infrastructure, 3APA3A, 19:40
- Re: IpSwitch IMail Server <= ver 8.1 User Password Decryption, Jérôme, 19:29
- Vulnerabilities in Merak Webmail Server., Criolabs, 15:47
- [Full-Disclosure] Re: IpSwitch IMail Server <= ver 8.1 User Password Decryption, David E. Smith, 12:16
- Multiple vulnerabilities in PHP-FUSION, Ahmad Muammar, 08:34
- Re: First vulnerabilities in the SP2 - XP ?..., Radoslav DejanoviÄ, 02:01
August 18, 2004
- Re: First vulnerabilities in the SP2 - XP ?..., Colin Alston, 15:47
- Re: First vulnerabilities in the SP2 - XP ?..., Oliver Schneider, 14:36
- Cross-Site Scripting (XSS) in Php-Nuke 7.1.0, Abu Lafy, 14:06
- Opera Local File/Directory Detection (GM#009-OP), GreyMagic Software, 09:23
- [Full-Disclosure] Re: IpSwitch IMail Server <= ver 8.1 User Password Decryption, buggy, 09:03
- [NGSEC-2004-6] IPD, local system denial of service., labs@NGSEC, 07:43
- LNSA-#2004-0017: rsync (Aug, 17 2004), Vincenzo Ciaglia, 06:52
- vpopmail <= 5.4.2 (sybase vulnerability), Jérôme, 06:52
- TSLSA-2004-0042 - rsync, Trustix Security Advisor, 06:22
- Re: SQL Injection in CACTI, Thomas Chiverton, 05:52
- SQL Injection in CACTI, Fernando Quintero, 00:54
- [Full-Disclosure] [ GLSA 200408-18 ] xine-lib: VCD MRL buffer overflow, Kurt Lieber, 00:54
- TSSA-2004-020-ES - rsync, tinysofa Security Team, 00:53
- First vulnerabilities in the SP2 - XP ?..., Jérôme, 00:53
- [Full-Disclosure] [ GLSA 200408-16 ] glibc: Information leak with LD_DEBUG, Kurt Lieber, 00:53
- [Full-Disclosure] Re: IpSwitch IMail Server <= ver 8.1 User Password Decryption, Dave Warren, 00:53
- [Full-Disclosure] [ GLSA 200408-17 ] rsync: Potential information leakage, Kurt Lieber, 00:53
- [Full-Disclosure] Third party cookie handling in Opera can lead to potential compromises in Servers relying on redirection, Rohit Dube, 00:53
- SUSE Security Announcement: rsync (SUSE-SA:2004:026), Thomas Biege, 00:53
- gv buffer overflows: here, there, and everywhere, infamous41md, 00:53
- pscript.de PFORUM XSS Vulnerability, Christoph Jeschke, 00:53
- NullyFake - Site Spoofing in MSIE, Liu Die Yu, 00:53
- Re: SpecificMAIL Technical Brief, Skip Carter, 00:53
- RE: [Full-Disclosure] IpSwitch IMail Server <= ver 8.1 User Password Decryption, Bill Roemhild, 00:52
August 14, 2004
- Posible security bug in phpMyWebhosting, Matias Neiff, 19:39
- RE: JS/Zerolin, Thor Larholm, 18:28
- SpecificMAIL Technical Brief, Nick D., 17:48
- QuiXplorer directory traversal, Cyrille Barthelemy, 17:48
- Re: [Full-Disclosure] Re: [ GLSA 200408-10 ] gv: Exploitable Buffer Overflow, Barrie Dempster, 17:37
- [Full-Disclosure] Re: [ GLSA 200408-10 ] gv: Exploitable Buffer Overflow, Dan Margolis, 16:17
- Re: NETGEAR DG834G SPECIAL FEATURES, Dave Paris, 03:12
- Re: NETGEAR DG834G SPECIAL FEATURES, thanasonic, 02:01
- Re: JS/Zerolin, K-OTiK Security, 01:41
- Corsaire Security Advisory - Clearswift MAILsweeper multiple encoding/compression issues, advisories, 01:21
August 13, 2004
- RE: NETGEAR DG834G SPECIAL FEATURES, Andre Lorbach, 23:30
- MDKSA-2004:082 - Updated mozilla packages fix multiple vulnerabilities, Mandrake Linux Security Team, 22:50
- Re: JS/Zerolin, Nicolas Gregoire, 21:29
- [Full-Disclosure] SGI Advanced Linux Environment 3 Security Update #9, SGI Security Coordinator, 20:59
- [Full-Disclosure] SGI Advanced Linux Environment 2.4 security update #24, SGI Security Coordinator, 20:59
- Re: NETGEAR DG834G SPECIAL FEATURES, Uday Moorjani, 20:39
- recent gaim advisory, infamous41md, 19:28
- Re: JS/Zerolin, T.H. Haymore, 18:47
- MDKSA-2004:081 - Updated gaim packages fix remotely exploitable vulnerabilities, Mandrake Linux Security Team, 18:16
- Re: SSC Advisory TSA-051 (T-mobile wireless and Verizon Northwest), Lance James, 17:36
- NGSEC's response to Idefense overflow protections whitepaper. (PART II), lists@NGSEC, 16:45
- RE: ISS BlackIce Server Protect Unprivileged User Attack, Herman Frederick Ebeling Jr., 16:45
- Advanced usage of system() function., Adam Zabrocki, 13:20
- New Paper: Microsoft Windows, a lower Total Cost of Ownership, Dave Aitel, 12:29
- [Full-Disclosure] ISS BlackIce Server Protect Unprivileged User Attack, Thomas Ryan, 10:47
- Re: SSC Advisory TSA-051 (T-mobile wireless and Verizon Northwest), Brad Herbert, 03:33
- Re: AOL Instant Messenger "Away" Message Buffer Overflow Vulnerability, High Pressure, 02:12
- Re: Driver for display goes to a infinite loop by viewing a html!, Frank Nospam, 00:31
August 12, 2004
- NETGEAR DG834G SPECIAL FEATURES, thanasonic, 22:10
- Re: [ GLSA 200408-10 ] gv: Exploitable Buffer Overflow, infamous41md, 19:39
- [Full-Disclosure] [ GLSA 200408-12 ] Gaim: MSN protocol parsing function buffer overflow, Sune Kloppenborg Jeppesen, 19:29
- [Full-Disclosure] [ GLSA 200408-13 ] kdebase, kdelibs: Multiple security issues, Sune Kloppenborg Jeppesen, 19:09
- Re: Driver for display goes to a infinite loop by viewing a html!, 3APA3A, 18:28
- RE: NGSEC's response to Idefense overflow protections whitepaper., Richard Johnson, 18:28
- JS/Zerolin, T.H. Haymore, 18:28
- Re: SSC Advisory TSA-051 (T-mobile wireless and Verizon Northwest), Joe Eversole, 17:40
- SUSE Security Announcement: gaim (SUSE-SA:2004:025), Thomas Biege, 16:50
- [CLA-2004:858] Conectiva Security Announcement - squirrelmail, Conectiva Updates, 15:17
- Metasploit Framework v2.2, H D Moore, 14:56
- [Full-Disclosure] [ GLSA 200408-11 ] Nessus: "adduser" race condition vulnerability, Sune Kloppenborg Jeppesen, 14:15
- [Full-Disclosure] [ GLSA 200408-10 ] gv: Exploitable Buffer Overflow, Sune Kloppenborg Jeppesen, 14:15
- RE: AOL Instant Messenger "Away" Message Buffer Overflow Vulnerability, Thor Larholm, 14:15
- [Full-Disclosure] Re: Driver for display goes to a infinite loop by viewing a html!, Steve Clement, 14:15
- Re: Clearswift Mimesweeper Path Traversal Vulnerability, Pete Simpson, 14:14
- SSC Advisory TSA-051 (T-mobile wireless and Verizon Northwest), Secure Science Corporation Advisory Notice, 14:14
- Re: Driver for display goes to a infinite loop by viewing a html!, Christopher X. Candreva, 14:14
- Clearswift Mimesweeper Path Traversal Vulnerability, Kroma Pierre, 14:14
- Re: Driver for display goes to a infinite loop by viewing a html!, Jack C, 14:14
- Re: Driver for display goes to a infinite loop by viewing a html!, Mike Pumford, 14:14
- Re: Driver for display goes to a infinite loop by viewing a html!, Steven Leikeim, 14:14
- RE: Driver for display goes to a infinite loop by viewing a html!, Eggers, Bill A [LTD], 14:14
- KDE Security Advisories: Temporary File and Konqueror Frame Injection Vulnerabilities, Waldo Bastian, 14:14
- Re: [Full-Disclosure] ISS BlackIce Server Protect Unprivileged User Attack, kf_lists, 14:14
- [Full-Disclosure] [ GLSA 200408-09 ] Roundup filesystem access vulnerability, Kurt Lieber, 14:14
- Re: Driver for display goes to a infinite loop by viewing a html!, Anthony Petito, 14:14
- [Full-Disclosure] ISS BlackIce Server Protect Unprivileged User Attack, Thomas Ryan, 14:14
- [Full-Disclosure] ptl-2004-03: WIDCOMM Bluetooth Connectivity Software Buffer Overflows, Pentest Security Advisories, 14:14
- Re: Driver for display goes to a infinite loop by viewing a html!, Eddie Block, 14:14
- Windows doesn't verify digital signature of CRL files, Michael Howard, 14:14
- EXPLOIT libpng, infamous41md, 14:14
- NGSEC's response to Idefense overflow protections whitepaper., lists@NGSEC, 14:14
- [Full-Disclosure] RE: AOL Instant Messenger "Away" Message Buffer Overflow Vulnerability, Thor Larholm, 14:13
- Driver for display goes to a infinite loop by viewing a html!, Bipin Gautam, 14:13
- HTTP Response Splitting vulnerability in Microsoft Outlook Web Access for Exchange 5.5, Amit Klein, 14:13
- Re: Driver for display goes to a infinite loop by viewing a html!, Conor Byrne, 14:13
- BlackICE unprivileged local user attack, Paul Craig - Pimp Industries, 14:13
- Re: Windows doesn't verify digital signature of CRL files, Thomas Walpuski, 14:13
- Re: Windows doesn't verify digital signature of CRL files, Thomas Walpuski, 14:13
- [VulnWatch] ptl-2004-03: WIDCOMM Bluetooth Connectivity Software Buffer Overflows, Pentest Security Advisories, 14:13
- Re: Windows doesn't verify digital signature of CRL files, Valdis . Kletnieks, 14:13
- AOL Instant Messenger "Away" Message Buffer Overflow Vulnerability, homicidal, 14:13
- Re: Windows doesn't verify digital signature of CRL files, Jack Lloyd, 14:13
- [Full-Disclosure] [ GLSA 200408-08 ] Cfengine : RSA Authentication Heap Corruption, Kurt Lieber, 14:13
- [Full-Disclosure] [sb] [ GLSA 200408-07 ] Horde-IMP: Input validation vulnerability for Internet Explorer users, Kurt Lieber, 14:13
- Corsaire Security Advisory - Port80 Software ServerMask inconsistencies, advisories, 14:12
- Corsaire Security Advisory - Sygate Enforcer discovery packet DoS issue, advisories, 14:12
August 11, 2004
- MDKSA-2004:080 - Updated shorewall packages fix temporary file vulnerabilities, Mandrake Linux Security Team, 18:54
- spamcop.net allows everyone to grab mail addresses and reset passwords, Henning Schmiedehausen, 18:34
- Re: Windows doesn't verify digital signature of CRL files, Thomas Walpuski, 18:03
- [Full-Disclosure] RE: Anyone know IBM's security address?, Discini, Sonny, 18:03
- [security bulletin] SSRT4785 rev. 0 HP-UX Process Resource Manager (PRM) potential data corruption, Boren, Rich (SSRT), 17:53
- [Full-Disclosure] RE: Anyone know IBM's security address?, Michael Scheidell, 17:53
- [Full-Disclosure] iDEFENSE - New Tricks [web censorship!], Ben Ryan, 17:53
- [Full-Disclosure] [ GLSA 200408-07 ] Horde-IMP: Input validation vulnerability for Internet Explorer users, Kurt Lieber, 16:21
August 10, 2004
- Corsaire Security Advisory - Sygate Enforcer unauthenticated broadcast issue, advisories, 16:32
- Corsaire Security Advisory - Sygate Secure Enterprise replay issue, advisories, 16:00
- Re: Windows doesn't verify digital signature of CRL files, Neil Gierman, 14:49
- [security bulletin] SSRT4788 rev. 0 HP-UX Apache Remote arbitrary code execution, Boren, Rich (SSRT), 14:09
- RE: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards, Lyal Collins, 11:10
- Re: [PHP Bug] How to hide a HTTP request in the apache logs, Max Valdez, 10:29
- First symbian OS trojan discovered in the wild, kers0r, 08:48
- CORE-2004-0714: Cfengine RSA Authentication Heap Corruption, CORE Security Technologies Advisories, 02:55
August 09, 2004
- [Full-Disclosure] [ GLSA 200408-06 ] SpamAssassin: Denial of Service vulnerability, Sune Kloppenborg Jeppesen, 22:53
- Windows doesn't verify digital signature of CRL files, Faro Poplar, 22:53
- TSLSA-2004-0041 - kernel, Trustix Security Advisor, 21:28
- Java XSLT security advisory addendum, Marc Schoenefeld, 21:28
- Re: [PHP Bug] How to hide a HTTP request in the apache logs, Steve Brown, 19:39
- SUSE Security Announcement: kernel (SUSE-SA:2004:024), Thomas Biege, 19:18
- RE: [Full-Disclosure] DOS@MEHTTPS, Peter Fregon, 18:18
- Remote Command Execution, Francisco Alisson, 17:44
- Re: SuSE Linux K-Menu YAST Control Center Priviledge Escalation Vulnerability, Matthias Leisi, 17:24
- Re: SuSE Linux K-Menu YAST Control Center Priviledge Escalation Vulnerability, Radoslav DejanoviÄ, 14:54
- Re: Winmx Software making calls to Port 25, Radoslav DejanoviÄ, 14:36
- RE: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards, Bart . Lansing, 12:42
August 06, 2004
- Re: CVS woes: .cvspass, Andy Dustman, 16:49
- Remote Command Execution, Francisco Alisson, 15:48
- Opera: Location, Location, Location (GM#008-OP), GreyMagic Software, 15:38
- GNU/Linux 'info Buffer Overflow, Josh Martin, 15:28
- [CLA-2004:856] Conectiva Security Announcement - libpng, Conectiva Updates, 15:28
- Re: Microsoft Internet Explorer 6 Protocol Handler Vulnerability, Jouko Pynnonen, 15:18
- [security bulletin] SSRT4782 rev. 1 HP-UX CIFS Server potential remote root access, Boren, Rich (SSRT), 15:08
- [CLA-2004:857] Conectiva Security Announcement - apache, Conectiva Updates, 14:48
- Re: [Full-Disclosure] Re: MS04-025 - Ignorance is truly bliss...., Georgi Guninski, 12:05
- RE: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards, Bart . Lansing, 10:24
- RE: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards, Lyal Collins, 07:23
- RE: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards, Israel Torres, 07:23
- Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards, Seth Breidbart, 07:23
- [Full-Disclosure] Re: MS04-025 - Ignorance is truly bliss...., Ferguson, 07:13
- RE: International DNS compromise?, travis . alexander, 06:43
- RE: New MyDoom variant, Security Guy, 06:43
- Re: New MyDoom variant, Purple Pony, 05:52
- Re: New MyDoom variant, Marc Hultquist, 03:52
August 05, 2004
- Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards, Lee Dilkie, 21:59
- Re: International DNS compromise?, John Kinsella, 21:49
- Re: New MyDoom variant, Thor, 21:39
- Microsoft Internet Explorer 6 Protocol Handler Vulnerability, Robillard, Nicolas, 21:29
- Re: CVS woes: .cvspass, Delian Krustev, 20:59
- local denial of Service, Yellowdog linux to 3.0.1, pmoses, 20:49
- Re: New MyDoom variant, Mary Landesman, 20:29
- Re: International DNS compromise?, Troy, 20:08
- CVStrac Remote Arbitrary Code Execution exploit, Richard Ngo, 20:08
- Re: CVS woes: .cvspass, Greg A. Woods, 19:58
- Re: International DNS compromise?, john, 19:18
- International DNS compromise?, Zhen Shi, 19:18
- Re: New MyDoom variant, James C. Slora Jr., 18:28
- Re: [Full-Disclosure] Clear text password exposure in Datakey's tokens and smartcards, Kevin Sheldrake, 17:37
- [Full-Disclosure] [ GLSA 200408-05 ] Opera: Multiple new vulnerabilities, Thierry Carrez, 17:37
- [Full-Disclosure] MS04-025 - Ignorance is truly bliss...., hellNbak, 17:37
- [ GLSA 200408-03 ] libpng: Numerous vulnerabilities, Sune Kloppenborg Jeppesen, 16:43
- TSLSA-2004-0040 - libpng, Trustix Security Advisor, 16:43
- [SECURITY] [DSA 536-1] New libpng, libpng3 packages fix multiple vulnerabilities, Matt Zimmerman, 16:43
- [ GLSA 200408-04 ] PuTTY: Pre-authentication arbitrary code execution, Sune Kloppenborg Jeppesen, 16:43
- Opera: Location, Location, Location, GreyMagic Software, 16:43