NTBugtraq (date)
October 31, 2004
- Re: New URL spoofing bug in Microsoft Internet Explorer, Russ Thomas, 09:26
- Re: New URL spoofing bug in Microsoft Internet Explorer, Marjolein Katsma, 09:26
- Re: New URL spoofing bug in Microsoft Internet Explorer, Yergeau, Tom, 09:26
- Re: New URL spoofing bug in Microsoft Internet Explorer, Angus Scott-Fleming, 09:26
- Re: New URL spoofing bug in Microsoft Internet Explorer, James C Slora Jr, 09:15
October 28, 2004
- Logon Hours and Local Admin Equivalence, William Lowry, 10:36
- Re: How to Break Windows XP SP2 + Internet Explorer 6 SP2, Tod Beardsley, 10:26
- Problems with MS04-032, Russ, 10:26
- Re: Windows file I/O not internationalized, Liu Die Yu, 10:26
- Re: MSXML Service Packs, Doug Neal, 08:45
- EEYE: RealPlayer Zipped Skin File Buffer Overflow, Marc Maiffret, 08:35
October 26, 2004
- Re: Administrivia #29691: TruSecure Global Risk Index Survey, Russ, 18:16
- Re: Most Oct 2004 patches for NT won't install on Workstation, Reed Darsey, 17:46
- Any Authenticated User can Restart or Shutdown a Remote WinXP computer, G. Dell'Abate, 16:15
- Getting pop up, Philip Walley, 16:15
- Rendering large binary file as HTML makes Mozilla Firefox stop responding or crash, Peter Kruse, 16:15
- MinorRev: Microsoft Security Bulletin MS04-037 - Vulnerability in Windows Shell Could Allow Remote Code Execution (841356), Russ Cooper, 16:15
- BHO KB Link - How to Disable Third-Party Tool Bands and Browser Helper Objects, Duane Maurer II, 16:15
- Scanner released to detect and repair MS04-028 infected JPEG files, Wayne - diamondcs.com.au, 16:15
- Re: How to Break Windows XP SP2 + Internet Explorer 6 SP2, Steve Boyce, 16:15
- Windows file I/O not internationalized, Paul Szabo, 16:15
- MSXML Service Packs, Joe Dance, 16:15
- [Full-Disclosure] re: How to Break Windows XP SP2 + Internet Explorer 6 SP2, Michael Evanchik, 16:13
October 20, 2004
- [Full-Disclosure] Re: [Unpatched] New 0day exploit for XPSP2, Juergen Schmidt, 19:45
- [Full-Disclosure] RE: How to Break Windows XP SP2 + Internet Explorer 6 SP2, Thor Larholm, 13:22
- 3D-FTP vulnerable to DoS Attack, Cybertrion Systems, 11:11
- How to Break Windows XP SP2 + Internet Explorer 6 SP2, http-equiv@excite.com, 11:11
- pacsec.jp advisory: Firewire/IEEE 1394 Considered Harmful to Physical Security, Dragos Ruiu, 11:01
- Secunia Research: Multiple Browsers Tabbed Browsing Vulnerabilities, Jakob Balle, 11:01
October 15, 2004
- [Full-Disclosure] Re: Writing Trojans that bypass Windows XP Service Pack 2 Firewall, mrinfosec, 20:14
- RE: Interesting thing about ICF and SP2, Jim Harrison (ISA), 20:14
- Re: [Full-Disclosure] Writing Trojans that bypass Windows XP Service Pack 2 Firewall, Martin Mkrtchian, 17:22
- Re: Interesting thing about ICF and SP2, Matt Ostiguy, 17:12
- RE: Interesting thing about ICF and SP2, Moser, Scott, 17:02
- Re: Microsoft Security Bulletin MS04-038 - Cumulative Security Update for Internet Explorer (834707), Russ, 11:06
- Most Oct 2004 patches for NT won't install on Workstation, Reed Darsey, 10:35
- Re: MonkeyShell: using XML-RPC for access to a remote shell, Barry Dorrans, 10:35
- Interesting thing about ICF and SP2, Erik Pace Birkholz, 10:35
- Re: Windows Update Issue, Russ, 10:25
October 14, 2004
- ACROS Security: Session Fixation in JRun Management Console, ACROS Security, 19:37
- ACROS Security: HTML Injection in JRun Management Console, ACROS Security, 19:17
- ACROS Security: Unsanitized Session ID Cookie Allows Modifying Server Response, ACROS Security, 19:07
- Windows Update Issue, Daniel Goymer, 10:54
- SetWindowLong Shatter Attacks, Brett Moore, 00:27
- Buffer Overflow In Microsoft Excel, Brett Moore, 00:27
October 13, 2004
- IISShield and ASP.NET canonicalization, Tiago Halm, 17:32
- MS04-028 Enterprise Scanning Tool KB location, Russ, 10:28
- ACROS Security: Poisoning Cached HTTPS Documents in Internet Explorer, ACROS Security, 10:28
- EEYE: Windows VDM #UD Local Privilege Escalation, Derek Soeder, 10:28
- EEYE: Windows Shell ZIP File Decompression DUNZIP32.DLL Buffer Overflow Vulnerability, Derek Soeder, 10:28
- Regression in IE: Accessing remote/local content in IE (GM#009-IE), GreyMagic Security, 10:28
October 12, 2004
- Re: [VulnWatch] CORE-2004-0802: IIS NNTP Service XPAT Command Vulnerabilities, wirepair, 22:20
- CORE-2004-0802: IIS NNTP Service XPAT Command Vulnerabilities, CORE Security Technologies Advisories, 16:26
- MajorRev: v2.0 Microsoft Security Bulletin MS04-028 - Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987), Russ Cooper, 14:55
- Alert: Microsoft Security Bulletin MS04-038 - Cumulative Security Update for Internet Explorer (834707), Russ Cooper, 14:35
- Alert: Microsoft Security Bulletin MS04-037 - Vulnerability in Windows Shell Could Allow Remote Code Execution (841356), Russ Cooper, 14:35
- Alert: Microsoft Security Bulletin MS04-036 - Vulnerability in NNTP Could Allow Remote Code Execution (883935), Russ Cooper, 14:35
- Alert: Microsoft Security Bulletin MS04-035 - Vulnerability in SMTP Could Allow Remote Code Execution (885881), Russ Cooper, 14:35
- Alert: Microsoft Security Bulletin MS04-034 - Vulnerability in Compressed (zipped) Folders Could Allow Remote Code Execution (873376), Russ Cooper, 14:35
- Alert: Microsoft Security Bulletin MS04-033 - Vulnerability in Microsoft Excel Could Allow Remote Code Execution (886836), Russ Cooper, 14:35
- Alert: Microsoft Security Bulletin MS04-032 - Security Update for Microsoft Windows (840987), Russ Cooper, 14:35
- Alert: Microsoft Security Bulletin MS04-029 - Vulnerability in RPC Runtime Library Could Allow Information Disclosure and Denial of Service (873350), Russ Cooper, 14:35
- Alert: Microsoft Security Bulletin MS04-031 - Vulnerability in NetDDE Could Allow Remote Code Execution (841533), Russ Cooper, 14:35
- Alert: Microsoft Security Bulletin MS04-030 - Vulnerability in WebDAV XML Message Handler Could Lead to a Denial of Service (824151), Russ Cooper, 14:35
- FYI: New location for the MS Knowledgebase, Russ, 14:25
- [Full-Disclosure] Writing Trojans that bypass Windows XP Service Pack 2 Firewall, americanidiot, 11:13
- Re: MonkeyShell: using XML-RPC for access to a remote shell, Darryl Luff, 03:20
October 09, 2004
- Re: Disclosure Debate - yet again, Michael Watterson, 00:52
- Re: Disclosure Debate - yet again, Kurt, 00:52
- Re: Disclosure Debate - yet again, Patrick Trapp, 00:52
- Re: Disclosure Debate - yet again, Matthew Ramadanovic, 00:52
- Re: [Full-Disclosure] RE: Disclosure policy in Re: RealPlayer vulnerabilities, Matthew S. Cramer, 00:52
- Win XP SP 2 update operations update, Rob, grandpa of Ryan, Trevor, Devon & Hannah, 00:42
- Re: [Full-Disclosure] RE: Disclosure policy in Re: RealPlayer vulnerabilities, Ernst Lopes Cardozo, 00:42
October 08, 2004
- Disclosure Debate - yet again, Russ, 18:09
- ActiveFile, XP+SP2, file download does not work, Bobby Ballard, 17:19
- Re: [Full-Disclosure] RE: Disclosure policy in Re: RealPlayer vulnerabilities, David Kennedy CISSP, 17:19
- Re: CWS = Crummy Windows Security, Ron Parker, 17:19
- Re: [Full-Disclosure] RE: Disclosure policy in Re: RealPlayer vulnerabilities, Martin Viktora, 17:09
- Re: [Full-Disclosure] RE: Disclosure policy in Re: RealPlayer vulnerabilities, Tim Johnson, 17:09
- High CPU = Poor disk I/O on Svr2003?, Joe Pochedley, 11:56
- More details on ASP.NET vulnerability, Mark Burnett, 11:56
- Who needs Real Player?, Bartlett,James D, 11:56
- Re: CWS = Crummy Windows Security, Bartlett,James D, 11:56
- Re: ASP.Net vulnerability, Russ, 11:46
- Re: CWS = Crummy Windows Security, Andrew Aronoff, 11:46
- Re: [Full-Disclosure] RE: Disclosure policy in Re: RealPlayer vulnerabilities, dave, 09:25
- Re: [Full-Disclosure] RE: Disclosure policy in Re: RealPlayer vulnerabilities, Martin Viktora, 06:23
October 07, 2004
- Re: [Full-Disclosure] RE: Disclosure policy in Re: RealPlayer vulnerabilities, Jason Coombs PivX Solutions, 23:21
- [Full-Disclosure] RE: Disclosure policy in Re: RealPlayer vulnerabilities, Drew Copley, 17:58
- Disclosure policy in Re: RealPlayer vulnerabilities, Martin Viktora, 15:37
- Re: ASP.Net vulnerability, Brett Hill, 15:16
- Microsoft Knowledge Base Article - 887459, John Galt, 14:55
- Re: Darn if you do Darn if you don't., Brian S. Bergin, 14:55
- ASP.Net vulnerabillity, Steve Shockley, 14:55
- Patch available for high risk flaws in the AtHoc Toolbar, NGSSoftware Insight Security Research, 14:55
- [VulnWatch] Patch available for high risk flaws in the AtHoc Toolbar, NGSSoftware Insight Security Research, 14:55
- Darn if you do Darn if you don't., Castigliola, Angelo, 14:55
- Patch available for high risk flaws in the AtHoc Toolbar, NGSSoftware Insight Security Research, 14:55
- Patch available for multiple high risk vulnerabilities in RealPlayer, NGSSoftware Insight Security Research, 14:55
- Re: CWS = Crummy Windows Security, Mark Tassin, 14:55
- Patch available for critical IBM DB2 Universal Database flaws, NGSSoftware Insight Security Research, 14:55
- nmapbot: using instant messaging as a remote administration tool, Abe Usher, 14:55
- Re: CWS = Crummy Windows Security, Ron Parker, 14:55
- Possible new SP2 bug, Mitch Stein, 14:55
- Re: CWS = Crummy Windows Security, Ron Parker, 14:55
- Re: Alert: Microsoft Security Bulletin MS04-028 - Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987), Drews, Jane E, 14:55
- Re: Need to purge vulnerable gdiplus.dll?, Ben Conrad, 14:55
- Re: Need to purge vulnerable gdiplus.dll?, Ben, 14:55
- Re: Need to purge vulnerable gdiplus.dll?, Don Arthurs, 14:55
- New Microsoft Security Response Center PGP Key [pgp], Microsoft Security Response Center, 14:55
- Re: CWS = Crummy Windows Security, Louis Solomon [SteelBytes], 14:54
- EEYE: RealPlayer pnen3260.dll Heap Overflow, Marc Maiffret, 14:54
- [VulnWatch] Patch available for multiple high risk vulnerabilities in RealPlayer, NGSSoftware Insight Security Research, 14:54
- Patch available for multiple high risk vulnerabilities in RealPlayer, NGSSoftware Insight Security Research, 14:54
- [VulnWatch] Patch available for critical IBM DB2 Universal Database flaws, NGSSoftware Insight Security Research, 14:53
- Patch available for critical IBM DB2 Universal Database flaws, NGSSoftware Insight Security Research, 14:53