CVE List▾ CVE List Search Search Tips CVE Request Web Form Web Form Help PGP Key CVE List Documents & Guidance Terms of Use        CNAs▾ CVE Numbering Authorities (CNAs) Participating CNAs CNA Documents, Policies & Guidance CNA Rules, Version 3.0 New CNA Onboarding Slides & Videos How to Become a CNA         WGs▾ CVE Working Groups Automation (AWG) CNA Coordination (CNACWG) Outreach and Communications (OCWG) CVE Quality (QWG) Strategic Planning (SPWG) Tactical (TWG)         Board▾ CVE Board Members Email Archives Meeting Archives Board Charter         About▾ About CVE Professional Code of Conduct CVE & NVD Relationship History Sponsor Documentation & Guidance FAQs Terminology       News & Blog▾ Latest CVE News Blog Podcast Calendar Archive Follow CVE Free CVE Newsletter CVEnew Twitter Feed CVEannounce Twitter Feed CVE on Medium CVE on LinkedIn CVEProject on GitHub CVE on YouTube
Search CVE List         Downloads         Data Feeds         Update a CVE Record         Request CVE IDs
TOTAL CVE Records: 228713 NOTICE: Transition to the all-new CVE website at WWW.CVE.ORG and CVE Record Format JSON are underway. NOTICE: Legacy CVE download formats deprecation is now underway and will end on June 30, 2024. New CVE List download format is available now.



CVE (version 20061101)

---

Name: CVE-1999-0002

Description:

Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems.

Status:Entry
Reference: BID:121
Reference: URL:http://www.securityfocus.com/bid/121
Reference: CERT:CA-98.12.mountd
Reference: CIAC:J-006
Reference: URL:http://www.ciac.org/ciac/bulletins/j-006.shtml
Reference: SGI:19981006-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981006-01-I
Reference: XF:linux-mountd-bo

---

Name: CVE-1999-0003

Description:

Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).

Status:Entry
Reference: BID:122
Reference: URL:http://www.securityfocus.com/bid/122
Reference: CERT:CA-98.11.tooltalk
Reference: NAI:NAI-29
Reference: SGI:19981101-01-A
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981101-01-A
Reference: SGI:19981101-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981101-01-PX
Reference: XF:aix-ttdbserver
Reference: XF:tooltalk

---

Name: CVE-1999-0005

Description:

Arbitrary command execution via IMAP buffer overflow in authenticate command.

Status:Entry
Reference: BID:130
Reference: URL:http://www.securityfocus.com/bid/130
Reference: CERT:CA-98.09.imapd
Reference: SUN:00177
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/177
Reference: XF:imap-authenticate-bo

---

Name: CVE-1999-0006

Description:

Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows remote attackers to gain root access using a long PASS command.

Status:Entry
Reference: AUSCERT:AA-98.01
Reference: BID:133
Reference: URL:http://www.securityfocus.com/bid/133
Reference: CERT:CA-98.08.qpopper_vul
Reference: SGI:19980801-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980801-01-I
Reference: XF:qpopper-pass-overflow

---

Name: CVE-1999-0007

Description:

Information from SSL-encrypted sessions via PKCS #1.

Status:Entry
Reference: CERT:CA-98.07.PKCS
Reference: MS:MS98-002
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-002
Reference: XF:nt-ssl-fix

---

Name: CVE-1999-0008

Description:

Buffer overflow in NIS+, in Sun's rpc.nisd program.

Status:Entry
Reference: CERT:CA-98.06.nisd
Reference: ISS:June10,1998
Reference: SUN:00170
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/170
Reference: XF:nisd-bo-check

---

Name: CVE-1999-0009

Description:

Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.

Status:Entry
Reference: BID:134
Reference: URL:http://www.securityfocus.com/bid/134
Reference: CERT:CA-98.05.bind_problems
Reference: HP:HPSBUX9808-083
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9808-083
Reference: SGI:19980603-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980603-01-PX
Reference: SUN:00180
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/180
Reference: XF:bind-bo

---

Name: CVE-1999-0010

Description:

Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages.

Status:Entry
Reference: CERT:CA-98.05.bind_problems
Reference: HP:HPSBUX9808-083
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9808-083
Reference: SGI:19980603-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980603-01-PX
Reference: XF:bind-dos

---

Name: CVE-1999-0011

Description:

Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.

Status:Entry
Reference: CERT:CA-98.05.bind_problems
Reference: HP:HPSBUX9808-083
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9808-083
Reference: SGI:19980603-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980603-01-PX
Reference: SUN:00180
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/180
Reference: XF:bind-axfr-dos

---

Name: CVE-1999-0012

Description:

Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names.

Status:Entry
Reference: CERT:CA-98.04.Win32.WebServers
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0012
Reference: XF:nt-web8.3

---

Name: CVE-1999-0013

Description:

Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user.

Status:Entry
Reference: CERT:CA-98.03.ssh-agent
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0013
Reference: NAI:NAI-24
Reference: XF:ssh-agent

---

Name: CVE-1999-0014

Description:

Unauthorized privileged access or denial of service via dtappgather program in CDE.

Status:Entry
Reference: CERT:CA-98.02.CDE
Reference: HP:HPSBUX9801-075
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9801-075
Reference: SUN:00185
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/185

---

Name: CVE-1999-0016

Description:

Land IP denial of service.

Status:Entry
Reference: CERT:CA-97.28.Teardrop_Land
Reference: CISCO:http://www.cisco.com/warp/public/770/land-pub.shtml
Reference: FREEBSD:FreeBSD-SA-98:01
Reference: HP:HPSBUX9801-076
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9801-076
Reference: XF:95-verv-tcp
Reference: XF:cisco-land
Reference: XF:land
Reference: XF:land-patch
Reference: XF:ver-tcpip-sys

---

Name: CVE-1999-0017

Description:

FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.

Status:Entry
Reference: CERT:CA-97.27.FTP_bounce
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0017
Reference: XF:ftp-bounce
Reference: XF:ftp-privileged-port

---

Name: CVE-1999-0018

Description:

Buffer overflow in statd allows root privileges.

Status:Entry
Reference: AUSCERT:AA-97.29
Reference: BID:127
Reference: URL:http://www.securityfocus.com/bid/127
Reference: CERT:CA-97.26.statd
Reference: XF:statd

---

Name: CVE-1999-0019

Description:

Delete or create a file via rpc.statd, due to invalid information.

Status:Entry
Reference: CERT:CA-96.09.rpc.statd
Reference: SUN:00135
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/135
Reference: XF:rpc-stat

---

Name: CVE-1999-0021

Description:

Arbitrary command execution via buffer overflow in Count.cgi (wwwcount) cgi-bin program.

Status:Entry
Reference: BID:128
Reference: URL:http://www.securityfocus.com/bid/128
Reference: BUGTRAQ:19971010 Security flaw in Count.cgi (wwwcount)
Reference: CERT:CA-97.24.Count_cgi
Reference: XF:http-cgi-count

---

Name: CVE-1999-0022

Description:

Local user gains root privileges via buffer overflow in rdist, via expstr() function.

Status:Entry
Reference: CERT:CA-97.23.rdist
Reference: SUN:00179
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/179
Reference: XF:rdist-bo3
Reference: XF:rdist-sept97

---

Name: CVE-1999-0023

Description:

Local user gains root privileges via buffer overflow in rdist, via lookup() function.

Status:Entry
Reference: CERT:CA-96.14.rdist_vul
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0023
Reference: XF:rdist-bo
Reference: XF:rdist-bo2

---

Name: CVE-1999-0024

Description:

DNS cache poisoning via BIND, by predictable query IDs.

Status:Entry
Reference: CERT:CA-97.22.bind
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0024
Reference: NAI:NAI-11
Reference: XF:bind

---

Name: CVE-1999-0025

Description:

root privileges via buffer overflow in df command on SGI IRIX systems.

Status:Entry
Reference: AUSCERT:AA-97.19.IRIX.df.buffer.overflow.vul
Reference: BID:346
Reference: URL:http://www.securityfocus.com/bid/346
Reference: CERT:CA-1997-21
Reference: URL:http://www.cert.org/advisories/CA-1997-21.html
Reference: CERT-VN:VU#20851
Reference: URL:http://www.kb.cert.org/vuls/id/20851
Reference: SGI:SGI:19970505-01-A
Reference: SGI:SGI:19970505-02-PX
Reference: XF:df-bo(440)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/440

---

Name: CVE-1999-0026

Description:

root privileges via buffer overflow in pset command on SGI IRIX systems.

Status:Entry
Reference: AUSCERT:AA-97.20.IRIX.pset.buffer.overflow.vul
Reference: CERT:CA-97.21.sgi_buffer_overflow
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0026
Reference: XF:pset-bo

---

Name: CVE-1999-0027

Description:

root privileges via buffer overflow in eject command on SGI IRIX systems.

Status:Entry
Reference: AUSCERT:AA-97.21.IRIX.eject.buffer.overflow.vul
Reference: CERT:CA-97.21.sgi_buffer_overflow
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0027
Reference: XF:eject-bo

---

Name: CVE-1999-0028

Description:

root privileges via buffer overflow in login/scheme command on SGI IRIX systems.

Status:Entry
Reference: AUSCERT:AA-97.22.IRIX.login.scheme.buffer.overflow.vul
Reference: CERT:CA-97.21.sgi_buffer_overflow
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0028
Reference: XF:sgi-schemebo

---

Name: CVE-1999-0029

Description:

root privileges via buffer overflow in ordist command on SGI IRIX systems.

Status:Entry
Reference: AUSCERT:AA-97.23-IRIX.ordist.buffer.overflow.vul
Reference: CERT:CA-97.21.sgi_buffer_overflow
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0029
Reference: XF:ordist-bo

---

Name: CVE-1999-0031

Description:

JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability.

Status:Entry
Reference: CERT:CA-97.20.javascript
Reference: HP:HPSBUX9707-065
Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9707-065.html

---

Name: CVE-1999-0032

Description:

Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option.

Status:Entry
Reference: AUSCERT:AA-96.12
Reference: BID:707
Reference: URL:http://www.securityfocus.com/bid/707
Reference: BUGTRAQ:19960813 Possible bufferoverflow condition in lpr, xterm and xload
Reference: BUGTRAQ:19961025 Linux & BSD's lpr exploit
Reference: CERT:CA-97.19.bsdlp
Reference: CIAC:H-08
Reference: CIAC:I-042
Reference: URL:http://www.ciac.org/ciac/bulletins/i-042.shtml
Reference: MLIST:[freebsd-security] 19961025 Vadim Kolontsov: BoS: Linux & BSD's lpr exploit
Reference: MLIST:[linux-security] 19961122 LSF Update#14: Vulnerability of the lpr program.
Reference: SGI:19980402-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980402-01-PX
Reference: XF:bsd-lprbo
Reference: XF:bsd-lprbo2
Reference: XF:lpr-bo

---

Name: CVE-1999-0034

Description:

Buffer overflow in suidperl (sperl), Perl 4.x and 5.x.

Status:Entry
Reference: CERT:CA-97.17.sperl
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0034
Reference: XF:perl-suid

---

Name: CVE-1999-0035

Description:

Race condition in signal handling routine in ftpd, allowing read/write arbitrary files.

Status:Entry
Reference: AUSCERT:AA-97.03
Reference: CERT:CA-97.16.ftpd
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0035
Reference: XF:ftp-ftpd

---

Name: CVE-1999-0036

Description:

IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files.

Status:Entry
Reference: AUSCERT:AA-97.12
Reference: CERT:CA-97.15.sgi_login
Reference: CIAC:H-106
Reference: URL:http://www.ciac.org/ciac/bulletins/h-106.shtml
Reference: OSVDB:990
Reference: URL:http://www.osvdb.org/990
Reference: SGI:19970508-02-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970508-02-PX
Reference: XF:sgi-lockout(557)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/557

---

Name: CVE-1999-0037

Description:

Arbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail.

Status:Entry
Reference: CERT:CA-97.14.metamail
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0037
Reference: XF:metamail-header-commands

---

Name: CVE-1999-0038

Description:

Buffer overflow in xlock program allows local users to execute commands as root.

Status:Entry
Reference: CERT:CA-97.13.xlock
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0038
Reference: XF:xlock-bo

---

Name: CVE-1999-0039

Description:

webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter.

Status:Entry
Reference: AUSCERT:AA-97.14
Reference: BID:374
Reference: URL:http://www.securityfocus.com/bid/374
Reference: BUGTRAQ:19970507 Re: SGI Advisory: webdist.cgi
Reference: BUGTRAQ:19970507 Re: SGI Security Advisory 19970501-01-A - Vulnerability in
Reference: CERT:CA-1997-12
Reference: URL:http://www.cert.org/advisories/CA-1997-12.html
Reference: OSVDB:235
Reference: URL:http://www.osvdb.org/235
Reference: SGI:19970501-02-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PX
Reference: XF:http-sgi-webdist(333)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/333

---

Name: CVE-1999-0040

Description:

Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.

Status:Entry
Reference: CERT:CA-97.11.libXt
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0040
Reference: XF:libXt-bo

---

Name: CVE-1999-0041

Description:

Buffer overflow in NLS (Natural Language Service).

Status:Entry
Reference: CERT:CA-97.10.nls
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0041
Reference: XF:nls-bo

---

Name: CVE-1999-0042

Description:

Buffer overflow in University of Washington's implementation of IMAP and POP servers.

Status:Entry
Reference: CERT:CA-97.09.imap_pop
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0042
Reference: NAI:NAI-21
Reference: XF:popimap-bo

---

Name: CVE-1999-0043

Description:

Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.

Status:Entry
Reference: CERT:CA-97.08.innd
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0043
Reference: XF:inn-controlmsg

---

Name: CVE-1999-0044

Description:

fsdump command in IRIX allows local users to obtain root access by modifying sensitive files.

Status:Entry
Reference: SGI:19970301-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970301-01-P
Reference: XF:sgi-fsdump

---

Name: CVE-1999-0045

Description:

List of arbitrary files on Web host via nph-test-cgi script.

Status:Entry
Reference: CERT:CA-97.07.nph-test-cgi_script
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0045
Reference: XF:http-cgi-nph

---

Name: CVE-1999-0046

Description:

Buffer overflow of rlogin program using TERM environmental variable.

Status:Entry
Reference: CERT:CA-97.06.rlogin-term
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0046
Reference: XF:rlogin-termbo

---

Name: CVE-1999-0047

Description:

MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4.

Status:Entry
Reference: BID:685
Reference: URL:http://www.securityfocus.com/bid/685
Reference: CERT:CA-97.05.sendmail
Reference: XF:sendmail-mime-bo2

---

Name: CVE-1999-0048

Description:

Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges.

Status:Entry
Reference: AUSCERT:AA-97.01
Reference: CERT:CA-97.04.talkd
Reference: FREEBSD:FreeBSD-SA-96:21
Reference: SUN:00147
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/147
Reference: XF:netkit-talkd
Reference: XF:talkd-bo

---

Name: CVE-1999-0049

Description:

Csetup under IRIX allows arbitrary file creation or overwriting.

Status:Entry
Reference: CERT:CA-97.03.csetup
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0049
Reference: XF:sgi-csetup

---

Name: CVE-1999-0050

Description:

Buffer overflow in HP-UX newgrp program.

Status:Entry
Reference: AUSCERT:AA-96.16.HP-UX.newgrp.Buffer.Overrun.Vulnerability
Reference: CERT:CA-97.02.hp_newgrp
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0050
Reference: XF:hp-newgrpbo

---

Name: CVE-1999-0051

Description:

Arbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX.

Status:Entry
Reference: AUSCERT:AA-96.03
Reference: CERT:CA-97.01.flex_lm
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0051
Reference: XF:sgi-licensemanager

---

Name: CVE-1999-0052

Description:

IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.

Status:Entry
Reference: FREEBSD:FreeBSD-SA-98:08
Reference: OSVDB:908
Reference: URL:http://www.osvdb.org/908
Reference: XF:freebsd-ip-frag-dos(1389)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1389

---

Name: CVE-1999-0053

Description:

TCP RST denial of service in FreeBSD.

Status:Entry
Reference: FREEBSD:FreeBSD-SA-98:07
Reference: OSVDB:6094
Reference: URL:http://www.osvdb.org/6094

---

Name: CVE-1999-0054

Description:

Sun's ftpd daemon can be subjected to a denial of service.

Status:Entry
Reference: SUN:00171
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/171
Reference: XF:sun-ftpd

---

Name: CVE-1999-0055

Description:

Buffer overflows in Sun libnsl allow root access.

Status:Entry
Reference: AIXAPAR:IX80543
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IX80543&apar=only
Reference: RSI:RSI.0005.05-14-98.SUN.LIBNSL
Reference: SUN:00172
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/172
Reference: XF:sun-libnsl

---

Name: CVE-1999-0056

Description:

Buffer overflow in Sun's ping program can give root access to local users.

Status:Entry
Reference: SUN:00174
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/174
Reference: XF:sun-ping

---

Name: CVE-1999-0057

Description:

Vacation program allows command execution by remote users through a sendmail command.

Status:Entry
Reference: HP:HPSBUX9811-087
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9811-087
Reference: NAI:NAI-19
Reference: XF:vacation

---

Name: CVE-1999-0058

Description:

Buffer overflow in PHP cgi program, php.cgi allows shell access.

Status:Entry
Reference: BID:712
Reference: URL:http://www.securityfocus.com/bid/712
Reference: NAI:NAI-12
Reference: XF:http-cgi-phpbo

---

Name: CVE-1999-0059

Description:

IRIX fam service allows an attacker to obtain a list of all files on the server.

Status:Entry
Reference: BID:353
Reference: URL:http://www.securityfocus.com/bid/353
Reference: NAI:NAI-16
Reference: OSVDB:164
Reference: URL:http://www.osvdb.org/164
Reference: XF:irix-fam(325)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/325

---

Name: CVE-1999-0060

Description:

Attackers can cause a denial of service in Ascend MAX and Pipeline routers with a malformed packet to the discard port, which is used by the Java Configurator tool.

Status:Entry
Reference: ASCEND:http://www.ascend.com/2695.html
Reference: MISC:http://www.ascend.com/2695.html
Reference: NAI:NAI-26
Reference: XF:ascend-config-kill

---

Name: CVE-1999-0062

Description:

The chpass command in OpenBSD allows a local user to gain root access through file descriptor leakage.

Status:Entry
Reference: NAI:NAI-28
Reference: OSVDB:7559
Reference: URL:http://www.osvdb.org/7559
Reference: XF:openbsd-chpass

---

Name: CVE-1999-0063

Description:

Cisco IOS 12.0 and other versions can be crashed by malicious UDP packets to the syslog port.

Status:Entry
Reference: AUSCERT:ESB-98.197
Reference: CISCO:http://www.cisco.com/warp/public/770/iossyslog-pub.shtml
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0063
Reference: XF:cisco-syslog-crash

---

Name: CVE-1999-0064

Description:

Buffer overflow in AIX lquerylv program gives root access to local users.

Status:Entry
Reference: BUGTRAQ:May28,1997
Reference: MISC:https://marc.info/?l=bugtraq&m=87602167418428&w=2
Reference: XF:lquerylv-bo

---

Name: CVE-1999-0065

Description:

Multiple buffer overflows in how dtmail handles attachments allows a remote attacker to execute commands.

Status:Entry
Reference: SUN:00181
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/181
Reference: XF:hp-dtmail

---

Name: CVE-1999-0066

Description:

AnyForm CGI remote execution.

Status:Entry
Reference: BID:719
Reference: URL:http://www.securityfocus.com/bid/719
Reference: BUGTRAQ:19950731 SECURITY HOLE: "AnyForm" CGI
Reference: XF:http-cgi-anyform

---

Name: CVE-1999-0067

Description:

phf CGI program allows remote command execution through shell metacharacters.

Status:Entry
Reference: AUSCERT:AA-96.01
Reference: BID:629
Reference: URL:http://www.securityfocus.com/bid/629
Reference: BUGTRAQ:19960923 PHF Attacks - Fun and games for the whole family
Reference: CERT:CA-1996-06
Reference: URL:http://www.cert.org/advisories/CA-1996-06.html
Reference: OSVDB:136
Reference: URL:http://www.osvdb.org/136
Reference: XF:http-cgi-phf

---

Name: CVE-1999-0068

Description:

CGI PHP mylog script allows an attacker to read any file on the target server.

Status:Entry
Reference: BID:713
Reference: URL:http://www.securityfocus.com/bid/713
Reference: BUGTRAQ:19971019 Vulnerability in PHP Example Logging Scripts
Reference: OSVDB:3396
Reference: URL:http://www.osvdb.org/3396
Reference: XF:http-cgi-php-mylog

---

Name: CVE-1999-0069

Description:

Solaris ufsrestore buffer overflow.

Status:Entry
Reference: OSVDB:8158
Reference: URL:http://www.osvdb.org/8158
Reference: SUN:00169
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/169
Reference: XF:sun-ufsrestore

---

Name: CVE-1999-0070

Description:

test-cgi program allows an attacker to list files on the server.

Status:Entry
Reference: MLIST:[httpd-users] 20200814 [users@httpd] CVE NIST discrepancies
Reference: URL:https://lists.apache.org/thread.html/rc5d27fc1e76dc5650e1a3f1db1de403120f4c2d041cb7352850455c2@%3Cusers.httpd.apache.org%3E
Reference: XF:http-cgi-test

---

Name: CVE-1999-0071

Description:

Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0071
Reference: NAI:NAI-2
Reference: XF:http-apache-cookie

---

Name: CVE-1999-0072

Description:

Buffer overflow in AIX xdat gives root access to local users.

Status:Entry
Reference: ERS:ERS-SVA-E01-1997:004.1
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0072
Reference: XF:ibm-xdat

---

Name: CVE-1999-0073

Description:

Telnet allows a remote client to specify environment variables including LD_LIBRARY_PATH, allowing an attacker to bypass the normal system libraries and gain root access.

Status:Entry
Reference: CERT:CA-95:14.Telnetd_Environment_Vulnerability
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0073
Reference: XF:linkerbug

---

Name: CVE-1999-0074

Description:

Listening TCP ports are sequentially allocated, allowing spoofing attacks.

Status:Entry
Reference: MISC:https://www.cve.org/CVERecord?id=CVE-1999-0074
Reference: XF:seqport

---

Name: CVE-1999-0075

Description:

PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV command after specifying a username and password.

Status:Entry
Reference: BUGTRAQ:19961016 Re: ftpd bug? Was: bin/1805: Bug in ftpd
Reference: OSVDB:5742
Reference: URL:http://www.osvdb.org/5742
Reference: XF:ftp-pasvcore

---

Name: CVE-1999-0077

Description:

Predictable TCP sequence numbers allow spoofing.

Status:Entry
Reference: XF:tcp-seq-predict(139)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/139

---

Name: CVE-1999-0079

Description:

Remote attackers can cause a denial of service in FTP by issuing multiple PASV commands, causing the server to run out of available ports.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0079
Reference: XF:ftp-pasv-dos
Reference: XF:ftp-pasvdos

---

Name: CVE-1999-0080

Description:

Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command.

Status:Entry
Reference: BUGTRAQ:19950531 SECURITY: problem with some wu-ftpd-2.4 binaries (fwd)
Reference: CERT:CA-95:16.wu-ftpd.vul
Reference: MISC:https://archive.nanog.org/mailinglist/mailarchives/old_archive/1995-11/msg00385.html
Reference: XF:ftp-execdotdot

---

Name: CVE-1999-0081

Description:

wu-ftp allows files to be overwritten via the rnfr command.

Status:Entry
Reference: MISC:https://www.cve.org/CVERecord?id=CVE-1999-0081
Reference: XF:ftp-rnfr

---

Name: CVE-1999-0082

Description:

CWD ~root command in ftpd allows root access.

Status:Entry
Reference: FARMERVENEMA:Improving the Security of Your Site by Breaking Into it
Reference: URL:http://www.alw.nih.gov/Security/Docs/admin-guide-to-cracking.101.html
Reference: XF:ftp-cwd

---

Name: CVE-1999-0083

Description:

getcwd() file descriptor leak in FTP.

Status:Entry
Reference: MISC:https://www.cve.org/CVERecord?id=CVE-1999-0083
Reference: XF:cwdleak

---

Name: CVE-1999-0084

Description:

Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0.

Status:Entry
Reference: XF:nfs-mknod(78)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/78

---

Name: CVE-1999-0085

Description:

Buffer overflow in rwhod on AIX and other operating systems allows remote attackers to execute arbitrary code via a UDP packet with a long hostname.

Status:Entry
Reference: BUGTRAQ:19960821 rwhod buffer overflow
Reference: XF:rwhod(119)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/119
Reference: XF:rwhod-vuln(118)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/118

---

Name: CVE-1999-0087

Description:

Denial of service in AIX telnet can freeze a system and prevent users from accessing the server.

Status:Entry
Reference: ERS:ERS-SVA-E01-1998:003.1
Reference: OSVDB:7992
Reference: URL:http://www.osvdb.org/7992
Reference: XF:ibm-telnetdos

---

Name: CVE-1999-0090

Description:

Buffer overflow in AIX rcp command allows local users to obtain root access.

Status:Entry
Reference: ERS:ERS-SVA-E01-1997:005.1
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0090
Reference: XF:ibm-rcp

---

Name: CVE-1999-0091

Description:

Buffer overflow in AIX writesrv command allows local users to obtain root access.

Status:Entry
Reference: ERS:ERS-SVA-E01-1997:005.1
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0091
Reference: XF:ibm-writesrv

---

Name: CVE-1999-0093

Description:

AIX nslookup command allows local users to obtain root access by not dropping privileges correctly.

Status:Entry
Reference: ERS:ERS-SVA-E01-1997:008.1
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0093
Reference: XF:ibm-nslookup

---

Name: CVE-1999-0094

Description:

AIX piodmgrsu command allows local users to gain additional group privileges.

Status:Entry
Reference: ERS:ERS-SVA-E01-1997:007.1
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0094
Reference: XF:ibm-piodmgrsu

---

Name: CVE-1999-0095

Description:

The debug command in Sendmail is enabled, allowing attackers to execute commands as root.

Status:Entry
Reference: BID:1
Reference: URL:http://www.securityfocus.com/bid/1
Reference: CERT:CA-88.01
Reference: CERT:CA-93.14
Reference: FULLDISC:20190611 The Return of the WIZard: RCE in Exim (CVE-2019-10149)
Reference: URL:http://seclists.org/fulldisclosure/2019/Jun/16
Reference: MLIST:[oss-security] 20190605 Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit
Reference: URL:http://www.openwall.com/lists/oss-security/2019/06/05/4
Reference: MLIST:[oss-security] 20190606 Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit
Reference: URL:http://www.openwall.com/lists/oss-security/2019/06/06/1
Reference: OSVDB:195
Reference: URL:http://www.osvdb.org/195
Reference: XF:smtp-debug

---

Name: CVE-1999-0096

Description:

Sendmail decode alias can be used to overwrite sensitive files.

Status:Entry
Reference: CERT:CA-93.16
Reference: CERT:CA-95.05
Reference: CIAC:A-13
Reference: CIAC:A-14
Reference: SUN:00122
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/122&type=0&nav=sec.sba
Reference: XF:smtp-dcod

---

Name: CVE-1999-0097

Description:

The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character).

Status:Entry
Reference: ERS:ERS-SVA-E01-1997:009.1
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0097
Reference: XF:ibm-ftp

---

Name: CVE-1999-0099

Description:

Buffer overflow in syslog utility allows local or remote attackers to gain root privileges.

Status:Entry
Reference: CERT:CA-95.13.syslog.vul
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0099
Reference: XF:smtp-syslog

---

Name: CVE-1999-0100

Description:

Remote access in AIX innd 1.5.1, using control messages.

Status:Entry
Reference: ERS:ERS-SVA-E01-1997:002.1
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0100
Reference: XF:inn-controlmsg

---

Name: CVE-1999-0101

Description:

Buffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names.

Status:Entry
Reference: CIAC:H-13
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-13.shtml
Reference: ERS:ERS-SVA-E01-1996:007.1
Reference: ERS:ERS-SVA-E01-1997:001.1
Reference: NAI:NAI-1
Reference: SUN:00137a
Reference: XF:ghbn-bo

---

Name: CVE-1999-0102

Description:

Buffer overflow in SLmail 3.x allows attackers to execute commands using a large FROM line.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0102
Reference: XF:slmail-fromheader-overflow

---

Name: CVE-1999-0103

Description:

Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm.

Status:Entry
Reference: CERT:CA-96.01.UDP_service_denial
Reference: MISC:https://ics-cert.us-cert.gov/advisories/ICSMA-18-233-01
Reference: XF:chargen
Reference: XF:chargen-patch
Reference: XF:echo

---

Name: CVE-1999-0108

Description:

The printers program in IRIX has a buffer overflow that gives root access to local users.

Status:Entry
Reference: BUGTRAQ:19970527 another day, another buffer overflow....
Reference: URL:http://seclists.org/bugtraq/1997/May/191
Reference: XF:printers-bo

---

Name: CVE-1999-0109

Description:

Buffer overflow in ffbconfig in Solaris 2.5.1.

Status:Entry
Reference: AUSCERT:AA-97.06
Reference: SUN:00140
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/140
Reference: XF:ffbconfig-bo

---

Name: CVE-1999-0111

Description:

RIP v1 is susceptible to spoofing.

Status:Entry
Reference: MISC:https://www.cve.org/CVERecord?id=CVE-1999-0111
Reference: XF:rip

---

Name: CVE-1999-0112

Description:

Buffer overflow in AIX dtterm program for the CDE.

Status:Entry
Reference: BUGTRAQ:19970520 AIX 4.2 dtterm exploit
Reference: XF:dtterm-bo(878)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/878

---

Name: CVE-1999-0113

Description:

Some implementations of rlogin allow root access if given a -froot parameter.

Status:Entry
Reference: BID:458
Reference: URL:http://www.securityfocus.com/bid/458
Reference: BUGTRAQ:19940729 -froot??? (AIX rlogin bug)
Reference: CERT:CA-94.09.bin.login.vulnerability
Reference: CIAC:E-26
Reference: XF:rlogin-froot

---

Name: CVE-1999-0115

Description:

AIX bugfiler program allows local users to gain root access.

Status:Entry
Reference: BID:1800
Reference: URL:http://www.securityfocus.com/bid/1800
Reference: BUGTRAQ:19970909 AIX bugfiler
Reference: XF:ibm-bugfiler

---

Name: CVE-1999-0116

Description:

Denial of service when an attacker sends many SYN packets to create multiple connections without ever sending an ACK to complete the connection, aka SYN flood.

Status:Entry
Reference: CERT:CA-96.21.tcp_syn.flooding
Reference: SGI:19961202-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19961202-01-PX
Reference: SUN:00136
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/136

---

Name: CVE-1999-0117

Description:

AIX passwd allows local users to gain root access.

Status:Entry
Reference: CERT:CA-92:07.AIX.passwd.vulnerability
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0117
Reference: XF:ibm-passwd

---

Name: CVE-1999-0118

Description:

AIX infod allows local users to gain root access through an X display.

Status:Entry
Reference: BUGTRAQ:19981119 RSI.0011.11-09-98.AIX.INFOD
Reference: URL:http://marc.info/?l=bugtraq&m=91158980826979&w=2
Reference: XF:aix-infod

---

Name: CVE-1999-0120

Description:

Sun/Solaris utmp file allows local users to gain root access if it is writable by users other than root.

Status:Entry
Reference: CERT:CA-94.06.utmp.vulnerability
Reference: SUN:00126
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/126
Reference: XF:utmp-write

---

Name: CVE-1999-0122

Description:

Buffer overflow in AIX lchangelv gives root access.

Status:Entry
Reference: BUGTRAQ:Jul21,1999
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0122
Reference: XF:lchangelv-bo

---

Name: CVE-1999-0124

Description:

Vulnerabilities in UMN gopher and gopher+ versions 1.12 and 2.0x allow an intruder to read any files that can be accessed by the gopher daemon.

Status:Entry
Reference: CERT:CA-93:11.UMN.UNIX.gopher.vulnerability
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0124
Reference: XF:gopher-vuln

---

Name: CVE-1999-0125

Description:

Buffer overflow in SGI IRIX mailx program.

Status:Entry
Reference: SGI:19980605-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980605-01-PX
Reference: XF:sgi-mailx-bo

---

Name: CVE-1999-0126

Description:

SGI IRIX buffer overflow in xterm and Xaw allows root access.

Status:Entry
Reference: CERT:VB-98.04.xterm.Xaw
Reference: CIAC:J-010
Reference: URL:http://www.ciac.org/ciac/bulletins/j-010.shtml
Reference: XF:xfree86-xaw
Reference: XF:xfree86-xterm-xaw

---

Name: CVE-1999-0128

Description:

Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.

Status:Entry
Reference: CERT:CA-96.26.ping
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0128
Reference: XF:ping-death

---

Name: CVE-1999-0129

Description:

Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.

Status:Entry
Reference: CERT:CA-96.25.sendmail_groups
Reference: MISC:http://www.cert.org/advisories/CA-1996-25.html

---

Name: CVE-1999-0130

Description:

Local users can start Sendmail in daemon mode and gain root privileges.

Status:Entry
Reference: BID:716
Reference: URL:http://www.securityfocus.com/bid/716
Reference: CERT:CA-96.24.sendmail.daemon.mode
Reference: XF:sendmail-daemon-mode

---

Name: CVE-1999-0131

Description:

Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.

Status:Entry
Reference: BID:717
Reference: URL:http://www.securityfocus.com/bid/717
Reference: CERT:CA-96.20.sendmail_vul
Reference: XF:smtp-875bo

---

Name: CVE-1999-0132

Description:

Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access.

Status:Entry
Reference: CERT:CA-1996-19
Reference: URL:http://www.cert.org/advisories/CA-1996-19.html
Reference: OSVDB:11723
Reference: URL:http://www.osvdb.org/11723
Reference: XF:expreserve(401)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/401

---

Name: CVE-1999-0133

Description:

fm_fls license server for Adobe Framemaker allows local users to overwrite arbitrary files and gain root access.

Status:Entry
Reference: CERT:CA-96.18.fm_fls
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0133
Reference: XF:fmaker-logfile

---

Name: CVE-1999-0134

Description:

vold in Solaris 2.x allows local users to gain root access.

Status:Entry
Reference: AUSCERT:AL-96.04
Reference: CERT:CA-96.17.Solaris_vold_vul
Reference: OSVDB:8159
Reference: URL:http://www.osvdb.org/8159
Reference: XF:sol-voldtmp

---

Name: CVE-1999-0135

Description:

admintool in Solaris allows a local user to write to arbitrary files and gain root access.

Status:Entry
Reference: AUSCERT:AL-96.03
Reference: CERT:CA-96.16.Solaris_admintool_vul
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0135
Reference: XF:sun-admintool

---

Name: CVE-1999-0136

Description:

Kodak Color Management System (KCMS) on Solaris allows a local user to write to arbitrary files and gain root access.

Status:Entry
Reference: AUSCERT:AL-96.02
Reference: CERT:CA-96.15.Solaris_KCMS_vul
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0136
Reference: XF:sol-KCMSvuln

---

Name: CVE-1999-0137

Description:

The dip program on many Linux systems allows local users to gain root access via a buffer overflow.

Status:Entry
Reference: CERT:CA-96.13.dip_vul
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0137
Reference: XF:dip-bo
Reference: XF:linux-dipbo

---

Name: CVE-1999-0138

Description:

The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.

Status:Entry
Reference: CERT:CA-96.12.suidperl_vul
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0138
Reference: XF:sperl-suid

---

Name: CVE-1999-0139

Description:

Buffer overflow in Solaris x86 mkcookie allows local users to obtain root access.

Status:Entry
Reference: OSVDB:8205
Reference: URL:http://www.osvdb.org/8205
Reference: RSI:RSI.0012.12-03-98.SOLARIS.MKCOOKIE
Reference: XF:sol-mkcookie

---

Name: CVE-1999-0141

Description:

Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet.

Status:Entry
Reference: CERT:CA-96.07.java_bytecode_verifier
Reference: SUN:00134
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/134
Reference: XF:http-java-applet

---

Name: CVE-1999-0142

Description:

The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts.

Status:Entry
Reference: CERT:CA-96.05.java_applet_security_mgr
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0142
Reference: XF:http-java-appletsecmgr

---

Name: CVE-1999-0143

Description:

Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys.

Status:Entry
Reference: CERT:CA-96.03.kerberos_4_key_server
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0143
Reference: XF:kerberos-bf

---

Name: CVE-1999-0145

Description:

Sendmail WIZ command enabled, allowing root access.

Status:Entry
Reference: BUGTRAQ:19950206 sendmail wizard thing...
Reference: URL:http://www2.dataguard.no/bugtraq/1995_1/0332.html
Reference: CERT:CA-1990-11
Reference: URL:http://www.cert.org/advisories/CA-1990-11.html
Reference: CERT:CA-1993-14
Reference: URL:http://www.cert.org/advisories/CA-1993-14.html
Reference: FARMERVENEMA:Improving the Security of Your Site by Breaking Into it
Reference: URL:http://www.alw.nih.gov/Security/Docs/admin-guide-to-cracking.101.html
Reference: FULLDISC:20190611 The Return of the WIZard: RCE in Exim (CVE-2019-10149)
Reference: URL:http://seclists.org/fulldisclosure/2019/Jun/16
Reference: MLIST:[oss-security] 20190605 Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit
Reference: URL:http://www.openwall.com/lists/oss-security/2019/06/05/4
Reference: MLIST:[oss-security] 20190606 Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit
Reference: URL:http://www.openwall.com/lists/oss-security/2019/06/06/1

---

Name: CVE-1999-0146

Description:

The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file.

Status:Entry
Reference: BID:1975
Reference: URL:http://www.securityfocus.com/bid/1975
Reference: BUGTRAQ:19970715 Bug CGI campas
Reference: XF:http-cgi-campas(298)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/298

---

Name: CVE-1999-0147

Description:

The aglimpse CGI program of the Glimpse package allows remote execution of arbitrary commands.

Status:Entry
Reference: AUSCERT:AA-97.28
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0147
Reference: XF:http-cgi-glimpse

---

Name: CVE-1999-0148

Description:

The handler CGI program in IRIX allows arbitrary command execution.

Status:Entry
Reference: BID:380
Reference: URL:http://www.securityfocus.com/bid/380
Reference: SGI:19970501-02-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PX
Reference: XF:http-sgi-handler

---

Name: CVE-1999-0149

Description:

The wrap CGI program in IRIX allows remote attackers to view arbitrary directory listings via a .. (dot dot) attack.

Status:Entry
Reference: BID:373
Reference: URL:http://www.securityfocus.com/bid/373
Reference: BUGTRAQ:19970420 IRIX 6.x /cgi-bin/wrap bug
Reference: OSVDB:247
Reference: URL:http://www.osvdb.org/247
Reference: SGI:19970501-02-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970501-02-PX
Reference: XF:http-sgi-wrap(290)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/290

---

Name: CVE-1999-0150

Description:

The Perl fingerd program allows arbitrary command execution from remote users.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0150
Reference: XF:perl-fingerd

---

Name: CVE-1999-0151

Description:

The SATAN session key may be disclosed if the user points the web browser to other sites, possibly allowing root access.

Status:Entry
Reference: CERT:CA-95.06.satan.vul
Reference: CERT:CA-95.07a.REVISED.satan.vul
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0151

---

Name: CVE-1999-0152

Description:

The DG/UX finger daemon allows remote command execution through shell metacharacters.

Status:Entry
Reference: BUGTRAQ:19970811 dgux in.fingerd vulnerability
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0152
Reference: XF:dgux-fingerd

---

Name: CVE-1999-0153

Description:

Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke.

Status:Entry
Reference: OSVDB:1666
Reference: URL:http://www.osvdb.org/1666
Reference: XF:win-oob

---

Name: CVE-1999-0155

Description:

The ghostscript command with the -dSAFER option allows remote attackers to execute commands.

Status:Entry
Reference: CERT:CA-95.10.ghostscript
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0155
Reference: XF:gscript-dsafer

---

Name: CVE-1999-0157

Description:

Cisco PIX firewall and CBAC IP fragmentation attack results in a denial of service.

Status:Entry
Reference: CISCO:http://www.cisco.com/warp/public/770/nifrag.shtml
Reference: OSVDB:1097
Reference: URL:http://www.osvdb.org/1097
Reference: XF:cisco-fragmented-attacks

---

Name: CVE-1999-0158

Description:

Cisco PIX firewall manager (PFM) on Windows NT allows attackers to connect to port 8080 on the PFM server and retrieve any file whose name and location is known.

Status:Entry
Reference: CISCO:20010913 Cisco PIX Firewall Manager File Exposure
Reference: URL:http://www.cisco.com/warp/public/770/pixmgrfile-pub.shtml
Reference: OSVDB:685
Reference: URL:http://www.osvdb.org/685
Reference: XF:cisco-pix-file-exposure

---

Name: CVE-1999-0159

Description:

Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases.

Status:Entry
Reference: CISCO:http://www.cisco.com/warp/public/770/ioslogin-pub.shtml
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0159
Reference: XF:cisco-ios-crash

---

Name: CVE-1999-0160

Description:

Some classic Cisco IOS devices have a vulnerability in the PPP CHAP authentication to establish unauthorized PPP connections.

Status:Entry
Reference: CIAC:I-002A
Reference: CISCO:19971001 Vulnerabilities in Cisco CHAP Authentication
Reference: OSVDB:1099
Reference: URL:http://www.osvdb.org/1099
Reference: XF:cisco-chap

---

Name: CVE-1999-0161

Description:

In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended IP access control list could bypass filtering.

Status:Entry
Reference: CISCO:http://www.cisco.com/warp/public/707/1.html
Reference: OSVDB:797
Reference: URL:http://www.osvdb.org/797
Reference: XF:cisco-acl-tacacs

---

Name: CVE-1999-0162

Description:

The "established" keyword in some Cisco IOS software allowed an attacker to bypass filtering.

Status:Entry
Reference: CISCO:19950601 "Established" Keyword May Allow Packets to Bypass Filter
Reference: MISC:https://www.cve.org/CVERecord?id=CVE-1999-0162
Reference: XF:cisco-acl-established

---

Name: CVE-1999-0164

Description:

A race condition in the Solaris ps command allows an attacker to overwrite critical files.

Status:Entry
Reference: AUSCERT:AA-95.07
Reference: CERT:CA-95.09.Solaris.ps.vul
Reference: OSVDB:8346
Reference: URL:http://www.osvdb.org/8346
Reference: XF:sol-pstmprace

---

Name: CVE-1999-0166

Description:

NFS allows users to use a "cd .." command to access other directories besides the exported file system.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0166
Reference: XF:nfs-cd

---

Name: CVE-1999-0167

Description:

In SunOS, NFS file handles could be guessed, giving unauthorized access to the exported file system.

Status:Entry
Reference: CERT:CA-91.21.SunOS.NFS.Jumbo.and.fsirand
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0167
Reference: XF:nfs-guess

---

Name: CVE-1999-0168

Description:

The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For example, NFS file systems could be mounted through the portmapper despite export restrictions.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0168
Reference: XF:nfs-portmap

---

Name: CVE-1999-0170

Description:

Remote attackers can mount an NFS file system in Ultrix or OSF, even if it is denied on the access list.

Status:Entry
Reference: MISC:https://www.cve.org/CVERecord?id=CVE-1999-0170
Reference: XF:nfs-ultrix

---

Name: CVE-1999-0172

Description:

FormMail CGI program allows remote execution of commands.

Status:Entry
Reference: BUGTRAQ:Aug02,1995
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0172
Reference: XF:http-cgi-formmail-exe

---

Name: CVE-1999-0173

Description:

FormMail CGI program can be used by web servers other than the host server that the program resides on.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0173
Reference: XF:http-cgi-formmail-use

---

Name: CVE-1999-0174

Description:

The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BUGTRAQ:19970208 view-source
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0174
Reference: XF:http-cgi-viewsrc

---

Name: CVE-1999-0175

Description:

The convert.bas program in the Novell web server allows a remote attackers to read any file on the system that is internally accessible by the web server.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0175
Reference: XF:http-nov-convert

---

Name: CVE-1999-0176

Description:

The Webgais program allows a remote user to execute arbitrary commands.

Status:Entry
Reference: BUGTRAQ:Jul10,1997
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0176
Reference: XF:http-webgais-query

---

Name: CVE-1999-0177

Description:

The uploader program in the WebSite web server allows a remote attacker to execute arbitrary programs.

Status:Entry
Reference: BUGTRAQ:19970904 [Alert] Website's uploader.exe (from demo) vulnerable
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0177
Reference: NTBUGTRAQ:19970904 [Alert] Website's uploader.exe (from demo) vulnerable
Reference: NTBUGTRAQ:19970905 Re: FW: [Alert] Website's uploader.exe (from demo) vulnerable
Reference: XF:http-website-uploader

---

Name: CVE-1999-0178

Description:

Buffer overflow in the win-c-sample program (win-c-sample.exe) in the WebSite web server 1.1e allows remote attackers to execute arbitrary code via a long query string.

Status:Entry
Reference: BID:2078
Reference: URL:http://www.securityfocus.com/bid/2078
Reference: BUGTRAQ:19970106 Re: signal handling
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/1997_1/0021.html
Reference: OSVDB:8
Reference: URL:http://www.osvdb.org/8
Reference: XF:http-website-winsample(295)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/295

---

Name: CVE-1999-0179

Description:

Windows NT crashes or locks up when a Samba client executes a "cd .." command on a file share.

Status:Entry
Reference: MSKB:Q140818
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q140818
Reference: XF:nt-35
Reference: XF:nt-351
Reference: XF:nt-samba-dotdot

---

Name: CVE-1999-0180

Description:

in.rshd allows users to login with a NULL username and execute commands.

Status:Entry
Reference: MISC:https://www.cve.org/CVERecord?id=CVE-1999-0180
Reference: XF:rsh-null

---

Name: CVE-1999-0181

Description:

The wall daemon can be used for denial of service, social engineering attacks, or to execute remote commands.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0181
Reference: XF:walld

---

Name: CVE-1999-0182

Description:

Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password.

Status:Entry
Reference: CERT:VB-97.10.samba
Reference: CIAC:H-110
Reference: URL:http://www.ciac.org/ciac/bulletins/h-110.shtml
Reference: XF:nt-samba-bo

---

Name: CVE-1999-0183

Description:

Linux implementations of TFTP would allow access to files outside the restricted directory.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0183
Reference: XF:linux-tftp

---

Name: CVE-1999-0184

Description:

When compiled with the -DALLOW_UPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0184
Reference: XF:dns-updates

---

Name: CVE-1999-0185

Description:

In SunOS or Solaris, a remote user could connect from an FTP server's data port to an rlogin server on a host that trusts the FTP server, allowing remote command execution.

Status:Entry
Reference: SUN:00156
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/156
Reference: XF:sun-ftpd/logind

---

Name: CVE-1999-0188

Description:

The passwd command in Solaris can be subjected to a denial of service.

Status:Entry
Reference: SUN:00182
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/182
Reference: XF:sun-passwd-dos

---

Name: CVE-1999-0189

Description:

Solaris rpcbind listens on a high numbered UDP port, which may not be filtered since the standard port number is 111.

Status:Entry
Reference: NAI:NAI-15
Reference: SUN:00142
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/142
Reference: XF:rpc-32771

---

Name: CVE-1999-0190

Description:

Solaris rpcbind can be exploited to overwrite arbitrary files and gain root access.

Status:Entry
Reference: SUN:00167
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/167
Reference: XF:sun-rpcbind

---

Name: CVE-1999-0191

Description:

IIS newdsn.exe CGI script allows remote users to overwrite files.

Status:Entry
Reference: OSVDB:275
Reference: URL:http://www.osvdb.org/275
Reference: XF:http-cgi-newdsn

---

Name: CVE-1999-0192

Description:

Buffer overflow in telnet daemon tgetent routing allows remote attackers to gain root access via the TERMCAP environmental variable.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0192
Reference: SNI:SNI-20
Reference: XF:bsd-tel-tgetent

---

Name: CVE-1999-0194

Description:

Denial of service in in.comsat allows attackers to generate messages.

Status:Entry
Reference: MISC:https://www.cve.org/CVERecord?id=CVE-1999-0194
Reference: XF:comsat

---

Name: CVE-1999-0196

Description:

websendmail in Webgais 1.0 allows a remote user to access arbitrary files and execute arbitrary code via the receiver parameter ($VAR_receiver variable).

Status:Entry
Reference: BID:2077
Reference: URL:http://www.securityfocus.com/bid/2077
Reference: BUGTRAQ:19970704 Vulnerability in websendmail
Reference: OSVDB:237
Reference: URL:http://www.osvdb.org/237
Reference: XF:http-webgais-smail

---

Name: CVE-1999-0201

Description:

A quote cwd command on FTP servers can reveal the full path of the home directory of the "ftp" user.

Status:Entry
Reference: MISC:https://www.cve.org/CVERecord?id=CVE-1999-0201
Reference: XF:ftp-home

---

Name: CVE-1999-0202

Description:

The GNU tar command, when used in FTP sessions, may allow an attacker to execute arbitrary commands.

Status:Entry
Reference: MISC:https://www.cve.org/CVERecord?id=CVE-1999-0202
Reference: XF:ftp-exectar

---

Name: CVE-1999-0203

Description:

In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program.

Status:Entry
Reference: CERT:CA-95.08
Reference: CIAC:E-03
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0203
Reference: XF:smtp-sendmail-version5

---

Name: CVE-1999-0204

Description:

Sendmail 8.6.9 allows remote attackers to execute root commands, using ident.

Status:Entry
Reference: CIAC:F-13
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0204
Reference: XF:ident-bo

---

Name: CVE-1999-0206

Description:

MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access.

Status:Entry
Reference: AUSCERT:AA-96.06a
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0206
Reference: XF:sendmail-mime-bo

---

Name: CVE-1999-0207

Description:

Remote attacker can execute commands through Majordomo using the Reply-To field and a "lists" command.

Status:Entry
Reference: CERT:CA-94.11.majordomo.vulnerabilities
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0207
Reference: XF:majordomo-exe

---

Name: CVE-1999-0208

Description:

rpc.ypupdated (NIS) allows remote users to execute arbitrary commands.

Status:Entry
Reference: CERT:CA-95.17.rpc.ypupdated.vul
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0208
Reference: XF:rpc-update

---

Name: CVE-1999-0209

Description:

The SunView (SunTools) selection_svc facility allows remote users to read files.

Status:Entry
Reference: BID:8
Reference: URL:http://www.securityfocus.com/bid/8
Reference: CERT:CA-90.05.sunselection.vulnerability
Reference: XF:selsvc

---

Name: CVE-1999-0210

Description:

Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters.

Status:Entry
Reference: BID:235
Reference: URL:http://www.securityfocus.com/bid/235
Reference: BUGTRAQ:19971126 Solaris 2.5.1 automountd exploit (fwd)
Reference: URL:http://marc.info/?l=bugtraq&m=88053459921223&w=2
Reference: BUGTRAQ:19990103 SUN almost has a clue! (automountd)
Reference: URL:http://marc.info/?l=bugtraq&m=91547759121289&w=2
Reference: CERT:CA-99-05
Reference: URL:http://www.cert.org/advisories/CA-99-05-statd-automountd.html
Reference: HP:HPSBUX9910-104
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9910-104

---

Name: CVE-1999-0211

Description:

Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone.

Status:Entry
Reference: BID:24
Reference: URL:http://www.securityfocus.com/bid/24
Reference: CERT:CA-94.02.REVISED.SunOS.rpc.mountd.vulnerability
Reference: MISC:https://vuls.cert.org/confluence/pages/viewpage.action?pageId=96665790
Reference: MISC:https://vuls.cert.org/confluence/pages/viewpage.action?pageId=97124517
Reference: MISC:https://vuls.cert.org/confluence/pages/viewpage.action?pageId=97124527

---

Name: CVE-1999-0212

Description:

Solaris rpc.mountd generates error messages that allow a remote attacker to determine what files are on the server.

Status:Entry
Reference: CIAC:I-048
Reference: URL:http://www.ciac.org/ciac/bulletins/i-048.shtml
Reference: SUN:00168
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/168
Reference: XF:sun-mountd

---

Name: CVE-1999-0214

Description:

Denial of service by sending forged ICMP unreachable packets.

Status:Entry
Reference: MISC:https://www.cve.org/CVERecord?id=CVE-1999-0214
Reference: XF:icmp-unreachable

---

Name: CVE-1999-0215

Description:

Routed allows attackers to append data to files.

Status:Entry
Reference: CIAC:J-012
Reference: URL:http://www.ciac.org/ciac/bulletins/j-012.shtml
Reference: SGI:19981004-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981004-01-PX
Reference: XF:ripapp

---

Name: CVE-1999-0217

Description:

Malicious option settings in UDP packets could force a reboot in SunOS 4.1.3 systems.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0217
Reference: XF:udp-bomb

---

Name: CVE-1999-0218

Description:

Livingston portmaster machines could be rebooted via a series of commands.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0218
Reference: XF:portmaster-reboot

---

Name: CVE-1999-0219

Description:

Buffer overflow in FTP Serv-U 2.5 allows remote authenticated users to cause a denial of service (crash) via a long (1) CWD or (2) LS (list) command.

Status:Entry
Reference: BID:269
Reference: URL:http://www.securityfocus.com/bid/269
Reference: BUGTRAQ:19990909 Exploit: Serv-U Ver2.5 FTPd Win9x/NT
Reference: NTBUGTRAQ:19990503 Buffer overflows in FTP Serv-U 2.5
Reference: URL:http://marc.info/?l=ntbugtraq&m=92574916930144&w=2
Reference: NTBUGTRAQ:19990504 Re: Buffer overflows in FTP Serv-U 2.5
Reference: URL:http://marc.info/?l=ntbugtraq&m=92582581330282&w=2
Reference: XF:ftp-servu(205)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/205

---

Name: CVE-1999-0221

Description:

Denial of service of Ascend routers through port 150 (remote administration).

Status:Entry
Reference: MISC:https://www.cve.org/CVERecord?id=CVE-1999-0221
Reference: XF:ascend-150-kill

---

Name: CVE-1999-0223

Description:

Solaris syslogd crashes when receiving a message from a host that doesn't have an inverse DNS entry.

Status:Entry
Reference: BID:1878
Reference: URL:http://www.securityfocus.com/bid/1878
Reference: BUGTRAQ:19961109 Syslogd and Solaris 2.4
Reference: CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?patchid=103291&collection=fpatches
Reference: SUNBUG:1249320
Reference: XF:sol-syslogd-crash

---

Name: CVE-1999-0224

Description:

Denial of service in Windows NT messenger service through a long username.

Status:Entry
Reference: MISC:https://www.cve.org/CVERecord?id=CVE-1999-0224
Reference: XF:nt-messenger

---

Name: CVE-1999-0225

Description:

Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed SMB logon request in which the actual data size does not match the specified size.

Status:Entry
Reference: MSKB:Q180963
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=180963
Reference: NAI:19980214 Windows NT Logon Denial of Service
Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/25_windows_nt_dos_adv.asp
Reference: XF:nt-logondos

---

Name: CVE-1999-0227

Description:

Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service.

Status:Entry
Reference: MSKB:Q154087
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q154087
Reference: XF:nt-lsass-crash

---

Name: CVE-1999-0228

Description:

Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT.

Status:Entry
Reference: MSKB:Q162567
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q162567
Reference: XF:nt-rpc-ver

---

Name: CVE-1999-0230

Description:

Buffer overflow in Cisco 7xx routers through the telnet service.

Status:Entry
Reference: CISCO:http://www.cisco.com/warp/public/770/pwbuf-pub.shtml
Reference: OSVDB:1102
Reference: URL:http://www.osvdb.org/1102

---

Name: CVE-1999-0233

Description:

IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files.

Status:Entry
Reference: MSKB:Q148188
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q148188
Reference: MSKB:Q155056
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q155056
Reference: XF:http-iis-cmd

---

Name: CVE-1999-0234

Description:

Bash treats any character with a value of 255 as a command separator.

Status:Entry
Reference: CERT:CA-96.22.bash_vuls
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0234
Reference: XF:bash-cmd

---

Name: CVE-1999-0236

Description:

ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0236
Reference: XF:http-scriptalias

---

Name: CVE-1999-0237

Description:

Remote execution of arbitrary commands through Guestbook CGI program.

Status:Entry
Reference: CERT:VB-97.02
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0237
Reference: XF:http-cgi-guestbook

---

Name: CVE-1999-0239

Description:

Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET.

Status:Entry
Reference: OSVDB:122
Reference: URL:http://www.osvdb.org/122
Reference: XF:fastrack-get-directory-list

---

Name: CVE-1999-0244

Description:

Livingston RADIUS code has a buffer overflow which can allow remote execution of commands as root.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0244
Reference: NAI:NAI-23
Reference: XF:radius-accounting-overflow

---

Name: CVE-1999-0245

Description:

Some configurations of NIS+ in Linux allowed attackers to log in as the user "+".

Status:Entry
Reference: BUGTRAQ:19950907 Linux NIS security problem hole and fix
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0245
Reference: XF:linux-plus

---

Name: CVE-1999-0247

Description:

Buffer overflow in nnrpd program in INN up to version 1.6 allows remote users to execute arbitrary commands.

Status:Entry
Reference: BID:1443
Reference: URL:http://www.securityfocus.com/bid/1443
Reference: NAI:19970721 INN news server vulnerabilities
Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/17_inn_avd.asp
Reference: XF:inn-bo

---

Name: CVE-1999-0248

Description:

A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials.

Status:Entry
Reference: CONFIRM:http://www.uni-karlsruhe.de/~ig25/ssh-faq/ssh-faq-6.html#ss6.1
Reference: MISC:http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html

---

Name: CVE-1999-0251

Description:

Denial of service in talk program allows remote attackers to disrupt a user's display.

Status:Entry
Reference: MISC:https://www.cve.org/CVERecord?id=CVE-1999-0251
Reference: XF:talkd-flash

---

Name: CVE-1999-0252

Description:

Buffer overflow in listserv allows arbitrary command execution.

Status:Entry
Reference: MISC:https://www.cve.org/CVERecord?id=CVE-1999-0252
Reference: XF:smtp-listserv

---

Name: CVE-1999-0256

Description:

Buffer overflow in War FTP allows remote execution of commands.

Status:Entry
Reference: OSVDB:875
Reference: URL:http://www.osvdb.org/875
Reference: XF:war-ftpd

---

Name: CVE-1999-0259

Description:

cfingerd lists all users on a system via search.**@target.

Status:Entry
Reference: BUGTRAQ:19970523 cfingerd vulnerability
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0259
Reference: XF:cfinger-user-enumeration

---

Name: CVE-1999-0260

Description:

The jj CGI program allows command execution via shell metacharacters.

Status:Entry
Reference: BUGTRAQ:19961224 jj cgi
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0260
Reference: XF:http-cgi-jj

---

Name: CVE-1999-0262

Description:

Hylafax faxsurvey CGI script on Linux allows remote attackers to execute arbitrary commands via shell metacharacters in the query string.

Status:Entry
Reference: BID:2056
Reference: URL:http://www.securityfocus.com/bid/2056
Reference: BUGTRAQ:19980804 PATCH: faxsurvey
Reference: BUGTRAQ:19980804 remote exploit in faxsurvey cgi-script
Reference: XF:http-cgi-faxsurvey(1532)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1532

---

Name: CVE-1999-0263

Description:

Solaris SUNWadmap can be exploited to obtain root access.

Status:Entry
Reference: SUN:00173
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/173
Reference: XF:sun-sunwadmap

---

Name: CVE-1999-0264

Description:

htmlscript CGI program allows remote read access to files.

Status:Entry
Reference: BUGTRAQ:Jan27,1998
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0264
Reference: XF:http-htmlscript-file-access

---

Name: CVE-1999-0265

Description:

ICMP redirect messages may crash or lock up a host.

Status:Entry
Reference: ISS:ICMP Redirects Against Embedded Controllers
Reference: MSKB:Q154174
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q154174
Reference: XF:icmp-redirect

---

Name: CVE-1999-0266

Description:

The info2www CGI script allows remote file access or remote command execution.

Status:Entry
Reference: BID:1995
Reference: URL:http://www.securityfocus.com/bid/1995
Reference: BUGTRAQ:19980303 Vulnerabilites in some versions of info2www CGI
Reference: XF:http-cgi-info2www

---

Name: CVE-1999-0267

Description:

Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution.

Status:Entry
Reference: CERT:CA-95.04.NCSA.http.daemon.for.unix.vulnerability
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0267
Reference: XF:http-port

---

Name: CVE-1999-0268

Description:

MetaInfo MetaWeb web server allows users to upload, execute, and read scripts.

Status:Entry
Reference: BUGTRAQ:19980630 Security vulnerabilities in MetaInfo products
Reference: BUGTRAQ:19980703 Followup to MetaInfo vulnerabilities
Reference: OSVDB:110
Reference: URL:http://www.osvdb.org/110
Reference: OSVDB:3969
Reference: URL:http://www.osvdb.org/3969
Reference: XF:metaweb-server-dot-attack

---

Name: CVE-1999-0269

Description:

Netscape Enterprise servers may list files through the PageServices query.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0269
Reference: XF:netscape-server-pageservices

---

Name: CVE-1999-0270

Description:

Directory traversal vulnerability in pfdispaly.cgi program (sometimes referred to as "pfdisplay") for SGI's Performer API Search Tool (performer_tools) allows remote attackers to read arbitrary files.

Status:Entry
Reference: BID:64
Reference: URL:http://www.securityfocus.com/bid/64
Reference: BUGTRAQ:19980317 IRIX performer_tools bug
Reference: CIAC:I-041
Reference: URL:http://www.ciac.org/ciac/bulletins/i-041.shtml
Reference: OSVDB:134
Reference: URL:http://www.osvdb.org/134
Reference: SGI:19980401-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980401-01-P
Reference: XF:sgi-pfdispaly(810)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/810

---

Name: CVE-1999-0272

Description:

Denial of service in Slmail v2.5 through the POP3 port.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0272
Reference: XF:slmail-username-bo

---

Name: CVE-1999-0273

Description:

Denial of service through Solaris 2.5.1 telnet by sending ^D characters.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0273
Reference: XF:sun-telnet-kill

---

Name: CVE-1999-0274

Description:

Denial of service in Windows NT DNS servers through malicious packet which contains a response to a query that wasn't made.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0274
Reference: NAI:NAI-5
Reference: XF:nt-dns-dos

---

Name: CVE-1999-0275

Description:

Denial of service in Windows NT DNS servers by flooding port 53 with too many characters.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0275
Reference: MS:Q169461
Reference: XF:nt-dnscrash
Reference: XF:nt-dnsver

---

Name: CVE-1999-0276

Description:

mSQL v2.0.1 and below allows remote execution through a buffer overflow.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0276
Reference: SEKURE:sekure.01-99.msql
Reference: XF:msql-debug-bo

---

Name: CVE-1999-0277

Description:

The WorkMan program can be used to overwrite any file to get root access.

Status:Entry
Reference: CERT:CA-96.23.workman_vul
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0277
Reference: XF:workman

---

Name: CVE-1999-0278

Description:

In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL.

Status:Entry
Reference: MS:MS98-003
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-003
Reference: OVAL:oval:org.mitre.oval:def:913
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A913
Reference: XF:iis-asp-data-check

---

Name: CVE-1999-0279

Description:

Excite for Web Servers (EWS) allows remote command execution via shell metacharacters.

Status:Entry
Reference: BUGTRAQ:19971217 CGI security hole in EWS (Excite for Web Servers)
Reference: BUGTRAQ:19980115 Excite announcement
Reference: CERT:VB-98.01.excite
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0279
Reference: XF:excite-cgi-search-vuln

---

Name: CVE-1999-0280

Description:

Remote command execution in Microsoft Internet Explorer using .lnk and .url files.

Status:Entry
Reference: CIAC:H-38
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0280
Reference: NTBUGTRAQ:19970317 Internet Explorer Bug #4
Reference: XF:http-ie-lnkurl

---

Name: CVE-1999-0281

Description:

Denial of service in IIS using long URLs.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0281
Reference: XF:http-iis-longurl

---

Name: CVE-1999-0288

Description:

The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets.

Status:Entry
Reference: BUGTRAQ:19970801 WINS flooding
Reference: BUGTRAQ:19970815 Re: WINS flooding
Reference: MISC:http://safenetworks.com/Windows/wins.html
Reference: MSKB:155701
Reference: NTBUGTRAQ:19970801 WINS flooding
Reference: XF:nt-winsupd-fix(1233)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1233

---

Name: CVE-1999-0289

Description:

The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.

Status:Entry
Reference: MISC:https://www.cve.org/CVERecord?id=CVE-1999-0289

---

Name: CVE-1999-0290

Description:

The WinGate telnet proxy allows remote attackers to cause a denial of service via a large number of connections to localhost.

Status:Entry
Reference: BUGTRAQ:19980221 WinGate DoS
Reference: BUGTRAQ:19980326 WinGate Intermediary Fix/Update
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0290
Reference: XF:wingate-dos

---

Name: CVE-1999-0291

Description:

The WinGate proxy is installed without a password, which allows remote attackers to redirect connections without authentication.

Status:Entry
Reference: MISC:https://www.cve.org/CVERecord?id=CVE-1999-0291
Reference: XF:wingate-unpassworded

---

Name: CVE-1999-0292

Description:

Denial of service through Winpopup using large user names.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0292
Reference: XF:nt-winpopup

---

Name: CVE-1999-0293

Description:

AAA authentication on Cisco systems allows attackers to execute commands without authorization.

Status:Entry
Reference: CISCO:http://www.cisco.com/warp/public/770/aaapair-pub.shtml
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0293
Reference: XF:cisco-ios-aaa-auth

---

Name: CVE-1999-0294

Description:

All records in a WINS database can be deleted through SNMP for a denial of service.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0294
Reference: XF:nt-wins-snmp2

---

Name: CVE-1999-0295

Description:

Solaris sysdef command allows local users to read kernel memory, potentially leading to root privileges.

Status:Entry
Reference: SUN:00157
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/157
Reference: XF:sun-sysdef

---

Name: CVE-1999-0296

Description:

Solaris volrmmount program allows attackers to read any file.

Status:Entry
Reference: SUN:00162
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/162
Reference: XF:sun-volrmmount

---

Name: CVE-1999-0297

Description:

Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable.

Status:Entry
Reference: AUSCERT:AA-96.21
Reference: CIAC:H-17
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0297
Reference: NAI:NAI-3
Reference: XF:vixie-cron

---

Name: CVE-1999-0299

Description:

Buffer overflow in FreeBSD lpd through long DNS hostnames.

Status:Entry
Reference: NAI:NAI-9
Reference: OSVDB:6093
Reference: URL:http://www.osvdb.org/6093

---

Name: CVE-1999-0300

Description:

nis_cachemgr for Solaris NIS+ allows attackers to add malicious NIS+ servers.

Status:Entry
Reference: SUN:00155
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/155
Reference: XF:sun-niscache

---

Name: CVE-1999-0301

Description:

Buffer overflow in SunOS/Solaris ps command.

Status:Entry
Reference: AUSCERT:AUSCERT-97.17
Reference: SUN:00149
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/149
Reference: XF:sun-ps2bo

---

Name: CVE-1999-0302

Description:

SunOS/Solaris FTP clients can be forced to execute arbitrary commands from a malicious FTP server.

Status:Entry
Reference: SUN:00176
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/176
Reference: XF:sun-ftp-server

---

Name: CVE-1999-0303

Description:

Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0303
Reference: RSI:RSI.0002.05-18-98.BNU.UUCPD
Reference: XF:bnu-uucpd-bo

---

Name: CVE-1999-0304

Description:

mmap function in BSD allows local attackers in the kmem group to modify memory through devices.

Status:Entry
Reference: FREEBSD:FreeBSD-SA-98:02
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0304
Reference: XF:bsd-mmap

---

Name: CVE-1999-0305

Description:

The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and earlier, does not properly restrict source routed packets even when the (1) dosourceroute or (2) forwarding variables are set, which allows remote attackers to spoof TCP connections.

Status:Entry
Reference: MISC:http://www.openbsd.org/advisories/sourceroute.txt
Reference: OPENBSD:Feb15,1998 "IP Source Routing Problem"
Reference: OSVDB:11502
Reference: URL:http://www.osvdb.org/11502
Reference: XF:bsd-sourceroute(736)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/736

---

Name: CVE-1999-0308

Description:

HP-UX gwind program allows users to modify arbitrary files.

Status:Entry
Reference: CIAC:H-03: HP-UX suid Vulnerabilities
Reference: HP:HPSBUX9410-018
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9410-018
Reference: XF:hpux-gwind-overwrite

---

Name: CVE-1999-0309

Description:

HP-UX vgdisplay program gives root access to local users.

Status:Entry
Reference: CIAC:H-27: HP-UX vgdisplay Buffer Overrun Vulnerability
Reference: HP:HPSBUX9702-056
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9702-056
Reference: XF:hpux-vgdisplay

---

Name: CVE-1999-0310

Description:

SSH 1.2.25 on HP-UX allows access to new user accounts.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0310
Reference: XF:ssh-1225

---

Name: CVE-1999-0311

Description:

fpkg2swpk in HP-UX allows local users to gain root access.

Status:Entry
Reference: HP:HPSBUX9612-042
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9612-042
Reference: XF:hpux-fpkg2swpk

---

Name: CVE-1999-0312

Description:

HP ypbind allows attackers with root privileges to modify NIS data.

Status:Entry
Reference: CERT:CA-93:01.REVISED.HP.NIS.ypbind.vulnerability
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0312
Reference: XF:nis-ypbind

---

Name: CVE-1999-0313

Description:

disk_bandwidth on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames.

Status:Entry
Reference: BID:214
Reference: URL:http://www.securityfocus.com/bid/214
Reference: MISC:http://www.securityfocus.com/bid/213/exploit
Reference: OSVDB:936
Reference: URL:http://www.osvdb.org/936
Reference: SGI:19980701-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980701-01-P
Reference: XF:sgi-disk-bandwidth(1441)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1441

---

Name: CVE-1999-0314

Description:

ioconfig on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames.

Status:Entry
Reference: BID:213
Reference: URL:http://www.securityfocus.com/bid/213
Reference: MISC:http://www.securityfocus.com/bid/213/exploit
Reference: OSVDB:6788
Reference: URL:http://www.osvdb.org/6788
Reference: SGI:19980701-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980701-01-P
Reference: XF:sgi-ioconfig(1199)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1199

---

Name: CVE-1999-0315

Description:

Buffer overflow in Solaris fdformat command gives root access to local users.

Status:Entry
Reference: SUN:00138
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/138
Reference: XF:fdformat-bo

---

Name: CVE-1999-0316

Description:

Buffer overflow in Linux splitvt command gives root access to local users.

Status:Entry
Reference: CIAC:G-08
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0316
Reference: XF:linux-splitvt

---

Name: CVE-1999-0318

Description:

Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable.

Status:Entry
Reference: BUGTRAQ:19961125 Security Problems in XMCD
Reference: BUGTRAQ:19961125 XMCD v2.1 released (was: Security Problems in XMCD)
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0318
Reference: XF:xmcd-envbo

---

Name: CVE-1999-0320

Description:

SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files.

Status:Entry
Reference: SUN:00166
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/166
Reference: XF:sun-rpc.cmsd

---

Name: CVE-1999-0321

Description:

Buffer overflow in Solaris kcms_configure command allows local users to gain root access.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0321
Reference: XF:sun-kcms-configure-bo

---

Name: CVE-1999-0322

Description:

The open() function in FreeBSD allows local attackers to write to arbitrary files.

Status:Entry
Reference: FREEBSD:FreeBSD-SA-97:05
Reference: OSVDB:6092
Reference: URL:http://www.osvdb.org/6092
Reference: XF:freebsd-open

---

Name: CVE-1999-0323

Description:

FreeBSD mmap function allows users to modify append-only or immutable files.

Status:Entry
Reference: FREEBSD:FreeBSD-SA-98:04
Reference: NETBSD:1998-003
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1998-003.txt.asc
Reference: XF:bsd-mmap

---

Name: CVE-1999-0324

Description:

ppl program in HP-UX allows local users to create root files through symlinks.

Status:Entry
Reference: CIAC:H-31
Reference: HP:HPSBUX9702-053
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9702-053
Reference: XF:hp-ppllog

---

Name: CVE-1999-0325

Description:

vhe_u_mnt program in HP-UX allows local users to create root files through symlinks.

Status:Entry
Reference: HP:HPSBUX9406-013
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9406-013
Reference: XF:hp-vhe

---

Name: CVE-1999-0326

Description:

Vulnerability in HP-UX mediainit program.

Status:Entry
Reference: HP:HPSBUX9710-071
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9710-071
Reference: XF:hp-mediainit

---

Name: CVE-1999-0327

Description:

SGI syserr program allows local users to corrupt files.

Status:Entry
Reference: SGI:19971103-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19971103-01-PX
Reference: XF:sgi-syserr

---

Name: CVE-1999-0328

Description:

SGI permissions program allows local users to gain root privileges.

Status:Entry
Reference: SGI:19971103-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19971103-01-PX
Reference: XF:sgi-permtool

---

Name: CVE-1999-0329

Description:

SGI mediad program allows local users to gain root access.

Status:Entry
Reference: SGI:19980602-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980602-01-PX
Reference: XF:sgi-mediad

---

Name: CVE-1999-0332

Description:

Buffer overflow in NetMeeting allows denial of service and remote command execution.

Status:Entry
Reference: MSKB:Q184346
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q184346
Reference: XF:nt-netmeeting

---

Name: CVE-1999-0334

Description:

In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local user with physical access to obtain root access.

Status:Entry
Reference: CERT:CA-93.19.Solaris.Startup.vulnerability
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0334
Reference: XF:sol-startup

---

Name: CVE-1999-0335

Description:

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-0032. Reason: This candidate is a duplicate of CVE-1999-0032. Notes: All CVE users should reference CVE-1999-0032 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Status:Entry

---

Name: CVE-1999-0337

Description:

AIX batch queue (bsh) allows local and remote users to gain additional privileges when network printing is enabled.

Status:Entry
Reference: CERT:CA-94.10.IBM.AIX.bsh.vulnerability.html
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0337
Reference: XF:ibm-bsh

---

Name: CVE-1999-0338

Description:

AIX Licensed Program Product performance tools allow local users to gain root access.

Status:Entry
Reference: CERT:CA-94.03.AIX.performance.tools
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0338
Reference: XF:ibm-perf-tools

---

Name: CVE-1999-0339

Description:

Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0339
Reference: RSI:RSI.0007.05-26-98
Reference: XF:sol-sun-libauth

---

Name: CVE-1999-0340

Description:

Buffer overflow in Linux Slackware crond program allows local users to gain root access.

Status:Entry
Reference: KSRT:005
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0340
Reference: XF:linux-crond

---

Name: CVE-1999-0341

Description:

Buffer overflow in the Linux mail program "deliver" allows local users to gain root access.

Status:Entry
Reference: KSRT:006
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0341
Reference: XF:linux-deliver

---

Name: CVE-1999-0342

Description:

Linux PAM modules allow local users to gain root access using temporary files.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0342
Reference: REDHAT:http://www.redhat.com/corp/support/errata/rh42-errata-general.html#pam
Reference: XF:linux-pam-passwd-tmprace

---

Name: CVE-1999-0343

Description:

A malicious Palace server can force a client to execute arbitrary programs.

Status:Entry
Reference: BUGTRAQ:19981002 Announcements from The Palace (fwd)
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0343
Reference: XF:palace-malicious-servers-vuln

---

Name: CVE-1999-0344

Description:

NT users can gain debug-level access on a system process using the Sechole exploit.

Status:Entry
Reference: MS:MS98-009
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-009
Reference: MSKB:Q190288
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q190288
Reference: XF:nt-priv-fix

---

Name: CVE-1999-0346

Description:

CGI PHP mlog script allows an attacker to read any file on the target server.

Status:Entry
Reference: BID:713
Reference: URL:http://www.securityfocus.com/bid/713
Reference: BUGTRAQ:19971019 Vulnerability in PHP Example Logging Scripts
Reference: OSVDB:3397
Reference: URL:http://www.osvdb.org/3397
Reference: XF:http-cgi-php-mlog

---

Name: CVE-1999-0348

Description:

IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory.

Status:Entry
Reference: MSKB:Q197003
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q197003
Reference: NTBUGTRAQ:Jan27,1999
Reference: OSVDB:930
Reference: URL:http://www.osvdb.org/930

---

Name: CVE-1999-0349

Description:

A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands.

Status:Entry
Reference: BUGTRAQ:Jan27,1999
Reference: EEYE:IIS Remote FTP Exploit/DoS Attack
Reference: URL:http://www.eeye.com/html/Research/Advisories/IIS%20Remote%20FTP%20Exploit/DoS%20Attack.html
Reference: MS:MS99-003
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-003
Reference: MSKB:Q188348
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q188348
Reference: XF:iis-remote-ftp

---

Name: CVE-1999-0350

Description:

Race condition in the db_loader program in ClearCase gives local users root access by setting SUID bits.

Status:Entry
Reference: L0PHT:Feb8,1999
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0350
Reference: XF:clearcase-temp-race

---

Name: CVE-1999-0351

Description:

FTP PASV "Pizza Thief" denial of service and unauthorized data access. Attackers can steal data by connecting to a port that was intended for use by a client.

Status:Entry
Reference: INFOWAR:01
Reference: MISC:http://attrition.org/security/advisory/misc/infowar/iw_sec_01.txt
Reference: XF:pasv-pizza-thief-dos(3389)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3389

---

Name: CVE-1999-0353

Description:

rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory.

Status:Entry
Reference: CIAC:J-026
Reference: URL:http://www.ciac.org/ciac/bulletins/j-026.shtml
Reference: HP:HPSBUX9902-091
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9902-091
Reference: XF:pcnfsd-world-write

---

Name: CVE-1999-0355

Description:

Local or remote users can force ControlIT 4.5 to reboot or force a user to log out, resulting in a denial of service.

Status:Entry
Reference: ISS:Multiple vulnerabilities in ControlIT(tm) (formerly Remotely Possible/32) enterprise management software
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0355
Reference: XF:controlit-reboot

---

Name: CVE-1999-0357

Description:

Windows 98 and other operating systems allows remote attackers to cause a denial of service via crafted "oshare" packets, possibly involving invalid fragmentation offsets.

Status:Entry
Reference: BUGTRAQ:19990125 Win98 crash?
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0357
Reference: XF:win98-oshare-dos

---

Name: CVE-1999-0358

Description:

Digital Unix 4.0 has a buffer overflow in the inc program of the mh package.

Status:Entry
Reference: BUGTRAQ:19990125 Digital Unix 4.0 exploitable buffer overflows
Reference: URL:http://www.securityfocus.com/archive/1/12121
Reference: CIAC:J-027
Reference: URL:http://www.ciac.org/ciac/bulletins/j-027.shtml
Reference: COMPAQ:SSRT0583U
Reference: XF:du-inc

---

Name: CVE-1999-0362

Description:

WS_FTP server remote denial of service through cwd command.

Status:Entry
Reference: BID:217
Reference: URL:http://www.securityfocus.com/bid/217
Reference: EEYE:AD02021999
Reference: URL:http://www.eeye.com/html/Research/Advisories/AD02021999.html
Reference: XF:wsftp-remote-dos

---

Name: CVE-1999-0363

Description:

SuSE 5.2 PLP lpc program has a buffer overflow that leads to root compromise.

Status:Entry
Reference: BID:328
Reference: URL:http://www.securityfocus.com/bid/328
Reference: BUGTRAQ:Feb02,1999
Reference: XF:plp-lpc-bo

---

Name: CVE-1999-0365

Description:

The metamail package allows remote command execution using shell metacharacters that are not quoted in a mailcap entry.

Status:Entry
Reference: BUGTRAQ:Feb04,1999
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0365
Reference: XF:metamail-header-commands

---

Name: CVE-1999-0366

Description:

In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value.

Status:Entry
Reference: MS:MS99-004
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-004
Reference: MSKB:Q214840
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q214840
Reference: XF:nt-sp4-auth-error

---

Name: CVE-1999-0367

Description:

NetBSD netstat command allows local users to access kernel memory.

Status:Entry
Reference: NETBSD:1999-002
Reference: OSVDB:7571
Reference: URL:http://www.osvdb.org/7571

---

Name: CVE-1999-0368

Description:

Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.

Status:Entry
Reference: CERT:CA-99.03
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0368
Reference: NETECT:palmetto.ftpd
Reference: XF:palmetto-ftpd-bo

---

Name: CVE-1999-0369

Description:

The Sun sdtcm_convert calendar utility for OpenWindows has a buffer overflow which can gain root access.

Status:Entry
Reference: SUN:00183
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/183
Reference: XF:sun-sdtcm-convert-bo

---

Name: CVE-1999-0371

Description:

Lynx allows a local user to overwrite sensitive files through /tmp symlinks.

Status:Entry
Reference: BUGTRAQ:19990211 Lynx /tmp problem
Reference: CERT:VB-97.05.lynx
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0371
Reference: XF:lynx-temp-files-race

---

Name: CVE-1999-0372

Description:

The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted.

Status:Entry
Reference: MS:MS99-005
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-005
Reference: MSKB:Q217004
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q217004
Reference: XF:nt-backoffice-setup

---

Name: CVE-1999-0373

Description:

Buffer overflow in the "Super" utility in Debian GNU/Linux, and other operating systems, allows local users to execute commands as root.

Status:Entry
Reference: ISS:Buffer Overflow in "Super" package in Debian Linux
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0373
Reference: XF:linux-super-bo
Reference: XF:linux-super-logging-bo

---

Name: CVE-1999-0374

Description:

Debian GNU/Linux cfengine package is susceptible to a symlink attack.

Status:Entry
Reference: BUGTRAQ:Feb16,1999
Reference: DEBIAN:19990215
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0374
Reference: XF:linux-cfengine-symlinks

---

Name: CVE-1999-0375

Description:

Buffer overflow in webd in Network Flight Recorder (NFR) 2.0.2-Research allows remote attackers to execute commands.

Status:Entry
Reference: BUGTRAQ:Feb16,1999
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0375
Reference: NAI:February 16, 1999
Reference: XF:nfr-webd-overflow

---

Name: CVE-1999-0376

Description:

Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs.

Status:Entry
Reference: BUGTRAQ:Feb20,1999
Reference: L0PHT:Feb18,1999
Reference: MS:MS99-006
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-006
Reference: XF:nt-knowndlls-list

---

Name: CVE-1999-0377

Description:

Process table attack in Unix systems allows a remote attacker to perform a denial of service by filling a machine's process tables through multiple connections to network services.

Status:Entry
Reference: BUGTRAQ:Feb22,1999
Reference: SECTRACK:1033881
Reference: URL:http://www.securitytracker.com/id/1033881

---

Name: CVE-1999-0378

Description:

InterScan VirusWall for Solaris doesn't scan files for viruses when a single HTTP request includes two GET commands.

Status:Entry
Reference: BUGTRAQ:19990222 BlackHats Advisory -- InterScan VirusWall
Reference: BUGTRAQ:19990225 Patch for InterScan VirusWall for Unix now available
Reference: OSVDB:6167
Reference: URL:http://www.osvdb.org/6167
Reference: XF:viruswall-http-request

---

Name: CVE-1999-0379

Description:

Microsoft Taskpads allows remote web sites to execute commands on the visiting user's machine via certain methods that are marked as Safe for Scripting.

Status:Entry
Reference: BID:498
Reference: URL:http://www.securityfocus.com/bid/498
Reference: BUGTRAQ:19990223 Microsoft Security Bulletin (MS99-007)
Reference: MS:MS99-007
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-007
Reference: OSVDB:1019
Reference: URL:http://www.osvdb.org/1019
Reference: XF:win-resourcekit-taskpads

---

Name: CVE-1999-0380

Description:

SLMail 3.1 and 3.2 allows local users to access any file in the NTFS file system when the Remote Administration Service (RAS) is enabled by setting a user's Finger File to point to the target file, then running finger on the user.

Status:Entry
Reference: BID:497
Reference: URL:http://www.securityfocus.com/bid/497
Reference: BUGTRAQ:19990225 ALERT: SLMail 3.2 (and 3.1) with the Remote Administration Service
Reference: URL:http://marc.info/?l=bugtraq&m=91996412724720&w=2
Reference: NTBUGTRAQ:199902225 ALERT: SLMail 3.2 (and 3.1) with the Remote Administration Service
Reference: URL:http://marc.info/?l=ntbugtraq&m=91999015212415&w=2
Reference: NTBUGTRAQ:SLmail 3.2 Build 3113 (Web Administration Security Fix)
Reference: URL:http://marc.info/?l=ntbugtraq&m=92110501504997&w=2
Reference: XF:slmail-ras-ntfs-bypass(5392)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5392

---

Name: CVE-1999-0382

Description:

The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges.

Status:Entry
Reference: MS:MS99-008
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-008
Reference: XF:nt-screen-saver

---

Name: CVE-1999-0383

Description:

ACC Tigris allows public access without a login.

Status:Entry
Reference: BID:183
Reference: URL:http://www.securityfocus.com/bid/183
Reference: BUGTRAQ:19990103 Tigris vulnerability
Reference: OSVDB:267
Reference: URL:http://www.osvdb.org/267
Reference: XF:acc-tigris-login

---

Name: CVE-1999-0384

Description:

The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content.

Status:Entry
Reference: MS:MS99-001
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-001
Reference: XF:forms-vuln-patch

---

Name: CVE-1999-0385

Description:

The LDAP bind function in Exchange 5.5 has a buffer overflow that allows a remote attacker to conduct a denial of service or execute commands.

Status:Entry
Reference: ISS:LDAP Buffer overflow against Microsoft Directory Services
Reference: MS:MS99-009
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-009
Reference: XF:ldap-exchange-overflow
Reference: XF:ldap-mds-dos

---

Name: CVE-1999-0386

Description:

Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL.

Status:Entry
Reference: MS:MS99-010
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-010
Reference: OSVDB:111
Reference: URL:http://www.osvdb.org/111
Reference: XF:pws-file-access

---

Name: CVE-1999-0387

Description:

A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords.

Status:Entry
Reference: BID:829
Reference: URL:http://www.securityfocus.com/bid/829
Reference: MS:MS99-052
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-052
Reference: MSKB:Q168115
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q168115
Reference: XF:9x-plaintext-pwd

---

Name: CVE-1999-0388

Description:

DataLynx suGuard trusts the PATH environment variable to execute the ps command, allowing local users to execute commands as root.

Status:Entry
Reference: L0PHT:Jan3,1999
Reference: OSVDB:3186
Reference: URL:http://www.osvdb.org/3186
Reference: XF:datalynx-suguard-relative-paths

---

Name: CVE-1999-0390

Description:

Buffer overflow in Dosemu Slang library in Linux.

Status:Entry
Reference: BID:187
Reference: URL:http://www.securityfocus.com/bid/187
Reference: BUGTRAQ:19990104 Dosemu/S-Lang Overflow + sploit
Reference: CALDERA:CSSA-1999-006.1
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-006.1.txt

---

Name: CVE-1999-0391

Description:

The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user.

Status:Entry
Reference: L0PHT:Jan. 5, 1999
Reference: MISC:https://marc.info/?l=bugtraq&m=91552769809542&w=2

---

Name: CVE-1999-0392

Description:

Buffer overflow in Thomas Boutell's cgic library version up to 1.05.

Status:Entry
Reference: BUGTRAQ:Jan10,1999
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0392
Reference: XF:http-cgic-library-bo

---

Name: CVE-1999-0393

Description:

Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers.

Status:Entry
Reference: BUGTRAQ:19981212 ** Sendmail 8.9.2 DoS - exploit ** get what you want!
Reference: BUGTRAQ:19990121 Sendmail 8.8.x/8.9.x bugware
Reference: URL:http://marc.info/?l=bugtraq&m=91694391227372&w=2
Reference: XF:sendmail-parsing-redirection

---

Name: CVE-1999-0395

Description:

A race condition in the BackWeb Polite Agent Protocol allows an attacker to spoof a BackWeb server.

Status:Entry
Reference: ISS:19990118 Vulnerability in the BackWeb Polite Agent Protocol
Reference: URL:http://xforce.iss.net/alerts/advise17.php
Reference: XF:backweb-polite-agent-protocol

---

Name: CVE-1999-0396

Description:

A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0396
Reference: NETBSD:1999-001
Reference: OPENBSD:Feb17,1999
Reference: XF:netbsd-tcp-race

---

Name: CVE-1999-0402

Description:

wget 1.5.3 follows symlinks to change permissions of the target file instead of the symlink itself.

Status:Entry
Reference: BUGTRAQ:Feb2,1999
Reference: DEBIAN:19990220
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0402
Reference: XF:wget-permissions

---

Name: CVE-1999-0403

Description:

A bug in Cyrix CPUs on Linux allows local users to perform a denial of service.

Status:Entry
Reference: BUGTRAQ:19990204 Cyrix bug: freeze in hell, badboy
Reference: URL:http://marc.info/?l=bugtraq&m=91821080015725&w=2
Reference: XF:cyrix-hang

---

Name: CVE-1999-0404

Description:

Buffer overflow in the Mail-Max SMTP server for Windows systems allows remote command execution.

Status:Entry
Reference: BUGTRAQ:Feb14,1999
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0404
Reference: XF:mailmax-bo

---

Name: CVE-1999-0405

Description:

A buffer overflow in lsof allows local users to obtain root privilege.

Status:Entry
Reference: BUGTRAQ:Feb18,1999
Reference: DEBIAN:19990220a
Reference: HERT:002
Reference: OSVDB:3163
Reference: URL:http://www.osvdb.org/3163
Reference: XF:lsof-bo

---

Name: CVE-1999-0407

Description:

By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system.

Status:Entry
Reference: BUGTRAQ:19990209 ALERT: IIS4 allows proxied password attacks over NetBIOS
Reference: URL:http://marc.info/?l=bugtraq&m=91983486431506&w=2
Reference: BUGTRAQ:19990209 Re: IIS4 allows proxied password attacks over NetBIOS
Reference: URL:http://marc.info/?l=bugtraq&m=92000623021036&w=2
Reference: XF:iis-iisadmpwd

---

Name: CVE-1999-0408

Description:

Files created from interactive shell sessions in Cobalt RaQ microservers (e.g. .bash_history) are world readable, and thus are accessible from the web server.

Status:Entry
Reference: BID:337
Reference: URL:http://www.securityfocus.com/bid/337
Reference: BUGTRAQ:19990225 Cobalt root exploit
Reference: XF:cobalt-raq-history-exposure

---

Name: CVE-1999-0409

Description:

Buffer overflow in gnuplot in Linux version 3.5 allows local users to obtain root access.

Status:Entry
Reference: BID:319
Reference: URL:http://www.securityfocus.com/bid/319
Reference: BUGTRAQ:19990304 Linux /usr/bin/gnuplot overflow
Reference: XF:gnuplot-home-overflow

---

Name: CVE-1999-0410

Description:

The cancel command in Solaris 2.6 (i386) has a buffer overflow that allows local users to obtain root access.

Status:Entry
Reference: BID:293
Reference: URL:http://www.securityfocus.com/bid/293
Reference: BUGTRAQ:Mar5,1999
Reference: XF:sol-cancel

---

Name: CVE-1999-0412

Description:

In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.

Status:Entry
Reference: BID:501
Reference: URL:http://www.securityfocus.com/bid/501
Reference: BUGTRAQ:Feb19,1999
Reference: XF:iis-isapi-execute

---

Name: CVE-1999-0413

Description:

A buffer overflow in the SGI X server allows local users to gain root access through the X server font path.

Status:Entry
Reference: SGI:19990301-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19990301-01-PX
Reference: XF:irix-font-path-overflow

---

Name: CVE-1999-0414

Description:

In Linux before version 2.0.36, remote attackers can spoof a TCP connection and pass data to the application layer before fully establishing the connection.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0414
Reference: NAI:Linux Blind TCP Spoofing
Reference: XF:linux-blind-spoof

---

Name: CVE-1999-0415

Description:

The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled by default, which allows remote attackers to change the router's configuration.

Status:Entry
Reference: CIAC:J-034
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-034.shtml
Reference: CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/770/7xxconn-pub.shtml
Reference: ISS:19990311 Remote Reconfiguration and Denial of Service Vulnerabilities in Cisco 700 ISDN Routers
Reference: XF:cisco-router-commands
Reference: XF:cisco-web-config

---

Name: CVE-1999-0416

Description:

Vulnerability in Cisco 7xx series routers allows a remote attacker to cause a system reload via a TCP connection to the router's TELNET port.

Status:Entry
Reference: CIAC:J-034
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-034.shtml
Reference: CISCO:19990311 Cisco 7xx TCP and HTTP Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/770/7xxconn-pub.shtml
Reference: ISS:19990311 Remote Reconfiguration and Denial of Service Vulnerabilities in Cisco 700 ISDN Routers
Reference: XF:cisco-web-crash

---

Name: CVE-1999-0417

Description:

64 bit Solaris 7 procfs allows local users to perform a denial of service.

Status:Entry
Reference: BID:448
Reference: URL:http://www.securityfocus.com/bid/448
Reference: BUGTRAQ:Mar9,1999
Reference: OSVDB:1001
Reference: URL:http://www.osvdb.org/1001
Reference: XF:solaris-psinfo-crash

---

Name: CVE-1999-0420

Description:

umapfs allows local users to gain root privileges by changing their uid through a malicious mount_umap program.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0420
Reference: NETBSD:1999-006

---

Name: CVE-1999-0421

Description:

During a reboot after an installation of Linux Slackware 3.6, a remote attacker can obtain root access by logging in to the root account without a password.

Status:Entry
Reference: BID:338
Reference: URL:http://www.securityfocus.com/bid/338
Reference: ISS:Short-Term High-Risk Vulnerability During Slackware 3.6 Network Installations
Reference: OSVDB:981
Reference: URL:http://www.osvdb.org/981
Reference: XF:linux-slackware-install

---

Name: CVE-1999-0422

Description:

In some cases, NetBSD 1.3.3 mount allows local users to execute programs in some file systems that have the "noexec" flag set.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0422
Reference: NETBSD:1999-007

---

Name: CVE-1999-0423

Description:

Vulnerability in hpterm on HP-UX 10.20 allows local users to gain additional privileges.

Status:Entry
Reference: HP:HPSBUX9903-093
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9903-093
Reference: XF:hp-hpterm-files

---

Name: CVE-1999-0424

Description:

talkback in Netscape 4.5 allows a local user to overwrite arbitrary files of another user whose Netscape crashes.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0424
Reference: SUSE:Mar18,1999
Reference: XF:netscape-talkback-overwrite

---

Name: CVE-1999-0425

Description:

talkback in Netscape 4.5 allows a local user to kill an arbitrary process of another user whose Netscape crashes.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0425
Reference: SUSE:Mar18,1999
Reference: XF:netscape-talkback-kill

---

Name: CVE-1999-0428

Description:

OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls.

Status:Entry
Reference: BUGTRAQ:19990322 OpenSSL/SSLeay Security Alert
Reference: OSVDB:3936
Reference: URL:http://www.osvdb.org/3936
Reference: XF:ssl-session-reuse

---

Name: CVE-1999-0429

Description:

The Lotus Notes 4.5 client may send a copy of encrypted mail in the clear across the network if the user does not set the "Encrypt Saved Mail" preference.

Status:Entry
Reference: BUGTRAQ:19990323
Reference: URL:http://marc.info/?l=bugtraq&m=92221437025743&w=2
Reference: BUGTRAQ:19990324 Re: LNotes encryption
Reference: URL:http://marc.info/?l=bugtraq&m=92241547418689&w=2
Reference: BUGTRAQ:19990326 Lotus Notes Encryption Bug
Reference: URL:http://marc.info/?l=bugtraq&m=92246997917866&w=2
Reference: BUGTRAQ:19990326 Re: Lotus Notes security advisory
Reference: URL:http://marc.info/?l=bugtraq&m=92249282302994&w=2
Reference: XF:lotus-client-encryption

---

Name: CVE-1999-0430

Description:

Cisco Catalyst LAN switches running Catalyst 5000 supervisor software allows remote attackers to perform a denial of service by forcing the supervisor module to reload.

Status:Entry
Reference: CISCO:Cisco Catalyst Supervisor Remote Reload
Reference: ISS:Remote Denial of Service Vulnerability in Cisco Catalyst Series Ethernet Switches
Reference: OSVDB:1103
Reference: URL:http://www.osvdb.org/1103
Reference: XF:cisco-catalyst-crash

---

Name: CVE-1999-0432

Description:

ftp on HP-UX 11.00 allows local users to gain privileges.

Status:Entry
Reference: HP:HPSBUX9903-094
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9903-094
Reference: XF:hp-ftp

---

Name: CVE-1999-0433

Description:

XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.

Status:Entry
Reference: BUGTRAQ:19990321 X11R6 NetBSD Security Problem
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0433
Reference: SUSE:Mar28,1999
Reference: XF:xfree86-temp-directories

---

Name: CVE-1999-0436

Description:

Domain Enterprise Server Management System (DESMS) in HP-UX allows local users to gain privileges.

Status:Entry
Reference: HP:HPSBUX9903-095
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9903-095
Reference: XF:hp-desms-servers

---

Name: CVE-1999-0437

Description:

Remote attackers can perform a denial of service in WebRamp systems by sending a malicious string to the HTTP port.

Status:Entry
Reference: ISS:WebRamp Denial of Service Attacks
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0437
Reference: XF:webramp-device-crash

---

Name: CVE-1999-0438

Description:

Remote attackers can perform a denial of service in WebRamp systems by sending a malicious UDP packet to port 5353, changing its IP address.

Status:Entry
Reference: ISS:WebRamp Denial of Service Attacks
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0438
Reference: XF:webramp-ipchange

---

Name: CVE-1999-0439

Description:

Buffer overflow in procmail before version 3.12 allows remote or local attackers to execute commands via expansions in the procmailrc configuration file.

Status:Entry
Reference: BUGTRAQ:19990405 Re: [SECURITY] new version of procmail with security fixes
Reference: CALDERA:CSSA-1999:007
Reference: DEBIAN:19990422
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0439
Reference: XF:procmail-overflow

---

Name: CVE-1999-0440

Description:

The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.

Status:Entry
Reference: BID:1939
Reference: URL:http://www.securityfocus.com/bid/1939
Reference: BUGTRAQ:19990405 Security Hole in Java 2 (and JDK 1.1.x)
Reference: URL:http://marc.info/?l=bugtraq&m=92333596624452&w=2
Reference: CONFIRM:http://java.sun.com/pr/1999/03/pr990329-01.html
Reference: XF:java-unverified-code

---

Name: CVE-1999-0441

Description:

Remote attackers can perform a denial of service in WinGate machines using a buffer overflow in the Winsock Redirector Service.

Status:Entry
Reference: BID:509
Reference: URL:http://www.securityfocus.com/bid/509
Reference: EEYE:AD02221999
Reference: URL:http://www.eeye.com/html/Research/Advisories/AD02221999.html
Reference: XF:wingate-redirector-dos

---

Name: CVE-1999-0442

Description:

Solaris ff.core allows local users to modify files.

Status:Entry
Reference: BID:327
Reference: URL:http://www.securityfocus.com/bid/327
Reference: BUGTRAQ:19990107 really silly ff.core exploit for Solaris
Reference: BUGTRAQ:19990108 ff.core exploit on Solaris (2.)7
Reference: BUGTRAQ:19990408 Solaris7 and ff.core

---

Name: CVE-1999-0445

Description:

In Cisco routers under some versions of IOS 12.0 running NAT, some packets may not be filtered by input access list filters.

Status:Entry
Reference: CISCO:Cisco IOS(R) Software Input Access List Leakage with NAT
Reference: OSVDB:1104
Reference: URL:http://www.osvdb.org/1104
Reference: XF:cisco-natacl-leakage

---

Name: CVE-1999-0446

Description:

Local users can perform a denial of service in NetBSD 1.3.3 and earlier versions by creating an unusual symbolic link with the ln command, triggering a bug in VFS.

Status:Entry
Reference: NETBSD:1999-008
Reference: OSVDB:7051
Reference: URL:http://www.osvdb.org/7051
Reference: XF:netbsd-vfslocking-panic

---

Name: CVE-1999-0447

Description:

Local users can gain privileges using the debug utility in the MPE/iX operating system.

Status:Entry
Reference: HP:HPSBMP9904-006
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBMP9904-006
Reference: XF:mpeix-debug

---

Name: CVE-1999-0448

Description:

IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.

Status:Entry
Reference: BUGTRAQ:19990121 IIS 4 Request Logging Security Advisory
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0448
Reference: XF:iis-http-request-logging

---

Name: CVE-1999-0449

Description:

The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts.

Status:Entry
Reference: BID:193
Reference: URL:http://www.securityfocus.com/bid/193
Reference: BUGTRAQ:19990125 Re: [NTSEC] IIS 4 Advisory - ExAir sample site DoS
Reference: BUGTRAQ:19990126 IIS 4 Advisory - ExAir sample site DoS
Reference: NTBUGTRAQ:19990126 IIS 4 Advisory - ExAir sample site DoS
Reference: OSVDB:2
Reference: URL:http://www.osvdb.org/2
Reference: OSVDB:3
Reference: URL:http://www.osvdb.org/3
Reference: OSVDB:4
Reference: URL:http://www.osvdb.org/4
Reference: XF:iis-exair-dos

---

Name: CVE-1999-0457

Description:

Linux ftpwatch program allows local users to gain root privileges.

Status:Entry
Reference: BID:317
Reference: URL:http://www.securityfocus.com/bid/317
Reference: BUGTRAQ:Jan17,1999
Reference: DEBIAN:19990117
Reference: XF:ftpwatch-vuln

---

Name: CVE-1999-0458

Description:

L0phtcrack 2.5 used temporary files in the system TEMP directory which could contain password information.

Status:Entry
Reference: BUGTRAQ:Jan6,1999
Reference: OSVDB:915
Reference: URL:http://www.osvdb.org/915
Reference: XF:l0phtcrack-temp-files

---

Name: CVE-1999-0463

Description:

Remote attackers can perform a denial of service using IRIX fcagent.

Status:Entry
Reference: SGI:19981201-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19981201-01-PX
Reference: XF:sgi-fcagent-dos

---

Name: CVE-1999-0464

Description:

Local users can perform a denial of service in Tripwire 1.2 and earlier using long filenames.

Status:Entry
Reference: BUGTRAQ:19990104 Tripwire mess..
Reference: URL:http://marc.info/?l=bugtraq&m=91553066310826&w=2
Reference: CONFIRM:http://marc.info/?l=bugtraq&m=91592136122066&w=2
Reference: OSVDB:6609
Reference: URL:http://www.osvdb.org/6609

---

Name: CVE-1999-0466

Description:

The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier allows a local user to read or write arbitrary files on the disk associated with that device.

Status:Entry
Reference: NETBSD:1999-009
Reference: OSVDB:905
Reference: URL:http://www.osvdb.org/905

---

Name: CVE-1999-0468

Description:

Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component.

Status:Entry
Reference: BUGTRAQ:Apr9,1999
Reference: MS:MS99-012
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-012
Reference: XF:ie-scriplet-fileread

---

Name: CVE-1999-0470

Description:

A weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted.

Status:Entry
Reference: BID:482
Reference: URL:http://www.securityfocus.com/bid/482
Reference: BUGTRAQ:19990409 New Novell Remote.NLM Password Decryption Algorithm with Exploit
Reference: XF:netware-remotenlm-passwords

---

Name: CVE-1999-0471

Description:

The remote proxy server in Winroute allows a remote attacker to reconfigure the proxy without authentication through the "cancel" button.

Status:Entry
Reference: BUGTRAQ:Apr9,1999
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0471
Reference: XF:winroute-config

---

Name: CVE-1999-0472

Description:

The SNMP default community name "public" is not properly removed in NetApps C630 Netcache, even if the administrator tries to disable it.

Status:Entry
Reference: BUGTRAQ:Apr7,1999
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0472
Reference: XF:netcache-snmp

---

Name: CVE-1999-0473

Description:

The rsync command before rsync 2.3.1 may inadvertently change the permissions of the client's working directory to the permissions of the directory being transferred.

Status:Entry
Reference: BID:145
Reference: URL:http://www.securityfocus.com/bid/145
Reference: BUGTRAQ:19990407 rsync 2.3.1 release - security fix
Reference: CALDERA:CSSA-1999:010.0
Reference: DEBIAN:19990823
Reference: XF:rsync-permissions

---

Name: CVE-1999-0474

Description:

The ICQ Webserver allows remote attackers to use .. to access arbitrary files outside of the user's personal directory.

Status:Entry
Reference: BUGTRAQ:Apr5,1999
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0474
Reference: XF:icq-webserver-read

---

Name: CVE-1999-0475

Description:

A race condition in how procmail handles .procmailrc files allows a local user to read arbitrary files available to the user who is running procmail.

Status:Entry
Reference: BUGTRAQ:Apr5,1999
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0475
Reference: XF:procmail-race

---

Name: CVE-1999-0478

Description:

Denial of service in HP-UX sendmail 8.8.6 related to accepting connections.

Status:Entry
Reference: HP:HPSBUX9904-097
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9904-097
Reference: XF:sendmail-headers-dos

---

Name: CVE-1999-0479

Description:

Denial of service Netscape Enterprise Server with VirtualVault on HP-UX VVOS systems.

Status:Entry
Reference: HP:HPSBUX9903-092
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9903-092
Reference: XF:netscape-server-dos

---

Name: CVE-1999-0481

Description:

Denial of service in "poll" in OpenBSD.

Status:Entry
Reference: OPENBSD:Mar22,1999
Reference: OSVDB:7556
Reference: URL:http://www.osvdb.org/7556

---

Name: CVE-1999-0482

Description:

OpenBSD kernel crash through TSS handling, as caused by the crashme program.

Status:Entry
Reference: OPENBSD:Mar21,1999
Reference: OSVDB:7557
Reference: URL:http://www.osvdb.org/7557

---

Name: CVE-1999-0483

Description:

OpenBSD crash using nlink value in FFS and EXT2FS filesystems.

Status:Entry
Reference: OPENBSD:Feb25,1999
Reference: OSVDB:6129
Reference: URL:http://www.osvdb.org/6129

---

Name: CVE-1999-0484

Description:

Buffer overflow in OpenBSD ping.

Status:Entry
Reference: OPENBSD:Feb23,1999
Reference: OSVDB:6130
Reference: URL:http://www.osvdb.org/6130

---

Name: CVE-1999-0485

Description:

Remote attackers can cause a system crash through ipintr() in ipq in OpenBSD.

Status:Entry
Reference: OPENBSD:Feb19,1999
Reference: OSVDB:7558
Reference: URL:http://www.osvdb.org/7558
Reference: XF:openbsd-ipintr-race

---

Name: CVE-1999-0487

Description:

The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files.

Status:Entry
Reference: MS:MS99-011
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-011
Reference: XF:ie-dhtml-control

---

Name: CVE-1999-0491

Description:

The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute.

Status:Entry
Reference: BID:119
Reference: URL:http://www.securityfocus.com/bid/119
Reference: BUGTRAQ:19990420 Bash Bug
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9904202114070.6623-100000@smooth.Operator.org
Reference: CALDERA:CSSA-1999-008.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-008.0.txt

---

Name: CVE-1999-0493

Description:

rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd.

Status:Entry
Reference: BID:450
Reference: URL:http://www.securityfocus.com/bid/450
Reference: BUGTRAQ:19990103 SUN almost has a clue! (automountd)
Reference: URL:http://marc.info/?l=bugtraq&m=91547759121289&w=2
Reference: CERT:CA-99-05
Reference: URL:http://www.cert.org/advisories/CA-99-05-statd-automountd.html
Reference: CIAC:J-045
Reference: URL:http://www.ciac.org/ciac/bulletins/j-045.shtml
Reference: SUN:00186
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/186&type=0&nav=sec.sba

---

Name: CVE-1999-0494

Description:

Denial of service in WinGate proxy through a buffer overflow in POP3.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0494
Reference: XF:wingate-pop3-user-bo

---

Name: CVE-1999-0496

Description:

A Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin.

Status:Entry
Reference: MSKB:Q146965
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q146965
Reference: XF:nt-getadmin
Reference: XF:nt-getadmin-present

---

Name: CVE-1999-0513

Description:

ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.

Status:Entry
Reference: CERT:CA-98.01.smurf
Reference: FREEBSD:FreeBSD-SA-98:06
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0513
Reference: XF:smurf

---

Name: CVE-1999-0514

Description:

UDP messages to broadcast addresses are allowed, allowing for a Fraggle attack that can cause a denial of service by flooding the target.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0514
Reference: XF:fraggle

---

Name: CVE-1999-0526

Description:

An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server.

Status:Entry
Reference: CERT-VN:VU#704969
Reference: URL:http://www.kb.cert.org/vuls/id/704969
Reference: XF:xcheck-keystroke

---

Name: CVE-1999-0551

Description:

HP OpenMail can be misconfigured to allow users to run arbitrary commands using malicious print requests.

Status:Entry
Reference: HP:HPSBUX9804-078
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9804-078
Reference: XF:hp-openmail

---

Name: CVE-1999-0566

Description:

An attacker can write to syslog files from any location, causing a denial of service by filling up the logs, and hiding activities.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0566
Reference: XF:ibm-syslogd
Reference: XF:syslog-flood

---

Name: CVE-1999-0608

Description:

An incorrect configuration of the PDG Shopping Cart CGI program "shopper.cgi" could disclose private information.

Status:Entry
Reference: BUGTRAQ:19990420 Shopping Carts exposing CC data
Reference: URL:http://marc.info/?l=bugtraq&m=92462991805485&w=2
Reference: CONFIRM:http://www.pdgsoft.com/Security/security.html.
Reference: XF:pdgsoftcart-misconfig(3857)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3857

---

Name: CVE-1999-0612

Description:

A version of finger is running that exposes valid user information to any entity on the network.

Status:Entry
Reference: MISC:https://www.cve.org/CVERecord?id=CVE-1999-0612
Reference: XF:finger-out
Reference: XF:finger-running

---

Name: CVE-1999-0626

Description:

A version of rusers is running that exposes valid user information to any entity on the network.

Status:Entry
Reference: MISC:https://www.cve.org/CVERecord?id=CVE-1999-0626
Reference: XF:ruser
Reference: XF:rusersd

---

Name: CVE-1999-0627

Description:

The rexd service is running, which uses weak authentication that can allow an attacker to execute commands.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0627
Reference: XF:rexd

---

Name: CVE-1999-0628

Description:

The rwho/rwhod service is running, which exposes machine status and user information.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0628
Reference: XF:rwhod

---

Name: CVE-1999-0668

Description:

The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.

Status:Entry
Reference: BID:598
Reference: URL:http://www.securityfocus.com/bid/598
Reference: BUGTRAQ:19990821 IE 5.0 allows executing programs
Reference: CIAC:J-064
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-064.shtml
Reference: MS:MS99-032
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-032
Reference: MSKB:Q240308
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q240308
Reference: XF:ms-scriptlet-eyedog-unsafe

---

Name: CVE-1999-0671

Description:

Buffer overflow in ToxSoft NextFTP client through CWD command.

Status:Entry
Reference: BID:572
Reference: URL:http://www.securityfocus.com/bid/572
Reference: XF:toxsoft-nextftp-cwd-bo

---

Name: CVE-1999-0672

Description:

Buffer overflow in Fujitsu Chocoa IRC client via IRC channel topics.

Status:Entry
Reference: BID:573
Reference: URL:http://www.securityfocus.com/bid/573
Reference: XF:fujitsu-topic-bo

---

Name: CVE-1999-0674

Description:

The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.

Status:Entry
Reference: BID:570
Reference: URL:http://www.securityfocus.com/bid/570
Reference: BUGTRAQ:19990809 profil(2) bug, a simple test program
Reference: CIAC:J-067
Reference: URL:http://www.ciac.org/ciac/bulletins/j-067.shtml
Reference: FREEBSD:FreeBSD-SA-99:02
Reference: NETBSD:1999-011
Reference: OPENBSD:Aug 9,1999
Reference: XF:netbsd-profil

---

Name: CVE-1999-0675

Description:

Check Point FireWall-1 can be subjected to a denial of service via UDP packets that are sent through VPN-1 to port 0 of a host.

Status:Entry
Reference: BID:576
Reference: URL:http://www.securityfocus.com/bid/576
Reference: BUGTRAQ:19990809 FW1 UDP Port 0 DoS
Reference: URL:http://www.securityfocus.com/archive/1/23615
Reference: OSVDB:1038
Reference: URL:http://www.osvdb.org/1038
Reference: XF:checkpoint-port

---

Name: CVE-1999-0676

Description:

sdtcm_convert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack.

Status:Entry
Reference: BID:575
Reference: URL:http://www.securityfocus.com/bid/575
Reference: BUGTRAQ:19990808 sdtcm_convert
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19990809134220.A1191@hades.chaoz.org
Reference: XF:sun-sdtcm-convert

---

Name: CVE-1999-0678

Description:

A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.

Status:Entry
Reference: BID:318
Reference: URL:http://www.securityfocus.com/bid/318
Reference: BUGTRAQ:19990405 An issue with Apache on Debian
Reference: XF:apache-debian-usrdoc

---

Name: CVE-1999-0679

Description:

Buffer overflow in hybrid-6 IRC server commonly used on EFnet allows remote attackers to execute commands via m_invite invite option.

Status:Entry
Reference: BID:581
Reference: URL:http://www.securityfocus.com/bid/581
Reference: BUGTRAQ:19990813 w00w00's efnet ircd advisory (exploit included)
Reference: CONFIRM:http://www.efnet.org/archive/servers/hybrid/ChangeLog
Reference: XF:hybrid-ircd-minvite-bo

---

Name: CVE-1999-0680

Description:

Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service.

Status:Entry
Reference: BID:571
Reference: URL:http://www.securityfocus.com/bid/571
Reference: CIAC:J-057
Reference: URL:http://www.ciac.org/ciac/bulletins/j-057.shtml
Reference: MS:MS99-028
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-028
Reference: MSKB:Q238600
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q238600
Reference: XF:nt-terminal-dos

---

Name: CVE-1999-0681

Description:

Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL.

Status:Entry
Reference: BID:568
Reference: URL:http://www.securityfocus.com/bid/568
Reference: BUGTRAQ:19990807 Crash FrontPage Remotely...
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/1999-q3/0381.html
Reference: XF:frontpage-pws-dos(3117)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3117

---

Name: CVE-1999-0682

Description:

Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled.

Status:Entry
Reference: BID:567
Reference: URL:http://www.securityfocus.com/bid/567
Reference: CIAC:J-056
Reference: URL:http://www.ciac.org/ciac/bulletins/j-056.shtml
Reference: MS:MS99-027
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-027
Reference: MSKB:Q237927
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q237927
Reference: XF:exchange-relay

---

Name: CVE-1999-0683

Description:

Denial of service in Gauntlet Firewall via a malformed ICMP packet.

Status:Entry
Reference: BID:556
Reference: URL:http://www.securityfocus.com/bid/556
Reference: BUGTRAQ:19990729 Remotely Lock Up Gauntlet 5.0
Reference: OSVDB:1029
Reference: URL:http://www.osvdb.org/1029
Reference: XF:gauntlet-dos

---

Name: CVE-1999-0685

Description:

Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option.

Status:Entry
Reference: BID:618
Reference: URL:http://www.securityfocus.com/bid/618
Reference: BUGTRAQ:19991209 Netscape communicator 4.06J, 4.5J-4.6J, 4.61e Buffer Overflow

---

Name: CVE-1999-0686

Description:

Denial of service in Netscape Enterprise Server (NES) in HP Virtual Vault (VVOS) via a long URL.

Status:Entry
Reference: BUGTRAQ:19990514 TGAD DoS
Reference: BUGTRAQ:19990610 Re: VVOS/Netscape Bug
Reference: CIAC:J-046
Reference: URL:http://www.ciac.org/ciac/bulletins/j-046.shtml
Reference: HP:HPSBUX9906-098
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9906-098
Reference: XF:hp-tgad-dos

---

Name: CVE-1999-0687

Description:

The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands.

Status:Entry
Reference: BID:637
Reference: URL:http://www.securityfocus.com/bid/637
Reference: BUGTRAQ:19990913 Vulnerability in ttsession
Reference: CERT:CA-99-11
Reference: CIAC:K-001
Reference: URL:http://www.ciac.org/ciac/bulletins/k-001.shtml
Reference: COMPAQ:SSRT0617U_TTSESSION
Reference: HP:HPSBUX9909-103
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9909-103
Reference: SUN:00192
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/192
Reference: XF:cde-ttsession-rpc-auth

---

Name: CVE-1999-0688

Description:

Buffer overflows in HP Software Distributor (SD) for HPUX 10.x and 11.x.

Status:Entry
Reference: BID:545
Reference: URL:http://www.securityfocus.com/bid/545
Reference: HP:HPSBUX9907-101
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9907-101
Reference: XF:hp-sd-bo

---

Name: CVE-1999-0689

Description:

The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack.

Status:Entry
Reference: BID:636
Reference: URL:http://www.securityfocus.com/bid/636
Reference: BUGTRAQ:19990913 Vulnerability in dtspcd
Reference: CERT:CA-99-11
Reference: HP:HPSBUX9909-103
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9909-103
Reference: OVAL:oval:org.mitre.oval:def:1880
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1880
Reference: SUN:00192
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/192
Reference: XF:cde-dtspcd-file-auth

---

Name: CVE-1999-0690

Description:

HP CDE program includes the current directory in root's PATH variable.

Status:Entry
Reference: CIAC:J-053
Reference: URL:http://www.ciac.org/ciac/bulletins/j-053.shtml
Reference: HP:HPSBUX9907-100
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9907-100
Reference: XF:hp-cde-directory

---

Name: CVE-1999-0691

Description:

Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name.

Status:Entry
Reference: BID:635
Reference: URL:http://www.securityfocus.com/bid/635
Reference: BUGTRAQ:19990913 Vulnerability in dtaction
Reference: CERT:CA-99-11
Reference: COMPAQ:SSRTO615U_DTACTION
Reference: HP:HPSBUX9909-103
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9909-103
Reference: OVAL:oval:org.mitre.oval:def:3078
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3078
Reference: SUN:00192
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/192
Reference: XF:cde-dtaction-username-bo

---

Name: CVE-1999-0692

Description:

The default configuration of the Array Services daemon (arrayd) disables authentication, allowing remote users to gain root privileges.

Status:Entry
Reference: CERT:CA-99-09
Reference: CIAC:J-052
Reference: URL:http://www.ciac.org/ciac/bulletins/j-052.shtml
Reference: SGI:19990701-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19990701-01-P
Reference: XF:sgi-arrayd

---

Name: CVE-1999-0693

Description:

Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges.

Status:Entry
Reference: BID:641
Reference: URL:http://www.securityfocus.com/bid/641
Reference: CERT:CA-99-11
Reference: HP:HPSBUX9909-103
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9909-103
Reference: OVAL:oval:org.mitre.oval:def:4374
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4374
Reference: SUN:00192
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/192
Reference: XF:cde-dtsession-env-bo

---

Name: CVE-1999-0694

Description:

Denial of service in AIX ptrace system call allows local users to crash the system.

Status:Entry
Reference: CIAC:J-055
Reference: URL:http://www.ciac.org/ciac/bulletins/j-055.shtml
Reference: IBM:ERS-SVA-E01-1999:002.1
Reference: XF:aix-ptrace-halt

---

Name: CVE-1999-0695

Description:

The Sybase PowerDynamo personal web server allows attackers to read arbitrary files through a .. (dot dot) attack.

Status:Entry
Reference: BID:620
Reference: URL:http://www.securityfocus.com/bid/620
Reference: BUGTRAQ:19990904 [Sybase] software vendors do not think about old bugs
Reference: OSVDB:1064
Reference: URL:http://www.osvdb.org/1064
Reference: XF:http-powerdynamo-dotdotslash

---

Name: CVE-1999-0696

Description:

Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd).

Status:Entry
Reference: BUGTRAQ:19990709 Exploit of rpc.cmsd
Reference: CERT:CA-99-08
Reference: CIAC:J-051
Reference: URL:http://www.ciac.org/ciac/bulletins/j-051.shtml
Reference: COMPAQ:SSRT0614U_RPC_CMSD
Reference: HP:HPSBUX9908-102
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9908-102
Reference: SCO:SB-99.12
Reference: SUN:00188
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/188
Reference: SUNBUG:4230754
Reference: XF:sun-cmsd-bo

---

Name: CVE-1999-0697

Description:

SCO Doctor allows local users to gain root privileges through a Tools option.

Status:Entry
Reference: BID:621
Reference: URL:http://www.securityfocus.com/bid/621
Reference: BUGTRAQ:19990908 SCO 5.0.5 /bin/doctor nightmare
Reference: XF:sco-doctor-execute

---

Name: CVE-1999-0699

Description:

The Bluestone Sapphire web server allows session hijacking via easily guessable session IDs.

Status:Entry
Reference: BID:623
Reference: URL:http://www.securityfocus.com/bid/623
Reference: BUGTRAQ:19990908 [Security] Spoofed Id in Bluestone Sapphire/Web

---

Name: CVE-1999-0700

Description:

Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file.

Status:Entry
Reference: MS:MS99-026
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-026
Reference: MSKB:Q237185
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q237185
Reference: XF:nt-malformed-dialer

---

Name: CVE-1999-0701

Description:

After an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password.

Status:Entry
Reference: BID:626
Reference: URL:http://www.securityfocus.com/bid/626
Reference: MS:MS99-036
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-036
Reference: MSKB:Q173039
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q173039
Reference: XF:nt-install-unattend-file

---

Name: CVE-1999-0702

Description:

Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability.

Status:Entry
Reference: BID:627
Reference: URL:http://www.securityfocus.com/bid/627
Reference: BUGTRAQ:19990909 IE 5.0 security vulnerabilities - ImportExportFavorites - at least creating and overwriting files, probably executing programs
Reference: MS:MS99-037
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-037
Reference: MSKB:Q241361
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q241361
Reference: XF:ie5-import-export-favorites

---

Name: CVE-1999-0703

Description:

OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices.

Status:Entry
Reference: BUGTRAQ:19990805 4.4 BSD issue -- chflags
Reference: CIAC:J-066
Reference: URL:http://www.ciac.org/ciac/bulletins/j-066.shtml
Reference: FREEBSD:FreeBSD-SA-99:01
Reference: OPENBSD:Jul30,1999
Reference: XF:openbsd-chflags-fchflags-permitted

---

Name: CVE-1999-0704

Description:

Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others.

Status:Entry
Reference: BID:614
Reference: URL:http://www.securityfocus.com/bid/614
Reference: CALDERA:CSSA-1999:024.0
Reference: CERT:CA-99-12
Reference: DEBIAN:19991018
Reference: FREEBSD:SA-99:06
Reference: REDHAT:RHSA-1999:032-01
Reference: XF:amd-bo

---

Name: CVE-1999-0705

Description:

Buffer overflow in INN inews program.

Status:Entry
Reference: BID:616
Reference: URL:http://www.securityfocus.com/bid/616
Reference: CALDERA:CSSA-1999-026
Reference: DEBIAN:19990907
Reference: REDHAT:RHSA1999033_01
Reference: SUSE:19990831 Security hole in INN
Reference: XF:inn-inews-bo

---

Name: CVE-1999-0706

Description:

Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables.

Status:Entry
Reference: BID:583
Reference: URL:http://www.securityfocus.com/bid/583
Reference: DEBIAN:19990807
Reference: SUSE:19990817 Security hole in i4l (xmonisdn)

---

Name: CVE-1999-0707

Description:

The default FTP configuration in HP Visualize Conference allows conference users to send a file to other participants without authorization.

Status:Entry
Reference: BID:493
Reference: URL:http://www.securityfocus.com/bid/493
Reference: CIAC:J-050
Reference: URL:http://www.ciac.org/ciac/bulletins/j-050.shtml
Reference: HP:HPSBUX9906-099
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9906-099
Reference: XF:hp-visualize-conference-ftp

---

Name: CVE-1999-0708

Description:

Buffer overflow in cfingerd allows local users to gain root privileges via a long GECOS field.

Status:Entry
Reference: BID:651
Reference: URL:http://www.securityfocus.com/bid/651
Reference: BUGTRAQ:19990921 BP9909-00: cfingerd local buffer overflow

---

Name: CVE-1999-0710

Description:

The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other systems.

Status:Entry
Reference: BID:2059
Reference: URL:http://www.securityfocus.com/bid/2059
Reference: BUGTRAQ:19990725 Redhat 6.0 cachemgr.cgi lameness
Reference: CONFIRM:http://www.redhat.com/support/errata/archives/rh52-errata-general.html#squid
Reference: DEBIAN:DSA-576
Reference: URL:http://www.debian.org/security/2004/dsa-576
Reference: FEDORA:FEDORA-2005-373
Reference: URL:http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html
Reference: FEDORA:FLSA-2006:152809
Reference: URL:http://fedoranews.org/updates/FEDORA--.shtml
Reference: REDHAT:RHSA-1999:025
Reference: URL:http://www.redhat.com/support/errata/RHSA-1999-025.html
Reference: REDHAT:RHSA-2005:489
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-489.html
Reference: XF:http-cgi-cachemgr(2385)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2385

---

Name: CVE-1999-0711

Description:

The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root.

Status:Entry
Reference: BUGTRAQ:19990430 *Huge* security hole in Oracle 8.0.5 with Intellegent agent installed
Reference: URL:http://marc.info/?t=92550157100002&w=2&r=1
Reference: BUGTRAQ:19990506 Oracle Security Followup, patch and FAQ: setuid on oratclsh
Reference: URL:http://marc.info/?l=bugtraq&m=92609807906778&w=2
Reference: XF:oracle-oratclsh

---

Name: CVE-1999-0713

Description:

The dtlogin program in Compaq Tru64 UNIX allows local users to gain root privileges.

Status:Entry
Reference: BUGTRAQ:19990404 Digital Unix 4.0E /var permission
Reference: CIAC:J-044
Reference: URL:http://www.ciac.org/ciac/bulletins/j-044.shtml
Reference: COMPAQ:SSRT0600U
Reference: XF:cde-dtlogin

---

Name: CVE-1999-0714

Description:

Vulnerability in Compaq Tru64 UNIX edauth command.

Status:Entry
Reference: COMPAQ:SSRT0588U
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0714
Reference: XF:du-edauth

---

Name: CVE-1999-0715

Description:

Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry.

Status:Entry
Reference: BUGTRAQ:19990519 Buffer Overruns in RAS allows execution of arbitary code as system
Reference: MS:MS99-016
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-016
Reference: MSKB:Q230677
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q230677
Reference: XF:nt-ras-bo

---

Name: CVE-1999-0716

Description:

Buffer overflow in Windows NT 4.0 help file utility via a malformed help file.

Status:Entry
Reference: MS:MS99-015
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-015
Reference: MSKB:Q231605
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q231605
Reference: XF:nt-helpfile-bo

---

Name: CVE-1999-0717

Description:

A remote attacker can disable the virus warning mechanism in Microsoft Excel 97.

Status:Entry
Reference: MS:MS99-014
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-014
Reference: MSKB:Q231304
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q231304
Reference: XF:excel-virus-warning

---

Name: CVE-1999-0718

Description:

IBM GINA, when used for OS/2 domain authentication of Windows NT users, allows local users to gain administrator privileges by changing the GroupMapping registry key.

Status:Entry
Reference: BID:608
Reference: URL:http://www.securityfocus.com/bid/608
Reference: NTBUGTRAQ:19990823 IBM Gina security warning
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9908&L=ntbugtraq&F=&S=&P=5534
Reference: XF:ibm-gina-group-add(3166)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3166

---

Name: CVE-1999-0719

Description:

The Guile plugin for the Gnumeric spreadsheet package allows attackers to execute arbitrary code.

Status:Entry
Reference: BID:563
Reference: URL:http://www.securityfocus.com/bid/563
Reference: BUGTRAQ:19990802 Gnumeric potential security hole.
Reference: REDHAT:RHSA-1999:023-01
Reference: XF:gnu-guile-plugin-export

---

Name: CVE-1999-0720

Description:

The pt_chown command in Linux allows local users to modify TTY terminal devices that belong to other users.

Status:Entry
Reference: BID:597
Reference: URL:http://www.securityfocus.com/bid/597
Reference: BUGTRAQ:19990823 [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=lcamtuf.4.05.9907041223290.355-300000@nimue.ids.pl
Reference: XF:linux-pt-chown

---

Name: CVE-1999-0721

Description:

Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request.

Status:Entry
Reference: BINDVIEW:Phantom Technical Advisory
Reference: CIAC:J-049
Reference: URL:http://www.ciac.org/ciac/bulletins/j-049.shtml
Reference: MS:MS99-020
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-020
Reference: MSKB:Q231457
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q231457
Reference: XF:msrpc-lsa-lookupnames-dos

---

Name: CVE-1999-0722

Description:

The default configuration of Cobalt RaQ2 servers allows remote users to install arbitrary software packages.

Status:Entry
Reference: BID:558
Reference: URL:http://www.securityfocus.com/bid/558
Reference: CERT:CA-99-10
Reference: XF:cobalt-raq2-default-config

---

Name: CVE-1999-0723

Description:

The Windows NT Client Server Runtime Subsystem (CSRSS) can be subjected to a denial of service when all worker threads are waiting for user input.

Status:Entry
Reference: BID:478
Reference: URL:http://www.securityfocus.com/bid/478
Reference: CIAC:J-049
Reference: URL:http://www.ciac.org/ciac/bulletins/j-049.shtml
Reference: MS:MS99-021
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-021
Reference: MSKB:Q233323
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q233323
Reference: NTBUGTRAQ:19990411 Death by MessageBox
Reference: XF:nt-csrss-dos

---

Name: CVE-1999-0724

Description:

Buffer overflow in OpenBSD procfs and fdescfs file systems via uio_offset in the readdir() function.

Status:Entry
Reference: OPENBSD:Aug12,1999
Reference: OSVDB:6128
Reference: URL:http://www.osvdb.org/6128
Reference: XF:openbsd-uio_offset-bo

---

Name: CVE-1999-0725

Description:

When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page".

Status:Entry
Reference: BID:477
Reference: URL:http://www.securityfocus.com/bid/477
Reference: MS:MS99-022
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-022
Reference: MSKB:Q233335
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q233335
Reference: XF:iis-double-byte-code-page(2302)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2302

---

Name: CVE-1999-0726

Description:

An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header.

Status:Entry
Reference: BID:499
Reference: URL:http://www.securityfocus.com/bid/499
Reference: MS:MS99-023
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-023
Reference: MSKB:Q234557
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q234557
Reference: XF:nt-malformed-image-header

---

Name: CVE-1999-0727

Description:

A kernel leak in the OpenBSD kernel allows IPsec packets to be sent unencrypted.

Status:Entry
Reference: OPENBSD:19990608 Packets that should have been handled by IPsec may be transmitted as cleartext
Reference: OSVDB:6127
Reference: URL:http://www.osvdb.org/6127
Reference: XF:openbsd-ipsec-cleartext

---

Name: CVE-1999-0728

Description:

A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them.

Status:Entry
Reference: MS:MS99-024
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-024
Reference: MSKB:Q236359
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q236359
Reference: XF:nt-ioctl-dos

---

Name: CVE-1999-0729

Description:

Buffer overflow in Lotus Notes LDAP (NLDAP) allows an attacker to conduct a denial of service through the ldap_search request.

Status:Entry
Reference: BID:601
Reference: URL:http://www.securityfocus.com/bid/601
Reference: CIAC:J-061
Reference: URL:http://www.ciac.org/ciac/bulletins/j-061.shtml
Reference: ISS:19990823 Denial of Service Attack against Lotus Notes Domino Server 4.6
Reference: URL:http://xforce.iss.net/alerts/advise34.php
Reference: OSVDB:1057
Reference: URL:http://www.osvdb.org/1057
Reference: XF:lotus-ldap-bo

---

Name: CVE-1999-0730

Description:

The zsoelim program in the Debian man-db package allows local users to overwrite files via a symlink attack.

Status:Entry
Reference: DEBIAN:19990612
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0730

---

Name: CVE-1999-0731

Description:

The KDE klock program allows local users to unlock a session using malformed input.

Status:Entry
Reference: BID:489
Reference: URL:http://www.securityfocus.com/bid/489
Reference: BUGTRAQ:19990623 Security flaw in klock
Reference: CALDERA:CSSA-1999:017
Reference: MISC:https://github.com/KDE/kde1-kdebase/commit/04906bd5de2f220bf100b605dad37b4a1d9a91a6
Reference: SUSE:19990629 Security hole in Klock

---

Name: CVE-1999-0732

Description:

The logging facility of the Debian smtp-refuser package allows local users to delete arbitrary files using symbolic links.

Status:Entry
Reference: DEBIAN:19990823b
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0732
Reference: XF:smtp-refuser-tmp

---

Name: CVE-1999-0733

Description:

Buffer overflow in VMWare 1.0.1 for Linux via a long HOME environmental variable.

Status:Entry
Reference: BID:490
Reference: URL:http://www.securityfocus.com/bid/490
Reference: BUGTRAQ:19990626 VMWare Advisory - buffer overflows
Reference: BUGTRAQ:19990626 VMware Security Alert
Reference: BUGTRAQ:19990705 Re: VMWare Advisory.. - exploit
Reference: XF:vmware-bo

---

Name: CVE-1999-0734

Description:

A default configuration of CiscoSecure Access Control Server (ACS) allows remote users to modify the server database without authentication.

Status:Entry
Reference: CISCO:19990819 CiscoSecure Access Control Server for UNIX Remote Administration Vulnerability
Reference: URL:https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-19990819-dbaccess
Reference: XF:ciscosecure-read-write(3133)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3133

---

Name: CVE-1999-0735

Description:

KDE K-Mail allows local users to gain privileges via a symlink attack in temporary user directories.

Status:Entry
Reference: BID:300
Reference: URL:http://www.securityfocus.com/bid/300
Reference: CALDERA:CSSA-1999:016
Reference: ISS:KDE K-Mail File Creation Vulnerability
Reference: REDHAT:RHSA-1999:015-01
Reference: URL:http://www.redhat.com/support/errata/RHSA1999015_01.html

---

Name: CVE-1999-0740

Description:

Remote attackers can cause a denial of service on Linux in.telnetd telnet daemon through a malformed TERM environmental variable.

Status:Entry
Reference: BID:594
Reference: URL:http://www.securityfocus.com/bid/594
Reference: CALDERA:CSSA-1999:022
Reference: REDHAT:RHSA1999029_01
Reference: XF:linux-telnetd-term

---

Name: CVE-1999-0742

Description:

The Debian mailman package uses weak authentication, which allows attackers to gain privileges.

Status:Entry
Reference: BID:480
Reference: URL:http://www.securityfocus.com/bid/480
Reference: DEBIAN:19990623

---

Name: CVE-1999-0743

Description:

Trn allows local users to overwrite other users' files via symlinks.

Status:Entry
Reference: BUGTRAQ:19990819 Insecure use of file in /tmp by trn
Reference: DEBIAN:19990823c
Reference: SUSE:19990824 Security hole in trn
Reference: XF:trn-symlinks(3144)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3144

---

Name: CVE-1999-0744

Description:

Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request.

Status:Entry
Reference: BID:603
Reference: URL:http://www.securityfocus.com/bid/603
Reference: ISS:Buffer Overflow in Netscape Enterprise and FastTrack Web Servers

---

Name: CVE-1999-0745

Description:

Buffer overflow in Source Code Browser Program Database Name Server Daemon (pdnsd) for the IBM AIX C Set ++ compiler.

Status:Entry
Reference: BID:590
Reference: URL:http://www.securityfocus.com/bid/590
Reference: CIAC:J-059
Reference: URL:http://www.ciac.org/ciac/bulletins/j-059.shtml
Reference: IBM:ERS-SVA-E01-1999:003.1
Reference: XF:aix-pdnsd-bo

---

Name: CVE-1999-0746

Description:

A default configuration of in.identd in SuSE Linux waits 120 seconds between requests, allowing a remote attacker to conduct a denial of service.

Status:Entry
Reference: BID:587
Reference: URL:http://www.securityfocus.com/bid/587
Reference: BUGTRAQ:19990814 DOS against SuSE's identd
Reference: SUSE:19990824 Security hole in netcfg
Reference: XF:suse-identd-dos

---

Name: CVE-1999-0747

Description:

Denial of service in BSDi Symmetric Multiprocessing (SMP) when an fstat call is made when the system has a high CPU load.

Status:Entry
Reference: BID:589
Reference: URL:http://www.securityfocus.com/bid/589
Reference: BUGTRAQ:19990816 Symmetric Multiprocessing (SMP) Vulnerbility in BSDi 4.0.1
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSI.4.10.9908170253560.19291-100000@saturn.psn.net
Reference: XF:bsdi-smp-dos

---

Name: CVE-1999-0749

Description:

Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument.

Status:Entry
Reference: BID:586
Reference: URL:http://www.securityfocus.com/bid/586
Reference: BUGTRAQ:19990815 telnet.exe heap overflow - remotely exploitable
Reference: MS:MS99-033
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-033
Reference: XF:win-ie5-telnet-heap-overflow

---

Name: CVE-1999-0751

Description:

Buffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch.

Status:Entry
Reference: BID:631
Reference: URL:http://www.securityfocus.com/bid/631
Reference: BUGTRAQ:19990913 Accept overflow on Netscape Enterprise Server 3.6 SP2
Reference: XF:netscape-accept-bo(3256)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3256

---

Name: CVE-1999-0752

Description:

Denial of service in Netscape Enterprise Server via a buffer overflow in the SSL handshake.

Status:Entry
Reference: BUGTRAQ:19990706 Netscape Enterprise Server SSL Handshake Bug
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0752

---

Name: CVE-1999-0753

Description:

The w3-msql CGI script provided with Mini SQL allows remote attackers to view restricted directories.

Status:Entry
Reference: BID:591
Reference: URL:http://www.securityfocus.com/bid/591
Reference: BUGTRAQ:19990817 Stupid bug in W3-msql
Reference: XF:mini-sql-w3-msql-cgi

---

Name: CVE-1999-0754

Description:

The INN inndstart program allows local users to gain privileges by specifying an alternate configuration file using the INNCONF environmental variable.

Status:Entry
Reference: BID:255
Reference: URL:http://www.securityfocus.com/bid/255
Reference: BUGTRAQ:19990511 INN 2.0 and higher. Root compromise potential
Reference: CALDERA:CSSA-1999-011.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-011.0.txt
Reference: MISC:http://www.redhat.com/corp/support/errata/inn99_05_22.html
Reference: SUSE:19990518 Security hole in INN
Reference: XF:inn-innconf-env

---

Name: CVE-1999-0755

Description:

Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option.

Status:Entry
Reference: MS:MS99-017
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-017
Reference: MSKB:Q230681
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q230681
Reference: XF:nt-ras-pwcache

---

Name: CVE-1999-0756

Description:

ColdFusion Administrator with Advanced Security enabled allows remote users to stop the ColdFusion server via the Start/Stop utility.

Status:Entry
Reference: ALLAIRE:ASB99-07
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=10968&Method=Full
Reference: XF:coldfusion-admin-dos(2207)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2207

---

Name: CVE-1999-0758

Description:

Netscape Enterprise 3.5.1 and FastTrack 3.01 servers allow a remote attacker to view source code to scripts by appending a %20 to the script's URL.

Status:Entry
Reference: ALLAIRE:ASB99-06
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0758
Reference: XF:netscape-space-view

---

Name: CVE-1999-0759

Description:

Buffer overflow in FuseMAIL POP service via long USER and PASS commands.

Status:Entry
Reference: BID:634
Reference: URL:http://www.securityfocus.com/bid/634
Reference: BUGTRAQ:19990913 Many kind of POP3/SMTP server softwares for Windows have buffer overflow bug
Reference: CONFIRM:http://www.crosswinds.net/~fuseware/faq.html#8
Reference: XF:fuseware-popmail-bo

---

Name: CVE-1999-0760

Description:

Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges.

Status:Entry
Reference: ALLAIRE:ASB99-10
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=11714&Method=Full
Reference: BID:550
Reference: URL:http://www.securityfocus.com/bid/550
Reference: XF:coldfusion-server-cfml-tags(3288)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3288

---

Name: CVE-1999-0761

Description:

Buffer overflow in FreeBSD fts library routines allows local user to modify arbitrary files via the periodic program.

Status:Entry
Reference: BID:644
Reference: URL:http://www.securityfocus.com/bid/644
Reference: FREEBSD:FreeBSD-SA-99:05
Reference: OSVDB:1074
Reference: URL:http://www.osvdb.org/1074
Reference: XF:freebsd-fts-lib-bo

---

Name: CVE-1999-0762

Description:

When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the "about" protocol to gain access to browser information.

Status:Entry
Reference: BUGTRAQ:19990524 Netscape Communicator JavaScript in <TITLE> security vulnerability
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0762
Reference: XF:netscape-title

---

Name: CVE-1999-0763

Description:

NetBSD on a multi-homed host allows ARP packets on one network to modify ARP entries on another connected network.

Status:Entry
Reference: NETBSD:1999-010
Reference: OSVDB:6540
Reference: URL:http://www.osvdb.org/6540
Reference: XF:netbsd-arp

---

Name: CVE-1999-0764

Description:

NetBSD allows ARP packets to overwrite static ARP entries.

Status:Entry
Reference: NETBSD:1999-010
Reference: OSVDB:6539
Reference: URL:http://www.osvdb.org/6539
Reference: XF:netbsd-arp

---

Name: CVE-1999-0765

Description:

SGI IRIX midikeys program allows local users to modify arbitrary files via a text editor.

Status:Entry
Reference: BID:262
Reference: URL:http://www.securityfocus.com/bid/262
Reference: BUGTRAQ:19990619 IRIX midikeys root exploit.
Reference: SGI:19990501-01-A
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19990501-01-A
Reference: XF:irix-midikeys

---

Name: CVE-1999-0766

Description:

The Microsoft Java Virtual Machine allows a malicious Java applet to execute arbitrary commands outside of the sandbox environment.

Status:Entry
Reference: BID:600
Reference: URL:http://www.securityfocus.com/bid/600
Reference: MS:MS99-031
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-031
Reference: MSKB:Q240346
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q240346
Reference: XF:msvm-verifier-java

---

Name: CVE-1999-0768

Description:

Buffer overflow in Vixie Cron on Red Hat systems via the MAILTO environmental variable.

Status:Entry
Reference: BID:602
Reference: URL:http://www.securityfocus.com/bid/602
Reference: REDHAT:RHSA-1999:030-02
Reference: SUSE:19990829 Security hole in cron

---

Name: CVE-1999-0769

Description:

Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable.

Status:Entry
Reference: BID:611
Reference: URL:http://www.securityfocus.com/bid/611
Reference: CALDERA:CSSA-1999:023.0
Reference: DEBIAN:19990830 cron
Reference: REDHAT:RHSA-1999:030-02
Reference: SUSE:19990829 Security hole in cron

---

Name: CVE-1999-0770

Description:

Firewall-1 sets a long timeout for connections that begin with ACK or other packets except SYN, allowing an attacker to conduct a denial of service via a large number of connection attempts to unresponsive systems.

Status:Entry
Reference: BID:549
Reference: URL:http://www.securityfocus.com/bid/549
Reference: BUGTRAQ:19990729 Simple DOS attack on FW-1
Reference: CHECKPOINT:ACK DOS ATTACK
Reference: OSVDB:1027
Reference: URL:http://www.osvdb.org/1027

---

Name: CVE-1999-0771

Description:

The web components of Compaq Management Agents and the Compaq Survey Utility allow a remote attacker to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BUGTRAQ:19990526 Infosec.19990526.compaq-im.a
Reference: COMPAQ:SSRT0612U
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0771
Reference: XF:management-agent-file-read

---

Name: CVE-1999-0772

Description:

Denial of service in Compaq Management Agents and the Compaq Survey Utility via a long string sent to port 2301.

Status:Entry
Reference: BUGTRAQ:19990527 Re: Infosec.19990526.compaq-im.a (New DoS and correction to my previous post)
Reference: COMPAQ:SSRT0612U
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0772
Reference: XF:management-agent-dos

---

Name: CVE-1999-0773

Description:

Buffer overflow in Solaris lpset program allows local users to gain root access.

Status:Entry
Reference: BUGTRAQ:19990511 Solaris2.6 and 2.7 lpset overflow
Reference: URL:http://www.netspace.org/cgi-bin/wa?A2=ind9905B&L=bugtraq&P=R2017
Reference: XF:sol-lpset-bo

---

Name: CVE-1999-0774

Description:

Buffer overflows in Mars NetWare Emulation (NWE, mars_nwe) package via long directory names.

Status:Entry
Reference: BID:617
Reference: URL:http://www.securityfocus.com/bid/617
Reference: BUGTRAQ:19990830 Babcia Padlina Ltd. security advisory: mars_nwe buffer overf
Reference: REDHAT:RHSA1999037_01
Reference: SUSE:19990916 Security hole in mars nwe

---

Name: CVE-1999-0775

Description:

Cisco Gigabit Switch routers running IOS allow remote attackers to forward unauthorized packets due to improper handling of the "established" keyword in an access list.

Status:Entry
Reference: CISCO:19990610 Cisco IOS Software established Access List Keyword Error
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0775
Reference: XF:cisco-gigaswitch

---

Name: CVE-1999-0777

Description:

IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions.

Status:Entry
Reference: BID:658
Reference: URL:http://www.securityfocus.com/bid/658
Reference: MS:MS99-039
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-039
Reference: MSKB:Q241407
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q241407
Reference: MSKB:Q242559
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q242559
Reference: XF:iis-ftp-no-access-files

---

Name: CVE-1999-0778

Description:

Buffer overflow in Xi Graphics Accelerated-X server allows local users to gain root access via a long display or query parameter.

Status:Entry
Reference: BID:488
Reference: URL:http://www.securityfocus.com/bid/488
Reference: BUGTRAQ:19990626 KSR[T] #011: Accelerated-X
Reference: KSRT:011
Reference: XF:accelx-display-bo

---

Name: CVE-1999-0779

Description:

Denial of service in HP-UX SharedX recserv program.

Status:Entry
Reference: HP:HPSBUX9810-086
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9810-086
Reference: XF:hp-sharedx

---

Name: CVE-1999-0780

Description:

KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file.

Status:Entry
Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise)
Reference: URL:http://marc.info/?l=bugtraq&m=91141486301691&w=2
Reference: XF:kde-klock-process-kill

---

Name: CVE-1999-0781

Description:

KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables.

Status:Entry
Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise)
Reference: URL:http://marc.info/?l=bugtraq&m=91141486301691&w=2
Reference: XF:kde-klock-bindir-trojans

---

Name: CVE-1999-0782

Description:

KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable.

Status:Entry
Reference: BUGTRAQ:19981118 Multiple KDE security vulnerabilities (root compromise)
Reference: URL:http://marc.info/?l=bugtraq&m=91141486301691&w=2
Reference: XF:kde-kppp-directory-create

---

Name: CVE-1999-0783

Description:

FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system.

Status:Entry
Reference: CIAC:I-057
Reference: URL:http://www.ciac.org/ciac/bulletins/i-057.shtml
Reference: FREEBSD:FreeBSD-SA-98:05
Reference: OSVDB:6090
Reference: URL:http://www.osvdb.org/6090
Reference: XF:freebsd-nfs-link-dos

---

Name: CVE-1999-0785

Description:

The INN inndstart program allows local users to gain root privileges via the "pathrun" parameter in the inn.conf file.

Status:Entry
Reference: BID:254
Reference: URL:http://www.securityfocus.com/bid/254
Reference: BUGTRAQ:19990511 INN 2.0 and higher. Root compromise potential
Reference: SUSE:19990518 Security hole in INN
Reference: XF:inn-pathrun

---

Name: CVE-1999-0786

Description:

The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack.

Status:Entry
Reference: BID:659
Reference: URL:http://www.securityfocus.com/bid/659
Reference: BUGTRAQ:19990922 LD_PROFILE local root exploit for solaris 2.6

---

Name: CVE-1999-0787

Description:

The SSH authentication agent follows symlinks via a UNIX domain socket.

Status:Entry
Reference: BID:660
Reference: URL:http://www.securityfocus.com/bid/660
Reference: BUGTRAQ:19990917 A few bugs...
Reference: URL:http://marc.info/?l=bugtraq&m=93760201002154&w=2
Reference: BUGTRAQ:19990924 [Fwd: Truth about ssh 1.2.27 vulnerability]
Reference: URL:http://marc.info/?l=bugtraq&m=93832856804415&w=2
Reference: XF:ssh-socket-auth-symlink-dos

---

Name: CVE-1999-0788

Description:

Arkiea nlservd allows remote attackers to conduct a denial of service.

Status:Entry
Reference: BID:662
Reference: URL:http://www.securityfocus.com/bid/662
Reference: BUGTRAQ:19990924 Multiple vendor Knox Arkiea local root/remote DoS
Reference: URL:http://marc.info/?l=bugtraq&m=93837184228248&w=2
Reference: XF:arkiea-backup-nlserverd-remote-dos

---

Name: CVE-1999-0789

Description:

Buffer overflow in AIX ftpd in the libc library.

Status:Entry
Reference: BID:679
Reference: URL:http://www.securityfocus.com/bid/679
Reference: BUGTRAQ:19990928 Remote bufferoverflow exploit for ftpd from AIX 4.3.2 running on an RS6000
Reference: CIAC:J-072
Reference: URL:http://www.ciac.org/ciac/bulletins/j-072.shtml
Reference: IBM:ERS-SVA-E01-1999:004.1
Reference: XF:aix-ftpd-bo

---

Name: CVE-1999-0790

Description:

A remote attacker can read information from a Netscape user's cache via JavaScript.

Status:Entry
Reference: MISC:http://home.netscape.com/security/notes/jscachebrowsing.html
Reference: XF:netscape-javascript

---

Name: CVE-1999-0791

Description:

Hybrid Network cable modems do not include an authentication mechanism for administration, allowing remote attackers to compromise the system through the HSMP protocol.

Status:Entry
Reference: BID:695
Reference: URL:http://www.securityfocus.com/bid/695
Reference: BUGTRAQ:19991006 KSR[T] Advisories #012: Hybrid Network's Cable Modems
Reference: KSRT:012
Reference: XF:hybrid-anon-cable-modem-reconfig

---

Name: CVE-1999-0793

Description:

Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet.

Status:Entry
Reference: MS:MS99-043
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-043
Reference: XF:ie-java-redirect

---

Name: CVE-1999-0794

Description:

Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file.

Status:Entry
Reference: MS:MS99-044
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-044
Reference: MSKB:Q241900
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q241900
Reference: MSKB:Q241901
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q241901
Reference: MSKB:Q241902
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q241902
Reference: XF:excel-sylk

---

Name: CVE-1999-0796

Description:

FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing attacks.

Status:Entry
Reference: FREEBSD:SA-98.03
Reference: OSVDB:6089
Reference: URL:http://www.osvdb.org/6089
Reference: XF:freebsd-ttcp-spoof

---

Name: CVE-1999-0797

Description:

NIS finger allows an attacker to conduct a denial of service via a large number of finger requests, resulting in a large number of NIS queries.

Status:Entry
Reference: CIAC:I-070
Reference: URL:http://www.ciac.org/ciac/bulletins/i-070.shtml
Reference: ISS:19980629 Distributed DoS attack against NIS/NIS+ based networks.
Reference: XF:sun-nis-nisplus

---

Name: CVE-1999-0799

Description:

Buffer overflow in bootpd 2.4.3 and earlier via a long boot file location.

Status:Entry
Reference: BUGTRAQ:19970725 Exploitable buffer overflow in bootpd (most unices)
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0799
Reference: XF:bootpd-bo

---

Name: CVE-1999-0800

Description:

The GetFile.cfm file in Allaire Forums allows remote attackers to read files through a parameter to GetFile.cfm.

Status:Entry
Reference: ALLAIRE:ASB99-05
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=9602&Method=Full
Reference: NTBUGTRAQ:19990211 ACFUG List: Alert: Allaire Forums GetFile bug
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/1998-1999/msg00332.html
Reference: OSVDB:944
Reference: URL:http://www.osvdb.org/944
Reference: XF:allaire-forums-file-read(1748)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1748

---

Name: CVE-1999-0801

Description:

BMC Patrol allows remote attackers to gain access to an agent by spoofing frames.

Status:Entry
Reference: BUGTRAQ:19990409 Patrol security bugs
Reference: URL:http://www.securityfocus.com/archive/1/13204
Reference: XF:bmc-patrol-frames(2075)
Reference: URL:http://www.iss.net/security_center/static/2075.php

---

Name: CVE-1999-0802

Description:

Buffer overflow in Internet Explorer 5 allows remote attackers to execute commands via a malformed Favorites icon.

Status:Entry
Reference: BUGTRAQ:19990503 MSIE 5 FAVICON BUG
Reference: MS:MS99-018
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-018
Reference: MSKB:Q231450
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q231450
Reference: XF:ie-favicon

---

Name: CVE-1999-0803

Description:

The fwluser script in AIX eNetwork Firewall allows local users to write to arbitrary files via a symlink attack.

Status:Entry
Reference: BUGTRAQ:19990525 IBM eNetwork Firewall for AIX
Reference: URL:http://marc.info/?l=bugtraq&m=92765973207648&w=2
Reference: OSVDB:962
Reference: URL:http://www.osvdb.org/962
Reference: XF:ibm-enfirewall-tmpfiles

---

Name: CVE-1999-0804

Description:

Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths.

Status:Entry
Reference: BID:302
Reference: URL:http://www.securityfocus.com/bid/302
Reference: BUGTRAQ:19990601 Linux kernel 2.2.x vulnerability/exploit
Reference: CALDERA:CSSA-1999:013
Reference: DEBIAN:19990607
Reference: REDHAT:19990603 Kernel Update
Reference: SUSE:19990602 Denial of Service on the 2.2 kernel

---

Name: CVE-1999-0806

Description:

Buffer overflow in Solaris dtprintinfo program.

Status:Entry
Reference: BUGTRAQ:19990510 Solaris2.6,2.7 dtprintinfo exploits
Reference: OSVDB:6552
Reference: URL:http://www.osvdb.org/6552
Reference: XF:cde-dtprintinfo

---

Name: CVE-1999-0807

Description:

The Netscape Directory Server installation procedure leaves sensitive information in a file that is accessible to local users.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0807
Reference: XF:netscape-dirsvc-password

---

Name: CVE-1999-0809

Description:

Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating from the same server as the page being viewed".

Status:Entry
Reference: BUGTRAQ:19990709 Communicator 4.[56]x, JavaScript used to bypass cookie settings
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0809

---

Name: CVE-1999-0810

Description:

Denial of service in Samba NETBIOS name service daemon (nmbd).

Status:Entry
Reference: BUGTRAQ:19990721 Samba 2.0.5 security fixes
Reference: CALDERA:CSSA-1999:018.0
Reference: DEBIAN:19990731
Reference: DEBIAN:19990804
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0810
Reference: REDHAT:RHSA-1999:022-02
Reference: SUSE:19990816 Security hole in Samba

---

Name: CVE-1999-0811

Description:

Buffer overflow in Samba smbd program via a malformed message command.

Status:Entry
Reference: BID:536
Reference: URL:http://www.securityfocus.com/bid/536
Reference: BUGTRAQ:19990721 Samba 2.0.5 security fixes
Reference: CALDERA:CSSA-1999:018.0
Reference: DEBIAN:19990731 Samba
Reference: REDHAT:RHSA-1999:022-02
Reference: SUSE:19990816 Security hole in Samba
Reference: XF:samba-message-bo

---

Name: CVE-1999-0812

Description:

Race condition in Samba smbmnt allows local users to mount file systems in arbitrary locations.

Status:Entry
Reference: BUGTRAQ:19990721 Samba 2.0.5 security fixes
Reference: CALDERA:CSSA-1999:018.0
Reference: DEBIAN:19990731
Reference: DEBIAN:19990804
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0812
Reference: REDHAT:RHSA-1999:022-02
Reference: SUSE:19990816 Security hole in Samba

---

Name: CVE-1999-0813

Description:

Cfingerd with ALLOW_EXECUTION enabled does not properly drop privileges when it executes a program on behalf of the user, allowing local users to gain root privileges.

Status:Entry
Reference: BUGTRAQ:19980724 CFINGERD root security hole
Reference: BUGTRAQ:19990810 Severe bug in cfingerd before 1.4.0
Reference: DEBIAN:19990814
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0813
Reference: XF:cfingerd-privileges

---

Name: CVE-1999-0814

Description:

Red Hat pump DHCP client allows remote attackers to gain root access in some configurations.

Status:Entry
Reference: REDHAT:RHSA-1999:027
Reference: URL:http://www.redhat.com/support/errata/RHSA-1999-027.html

---

Name: CVE-1999-0815

Description:

Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries.

Status:Entry
Reference: MSKB:Q196270
Reference: URL:http://support.microsoft.com/support/kb/articles/q196/2/70.asp
Reference: OVAL:oval:org.mitre.oval:def:952
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A952
Reference: XF:nt-snmpagent-leak(1974)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1974

---

Name: CVE-1999-0817

Description:

Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0817
Reference: SUSE:19990915 Security hole in lynx

---

Name: CVE-1999-0819

Description:

NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it.

Status:Entry
Reference: BUGTRAQ:19991130 NTmail and VRFY
Reference: URL:http://marc.info/?l=bugtraq&m=94398141118586&w=2
Reference: NTBUGTRAQ:19991130 NTmail and VRFY
Reference: XF:nt-mail-vrfy

---

Name: CVE-1999-0820

Description:

FreeBSD seyon allows users to gain privileges via a modified PATH variable for finding the xterm and seyon-emu commands.

Status:Entry
Reference: BID:838
Reference: URL:http://www.securityfocus.com/bid/838
Reference: BUGTRAQ:19991130 Several FreeBSD-3.3 vulnerabilities
Reference: OSVDB:5996
Reference: URL:http://www.osvdb.org/5996
Reference: XF:freebsd-seyon-dir-add

---

Name: CVE-1999-0823

Description:

Buffer overflow in FreeBSD xmindpath allows local users to gain privileges via -f argument.

Status:Entry
Reference: BID:839
Reference: URL:http://www.securityfocus.com/bid/839
Reference: BUGTRAQ:19991130 Several FreeBSD-3.3 vulnerabilities
Reference: OSVDB:1150
Reference: URL:http://www.osvdb.org/1150
Reference: XF:freebsd-xmindpath

---

Name: CVE-1999-0824

Description:

A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users.

Status:Entry
Reference: BID:833
Reference: URL:http://www.securityfocus.com/bid/833
Reference: BUGTRAQ:19991130 Subst.exe carelessness (fwd)
Reference: NTBUGTRAQ:19991130 SUBST problem

---

Name: CVE-1999-0826

Description:

Buffer overflow in FreeBSD angband allows local users to gain privileges.

Status:Entry
Reference: BID:840
Reference: URL:http://www.securityfocus.com/bid/840
Reference: BUGTRAQ:19991130 Several FreeBSD-3.3 vulnerabilities
Reference: OSVDB:1151
Reference: URL:http://www.osvdb.org/1151
Reference: XF:angband-bo

---

Name: CVE-1999-0831

Description:

Denial of service in Linux syslogd via a large number of connections.

Status:Entry
Reference: BID:809
Reference: URL:http://www.securityfocus.com/bid/809
Reference: BUGTRAQ:19991130 [david@slackware.com: New Patches for Slackware 4.0 Available]
Reference: CALDERA:CSSA-1999-035.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-035.0.txt
Reference: REDHAT:RHSA1999055-01
Reference: SUSE:19991118 syslogd-1.3.33 (a1)
Reference: XF:slackware-syslogd-dos

---

Name: CVE-1999-0832

Description:

Buffer overflow in NFS server on Linux allows attackers to execute commands via a long pathname.

Status:Entry
Reference: BID:782
Reference: URL:http://www.securityfocus.com/bid/782
Reference: BUGTRAQ:19991109 undocumented bugs - nfsd
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.20.9911091058140.12964-100000@mail.zigzag.pl
Reference: BUGTRAQ:19991130 [david@slackware.com: New Patches for Slackware 4.0 Available]
Reference: CALDERA:CSSA-1999-033.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-033.0.txt
Reference: DEBIAN:19991111 buffer overflow in nfs server
Reference: URL:http://www.debian.org/security/1999/19991111
Reference: REDHAT:RHSA-1999:053-01
Reference: URL:http://www.redhat.com/support/errata/rh42-errata-general.html#NFS
Reference: SUSE:19991110 Security hole in nfs-server < 2.2beta47 within nkita
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_29.html
Reference: XF:linux-nfs-maxpath-bo

---

Name: CVE-1999-0833

Description:

Buffer overflow in BIND 8.2 via NXT records.

Status:Entry
Reference: BID:788
Reference: URL:http://www.securityfocus.com/bid/788
Reference: CALDERA:CSSA-1999-034.1
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt
Reference: CERT:CA-99-14
Reference: DEBIAN:19991116 Denial of service vulnerabilities in bind
Reference: REDHAT:RHSA-1999:054-01
Reference: SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL
Reference: XF:bind-nxt-bo

---

Name: CVE-1999-0834

Description:

Buffer overflow in RSAREF2 via the encryption and decryption functions in the RSAREF library.

Status:Entry
Reference: BID:843
Reference: URL:http://www.securityfocus.com/bid/843
Reference: BUGTRAQ:19991201 Security Advisory: Buffer overflow in RSAREF2
Reference: BUGTRAQ:19991202 OpenBSD sslUSA26 advisory (Re: CORE-SDI: Buffer overflow in RSAREF2)
Reference: CERT:CA-99-15
Reference: XF:rsaref-bo

---

Name: CVE-1999-0835

Description:

Denial of service in BIND named via malformed SIG records.

Status:Entry
Reference: BID:788
Reference: URL:http://www.securityfocus.com/bid/788
Reference: CALDERA:CSSA-1999-034.1
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt
Reference: CERT:CA-99-14
Reference: DEBIAN:19991116 Denial of service vulnerabilities in bind
Reference: REDHAT:RHSA-1999:054-01
Reference: SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL
Reference: XF:bind-sigrecord-dos

---

Name: CVE-1999-0836

Description:

UnixWare uidadmin allows local users to modify arbitrary files via a symlink attack.

Status:Entry
Reference: BID:842
Reference: URL:http://www.securityfocus.com/bid/842
Reference: BUGTRAQ:19991202 UnixWare 7 uidadmin exploit + discussion
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991202160111.20553.qmail@nwcst282.netaddress.usa.net
Reference: SCO:SB-99.22a
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.22a
Reference: XF:unixware-uid-admin

---

Name: CVE-1999-0837

Description:

Denial of service in BIND by improperly closing TCP sessions via so_linger.

Status:Entry
Reference: BID:788
Reference: URL:http://www.securityfocus.com/bid/788
Reference: CALDERA:CSSA-1999-034.1
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt
Reference: CERT:CA-99-14
Reference: DEBIAN:19991116 Denial of service vulnerabilities in bind
Reference: REDHAT:RHSA-1999:054-01
Reference: SUN:00194
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/194
Reference: SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL
Reference: XF:bind-solinger-dos

---

Name: CVE-1999-0838

Description:

Buffer overflow in Serv-U FTP 2.5 allows remote users to conduct a denial of service via the SITE command.

Status:Entry
Reference: BID:859
Reference: URL:http://www.securityfocus.com/bid/859
Reference: BUGTRAQ:19991202 Remote DoS Attack in Serv-U FTP-Server v2.5a Vulnerability
Reference: XF:servu-ftp-site-bo

---

Name: CVE-1999-0839

Description:

Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled.

Status:Entry
Reference: BID:828
Reference: URL:http://www.securityfocus.com/bid/828
Reference: MS:MS99-051
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-051
Reference: MSKB:Q246972
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q246972
Reference: NTBUGTRAQ:19991130 Windows NT Task Scheduler vulnerability allows user to administrator elevation
Reference: XF:ie-task-scheduler-privs

---

Name: CVE-1999-0842

Description:

Symantec Mail-Gear 1.0 web interface server allows remote users to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:827
Reference: URL:http://www.securityfocus.com/bid/827
Reference: BUGTRAQ:19991129 Symantec Mail-Gear 1.0 Web interface Server Directory Traversal Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPCEAFCBAA.labs@ussrback.com
Reference: NTBUGTRAQ:19991129 Symantec Mail-Gear 1.0 Web interface Server Directory Traversal Vulnerability
Reference: OSVDB:1144
Reference: URL:http://www.osvdb.org/1144
Reference: XF:symantec-mail-dir-traversal

---

Name: CVE-1999-0847

Description:

Buffer overflow in free internet chess server (FICS) program, xboard.

Status:Entry
Reference: BUGTRAQ:19991129 FICS buffer overflow
Reference: MISC:https://marc.info/?l=bugtraq&m=94407791819019&w=2
Reference: XF:fics-board-bo

---

Name: CVE-1999-0848

Description:

Denial of service in BIND named via consuming more than "fdmax" file descriptors.

Status:Entry
Reference: BID:788
Reference: URL:http://www.securityfocus.com/bid/788
Reference: CALDERA:CSSA-1999-034.1
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt
Reference: CERT:CA-99-14
Reference: DEBIAN:19991116 Denial of service vulnerabilities in bind
Reference: REDHAT:RHSA-1999:054-01
Reference: SUN:00194
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/194
Reference: SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL
Reference: XF:bind-fdmax-dos

---

Name: CVE-1999-0849

Description:

Denial of service in BIND named via maxdname.

Status:Entry
Reference: BID:788
Reference: URL:http://www.securityfocus.com/bid/788
Reference: CALDERA:CSSA-1999-034.1
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt
Reference: CERT:CA-99-14
Reference: DEBIAN:19991116 Denial of service vulnerabilities in bind
Reference: REDHAT:RHSA-1999:054-01
Reference: SUN:00194
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/194
Reference: SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL
Reference: XF:bind-maxdname-bo

---

Name: CVE-1999-0851

Description:

Denial of service in BIND named via naptr.

Status:Entry
Reference: BID:788
Reference: URL:http://www.securityfocus.com/bid/788
Reference: CALDERA:CSSA-1999-034.1
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-1999-034.1.txt
Reference: CERT:CA-99-14
Reference: DEBIAN:19991116 Denial of service vulnerabilities in bind
Reference: REDHAT:RHSA-1999:054-01
Reference: SUN:00194
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/194
Reference: SUSE:19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL
Reference: XF:bind-naptr-dos

---

Name: CVE-1999-0853

Description:

Buffer overflow in Netscape Enterprise Server and Netscape FastTrack Server allows remote attackers to gain privileges via the HTTP Basic Authentication procedure.

Status:Entry
Reference: BID:847
Reference: URL:http://www.securityfocus.com/bid/847
Reference: ISS:19991201 Buffer Overflow in Netscape Enterprise and FastTrack Authentication Procedure
Reference: XF:netscape-fasttrack-auth-bo

---

Name: CVE-1999-0854

Description:

Ultimate Bulletin Board stores data files in the cgi-bin directory, allowing remote attackers to view the data if an error occurs when the HTTP server attempts to execute the file.

Status:Entry
Reference: BUGTRAQ:19991130 Ultimate Bulletin Board v5.3x? Bug
Reference: BUGTRAQ:20000225 FW: Important UBB News For Licensed Users
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-22&msg=NDBBLKOPOLNKELHPDEFKIEPGCAAA.renzo.toma@veronica.nl
Reference: CONFIRM:http://www.ultimatebb.com/home/versions.shtml
Reference: XF:http-ultimate-bbs

---

Name: CVE-1999-0856

Description:

login in Slackware 7.0 allows remote attackers to identify valid users on the system by reporting an encryption error when an account is locked or does not exist.

Status:Entry
Reference: BUGTRAQ:19991202 Slackware 7.0 - login bug
Reference: MISC:https://marc.info/?l=bugtraq&m=94416739411280&w=2
Reference: XF:slackware-remote-login

---

Name: CVE-1999-0858

Description:

Internet Explorer 5 allows a remote attacker to modify the IE client's proxy configuration via a malicious Web Proxy Auto-Discovery (WPAD) server.

Status:Entry
Reference: BID:846
Reference: URL:http://www.securityfocus.com/bid/846
Reference: MS:MS99-054
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-054
Reference: MSKB:Q247333
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q247333
Reference: XF:ie-wpad-proxy-settings

---

Name: CVE-1999-0859

Description:

Solaris arp allows local users to read files via the -f parameter, which lists lines in the file that do not parse properly.

Status:Entry
Reference: BID:837
Reference: URL:http://www.securityfocus.com/bid/837
Reference: BUGTRAQ:19991130 Solaris 2.x chkperm/arp vulnerabilities
Reference: OSVDB:6994
Reference: URL:http://www.osvdb.org/6994
Reference: SUNBUG:4296166
Reference: XF:sol-arp-parse

---

Name: CVE-1999-0861

Description:

Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext.

Status:Entry
Reference: MS:MS99-053
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-053
Reference: MSKB:Q244613
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q244613
Reference: XF:iis-ssl-isapi-filter

---

Name: CVE-1999-0864

Description:

UnixWare programs that dump core allow a local user to modify files via a symlink attack on the ./core.pid file.

Status:Entry
Reference: BID:851
Reference: URL:http://www.securityfocus.com/bid/851
Reference: BUGTRAQ:19991202 UnixWare coredumps follow symlinks
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991203020720.13115.qmail@nwcst289.netaddress.usa.net
Reference: BUGTRAQ:19991215 Recent postings about SCO UnixWare 7
Reference: URL:http://marc.info/?l=bugtraq&m=94530783815434&w=2
Reference: BUGTRAQ:19991220 SCO OpenServer Security Status
Reference: URL:http://marc.info/?l=bugtraq&m=94581379905584&w=2
Reference: BUGTRAQ:19991223 FYI, SCO Security patches available.
Reference: URL:http://marc.info/?l=bugtraq&m=94606167110764&w=2
Reference: XF:sco-coredump-symlink

---

Name: CVE-1999-0865

Description:

Buffer overflow in CommuniGatePro via a long string to the HTTP configuration port.

Status:Entry
Reference: BID:860
Reference: URL:http://www.securityfocus.com/bid/860
Reference: BUGTRAQ:19991203 CommuniGatePro 3.1 for NT DoS
Reference: URL:http://marc.info/?l=bugtraq&m=94426440413027&w=2
Reference: NTBUGTRAQ:19991203 CommuniGatePro 3.1 for NT Buffer Overflow
Reference: URL:http://marc.info/?l=ntbugtraq&m=94454565726775&w=2
Reference: XF:communigate-pro-bo

---

Name: CVE-1999-0866

Description:

Buffer overflow in UnixWare xauto program allows local users to gain root privilege.

Status:Entry
Reference: BID:848
Reference: URL:http://www.securityfocus.com/bid/848
Reference: BUGTRAQ:19991203 UnixWare gain root with non-su/gid binaries
Reference: BUGTRAQ:19991215 Recent postings about SCO UnixWare 7
Reference: URL:http://marc.info/?l=bugtraq&m=94530783815434&w=2
Reference: BUGTRAQ:19991220 SCO OpenServer Security Status
Reference: URL:http://marc.info/?l=bugtraq&m=94581379905584&w=2
Reference: BUGTRAQ:19991223 FYI, SCO Security patches available.
Reference: URL:http://marc.info/?l=bugtraq&m=94606167110764&w=2
Reference: SCO:SB-99.24a
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.24a
Reference: XF:sco-xauto-bo

---

Name: CVE-1999-0867

Description:

Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers.

Status:Entry
Reference: BID:579
Reference: URL:http://www.securityfocus.com/bid/579
Reference: CIAC:J-058
Reference: URL:http://www.ciac.org/ciac/bulletins/j-058.shtml
Reference: MS:MS99-029
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-029
Reference: MSKB:Q238349
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q238349
Reference: XF:http-iis-malformed-header

---

Name: CVE-1999-0868

Description:

ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN.

Status:Entry
Reference: CERT:CA-97.08
Reference: MISC:https://www.cs.ait.ac.th/joomla3/index.php/security-advisories?CERT/CA97/msg00027.shtml
Reference: XF:inn-ucbmail-shell-meta

---

Name: CVE-1999-0869

Description:

Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.

Status:Entry
Reference: MS:MS98-020
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-020
Reference: MSKB:167614
Reference: XF:http-frame-spoof

---

Name: CVE-1999-0870

Description:

Internet Explorer 4.01 allows remote attackers to read arbitrary files by pasting a file name into the file upload control, aka untrusted scripted paste.

Status:Entry
Reference: MS:MS98-015
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-015
Reference: MSKB:169245
Reference: XF:ie-usp-cuartango

---

Name: CVE-1999-0871

Description:

Internet Explorer 4.0 and 4.01 allow a remote attacker to read files via IE's cross frame security, aka the "Cross Frame Navigate" vulnerability.

Status:Entry
Reference: MS:MS98-013
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-013
Reference: OSVDB:7837
Reference: URL:http://www.osvdb.org/7837
Reference: XF:ie-crossframe-file-read(3668)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3668

---

Name: CVE-1999-0873

Description:

Buffer overflow in Skyfull mail server via MAIL FROM command.

Status:Entry
Reference: BID:759
Reference: URL:http://www.securityfocus.com/bid/759
Reference: XF:skyfull-mail-from-bo

---

Name: CVE-1999-0874

Description:

Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.

Status:Entry
Reference: CERT:CA-99-07
Reference: CIAC:J-048
Reference: URL:http://www.ciac.org/ciac/bulletins/j-048.shtml
Reference: EEYE:AD06081999
Reference: URL:http://www.eeye.com/html/Research/Advisories/AD06081999.html
Reference: MS:MS99-019
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-019
Reference: MSKB:Q234905
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q234905
Reference: OVAL:oval:org.mitre.oval:def:915
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A915
Reference: XF:iis-htr-overflow

---

Name: CVE-1999-0875

Description:

DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes.

Status:Entry
Reference: BID:578
Reference: URL:http://www.securityfocus.com/bid/578
Reference: L0PHT:19990811
Reference: MSKB:Q216141
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q216141
Reference: XF:irdp-gateway-spoof

---

Name: CVE-1999-0876

Description:

Buffer overflow in Internet Explorer 4.0 via EMBED tag.

Status:Entry
Reference: MSKB:Q176697
Reference: URL:http://support.microsoft.com/support/kb/articles/q176/6/97.asp
Reference: MSKB:Q185959
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q185959

---

Name: CVE-1999-0877

Description:

Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME.

Status:Entry
Reference: MS:MS99-042
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-042
Reference: MSKB:Q243638
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q243638
Reference: XF:ie-iframe-exec

---

Name: CVE-1999-0878

Description:

Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR.

Status:Entry
Reference: AUSCERT:AA-1999.01
Reference: BID:599
Reference: URL:http://www.securityfocus.com/bid/599
Reference: CERT:CA-99-13
Reference: COMPAQ:SSRT0622
Reference: REDHAT:RHSA1999031_01
Reference: XF:wu-ftpd-dir-name

---

Name: CVE-1999-0879

Description:

Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via macro variables in a message file.

Status:Entry
Reference: CERT:CA-99-13
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0879
Reference: XF:wuftp-message-file-root

---

Name: CVE-1999-0880

Description:

Denial of service in WU-FTPD via the SITE NEWER command, which does not free memory properly.

Status:Entry
Reference: CERT:CA-99-13
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0880
Reference: XF:wuftp-site-newer-dos

---

Name: CVE-1999-0881

Description:

Falcon web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:743
Reference: URL:http://www.securityfocus.com/bid/743
Reference: BINDVIEW:Falcon Web Server
Reference: BUGTRAQ:19991025 Falcon Web Server
Reference: OSVDB:1127
Reference: URL:http://www.osvdb.org/1127
Reference: XF:falcon-path-parsing

---

Name: CVE-1999-0883

Description:

Zeus web server allows remote attackers to read arbitrary files by specifying the file name in an option to the search engine.

Status:Entry
Reference: BID:742
Reference: URL:http://www.securityfocus.com/bid/742
Reference: BUGTRAQ:19991024 RFP9905: Zeus webserver remote root compromise
Reference: OSVDB:1126
Reference: URL:http://www.osvdb.org/1126
Reference: XF:zeus-remote-root(3380)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3380

---

Name: CVE-1999-0884

Description:

The Zeus web server administrative interface uses weak encryption for its passwords.

Status:Entry
Reference: BID:742
Reference: URL:http://www.securityfocus.com/bid/742
Reference: BUGTRAQ:19991024 RFP9905: Zeus webserver remote root compromise
Reference: OSVDB:8186
Reference: URL:http://www.osvdb.org/8186
Reference: XF:zeus-weak-password(3833)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3833

---

Name: CVE-1999-0886

Description:

The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager.

Status:Entry
Reference: BID:645
Reference: URL:http://www.securityfocus.com/bid/645
Reference: MS:MS99-041
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-041
Reference: MSKB:Q242294
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q242294
Reference: XF:nt-rasman-pathname

---

Name: CVE-1999-0887

Description:

FTGate web interface server allows remote attackers to read files via a .. (dot dot) attack.

Status:Entry
Reference: BUGTRAQ:19991104 FTGate Version 2.1 Web interface Server Directory Traversal Vulnerability
Reference: EEYE:AD05261999
Reference: URL:http://www.eeye.com/html/Research/Advisories/AD05261999.html
Reference: OSVDB:1137
Reference: URL:http://www.osvdb.org/1137

---

Name: CVE-1999-0888

Description:

dbsnmp in Oracle Intelligent Agent allows local users to gain privileges by setting the ORACLE_HOME environmental variable, which dbsnmp uses to find the nmiconf.tcl script.

Status:Entry
Reference: BID:585
Reference: URL:http://www.securityfocus.com/bid/585
Reference: BUGTRAQ:19990817 Security Bug in Oracle
Reference: XF:oracle-dbsnmp

---

Name: CVE-1999-0889

Description:

Cisco 675 routers running CBOS allow remote attackers to establish telnet sessions if an exec or superuser password has not been set.

Status:Entry
Reference: BUGTRAQ:19990810 Cisco 675 password nonsense
Reference: OSVDB:39
Reference: URL:http://www.osvdb.org/39
Reference: XF:cisco-cbos-telnet

---

Name: CVE-1999-0890

Description:

iHTML Merchant allows remote attackers to obtain sensitive information or execute commands via a code parsing error.

Status:Entry
Reference: BID:694
Reference: URL:http://www.securityfocus.com/bid/694
Reference: BUGTRAQ:19990928 Team Asylum: iHTML Merchant Vulnerabilities
Reference: CONFIRM:http://www.ihtmlmerchant.com/support_patches_feedback.htm
Reference: XF:ihtml-merchant-file-access

---

Name: CVE-1999-0891

Description:

The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect.

Status:Entry
Reference: BID:674
Reference: URL:http://www.securityfocus.com/bid/674
Reference: CERT-VN:VU#37828
Reference: URL:http://www.kb.cert.org/vuls/id/37828
Reference: CIAC:K-002
Reference: URL:http://www.ciac.org/ciac/bulletins/k-002.shtml
Reference: MS:MS99-040
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-040
Reference: MSKB:Q242542
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q242542
Reference: OSVDB:11274
Reference: URL:http://www.osvdb.org/11274
Reference: XF:ie-download-behavior

---

Name: CVE-1999-0892

Description:

Buffer overflow in Netscape Communicator before 4.7 via a dynamic font whose length field is less than the size of the font.

Status:Entry
Reference: BUGTRAQ:19991018 Netscape 4.x buffer overflow
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0892

---

Name: CVE-1999-0893

Description:

userOsa in SCO OpenServer allows local users to corrupt files via a symlink attack.

Status:Entry
Reference: BUGTRAQ:19991011 SCO OpenServer 5.0.5 overwrite /etc/shadow
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0893
Reference: XF:sco-openserver-userosa-script

---

Name: CVE-1999-0894

Description:

Red Hat Linux screen program does not use Unix98 ptys, allowing local users to write to other terminals.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0894
Reference: REDHAT:RHSA1999042-01

---

Name: CVE-1999-0895

Description:

Firewall-1 does not properly restrict access to LDAP attributes.

Status:Entry
Reference: BID:725
Reference: URL:http://www.securityfocus.com/bid/725
Reference: BUGTRAQ:19991020 Checkpoint FireWall-1 V4.0: possible bug in LDAP authentication
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991020150002.21047.qmail@tarjan.mediaways.net
Reference: OSVDB:1117
Reference: URL:http://www.osvdb.org/1117
Reference: XF:checkpoint-ldap-auth

---

Name: CVE-1999-0896

Description:

Buffer overflow in RealNetworks RealServer administration utility allows remote attackers to execute arbitrary commands via a long username and password.

Status:Entry
Reference: BID:767
Reference: URL:http://www.securityfocus.com/bid/767
Reference: BUGTRAQ:19991109 RealNetworks RealServer G2 buffer overflow.
Reference: MISC:http://service.real.com/help/faq/servg260.html
Reference: XF:realserver-g2-pw-bo

---

Name: CVE-1999-0897

Description:

iChat ROOMS Webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BUGTRAQ:19980908 bug in iChat 3.0 (maybe others)
Reference: URL:http://marc.info/?l=bugtraq&m=90538488231977&w=2
Reference: XF:ichat-file-read-vuln

---

Name: CVE-1999-0898

Description:

Buffer overflows in Windows NT 4.0 print spooler allow remote attackers to gain privileges or cause a denial of service via a malformed spooler request.

Status:Entry
Reference: BID:768
Reference: URL:http://www.securityfocus.com/bid/768
Reference: MS:MS99-047
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-047
Reference: MSKB:Q243649
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q243649
Reference: XF:nt-printer-spooler-bo

---

Name: CVE-1999-0899

Description:

The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider.

Status:Entry
Reference: BID:769
Reference: URL:http://www.securityfocus.com/bid/769
Reference: MS:MS99-047
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-047
Reference: MSKB:Q243649
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q243649
Reference: XF:nt-printer-spooler-bo

---

Name: CVE-1999-0900

Description:

Buffer overflow in rpc.yppasswdd allows a local user to gain privileges via MD5 hash generation.

Status:Entry
Reference: DEBIAN:19991027 nis
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0900
Reference: REDHAT:RHSA1999046-01
Reference: SUSE:19991023 Security hole in ypserv < 1.3.9

---

Name: CVE-1999-0901

Description:

ypserv allows a local user to modify the GECOS and login shells of other users.

Status:Entry
Reference: DEBIAN:19991027 nis
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0901
Reference: REDHAT:RHSA1999046-01
Reference: SUSE:19991023 Security hole in ypserv < 1.3.9

---

Name: CVE-1999-0902

Description:

ypserv allows local administrators to modify password tables.

Status:Entry
Reference: DEBIAN:19991027 nis
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0902
Reference: REDHAT:RHSA1999046-01
Reference: SUSE:19991023 Security hole in ypserv < 1.3.9

---

Name: CVE-1999-0903

Description:

genfilt in the AIX Packet Filtering Module does not properly filter traffic to destination ports greater than 32767.

Status:Entry
Reference: BUGTRAQ:19991025 IBM AIX Packet Filter module
Reference: BUGTRAQ:19991027 Re: IBM AIX Packet Filter module (followup)
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0903
Reference: XF:aix-genfilt-filtering

---

Name: CVE-1999-0904

Description:

Buffer overflow in BFTelnet allows remote attackers to cause a denial of service via a long username.

Status:Entry
Reference: BID:771
Reference: URL:http://www.securityfocus.com/bid/771
Reference: BUGTRAQ:19991103 Remote DoS Attack in BFTelnet Server v1.1 for Windows NT
Reference: XF:bftelnet-username-dos

---

Name: CVE-1999-0905

Description:

Denial of service in Axent Raptor firewall via malformed zero-length IP options.

Status:Entry
Reference: BID:736
Reference: URL:http://www.securityfocus.com/bid/736
Reference: BUGTRAQ:19991020 Remote DoS in Axent's Raptor 6.0
Reference: OSVDB:1121
Reference: URL:http://www.osvdb.org/1121
Reference: XF:raptor-ipoptions-dos

---

Name: CVE-1999-0906

Description:

Buffer overflow in sccw allows local users to gain root access via the HOME environmental variable.

Status:Entry
Reference: BID:656
Reference: URL:http://www.securityfocus.com/bid/656
Reference: BUGTRAQ:19990923 SuSE 6.2 sccw overflow exploit
Reference: SUSE:19990926 Security hole in sccw (Part II)
Reference: XF:linux-sccw-bo

---

Name: CVE-1999-0907

Description:

sccw allows local users to read arbitrary files.

Status:Entry
Reference: BUGTRAQ:19990916 SuSE 6.2 /usr/bin/sccw read any file
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0907
Reference: SUSE:19990921 Security Hole in sccw-1.1 and earlier

---

Name: CVE-1999-0908

Description:

Denial of service in Solaris TCP streams driver via a malicious connection that causes the server to panic as a result of recursive calls to mutex_enter.

Status:Entry
Reference: BID:655
Reference: URL:http://www.securityfocus.com/bid/655
Reference: BUGTRAQ:19990921 solaris DoS
Reference: XF:sun-tcp-mutex-enter-dos

---

Name: CVE-1999-0909

Description:

Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability.

Status:Entry
Reference: BID:646
Reference: URL:http://www.securityfocus.com/bid/646
Reference: MS:MS99-038
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-038
Reference: MSKB:Q238453
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q238453
Reference: NAI:Windows IP Source Routing Vulnerability
Reference: XF:nt-ip-source-route

---

Name: CVE-1999-0912

Description:

FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of service by opening a large number of files.

Status:Entry
Reference: BID:653
Reference: URL:http://www.securityfocus.com/bid/653
Reference: BUGTRAQ:19990921 FreeBSD-specific denial of service
Reference: OSVDB:1079
Reference: URL:http://www.osvdb.org/1079
Reference: XF:freebsd-vfscache-dos

---

Name: CVE-1999-0914

Description:

Buffer overflow in the FTP client in the Debian GNU/Linux netstd package.

Status:Entry
Reference: BID:324
Reference: URL:http://www.securityfocus.com/bid/324
Reference: BUGTRAQ:19990103 [SECURITY] New versions of netstd fixes buffer overflows
Reference: DEBIAN:19990104

---

Name: CVE-1999-0915

Description:

URL Live! web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:746
Reference: URL:http://www.securityfocus.com/bid/746
Reference: BUGTRAQ:19991028 URL Live! 1.0 WebServer
Reference: OSVDB:1129
Reference: URL:http://www.osvdb.org/1129

---

Name: CVE-1999-0916

Description:

WebTrends software stores account names and passwords in a file which does not have restricted access permissions.

Status:Entry
Reference: ISS:19990629 Bad Permissions on Passwords Stored by WebTrends Software
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0916

---

Name: CVE-1999-0917

Description:

The Preloader ActiveX control used by Internet Explorer allows remote attackers to read arbitrary files.

Status:Entry
Reference: MS:MS99-018
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-018
Reference: MSKB:Q231452
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q231452
Reference: XF:legacy-activex-local-drive

---

Name: CVE-1999-0918

Description:

Denial of service in various Windows systems via malformed, fragmented IGMP packets.

Status:Entry
Reference: BID:514
Reference: URL:http://www.securityfocus.com/bid/514
Reference: BUGTRAQ:19990703 IGMP fragmentation bug in Windows 98/2000
Reference: MS:MS99-034
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-034
Reference: MSKB:Q238329
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q238329
Reference: XF:igmp-dos

---

Name: CVE-1999-0920

Description:

Buffer overflow in the pop-2d POP daemon in the IMAP package allows remote attackers to gain privileges via the FOLD command.

Status:Entry
Reference: BID:283
Reference: URL:http://www.securityfocus.com/bid/283
Reference: BUGTRAQ:19990526 Remote vulnerability in pop2d
Reference: DEBIAN:19990607a
Reference: XF:pop2-fold-bo

---

Name: CVE-1999-0921

Description:

BMC Patrol allows any remote attacker to flood its UDP port, causing a denial of service.

Status:Entry
Reference: BID:1879
Reference: URL:http://www.securityfocus.com/bid/1879
Reference: BUGTRAQ:19990409 Patrol security bugs
Reference: URL:http://www.securityfocus.com/archive/1/13204
Reference: XF:bmc-patrol-udp-dos(4291)
Reference: URL:http://www.iss.net/security_center/static/4291.php

---

Name: CVE-1999-0922

Description:

An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file.

Status:Entry
Reference: ALLAIRE:ASB99-02
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full
Reference: XF:coldfusion-sourcewindow

---

Name: CVE-1999-0924

Description:

The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to conduct a denial of service.

Status:Entry
Reference: ALLAIRE:ASB99-02
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=8739&Method=Full
Reference: OSVDB:3236
Reference: URL:http://www.osvdb.org/3236
Reference: XF:coldfusion-syntax-checker(1742)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1742

---

Name: CVE-1999-0927

Description:

NTMail allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:279
Reference: URL:http://www.securityfocus.com/bid/279
Reference: EEYE:AD05261999
Reference: URL:http://www.eeye.com/html/Research/Advisories/AD05261999.html
Reference: XF:ntmail-fileread

---

Name: CVE-1999-0928

Description:

Buffer overflow in SmartDesk WebSuite allows remote attackers to cause a denial of service via a long URL.

Status:Entry
Reference: BID:278
Reference: URL:http://www.securityfocus.com/bid/278
Reference: BUGTRAQ:19990525 Buffer overflow in SmartDesk WebSuite v2.1
Reference: XF:websuite-dos

---

Name: CVE-1999-0930

Description:

wwwboard allows a remote attacker to delete message board articles via a malformed argument.

Status:Entry
Reference: BID:1795
Reference: URL:http://www.securityfocus.com/bid/1795
Reference: BUGTRAQ:19980903 wwwboard.pl vulnerability
Reference: CONFIRM:http://www.worldwidemart.com/scripts/faq/wwwboard/q5.shtml
Reference: XF:http-cgi-wwwboard(2344)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2344

---

Name: CVE-1999-0931

Description:

Buffer overflow in Mediahouse Statistics Server allows remote attackers to execute commands.

Status:Entry
Reference: BID:734
Reference: URL:http://www.securityfocus.com/bid/734
Reference: BUGTRAQ:19990930 Security flaw in Mediahouse Statistics Server v4.28 & 5.01
Reference: XF:mediahouse-stats-login-bo

---

Name: CVE-1999-0932

Description:

Mediahouse Statistics Server allows remote attackers to read the administrator password, which is stored in cleartext in the ss.cfg file.

Status:Entry
Reference: BID:735
Reference: URL:http://www.securityfocus.com/bid/735
Reference: BUGTRAQ:19990930 Security flaw in Mediahouse Statistics Server v4.28 & 5.01
Reference: XF:mediahouse-stats-adminpw-cleartext

---

Name: CVE-1999-0933

Description:

TeamTrack web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:689
Reference: URL:http://www.securityfocus.com/bid/689
Reference: BUGTRAQ:19991001 RFP9904: TeamTrack webserver vulnerability
Reference: OSVDB:1096
Reference: URL:http://www.osvdb.org/1096

---

Name: CVE-1999-0934

Description:

classifieds.cgi allows remote attackers to read arbitrary files via shell metacharacters.

Status:Entry
Reference: BID:2020
Reference: URL:http://www.securityfocus.com/bid/2020
Reference: EL8:19991215 Classifieds (classifieds.cgi)
Reference: XF:http-cgi-classifieds-read(3102)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3102

---

Name: CVE-1999-0935

Description:

classifieds.cgi allows remote attackers to execute arbitrary commands by specifying them in a hidden variable in a CGI form.

Status:Entry
Reference: EL8:19991215 Classifieds (classifieds.cgi)
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0935

---

Name: CVE-1999-0936

Description:

BNBSurvey survey.cgi program allows remote attackers to execute commands via shell metacharacters.

Status:Entry
Reference: EL8:19981203 BNBSurvey (survey.cgi)
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0936

---

Name: CVE-1999-0937

Description:

BNBForm allows remote attackers to read arbitrary files via the automessage hidden form variable.

Status:Entry
Reference: EL8:19981203 BNBForm (bnbform.cgi)
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0937

---

Name: CVE-1999-0938

Description:

MBone SDR Package allows remote attackers to execute commands via shell metacharacters in Session Initiation Protocol (SIP) messages.

Status:Entry
Reference: CERT:VN-99-03
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0938
Reference: XF:sdr-execute

---

Name: CVE-1999-0939

Description:

Denial of service in Debian IRC Epic/epic4 client via a long string.

Status:Entry
Reference: BID:605
Reference: URL:http://www.securityfocus.com/bid/605
Reference: BUGTRAQ:19990826 [SECURITY] New versions of epic4 fixes possible DoS vulnerability
Reference: DEBIAN:19990826

---

Name: CVE-1999-0940

Description:

Buffer overflow in mutt mail client allows remote attackers to execute commands via malformed MIME messages.

Status:Entry
Reference: CALDERA:CSSA-1999-031
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0940
Reference: SUSE:19990927 Security hole in mutt

---

Name: CVE-1999-0942

Description:

UnixWare dos7utils allows a local user to gain root privileges by using the STATICMERGE environmental variable to find a script which it executes.

Status:Entry
Reference: BUGTRAQ:19991005 SCO UnixWare 7.1 local root exploit
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0942
Reference: XF:sco-unixware-dos7utils-root-privs

---

Name: CVE-1999-0943

Description:

Buffer overflow in OpenLink 3.2 allows remote attackers to gain privileges via a long GET request to the web configurator.

Status:Entry
Reference: BID:720
Reference: URL:http://www.securityfocus.com/bid/720
Reference: BUGTRAQ:19991015 OpenLink 3.2 Advisory

---

Name: CVE-1999-0945

Description:

Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange 5.5 and 5.0 allows remote attackers to conduct a denial of service via AUTH or AUTHINFO commands.

Status:Entry
Reference: CIAC:I-080
Reference: URL:http://www.ciac.org/ciac/bulletins/i-080.shtml
Reference: ISS:19980724 Denial of Service attacks against Microsoft Exchange 5.0 to 5.5
Reference: URL:http://xforce.iss.net/alerts/advise4.php
Reference: MSKB:Q169174
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q169174
Reference: XF:exchange-dos(1223)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1223

---

Name: CVE-1999-0946

Description:

Buffer overflow in Yamaha MidiPlug via a Text variable in an EMBED tag.

Status:Entry
Reference: BID:760
Reference: URL:http://www.securityfocus.com/bid/760
Reference: BUGTRAQ:19991102 Some holes for Win/UNIX softwares
Reference: URL:http://marc.info/?l=bugtraq&m=94157187815629&w=2
Reference: XF:yamaha-midiplug-embed

---

Name: CVE-1999-0947

Description:

AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters.

Status:Entry
Reference: BID:762
Reference: URL:http://www.securityfocus.com/bid/762
Reference: BUGTRAQ:19991102 Some holes for Win/UNIX softwares
Reference: URL:http://marc.info/?l=bugtraq&m=94157187815629&w=2

---

Name: CVE-1999-0950

Description:

Buffer overflow in WFTPD FTP server allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.

Status:Entry
Reference: BID:747
Reference: URL:http://www.securityfocus.com/bid/747
Reference: BUGTRAQ:19991027 WFTPD v2.40 FTPServer remotely exploitable buffer overflow vulnerability
Reference: XF:wftpd-mkd-bo

---

Name: CVE-1999-0951

Description:

Buffer overflow in OmniHTTPd CGI program imagemap.exe allows remote attackers to execute commands.

Status:Entry
Reference: BID:739
Reference: URL:http://www.securityfocus.com/bid/739
Reference: BUGTRAQ:19991022 Imagemap CGI overflow exploit
Reference: OSVDB:3380
Reference: URL:http://www.osvdb.org/3380
Reference: XF:http-cgi-imagemap-bo

---

Name: CVE-1999-0953

Description:

WWWBoard stores encrypted passwords in a password file that is under the web root and thus accessible by remote attackers.

Status:Entry
Reference: BUGTRAQ:19980903 wwwboard.pl vulnerability
Reference: BUGTRAQ:19990916 More fun with WWWBoard
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0953

---

Name: CVE-1999-0954

Description:

WWWBoard has a default username and default password.

Status:Entry
Reference: BID:649
Reference: URL:http://www.securityfocus.com/bid/649
Reference: BUGTRAQ:19990916 More fun with WWWBoard

---

Name: CVE-1999-0955

Description:

Race condition in wu-ftpd and BSDI ftpd allows remote attackers to gain root access via the SITE EXEC command.

Status:Entry
Reference: CERT:CA-94.08
Reference: CIAC:E-17
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0955
Reference: XF:ftp-exec

---

Name: CVE-1999-0956

Description:

The NeXT NetInfo _writers property allows local users to gain root privileges or conduct a denial of service.

Status:Entry
Reference: CERT:CA-93.02a
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0956
Reference: XF:next-netinfo

---

Name: CVE-1999-0957

Description:

MajorCool mj_key_cache program allows local users to modify files via a symlink attack.

Status:Entry
Reference: BUGTRAQ:19970618 Security hole in MajorCool 1.0.3
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0957
Reference: XF:majorcool-file-overwrite-vuln

---

Name: CVE-1999-0958

Description:

sudo 1.5.x allows local users to execute arbitrary commands via a .. (dot dot) attack.

Status:Entry
Reference: BUGTRAQ:19980112 Re: hole in sudo for MP-RAS.
Reference: URL:http://marc.info/?l=bugtraq&m=88465708614896&w=2
Reference: XF:sudo-dot-dot-attack

---

Name: CVE-1999-0959

Description:

IRIX startmidi program allows local users to modify arbitrary files via a symlink attack.

Status:Entry
Reference: AUSCERT:AA-97-05
Reference: BID:469
Reference: URL:http://www.securityfocus.com/bid/469
Reference: BUGTRAQ:19970209 IRIX: Bug in startmidi
Reference: OSVDB:8447
Reference: URL:http://www.osvdb.org/8447
Reference: SGI:19980301-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980301-01-PX
Reference: XF:irix-startmidi-file-creation(1634)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1634

---

Name: CVE-1999-0960

Description:

IRIX cdplayer allows local users to create directories in arbitrary locations via a command line option.

Status:Entry
Reference: AUSCERT:AA-96.11
Reference: SGI:19980301-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980301-01-PX
Reference: XF:irix-cdplayer-directory-create

---

Name: CVE-1999-0961

Description:

HPUX sysdiag allows local users to gain root privileges via a symlink attack during log file creation.

Status:Entry
Reference: BUGTRAQ:19960921 Vunerability in HP sysdiag ?
Reference: URL:http://marc.info/?l=bugtraq&m=87602167419906&w=2
Reference: CIAC:H-03
Reference: XF:hp-sysdiag-symlink

---

Name: CVE-1999-0962

Description:

Buffer overflow in HPUX passwd command allows local users to gain root privileges via a command line option.

Status:Entry
Reference: AUSCERT:AA-96.13
Reference: HP:HPSBUX9701-045
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9701-045
Reference: OSVDB:6415
Reference: URL:http://www.osvdb.org/6415
Reference: XF:hp-password-cmd-bo

---

Name: CVE-1999-0963

Description:

FreeBSD mount_union command allows local users to gain root privileges via a symlink attack.

Status:Entry
Reference: BUGTRAQ:19960517 BoS: SECURITY BUG in FreeBSD
Reference: CERT:VB-96.06
Reference: OSVDB:6088
Reference: URL:http://www.osvdb.org/6088
Reference: XF:freebsd-mount-union-root

---

Name: CVE-1999-0964

Description:

Buffer overflow in FreeBSD setlocale in the libc module allows attackers to execute arbitrary code via a long PATH_LOCALE environment variable.

Status:Entry
Reference: FREEBSD:FreeBSD-SA-97:01
Reference: OSVDB:6086
Reference: URL:http://www.osvdb.org/6086
Reference: XF:freebsd-setlocale-bo

---

Name: CVE-1999-0965

Description:

Race condition in xterm allows local users to modify arbitrary files via the logging option.

Status:Entry
Reference: CERT:CA-93.17
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0965
Reference: XF:xterm

---

Name: CVE-1999-0966

Description:

Buffer overflow in Solaris getopt in libc allows local users to gain root privileges via a long argv[0].

Status:Entry
Reference: L0PHT:19970127 Solaris libc - getopt(3)
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0966

---

Name: CVE-1999-0967

Description:

Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol.

Status:Entry
Reference: L0PHT:19971101 Microsoft Internet Explorer 4.0 Suite
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0967

---

Name: CVE-1999-0968

Description:

Buffer overflow in BNC IRC proxy allows remote attackers to gain privileges.

Status:Entry
Reference: BID:1927
Reference: URL:http://www.securityfocus.com/bid/1927
Reference: BUGTRAQ:19981226 bnc exploit
Reference: URL:http://www.securityfocus.com/archive/1/11711
Reference: XF:bnc-proxy-bo(1546)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1546

---

Name: CVE-1999-0969

Description:

The Windows NT RPC service allows remote attackers to conduct a denial of service using spoofed malformed RPC packets which generate an error message that is sent to the spoofed host, potentially setting up a loop, aka Snork.

Status:Entry
Reference: ISS:19980929 "Snork" Denial of Service Attack Against Windows NT RPC Service
Reference: MS:MS98-014
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-014
Reference: MSKB:Q193233
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q193233
Reference: NTBUGTRAQ:19980929 ISS Security Advisory: Snork
Reference: XF:snork-dos

---

Name: CVE-1999-0971

Description:

Buffer overflow in Exim allows local users to gain root privileges via a long :include: option in a .forward file.

Status:Entry
Reference: BUGTRAQ:19970722 Security hole in exim 1.62: local root exploit
Reference: URL:http://www.securityfocus.com/archive/1/7301
Reference: XF:exim-include-overflow

---

Name: CVE-1999-0972

Description:

Buffer overflow in Xshipwars xsw program.

Status:Entry
Reference: BID:863
Reference: URL:http://www.securityfocus.com/bid/863
Reference: BUGTRAQ:19991209 xsw 1.24 remote buffer overflow

---

Name: CVE-1999-0973

Description:

Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode.

Status:Entry
Reference: BID:858
Reference: URL:http://www.securityfocus.com/bid/858
Reference: BUGTRAQ:19991206 [w00giving #8] Solaris 2.7's snoop
Reference: BUGTRAQ:19991209 Clarification needed on the snoop vuln(s) (fwd)

---

Name: CVE-1999-0974

Description:

Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service.

Status:Entry
Reference: BID:864
Reference: URL:http://www.securityfocus.com/bid/864
Reference: BUGTRAQ:19991209 Clarification needed on the snoop vuln(s) (fwd)
Reference: ISS:19991209 Buffer Overflow in Solaris Snoop
Reference: SUN:00190
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/190

---

Name: CVE-1999-0975

Description:

The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed.

Status:Entry
Reference: BID:868
Reference: URL:http://www.securityfocus.com/bid/868
Reference: BUGTRAQ:19991207 Local user can fool another to run executable. .CNT/.GID/.HLP M$WINNT

---

Name: CVE-1999-0976

Description:

Sendmail allows local users to reinitialize the aliases database via the newaliases command, then cause a denial of service by interrupting Sendmail.

Status:Entry
Reference: BID:857
Reference: URL:http://www.securityfocus.com/bid/857
Reference: BUGTRAQ:19991207 [Debian] New version of sendmail released
Reference: OPENBSD:19991204
Reference: XF:sendmail-bi-alias

---

Name: CVE-1999-0977

Description:

Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request.

Status:Entry
Reference: BID:2354
Reference: URL:http://www.securityfocus.com/bid/2354
Reference: BID:866
Reference: URL:http://www.securityfocus.com/bid/866
Reference: BUGTRAQ:19991210 Re: Solaris sadmind Buffer Overflow Vulnerability
Reference: BUGTRAQ:19991210 Solaris sadmind Buffer Overflow Vulnerability
Reference: CERT:CA-99-16
Reference: OSVDB:2558
Reference: URL:http://www.osvdb.org/2558
Reference: SF-INCIDENTS:19991209 sadmind
Reference: SUN:00191
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/191
Reference: XF:sol-sadmind-amslverify-bo

---

Name: CVE-1999-0978

Description:

htdig allows remote attackers to execute commands via filenames with shell metacharacters.

Status:Entry
Reference: BID:867
Reference: URL:http://www.securityfocus.com/bid/867
Reference: DEBIAN:19991209

---

Name: CVE-1999-0979

Description:

The SCO UnixWare privileged process system allows local users to gain root privileges by using a debugger such as gdb to insert traps into _init before the privileged process is executed.

Status:Entry
Reference: BID:869
Reference: URL:http://www.securityfocus.com/bid/869
Reference: BUGTRAQ:19991209 Fundamental flaw in UnixWare 7 security
Reference: BUGTRAQ:19991215 Recent postings about SCO UnixWare 7
Reference: URL:http://marc.info/?l=bugtraq&m=94530783815434&w=2

---

Name: CVE-1999-0980

Description:

Windows NT Service Control Manager (SCM) allows remote attackers to cause a denial of service via a malformed argument in a resource enumeration request.

Status:Entry
Reference: MS:MS99-055
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-055
Reference: MSKB:Q246045
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q246045

---

Name: CVE-1999-0981

Description:

Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect."

Status:Entry
Reference: MS:MS99-050
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-050
Reference: MSKB:Q246094
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q246094

---

Name: CVE-1999-0982

Description:

The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in a world readable file.

Status:Entry
Reference: BUGTRAQ:19991206 Solaris WBEM 1.0: plaintext password stored in world readable file
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0982

---

Name: CVE-1999-0986

Description:

The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option.

Status:Entry
Reference: BID:870
Reference: URL:http://www.securityfocus.com/bid/870
Reference: BUGTRAQ:19991209 Big problem on 2.0.x?

---

Name: CVE-1999-0987

Description:

Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name.

Status:Entry
Reference: MSKB:Q237923
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q237923
Reference: NTBUGTRAQ:19991118 NT System Policy for Win95 Not downloaded when adding a space after domain name

---

Name: CVE-1999-0989

Description:

Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol.

Status:Entry
Reference: BID:861
Reference: URL:http://www.securityfocus.com/bid/861
Reference: BUGTRAQ:19991205 new IE5 remote exploit
Reference: NTBUGTRAQ:19991205 new IE5 remote exploit

---

Name: CVE-1999-0991

Description:

Buffer overflow in GoodTech Telnet Server NT allows remote users to cause a denial of service via a long login name.

Status:Entry
Reference: BID:862
Reference: URL:http://www.securityfocus.com/bid/862
Reference: BUGTRAQ:19991206 Remote DoS Attack in GoodTech Telnet Server NT v2.2.1 Vulnerability
Reference: NTBUGTRAQ:19991206 Remote DoS Attack in GoodTech Telnet Server NT v2.2.1 Vulnerability

---

Name: CVE-1999-0992

Description:

HP VirtualVault with the PHSS_17692 patch allows unprivileged processes to bypass access restrictions via the Trusted Gateway Proxy (TGP).

Status:Entry
Reference: HP:HPSBUX9912-107
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX9912-107

---

Name: CVE-1999-0994

Description:

Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack passwords.

Status:Entry
Reference: BID:873
Reference: URL:http://www.securityfocus.com/bid/873
Reference: BINDVIEW:19991216 Windows NT's SYSKEY feature
Reference: MS:MS99-056
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-056
Reference: MSKB:Q248183
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q248183

---

Name: CVE-1999-0995

Description:

Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request."

Status:Entry
Reference: BID:875
Reference: URL:http://www.securityfocus.com/bid/875
Reference: MS:MS99-057
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-057
Reference: MSKB:Q248185
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q248185
Reference: NAI:19991216 Windows NT LSA Remote Denial of Service

---

Name: CVE-1999-0996

Description:

Buffer overflow in Infoseek Ultraseek search engine allows remote attackers to execute commands via a long GET request.

Status:Entry
Reference: BUGTRAQ:19991216 Infoseek Ultraseek Remote Buffer Overflow
Reference: EEYE:AD19991215
Reference: URL:http://www.eeye.com/html/Research/Advisories/AD19991215.html
Reference: NTBUGTRAQ:19991216 Infoseek Ultraseek Remote Buffer Overflow
Reference: OSVDB:6490
Reference: URL:http://www.osvdb.org/6490
Reference: XF:infoseek-ultraseek-bo

---

Name: CVE-1999-0997

Description:

wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress.

Status:Entry
Reference: BUGTRAQ:19991220 Security vulnerability in certain wu-ftpd (and derivitives) configurations (fwd)
Reference: DEBIAN:DSA-377
Reference: URL:http://www.debian.org/security/2003/dsa-377
Reference: XF:wuftp-ftp-conversion

---

Name: CVE-1999-0998

Description:

Cisco Cache Engine allows an attacker to replace content in the cache.

Status:Entry
Reference: BUGTRAQ:19991216 Cisco Security Advisory: Cisco Cache Engine Authentication Vulnerabilities
Reference: CISCO:19991216 Cisco Cache Engine Authentication Vulnerabilities
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0998
Reference: XF:cisco-cache-engine-replace

---

Name: CVE-1999-0999

Description:

Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet.

Status:Entry
Reference: BID:817
Reference: URL:http://www.securityfocus.com/bid/817
Reference: MS:MS99-059
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-059
Reference: MSKB:Q248749
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q248749

---

Name: CVE-1999-1000

Description:

The web administration interface for Cisco Cache Engine allows remote attackers to view performance statistics.

Status:Entry
Reference: BUGTRAQ:19991216 Cisco Security Advisory: Cisco Cache Engine Authentication Vulnerabilities
Reference: CISCO:19991216 Cisco Cache Engine Authentication Vulnerabilities
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-1000
Reference: XF:cisco-cache-engine-performance

---

Name: CVE-1999-1001

Description:

Cisco Cache Engine allows a remote attacker to gain access via a null username and password.

Status:Entry
Reference: BUGTRAQ:19991216 Cisco Security Advisory: Cisco Cache Engine Authentication Vulnerabilities
Reference: CISCO:19991216 Cisco Cache Engine Authentication Vulnerabilities
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-1001

---

Name: CVE-1999-1004

Description:

Buffer overflow in the POP server POProxy for the Norton Anti-Virus protection NAV2000 program via a large USER command.

Status:Entry
Reference: BUGTRAQ:19991217 NAV2000 Email Protection DoS
Reference: URL:http://www.securityfocus.com/archive/1/38970
Reference: BUGTRAQ:19991220 Norton Email Protection Remote Overflow (Addendum)
Reference: URL:http://www.securityfocus.com/archive/1/39194
Reference: CONFIRM:http://service1.symantec.com/SUPPORT/nav.nsf/df0a595864594c86852567ac0063608c/6206f660a1f2516a882568660082c930?OpenDocument&Highlight=0,poproxy
Reference: OSVDB:6267
Reference: URL:http://www.osvdb.org/6267

---

Name: CVE-1999-1005

Description:

Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter.

Status:Entry
Reference: BID:879
Reference: URL:http://www.securityfocus.com/bid/879
Reference: BUGTRAQ:19991219 Groupewise Web Interface
Reference: URL:http://marc.info/?l=bugtraq&m=94571433731824&w=2
Reference: OSVDB:3413
Reference: URL:http://www.osvdb.org/3413
Reference: XF:groupwise-web-read-files

---

Name: CVE-1999-1007

Description:

Buffer overflow in VDO Live Player allows remote attackers to execute commands on the VDO client via a malformed .vdo file.

Status:Entry
Reference: BID:872
Reference: URL:http://www.securityfocus.com/bid/872
Reference: BUGTRAQ:19991213 VDO Live Player 3.02 Buffer Overflow
Reference: URL:http://marc.info/?l=bugtraq&m=94512259331599&w=2
Reference: XF:vdolive-bo-execute

---

Name: CVE-1999-1008

Description:

xsoldier program allows local users to gain root access via a long argument.

Status:Entry
Reference: BID:871
Reference: URL:http://www.securityfocus.com/bid/871
Reference: BUGTRAQ:19991215 FreeBSD 3.3 xsoldier root exploit
Reference: MISC:http://marc.info/?l=freebsd-security&m=94531826621620&w=2
Reference: XF:unix-xsoldier-overflow

---

Name: CVE-1999-1010

Description:

An SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy.

Status:Entry
Reference: BUGTRAQ:19991214 sshd1 allows unencrypted sessions regardless of server policy
Reference: URL:http://marc.info/?l=bugtraq&m=94519142415338&w=2
Reference: XF:ssh-policy-bypass

---

Name: CVE-1999-1011

Description:

The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.

Status:Entry
Reference: BID:529
Reference: URL:https://www.securityfocus.com/bid/529
Reference: CIAC:J-054
Reference: URL:http://www.ciac.org/ciac/bulletins/j-054.shtml
Reference: ISS:19990809 Vulnerabilities in Microsoft Remote Data Service
Reference: MS:MS98-004
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-004
Reference: MS:MS99-025
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-025
Reference: OSVDB:272
Reference: URL:http://www.osvdb.org/272
Reference: XF:nt-iis-rds

---

Name: CVE-1999-1014

Description:

Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local users to gain privileges via a long -m argument.

Status:Entry
Reference: BID:672
Reference: URL:http://www.securityfocus.com/bid/672
Reference: BUGTRAQ:19990913 Solaris 2.7 /usr/bin/mail
Reference: URL:http://marc.info/?l=bugtraq&m=93727925026476&w=2
Reference: BUGTRAQ:19990927 Working Solaris x86 /usr/bin/mail exploit
Reference: URL:http://marc.info/?l=bugtraq&m=93846422810162&w=2
Reference: SUNBUG:4276509
Reference: XF:sun-usrbinmail-local-bo(3297)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3297

---

Name: CVE-1999-1019

Description:

SpectroSERVER in Cabletron Spectrum Enterprise Manager 5.0 installs a directory tree with insecure permissions, which allows local users to replace a privileged executable (processd) with a Trojan horse, facilitating a root or Administrator compromise.

Status:Entry
Reference: BID:495
Reference: URL:http://www.securityfocus.com/bid/495
Reference: BUGTRAQ:19990623 Cabletron Spectrum security vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=93024398713491&w=2
Reference: BUGTRAQ:19990624 Re: Cabletron Spectrum security vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=93024398513475&w=2

---

Name: CVE-1999-1021

Description:

NFS on SunOS 4.1 through 4.1.2 ignores the high order 16 bits in a 32 bit UID, which allows a local user to gain root access if the lower 16 bits are set to 0, as fixed by the NFS jumbo patch upgrade.

Status:Entry
Reference: BID:47
Reference: URL:http://www.securityfocus.com/bid/47
Reference: CERT:CA-1992-15
Reference: URL:http://www.cert.org/advisories/CA-1992-15.html
Reference: SUN:00117
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/117&type=0&nav=sec.sba
Reference: XF:nfs-uid(82)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/82

---

Name: CVE-1999-1027

Description:

Solaris 2.6 HW3/98 installs admintool with world-writable permissions, which allows local users to gain privileges by replacing it with a Trojan horse program.

Status:Entry
Reference: BID:290
Reference: URL:http://www.securityfocus.com/bid/290
Reference: BUGTRAQ:19980507 admintool mode 0777 in Solaris 2.6 HW3/98
Reference: URL:http://marc.info/?l=bugtraq&m=90221101925880&w=2
Reference: SUNBUG:4178998
Reference: XF:solaris-admintool-world-writable(7296)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7296

---

Name: CVE-1999-1028

Description:

Symantec pcAnywhere 8.0 allows remote attackers to cause a denial of service (CPU utilization) via a large amount of data to port 5631.

Status:Entry
Reference: BID:288
Reference: URL:http://www.securityfocus.com/bid/288
Reference: NTBUGTRAQ:19990528 DoS against PC Anywhere
Reference: URL:http://marc.info/?l=ntbugtraq&m=92807524225090&w=2
Reference: XF:pcanywhere-dos(2256)
Reference: URL:http://www.iss.net/security_center/static/2256.php

---

Name: CVE-1999-1032

Description:

Vulnerability in LAT/Telnet Gateway (lattelnet) on Ultrix 4.1 and 4.2 allows attackers to gain root privileges.

Status:Entry
Reference: BID:26
Reference: URL:http://www.securityfocus.com/bid/26
Reference: CERT:CA-1991-11
Reference: URL:http://www.cert.org/advisories/CA-1991-11.html
Reference: CIAC:B-36
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/b-36.shtml
Reference: XF:ultrix-telnet(584)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/584

---

Name: CVE-1999-1034

Description:

Vulnerability in login in AT&T System V Release 4 allows local users to gain privileges.

Status:Entry
Reference: BID:23
Reference: URL:http://www.securityfocus.com/bid/23
Reference: CERT:CA-1991-08
Reference: URL:http://www.cert.org/advisories/CA-1991-08.html
Reference: CIAC:B-28
Reference: URL:http://www.ciac.org/ciac/bulletins/b-28.shtml
Reference: XF:sysv-login(583)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/583

---

Name: CVE-1999-1035

Description:

IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a denial of service (hang) via a malformed GET request, aka the IIS "GET" vulnerability.

Status:Entry
Reference: MS:MS98-019
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-019
Reference: MSKB:Q192296
Reference: URL:http://support.microsoft.com/support/kb/articles/q192/2/96.asp
Reference: XF:iis-get-dos(1823)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1823

---

Name: CVE-1999-1037

Description:

rex.satan in SATAN 1.1.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rex.$$ file.

Status:Entry
Reference: BUGTRAQ:19980626 vulnerability in satan, cops & tiger
Reference: URL:http://marc.info/?l=bugtraq&m=90221103125976&w=2
Reference: BUGTRAQ:19980627 Re: vulnerability in satan, cops & tiger
Reference: URL:http://marc.info/?l=bugtraq&m=90221103125986&w=2
Reference: OSVDB:3147
Reference: URL:http://www.osvdb.org/3147
Reference: XF:satan-rexsatan-symlink(7167)
Reference: URL:http://www.iss.net/security_center/static/7167.php

---

Name: CVE-1999-1044

Description:

Vulnerability in Advanced File System Utility (advfs) in Digital UNIX 4.0 through 4.0d allows local users to gain privileges.

Status:Entry
Reference: CIAC:I-050
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-050.shtml
Reference: COMPAQ:SSRT0495U
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-050.shtml
Reference: XF:dgux-advfs-softlinks(7431)
Reference: URL:http://www.iss.net/security_center/static/7431.php

---

Name: CVE-1999-1045

Description:

pnserver in RealServer 5.0 and earlier allows remote attackers to cause a denial of service by sending a short, malformed request.

Status:Entry
Reference: BUGTRAQ:19980115 [rootshell] Security Bulletin #7
Reference: URL:http://marc.info/?l=bugtraq&m=88490880523890&w=2
Reference: BUGTRAQ:19980115 pnserver exploit..
Reference: URL:http://marc.info/?l=bugtraq&m=88492978527261&w=2
Reference: BUGTRAQ:19980817 Re: Real Audio Server Version 5 bug?
Reference: URL:http://marc.info/?l=bugtraq&m=90338245305236&w=2
Reference: MISC:http://service.real.com/help/faq/serv501.html
Reference: OSVDB:6979
Reference: URL:http://www.osvdb.org/6979
Reference: XF:realserver-pnserver-remote-dos(7297)
Reference: URL:http://www.iss.net/security_center/static/7297.php

---

Name: CVE-1999-1047

Description:

When BSDI patches for Gauntlet 5.0 BSDI are installed in a particular order, Gauntlet allows remote attackers to bypass firewall access restrictions, and does not log the activities.

Status:Entry
Reference: BUGTRAQ:19991018 Gauntlet 5.0 BSDI warning
Reference: URL:http://marc.info/?l=bugtraq&m=94026690521279&w=2
Reference: BUGTRAQ:19991019 Re: Gauntlet 5.0 BSDI warning
Reference: URL:http://marc.info/?l=bugtraq&m=94036662326185&w=2
Reference: XF:gauntlet-bsdi-bypass(3397)
Reference: URL:http://www.iss.net/security_center/static/3397.php

---

Name: CVE-1999-1048

Description:

Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges by creating an extremely large directory name, which is inserted into the password prompt via the \w option in the PS1 environmental variable when another user changes into that directory.

Status:Entry
Reference: BUGTRAQ:19970821 Buffer overflow in /bin/bash
Reference: URL:http://marc.info/?l=bugtraq&m=87602746719555&w=2
Reference: BUGTRAQ:19980905 BASH buffer overflow, LiNUX x86 exploit
Reference: URL:http://www.securityfocus.com/archive/1/10542
Reference: DEBIAN:19980909 problem with very long pathnames
Reference: URL:http://www.debian.org/security/1998/19980909
Reference: OSVDB:8345
Reference: URL:http://www.osvdb.org/8345
Reference: XF:linux-bash-bo(3414)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3414

---

Name: CVE-1999-1055

Description:

Microsoft Excel 97 does not warn the user before executing worksheet functions, which could allow attackers to execute arbitrary commands by using the CALL function to execute a malicious DLL, aka the Excel "CALL Vulnerability."

Status:Entry
Reference: BID:179
Reference: URL:http://www.securityfocus.com/bid/179
Reference: MS:MS98-018
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-018
Reference: XF:excel-call(1737)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1737

---

Name: CVE-1999-1057

Description:

VMS 4.0 through 5.3 allows local users to gain privileges via the ANALYZE/PROCESS_DUMP dcl command.

Status:Entry
Reference: BID:12
Reference: URL:http://www.securityfocus.com/bid/12
Reference: CERT:CA-1990-07
Reference: URL:http://www.cert.org/advisories/CA-1990-07.html
Reference: CIAC:B-04
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/b-04.shtml
Reference: XF:vms-analyze-processdump-privileges(7137)
Reference: URL:http://www.iss.net/security_center/static/7137.php

---

Name: CVE-1999-1059

Description:

Vulnerability in rexec daemon (rexecd) in AT&T TCP/IP 4.0 for various SVR4 systems allows remote attackers to execute arbitrary commands.

Status:Entry
Reference: BID:36
Reference: URL:http://www.securityfocus.com/bid/36
Reference: CERT:CA-1992-04
Reference: URL:http://www.cert.org/advisories/CA-1992-04.html
Reference: XF:att-rexecd(3159)
Reference: URL:http://www.iss.net/security_center/static/3159.php

---

Name: CVE-1999-1074

Description:

Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking.

Status:Entry
Reference: BID:98
Reference: URL:http://www.securityfocus.com/bid/98
Reference: BUGTRAQ:19980501 Warning! Webmin Security Advisory
Reference: URL:http://www.securityfocus.com/archive/1/9138
Reference: CONFIRM:http://www.webmin.com/webmin/changes.html

---

Name: CVE-1999-1080

Description:

rmmount in SunOS 5.7 may mount file systems without the nosuid flag set, contrary to the documentation and its use in previous versions of SunOS, which could allow local users with physical access to gain root privileges by mounting a floppy or CD-ROM that contains a setuid program and running volcheck, when the file systems do not have the nosuid option specified in rmmount.conf.

Status:Entry
Reference: BID:250
Reference: URL:http://www.securityfocus.com/bid/250
Reference: BUGTRAQ:19990510 SunOS 5.7 rmmount, no nosuid.
Reference: URL:http://marc.info/?l=bugtraq&m=92633694100270&w=2
Reference: BUGTRAQ:19991011
Reference: URL:http://marc.info/?l=bugtraq&m=93971288323395&w=2
Reference: SUNBUG:4205437
Reference: XF:solaris-rmmount-gain-root(8350)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/8350

---

Name: CVE-1999-1085

Description:

SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher Block Chaining) or CFB (Cipher Feedback 64 bits) modes, allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext attack and computing a valid CRC-32 checksum for the packet, aka the "SSH insertion attack."

Status:Entry
Reference: BUGTRAQ:19980612 CORE-SDI-04: SSH insertion attack
Reference: URL:http://marc.info/?l=bugtraq&m=90221103125884&w=2
Reference: BUGTRAQ:19980703 UPDATE: SSH insertion attack
Reference: URL:http://marc.info/?l=bugtraq&m=90221104525878&w=2
Reference: CERT-VN:VU#13877
Reference: URL:http://www.kb.cert.org/vuls/id/13877
Reference: CISCO:20010627 Multiple SSH Vulnerabilities
Reference: XF:ssh-insert(1126)
Reference: URL:http://www.iss.net/security_center/static/1126.php

---

Name: CVE-1999-1087

Description:

Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by using URLs that contain the dotless IP address for their server.

Status:Entry
Reference: CONFIRM:http://www.microsoft.com/Windows/Ie/security/dotless.asp
Reference: MS:MS98-016
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-016
Reference: MSKB:Q168617
Reference: URL:http://support.microsoft.com/support/kb/articles/q168/6/17.asp
Reference: OSVDB:7828
Reference: URL:http://www.osvdb.org/7828
Reference: XF:ie-dotless(2209)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2209

---

Name: CVE-1999-1090

Description:

The default configuration of NCSA Telnet package for Macintosh and PC enables FTP, even though it does not include an "ftp=yes" line, which allows remote attackers to read and modify arbitrary files.

Status:Entry
Reference: CERT:CA-1991-15
Reference: URL:http://www.cert.org/advisories/CA-1991-15.html
Reference: XF:ftp-ncsa(1844)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1844

---

Name: CVE-1999-1093

Description:

Buffer overflow in the Window.External function in the JScript Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows remote attackers to execute arbitrary commands via a malicious web page.

Status:Entry
Reference: MS:MS98-011
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-011
Reference: MSKB:Q191200
Reference: URL:http://support.microsoft.com/support/kb/articles/q191/2/00.asp
Reference: XF:java-script-patch(1276)
Reference: URL:http://www.iss.net/security_center/static/1276.php

---

Name: CVE-1999-1094

Description:

Buffer overflow in Internet Explorer 4.01 and earlier allows remote attackers to execute arbitrary commands via a long URL with the "mk:" protocol, aka the "MK Overrun security issue."

Status:Entry
Reference: BUGTRAQ:19980114 L0pht Advisory MSIE4.0(1)
Reference: URL:http://marc.info/?l=bugtraq&m=88480839506155&w=2
Reference: MSKB:Q176697
Reference: URL:http://support.microsoft.com/support/kb/articles/q176/6/97.asp
Reference: XF:iemk-bug(917)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/917

---

Name: CVE-1999-1098

Description:

Vulnerability in BSD Telnet client with encryption and Kerberos 4 authentication allows remote attackers to decrypt the session via sniffing.

Status:Entry
Reference: CERT:CA-1995-03
Reference: URL:http://www.cert.org/advisories/CA-1995-03.html
Reference: CIAC:F-12
Reference: URL:http://www.ciac.org/ciac/bulletins/f-12.shtml
Reference: OSVDB:4881
Reference: URL:http://www.osvdb.org/4881
Reference: XF:bsd-telnet(516)
Reference: URL:http://www.iss.net/security_center/static/516.php

---

Name: CVE-1999-1099

Description:

Kerberos 4 allows remote attackers to obtain sensitive information via a malformed UDP packet that generates an error string that inadvertently includes the realm name and the last user.

Status:Entry
Reference: BUGTRAQ:19961122 L0pht Kerberos Advisory
Reference: URL:http://marc.info/?l=bugtraq&m=87602167420184&w=2
Reference: XF:kerberos-user-grab(65)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/65

---

Name: CVE-1999-1100

Description:

Cisco PIX Private Link 4.1.6 and earlier does not properly process certain commands in the configuration file, which reduces the effective key length of the DES key to 48 bits instead of 56 bits, which makes it easier for an attacker to find the proper key via a brute force attack.

Status:Entry
Reference: CIAC:I-056
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-056.shtml
Reference: CISCO:19980616 PIX Private Link Key Processing and Cryptography Issues
Reference: URL:http://www.cisco.com/warp/public/770/pixkey-pub.shtml
Reference: XF:cisco-pix-parse-error(1579)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1579

---

Name: CVE-1999-1102

Description:

lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times.

Status:Entry
Reference: BUGTRAQ:19940307 8lgm Advisory Releases
Reference: URL:http://www.aenigma.net/resources/maillist/bugtraq/1994/0091.htm
Reference: CIAC:E-25a
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/e-25.shtml
Reference: MISC:http://www.phreak.org/archives/security/8lgm/8lgm.lpr

---

Name: CVE-1999-1103

Description:

dxconsole in DEC OSF/1 3.2C and earlier allows local users to read arbitrary files by specifying the file with the -file parameter.

Status:Entry
Reference: CERT:VB-96.05
Reference: URL:http://www.cert.org/vendor_bulletins/VB-96.05.dec
Reference: CIAC:G-18
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/g-18.shtml
Reference: MISC:http://www.tao.ca/fire/bos/0209.html
Reference: XF:osf-dxconsole-gain-privileges(7138)
Reference: URL:http://www.iss.net/security_center/static/7138.php

---

Name: CVE-1999-1104

Description:

Windows 95 uses weak encryption for the password list (.pwl) file used when password caching is enabled, which allows local users to gain privileges by decrypting the passwords.

Status:Entry
Reference: BUGTRAQ:19951205 Cracked: WINDOWS.PWL
Reference: URL:http://marc.info/?l=bugtraq&m=87602167418931&w=2
Reference: BUGTRAQ:19980120 How to recover private keys for various Microsoft products
Reference: URL:http://marc.info/?l=bugtraq&m=88536273725787&w=2
Reference: MSKB:Q140557
Reference: URL:http://support.microsoft.com/support/kb/articles/q140/5/57.asp
Reference: NTBUGTRAQ:19980121 How to recover private keys for various Microsoft products
Reference: URL:http://marc.info/?l=ntbugtraq&m=88540877601866&w=2
Reference: XF:win95-nbsmbpwl(71)
Reference: URL:http://www.iss.net/security_center/static/71.php

---

Name: CVE-1999-1105

Description:

Windows 95, when Remote Administration and File Sharing for NetWare Networks is enabled, creates a share (C$) when an administrator logs in remotely, which allows remote attackers to read arbitrary files by mapping the network drive.

Status:Entry
Reference: CONFIRM:http://www.zdnet.com/eweek/reviews/1016/tr42bug.html
Reference: MISC:http://www.net-security.sk/bugs/NT/netware1.html
Reference: XF:win95-netware-hidden-share(7231)
Reference: URL:http://www.iss.net/security_center/static/7231.php

---

Name: CVE-1999-1109

Description:

Sendmail before 8.10.0 allows remote attackers to cause a denial of service by sending a series of ETRN commands then disconnecting from the server, while Sendmail continues to process the commands after the connection has been terminated.

Status:Entry
Reference: BID:904
Reference: URL:http://www.securityfocus.com/bid/904
Reference: BUGTRAQ:19991222 Re: procmail / Sendmail - five bugs
Reference: URL:http://marc.info/?l=bugtraq&m=94632241202626&w=2
Reference: BUGTRAQ:20000113 Re: procmail / Sendmail - five bugs
Reference: URL:http://marc.info/?l=bugtraq&m=94780566911948&w=2
Reference: XF:sendmail-etrn-dos(7760)
Reference: URL:http://www.iss.net/security_center/static/7760.php

---

Name: CVE-1999-1111

Description:

Vulnerability in StackGuard before 1.21 allows remote attackers to bypass the Random and Terminator Canary security mechanisms by using a non-linear attack which directly modifies a pointer to a return address instead of using a buffer overflow to reach the return address entry itself.

Status:Entry
Reference: BID:786
Reference: URL:http://www.securityfocus.com/bid/786
Reference: BUGTRAQ:19911109 ImmuniX OS Security Alert: StackGuard 1.21 Released
Reference: URL:http://marc.info/?l=bugtraq&m=94218618329838&w=2
Reference: XF:immunix-stackguard-bo(3524)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3524

---

Name: CVE-1999-1114

Description:

Buffer overflow in Korn Shell (ksh) suid_exec program on IRIX 6.x and earlier, and possibly other operating systems, allows local users to gain root privileges.

Status:Entry
Reference: AUSCERT:AA-96.17
Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-96.17.suid_exec.vul
Reference: BID:467
Reference: URL:http://www.securityfocus.com/bid/467
Reference: CIAC:H-15A
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-15a.shtml
Reference: SGI:19980405-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980405-01-I
Reference: XF:ksh-suid_exec(2100)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2100

---

Name: CVE-1999-1115

Description:

Vulnerability in the /etc/suid_exec program in HP Apollo Domain/OS sr10.2 and sr10.3 beta, related to the Korn Shell (ksh).

Status:Entry
Reference: BID:7
Reference: URL:http://www.securityfocus.com/bid/7
Reference: CERT:CA-1990-04
Reference: URL:http://www.cert.org/advisories/CA-1990-04.html
Reference: CIAC:A-30
Reference: URL:http://www.ciac.org/ciac/bulletins/a-30.shtml
Reference: XF:apollo-suidexec-unauthorized-access(6721)
Reference: URL:http://www.iss.net/security_center/static/6721.php

---

Name: CVE-1999-1116

Description:

Vulnerability in runpriv in Indigo Magic System Administration subsystem of SGI IRIX 6.3 and 6.4 allows local users to gain root privileges.

Status:Entry
Reference: BID:462
Reference: URL:http://www.securityfocus.com/bid/462
Reference: OSVDB:1009
Reference: URL:http://www.osvdb.org/1009
Reference: SGI:19970503-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970503-01-PX
Reference: XF:sgi-runpriv(2108)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2108

---

Name: CVE-1999-1117

Description:

lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files by specifying the file in the -h command line parameter.

Status:Entry
Reference: BID:455
Reference: URL:http://www.securityfocus.com/bid/455
Reference: BUGTRAQ:19961124
Reference: URL:http://marc.info/?l=bugtraq&w=2&r=1&s=lquerypv&q=b
Reference: BUGTRAQ:19961125 AIX lquerypv
Reference: URL:http://marc.info/?l=bugtraq&m=87602167420196&w=2
Reference: BUGTRAQ:19961125 lquerypv fix
Reference: URL:http://marc.info/?l=bugtraq&m=87602167420195&w=2
Reference: CIAC:H-13
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-13.shtml
Reference: XF:ibm-lquerypv(1752)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1752

---

Name: CVE-1999-1118

Description:

ndd in Solaris 2.6 allows local users to cause a denial of service by modifying certain TCP/IP parameters.

Status:Entry
Reference: BID:433
Reference: URL:http://www.securityfocus.com/bid/433
Reference: SUN:00165
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/165&type=0&nav=sec.sba
Reference: XF:sun-ndd(817)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/817

---

Name: CVE-1999-1119

Description:

FTP installation script anon.ftp in AIX insecurely configures anonymous FTP, which allows remote attackers to execute arbitrary commands.

Status:Entry
Reference: BID:41
Reference: URL:http://www.securityfocus.com/bid/41
Reference: CERT:CA-1992-09
Reference: URL:http://www.cert.org/advisories/CA-1992-09.html
Reference: XF:aix-anon-ftp(3154)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3154

---

Name: CVE-1999-1120

Description:

netprint in SGI IRIX 6.4 and earlier trusts the PATH environmental variable for finding and executing the disable program, which allows local users to gain privileges.

Status:Entry
Reference: BID:395
Reference: URL:http://www.securityfocus.com/bid/395
Reference: BUGTRAQ:19970104 Irix: netprint story
Reference: URL:http://marc.info/?l=bugtraq&m=87602167420403&w=2
Reference: OSVDB:993
Reference: URL:http://www.osvdb.org/993
Reference: SGI:19961203-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19961203-01-PX
Reference: SGI:19961203-02-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19961203-02-PX
Reference: XF:sgi-netprint(2107)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2107

---

Name: CVE-1999-1121

Description:

The default configuration for UUCP in AIX before 3.2 allows local users to gain root privileges.

Status:Entry
Reference: BID:38
Reference: URL:http://www.securityfocus.com/bid/38
Reference: CERT:CA-1992-06
Reference: URL:http://www.cert.org/advisories/CA-1992-06.html
Reference: OSVDB:891
Reference: URL:http://www.osvdb.org/891
Reference: XF:ibm-uucp(554)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/554

---

Name: CVE-1999-1122

Description:

Vulnerability in restore in SunOS 4.0.3 and earlier allows local users to gain privileges.

Status:Entry
Reference: BID:3
Reference: URL:http://www.securityfocus.com/bid/3
Reference: CERT:CA-1989-02
Reference: URL:http://www.cert.org/advisories/CA-1989-02.html
Reference: CIAC:CIAC-08
Reference: URL:http://www.ciac.org/ciac/bulletins/ciac-08.shtml
Reference: SUNBUG:1019265
Reference: XF:sun-restore-gain-privileges(6695)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6695

---

Name: CVE-1999-1127

Description:

Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability.

Status:Entry
Reference: MS:MS98-017
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-017
Reference: MSKB:Q195733
Reference: URL:http://support.microsoft.com/support/kb/articles/Q195/7/33.asp
Reference: XF:nt-spoolss(523)
Reference: URL:http://www.iss.net/security_center/static/523.php

---

Name: CVE-1999-1131

Description:

Buffer overflow in OSF Distributed Computing Environment (DCE) security demon (secd) in IRIX 6.4 and earlier allows attackers to cause a denial of service via a long principal, group, or organization.

Status:Entry
Reference: CERT:VB-97.12
Reference: URL:http://www.cert.org/vendor_bulletins/VB-97.12.opengroup
Reference: CIAC:I-060
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-060.shtml
Reference: SGI:19980601-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980601-01-PX
Reference: XF:sgi-osf-dce-dos(1123)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1123

---

Name: CVE-1999-1132

Description:

Windows NT 4.0 allows remote attackers to cause a denial of service (crash) via extra source routing data such as (1) a Routing Information Field (RIF) field with a hop count greater than 7, or (2) a list containing duplicate Token Ring IDs.

Status:Entry
Reference: BUGTRAQ:19981005 NMRC Advisory - Lame NT Token Ring DoS
Reference: URL:http://marc.info/?l=bugtraq&m=90763508011966&w=2
Reference: MSKB:Q179157
Reference: URL:http://support.microsoft.com/support/kb/articles/Q179/1/57.asp
Reference: NTBUGTRAQ:19981002 NMRC Advisory - Lame NT Token Ring DoS
Reference: URL:http://marc.info/?l=ntbugtraq&m=90760603030452&w=2
Reference: XF:token-ring-dos(1399)
Reference: URL:http://www.iss.net/security_center/static/1399.php

---

Name: CVE-1999-1136

Description:

Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5 and earlier, allows attackers to compromise data transfer for Predictive messages (using e-mail or modem) between customer and Response Center Predictive systems.

Status:Entry
Reference: BUGTRAQ:19980729 HP-UX Predictive & Netscape SSL Vulnerabilities
Reference: URL:http://marc.info/?l=bugtraq&m=90221104526177&w=2
Reference: CIAC:I-081
Reference: URL:http://www.ciac.org/ciac/bulletins/i-081.shtml
Reference: HP:HPSBMP9807-005
Reference: URL:http://cert.ip-plus.net/bulletin-archive/msg00040.html
Reference: HP:HPSBUX9807-081
Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9807-081.html
Reference: XF:mpeix-predictive(1413)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1413

---

Name: CVE-1999-1137

Description:

The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone.

Status:Entry
Reference: CIAC:E-01
Reference: URL:http://www.ciac.org/ciac/bulletins/e-01.shtml
Reference: OSVDB:6436
Reference: URL:http://www.osvdb.org/6436
Reference: SUN:00122
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/122&type=0&nav=sec.sba
Reference: XF:sun-audio(549)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/549

---

Name: CVE-1999-1138

Description:

SCO UNIX System V/386 Release 3.2, and other SCO products, installs the home directories (1) /tmp for the dos user, and (2) /usr/tmp for the asg user, which allows other users to gain access to those accounts since /tmp and /usr/tmp are world-writable.

Status:Entry
Reference: CERT:CA-1993-13
Reference: URL:http://www.cert.org/advisories/CA-1993-13.html
Reference: XF:sco-homedir(546)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/546

---

Name: CVE-1999-1139

Description:

Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the IOERROR.mytty file.

Status:Entry
Reference: BUGTRAQ:19970901 HP UX Bug :)
Reference: URL:http://marc.info/?l=bugtraq&m=87602880019745&w=2
Reference: BUGTRAQ:19980121 HP-UX CUE, CUD and LAND vulnerabilities
Reference: URL:http://security-archive.merton.ox.ac.uk/bugtraq-199801/0122.html
Reference: CIAC:I-027B
Reference: URL:http://www.ciac.org/ciac/bulletins/i-027b.shtml
Reference: HP:HPSBUX9801-074
Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9801-074.html
Reference: XF:hp-cue(2007)
Reference: URL:http://www.iss.net/security_center/static/2007.php

---

Name: CVE-1999-1140

Description:

Buffer overflow in CrackLib 2.5 may allow local users to gain root privileges via a long GECOS field.

Status:Entry
Reference: BUGTRAQ:19971214 buffer overflows in cracklib?!
Reference: URL:http://marc.info/?l=bugtraq&m=88209041500913&w=2
Reference: CERT:VB-97.16
Reference: URL:http://www.cert.org/vendor_bulletins/VB-97.16.CrackLib
Reference: XF:cracklib-bo(1539)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1539

---

Name: CVE-1999-1142

Description:

SunOS 4.1.2 and earlier allows local users to gain privileges via "LD_*" environmental variables to certain dynamically linked setuid or setgid programs such as (1) login, (2) su, or (3) sendmail, that change the real and effective user ids to the same user.

Status:Entry
Reference: CERT:CA-1992-11
Reference: URL:http://www.cert.org/advisories/CA-1992-11.html
Reference: SUN:00116
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/116
Reference: XF:sun-env(3152)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3152

---

Name: CVE-1999-1143

Description:

Vulnerability in runtime linker program rld in SGI IRIX 6.x and earlier allows local users to gain privileges via setuid and setgid programs.

Status:Entry
Reference: CIAC:H-065
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-65.shtml
Reference: SGI:19970504-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19970504-01-PX
Reference: XF:sgi-rld(2109)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2109

---

Name: CVE-1999-1144

Description:

Certain files in MPower in HP-UX 10.x are installed with insecure permissions, which allows local users to gain privileges.

Status:Entry
Reference: HP:HPSBUX9701-051
Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9701-051.html
Reference: XF:hp-mpower(2056)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2056

---

Name: CVE-1999-1145

Description:

Vulnerability in Glance programs in GlancePlus for HP-UX 10.20 and earlier allows local users to access arbitrary files and gain privileges.

Status:Entry
Reference: CIAC:H-21
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-21.shtml
Reference: HP:HPSBUX9701-044
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=1514
Reference: XF:hp-glanceplus(2059)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2059

---

Name: CVE-1999-1146

Description:

Vulnerability in Glance and gpm programs in GlancePlus for HP-UX 9.x and earlier allows local users to access arbitrary files and gain privileges.

Status:Entry
Reference: HP:HPSBUX9405-011
Reference: URL:http://www.securityfocus.com/advisories/1555
Reference: XF:hp-glanceplus-gpm(2060)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2060

---

Name: CVE-1999-1147

Description:

Buffer overflow in Platinum Policy Compliance Manager (PCM) 7.0 allows remote attackers to execute arbitrary commands via a long string to the Agent port (1827), which is handled by smaxagent.exe.

Status:Entry
Reference: BUGTRAQ:19981204 [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0
Reference: URL:http://marc.info/?l=bugtraq&m=91273739726314&w=2
Reference: BUGTRAQ:19981207 Re: [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0
Reference: OSVDB:3164
Reference: URL:http://www.osvdb.org/3164
Reference: XF:pcm-dos-execute(1430)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1430

---

Name: CVE-1999-1148

Description:

FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time.

Status:Entry
Reference: MS:MS98-006
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1998/ms98-006
Reference: MSKB:Q189262
Reference: URL:http://support.microsoft.com/support/kb/articles/Q189/2/62.ASP
Reference: XF:iis-passive-ftp(1215)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1215

---

Name: CVE-1999-1156

Description:

BisonWare FTP Server 4.1 and earlier allows remote attackers to cause a denial of service via a malformed PORT command that contains a non-numeric character and a large number of carriage returns.

Status:Entry
Reference: NTBUGTRAQ:19990517 Vulnerabilities in BisonWare FTP Server 3.5
Reference: XF:bisonware-port-crash(2254)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2254

---

Name: CVE-1999-1157

Description:

Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service via an ICMP Subnet Mask Address Request packet, when certain multiple IP addresses are bound to the same network interface.

Status:Entry
Reference: MSKB:Q192774
Reference: URL:http://support.microsoft.com/support/kb/articles/Q192/7/74.ASP
Reference: XF:tcpipsys-icmp-dos(3894)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3894

---

Name: CVE-1999-1159

Description:

SSH 2.0.11 and earlier allows local users to request remote forwarding from privileged ports without being root.

Status:Entry
Reference: BUGTRAQ:19981229 ssh2 security problem (and patch) (fwd)
Reference: URL:http://marc.info/?l=bugtraq&m=91495920911490&w=2
Reference: XF:ssh-privileged-port-forward(1471)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1471

---

Name: CVE-1999-1160

Description:

Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and possibly remote users to gain root privileges.

Status:Entry
Reference: CIAC:H-33
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-33.shtml
Reference: HP:HPSBUX9702-055
Reference: URL:http://marc.info/?l=bugtraq&m=87602167420581&w=2
Reference: XF:hp-ftpd-kftpd(7437)
Reference: URL:http://www.iss.net/security_center/static/7437.php

---

Name: CVE-1999-1161

Description:

Vulnerability in ppl in HP-UX 10.x and earlier allows local users to gain root privileges by forcing ppl to core dump.

Status:Entry
Reference: AUSCERT:AA-97.07
Reference: BUGTRAQ:19961103 Re: Untitled
Reference: URL:http://marc.info/?l=bugtraq&m=87602167420102&w=2
Reference: BUGTRAQ:19961104 ppl bugs
Reference: URL:http://marc.info/?l=bugtraq&m=87602167420103&w=2
Reference: CIAC:H-32
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/h-32.shtml
Reference: HP:HPSBUX9704-057
Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9704-057.html
Reference: XF:hp-ppl(7438)
Reference: URL:http://www.iss.net/security_center/static/7438.php

---

Name: CVE-1999-1162

Description:

Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers to cause a denial of service by preventing users from being able to log into the system.

Status:Entry
Reference: CERT:CA-1993-08
Reference: URL:http://www.cert.org/advisories/CA-1993-08.html
Reference: XF:sco-passwd-deny(542)
Reference: URL:http://www.iss.net/security_center/static/542.php

---

Name: CVE-1999-1163

Description:

Vulnerability in HP Series 800 S/X/V Class servers allows remote attackers to gain access to the S/X/V Class console via the Service Support Processor (SSP) Teststation.

Status:Entry
Reference: HP:HPSBUX9911-105
Reference: URL:http://marc.info/?l=bugtraq&m=94347039929958&w=2
Reference: XF:hp-ssp(7439)
Reference: URL:http://www.iss.net/security_center/static/7439.php

---

Name: CVE-1999-1167

Description:

Cross-site scripting vulnerability in Third Voice Web annotation utility allows remote users to read sensitive data and generate fake web pages for other Third Voice users by injecting malicious Javascript into an annotation.

Status:Entry
Reference: CONFIRM:http://www.wired.com/news/technology/0,1282,20677,00.html
Reference: MISC:http://www.wired.com/news/technology/0,1282,20636,00.html
Reference: XF:thirdvoice-cross-site-scripting(7252)
Reference: URL:http://www.iss.net/security_center/static/7252.php

---

Name: CVE-1999-1175

Description:

Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS 11.2 and earlier does not use authentication, which allows remote attackers to redirect HTTP traffic to arbitrary hosts via WCCP packets to UDP port 2048.

Status:Entry
Reference: CIAC:I-054
Reference: URL:http://www.ciac.org/ciac/bulletins/i-054.shtml
Reference: CISCO:19980513 Cisco Web Cache Control Protocol Router Vulnerability
Reference: URL:http://www.cisco.com/warp/public/770/wccpauth-pub.shtml
Reference: XF:cisco-wccp-vuln(1577)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1577

---

Name: CVE-1999-1177

Description:

Directory traversal vulnerability in nph-publish before 1.2 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the pathname for an upload operation.

Status:Entry
Reference: CONFIRM:http://www-genome.wi.mit.edu/WWW/tools/CGI_scripts/server_publish/nph-publish
Reference: MISC:http://www.w3.org/Security/Faq/wwwsf4.html
Reference: XF:http-cgi-nphpublish(2055)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2055

---

Name: CVE-1999-1181

Description:

Vulnerability in On-Line Customer Registration software for IRIX 6.2 through 6.4 allows local users to gain root privileges.

Status:Entry
Reference: CIAC:J-003
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-003.shtml
Reference: SGI:19980901-01-PX
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19980901-01-PX
Reference: XF:irix-register(7441)
Reference: URL:http://www.iss.net/security_center/static/7441.php

---

Name: CVE-1999-1188

Description:

mysqld in MySQL 3.21 creates log files with world-readable permissions, which allows local users to obtain passwords for users who are added to the user database.

Status:Entry
Reference: BUGTRAQ:19981227 mysql: mysqld creates world readable logs..
Reference: URL:http://marc.info/?l=bugtraq&m=91479159617803&w=2
Reference: XF:mysql-readable-log-files(1568)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1568

---

Name: CVE-1999-1189

Description:

Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file.

Status:Entry
Reference: BID:822
Reference: URL:http://www.securityfocus.com/bid/822
Reference: BUGTRAQ:19991124 Netscape Communicator 4.7 - Navigator Overflows
Reference: URL:http://www.securityfocus.com/archive/1/36306
Reference: BUGTRAQ:19991127 Netscape Communicator 4.7 - Navigator Overflows
Reference: URL:http://www.securityfocus.com/archive/1/36608
Reference: XF:netscape-long-argument-bo(7884)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7884

---

Name: CVE-1999-1191

Description:

Buffer overflow in chkey in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument.

Status:Entry
Reference: AUSCERT:AA-97.18
Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-97.18.solaris.chkey.buffer.overflow.vul
Reference: BID:207
Reference: URL:http://www.securityfocus.com/bid/207
Reference: BUGTRAQ:19970519 Re: Finally, most of an exploit for Solaris 2.5.1's ps.
Reference: URL:http://marc.info/?l=bugtraq&m=87602167418335&w=2
Reference: SUN:00144
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/144
Reference: XF:solaris-chkey-bo(7442)
Reference: URL:http://www.iss.net/security_center/static/7442.php

---

Name: CVE-1999-1192

Description:

Buffer overflow in eeprom in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument.

Status:Entry
Reference: BID:206
Reference: URL:http://www.securityfocus.com/bid/206
Reference: SUN:00143
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/143
Reference: XF:solaris-eeprom-bo(7444)
Reference: URL:http://www.iss.net/security_center/static/7444.php

---

Name: CVE-1999-1193

Description:

The "me" user in NeXT NeXTstep 2.1 and earlier has wheel group privileges, which could allow the me user to use the su command to become root.

Status:Entry
Reference: BID:20
Reference: URL:http://www.securityfocus.com/bid/20
Reference: CERT:CA-1991-06
Reference: URL:http://www.cert.org/advisories/CA-1991-06.html
Reference: XF:next-me(581)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/581

---

Name: CVE-1999-1194

Description:

chroot in Digital Ultrix 4.1 and 4.0 is insecurely installed, which allows local users to gain privileges.

Status:Entry
Reference: BID:17
Reference: URL:http://www.securityfocus.com/bid/17
Reference: CERT:CA-1991-05
Reference: URL:http://www.cert.org/advisories/CA-1991-05.html
Reference: XF:dec-chroot(577)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/577

---

Name: CVE-1999-1197

Description:

TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a user who tries to redirect console output and input, which could allow a local user to gain privileges.

Status:Entry
Reference: BID:14
Reference: URL:http://www.securityfocus.com/bid/14
Reference: CERT:CA-1990-12
Reference: URL:http://www.cert.org/advisories/CA-1990-12.html
Reference: XF:sunos-tioccons-console-redirection(7140)
Reference: URL:http://www.iss.net/security_center/static/7140.php

---

Name: CVE-1999-1198

Description:

BuildDisk program on NeXT systems before 2.0 does not prompt users for the root password, which allows local users to gain root privileges.

Status:Entry
Reference: BID:11
Reference: URL:http://www.securityfocus.com/bid/11
Reference: CERT:CA-1990-06
Reference: URL:http://www.cert.org/advisories/CA-1990-06.html
Reference: CIAC:B-01
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/b-01.shtml
Reference: XF:nextstep-builddisk-root-access(7141)
Reference: URL:http://www.iss.net/security_center/static/7141.php

---

Name: CVE-1999-1199

Description:

Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.

Status:Entry
Reference: BUGTRAQ:19980807 YA Apache DoS attack
Reference: URL:http://marc.info/?l=bugtraq&m=90252779826784&w=2
Reference: BUGTRAQ:19980808 Debian Apache Security Update
Reference: URL:http://marc.info/?l=bugtraq&m=90276683825862&w=2
Reference: BUGTRAQ:19980810 Apache DoS Attack
Reference: URL:http://marc.info/?l=bugtraq&m=90286768232093&w=2
Reference: BUGTRAQ:19980811 Apache 'sioux' DOS fix for TurboLinux
Reference: URL:http://marc.info/?l=bugtraq&m=90280517007869&w=2
Reference: CONFIRM:http://www.redhat.com/support/errata/rh51-errata-general.html#apache
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
Reference: URL:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
Reference: URL:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E

---

Name: CVE-1999-1201

Description:

Windows 95 and Windows 98 systems, when configured with multiple TCP/IP stacks bound to the same MAC address, allow remote attackers to cause a denial of service (traffic amplification) via a certain ICMP echo (ping) packet, which causes all stacks to send a ping response, aka TCP Chorusing.

Status:Entry
Reference: BID:225
Reference: URL:http://www.securityfocus.com/bid/225
Reference: NTBUGTRAQ:19990206 New Windows 9x Bug: TCP Chorusing
Reference: URL:http://marc.info/?l=ntbugtraq&m=91849617221319&w=2
Reference: XF:win-multiple-ip-dos(7542)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7542

---

Name: CVE-1999-1203

Description:

Multilink PPP for ISDN dialup users in Ascend before 4.6 allows remote attackers to cause a denial of service via a spoofed endpoint identifier.

Status:Entry
Reference: BUGTRAQ:19990210 Security problems in ISDN equipment authentication
Reference: URL:http://marc.info/?l=bugtraq&m=91868964203769&w=2
Reference: BUGTRAQ:19990212 PPP/ISDN multilink security issue - summary
Reference: URL:http://marc.info/?l=bugtraq&m=91888117502765&w=2
Reference: XF:ascend-ppp-isdn-dos(7498)
Reference: URL:http://www.iss.net/security_center/static/7498.php

---

Name: CVE-1999-1204

Description:

Check Point Firewall-1 does not properly handle certain restricted keywords (e.g., Mail, auth, time) in user-defined objects, which could produce a rule with a default "ANY" address and result in access to more systems than intended by the administrator.

Status:Entry
Reference: BUGTRAQ:19980511 Firewall-1 Reserved Keywords Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=90221101925912&w=2
Reference: CONFIRM:http://www.checkpoint.com/techsupport/config/keywords.html
Reference: OSVDB:4416
Reference: URL:http://www.osvdb.org/4416
Reference: XF:fw1-user-defined-keywords-access(7293)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7293

---

Name: CVE-1999-1205

Description:

nettune in HP-UX 10.01 and 10.00 is installed setuid root, which allows local users to cause a denial of service by modifying critical networking configuration information.

Status:Entry
Reference: BUGTRAQ:19960607 HP-UX B.10.01 vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=87602167419195&w=2
Reference: CIAC:G-34
Reference: HP:HPSBUX9607-035
Reference: URL:http://packetstormsecurity.org/advisories/ibm-ers/96-08
Reference: XF:hp-nettune(414)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/414

---

Name: CVE-1999-1208

Description:

Buffer overflow in ping in AIX 4.2 and earlier allows local users to gain root privileges via a long command line argument.

Status:Entry
Reference: BUGTRAQ:19970721 AIX ping (Exploit)
Reference: URL:http://marc.info/?l=bugtraq&m=87602661419330&w=2
Reference: BUGTRAQ:19970721 AIX ping, lchangelv, xlock fixes
Reference: URL:http://marc.info/?l=bugtraq&m=87602661419337&w=2
Reference: XF:ping-bo(803)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/803

---

Name: CVE-1999-1209

Description:

Vulnerability in scoterm in SCO OpenServer 5.0 and SCO Open Desktop/Open Server 3.0 allows local users to gain root privileges.

Status:Entry
Reference: BUGTRAQ:19971204 scoterm exploit
Reference: URL:http://marc.info/?l=bugtraq&m=88131151000069&w=2
Reference: CERT:VB-97.14
Reference: URL:http://www.cert.org/vendor_bulletins/VB-97.14.scoterm
Reference: XF:sco-scoterm(690)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/690

---

Name: CVE-1999-1214

Description:

The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID.

Status:Entry
Reference: MISC:http://www.openbsd.com/advisories/signals.txt
Reference: OPENBSD:19970915 Vulnerability in I/O Signal Handling
Reference: URL:http://www.openbsd.com/advisories/signals.txt
Reference: OSVDB:11062
Reference: URL:http://www.osvdb.org/11062
Reference: XF:openbsd-iosig(556)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/556

---

Name: CVE-1999-1215

Description:

LOGIN.EXE program in Novell Netware 4.0 and 4.01 temporarily writes user name and password information to disk, which could allow local users to gain privileges.

Status:Entry
Reference: CERT:CA-1993-12
Reference: URL:http://www.cert.org/advisories/CA-1993-12.html
Reference: CIAC:D-21
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/d-21.shtml
Reference: XF:novell-login(545)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/545

---

Name: CVE-1999-1217

Description:

The PATH in Windows NT includes the current working directory (.), which could allow local users to gain privileges by placing Trojan horse programs with the same name as commonly used system programs into certain directories.

Status:Entry
Reference: NTBUGTRAQ:19970723 NT security - why bother?
Reference: URL:http://marc.info/?l=ntbugtraq&m=87602726319426&w=2
Reference: NTBUGTRAQ:19970725 Re: NT security - why bother?
Reference: URL:http://marc.info/?l=ntbugtraq&m=87602726319435&w=2
Reference: XF:nt-path(526)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/526

---

Name: CVE-1999-1222

Description:

Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to cause a denial of service (crash) by returning 0.0.0.0 as the IP address for a DNS host name lookup.

Status:Entry
Reference: MSKB:Q188571
Reference: URL:http://support.microsoft.com/support/kb/articles/Q188/5/71.ASP
Reference: XF:dns-netbtsys-dos(3893)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3893

---

Name: CVE-1999-1223

Description:

IIS 3.0 allows remote attackers to cause a denial of service via a request to an ASP page in which the URL contains a large number of / (forward slash) characters.

Status:Entry
Reference: MSKB:Q187503
Reference: URL:http://support.microsoft.com/support/kb/articles/q187/5/03.asp
Reference: XF:url-asp-av(3892)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3892

---

Name: CVE-1999-1226

Description:

Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key.

Status:Entry
Reference: MISC:http://www.securiteam.com/exploits/Netscape_4_7_and_earlier_vulnerable_to__Huge_Key__DoS.html
Reference: XF:netscape-huge-key-dos(3436)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3436

---

Name: CVE-1999-1233

Description:

IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability.

Status:Entry
Reference: BID:657
Reference: URL:http://www.securityfocus.com/bid/657
Reference: MS:MS99-039
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-039
Reference: MSKB:241562
Reference: URL:http://support.microsoft.com/support/kb/articles/Q241/5/62.asp
Reference: XF:iis-unresolved-domain-access(3306)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3306

---

Name: CVE-1999-1243

Description:

SGI Desktop Permissions Tool in IRIX 6.0.1 and earlier allows local users to modify permissions for arbitrary files and gain privileges.

Status:Entry
Reference: CIAC:F-16
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/f-16.shtml
Reference: SGI:19950301-01-P373
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19950301-01-P373
Reference: XF:sgi-permissions(2113)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2113

---

Name: CVE-1999-1246

Description:

Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure default permissions, allowing remote attackers to read the passwords and gain privileges.

Status:Entry
Reference: MSKB:Q229972
Reference: URL:http://support.microsoft.com/support/kb/articles/Q229/9/72.asp
Reference: XF:siteserver-directmail-passwords(2068)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2068

---

Name: CVE-1999-1249

Description:

movemail in HP-UX 10.20 has insecure permissions, which allows local users to gain privileges.

Status:Entry
Reference: HP:HPSBUX9701-047
Reference: URL:http://www.codetalker.com/advisories/vendor/hp/hpsbux9701-047.html
Reference: OSVDB:8099
Reference: URL:http://www.osvdb.org/8099
Reference: XF:hp-movemail(2057)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2057

---

Name: CVE-1999-1258

Description:

rpc.pwdauthd in SunOS 4.1.1 and earlier does not properly prevent remote access to the daemon, which allows remote attackers to obtain sensitive system information.

Status:Entry
Reference: SUN:00102
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/102
Reference: XF:sun-pwdauthd(1782)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1782

---

Name: CVE-1999-1259

Description:

Microsoft Office 98, Macintosh Edition, does not properly initialize the disk space used by Office 98 files and effectively inserts data from previously deleted files into the Office file, which could allow attackers to obtain sensitive information.

Status:Entry
Reference: MSKB:Q189529
Reference: URL:http://support.microsoft.com/support/kb/articles/q189/5/29.asp
Reference: XF:office-extraneous-data(1780)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1780

---

Name: CVE-1999-1262

Description:

Java in Netscape 4.5 does not properly restrict applets from connecting to other hosts besides the one from which the applet was loaded, which violates the Java security model and could allow remote attackers to conduct unauthorized activities.

Status:Entry
Reference: BUGTRAQ:19990202 Unsecured server in applets under Netscape
Reference: URL:http://www.securityfocus.com/archive/1/12231
Reference: XF:java-socket-open(1727)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1727

---

Name: CVE-1999-1263

Description:

Metamail before 2.7-7.2 allows remote attackers to overwrite arbitrary files via an e-mail message containing a uuencoded attachment that specifies the full pathname for the file to be modified, which is processed by uuencode in Metamail scripts such as sun-audio-file.

Status:Entry
Reference: BUGTRAQ:19971024 Vulnerability in metamail
Reference: URL:http://marc.info/?l=bugtraq&m=87773365324657&w=2
Reference: XF:metamail-file-creation(1677)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1677

---

Name: CVE-1999-1276

Description:

fte-console in the fte package before 0.46b-4.1 does not drop root privileges, which allows local users to gain root access via the virtual console device.

Status:Entry
Reference: DEBIAN:19981207 fte-console: does not drop its root priviliges
Reference: URL:http://www.debian.org/security/1998/19981207
Reference: XF:fte-console-privileges(1609)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1609

---

Name: CVE-1999-1279

Description:

An interaction between the AS/400 shared folders feature and Microsoft SNA Server 3.0 and earlier allows users to view each other's folders when the users share the same Local APPC LU.

Status:Entry
Reference: MSKB:Q138001
Reference: URL:http://support.microsoft.com/support/kb/articles/q138/0/01.asp
Reference: XF:snaserver-shared-folders(1548)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1548

---

Name: CVE-1999-1284

Description:

NukeNabber allows remote attackers to cause a denial of service by connecting to the NukeNabber port (1080) without sending any data, which causes the CPU usage to rise to 100% from the report.exe program that is executed upon the connection.

Status:Entry
Reference: BUGTRAQ:19981105 various *lame* DoS attacks
Reference: URL:http://www.securityfocus.com/archive/1/11131
Reference: BUGTRAQ:19981107 Re: various *lame* DoS attacks
Reference: URL:http://marc.info/?l=bugtraq&m=91063407332594&w=2
Reference: MISC:http://www.dynamsol.com/puppet/text/new.txt
Reference: XF:nukenabber-timeout-dos(1540)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1540

---

Name: CVE-1999-1288

Description:

Samba 1.9.18 inadvertently includes a prototype application, wsmbconf, which is installed with incorrect permissions including the setgid bit, which allows local users to read and write files and possibly gain privileges via bugs in the program.

Status:Entry
Reference: BUGTRAQ:19981119 Vulnerability in Samba on RedHat, Caldera and PHT TurboLinux
Reference: URL:http://www.securityfocus.com/archive/1/11397
Reference: CALDERA:SA-1998.35
Reference: URL:http://www.caldera.com/support/security/advisories/SA-1998.35.txt
Reference: XF:samba-wsmbconf(1406)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1406

---

Name: CVE-1999-1290

Description:

Buffer overflow in nftp FTP client version 1.40 allows remote malicious FTP servers to cause a denial of service, and possibly execute arbitrary commands, via a long response string.

Status:Entry
Reference: BUGTRAQ:19981117 nftp vulnerability (fwd)
Reference: URL:http://marc.info/?l=bugtraq&m=91127951426494&w=2
Reference: CONFIRM:http://www.ayukov.com/nftp/history.html
Reference: XF:nftp-bo(1397)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1397

---

Name: CVE-1999-1294

Description:

Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore permissions, which are inherited by programs such as File Manager that are started from the Shortcut Bar, which could allow local users to read folders for which they do not have permission.

Status:Entry
Reference: MSKB:Q146604
Reference: URL:http://support.microsoft.com/support/kb/articles/q146/6/04.asp
Reference: XF:nt-filemgr(562)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/562

---

Name: CVE-1999-1297

Description:

cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier allows attackers with physical access to the system to display unechoed characters (such as those from password prompts) via the L2/AGAIN key.

Status:Entry
Reference: SUNBUG:1077164
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches%2F100452&zone_32=10045%2A%20
Reference: XF:sun-cmdtool-echo(7482)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7482

---

Name: CVE-1999-1298

Description:

Sysinstall in FreeBSD 2.2.1 and earlier, when configuring anonymous FTP, creates the ftp user without a password and with /bin/date as the shell, which could allow attackers to gain access to certain system resources.

Status:Entry
Reference: FREEBSD:FreeBSD-SA-97:03
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-97:03.sysinstall.asc
Reference: OSVDB:6087
Reference: URL:http://www.osvdb.org/6087
Reference: XF:freebsd-sysinstall-ftp-password(7537)
Reference: URL:http://www.iss.net/security_center/static/7537.php

---

Name: CVE-1999-1301

Description:

A design flaw in the Z-Modem protocol allows the remote sender of a file to execute arbitrary programs on the client, as implemented in rz in the rzsz module of FreeBSD before 2.1.5, and possibly other programs.

Status:Entry
Reference: CIAC:G-31
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/g-31.shtml
Reference: FREEBSD:FreeBSD-SA-96:17
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:17.rzsz.asc
Reference: XF:rzsz-command-execution(7540)
Reference: URL:http://www.iss.net/security_center/static/7540.php

---

Name: CVE-1999-1309

Description:

Sendmail before 8.6.7 allows local users to gain root access via a large value in the debug (-d) command line option.

Status:Entry
Reference: BUGTRAQ:19940314 sendmail -d problem (OLD yet still here)
Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0040.html
Reference: BUGTRAQ:19940315 Security problem in sendmail versions 8.x.x
Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0048.html
Reference: BUGTRAQ:19940315 anyone know details?
Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0042.html
Reference: BUGTRAQ:19940315 so...
Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0043.html
Reference: BUGTRAQ:19940327 sendmail exploit script - resend
Reference: URL:http://www.dataguard.no/bugtraq/1994_1/0078.html
Reference: CERT:CA-1994-12
Reference: URL:http://www.cert.org/advisories/CA-94.12.sendmail.vulnerabilities
Reference: XF:sendmail-debug-gain-root(7155)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7155

---

Name: CVE-1999-1316

Description:

Passfilt.dll in Windows NT SP2 allows users to create a password that contains the user's name, which could make it easier for an attacker to guess.

Status:Entry
Reference: MSKB:Q247975
Reference: URL:http://support.microsoft.com/support/kb/articles/Q247/9/75.asp
Reference: XF:passfilt-fullname(7391)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7391

---

Name: CVE-1999-1317

Description:

Windows NT 4.0 SP4 and earlier allows local users to gain privileges by modifying the symbolic link table in the \?? object folder using a different case letter (upper or lower) to point to a different device.

Status:Entry
Reference: MSKB:Q222159
Reference: URL:http://support.microsoft.com/support/kb/articles/q222/1/59.asp
Reference: NTBUGTRAQ:19990312 [ ALERT ] Case Sensitivity and Symbolic Links
Reference: URL:http://marc.info/?l=ntbugtraq&m=92127046701349&w=2
Reference: NTBUGTRAQ:19990314 AW: [ ALERT ] Case Sensitivity and Symbolic Links
Reference: URL:http://marc.info/?l=ntbugtraq&m=92162979530341&w=2
Reference: XF:nt-symlink-case(7398)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7398

---

Name: CVE-1999-1318

Description:

/usr/5bin/su in SunOS 4.1.3 and earlier uses a search path that includes the current working directory (.), which allows local users to gain privileges via Trojan horse programs.

Status:Entry
Reference: SUNBUG:1121935
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fpatches%2F100630&zone_32=112193%2A%20
Reference: XF:sun-su-path(7480)
Reference: URL:http://www.iss.net/security_center/static/7480.php

---

Name: CVE-1999-1320

Description:

Vulnerability in Novell NetWare 3.x and earlier allows local users to gain privileges via packet spoofing.

Status:Entry
Reference: CIAC:D-01
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/d-01.shtml
Reference: XF:netware-packet-spoofing-privileges(7213)
Reference: URL:http://www.iss.net/security_center/static/7213.php

---

Name: CVE-1999-1321

Description:

Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could allow remote attackers to cause a denial of service or execute arbitrary commands via a long DNS hostname that is not properly handled during TGT ticket passing.

Status:Entry
Reference: BUGTRAQ:19981105 security patch for ssh-1.2.26 kerberos code
Reference: URL:http://lists.netspace.org/cgi-bin/wa?A2=ind9811A&L=bugtraq&P=R4814
Reference: OSVDB:4883
Reference: URL:http://www.osvdb.org/4883

---

Name: CVE-1999-1324

Description:

VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force password guessing.

Status:Entry
Reference: CIAC:D-06
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/d-06.shtml
Reference: XF:openvms-sysgen-enabled(7225)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7225

---

Name: CVE-1999-1325

Description:

SAS System 5.18 on VAX/VMS is installed with insecure permissions for its directories and startup file, which allows local users to gain privileges.

Status:Entry
Reference: CIAC:C-19
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/c-19.shtml
Reference: XF:vaxvms-sas-gain-privileges(7261)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7261

---

Name: CVE-1999-1326

Description:

wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR (abort file transfer) command is executed during a file transfer, which causes a signal to be handled incorrectly and allows local and possibly remote attackers to read arbitrary files.

Status:Entry
Reference: BUGTRAQ:19970104 serious security bug in wu-ftpd v2.4
Reference: URL:http://marc.info/?l=bugtraq&m=87602167420401&w=2
Reference: BUGTRAQ:19970105 BoS: serious security bug in wu-ftpd v2.4 -- PATCH
Reference: URL:http://marc.info/?l=bugtraq&m=87602167420408&w=2
Reference: XF:wuftpd-abor-gain-privileges(7169)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7169

---

Name: CVE-1999-1327

Description:

Buffer overflow in linuxconf 1.11r11-rh2 on Red Hat Linux 5.1 allows local users to gain root privileges via a long LANG environmental variable.

Status:Entry
Reference: BUGTRAQ:19980601 Re: SECURITY: Red Hat Linux 5.1 linuxconf bug (fwd)
Reference: URL:http://marc.info/?l=bugtraq&m=90221103125826&w=2
Reference: CONFIRM:http://www.redhat.com/support/errata/rh51-errata-general.html#linuxconf
Reference: OSVDB:6065
Reference: URL:http://www.osvdb.org/6065
Reference: XF:linuxconf-lang-bo(7239)
Reference: URL:http://www.iss.net/security_center/static/7239.php

---

Name: CVE-1999-1328

Description:

linuxconf before 1.11.r11-rh3 on Red Hat Linux 5.1 allows local users to overwrite arbitrary files and gain root access via a symlink attack.

Status:Entry
Reference: BUGTRAQ:19980823 Security concerns in linuxconf shipped w/RedHat 5.1
Reference: URL:http://marc.info/?l=bugtraq&m=90383955231511&w=2
Reference: BUGTRAQ:19980826 [djb@redhat.com: Unidentified subject!]
Reference: CONFIRM:http://www.redhat.com/support/errata/rh51-errata-general.html#linuxconf
Reference: OSVDB:6068
Reference: URL:http://www.osvdb.org/6068
Reference: XF:linuxconf-symlink-gain-privileges(7232)
Reference: URL:http://www.iss.net/security_center/static/7232.php

---

Name: CVE-1999-1329

Description:

Buffer overflow in SysVInit in Red Hat Linux 5.1 and earlier allows local users to gain privileges.

Status:Entry
Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#SysVinit
Reference: XF:sysvinit-root-bo(7250)
Reference: URL:http://www.iss.net/security_center/static/7250.php

---

Name: CVE-1999-1330

Description:

The snprintf function in the db library 1.85.4 ignores the size parameter, which could allow attackers to exploit buffer overflows that would be prevented by a properly implemented snprintf.

Status:Entry
Reference: BUGTRAQ:19970709 [linux-security] so-called snprintf() in db-1.85.4 (fwd)
Reference: URL:http://marc.info/?l=bugtraq&m=87602661419259&w=2
Reference: CONFIRM:http://lists.openresources.com/Debian/debian-bugs-closed/msg00581.html
Reference: CONFIRM:http://www.redhat.com/support/errata/rh42-errata-general.html#db
Reference: XF:linux-libdb-snprintf-bo(7244)
Reference: URL:http://www.iss.net/security_center/static/7244.php

---

Name: CVE-1999-1331

Description:

netcfg 2.16-1 in Red Hat Linux 4.2 allows the Ethernet interface to be controlled by users on reboot when an option is set, which allows local users to cause a denial of service by shutting down the interface.

Status:Entry
Reference: CONFIRM:http://www.redhat.com/support/errata/rh42-errata-general.html#netcfg
Reference: XF:netcfg-ethernet-dos(7245)
Reference: URL:http://www.iss.net/security_center/static/7245.php

---

Name: CVE-1999-1332

Description:

gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows local users to overwrite files of other users via a symlink attack on a temporary file.

Status:Entry
Reference: BID:7845
Reference: URL:http://www.securityfocus.com/bid/7845
Reference: BUGTRAQ:19980128 GZEXE - the big problem
Reference: URL:http://marc.info/?l=bugtraq&m=88603844115233&w=2
Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#gzip
Reference: DEBIAN:DSA-308
Reference: URL:http://www.debian.org/security/2003/dsa-308
Reference: OSVDB:3812
Reference: URL:http://www.osvdb.org/3812
Reference: XF:gzip-gzexe-tmp-symlink(7241)
Reference: URL:http://www.iss.net/security_center/static/7241.php

---

Name: CVE-1999-1333

Description:

automatic download option in ncftp 2.4.2 FTP client in Red Hat Linux 5.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the names of files that are to be downloaded.

Status:Entry
Reference: BUGTRAQ:19980319 ncftp 2.4.2 MkDirs bug
Reference: URL:http://marc.info/?l=bugtraq&m=89042322924057&w=2
Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#ncftp
Reference: OSVDB:6111
Reference: URL:http://www.osvdb.org/6111
Reference: XF:ncftp-autodownload-command-execution(7240)
Reference: URL:http://www.iss.net/security_center/static/7240.php

---

Name: CVE-1999-1335

Description:

snmpd server in cmu-snmp SNMP package before 3.3-1 in Red Hat Linux 4.0 is configured to allow remote attackers to read and write sensitive information.

Status:Entry
Reference: CONFIRM:http://www.redhat.com/support/errata/rh40-errata-general.html#cmu-snmp
Reference: XF:cmusnmp-read-write(7251)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7251

---

Name: CVE-1999-1336

Description:

3Com HiPer Access Router Card (HiperARC) 4.0 through 4.2.29 allows remote attackers to cause a denial of service (reboot) via a flood of IAC packets to the telnet port.

Status:Entry
Reference: BUGTRAQ:19990812 3com hiperarch flaw [hiperbomb.c]
Reference: URL:http://marc.info/?l=bugtraq&m=93458364903256&w=2
Reference: BUGTRAQ:19990816 Re: 3com hiperarch flaw [hiperbomb.c]
Reference: URL:http://marc.info/?l=bugtraq&m=93492615408725&w=2
Reference: OSVDB:6057
Reference: URL:http://www.osvdb.org/6057

---

Name: CVE-1999-1337

Description:

FTP client in Midnight Commander (mc) before 4.5.11 stores usernames and passwords for visited sites in plaintext in the world-readable history file, which allows other local users to gain privileges.

Status:Entry
Reference: BUGTRAQ:19990801 midnight commander vulnerability(?) (fwd)
Reference: URL:http://marc.info/?l=bugtraq&m=93370073207984&w=2
Reference: OSVDB:5921
Reference: URL:http://www.osvdb.org/5921
Reference: XF:midnight-commander-data-disclosure(9873)
Reference: URL:http://www.iss.net/security_center/static/9873.php

---

Name: CVE-1999-1339

Description:

Vulnerability when Network Address Translation (NAT) is enabled in Linux 2.2.10 and earlier with ipchains, or FreeBSD 3.2 with ipfw, allows remote attackers to cause a denial of service (kernel panic) via a ping -R (record route) command.

Status:Entry
Reference: BUGTRAQ:19990722 Linux +ipchains+ ping -R
Reference: URL:http://marc.info/?l=bugtraq&m=93277426802802&w=2
Reference: BUGTRAQ:19990722 Re: ping -R causes kernel panic on a forwarding machine ( 2.2.5 a nd 2 .2.10)
Reference: URL:http://marc.info/?l=bugtraq&m=93277766505061&w=2
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.2/patch-2.2.11.gz
Reference: OSVDB:6105
Reference: URL:http://www.osvdb.org/6105
Reference: XF:ipchains-ping-route-dos(7257)
Reference: URL:http://www.iss.net/security_center/static/7257.php

---

Name: CVE-1999-1341

Description:

Linux kernel before 2.3.18 or 2.2.13pre15, with SLIP and PPP options, allows local unprivileged users to forge IP packets via the TIOCSETD option on tty devices.

Status:Entry
Reference: BUGTRAQ:19991022 Local user can send forged packets
Reference: URL:http://marc.info/?l=bugtraq&m=94061108411308&w=2
Reference: XF:linux-tiocsetd-forge-packets(7858)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7858

---

Name: CVE-1999-1351

Description:

Directory traversal vulnerability in KVIrc IRC client 0.9.0 with the "Listen to !nick <soundname> requests" option enabled allows remote attackers to read arbitrary files via a .. (dot dot) in a DCC GET request.

Status:Entry
Reference: BUGTRAQ:19990924 Kvirc bug
Reference: URL:http://marc.info/?l=bugtraq&m=93845560631314&w=2
Reference: XF:kvirc-dot-directory-traversal(7761)
Reference: URL:http://www.iss.net/security_center/static/7761.php

---

Name: CVE-1999-1356

Description:

Compaq Integration Maintenance Utility as used in Compaq Insight Manager agent before SmartStart 4.50 modifies the legal notice caption (LegalNoticeCaption) and text (LegalNoticeText) in Windows NT, which could produce a legal notice that is in violation of the security policy.

Status:Entry
Reference: BUGTRAQ:19990902 Compaq CIM UG Overwrites Legal Notice
Reference: URL:http://marc.info/?l=bugtraq&m=93646669500991&w=2
Reference: NTBUGTRAQ:19990902 Compaq CIM UG Overwrites Legal Notice
Reference: URL:http://marc.info/?l=ntbugtraq&m=93637792706047&w=2
Reference: NTBUGTRAQ:19990917 Re: Compaq CIM UG Overwrites Legal Notice
Reference: URL:http://marc.info/?l=ntbugtraq&m=93759822830815&w=2
Reference: XF:compaq-smartstart-legal-notice(7763)
Reference: URL:http://www.iss.net/security_center/static/7763.php

---

Name: CVE-1999-1358

Description:

When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which could allow local users to bypass restrictions that would otherwise be enforced by the policy, possibly by changing the policy file to be read-only.

Status:Entry
Reference: MSKB:Q157673
Reference: URL:http://support.microsoft.com/support/kb/articles/q157/6/73.asp
Reference: XF:nt-user-policy-update(7400)
Reference: URL:http://www.iss.net/security_center/static/7400.php

---

Name: CVE-1999-1359

Description:

When the Ntconfig.pol file is used on a server whose name is longer than 13 characters, Windows NT does not properly enforce policies for global groups, which could allow users to bypass restrictions that were intended by those policies.

Status:Entry
Reference: MSKB:Q163875
Reference: URL:http://support.microsoft.com/support/kb/articles/q163/8/75.asp
Reference: XF:nt-group-policy-longname(7401)
Reference: URL:http://www.iss.net/security_center/static/7401.php

---

Name: CVE-1999-1360

Description:

Windows NT 4.0 allows local users to cause a denial of service via a user mode application that closes a handle that was opened in kernel mode, which causes a crash when the kernel attempts to close the handle.

Status:Entry
Reference: MSKB:Q160650
Reference: URL:http://support.microsoft.com/support/kb/articles/q160/6/50.asp
Reference: XF:nt-kernel-handle-dos(7402)
Reference: URL:http://www.iss.net/security_center/static/7402.php

---

Name: CVE-1999-1362

Description:

Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters.

Status:Entry
Reference: MSKB:Q160601
Reference: URL:http://support.microsoft.com/support/kb/articles/q160/6/01.asp
Reference: XF:nt-win32k-dos(7403)
Reference: URL:http://www.iss.net/security_center/static/7403.php

---

Name: CVE-1999-1363

Description:

Windows NT 3.51 and 4.0 allow local users to cause a denial of service (crash) by running a program that creates a large number of locks on a file, which exhausts the NonPagedPool.

Status:Entry
Reference: MSKB:Q163143
Reference: URL:http://support.microsoft.com/support/kb/articles/q163/1/43.asp
Reference: XF:nt-nonpagedpool-dos(7405)
Reference: URL:http://www.iss.net/security_center/static/7405.php

---

Name: CVE-1999-1365

Description:

Windows NT searches a user's home directory (%systemroot% by default) before other directories to find critical programs such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could allow local users to bypass access restrictions or gain privileges by placing a Trojan horse program into the root directory, which is writable by default.

Status:Entry
Reference: BID:515
Reference: URL:http://www.securityfocus.com/bid/515
Reference: NTBUGTRAQ:19990628 NT runs Explorer.exe, Taskmgr.exe etc. from wrong location
Reference: URL:http://marc.info/?l=ntbugtraq&m=93069418400856&w=2
Reference: NTBUGTRAQ:19990630 Update: NT runs explorer.exe, etc...
Reference: URL:http://marc.info/?l=ntbugtraq&m=93127894731200&w=2
Reference: XF:nt-login-default-folder(2336)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2336

---

Name: CVE-1999-1379

Description:

DNS allows remote attackers to use DNS name servers as traffic amplifiers via a UDP DNS query with a spoofed source address, which produces more traffic to the victim than was sent by the attacker.

Status:Entry
Reference: AUSCERT:AL-1999.004
Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AL-1999.004.dns_dos
Reference: BUGTRAQ:19990730 Possible Denial Of Service using DNS
Reference: URL:http://marc.info/?l=bugtraq&m=93348057829957&w=2
Reference: BUGTRAQ:19990810 Possible Denial Of Service using DNS
Reference: URL:http://marc.info/?l=bugtraq&m=93433758607623&w=2
Reference: CIAC:J-063
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/j-063.shtml
Reference: XF:dns-udp-query-dos(7238)
Reference: URL:http://www.iss.net/security_center/static/7238.php

---

Name: CVE-1999-1380

Description:

Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0.

Status:Entry
Reference: MISC:http://mlarchive.ima.com/win95/1997/May/0342.html
Reference: MISC:http://news.zdnet.co.uk/story/0,,s2065518,00.html
Reference: MISC:http://www.net-security.sk/bugs/NT/nu20.html
Reference: XF:nu-tuneocx-activex-control(7188)
Reference: URL:http://www.iss.net/security_center/static/7188.php

---

Name: CVE-1999-1382

Description:

NetWare NFS mode 1 and 2 implements the "Read Only" flag in Unix by changing the ownership of a file to root, which allows local users to gain root privileges by creating a setuid program and setting it to "Read Only," which NetWare-NFS changes to a setuid root program.

Status:Entry
Reference: BUGTRAQ:19980108 NetWare NFS
Reference: URL:http://marc.info/?l=bugtraq&m=88427711321769&w=2
Reference: BUGTRAQ:19980812 Re: Netware NFS (fwd)
Reference: URL:http://marc.info/?l=bugtraq&m=90295697702474&w=2
Reference: CONFIRM:http://support.novell.com/cgi-bin/search/tidfinder.cgi?2940551
Reference: XF:netware-nfs-file-ownership(7246)
Reference: URL:http://www.iss.net/security_center/static/7246.php

---

Name: CVE-1999-1384

Description:

Indigo Magic System Tour in the SGI system tour package (systour) for IRIX 5.x through 6.3 allows local users to gain root privileges via a Trojan horse .exitops program, which is called by the inst command that is executed by the RemoveSystemTour program.

Status:Entry
Reference: AUSCERT:AA-96.08
Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-96.08.SGI.systour.vul
Reference: BID:470
Reference: URL:http://www.securityfocus.com/bid/470
Reference: BUGTRAQ:19961030 (Another) vulnerability in new SGIs
Reference: URL:http://marc.info/?l=bugtraq&m=87602167420095&w=2
Reference: SGI:19961101-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19961101-01-I
Reference: XF:irix-systour(7456)
Reference: URL:http://www.iss.net/security_center/static/7456.php

---

Name: CVE-1999-1385

Description:

Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local users to gain privileges via a long HOME environment variable.

Status:Entry
Reference: BUGTRAQ:19961219 Exploit for ppp bug (FreeBSD 2.1.0).
Reference: URL:http://marc.info/?l=bugtraq&m=87602167420332&w=2
Reference: FREEBSD:FreeBSD-SA-96:20
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/old/FreeBSD-SA-96:20.stack-overflow.asc
Reference: OSVDB:6085
Reference: URL:http://www.osvdb.org/6085
Reference: XF:ppp-bo(7465)
Reference: URL:http://www.iss.net/security_center/static/7465.php

---

Name: CVE-1999-1386

Description:

Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.

Status:Entry
Reference: BUGTRAQ:19980308 another /tmp race: `perl -e' opens temp file not safely
Reference: URL:http://marc.info/?l=bugtraq&m=88932165406213&w=2
Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#perl
Reference: XF:perl-e-tmp-symlink(7243)
Reference: URL:http://www.iss.net/security_center/static/7243.php

---

Name: CVE-1999-1397

Description:

Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed.

Status:Entry
Reference: BID:476
Reference: URL:http://www.securityfocus.com/bid/476
Reference: BUGTRAQ:19990323 Index Server 2.0 and the Registry
Reference: URL:http://marc.info/?l=bugtraq&m=92242671024118&w=2
Reference: NTBUGTRAQ:19990323 Index Server 2.0 and the Registry
Reference: URL:http://marc.info/?l=ntbugtraq&m=92223293409756&w=2
Reference: XF:iis-indexserver-reveal-path(7559)
Reference: URL:http://www.iss.net/security_center/static/7559.php

---

Name: CVE-1999-1402

Description:

The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket.

Status:Entry
Reference: BID:456
Reference: URL:http://www.securityfocus.com/bid/456
Reference: BUGTRAQ:19970517 UNIX domain socket (Solarisx86 2.5)
Reference: URL:http://marc.info/?l=bugtraq&m=87602167418317&w=2
Reference: BUGTRAQ:19971003 Solaris 2.6 and sockets
Reference: URL:http://marc.info/?l=bugtraq&m=87602248718482&w=2
Reference: XF:sun-domain-socket-permissions(7172)
Reference: URL:http://www.iss.net/security_center/static/7172.php

---

Name: CVE-1999-1407

Description:

ifdhcpc-done script for configuring DHCP on Red Hat Linux 5 allows local users to append text to arbitrary files via a symlink attack on the dhcplog file.

Status:Entry
Reference: BID:368
Reference: URL:http://www.securityfocus.com/bid/368
Reference: BUGTRAQ:19980309 *sigh* another RH5 /tmp problem
Reference: URL:http://marc.info/?l=bugtraq&m=88950856416985&w=2
Reference: CONFIRM:http://www.redhat.com/support/errata/rh50-errata-general.html#initscripts
Reference: XF:initscripts-ifdhcpdone-dhcplog-symlink(7294)
Reference: URL:http://www.iss.net/security_center/static/7294.php

---

Name: CVE-1999-1409

Description:

The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbitrary files by submitting the file to at with the -f argument, which generates error messages that at sends to the user via e-mail.

Status:Entry
Reference: BID:331
Reference: URL:http://www.securityfocus.com/bid/331
Reference: BUGTRAQ:19980703 more about 'at'
Reference: URL:http://www.shmoo.com/mail/bugtraq/jul98/msg00064.html
Reference: BUGTRAQ:19980805 irix-6.2 "at -f" vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=90233906612929&w=2
Reference: NETBSD:NetBSD-SA1998-004
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA1998-004.txt.asc
Reference: XF:at-f-read-files(7577)
Reference: URL:http://www.iss.net/security_center/static/7577.php

---

Name: CVE-1999-1411

Description:

The installation of the fsp package 2.71-10 in Debian GNU/Linux 2.0 adds the anonymous FTP user without notifying the administrator, which could automatically enable anonymous FTP on some servers such as wu-ftp.

Status:Entry
Reference: BID:316
Reference: URL:http://www.securityfocus.com/bid/316
Reference: BUGTRAQ:19981128 Debian: Security flaw in FSP
Reference: URL:http://marc.info/?l=bugtraq&m=91228908407679&w=2
Reference: BUGTRAQ:19981130 Debian: Security flaw in FSP
Reference: URL:http://marc.info/?l=bugtraq&m=91244712808780&w=2
Reference: BUGTRAQ:19990217 Debian GNU/Linux 2.0r5 released (fwd)
Reference: URL:http://marc.info/?l=bugtraq&m=91936850009861&w=2
Reference: DEBIAN:19981126 new version of fsp fixes security flaw
Reference: URL:http://lists.debian.org/debian-security-announce/debian-security-announce-1998/msg00033.html
Reference: XF:fsp-anon-ftp-access(7574)
Reference: URL:http://www.iss.net/security_center/static/7574.php

---

Name: CVE-1999-1414

Description:

IBM Netfinity Remote Control allows local users to gain administrator privileges by starting programs from the process manager, which runs with system level privileges.

Status:Entry
Reference: BID:284
Reference: URL:http://www.securityfocus.com/bid/284
Reference: NTBUGTRAQ:19990525 Security Leak with IBM Netfinity Remote Control Software
Reference: URL:http://marc.info/?l=ntbugtraq&m=92765856706547&w=2
Reference: NTBUGTRAQ:19990609 IBM's response to "Security Leak with IBM Netfinity Remote Control Software
Reference: URL:http://marc.info/?l=ntbugtraq&m=92902484317769&w=2

---

Name: CVE-1999-1419

Description:

Buffer overflow in nss_nisplus.so.1 library in NIS+ in Solaris 2.3 and 2.4 allows local users to gain root privileges.

Status:Entry
Reference: BID:219
Reference: URL:http://www.securityfocus.com/bid/219
Reference: SUN:00148
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/148
Reference: XF:sun-nisplus-bo(7535)
Reference: URL:http://www.iss.net/security_center/static/7535.php

---

Name: CVE-1999-1423

Description:

ping in Solaris 2.3 through 2.6 allows local users to cause a denial of service (crash) via a ping request to a multicast address through the loopback interface, e.g. via ping -i.

Status:Entry
Reference: BID:209
Reference: URL:http://www.securityfocus.com/bid/209
Reference: BUGTRAQ:19970626 Solaris Ping bug (DoS)
Reference: URL:http://marc.info/?l=bugtraq&m=87602558319160&w=2
Reference: BUGTRAQ:19970627 SUMMARY: Solaris Ping bug (DoS)
Reference: URL:http://marc.info/?l=bugtraq&m=87602558319171&w=2
Reference: BUGTRAQ:19970627 Solaris Ping bug(inetsvc)
Reference: URL:http://marc.info/?l=bugtraq&m=87602558319181&w=2
Reference: BUGTRAQ:19971005 Solaris Ping Bug and other [bc] oddities
Reference: URL:http://marc.info/?l=bugtraq&m=87602558319180&w=2
Reference: SUN:00146
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/146
Reference: XF:ping-multicast-loopback-dos(7492)
Reference: URL:http://www.iss.net/security_center/static/7492.php

---

Name: CVE-1999-1432

Description:

Power management (Powermanagement) on Solaris 2.4 through 2.6 does not start the xlock process until after the sys-suspend has completed, which allows an attacker with physical access to input characters to the last active application from the keyboard for a short period after the system is restoring, which could lead to increased privileges.

Status:Entry
Reference: BID:160
Reference: URL:http://www.securityfocus.com/bid/160
Reference: BUGTRAQ:19980716 Security risk with powermanagemnet on Solaris 2.6
Reference: URL:http://marc.info/?l=bugtraq&m=90221104525997&w=2
Reference: SUNBUG:4024179

---

Name: CVE-1999-1433

Description:

HP JetAdmin D.01.09 on Solaris allows local users to change the permissions of arbitrary files via a symlink attack on the /tmp/jetadmin.log file.

Status:Entry
Reference: BID:157
Reference: URL:http://www.securityfocus.com/bid/157
Reference: BUGTRAQ:19980715 JetAdmin software
Reference: URL:http://marc.info/?l=bugtraq&m=90221104525988&w=2
Reference: BUGTRAQ:19980722 Re: JetAdmin software
Reference: URL:http://marc.info/?l=bugtraq&m=90221104526067&w=2

---

Name: CVE-1999-1437

Description:

ePerl 2.2.12 allows remote attackers to read arbitrary files and possibly execute certain commands by specifying a full pathname of the target file as an argument to bar.phtml.

Status:Entry
Reference: BID:151
Reference: URL:http://www.securityfocus.com/bid/151
Reference: BUGTRAQ:19980707 ePerl: bad handling of ISINDEX queries
Reference: URL:http://marc.info/?l=bugtraq&m=90221104525890&w=2
Reference: BUGTRAQ:19980710 ePerl Security Update Available
Reference: URL:http://marc.info/?l=bugtraq&m=90221104525927&w=2

---

Name: CVE-1999-1452

Description:

GINA in Windows NT 4.0 allows attackers with physical access to display a portion of the clipboard of the user who has locked the workstation by pasting (CTRL-V) the contents into the username prompt.

Status:Entry
Reference: BID:198
Reference: URL:http://www.securityfocus.com/bid/198
Reference: BUGTRAQ:19990129 ole objects in a "secured" environment?
Reference: URL:http://marc.info/?l=bugtraq&m=91788829326419&w=2
Reference: MSKB:Q214802
Reference: URL:http://support.microsoft.com/support/kb/articles/q214/8/02.asp
Reference: NTBUGTRAQ:19990129 ole objects in a "secured" environment?
Reference: URL:http://marc.info/?l=ntbugtraq&m=91764169410814&w=2
Reference: NTBUGTRAQ:19990205 Alert: MS releases GINA-fix for SP3, SP4, and TS
Reference: URL:http://marc.info/?l=ntbugtraq&m=91822011021558&w=2
Reference: XF:nt-gina-clipboard(1975)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1975

---

Name: CVE-1999-1455

Description:

RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not properly restrict access as specified in the .Rhosts file when a user comes from an authorized host, which could allow unauthorized users to access the service by logging in from an authorized host.

Status:Entry
Reference: MSKB:Q158320
Reference: URL:http://support.microsoft.com/support/kb/articles/q158/3/20.asp
Reference: XF:nt-rshsvc-ale-bypass(7422)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7422

---

Name: CVE-1999-1456

Description:

thttpd HTTP server 2.03 and earlier allows remote attackers to read arbitrary files via a GET request with more than one leading / (slash) character in the filename.

Status:Entry
Reference: BUGTRAQ:19980819 thttpd 2.04 released (fwd)
Reference: URL:http://www.securityfocus.com/archive/1/10368
Reference: CONFIRM:http://www.acme.com/software/thttpd/thttpd.html#releasenotes
Reference: XF:thttpd-file-read(1809)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1809

---

Name: CVE-1999-1468

Description:

rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable.

Status:Entry
Reference: BID:31
Reference: URL:http://www.securityfocus.com/bid/31
Reference: CERT:CA-91.20
Reference: URL:http://www.cert.org/advisories/CA-91.20.rdist.vulnerability
Reference: MISC:http://www.alw.nih.gov/Security/8lgm/8lgm-Advisory-01.html
Reference: OSVDB:8106
Reference: URL:http://www.osvdb.org/8106
Reference: XF:rdist-popen-gain-privileges(7160)
Reference: URL:http://www.iss.net/security_center/static/7160.php

---

Name: CVE-1999-1472

Description:

Internet Explorer 4.0 allows remote attackers to read arbitrary text and HTML files on the user's machine via a small IFRAME that uses Dynamic HTML (DHTML) to send the data to the attacker, aka the Freiburg text-viewing issue.

Status:Entry
Reference: BUGTRAQ:19971017 Security Hole in Explorer 4.0
Reference: URL:http://marc.info/?l=bugtraq&m=87710897923098&w=2
Reference: CONFIRM:http://www.microsoft.com/Windows/ie/security/freiburg.asp
Reference: MISC:http://www.insecure.org/sploits/Internet_explorer_4.0.hack.html
Reference: MSKB:Q176697
Reference: URL:http://support.microsoft.com/support/kb/articles/q176/6/97.asp
Reference: MSKB:Q176794
Reference: URL:http://support.microsoft.com/support/kb/articles/q176/7/94.asp
Reference: OSVDB:7819
Reference: URL:http://www.osvdb.org/7819
Reference: XF:http-ie-spy(587)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/587

---

Name: CVE-1999-1473

Description:

When a Web site redirects the browser to another site, Internet Explorer 3.02 and 4.0 automatically resends authentication information to the second site, aka the "Page Redirect Issue."

Status:Entry
Reference: MSKB:Q176697
Reference: URL:http://support.microsoft.com/support/kb/articles/q176/6/97.asp
Reference: OSVDB:7818
Reference: URL:http://www.osvdb.org/7818
Reference: XF:ie-page-redirect(7426)
Reference: URL:http://www.iss.net/security_center/static/7426.php

---

Name: CVE-1999-1476

Description:

A bug in Intel Pentium processor (MMX and Overdrive) allows local users to cause a denial of service (hang) in Intel-based operating systems such as Windows NT and Windows 95, via an invalid instruction, aka the "Invalid Operand with Locked CMPXCHG8B Instruction" problem.

Status:Entry
Reference: MSKB:Q163852
Reference: URL:http://support.microsoft.com/support/kb/articles/q163/8/52.asp
Reference: XF:pentium-crash(704)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/704

---

Name: CVE-1999-1478

Description:

The Sun HotSpot Performance Engine VM allows a remote attacker to cause a denial of service on any server running HotSpot via a URL that includes the [ character.

Status:Entry
Reference: BID:522
Reference: URL:http://www.securityfocus.com/bid/522
Reference: NTBUGTRAQ:19990706 Bug in SUN's Hotspot VM
Reference: URL:http://marc.info/?l=ntbugtraq&m=93138827429589&w=2
Reference: NTBUGTRAQ:19990716 FW: (Review ID: 85125) Hotspot crashes bringing down webserver
Reference: URL:http://marc.info/?l=ntbugtraq&m=93240220324183&w=2
Reference: XF:sun-hotspot-vm(2348)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2348

---

Name: CVE-1999-1481

Description:

Squid 2.2.STABLE5 and below, when using external authentication, allows attackers to bypass access controls via a newline in the user/password pair.

Status:Entry
Reference: BID:741
Reference: URL:http://www.securityfocus.com/bid/741
Reference: BUGTRAQ:19991025 [squid] exploit for external authentication problem
Reference: URL:http://www.securityfocus.com/archive/1/33295
Reference: BUGTRAQ:19991103 [squid]exploit for external authentication problem
Reference: URL:http://www.securityfocus.com/archive/1/33295
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.2/bugs/
Reference: XF:squid-proxy-auth-access(3433)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3433

---

Name: CVE-1999-1486

Description:

sadc in IBM AIX 4.1 through 4.3, when called from programs such as timex that are setgid adm, allows local users to overwrite arbitrary files via a symlink attack.

Status:Entry
Reference: AIXAPAR:IX75554
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IX75554&apar=only
Reference: AIXAPAR:IX76330
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IX76330&apar=only
Reference: AIXAPAR:IX76853
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IX76853&apar=only
Reference: BID:408
Reference: URL:http://www.securityfocus.com/bid/408
Reference: CONFIRM:http://techsupport.services.ibm.com/aix/fixes/v4/os/bos.acct.4.3.1.0.info
Reference: XF:aix-sadc-timex(7675)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7675

---

Name: CVE-1999-1488

Description:

sdrd daemon in IBM SP2 System Data Repository (SDR) allows remote attackers to read files without authentication.

Status:Entry
Reference: BID:371
Reference: URL:http://www.securityfocus.com/bid/371
Reference: CIAC:I-079A
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/i-079a.shtml
Reference: XF:ibm-sdr-read-files(7217)
Reference: URL:http://www.iss.net/security_center/static/7217.php

---

Name: CVE-1999-1490

Description:

xosview 1.5.1 in Red Hat 5.1 allows local users to gain root access via a long HOME environmental variable.

Status:Entry
Reference: BID:362
Reference: URL:http://www.securityfocus.com/bid/362
Reference: BUGTRAQ:19980528 ALERT: Tiresome security hole in "xosview", RedHat5.1?
Reference: URL:http://marc.info/?l=bugtraq&m=90221101926021&w=2
Reference: BUGTRAQ:19980529 Re: Tiresome security hole in "xosview" (xosexp.c)
Reference: URL:http://marc.info/?l=bugtraq&m=90221101926034&w=2
Reference: XF:linux-xosview-bo(8787)
Reference: URL:http://www.iss.net/security_center/static/8787.php

---

Name: CVE-1999-1494

Description:

colorview in Silicon Graphics IRIX 5.1, 5.2, and 6.0 allows local attackers to read arbitrary files via the -text argument.

Status:Entry
Reference: BID:336
Reference: URL:http://www.securityfocus.com/bid/336
Reference: BUGTRAQ:19940809 Re: IRIX 5.2 Security Advisory
Reference: URL:http://www.securityfocus.com/archive/1/675
Reference: BUGTRAQ:19950307 sigh. another Irix 5.2 hole.
Reference: URL:http://www.tryc.on.ca/archives/bugtraq/1995_1/0614.html
Reference: SGI:19950209-00-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/19950209-01-P
Reference: XF:sgi-colorview(2112)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2112

---

Name: CVE-1999-1507

Description:

Sun SunOS 4.1 through 4.1.3 allows local attackers to gain root access via insecure permissions on files and directories such as crash.

Status:Entry
Reference: BID:59
Reference: URL:http://www.securityfocus.com/bid/59
Reference: CERT:CA-1993-03
Reference: URL:http://www.cert.org/advisories/CA-1993-03.html
Reference: XF:sun-dir(521)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/521

---

Name: CVE-1999-1512

Description:

The AMaViS virus scanner 0.2.0-pre4 and earlier allows remote attackers to execute arbitrary commands as root via an infected mail message with shell metacharacters in the reply-to field.

Status:Entry
Reference: BID:527
Reference: URL:http://www.securityfocus.com/bid/527
Reference: BUGTRAQ:19990716 AMaViS virus scanner for Linux - root exploit
Reference: URL:http://marc.info/?l=bugtraq&m=93219846414732&w=2
Reference: CONFIRM:http://www.amavis.org/ChangeLog.txt
Reference: XF:amavis-command-execute(2349)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2349

---

Name: CVE-1999-1520

Description:

A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file, which exposes sensitive SQL database information.

Status:Entry
Reference: BID:256
Reference: URL:http://www.securityfocus.com/bid/256
Reference: BUGTRAQ:19990511 [ALERT] Site Server 3.0 May Expose SQL IDs and PSWs
Reference: URL:http://marc.info/?l=bugtraq&m=92647407227303&w=2
Reference: XF:siteserver-site-csc(2270)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2270

---

Name: CVE-1999-1530

Description:

cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly identify the user for running certain scripts, which allows a malicious site administrator to view or modify data located at another virtual site on the same system.

Status:Entry
Reference: BID:777
Reference: URL:http://www.securityfocus.com/bid/777
Reference: BUGTRAQ:19991108 Security flaw in Cobalt RaQ2 cgiwrap
Reference: URL:http://marc.info/?l=bugtraq&m=94209954200450&w=2
Reference: BUGTRAQ:19991109 [Cobalt] Security Advisory - cgiwrap
Reference: URL:http://marc.info/?l=bugtraq&m=94225629200045&w=2
Reference: OSVDB:35
Reference: URL:http://www.osvdb.org/35
Reference: XF:cobalt-cgiwrap-incorrect-permissions(7764)
Reference: URL:http://www.iss.net/security_center/static/7764.php

---

Name: CVE-1999-1531

Description:

Buffer overflow in IBM HomePagePrint 1.0.7 for Windows98J allows a malicious Web site to execute arbitrary code on a viewer's system via a long IMG_SRC HTML tag.

Status:Entry
Reference: BID:763
Reference: URL:http://www.securityfocus.com/bid/763
Reference: BUGTRAQ:19991102 Some holes for Win/UNIX softwares
Reference: URL:http://marc.info/?l=bugtraq&m=94157187815629&w=2
Reference: XF:ibm-homepageprint-bo(7767)
Reference: URL:http://www.iss.net/security_center/static/7767.php

---

Name: CVE-1999-1535

Description:

Buffer overflow in AspUpload.dll in Persits Software AspUpload before 1.4.0.2 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument in the HTTP request.

Status:Entry
Reference: BID:592
Reference: URL:http://www.securityfocus.com/bid/592
Reference: NTBUGTRAQ:19990720 Buffer overflow in AspUpload 1.4
Reference: URL:http://marc.info/?l=ntbugtraq&m=93256878011447&w=2
Reference: NTBUGTRAQ:19990818 AspUpload Buffer Overflow Fixed
Reference: URL:http://marc.info/?l=ntbugtraq&m=93501427820328&w=2
Reference: XF:http-aspupload-bo(3291)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3291

---

Name: CVE-1999-1537

Description:

IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform extra work to send the files over SSL.

Status:Entry
Reference: BID:521
Reference: URL:http://www.securityfocus.com/bid/521
Reference: NTBUGTRAQ:19990707 SSL and IIS.
Reference: URL:http://marc.info/?l=ntbugtraq&m=93138827329577&w=2
Reference: XF:ssl-iis-dos(2352)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2352

---

Name: CVE-1999-1542

Description:

RPMMail before 1.4 allows remote attackers to execute commands via an e-mail message with shell metacharacters in the "MAIL FROM" command.

Status:Entry
Reference: BUGTRAQ:19991004 RH6.0 local/remote command execution
Reference: URL:http://marc.info/?l=bugtraq&m=93915641729415&w=2
Reference: BUGTRAQ:19991006 Fwd: [Re: RH6.0 local/remote command execution]
Reference: URL:http://marc.info/?l=bugtraq&m=93923853105687&w=2
Reference: XF:linux-rh-rpmmail(3353)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3353

---

Name: CVE-1999-1550

Description:

bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to read arbitrary files by specifying the target file in the "file" parameter.

Status:Entry
Reference: BID:778
Reference: URL:http://www.securityfocus.com/bid/778
Reference: BUGTRAQ:19991108 BigIP - bigconf.cgi holes
Reference: URL:http://marc.info/?l=bugtraq&m=94217006208374&w=2
Reference: BUGTRAQ:19991109
Reference: URL:http://marc.info/?l=bugtraq&m=94225879703021&w=2
Reference: BUGTRAQ:19991109 Re: BigIP - bigconf.cgi holes
Reference: URL:http://marc.info/?l=bugtraq&m=94217879020184&w=2
Reference: XF:bigip-bigconf-view-files(7771)
Reference: URL:http://www.iss.net/security_center/static/7771.php

---

Name: CVE-1999-1556

Description:

Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value.

Status:Entry
Reference: BID:109
Reference: URL:http://www.securityfocus.com/bid/109
Reference: NTBUGTRAQ:19980629 MS SQL Server 6.5 stores password in unprotected registry keys
Reference: URL:http://marc.info/?l=ntbugtraq&m=90222453431645&w=2
Reference: XF:mssql-sqlexecutivecmdexec-password(7354)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7354

---

Name: CVE-1999-1565

Description:

Man2html 2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

Status:Entry
Reference: BUGTRAQ:19990820 [SECURITY] New versions of man2html fixes postinst glitch
Reference: URL:http://www.securityfocus.com/archive/1/24784
Reference: OSVDB:6291
Reference: URL:http://www.osvdb.org/6291

---

Name: CVE-1999-1568

Description:

Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote attacker to cause a denial of service (crash) via a long PORT command.

Status:Entry
Reference: BUGTRAQ:19990223 Comments on NcFTPd "theoretical root compromise"
Reference: URL:http://www.securityfocus.com/archive/1/12699
Reference: BUGTRAQ:19990223 NcFTPd remote buffer overflow
Reference: URL:http://marc.info/?l=bugtraq&m=91981352617720&w=2
Reference: XF:ncftpd-port-bo(1833)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/1833

---

Name: CVE-2000-0001

Description:

RealMedia server allows remote attackers to cause a denial of service via a long ramgen request.

Status:Entry
Reference: BID:888
Reference: URL:http://www.securityfocus.com/bid/888
Reference: BUGTRAQ:19991222 RealMedia Server 5.0 Crasher (rmscrash.c)
Reference: XF:realserver-ramgen-dos

---

Name: CVE-2000-0002

Description:

Buffer overflow in ZBServer Pro 1.50 allows remote attackers to execute commands via a long GET request.

Status:Entry
Reference: BID:889
Reference: URL:http://www.securityfocus.com/bid/889
Reference: BUGTRAQ:19991223 Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT
Reference: URL:http://marc.info/?l=bugtraq&m=94598388530358&w=2
Reference: BUGTRAQ:20000128 ZBServer 1.50-r1x exploit (WinNT)
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=36B0596E.8D111D66@teleline.es
Reference: NTBUGTRAQ:19991223 Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9912&L=NTBUGTRAQ&P=R3556
Reference: VULNWATCH:20020114 ZBServer Pro DoS Vulnerability
Reference: XF:zbserver-get-bo

---

Name: CVE-2000-0003

Description:

Buffer overflow in UnixWare rtpm program allows local users to gain privileges via a long environmental variable.

Status:Entry
Reference: BUGTRAQ:19991230 UnixWare rtpm exploit + discussion
Reference: BUGTRAQ:20000127 New SCO patches...
Reference: URL:http://marc.info/?l=bugtraq&m=94908470928258&w=2

---

Name: CVE-2000-0004

Description:

ZBServer Pro allows remote attackers to read source code for executable files by inserting a . (dot) into the URL.

Status:Entry
Reference: BUGTRAQ:19991223 Re: Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT
Reference: URL:http://marc.info/?l=bugtraq&m=94606572912422&w=2
Reference: NTBUGTRAQ:19991223 Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind9912&L=NTBUGTRAQ&P=R3556
Reference: XF:zbserver-url-dot

---

Name: CVE-2000-0006

Description:

strace allows local users to read arbitrary files via memory mapped file names.

Status:Entry
Reference: BUGTRAQ:19991225 strace can lie
Reference: URL:http://online.securityfocus.com/archive/1/39831
Reference: XF:linux-strace(4554)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4554

---

Name: CVE-2000-0007

Description:

Trend Micro PC-Cillin does not restrict access to its internal proxy port, allowing remote attackers to conduct a denial of service.

Status:Entry
Reference: BID:1740
Reference: URL:http://www.securityfocus.com/bid/1740
Reference: BUGTRAQ:19991230 PC-Cillin 6.x DoS Attack
Reference: XF:pccillin-proxy-remote-dos(4491)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4491

---

Name: CVE-2000-0009

Description:

The bna_pass program in Optivity NETarchitect uses the PATH environmental variable for finding the "rm" program, which allows local users to execute arbitrary commands.

Status:Entry
Reference: BID:907
Reference: URL:http://www.securityfocus.com/bid/907
Reference: BUGTRAQ:19991230 bna,sh
Reference: XF:netarchitect-path-vulnerability

---

Name: CVE-2000-0010

Description:

WebWho+ whois.cgi program allows remote attackers to execute commands via shell metacharacters in the TLD parameter.

Status:Entry
Reference: BUGTRAQ:19991226 WebWho+ ADVISORY
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0010
Reference: XF:http-cgi-webwhoplus

---

Name: CVE-2000-0011

Description:

Buffer overflow in AnalogX SimpleServer:WWW HTTP server allows remote attackers to execute commands via a long GET request.

Status:Entry
Reference: BID:906
Reference: URL:http://www.securityfocus.com/bid/906
Reference: BUGTRAQ:19991231 Local / Remote GET Buffer Overflow Vulnerability in AnalogX SimpleServer:WWW HTTP Server v1.1
Reference: MISC:http://www.analogx.com/contents/download/network/sswww.htm
Reference: OSVDB:1184
Reference: URL:http://www.osvdb.org/1184
Reference: XF:simpleserver-get-bo

---

Name: CVE-2000-0012

Description:

Buffer overflow in w3-msql CGI program in miniSQL package allows remote attackers to execute commands.

Status:Entry
Reference: BID:898
Reference: URL:http://www.securityfocus.com/bid/898
Reference: BUGTRAQ:19991227 remote buffer overflow in miniSQL
Reference: XF:w3-msql-scanf-bo

---

Name: CVE-2000-0013

Description:

IRIX soundplayer program allows local users to gain privileges by including shell metacharacters in a .wav file, which is executed via the midikeys program.

Status:Entry
Reference: BID:909
Reference: URL:http://www.securityfocus.com/bid/909
Reference: BUGTRAQ:19991231 irix-soundplayer.sh
Reference: XF:irix-soundplayer-symlink

---

Name: CVE-2000-0014

Description:

Denial of service in Savant web server via a null character in the requested URL.

Status:Entry
Reference: BID:897
Reference: URL:http://www.securityfocus.com/bid/897
Reference: BUGTRAQ:19991228 Local / Remote D.o.S Attack in Savant Web Server V2.0 WIN9X / NT / 2K
Reference: XF:savant-server-null-dos

---

Name: CVE-2000-0015

Description:

CascadeView TFTP server allows local users to gain privileges via a symlink attack.

Status:Entry
Reference: BID:910
Reference: URL:http://www.securityfocus.com/bid/910
Reference: BUGTRAQ:19991231 tftpserv.sh
Reference: XF:cascadeview-tftp-symlink

---

Name: CVE-2000-0018

Description:

wmmon in FreeBSD allows local users to gain privileges via the .wmmonrc configuration file.

Status:Entry
Reference: BID:885
Reference: URL:http://www.securityfocus.com/bid/885
Reference: BUGTRAQ:19991221 Wmmon under FreeBSD
Reference: OSVDB:1169
Reference: URL:http://www.osvdb.org/1169
Reference: XF:freebsd-wmmon-root-exploit

---

Name: CVE-2000-0020

Description:

DNS PRO allows remote attackers to conduct a denial of service via a large number of connections.

Status:Entry
Reference: BUGTRAQ:19991221 Remote D.o.S Attack in DNS PRO v5.7 WinNT From FBLI Software Vulnerability
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0020
Reference: NTBUGTRAQ:19991221 Remote D.o.S Attack in DNS PRO v5.7 WinNT From FBLI Software Vulnerability
Reference: XF:dnspro-flood-dos

---

Name: CVE-2000-0022

Description:

Lotus Domino HTTP server does not properly disable anonymous access for the cgi-bin directory.

Status:Entry
Reference: BID:881
Reference: URL:http://www.securityfocus.com/bid/881
Reference: BUGTRAQ:19991221 serious Lotus Domino HTTP denial of service
Reference: BUGTRAQ:19991227 Re: Lotus Domino HTTP denial of service attack

---

Name: CVE-2000-0023

Description:

Buffer overflow in Lotus Domino HTTP server allows remote attackers to cause a denial of service via a long URL.

Status:Entry
Reference: BID:881
Reference: URL:http://www.securityfocus.com/bid/881
Reference: BUGTRAQ:19991221 serious Lotus Domino HTTP denial of service
Reference: BUGTRAQ:19991222 Lotus Notes HTTP cgi-bin vulnerability: possible workaround
Reference: BUGTRAQ:19991227 Re: Lotus Domino HTTP denial of service attack
Reference: OSVDB:51
Reference: URL:http://www.osvdb.org/51

---

Name: CVE-2000-0024

Description:

IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.

Status:Entry
Reference: BUGTRAQ:19991228 Third Party Software Affected by IIS "Escape Character Parsing" Vulnerability
Reference: BUGTRAQ:19991229 More info on MS99-061 (IIS escape character vulnerability)
Reference: MISC:http://www.acrossecurity.com/aspr/ASPR-1999-11-10-1-PUB.txt
Reference: MS:MS99-061
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-061
Reference: MSKB:Q246401
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q246401
Reference: XF:iis-badescapes

---

Name: CVE-2000-0025

Description:

IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability.

Status:Entry
Reference: MS:MS99-058
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-058
Reference: MSKB:Q238606
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q238606
Reference: OSVDB:8098
Reference: URL:http://www.osvdb.org/8098

---

Name: CVE-2000-0026

Description:

Buffer overflow in UnixWare i2odialogd daemon allows remote attackers to gain root access via a long username/password authorization string.

Status:Entry
Reference: BID:876
Reference: URL:http://www.securityfocus.com/bid/876
Reference: BUGTRAQ:19991222 UnixWare i2odialogd remote root exploit
Reference: BUGTRAQ:19991223 FYI, SCO Security patches available.
Reference: URL:http://marc.info/?l=bugtraq&m=94606167110764&w=2
Reference: OSVDB:6310
Reference: URL:http://www.osvdb.org/6310

---

Name: CVE-2000-0027

Description:

IBM Network Station Manager NetStation allows local users to gain privileges via a symlink attack.

Status:Entry
Reference: BID:900
Reference: URL:http://www.securityfocus.com/bid/900
Reference: BUGTRAQ:19991227 IBM NetStation/UnixWare local root exploit
Reference: URL:http://www.securityfocus.com/archive/1/39962
Reference: XF:ibm-netstat-race-condition(5381)
Reference: URL:http://www.iss.net/security_center/static/5381.php

---

Name: CVE-2000-0029

Description:

UnixWare pis and mkpis commands allow local users to gain privileges via a symlink attack.

Status:Entry
Reference: BID:901
Reference: URL:http://www.securityfocus.com/bid/901
Reference: BUGTRAQ:19991227 UnixWare local pis exploit
Reference: BUGTRAQ:20000113 Info on some security holes reported against SCO Unixware.
Reference: URL:http://marc.info/?l=bugtraq&m=94780294009285&w=2

---

Name: CVE-2000-0030

Description:

Solaris dmispd dmi_cmd allows local users to fill up restricted disk space by adding files to the /var/dmi/db database.

Status:Entry
Reference: BID:878
Reference: URL:http://www.securityfocus.com/bid/878
Reference: BUGTRAQ:19991222 Solaris 2.7 dmispd local/remote problems
Reference: XF:sol-dmispd-fill-disk

---

Name: CVE-2000-0031

Description:

The initscripts package in Red Hat Linux allows local users to gain privileges via a symlink attack.

Status:Entry
Reference: L0PHT:19991227 initscripts-4.48-1 RedHat Linux 6.1
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0031
Reference: REDHAT:RHSA-1999:052-04

---

Name: CVE-2000-0032

Description:

Solaris dmi_cmd allows local users to crash the dmispd daemon by adding a malformed file to the /var/dmi/db database.

Status:Entry
Reference: BID:878
Reference: URL:http://www.securityfocus.com/bid/878
Reference: BUGTRAQ:19991222 Solaris 2.7 dmispd local/remote problems
Reference: OSVDB:7582
Reference: URL:http://www.osvdb.org/7582
Reference: XF:sol-dmispd-dos

---

Name: CVE-2000-0033

Description:

InterScan VirusWall SMTP scanner does not properly scan messages with malformed attachments.

Status:Entry
Reference: BID:899
Reference: URL:http://www.securityfocus.com/bid/899
Reference: BUGTRAQ:19991227 Trend Micro InterScan VirusWall SMTP bug
Reference: XF:interscan-viruswall-bypass

---

Name: CVE-2000-0034

Description:

Netscape 4.7 records user passwords in the preferences.js file during an IMAP or POP session, even if the user has not enabled "remember passwords."

Status:Entry
Reference: BUGTRAQ:19991222 More Netscape Passwords Available.
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0034
Reference: XF:netscape-password-preferences

---

Name: CVE-2000-0036

Description:

Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability.

Status:Entry
Reference: MS:MS99-060
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-060
Reference: MSKB:Q249082
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q249082

---

Name: CVE-2000-0037

Description:

Majordomo wrapper allows local users to gain privileges by specifying an alternate configuration file.

Status:Entry
Reference: BID:903
Reference: URL:http://www.securityfocus.com/bid/903
Reference: BUGTRAQ:19991228 majordomo local exploit
Reference: BUGTRAQ:20000113 Info on some security holes reported against SCO Unixware.
Reference: URL:http://marc.info/?l=bugtraq&m=94780294009285&w=2
Reference: BUGTRAQ:20000124 majordomo 1.94.5 does not fix all vulnerabilities
Reference: REDHAT:RHSA-2000:005
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-005.html

---

Name: CVE-2000-0039

Description:

AltaVista search engine allows remote attackers to read files above the document root via a .. (dot dot) in the query.cgi CGI program.

Status:Entry
Reference: BID:896
Reference: URL:http://www.securityfocus.com/bid/896
Reference: BUGTRAQ:19991229 AltaVista
Reference: BUGTRAQ:19991229 AltaVista followup and monitor script
Reference: BUGTRAQ:19991230 Follow UP AltaVista
Reference: BUGTRAQ:20000103 FW: Patch issued for AltaVista Search Engine Directory TraversalVulnerability
Reference: BUGTRAQ:20000109 Altavista followup
Reference: OSVDB:15
Reference: URL:http://www.osvdb.org/15

---

Name: CVE-2000-0040

Description:

glFtpD allows local users to gain privileges via metacharacters in the SITE ZIPCHK command.

Status:Entry
Reference: BUGTRAQ:19991223 Multiple vulnerabilites in glFtpD (current versions)
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0040

---

Name: CVE-2000-0041

Description:

Macintosh systems generate large ICMP datagrams in response to malformed datagrams, allowing them to be used as amplifiers in a flood attack.

Status:Entry
Reference: BID:890
Reference: URL:http://www.securityfocus.com/bid/890
Reference: BUGTRAQ:19991229 The "Mac DoS Attack," a Scheme for Blocking Internet Connections

---

Name: CVE-2000-0042

Description:

Buffer overflow in CSM mail server allows remote attackers to cause a denial of service or execute commands via a long HELO command.

Status:Entry
Reference: BID:895
Reference: URL:http://www.securityfocus.com/bid/895
Reference: BUGTRAQ:19991229 Local / Remote D.o.S Attack in CSM Mail Server for Windows 95/NT v.2000.08.A
Reference: XF:csm-server-bo

---

Name: CVE-2000-0043

Description:

Buffer overflow in CamShot WebCam HTTP server allows remote attackers to execute commands via a long GET request.

Status:Entry
Reference: BID:905
Reference: URL:http://www.securityfocus.com/bid/905
Reference: BUGTRAQ:19991230 Local / Remote GET Buffer Overflow Vulnerability in CamShot WebCam HTTP Server v2.5 for Win9x/NT
Reference: XF:camshot-http-get-overflow

---

Name: CVE-2000-0044

Description:

Macros in War FTP 1.70 and 1.67b2 allow local or remote attackers to read arbitrary files or execute commands.

Status:Entry
Reference: BID:919
Reference: URL:http://www.securityfocus.com/bid/919
Reference: BUGTRAQ:20000105 SECURITY ALERT - WAR FTP DAEMON ALL VERSIONS
Reference: XF:warftp-macro-access-files

---

Name: CVE-2000-0045

Description:

MySQL allows local users to modify passwords for arbitrary MySQL users via the GRANT privilege.

Status:Entry
Reference: BID:926
Reference: URL:http://www.securityfocus.com/bid/926
Reference: BUGTRAQ:20000111 Serious bug in MySQL password handling.
Reference: BUGTRAQ:20000113 New MySQL Available
Reference: XF:mysql-pwd-grant

---

Name: CVE-2000-0048

Description:

get_it program in Corel Linux Update allows local users to gain root access by specifying an alternate PATH for the cp program.

Status:Entry
Reference: BID:928
Reference: URL:http://www.securityfocus.com/bid/928
Reference: BUGTRAQ:20000112 Serious Bug in Corel Linux.(Local root exploit)
Reference: CONFIRM:http://linux.corel.com/support/clos_patch1.htm
Reference: XF:linux-corel-update

---

Name: CVE-2000-0050

Description:

The Allaire Spectra Webtop allows authenticated users to access other Webtop sections by specifying explicit URLs.

Status:Entry
Reference: ALLAIRE:ASB00-01
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=13976&Method=Full
Reference: BID:915
Reference: URL:http://www.securityfocus.com/bid/915
Reference: XF:allaire-webtop-access

---

Name: CVE-2000-0051

Description:

The Allaire Spectra Configuration Wizard allows remote attackers to cause a denial of service by repeatedly resubmitting data collections for indexing via a URL.

Status:Entry
Reference: ALLAIRE:ASB00-02
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=13977&Method=Full
Reference: BID:916
Reference: URL:http://www.securityfocus.com/bid/916
Reference: XF:allaire-spectra-config-dos

---

Name: CVE-2000-0052

Description:

Red Hat userhelper program in the usermode package allows local users to gain root access via PAM and a .. (dot dot) attack.

Status:Entry
Reference: BID:913
Reference: URL:http://www.securityfocus.com/bid/913
Reference: L0PHT:20000104 PamSlam
Reference: URL:http://www.l0pht.com/advisories/pam_advisory
Reference: REDHAT:RHSA-2000:001
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-001.html
Reference: XF:linux-pam-userhelper
Reference: URL:http://xforce.iss.net/search.php3?type=2&pattern=linux-pam-userhelper

---

Name: CVE-2000-0053

Description:

Microsoft Commercial Internet System (MCIS) IMAP server allows remote attackers to cause a denial of service via a malformed IMAP request.

Status:Entry
Reference: BID:912
Reference: URL:http://www.securityfocus.com/bid/912
Reference: MS:MS00-001
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-001
Reference: MSKB:Q246731
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q246731
Reference: XF:mcis-malformed-imap

---

Name: CVE-2000-0056

Description:

IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi.

Status:Entry
Reference: BID:914
Reference: URL:http://www.securityfocus.com/bid/914
Reference: BUGTRAQ:20000105 Local / Remote D.o.S Attack in IMail IMONITOR Server for WinNT Version 5.08
Reference: XF:imail-imonitor-status-dos

---

Name: CVE-2000-0057

Description:

Cold Fusion CFCACHE tag places temporary cache files within the web document root, allowing remote attackers to obtain sensitive system information.

Status:Entry
Reference: ALLAIRE:ASB00-03
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=13978&Method=Full
Reference: BID:917
Reference: URL:http://www.securityfocus.com/bid/917
Reference: XF:coldfusion-cfcache

---

Name: CVE-2000-0060

Description:

Buffer overflow in aVirt Rover POP3 server 1.1 allows remote attackers to cause a denial of service via a long user name.

Status:Entry
Reference: BID:894
Reference: URL:http://www.securityfocus.com/bid/894
Reference: BUGTRAQ:19991227 Local / Remote Remote DoS Attack in Rover POP3 Server V1.1 NT From aVirt
Reference: URL:http://marc.info/?l=bugtraq&m=94633851427858&w=2
Reference: NTBUGTRAQ:19991227 Local / Remote Remote DoS Attack in Rover POP3 Server V1.1 NT From aVirt
Reference: URL:http://marc.info/?l=ntbugtraq&m=94647711311057&w=2
Reference: XF:avirt-rover-pop3-dos(3765)
Reference: URL:http://www.iss.net/security_center/static/3765.php

---

Name: CVE-2000-0062

Description:

The DTML implementation in the Z Object Publishing Environment (Zope) allows remote attackers to conduct unauthorized activities.

Status:Entry
Reference: BID:922
Reference: URL:http://www.securityfocus.com/bid/922
Reference: BUGTRAQ:20000104 [petrilli@digicool.com: [Zope] SECURITY ALERT]
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000104222219.B41650@schvin.net
Reference: XF:zope-dtml

---

Name: CVE-2000-0063

Description:

cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script.

Status:Entry
Reference: BID:938
Reference: URL:http://www.securityfocus.com/bid/938
Reference: BUGTRAQ:20000118 Nortel Contivity Vulnerability
Reference: XF:http-cgi-cgiproc-file-read

---

Name: CVE-2000-0064

Description:

cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to cause a denial of service via a malformed URL that includes shell metacharacters.

Status:Entry
Reference: BID:938
Reference: URL:http://www.securityfocus.com/bid/938
Reference: BUGTRAQ:20000118 Nortel Contivity Vulnerability
Reference: OSVDB:7583
Reference: URL:http://www.osvdb.org/7583
Reference: XF:http-cgi-cgiproc-dos

---

Name: CVE-2000-0065

Description:

Buffer overflow in InetServ 3.0 allows remote attackers to execute commands via a long GET request.

Status:Entry
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0065
Reference: NTBUGTRAQ:20000117 Remote Buffer Exploit - InetServ 3.0
Reference: XF:inetserv-get-bo

---

Name: CVE-2000-0070

Description:

NtImpersonateClientOfPort local procedure call in Windows NT 4.0 allows local users to gain privileges, aka "Spoofed LPC Port Request."

Status:Entry
Reference: BID:934
Reference: URL:http://www.securityfocus.com/bid/934
Reference: BINDVIEW:20000113 Local Promotion Vulnerability in Windows NT 4
Reference: URL:http://www.bindview.com/security/advisory/adv_NtImpersonate.html
Reference: MS:MS00-003
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-003
Reference: MSKB:Q247869
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q247869
Reference: XF:nt-spoofed-lpc-port
Reference: URL:http://xforce.iss.net/search.php3?type=2&pattern=nt-spoofed-lpc-port

---

Name: CVE-2000-0072

Description:

Visual Casel (Vcasel) does not properly prevent users from executing files, which allows local users to use a relative pathname to specify an alternate file which has an approved name and possibly gain privileges.

Status:Entry
Reference: BID:937
Reference: URL:http://www.securityfocus.com/bid/937
Reference: BUGTRAQ:20000118 Warning: VCasel security hole.
Reference: URL:http://marc.info/?l=bugtraq&m=94823061421676&w=2
Reference: XF:vcasel-filename-trusting(3867)
Reference: URL:http://www.iss.net/security_center/static/3867.php

---

Name: CVE-2000-0073

Description:

Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control word.

Status:Entry
Reference: MS:MS00-005
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-005
Reference: MSKB:Q249973
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q249973
Reference: XF:win-malformed-rtf-control-word
Reference: URL:http://xforce.iss.net/search.php3?type=2&pattern=win-malformed-rtf-control-word

---

Name: CVE-2000-0075

Description:

Super Mail Transfer Package (SMTP), later called MsgCore, has a memory leak which allows remote attackers to cause a denial of service by repeating multiple HELO, MAIL FROM, RCPT TO, and DATA commands in the same session.

Status:Entry
Reference: BID:930
Reference: URL:http://www.securityfocus.com/bid/930
Reference: BUGTRAQ:20000113 Local / Remote D.o.S Attack in Super Mail Transfer Package (SMTP) Server for WinNT Version 1.9x
Reference: NTBUGTRAQ:20000113 Local / Remote D.o.S Attack in Super Mail Transfer Package (SMTP) Server for WinNT Version 1.9x
Reference: XF:supermail-memleak-dos

---

Name: CVE-2000-0076

Description:

nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover.

Status:Entry
Reference: BID:1439
Reference: URL:http://www.securityfocus.com/bid/1439
Reference: BUGTRAQ:19991230 vibackup.sh
Reference: URL:http://marc.info/?l=bugtraq&m=94709988232618&w=2
Reference: DEBIAN:20000108
Reference: XF:nvi-delete-files

---

Name: CVE-2000-0080

Description:

AIX techlibss allows local users to overwrite files via a symlink attack.

Status:Entry
Reference: BID:931
Reference: URL:http://www.securityfocus.com/bid/931
Reference: BUGTRAQ:20000110 2nd attempt: AIX techlibss follows links
Reference: URL:http://marc.info/?l=bugtraq&m=94757136413681&w=2
Reference: XF:aix-techlibss-symbolic-link

---

Name: CVE-2000-0083

Description:

HP asecure creates the Audio Security File audio.sec with insecure permissions, which allows local users to cause a denial of service or gain additional privileges.

Status:Entry
Reference: HP:HPSBUX0001-109
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2031
Reference: XF:hp-audio-security-perms

---

Name: CVE-2000-0087

Description:

Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames and passwords in plaintext.

Status:Entry
Reference: BUGTRAQ:20000113 Misleading sense of security in Netscape
Reference: URL:http://marc.info/?l=bugtraq&m=94790377622943&w=2
Reference: XF:netscape-mail-notify-plaintext(4385)
Reference: URL:http://www.iss.net/security_center/static/4385.php

---

Name: CVE-2000-0088

Description:

Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute commands, aka the "Malformed Conversion Data" vulnerability.

Status:Entry
Reference: BID:946
Reference: URL:http://www.securityfocus.com/bid/946
Reference: MS:MS00-002
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-002
Reference: XF:office-malformed-convert

---

Name: CVE-2000-0089

Description:

The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Registry Enumeration File" vulnerability.

Status:Entry
Reference: BID:947
Reference: URL:http://www.securityfocus.com/bid/947
Reference: BUGTRAQ:20000122 RDISK registry enumeration file vulnerability in Windows NT 4.0 Terminal Server Edition
Reference: MS:MS00-004
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-004
Reference: MSKB:Q249108
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q249108
Reference: NTBUGTRAQ:20000121 RDISK registry enumeration file vulnerability in Windows NT 4.0 Terminal Server Edition
Reference: XF:nt-rdisk-enum-file

---

Name: CVE-2000-0090

Description:

VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack.

Status:Entry
Reference: BID:943
Reference: URL:http://www.securityfocus.com/bid/943
Reference: BUGTRAQ:20000124 VMware 1.1.2 Symlink Vulnerability
Reference: OSVDB:1205
Reference: URL:http://www.osvdb.org/1205
Reference: XF:linux-vmware-symlink

---

Name: CVE-2000-0091

Description:

Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password.

Status:Entry
Reference: BID:942
Reference: URL:http://www.securityfocus.com/bid/942
Reference: BUGTRAQ:20000122 remote root qmail-pop with vpopmail advisory and exploit with patch
Reference: BUGTRAQ:20000123 Re: vpopmail/vchkpw remote root exploit
Reference: MISC:http://www.inter7.com/vpopmail/
Reference: MISC:http://www.inter7.com/vpopmail/ChangeLog

---

Name: CVE-2000-0092

Description:

The BSD make program allows local users to modify files via a symlink attack when the -j option is being used.

Status:Entry
Reference: BID:939
Reference: URL:http://www.securityfocus.com/bid/939
Reference: FREEBSD:FreeBSD-SA-00:01
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:01.make.asc
Reference: XF:gnu-makefile-tmp-root

---

Name: CVE-2000-0094

Description:

procfs in BSD systems allows local users to gain root privileges by modifying the /proc/pid/mem interface via a modified file descriptor for stderr.

Status:Entry
Reference: BID:940
Reference: URL:http://www.securityfocus.com/bid/940
Reference: BUGTRAQ:20000121 *BSD procfs vulnerability
Reference: FREEBSD:FreeBSD-SA-00:02
Reference: NETBSD:NetBSD-SA2000-001
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2000-001.txt.asc
Reference: OPENBSD:20000120 [2.6] 018: SECURITY FIX: Jan 20, 2000
Reference: OSVDB:20760
Reference: URL:http://www.osvdb.org/20760
Reference: XF:netbsd-procfs(3995)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3995

---

Name: CVE-2000-0095

Description:

The PMTU discovery procedure used by HP-UX 10.30 and 11.00 for determining the optimum MTU generates large amounts of traffic in response to small packets, allowing remote attackers to cause the system to be used as a packet amplifier.

Status:Entry
Reference: BID:944
Reference: URL:http://www.securityfocus.com/bid/944
Reference: HP:HPSBUX0001-110
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2041

---

Name: CVE-2000-0097

Description:

The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files, aka the "Malformed Hit-Highlighting Argument" vulnerability.

Status:Entry
Reference: BID:950
Reference: URL:http://www.securityfocus.com/bid/950
Reference: MS:MS00-006
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-006
Reference: NTBUGTRAQ:20000127 Alert: MS IIS 4 / IS 2 (Cerberus Security Advisory CISADV000126)
Reference: OSVDB:1210
Reference: URL:http://www.osvdb.org/1210
Reference: XF:http-indexserver-dirtrans

---

Name: CVE-2000-0098

Description:

Microsoft Index Server allows remote attackers to determine the real path for a web directory via a request to an Internet Data Query file that does not exist.

Status:Entry
Reference: MS:MS00-006
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-006

---

Name: CVE-2000-0099

Description:

Buffer overflow in UnixWare ppptalk command allows local users to gain privileges via a long prompt argument.

Status:Entry
Reference: BUGTRAQ:20000119 Unixware ppptalk
Reference: URL:http://marc.info/?l=bugtraq&m=94848865112897&w=2

---

Name: CVE-2000-0100

Description:

The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program.

Status:Entry
Reference: MS:MS00-012
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-012
Reference: NTBUGTRAQ:20000115 Security Vulnerability with SMS 2.0 Remote Control
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/current/0045.html

---

Name: CVE-2000-0107

Description:

Linux apcd program allows local attackers to modify arbitrary files via a symlink attack.

Status:Entry
Reference: BID:958
Reference: URL:http://www.securityfocus.com/bid/958
Reference: DEBIAN:20000201
Reference: URL:http://www.debian.org/security/2000/20000201

---

Name: CVE-2000-0111

Description:

The RightFax web client uses predictable session numbers, which allows remote attackers to hijack user sessions.

Status:Entry
Reference: BID:953
Reference: URL:http://www.securityfocus.com/bid/953
Reference: BUGTRAQ:20000129 [LoWNOISE] Rightfax web client 5.2
Reference: XF:avt-rightfax-predict-session

---

Name: CVE-2000-0112

Description:

The default installation of Debian GNU/Linux uses an insecure Master Boot Record (MBR) which allows a local user to boot from a floppy disk during the installation.

Status:Entry
Reference: BID:960
Reference: URL:http://www.securityfocus.com/bid/960
Reference: BUGTRAQ:20000202 vulnerability in Linux Debian default boot configuration
Reference: URL:http://marc.info/?l=bugtraq&m=94973075614088&w=2
Reference: XF:debian-mbr-bypass-security

---

Name: CVE-2000-0113

Description:

The SyGate Remote Management program does not properly restrict access to its administration service, which allows remote attackers to cause a denial of service, or access network traffic statistics.

Status:Entry
Reference: BID:952
Reference: URL:http://www.securityfocus.com/bid/952
Reference: BUGTRAQ:20000128 SyGate 3.11 Port 7323 / Remote Admin hole
Reference: URL:http://marc.info/?l=bugtraq&m=94934808714972&w=2
Reference: BUGTRAQ:20000202 SV: SyGate 3.11 Port 7323 / Remote Admin hole
Reference: URL:http://marc.info/?l=bugtraq&m=94952641025328&w=2
Reference: BUGTRAQ:20000203 UPDATE: Sygate 3.11 Port 7323 Telnet Hole
Reference: URL:http://marc.info/?l=bugtraq&m=94973281714994&w=2
Reference: CONFIRM:http://www.sybergen.com/support/fix.htm

---

Name: CVE-2000-0116

Description:

Firewall-1 does not properly filter script tags, which allows remote attackers to bypass the "Strip Script Tags" restriction by including an extra < in front of the SCRIPT tag.

Status:Entry
Reference: BID:954
Reference: URL:http://www.securityfocus.com/bid/954
Reference: BUGTRAQ:20000129 "Strip Script Tags" in FW-1 can be circumvented
Reference: NTBUGTRAQ:20000129 "Strip Script Tags" in FW-1 can be circumvented
Reference: OSVDB:1212
Reference: URL:http://www.osvdb.org/1212
Reference: XF:http-script-bypass

---

Name: CVE-2000-0117

Description:

The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site Administrator to modify passwords for other users, site administrators, and possibly admin (root).

Status:Entry
Reference: BID:951
Reference: URL:http://www.securityfocus.com/bid/951
Reference: BUGTRAQ:20000127 Cobalt RaQ2 - a user of mine changed my admin password..
Reference: BUGTRAQ:20000131 [ Cobalt ] Security Advisory -- 01.31.2000
Reference: XF:http-cgi-cobalt-passwords

---

Name: CVE-2000-0120

Description:

The Remote Access Service invoke.cfm template in Allaire Spectra 1.0 allows users to bypass authentication via the bAuthenticated parameter.

Status:Entry
Reference: ALLAIRE:ASB00-04
Reference: BID:955
Reference: URL:http://www.securityfocus.com/bid/955
Reference: XF:allaire-spectra-ras-access(4025)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4025

---

Name: CVE-2000-0121

Description:

The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim's SID in the recycler directory, aka the "Recycle Bin Creation" vulnerability.

Status:Entry
Reference: BID:963
Reference: URL:http://www.securityfocus.com/bid/963
Reference: MS:MS00-007
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-007
Reference: MSKB:Q248399
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q248399
Reference: NTBUGTRAQ:20000201 "Recycle Bin Creation" Vulnerability in Windows NT / Windows 2000

---

Name: CVE-2000-0127

Description:

The Webspeed configuration program does not properly disable access to the WSMadmin utility, which allows remote attackers to gain privileges via wsisa.dll.

Status:Entry
Reference: BID:969
Reference: URL:http://www.securityfocus.com/bid/969
Reference: BUGTRAQ:20000203 Webspeed security issue
Reference: CONFIRM:http://www.progress.com/services/support/cgi-bin/techweb-kbase.cgi/webkb.html?kbid=19412&keywords=security%20Webspeed
Reference: XF:webspeed-adminutil-auth

---

Name: CVE-2000-0128

Description:

The Finger Server 0.82 allows remote attackers to execute commands via shell metacharacters.

Status:Entry
Reference: BUGTRAQ:20000204 "The Finger Server"
Reference: CONFIRM:http://www.glazed.org/finger/changelog.txt
Reference: OSVDB:7610
Reference: URL:http://www.osvdb.org/7610
Reference: XF:finger-server-input

---

Name: CVE-2000-0130

Description:

Buffer overflow in SCO scohelp program allows remote attackers to execute commands.

Status:Entry
Reference: BUGTRAQ:20000127 New SCO patches...
Reference: URL:http://marc.info/?l=bugtraq&m=94908470928258&w=2
Reference: SCO:SB-00.02a
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-00.02a
Reference: XF:sco-help-bo

---

Name: CVE-2000-0131

Description:

Buffer overflow in War FTPd 1.6x allows users to cause a denial of service via long MKD and CWD commands.

Status:Entry
Reference: BID:966
Reference: URL:http://www.securityfocus.com/bid/966
Reference: BUGTRAQ:20000201 war-ftpd 1.6x DoS
Reference: URL:http://marc.info/?l=bugtraq&m=94960703721503&w=2
Reference: OSVDB:4677
Reference: URL:http://www.osvdb.org/4677

---

Name: CVE-2000-0139

Description:

Internet Anywhere POP3 Mail Server allows local users to cause a denial of service via a malformed RETR command.

Status:Entry
Reference: BID:982
Reference: URL:http://www.securityfocus.com/bid/982
Reference: BUGTRAQ:20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3
Reference: URL:http://marc.info/?l=bugtraq&m=95021326417936&w=2

---

Name: CVE-2000-0140

Description:

Internet Anywhere POP3 Mail Server allows remote attackers to cause a denial of service via a large number of connections.

Status:Entry
Reference: BID:980
Reference: URL:http://www.securityfocus.com/bid/980
Reference: BUGTRAQ:20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3
Reference: URL:http://marc.info/?l=bugtraq&m=95021326417936&w=2
Reference: NTBUGTRAQ:20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3

---

Name: CVE-2000-0141

Description:

Infopop Ultimate Bulletin Board (UBB) allows remote attackers to execute commands via shell metacharacters in the topic hidden field.

Status:Entry
Reference: BID:991
Reference: URL:http://www.securityfocus.com/bid/991
Reference: BUGTRAQ:20000211 perl-cgi hole in UltimateBB by Infopop Corp.
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-8&msg=20000211224935.A13236@infomag.ape.relarn.ru
Reference: BUGTRAQ:20000225 FW: Important UBB News For Licensed Users
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-22&msg=NDBBLKOPOLNKELHPDEFKIEPGCAAA.renzo.toma@veronica.nl
Reference: MISC:http://www.ultimatebb.com/home/versions.shtml
Reference: XF:http-cgi-ultimatebb

---

Name: CVE-2000-0144

Description:

Axis 700 Network Scanner does not properly restrict access to administrator URLs, which allows users to bypass the password protection via a .. (dot dot) attack.

Status:Entry
Reference: BID:971
Reference: URL:http://www.securityfocus.com/bid/971
Reference: BUGTRAQ:20000207 Infosec.20000207.axis700.a
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0034.html

---

Name: CVE-2000-0145

Description:

The libguile.so library file used by gnucash in Debian GNU/Linux is installed with world-writable permissions.

Status:Entry
Reference: BUGTRAQ:20000205 Debian (frozen): Perms on /usr/lib/libguile.so.6.0.0
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0145

---

Name: CVE-2000-0146

Description:

The Java Server in the Novell GroupWise Web Access Enhancement Pack allows remote attackers to cause a denial of service via a long URL to the servlet.

Status:Entry
Reference: BID:972
Reference: URL:http://www.securityfocus.com/bid/972
Reference: BUGTRAQ:20000207 Novell GroupWise 5.5 Enhancement Pack Web Access Denial of Service
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0049.html
Reference: XF:novell-groupwise-url-dos

---

Name: CVE-2000-0148

Description:

MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string.

Status:Entry
Reference: BID:975
Reference: URL:http://www.securityfocus.com/bid/975
Reference: BUGTRAQ:20000208 Remote access vulnerability in all MySQL server versions
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0053.html
Reference: BUGTRAQ:20000214 MySQL 3.22.32 released

---

Name: CVE-2000-0149

Description:

Zeus web server allows remote attackers to view the source code for CGI programs via a null character (%00) at the end of a URL.

Status:Entry
Reference: BID:977
Reference: URL:http://www.securityfocus.com/bid/977
Reference: BUGTRAQ:20000208 Zeus Web Server: Null Terminated Strings
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0057.html
Reference: BUGTRAQ:20000209 [SAFER 000209.EXP.1.2] Zeus Web Server - obtaining source of CGI scripts
Reference: OSVDB:254
Reference: URL:http://www.osvdb.org/254
Reference: XF:zeus-server-null-string(3982)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3982

---

Name: CVE-2000-0150

Description:

Check Point Firewall-1 allows remote attackers to bypass port access restrictions on an FTP server by forcing it to send malicious packets that Firewall-1 misinterprets as a valid 227 response to a client's PASV attempt.

Status:Entry
Reference: BID:979
Reference: URL:http://www.securityfocus.com/bid/979
Reference: BUGTRAQ:20000209 FireWall-1 FTP Server Vulnerability
Reference: BUGTRAQ:20000210 Multiple firewalls: FTP Application Level Gateway "PASV" Vulnerability
Reference: BUGTRAQ:20000212 Re: FireWall-1 FTP Server Vulnerability
Reference: CERT-VN:VU#328867
Reference: URL:http://www.kb.cert.org/vuls/id/328867
Reference: OSVDB:4417
Reference: URL:http://www.osvdb.org/4417

---

Name: CVE-2000-0152

Description:

Remote attackers can cause a denial of service in Novell BorderManager 3.5 by pressing the enter key in a telnet connection to port 2000.

Status:Entry
Reference: BID:976
Reference: URL:http://www.securityfocus.com/bid/976
Reference: BUGTRAQ:20000209 Novell BorderManager 3.5 Remote Slow Death
Reference: BUGTRAQ:20000211 BorderManager csatpxy.nlm fix avalable.
Reference: OSVDB:7468
Reference: URL:http://www.osvdb.org/7468

---

Name: CVE-2000-0156

Description:

Internet Explorer 4.x and 5.x allows remote web servers to access files on the client that are outside of its security domain, aka the "Image Source Redirect" vulnerability.

Status:Entry
Reference: MS:MS00-009
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-009
Reference: OSVDB:7827
Reference: URL:http://www.osvdb.org/7827
Reference: XF:ie-image-source-redirect(3996)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3996

---

Name: CVE-2000-0157

Description:

NetBSD ptrace call on VAX allows local users to gain privileges by modifying the PSL contents in the debugging process.

Status:Entry
Reference: BID:992
Reference: URL:http://www.securityfocus.com/bid/992
Reference: NETBSD:1999-012
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1999-012.txt.asc
Reference: XF:netbsd-ptrace

---

Name: CVE-2000-0159

Description:

HP Ignite-UX does not save /etc/passwd when it creates an image of a trusted system, which can set the password field to a blank and allow an attacker to gain privileges.

Status:Entry
Reference: HP:HPSBUX0002-111
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=20000217160216.13708.qmail@underground.org

---

Name: CVE-2000-0161

Description:

Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands.

Status:Entry
Reference: BID:994
Reference: URL:http://www.securityfocus.com/bid/994
Reference: MS:MS00-010
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-010

---

Name: CVE-2000-0162

Description:

The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability.

Status:Entry
Reference: MS:MS00-011
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-011

---

Name: CVE-2000-0164

Description:

The installation of Sun Internet Mail Server (SIMS) creates a world-readable file that allows local users to obtain passwords.

Status:Entry
Reference: BID:1004
Reference: URL:http://www.securityfocus.com/bid/1004
Reference: BUGTRAQ:20000220 Sun Internet Mail Server
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=Pine.SOL.4.21.0002200031320.22675-100000@klayman.hq.formus.pl
Reference: SUNBUG:4316521
Reference: XF:sims-temp-world-readable

---

Name: CVE-2000-0165

Description:

The Delegate application proxy has several buffer overflows which allow a remote attacker to execute commands.

Status:Entry
Reference: BUGTRAQ:20000210 Re: application proxies?
Reference: CIAC:K-023
Reference: URL:http://www.ciac.org/ciac/bulletins/k-023.shtml
Reference: FREEBSD:FreeBSD-SA-00:04
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=Pine.BSF.4.21.0002192249290.10784-100000@freefall.freebsd.org
Reference: XF:delegate-proxy-bo(4105)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4195

---

Name: CVE-2000-0166

Description:

Buffer overflow in the InterAccess telnet server TelnetD allows remote attackers to execute commands via a long login name.

Status:Entry
Reference: BID:995
Reference: URL:http://www.securityfocus.com/bid/995
Reference: BUGTRAQ:20000221 Local / Remote Exploiteable Buffer Overflow Vulnerability in InterAccess TelnetD Server 4.0 for Windows NT
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPGEJHCCAA.labs@ussrback.com
Reference: BUGTRAQ:20000223 Pragma Systems response to USSRLabs report
Reference: URL:http://marc.info/?l=bugtraq&m=95142756403323&w=2
Reference: XF:interaccess-telnet-login-bo

---

Name: CVE-2000-0168

Description:

Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the "DOS Device in Path Name" vulnerability.

Status:Entry
Reference: BID:1043
Reference: URL:http://www.securityfocus.com/bid/1043
Reference: BUGTRAQ:20000306 con\con is a old thing (anyway is cool)
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPCENECCAA.labs@ussrback.com
Reference: MS:MS00-017
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2126
Reference: XF:win-dos-devicename-dos

---

Name: CVE-2000-0169

Description:

Batch files in the Oracle web listener ows-bin directory allow remote attackers to execute commands via a malformed URL that includes '?&'.

Status:Entry
Reference: BID:1053
Reference: URL:http://www.securityfocus.com/bid/1053
Reference: NTBUGTRAQ:20000314 Oracle Web Listener 4.0.x
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q1/0211.html
Reference: XF:oracle-weblistener-remote-attack

---

Name: CVE-2000-0170

Description:

Buffer overflow in the man program in Linux allows local users to gain privileges via the MANPAGER environmental variable.

Status:Entry
Reference: BID:1011
Reference: URL:http://www.securityfocus.com/bid/1011
Reference: BUGTRAQ:20000226 man bugs might lead to root compromise (RH 6.1 and other boxes)

---

Name: CVE-2000-0171

Description:

atsadc in the atsar package for Linux does not properly check the permissions of an output file, which allows local users to gain root privileges.

Status:Entry
Reference: BID:1048
Reference: URL:http://www.securityfocus.com/bid/1048
Reference: BUGTRAQ:20000311 TESO advisory -- atsadc
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0102.html
Reference: XF:atsar-root-access

---

Name: CVE-2000-0172

Description:

The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges.

Status:Entry
Reference: BID:1038
Reference: URL:http://www.securityfocus.com/bid/1038
Reference: BUGTRAQ:20000303 Potential security problem with mtr
Reference: BUGTRAQ:20000308 [TL-Security-Announce] mtr-0.41 and earlier TLSA2000003-1 (fwd)
Reference: DEBIAN:20000309 mtr
Reference: FREEBSD:FreeBSD-SA-00:09

---

Name: CVE-2000-0174

Description:

StarOffice StarScheduler web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:1040
Reference: URL:http://www.securityfocus.com/bid/1040
Reference: BUGTRAQ:20000308 [SAFER 000309.EXP.1.4] StarScheduler (StarOffice) vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0063.html
Reference: XF:staroffice-scheduler-fileread

---

Name: CVE-2000-0175

Description:

Buffer overflow in StarOffice StarScheduler web server allows remote attackers to gain root access via a long GET command.

Status:Entry
Reference: BID:1039
Reference: URL:http://www.securityfocus.com/bid/1039
Reference: BUGTRAQ:20000308 [SAFER 000309.EXP.1.4] StarScheduler (StarOffice) vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0063.html
Reference: XF:staroffice-scheduler-bo

---

Name: CVE-2000-0178

Description:

ServerIron switches by Foundry Networks have predictable TCP/IP sequence numbers, which allows remote attackers to spoof or hijack sessions.

Status:Entry
Reference: BID:1017
Reference: URL:http://www.securityfocus.com/bid/1017
Reference: BUGTRAQ:20000227 Advisory: Foundry Networks ServerIron TCP/IP sequence predictability
Reference: MISC:http://www.foundrynet.com/bugTraq.html

---

Name: CVE-2000-0179

Description:

HP OpenView OmniBack 2.55 allows remote attackers to cause a denial of service via a large number of connections to port 5555.

Status:Entry
Reference: BID:1015
Reference: URL:http://www.securityfocus.com/bid/1015
Reference: BUGTRAQ:20000228 HP Omniback remote DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0387.html
Reference: HP:HPSBUX0006-115
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0006-115
Reference: XF:omniback-connection-dos

---

Name: CVE-2000-0180

Description:

Sojourn search engine allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:1052
Reference: URL:http://www.securityfocus.com/bid/1052
Reference: NTBUGTRAQ:20000313 SOJOURN Search engine exposes files
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q1/0201.html
Reference: XF:sojourn-file-read(4197)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4197

---

Name: CVE-2000-0181

Description:

Firewall-1 3.0 and 4.0 leaks packets with private IP address information, which could allow remote attackers to determine the real IP address of the host that is making the connection.

Status:Entry
Reference: BID:1054
Reference: URL:http://www.securityfocus.com/bid/1054
Reference: BUGTRAQ:20000311 Our old friend Firewall-1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0119.html
Reference: OSVDB:1256
Reference: URL:http://www.osvdb.org/1256

---

Name: CVE-2000-0182

Description:

iPlanet Web Server 4.1 allows remote attackers to cause a denial of service via a large number of GET commands, which consumes memory and causes a kernel panic.

Status:Entry
Reference: BUGTRAQ:20000223 DoS for the iPlanet Web Server, Enterprise Edition 4.1
Reference: MISC:https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0182

---

Name: CVE-2000-0183

Description:

Buffer overflow in ircII 4.4 IRC client allows remote attackers to execute commands via the DCC chat capability.

Status:Entry
Reference: BID:1046
Reference: URL:http://www.securityfocus.com/bid/1046
Reference: BUGTRAQ:20000310 Fwd: ircii-4.4 buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0093.html
Reference: FREEBSD:FreeBSD-SA-00:11
Reference: REDHAT:RHSA-2000:008
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-008.html

---

Name: CVE-2000-0184

Description:

Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords.

Status:Entry
Reference: BID:1037
Reference: URL:http://www.securityfocus.com/bid/1037
Reference: BUGTRAQ:20000309
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0082.html

---

Name: CVE-2000-0185

Description:

RealMedia RealServer reveals the real IP address of a Real Server, even if the address is supposed to be private.

Status:Entry
Reference: BID:1049
Reference: URL:http://www.securityfocus.com/bid/1049
Reference: BUGTRAQ:20000308 RealServer exposes internal IP addresses
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0069.html

---

Name: CVE-2000-0186

Description:

Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument.

Status:Entry
Reference: BID:1020
Reference: URL:http://www.securityfocus.com/bid/1020
Reference: BUGTRAQ:20000228 [ Hackerslab bug_paper ] Linux dump buffer overflow
Reference: REDHAT:RHSA-2000:100
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-100.html
Reference: TURBO:TLSA200007-1

---

Name: CVE-2000-0189

Description:

ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files.

Status:Entry
Reference: BID:1021
Reference: URL:http://www.securityfocus.com/bid/1021
Reference: BUGTRAQ:20000305 ColdFusion Bug: Application.cfm shows full path
Reference: NTBUGTRAQ:20000301 ColdFusions application.cfm shows full path

---

Name: CVE-2000-0191

Description:

Axis StorPoint CD allows remote attackers to access administrator URLs without authentication via a .. (dot dot) attack.

Status:Entry
Reference: BID:1025
Reference: URL:http://www.securityfocus.com/bid/1025
Reference: BUGTRAQ:20000229 Infosec.20000229.axisstorpointcd.a
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=41256894.00492503.00@mailgw.backupcentralen.se
Reference: OSVDB:19
Reference: URL:http://www.osvdb.org/19
Reference: XF:axis-storpoint-auth

---

Name: CVE-2000-0192

Description:

The default installation of Caldera OpenLinux 2.3 includes the CGI program rpm_query, which allows remote attackers to determine what packages are installed on the system.

Status:Entry
Reference: BID:1036
Reference: URL:http://www.securityfocus.com/bid/1036
Reference: BUGTRAQ:20000304 OpenLinux 2.3: rpm_query
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0029.html

---

Name: CVE-2000-0193

Description:

The default configuration of Dosemu in Corel Linux 1.0 allows local users to execute the system.com program and gain privileges.

Status:Entry
Reference: BID:1030
Reference: URL:http://www.securityfocus.com/bid/1030
Reference: BUGTRAQ:20000302 Corel Linux 1.0 dosemu default configuration: Local root vuln
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200003020436.PAA20168@jawa.chilli.net.au
Reference: XF:linux-dosemu-config

---

Name: CVE-2000-0194

Description:

buildxconf in Corel Linux allows local users to modify or create arbitrary files via the -x or -f parameters.

Status:Entry
Reference: BID:1007
Reference: URL:http://www.securityfocus.com/bid/1007
Reference: BUGTRAQ:20000224 Corel Linux 1.0 local root compromise
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0323.html

---

Name: CVE-2000-0195

Description:

setxconf in Corel Linux allows local users to gain root access via the -T parameter, which executes the user's .xserverrc file.

Status:Entry
Reference: BID:1008
Reference: URL:http://www.securityfocus.com/bid/1008
Reference: BUGTRAQ:20000224 Corel Linux 1.0 local root compromise
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-02/0323.html
Reference: XF:corel-linux-setxconf-root

---

Name: CVE-2000-0196

Description:

Buffer overflow in mhshow in the Linux nmh package allows remote attackers to execute commands via malformed MIME headers in an email message.

Status:Entry
Reference: BID:1018
Reference: URL:http://www.securityfocus.com/bid/1018
Reference: DEBIAN:20000229
Reference: REDHAT:RHSA-2000:006
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-006.html

---

Name: CVE-2000-0200

Description:

Buffer overflow in Microsoft Clip Art Gallery allows remote attackers to cause a denial of service or execute commands via a malformed CIL (clip art library) file, aka the "Clip Art Buffer Overrun" vulnerability.

Status:Entry
Reference: BID:1034
Reference: URL:http://www.securityfocus.com/bid/1034
Reference: MS:MS00-015
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-015

---

Name: CVE-2000-0201

Description:

The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking.

Status:Entry
Reference: BID:1033
Reference: URL:http://www.securityfocus.com/bid/1033
Reference: BUGTRAQ:20000301 IE 5.x allows executing arbitrary programs using .chm files

---

Name: CVE-2000-0202

Description:

Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query.

Status:Entry
Reference: BID:1041
Reference: URL:http://www.securityfocus.com/bid/1041
Reference: MS:MS00-014
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-014

---

Name: CVE-2000-0206

Description:

The installation of Oracle 8.1.5.x on Linux follows symlinks and creates the orainstRoot.sh file with world-writeable permissions, which allows local users to gain privileges.

Status:Entry
Reference: BID:1035
Reference: URL:http://www.securityfocus.com/bid/1035
Reference: BUGTRAQ:20000305 Oracle installer problem
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0023.html

---

Name: CVE-2000-0207

Description:

SGI InfoSearch CGI program infosrch.cgi allows remote attackers to execute commands via shell metacharacters.

Status:Entry
Reference: BID:1031
Reference: URL:http://www.securityfocus.com/bid/1031
Reference: BUGTRAQ:20000301 infosrch.cgi vulnerability (IRIX 6.5)
Reference: SGI:20000501-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20000501-01-P
Reference: XF:irix-infosrch-fname

---

Name: CVE-2000-0208

Description:

The htdig (ht://Dig) CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks (`) in parameters to htsearch.

Status:Entry
Reference: BID:1026
Reference: URL:http://www.securityfocus.com/bid/1026
Reference: BUGTRAQ:20000228 ht://Dig remote information exposure
Reference: DEBIAN:20000227
Reference: FREEBSD:FreeBSD-SA-00:06
Reference: TURBO:TLSA200005-1

---

Name: CVE-2000-0209

Description:

Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page.

Status:Entry
Reference: BID:1012
Reference: URL:http://www.securityfocus.com/bid/1012
Reference: BUGTRAQ:20000227 lynx - someone is deaf and blind ;)
Reference: FREEBSD:FreeBSD-SA-00:08

---

Name: CVE-2000-0210

Description:

The lit program in Sun Flex License Manager (FlexLM) follows symlinks, which allows local users to modify arbitrary files.

Status:Entry
Reference: BID:998
Reference: URL:http://www.securityfocus.com/bid/998
Reference: BUGTRAQ:20000221 flex license manager tempfile predictable name...

---

Name: CVE-2000-0211

Description:

The Windows Media server allows remote attackers to cause a denial of service via a series of client handshake packets that are sent in an improper sequence, aka the "Misordered Windows Media Services Handshake" vulnerability.

Status:Entry
Reference: BID:1000
Reference: URL:http://www.securityfocus.com/bid/1000
Reference: MS:MS00-013
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-013
Reference: XF:win-media-dos

---

Name: CVE-2000-0212

Description:

InterAccess TelnetD Server 4.0 allows remote attackers to conduct a denial of service via malformed terminal client configuration information.

Status:Entry
Reference: BID:1001
Reference: URL:http://www.securityfocus.com/bid/1001
Reference: BUGTRAQ:20000224 Local / Remote D.o.S Attack in InterAccess TelnetD Server Release 4.0 *ALL BUILDS* for WinNT Vulnerability
Reference: XF:interaccess-telnet-dos(4033)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4033

---

Name: CVE-2000-0215

Description:

Vulnerability in SCO cu program in UnixWare 7.x allows local users to gain privileges.

Status:Entry
Reference: BID:1019
Reference: URL:http://www.securityfocus.com/bid/1019
Reference: SCO:SB-00.05

---

Name: CVE-2000-0217

Description:

The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth program.

Status:Entry
Reference: BID:1006
Reference: URL:http://www.securityfocus.com/bid/1006
Reference: BUGTRAQ:20000224 SSH & xauth

---

Name: CVE-2000-0218

Description:

Buffer overflow in Linux mount and umount allows local users to gain root privileges via a long relative pathname.

Status:Entry
Reference: CALDERA:CSSA-2000-002.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-002.0.txt
Reference: OSVDB:6980
Reference: URL:http://www.osvdb.org/6980
Reference: OSVDB:7004
Reference: URL:http://www.osvdb.org/7004
Reference: SUSE:20000210 util < 2.10f

---

Name: CVE-2000-0221

Description:

The Nautica Marlin bridge allows remote attackers to cause a denial of service via a zero length UDP packet to the SNMP port.

Status:Entry
Reference: BID:1009
Reference: URL:http://www.securityfocus.com/bid/1009
Reference: BUGTRAQ:20000225 Scorpion Marlin

---

Name: CVE-2000-0222

Description:

The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote attackers to connect to the ADMIN$ share without a password until the reboot occurs.

Status:Entry
Reference: BID:990
Reference: URL:http://www.securityfocus.com/bid/990
Reference: BUGTRAQ:20000215 Windows 2000 installation process weakness
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000215155750.M4500@safe.hsc.fr

---

Name: CVE-2000-0223

Description:

Buffer overflow in the wmcdplay CD player program for the WindowMaker desktop allows local users to gain root privileges via a long parameter.

Status:Entry
Reference: BID:1047
Reference: URL:http://www.securityfocus.com/bid/1047
Reference: BUGTRAQ:20000311 TESO advisory -- wmcdplay
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0107.html

---

Name: CVE-2000-0224

Description:

ARCserve agent in SCO UnixWare 7.x allows local attackers to gain root privileges via a symlink attack.

Status:Entry
Reference: NAI:20000215 ARCserve symlink vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-02-15&msg=000101bf78af$94528870$4d2f45a1@jmagdych.na.nai.com
Reference: SCO:SSE063
Reference: XF:sco-openserver-arc-symlink

---

Name: CVE-2000-0225

Description:

The Pocsag POC32 program does not properly prevent remote users from accessing its server port, even if the option has been disabled.

Status:Entry
Reference: BID:1032
Reference: URL:http://www.securityfocus.com/bid/1032
Reference: BUGTRAQ:20000303 Pocsag remote access to client can't be disabled.
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=003601bf854b$6893a090$0100a8c0@FIREWALKER
Reference: OSVDB:259
Reference: URL:http://www.osvdb.org/259
Reference: XF:telnet-pocsag

---

Name: CVE-2000-0226

Description:

IIS 4.0 allows attackers to cause a denial of service by requesting a large buffer in a POST or PUT command which consumes memory, aka the "Chunked Transfer Encoding Buffer Overflow Vulnerability."

Status:Entry
Reference: BID:1066
Reference: URL:http://www.securityfocus.com/bid/1066
Reference: MS:MS00-018
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-018
Reference: XF:iis-chunked-encoding-dos

---

Name: CVE-2000-0228

Description:

Microsoft Windows Media License Manager allows remote attackers to cause a denial of service by sending a malformed request that causes the manager to halt, aka the "Malformed Media License Request" Vulnerability.

Status:Entry
Reference: BID:1058
Reference: URL:http://www.securityfocus.com/bid/1058
Reference: MS:MS00-016
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-016
Reference: XF:mwmt-malformed-media-license

---

Name: CVE-2000-0229

Description:

gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root.

Status:Entry
Reference: BID:1069
Reference: URL:http://www.securityfocus.com/bid/1069
Reference: BUGTRAQ:20000322 gpm-root
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0242.html
Reference: REDHAT:RHSA-2000:009
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-009.html
Reference: REDHAT:RHSA-2000:045
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-045.html
Reference: SUSE:20000405 Security hole in gpm < 1.18.1
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_45.html
Reference: XF:linux-gpm-root

---

Name: CVE-2000-0230

Description:

Buffer overflow in imwheel allows local users to gain root privileges via the imwheel-solo script and a long HOME environmental variable.

Status:Entry
Reference: BID:1060
Reference: URL:http://www.securityfocus.com/bid/1060
Reference: BUGTRAQ:20000316 TESO & C-Skills development advisory -- imwheel
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0168.html
Reference: REDHAT:RHSA-2000:016
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-016.html
Reference: XF:linux-imwheel-bo

---

Name: CVE-2000-0231

Description:

Linux kreatecd trusts a user-supplied path that is used to find the cdrecord program, allowing local users to gain root privileges.

Status:Entry
Reference: BID:1061
Reference: URL:http://www.securityfocus.com/bid/1061
Reference: BUGTRAQ:20000316 "TESO & C-Skills development advisory -- kreatecd" at:
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0162.html
Reference: SUSE:20000405 Security hole in kreatecd < 0.3.8b
Reference: XF:linux-kreatecd-path

---

Name: CVE-2000-0232

Description:

Microsoft TCP/IP Printing Services, aka Print Services for Unix, allows an attacker to cause a denial of service via a malformed TCP/IP print request.

Status:Entry
Reference: BID:1082
Reference: URL:http://www.securityfocus.com/bid/1082
Reference: BUGTRAQ:20000330 Remote DoS Attack in Windows 2000/NT 4.0 TCP/IP Print Request Server Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0306.html
Reference: MS:MS00-021
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-021
Reference: XF:win-tcpip-printing-dos

---

Name: CVE-2000-0233

Description:

SuSE Linux IMAP server allows remote attackers to bypass IMAP authentication and gain privileges.

Status:Entry
Reference: SUSE:20000327 Security hole in SuSE Linux IMAP Server
Reference: URL:http://archives.neohapsis.com/archives/vendor/2000-q1/0035.html
Reference: XF:linux-imap-remote-unauthorized-access

---

Name: CVE-2000-0234

Description:

The default configuration of Cobalt RaQ2 and RaQ3 as specified in access.conf allows remote attackers to view sensitive contents of a .htaccess file.

Status:Entry
Reference: BID:1083
Reference: URL:http://www.securityfocus.com/bid/1083
Reference: BUGTRAQ:20000330 Cobalt apache configuration exposes .htaccess
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000330220757.28456.qmail@securityfocus.com
Reference: CONFIRM:http://www.securityfocus.com/templates/advisory.html?id=2150
Reference: XF:cobalt-raq-remote-access

---

Name: CVE-2000-0235

Description:

Buffer overflow in the huh program in the orville-write package allows local users to gain root privileges.

Status:Entry
Reference: BID:1070
Reference: URL:http://www.securityfocus.com/bid/1070
Reference: FREEBSD:FreeBSD-SA-00:10
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:10-orville-write.asc
Reference: OSVDB:1263
Reference: URL:http://www.osvdb.org/1263
Reference: XF:freebsd-orvillewrite-bo

---

Name: CVE-2000-0236

Description:

Netscape Enterprise Server with Directory Indexing enabled allows remote attackers to list server directories via web publishing tags such as ?wp-ver-info and ?wp-cs-dump.

Status:Entry
Reference: BID:1063
Reference: URL:http://www.securityfocus.com/bid/1063
Reference: BUGTRAQ:20000317 [SAFER 000317.EXP.1.5] Netscape Enterprise Server and '?wp' tags
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38D2173D.24E39DD0@relaygroup.com
Reference: XF:netscape-server-directory-indexing

---

Name: CVE-2000-0237

Description:

Netscape Enterprise Server with Web Publishing enabled allows remote attackers to list arbitrary directories via a GET request for the /publisher directory, which provides a Java applet that allows the attacker to browse the directories.

Status:Entry
Reference: BID:1075
Reference: URL:http://www.securityfocus.com/bid/1075
Reference: MISC:http://zsh.stupidphat.com/advisory.cgi?000311-1
Reference: XF:netscape-webpublisher-invalid-access

---

Name: CVE-2000-0238

Description:

Buffer overflow in the web server for Norton AntiVirus for Internet Email Gateways allows remote attackers to cause a denial of service via a long URL.

Status:Entry
Reference: BID:1064
Reference: URL:http://www.securityfocus.com/bid/1064
Reference: BUGTRAQ:20000317 DoS with NAVIEG
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=s8d1f3e3.036@kib.co.kodiak.ak.us
Reference: XF:nav-email-gateway-dos

---

Name: CVE-2000-0240

Description:

vqSoft vqServer program allows remote attackers to read arbitrary files via a /........../ in the URL, a variation of a .. (dot dot) attack.

Status:Entry
Reference: BID:1067
Reference: URL:http://www.securityfocus.com/bid/1067
Reference: BUGTRAQ:20000321 vqserver /........../
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.1.20000321084646.0095c7f0@olga.swip.net
Reference: CONFIRM:http://www.vqsoft.com/vq/server/faqs/dotdotbug.html
Reference: OSVDB:270
Reference: URL:http://www.osvdb.org/270
Reference: XF:vqserver-dir-traverse

---

Name: CVE-2000-0243

Description:

AnalogX SimpleServer:WWW HTTP server 1.03 allows remote attackers to cause a denial of service via a short GET request to cgi-bin.

Status:Entry
Reference: BID:1076
Reference: URL:http://www.securityfocus.com/bid/1076
Reference: BUGTRAQ:20000324 AnalogX SimpleServer 1.03 Remote Crash" at:
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=web-5645555@post2.rnci.com
Reference: MISC:http://www.analogx.com/contents/download/network/sswww.htm
Reference: OSVDB:1265
Reference: URL:http://www.osvdb.org/1265
Reference: XF:simpleserver-exception-dos(4189)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4189

---

Name: CVE-2000-0245

Description:

Vulnerability in SGI IRIX objectserver daemon allows remote attackers to create user accounts.

Status:Entry
Reference: BID:1079
Reference: URL:http://www.securityfocus.com/bid/1079
Reference: BUGTRAQ:20000328 Objectserver vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200003290852.aa27218@blaze.arl.mil
Reference: CIAC:K-030
Reference: URL:http://www.ciac.org/ciac/bulletins/k-030.shtml
Reference: OSVDB:1267
Reference: URL:http://www.osvdb.org/1267
Reference: SGI:20000303-01-PX
Reference: URL:ftp://sgigate.sgi.com/security/20000303-01-PX
Reference: XF:irix-objectserver-create-accounts(4206)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4206

---

Name: CVE-2000-0246

Description:

IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability.

Status:Entry
Reference: BID:1081
Reference: URL:http://www.securityfocus.com/bid/1081
Reference: MS:MS00-019
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-019
Reference: MSKB:Q249599
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=249599
Reference: XF:iis-virtual-unc-share

---

Name: CVE-2000-0247

Description:

Unknown vulnerability in Generic-NQS (GNQS) allows local users to gain root privileges.

Status:Entry
Reference: BID:1842
Reference: URL:http://www.securityfocus.com/bid/1842
Reference: BUGTRAQ:20000322 Local root compromise in GNQS 3.50.6 and 3.50.7
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0236.html
Reference: FREEBSD:FreeBSD-SA-00:13
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:13.generic-nqs.asc
Reference: MISC:http://ftp.gnqs.org/pub/gnqs/source/by-version-number/v3.50/Generic-NQS-3.50.8-ChangeLog.txt
Reference: XF:generic-nqs-local-root(4306)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4306

---

Name: CVE-2000-0249

Description:

The AIX Fast Response Cache Accelerator (FRCA) allows local users to modify arbitrary files via the configuration capability in the frcactrl program.

Status:Entry
Reference: BID:1152
Reference: URL:http://www.securityfocus.com/bid/1152
Reference: IBM:ERS-OAR-E01-2000:075.1
Reference: ISS:20000426 Insecure file handling in IBM AIX frcactrl program
Reference: URL:http://xforce.iss.net/alerts/advise47.php3
Reference: XF:aix-frcactrl

---

Name: CVE-2000-0251

Description:

HP-UX 11.04 VirtualVault (VVOS) sends data to unprivileged processes via an interface that has multiple aliased IP addresses.

Status:Entry
Reference: BID:1090
Reference: URL:http://www.securityfocus.com/bid/1090
Reference: HP:HPSBUX0004-112
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0021.html
Reference: XF:hp-virtual-vault

---

Name: CVE-2000-0252

Description:

The dansie shopping cart application cart.pl allows remote attackers to execute commands via a shell metacharacters in a form variable.

Status:Entry
Reference: BID:1115
Reference: URL:http://www.securityfocus.com/bid/1115
Reference: BUGTRAQ:20000411 Back Door in Commercial Shopping Cart
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0051.html
Reference: XF:dansie-shell-metacharacters(4975)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4975

---

Name: CVE-2000-0253

Description:

The dansie shopping cart application cart.pl allows remote attackers to modify sensitive purchase information via hidden form fields.

Status:Entry
Reference: BID:1115
Reference: URL:http://www.securityfocus.com/bid/1115
Reference: BUGTRAQ:20000411 Re: Back Door in Commercial Shopping Cart
Reference: XF:shopping-cart-form-tampering(4621)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4621

---

Name: CVE-2000-0254

Description:

The dansie shopping cart application cart.pl allows remote attackers to obtain the shopping cart database and configuration information via a URL that references either the env, db, or vars form variables.

Status:Entry
Reference: BID:1115
Reference: URL:http://www.securityfocus.com/bid/1115
Reference: BUGTRAQ:20000411 Re: Back Door in Commercial Shopping Cart
Reference: XF:dansie-form-variables(4954)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4954

---

Name: CVE-2000-0255

Description:

The Nbase-Xyplex EdgeBlaster router allows remote attackers to cause a denial of service via a scan for the FormMail CGI program.

Status:Entry
Reference: BID:1091
Reference: URL:http://www.securityfocus.com/bid/1091
Reference: BUGTRAQ:20000405 SilverBack Security Advisory: Nbase-Xyplex DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0022.html
Reference: XF:nbase-xyplex-router

---

Name: CVE-2000-0257

Description:

Buffer overflow in the NetWare remote web administration utility allows remote attackers to cause a denial of service or execute commands via a long URL.

Status:Entry
Reference: BID:1118
Reference: URL:http://www.securityfocus.com/bid/1118
Reference: BUGTRAQ:20000418 Novell Netware 5.1 (server 5.00h, Dec 11, 1999)...
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0004171825340.10088-100000@nimue.tpi.pl
Reference: XF:netware-remote-admin-overflow

---

Name: CVE-2000-0258

Description:

IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability.

Status:Entry
Reference: BID:1101
Reference: URL:http://www.securityfocus.com/bid/1101
Reference: MS:MS00-023
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-023

---

Name: CVE-2000-0260

Description:

Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability.

Status:Entry
Reference: BID:1109
Reference: URL:http://www.securityfocus.com/bid/1109
Reference: MS:MS00-025
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-025
Reference: OSVDB:282
Reference: URL:http://www.osvdb.org/282

---

Name: CVE-2000-0261

Description:

The AVM KEN! web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:1103
Reference: URL:http://www.securityfocus.com/bid/1103
Reference: BUGTRAQ:20000415 (no subject)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0073.html
Reference: BUGTRAQ:20000418 AVM's Statement
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=383085010.956159226625.JavaMail.root@web305-mc.mail.com
Reference: OSVDB:1282
Reference: URL:http://www.osvdb.org/1282
Reference: XF:ken-download-files

---

Name: CVE-2000-0262

Description:

The AVM KEN! ISDN Proxy server allows remote attackers to cause a denial of service via a malformed request.

Status:Entry
Reference: BID:1103
Reference: URL:http://www.securityfocus.com/bid/1103
Reference: BUGTRAQ:20000415 (no subject)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0073.html
Reference: BUGTRAQ:20000418 AVM's Statement
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=383085010.956159226625.JavaMail.root@web305-mc.mail.com
Reference: XF:ken-dos

---

Name: CVE-2000-0263

Description:

The X font server xfs in Red Hat Linux 6.x allows an attacker to cause a denial of service via a malformed request.

Status:Entry
Reference: BID:1111
Reference: URL:http://www.securityfocus.com/bid/1111
Reference: BUGTRAQ:20000416 xfs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0079.html
Reference: XF:redhat-fontserver-dos

---

Name: CVE-2000-0264

Description:

Panda Security 3.0 with registry editing disabled allows users to edit the registry and gain privileges by directly executing a .reg file or using other methods.

Status:Entry
Reference: BID:1119
Reference: URL:http://www.securityfocus.com/bid/1119
Reference: BUGTRAQ:20000417 bugs in Panda Security 3.0
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38FB45F2.550EA000@teleline.es
Reference: CONFIRM:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip
Reference: XF:panda-admin-privileges

---

Name: CVE-2000-0265

Description:

Panda Security 3.0 allows users to uninstall the Panda software via its Add/Remove Programs applet.

Status:Entry
Reference: BID:1119
Reference: URL:http://www.securityfocus.com/bid/1119
Reference: BUGTRAQ:20000417 bugs in Panda Security 3.0
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=38FB45F2.550EA000@teleline.es
Reference: CONFIRM:http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip
Reference: XF:panda-uninstall-program

---

Name: CVE-2000-0267

Description:

Cisco Catalyst 5.4.x allows a user to gain access to the "enable" mode without a password.

Status:Entry
Reference: BID:1122
Reference: URL:http://www.securityfocus.com/bid/1122
Reference: CISCO:20000419 Cisco Catalyst Enable Password Bypass Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/catos-enable-bypass-pub.shtml
Reference: OSVDB:1288
Reference: URL:http://www.osvdb.org/1288
Reference: XF:cisco-catalyst-password-bypass

---

Name: CVE-2000-0268

Description:

Cisco IOS 11.x and 12.x allows remote attackers to cause a denial of service by sending the ENVIRON option to the Telnet daemon before it is ready to accept it, which causes the system to reboot.

Status:Entry
Reference: BID:1123
Reference: URL:http://www.securityfocus.com/bid/1123
Reference: CISCO:20000420 Cisco IOS Software TELNET Option Handling Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/iostelnetopt-pub.shtml
Reference: OSVDB:1289
Reference: URL:http://www.osvdb.org/1289
Reference: XF:cisco-ios-option-handling

---

Name: CVE-2000-0272

Description:

RealNetworks RealServer allows remote attackers to cause a denial of service by sending malformed input to the server at port 7070.

Status:Entry
Reference: BID:1128
Reference: URL:http://www.securityfocus.com/bid/1128
Reference: BUGTRAQ:20000420 Remote DoS attack in Real Networks Real Server Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=95625288231045&w=2
Reference: CONFIRM:http://service.real.com/help/faq/servg270.html
Reference: XF:realserver-remote-dos

---

Name: CVE-2000-0273

Description:

PCAnywhere allows remote attackers to cause a denial of service by terminating the connection before PCAnywhere provides a login prompt.

Status:Entry
Reference: BID:1095
Reference: URL:http://www.securityfocus.com/bid/1095
Reference: BUGTRAQ:20000409 A funny way to DOS pcANYWHERE8.0 and 9.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0031.html
Reference: XF:pcanywhere-login-dos

---

Name: CVE-2000-0274

Description:

The Linux trustees kernel patch allows attackers to cause a denial of service by accessing a file or directory with a long name.

Status:Entry
Reference: BID:1096
Reference: URL:http://www.securityfocus.com/bid/1096
Reference: BUGTRAQ:20000410 linux trustees 1.5 long path name vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0035.html
Reference: CONFIRM:http://www.braysystems.com/linux/trustees.html
Reference: XF:linux-trustees-patch-dos

---

Name: CVE-2000-0276

Description:

BeOS 4.5 and 5.0 allow local users to cause a denial of service via malformed direct system calls using interrupt 37.

Status:Entry
Reference: BID:1098
Reference: URL:http://www.securityfocus.com/bid/1098
Reference: BUGTRAQ:20000410 BeOS syscall bug
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000410131628.659.qmail@securityfocus.com
Reference: XF:beos-syscall-dos

---

Name: CVE-2000-0277

Description:

Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability.

Status:Entry
Reference: BID:1087
Reference: URL:http://www.securityfocus.com/bid/1087
Reference: MS:MS00-022
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-022
Reference: OSVDB:1272
Reference: URL:http://www.osvdb.org/1272

---

Name: CVE-2000-0278

Description:

The SalesLogix Eviewer allows remote attackers to cause a denial of service by accessing the URL for the slxweb.dll administration program, which does not authenticate the user.

Status:Entry
Reference: BID:1089
Reference: URL:http://www.securityfocus.com/bid/1089
Reference: BUGTRAQ:20000331 SalesLogix Eviewer Web App Bug: URL request crashes eviewer web application
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/current/0006.html
Reference: XF:eviewer-admin-request-dos

---

Name: CVE-2000-0279

Description:

BeOS allows remote attackers to cause a denial of service via malformed packets whose length field is less than the length of the headers.

Status:Entry
Reference: BID:1100
Reference: URL:http://www.securityfocus.com/bid/1100
Reference: BUGTRAQ:20000407 BeOS Networking DOS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0029.html
Reference: MISC:http://bebugs.be.com/devbugs/detail.php3?oid=2505312
Reference: XF:beos-networking-dos

---

Name: CVE-2000-0282

Description:

TalentSoft webpsvr daemon in the Web+ shopping cart application allows remote attackers to read arbitrary files via a .. (dot dot) attack on the webplus CGI program.

Status:Entry
Reference: BID:1102
Reference: URL:http://www.securityfocus.com/bid/1102
Reference: BUGTRAQ:20000412 TalentSoft Web+ Input Validation Bug Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0050.html
Reference: CONFIRM:ftp://ftp.talentsoft.com/Download/Webplus/Unix/Patches/Webplus46p%20Read%20me.html
Reference: XF:talentsoft-web-input

---

Name: CVE-2000-0283

Description:

The default installation of IRIX Performance Copilot allows remote attackers to access sensitive system information via the pmcd daemon.

Status:Entry
Reference: BID:1106
Reference: URL:http://www.securityfocus.com/bid/1106
Reference: BUGTRAQ:20000412 Performance Copilot for IRIX 6.5
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0056.html
Reference: XF:irix-pmcd-info

---

Name: CVE-2000-0285

Description:

Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter.

Status:Entry
Reference: BID:1306
Reference: URL:http://www.securityfocus.com/bid/1306
Reference: BUGTRAQ:20000416 XFree86 server overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0076.html
Reference: XF:xfree86-xkbmap-parameter-bo

---

Name: CVE-2000-0287

Description:

The BizDB CGI script bizdb-search.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the dbname parameter.

Status:Entry
Reference: BID:1104
Reference: URL:http://www.securityfocus.com/bid/1104
Reference: BUGTRAQ:20000412 BizDB Search Script Enables Shell Command Execution at the Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0058.html
Reference: XF:http-cgi-bizdb

---

Name: CVE-2000-0289

Description:

IP masquerading in Linux 2.2.x allows remote attackers to route UDP packets through the internal interface by modifying the external source IP address and port number to match those of an established connection.

Status:Entry
Reference: BID:1078
Reference: URL:http://www.securityfocus.com/bid/1078
Reference: BUGTRAQ:20000327 Security Problems with Linux 2.2.x IP Masquerading
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-03/0284.html
Reference: SUSE:20000520 Security hole in kernel < 2.2.15
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_48.html
Reference: XF:linux-masquerading-dos

---

Name: CVE-2000-0290

Description:

Buffer overflow in Webstar HTTP server allows remote attackers to cause a denial of service via a long GET request.

Status:Entry
Reference: BID:1822
Reference: URL:http://www.securityfocus.com/bid/1822
Reference: BUGTRAQ:20000331 Webstar 4.0 Buffer overflow vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0005.html
Reference: XF:macos-webstar-get-bo(4792)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4792

---

Name: CVE-2000-0292

Description:

The Adtran MX2800 M13 Multiplexer allows remote attackers to cause a denial of service via a ping flood to the Ethernet interface, which causes the device to crash.

Status:Entry
Reference: BID:1129
Reference: URL:http://www.securityfocus.com/bid/1129
Reference: BUGTRAQ:20000418 Adtran DoS
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10004190908140.32750-100000@localhost.localdomain
Reference: XF:adtran-ping-dos

---

Name: CVE-2000-0294

Description:

Buffer overflow in healthd for FreeBSD allows local users to gain root privileges.

Status:Entry
Reference: BID:1107
Reference: URL:http://www.securityfocus.com/bid/1107
Reference: FREEBSD:FreeBSD-SA-00:12
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2162
Reference: OSVDB:606
Reference: URL:http://www.osvdb.org/606
Reference: XF:freebsd-healthd

---

Name: CVE-2000-0296

Description:

fcheck allows local users to gain privileges by embedding shell metacharacters into file names that are processed by fcheck.

Status:Entry
Reference: BID:1086
Reference: URL:http://www.securityfocus.com/bid/1086
Reference: BUGTRAQ:20000331 fcheck v.2.7.45 and insecure use of Perl's system()
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/current/0011.html
Reference: XF:fcheck-shell

---

Name: CVE-2000-0297

Description:

Allaire Forums 2.0.5 allows remote attackers to bypass access restrictions to secure conferences via the rightAccessAllForums or rightModerateAllForums variables.

Status:Entry
Reference: ALLAIRE:ASB00-06
Reference: URL:http://www2.allaire.com/handlers/index.cfm?ID=15099&Method=Full
Reference: BID:1085
Reference: URL:http://www.securityfocus.com/bid/1085
Reference: OSVDB:1270
Reference: URL:http://www.osvdb.org/1270
Reference: XF:allaire-forums-allaccess

---

Name: CVE-2000-0298

Description:

The unattended installation of Windows 2000 with the OEMPreinstall option sets insecure permissions for the All Users and Default Users directories.

Status:Entry
Reference: BID:1758
Reference: URL:http://www.securityfocus.com/bid/1758
Reference: NTBUGTRAQ:20000407 All Users startup folder left open if unattended install and OEMP reinstall=1
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0027.html
Reference: XF:win2k-unattended-install(4278)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4278

---

Name: CVE-2000-0301

Description:

Ipswitch IMAIL server 6.02 and earlier allows remote attackers to cause a denial of service via the AUTH CRAM-MD5 command.

Status:Entry
Reference: BID:1094
Reference: URL:http://www.securityfocus.com/bid/1094
Reference: BUGTRAQ:20000405 Re: IMAIL (Ipswitch) DoS with Eudora (Qualcomm)
Reference: URL:http://marc.info/?l=bugtraq&m=95505800117143&w=2
Reference: CONFIRM:http://support.ipswitch.com/kb/IM-20000208-DM02.htm
Reference: XF:ipswitch-imail-dos

---

Name: CVE-2000-0302

Description:

Microsoft Index Server allows remote attackers to view the source code of ASP files by appending a %20 to the filename in the CiWebHitsFile argument to the null.htw URL.

Status:Entry
Reference: BID:1084
Reference: URL:http://www.securityfocus.com/bid/1084
Reference: BUGTRAQ:20000331 Alert: MS Index Server (CISADV000330)
Reference: URL:http://marc.info/?l=bugtraq&m=95453598317340&w=2
Reference: MS:MS00-006
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-006
Reference: OSVDB:271
Reference: URL:http://www.osvdb.org/271
Reference: XF:http-indexserver-asp-source

---

Name: CVE-2000-0303

Description:

Quake3 Arena allows malicious server operators to read or modify files on a client via a dot dot (..) attack.

Status:Entry
Reference: BID:1169
Reference: URL:http://www.securityfocus.com/bid/1169
Reference: CONFIRM:http://www.quake3arena.com/news/index.html
Reference: ISS:20000503 Vulnerability in Quake3Arena Auto-Download Feature
Reference: URL:http://xforce.iss.net/alerts/advise50.php3
Reference: OSVDB:7531
Reference: URL:http://www.osvdb.org/7531
Reference: XF:quake3-auto-download

---

Name: CVE-2000-0304

Description:

Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability.

Status:Entry
Reference: BID:1191
Reference: URL:http://www.securityfocus.com/bid/1191
Reference: ISS:20000511 Microsoft IIS Remote Denial of Service Attack
Reference: URL:http://xforce.iss.net/alerts/advise52.php3
Reference: MS:MS00-031
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-031
Reference: XF:iis-authchangeurl-dos

---

Name: CVE-2000-0305

Description:

Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal Server systems allow a remote attacker to cause a denial of service by sending a large number of identical fragmented IP packets, aka jolt2 or the "IP Fragment Reassembly" vulnerability.

Status:Entry
Reference: BID:1236
Reference: URL:http://www.securityfocus.com/bid/1236
Reference: BINDVIEW:20000519 jolt2 - Remote DoS against NT, W2K, 9x
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=2240
Reference: MS:MS00-029
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-029
Reference: XF:ip-fragment-reassembly-dos

---

Name: CVE-2000-0306

Description:

Buffer overflow in calserver in SCO OpenServer allows remote attackers to gain root access via a long message.

Status:Entry
Reference: BUGTRAQ:19981229 Local/remote exploit for SCO UNIX.
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=1998-12-29&msg=AAh6GYsGU1@leshka.chuvashia.su
Reference: SCO:SB-99.02
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.02a

---

Name: CVE-2000-0307

Description:

Vulnerability in xserver in SCO UnixWare 2.1.x and OpenServer 5.05 and earlier allows an attacker to cause a denial of service which prevents access to reserved port numbers below 1024.

Status:Entry
Reference: SCO:SB-99.07
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.07b

---

Name: CVE-2000-0308

Description:

Insecure file permissions for Netscape FastTrack Server 2.x, Enterprise Server 2.0, and Proxy Server 2.5 in SCO UnixWare 7.0.x and 2.1.3 allow an attacker to gain root privileges.

Status:Entry
Reference: SCO:SB-99.08
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.08a

---

Name: CVE-2000-0309

Description:

The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a local user to cause a denial of service.

Status:Entry
Reference: OPENBSD:19990212 i386 trace-trap handling when DDB was configured could cause a system crash.
Reference: URL:http://www.openbsd.org/errata24.html#trctrap
Reference: OSVDB:6126
Reference: URL:http://www.osvdb.org/6126

---

Name: CVE-2000-0310

Description:

IP fragment assembly in OpenBSD 2.4 allows a remote attacker to cause a denial of service by sending a large number of fragmented packets.

Status:Entry
Reference: OPENBSD:19990217 IP fragment assembly can bog the machine excessively and cause problems.
Reference: URL:http://www.openbsd.org/errata24.html#maxqueue
Reference: OSVDB:7539
Reference: URL:http://www.osvdb.org/7539

---

Name: CVE-2000-0311

Description:

The Windows 2000 domain controller allows a malicious user to modify Active Directory information by modifying an unprotected attribute, aka the "Mixed Object Access" vulnerability.

Status:Entry
Reference: BID:1145
Reference: URL:http://www.securityfocus.com/bid/1145
Reference: MS:MS00-026
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-026
Reference: XF:ms-mixed-object

---

Name: CVE-2000-0313

Description:

Vulnerability in OpenBSD 2.6 allows a local user to change interface media configurations.

Status:Entry
Reference: OPENBSD:19991109 Any user can change interface media configurations.
Reference: URL:http://www.openbsd.org/errata.html#ifmedia
Reference: OSVDB:7540
Reference: URL:http://www.osvdb.org/7540

---

Name: CVE-2000-0314

Description:

traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets the time delay for sending packets to zero.

Status:Entry
Reference: BUGTRAQ:19990213 traceroute as a flooder
Reference: URL:http://marc.info/?l=bugtraq&m=91893782027835&w=2
Reference: NETBSD:NetBSD-SA1999-004
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1999-004.txt.asc
Reference: OSVDB:7574
Reference: URL:http://www.osvdb.org/7574

---

Name: CVE-2000-0315

Description:

traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged users to modify the source address of the packets, which could be used in spoofing attacks.

Status:Entry
Reference: BUGTRAQ:19990213 traceroute as a flooder
Reference: URL:http://marc.info/?l=bugtraq&m=91893782027835&w=2
Reference: NETBSD:NetBSD-SA1999-004
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA1999-004.txt.asc
Reference: OSVDB:7575
Reference: URL:http://www.osvdb.org/7575

---

Name: CVE-2000-0316

Description:

Buffer overflow in Solaris 7 lp allows local users to gain root privileges via a long -d option.

Status:Entry
Reference: BID:1143
Reference: URL:http://www.securityfocus.com/bid/1143
Reference: BUGTRAQ:20000424 Solaris 7 x86 lp exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0191.html
Reference: SUNBUG:4314312
Reference: XF:solaris-lp-bo

---

Name: CVE-2000-0318

Description:

Atrium Mercur Mail Server 3.2 allows local attackers to read other user's email and create arbitrary files via a dot dot (..) attack.

Status:Entry
Reference: BID:1144
Reference: URL:http://www.securityfocus.com/bid/1144
Reference: NTBUGTRAQ:20000413 Security problems with Atrium Mercur Mailserver 3.20
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0057.html
Reference: XF:mercur-remote-dot-attack

---

Name: CVE-2000-0319

Description:

mail.local in Sendmail 8.10.x does not properly identify the .\n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 2047 characters long and ends in .\n.

Status:Entry
Reference: BID:1146
Reference: URL:http://www.securityfocus.com/bid/1146
Reference: BUGTRAQ:20000424 unsafe fgets() in sendmail's mail.local
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=2694.000424@SECURITY.NNOV.RU
Reference: XF:sendmail-maillocal-dos

---

Name: CVE-2000-0320

Description:

Qpopper 2.53 and 3.0 does not properly identify the \n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 1023 characters long and ends in \n.

Status:Entry
Reference: BID:1133
Reference: URL:http://www.securityfocus.com/bid/1133
Reference: BUGTRAQ:20000421 unsafe fgets() in qpopper
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=9763.000421@SECURITY.NNOV.RU
Reference: XF:qpopper-fgets-spoofing

---

Name: CVE-2000-0322

Description:

The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execute arbitrary commands via shell metacharacters.

Status:Entry
Reference: BID:1149
Reference: URL:http://www.securityfocus.com/bid/1149
Reference: BUGTRAQ:20000424 piranha default password/exploit
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Enip.BSO.23.0004241601140.28851-100000@www.whitehats.com
Reference: REDHAT:RHSA-2000:014
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-014.html
Reference: XF:piranha-passwd-execute

---

Name: CVE-2000-0323

Description:

The Microsoft Jet database engine allows an attacker to modify text files via a database query, aka the "Text I-ISAM" vulnerability.

Status:Entry
Reference: BID:595
Reference: URL:https://www.securityfocus.com/bid/595
Reference: BUGTRAQ:19990728 Alert : MS Office 97 Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-08-22&msg=19990729195531.25108.qmail@underground.org
Reference: MS:MS99-030
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-030
Reference: XF:jet-text-isam
Reference: URL:https://web.archive.org/web/20000819203059/http://xforce.iss.net:80/alerts/vol-4_num-7.php#jet-text-isam

---

Name: CVE-2000-0324

Description:

pcAnywhere 8.x and 9.0 allows remote attackers to cause a denial of service via a TCP SYN scan, e.g. by nmap.

Status:Entry
Reference: BID:1150
Reference: URL:http://www.securityfocus.com/bid/1150
Reference: BUGTRAQ:20000425 Denial of Service Against pcAnywhere.
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.1000425150157.13567A-100000@sword.damocles.com
Reference: BUGTRAQ:20010211 Symantec pcAnywhere 9.0 DoS / Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0201.html
Reference: BUGTRAQ:20010212 Re: Symantec pcAnywhere 9.0 DoS / Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0258.html
Reference: OSVDB:1301
Reference: URL:http://www.osvdb.org/1301
Reference: XF:pcanywhere-tcpsyn-dos(4347)
Reference: URL:http://www.iss.net/security_center/static/4347.php

---

Name: CVE-2000-0327

Description:

Microsoft Virtual Machine (VM) allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, aka the "Virtual Machine Verifier" vulnerability.

Status:Entry
Reference: BUGTRAQ:19991014 Another Microsoft Java Flaw Disovered
Reference: URL:http://marc.info/?l=bugtraq&m=93993545118416&w=2
Reference: MS:MS99-045
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-045
Reference: XF:msvm-verifier-java

---

Name: CVE-2000-0328

Description:

Windows NT 4.0 generates predictable random TCP initial sequence numbers (ISN), which allows remote attackers to perform spoofing and session hijacking.

Status:Entry
Reference: BID:604
Reference: URL:http://www.securityfocus.com/bid/604
Reference: BUGTRAQ:19990824 NT Predictable Initial TCP Sequence numbers - changes observed with SP4
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.1.19990824165629.00abcb40@192.168.124.1
Reference: MS:MS99-046
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-046
Reference: XF:nt-sequence-prediction-sp4
Reference: XF:tcp-seq-predict

---

Name: CVE-2000-0329

Description:

A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability.

Status:Entry
Reference: MS:MS99-048
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-048
Reference: XF:ie-active-setup-control

---

Name: CVE-2000-0330

Description:

The networking software in Windows 95 and Windows 98 allows remote attackers to execute commands via a long file name string, aka the "File Access URL" vulnerability.

Status:Entry
Reference: MS:MS99-049
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/1999/ms99-049
Reference: XF:win-fileurl-overflow

---

Name: CVE-2000-0331

Description:

Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability.

Status:Entry
Reference: BID:1135
Reference: URL:http://www.securityfocus.com/bid/1135
Reference: BUGTRAQ:20000421 CMD.EXE overflow (CISADV000420)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0147.html
Reference: MS:MS00-027
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-027
Reference: XF:nt-cmd-overflow

---

Name: CVE-2000-0332

Description:

UltraBoard.pl or UltraBoard.cgi CGI scripts in UltraBoard 1.6 allows remote attackers to read arbitrary files via a pathname string that includes a dot dot (..) and ends with a null byte.

Status:Entry
Reference: BID:1164
Reference: URL:http://www.securityfocus.com/bid/1164
Reference: BUGTRAQ:20000502 Fun with UltraBoard V1.6X
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000503091316.99073.qmail@hotmail.com
Reference: OSVDB:1309
Reference: URL:http://www.osvdb.org/1309
Reference: OSVDB:4065
Reference: URL:http://www.osvdb.org/4065
Reference: XF:ultraboard-printabletopic-fileread

---

Name: CVE-2000-0334

Description:

The Allaire Spectra container editor preview tool does not properly enforce object security, which allows an attacker to conduct unauthorized activities via an object-method that is added to the container object with a publishing rule.

Status:Entry
Reference: ALLAIRE:ASB00-10
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=15411&Method=Full
Reference: BID:1181
Reference: URL:http://www.securityfocus.com/bid/1181
Reference: XF:allaire-spectra-container-editor-preview

---

Name: CVE-2000-0335

Description:

The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results.

Status:Entry
Reference: BID:1166
Reference: URL:http://www.securityfocus.com/bid/1166
Reference: BUGTRAQ:20000502 glibc resolver weakness
Reference: XF:glibc-resolver-id-predictable

---

Name: CVE-2000-0336

Description:

Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack.

Status:Entry
Reference: BID:1232
Reference: URL:http://www.securityfocus.com/bid/1232
Reference: CALDERA:CSSA-2000-009.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-009.0.txt
Reference: REDHAT:RHSA-2000:012
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-012.html
Reference: TURBO:TLSA2000010-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-May/000009.html
Reference: XF:openldap-symlink-attack

---

Name: CVE-2000-0337

Description:

Buffer overflow in Xsun X server in Solaris 7 allows local users to gain root privileges via a long -dev parameter.

Status:Entry
Reference: BID:1140
Reference: URL:http://www.securityfocus.com/bid/1140
Reference: BUGTRAQ:20000424 Solaris x86 Xsun overflow.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0188.html
Reference: SUNBUG:4335411
Reference: XF:solaris-xsun-bo

---

Name: CVE-2000-0338

Description:

Concurrent Versions Software (CVS) uses predictable temporary file names for locking, which allows local users to cause a denial of service by creating the lock directory before it is created for use by a legitimate CVS user.

Status:Entry
Reference: BID:1136
Reference: URL:http://www.securityfocus.com/bid/1136
Reference: BUGTRAQ:20000423 CVS DoS
Reference: URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D20000423174038.A520%40clico.pl
Reference: XF:cvs-tempfile-dos

---

Name: CVE-2000-0339

Description:

ZoneAlarm 2.1.10 and earlier does not filter UDP packets with a source port of 67, which allows remote attackers to bypass the firewall rules.

Status:Entry
Reference: BID:1137
Reference: URL:http://www.securityfocus.com/bid/1137
Reference: BUGTRAQ:20000420 ZoneAlarm
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000421044123.2353.qmail@securityfocus.com
Reference: OSVDB:1294
Reference: URL:http://www.osvdb.org/1294
Reference: XF:zonealarm-portscan

---

Name: CVE-2000-0340

Description:

Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to execute arbitrary commands via the DISPLAY environmental variable.

Status:Entry
Reference: BID:1155
Reference: URL:http://www.securityfocus.com/bid/1155
Reference: BUGTRAQ:20000428 SuSE 6.3 Gnomelib buffer overflow
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=00042902575201.09597@wintermute-pub
Reference: CONFIRM:http://www.suse.com/us/support/download/updates/axp_63.html
Reference: XF:linux-gnomelib-bo

---

Name: CVE-2000-0341

Description:

ATRIUM Cassandra NNTP Server 1.10 allows remote attackers to cause a denial of service via a long login name.

Status:Entry
Reference: BID:1156
Reference: URL:http://www.securityfocus.com/bid/1156
Reference: NTBUGTRAQ:20000501 Remote DoS attack in CASSANDRA NNTPServer v1.10 from ATRIUM
Reference: URL:http://marc.info/?l=ntbugtraq&m=95736106504870&w=2
Reference: XF:nntpserver-cassandra-bo

---

Name: CVE-2000-0342

Description:

Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment."

Status:Entry
Reference: BID:1157
Reference: URL:http://www.securityfocus.com/bid/1157
Reference: CONFIRM:http://news.cnet.com/news/0-1005-200-1773077.html?tag=st.ne.fd.lthd.1005-200-1773077
Reference: MISC:http://www.peacefire.org/security/stealthattach/explanation.html
Reference: XF:eudora-warning-message

---

Name: CVE-2000-0344

Description:

The knfsd NFS server in Linux kernel 2.2.x allows remote attackers to cause a denial of service via a negative size value.

Status:Entry
Reference: BID:1160
Reference: URL:http://www.securityfocus.com/bid/1160
Reference: BUGTRAQ:20000501 Linux knfsd DoS issue
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0005012042550.6419-100000@ferret.lmh.ox.ac.uk
Reference: XF:linux-knfsd-dos

---

Name: CVE-2000-0346

Description:

AppleShare IP 6.1 and later allows a remote attacker to read potentially sensitive information via an invalid range request to the web server.

Status:Entry
Reference: BID:1162
Reference: URL:http://www.securityfocus.com/bid/1162
Reference: BUGTRAQ:20000502 INFO:AppleShare IP 6.3.2 squashes security bug
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000502133240.21807.qmail@securityfocus.com
Reference: CONFIRM:http://asu.info.apple.com/swupdates.nsf/artnum/n11670
Reference: XF:macos-appleshare-invalid-range

---

Name: CVE-2000-0347

Description:

Windows 95 and Windows 98 allow a remote attacker to cause a denial of service via a NetBIOS session request packet with a NULL source name.

Status:Entry
Reference: BID:1163
Reference: URL:http://www.securityfocus.com/bid/1163
Reference: NTBUGTRAQ:20000501 el8.org advisory - Win 95/98 DoS (RFParalyze.c)
Reference: URL:http://marc.info/?l=ntbugtraq&m=95737580922397&w=2
Reference: XF:win-netbios-source-null

---

Name: CVE-2000-0348

Description:

A vulnerability in the Sendmail configuration file sendmail.cf as installed in SCO UnixWare 7.1.0 and earlier allows an attacker to gain root privileges.

Status:Entry
Reference: SCO:SB-99.10
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.10a

---

Name: CVE-2000-0349

Description:

Vulnerability in the passthru driver in SCO UnixWare 7.1.0 allows an attacker to cause a denial of service.

Status:Entry
Reference: SCO:SB-99.13
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.13a

---

Name: CVE-2000-0350

Description:

A debugging feature in NetworkICE ICEcap 2.0.23 and earlier is enabled, which allows a remote attacker to bypass the weak authentication and post unencrypted events.

Status:Entry
Reference: BID:1216
Reference: URL:http://www.securityfocus.com/bid/1216
Reference: CONFIRM:http://advice.networkice.com/advice/Support/KB/q000166/
Reference: MISC:http://www.securityfocus.com/templates/advisory.html?id=2220
Reference: OSVDB:312
Reference: URL:http://www.osvdb.org/312
Reference: XF:netice-icecap-alert-execute
Reference: XF:netice-icecap-default

---

Name: CVE-2000-0351

Description:

Some packaging commands in SCO UnixWare 7.1.0 have insecure privileges, which allows local users to add or remove software packages.

Status:Entry
Reference: SCO:SB-99.09
Reference: URL:ftp://ftp.sco.com/SSE/security_bulletins/SB-99.09b

---

Name: CVE-2000-0352

Description:

Pine before version 4.21 does not properly filter shell metacharacters from URLs, which allows remote attackers to execute arbitrary commands via a malformed URL.

Status:Entry
Reference: BID:810
Reference: URL:http://www.securityfocus.com/bid/810
Reference: BUGTRAQ:19991117 Pine: expanding env vars in URLs (seems to be fixed as of 4.21)
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9911171818220.12375-100000@ray.compu-aid.com
Reference: CALDERA:CSSA-1999-036.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-036.0.txt
Reference: SUSE:19991227 Security hole in Pine < 4.21
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_36.html
Reference: XF:pine-remote-exe

---

Name: CVE-2000-0353

Description:

Pine 4.x allows a remote attacker to execute arbitrary commands via an index.html file which executes lynx and obtains a uudecoded file from a malicious web server, which is then executed by Pine.

Status:Entry
Reference: BID:1247
Reference: URL:http://www.securityfocus.com/bid/1247
Reference: MISC:http://www.securiteam.com/unixfocus/HHP-Pine_remote_exploit.html
Reference: SUSE:19990628 Execution of commands in Pine 4.x
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_6.html
Reference: SUSE:19990911 Update for Pine (fixed IMAP support)
Reference: URL:http://www.novell.com/linux/security/advisories/pine_update_announcement.html
Reference: XF:pine-lynx-execute-commands

---

Name: CVE-2000-0354

Description:

mirror 2.8.x in Linux systems allows remote attackers to create files one level above the local target directory.

Status:Entry
Reference: BID:681
Reference: URL:http://www.securityfocus.com/bid/681
Reference: BUGTRAQ:19990928 mirror 2.9 hole
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=15769.990928@tomcat.ru
Reference: DEBIAN:19991018 Incorrect directory name handling in mirror
Reference: URL:http://www.debian.org/security/1999/19991018
Reference: SUSE:19991001 Security hole in mirror
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_22.html
Reference: XF:mirror-perl-remote-file-creation

---

Name: CVE-2000-0356

Description:

Pluggable Authentication Modules (PAM) in Red Hat Linux 6.1 does not properly lock access to disabled NIS accounts.

Status:Entry
Reference: BID:697
Reference: URL:http://www.securityfocus.com/bid/697
Reference: REDHAT:RHSA-1999:040
Reference: URL:http://www.securityfocus.com/templates/advisory.html?id=1789
Reference: XF:linux-pam-nis-login

---

Name: CVE-2000-0359

Description:

Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to cause a denial of service or execute arbitrary commands via a long If-Modified-Since header.

Status:Entry
Reference: BID:1248
Reference: URL:http://www.securityfocus.com/bid/1248
Reference: BUGTRAQ:19991113 thttpd 2.04 stack overflow (VD#6)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/1626.html
Reference: SUSE:19991116 Security hole in thttpd 1.90a - 2.04
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_30.html
Reference: XF:thttpd-ifmodifiedsince-header-dos

---

Name: CVE-2000-0360

Description:

Buffer overflow in INN 2.2.1 and earlier allows remote attackers to cause a denial of service via a maliciously formatted article.

Status:Entry
Reference: BID:1249
Reference: URL:http://www.securityfocus.com/bid/1249
Reference: CALDERA:CSSA-1999-038.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-038.0.txt
Reference: SUSE:19991124 Security hole in inn <= 2.2.1
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_34.html
Reference: XF:inn-remote-dos

---

Name: CVE-2000-0361

Description:

The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a .config file with world readable permissions, which allows a local attacker in the dialout group to access login and password information.

Status:Entry
Reference: SUSE:19991214 Security hole in wvdial <= 1.4
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_35.html
Reference: XF:wvdial-gain-dialup-info

---

Name: CVE-2000-0362

Description:

Buffer overflows in Linux cdwtools 093 and earlier allows local users to gain root privileges.

Status:Entry
Reference: BID:738
Reference: URL:http://www.securityfocus.com/bid/738
Reference: SUSE:19991019 Security hole in cdwtools < 093
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_25.html
Reference: XF:linux-cdda2cdr

---

Name: CVE-2000-0363

Description:

Linux cdwtools 093 and earlier allows local users to gain root privileges via the /tmp directory.

Status:Entry
Reference: BID:738
Reference: URL:http://www.securityfocus.com/bid/738
Reference: SUSE:19991019 Security hole in cdwtools < 093
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_25.html
Reference: XF:linux-cdda2cdr

---

Name: CVE-2000-0366

Description:

dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files.

Status:Entry
Reference: BID:1442
Reference: URL:http://www.securityfocus.com/bid/1442
Reference: DEBIAN:19991202 problem restoring symlinks
Reference: URL:http://www.debian.org/security/1999/19991202
Reference: XF:debian-dump-modify-ownership

---

Name: CVE-2000-0367

Description:

Vulnerability in eterm 0.8.8 in Debian GNU/Linux allows an attacker to gain root privileges.

Status:Entry
Reference: DEBIAN:19990218 Root exploit in eterm
Reference: URL:http://www.debian.org/security/1999/19990218
Reference: XF:linux-eterm

---

Name: CVE-2000-0368

Description:

Classic Cisco IOS 9.1 and later allows attackers with access to the login prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data.

Status:Entry
Reference: CIAC:J-009
Reference: URL:http://www.ciac.org/ciac/bulletins/j-009.shtml
Reference: CISCO:19981014 Cisco IOS Command History Release at Login Prompt
Reference: URL:http://www.cisco.com/warp/public/770/ioshist-pub.shtml

---

Name: CVE-2000-0369

Description:

The IDENT server in Caldera Linux 2.3 creates multiple threads for each IDENT request, which allows remote attackers to cause a denial of service.

Status:Entry
Reference: BID:1266
Reference: URL:http://www.securityfocus.com/bid/1266
Reference: CALDERA:CSSA-1999-029.1
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-029.1.txt
Reference: XF:caldera-ident-server-dos

---

Name: CVE-2000-0370

Description:

The debug option in Caldera Linux smail allows remote attackers to execute commands via shell metacharacters in the -D option for the rmail command.

Status:Entry
Reference: BID:1268
Reference: URL:http://www.securityfocus.com/bid/1268
Reference: CALDERA:CSSA-1999-001.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-001.0.txt
Reference: XF:caldera-smail-rmail-command

---

Name: CVE-2000-0371

Description:

The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack.

Status:Entry
Reference: BID:1269
Reference: URL:http://www.securityfocus.com/bid/1269
Reference: CALDERA:CSSA-1999-005.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-005.0.txt
Reference: XF:kde-mediatool

---

Name: CVE-2000-0372

Description:

Vulnerability in Caldera rmt command in the dump package 0.4b4 allows a local user to gain root privileges.

Status:Entry
Reference: CALDERA:CSSA-1999-014.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-014.0.txt
Reference: OSVDB:7940
Reference: URL:http://www.osvdb.org/7940
Reference: XF:linux-rmt(2268)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2268

---

Name: CVE-2000-0373

Description:

Vulnerabilities in the KDE kvt terminal program allow local users to gain root privileges.

Status:Entry
Reference: CALDERA:CSSA-1999-015.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-015.0.txt
Reference: REDHAT:RHSA-1999:015-01
Reference: URL:http://www.redhat.com/support/errata/RHSA1999015_01.html
Reference: XF:kde-kvt(2266)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/2266

---

Name: CVE-2000-0374

Description:

The default configuration of kdm in Caldera and Mandrake Linux, and possibly other distributions, allows XDMCP connections from any host, which allows remote attackers to obtain sensitive information or bypass additional access restrictions.

Status:Entry
Reference: BID:1446
Reference: URL:http://www.securityfocus.com/bid/1446
Reference: CALDERA:CSSA-1999-021.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-021.0.txt
Reference: MANDRAKE:MDKSA-2002:025
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:025
Reference: XF:xdmcp-kdm-default-configuration(4856)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4856

---

Name: CVE-2000-0375

Description:

The kernel in FreeBSD 3.2 follows symbolic links when it creates core dump files, which allows local attackers to modify arbitrary files.

Status:Entry
Reference: FREEBSD:FreeBSD-SA-99:04
Reference: OSVDB:6084
Reference: URL:http://www.osvdb.org/6084

---

Name: CVE-2000-0376

Description:

Buffer overflow in the HTTP proxy server for the i-drive Filo software allows remote attackers to execute arbitrary commands via a long HTTP GET request.

Status:Entry
Reference: BID:1324
Reference: URL:http://www.securityfocus.com/bid/1324
Reference: ISS:20000607 Buffer Overflow in i-drive Filo (tm) software
Reference: XF:idrive-filo-bo

---

Name: CVE-2000-0377

Description:

The Remote Registry server in Windows NT 4.0 allows local authenticated users to cause a denial of service via a malformed request, which causes the winlogon process to fail, aka the "Remote Registry Access Authentication" vulnerability.

Status:Entry
Reference: BID:1331
Reference: URL:http://www.securityfocus.com/bid/1331
Reference: MS:MS00-040
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-040
Reference: MSKB:Q264684
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=264684
Reference: OVAL:oval:org.mitre.oval:def:1021
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1021
Reference: XF:nt-registry-request-dos

---

Name: CVE-2000-0378

Description:

The pam_console PAM module in Linux systems performs a chown on various devices upon a user login, but an open file descriptor for those devices can be maintained after the user logs out, which allows that user to sniff activity on these devices when subsequent users log in.

Status:Entry
Reference: BID:1176
Reference: URL:http://www.securityfocus.com/bid/1176
Reference: BUGTRAQ:20000502 pam_console bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0023.html
Reference: XF:linux-pam-sniff-activities

---

Name: CVE-2000-0379

Description:

The Netopia R9100 router does not prevent authenticated users from modifying SNMP tables, even if the administrator has configured it to do so.

Status:Entry
Reference: BID:1177
Reference: URL:http://www.securityfocus.com/bid/1177
Reference: BUGTRAQ:20000507 Advisory: Netopia R9100 router vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005082054.NAA32590@linux.mtndew.com
Reference: CONFIRM:http://www.netopia.com/equipment/purchase/fmw_update.html
Reference: XF:netopia-snmp-comm-strings

---

Name: CVE-2000-0380

Description:

The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string.

Status:Entry
Reference: BID:1154
Reference: URL:http://www.securityfocus.com/bid/1154
Reference: BUGTRAQ:20000426 Cisco HTTP possible bug:
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0261.html
Reference: CISCO:20000514 Cisco IOS HTTP Server Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/ioshttpserver-pub.shtml
Reference: OSVDB:1302
Reference: URL:http://www.osvdb.org/1302
Reference: XF:cisco-ios-http-dos

---

Name: CVE-2000-0381

Description:

The Gossamer Threads DBMan db.cgi CGI script allows remote attackers to view environmental variables and setup information by referencing a non-existing database in the db parameter.

Status:Entry
Reference: BID:1178
Reference: URL:http://www.securityfocus.com/bid/1178
Reference: BUGTRAQ:20000505 Black Watch Labs Vulnerability Alert
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0067.html
Reference: MISC:http://www.perfectotech.com/blackwatchlabs/vul5_05.html
Reference: XF:http-cgi-dbman-db

---

Name: CVE-2000-0382

Description:

ColdFusion ClusterCATS appends stale query string arguments to a URL during HTML redirection, which may provide sensitive information to the redirected site.

Status:Entry
Reference: ALLAIRE:ASB00-12
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=15697&Method=Full
Reference: BID:1179
Reference: URL:http://www.securityfocus.com/bid/1179
Reference: XF:allaire-clustercats-url-redirect

---

Name: CVE-2000-0387

Description:

The makelev program in the golddig game from the FreeBSD ports collection allows local users to overwrite arbitrary files.

Status:Entry
Reference: BID:1184
Reference: URL:http://www.securityfocus.com/bid/1184
Reference: FREEBSD:FreeBSD-SA-00:16
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:16.golddig.asc
Reference: XF:golddig-overwrite-files

---

Name: CVE-2000-0388

Description:

Buffer overflow in FreeBSD libmytinfo library allows local users to execute commands via a long TERMCAP environmental variable.

Status:Entry
Reference: BID:1185
Reference: URL:http://www.securityfocus.com/bid/1185
Reference: FREEBSD:FreeBSD-SA-00:17
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A17.libmytinfo.asc
Reference: XF:libmytinfo-bo

---

Name: CVE-2000-0389

Description:

Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges.

Status:Entry
Reference: BID:1220
Reference: URL:http://www.securityfocus.com/bid/1220
Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html
Reference: CERT:CA-2000-06
Reference: URL:http://www.cert.org/advisories/CA-2000-06.html
Reference: FREEBSD:FreeBSD-SA-00:20
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html
Reference: REDHAT:RHSA-2000:025
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html
Reference: XF:kerberos-krb-rd-req-bo

---

Name: CVE-2000-0390

Description:

Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges.

Status:Entry
Reference: BID:1220
Reference: URL:http://www.securityfocus.com/bid/1220
Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html
Reference: CERT:CA-2000-06
Reference: URL:http://www.cert.org/advisories/CA-2000-06.html
Reference: FREEBSD:FreeBSD-SA-00:20
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html
Reference: OSVDB:4884
Reference: URL:http://www.osvdb.org/4884
Reference: REDHAT:RHSA-2000:025
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html
Reference: XF:kerberos-krb425-conv-principal-bo

---

Name: CVE-2000-0391

Description:

Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges.

Status:Entry
Reference: BID:1220
Reference: URL:http://www.securityfocus.com/bid/1220
Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html
Reference: CERT:CA-2000-06
Reference: URL:http://www.cert.org/advisories/CA-2000-06.html
Reference: FREEBSD:FreeBSD-SA-00:20
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html
Reference: OSVDB:4876
Reference: URL:http://www.osvdb.org/4876
Reference: REDHAT:RHSA-2000:025
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html
Reference: XF:kerberos-krshd-bo

---

Name: CVE-2000-0392

Description:

Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges.

Status:Entry
Reference: BID:1220
Reference: URL:http://www.securityfocus.com/bid/1220
Reference: BUGTRAQ:20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html
Reference: CERT:CA-2000-06
Reference: URL:http://www.cert.org/advisories/CA-2000-06.html
Reference: FREEBSD:FreeBSD-SA-00:20
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-05/0295.html
Reference: REDHAT:RHSA-2000:025
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-025.html
Reference: XF:kerberos-ksu-bo

---

Name: CVE-2000-0393

Description:

The KDE kscd program does not drop privileges when executing a program specified in a user's SHELL environmental variable, which allows the user to gain privileges by specifying an alternate program to execute.

Status:Entry
Reference: BID:1206
Reference: URL:http://www.securityfocus.com/bid/1206
Reference: BUGTRAQ:20000516 kscd vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0172.html
Reference: SUSE:20000529 kmulti <= 1.1.2
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_50.html
Reference: XF:kscd-shell-env-variable

---

Name: CVE-2000-0394

Description:

NetProwler 3.0 allows remote attackers to cause a denial of service by sending malformed IP packets that trigger NetProwler's Man-in-the-Middle signature.

Status:Entry
Reference: BID:1225
Reference: URL:http://www.securityfocus.com/bid/1225
Reference: BUGTRAQ:20000519 RFP2K05: NetProwler vs. RFProwler
Reference: URL:http://marc.info/?l=bugtraq&m=95878603510835&w=2
Reference: BUGTRAQ:20000522 RFP2K05 - NetProwler "Fragmentation" Issue
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=392AD3B3.3E9BE3EA@axent.com
Reference: XF:axent-netprowler-ipfrag-dos

---

Name: CVE-2000-0395

Description:

Buffer overflow in CProxy 3.3 allows remote users to cause a denial of service via a long HTTP request.

Status:Entry
Reference: BID:1213
Reference: URL:http://www.securityfocus.com/bid/1213
Reference: BUGTRAQ:20000516 CProxy v3.3 SP 2 DoS
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=007d01bfbf48$e44f0e40$01dc11ac@peopletel.org
Reference: XF:cproxy-http-dos

---

Name: CVE-2000-0396

Description:

The add.exe program in the Carello shopping cart software allows remote attackers to duplicate files on the server, which could allow the attacker to read source code for web scripts such as .ASP files.

Status:Entry
Reference: BID:1245
Reference: URL:http://www.securityfocus.com/bid/1245
Reference: BUGTRAQ:20000524 Alert: Carello File Creation flaw
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0285.html
Reference: XF:carello-file-duplication

---

Name: CVE-2000-0397

Description:

The EMURL web-based email account software encodes predictable identifiers in user session URLs, which allows a remote attacker to access a user's email account.

Status:Entry
Reference: BID:1203
Reference: URL:http://www.securityfocus.com/bid/1203
Reference: BUGTRAQ:20000515 Vulnerability in EMURL-based e-mail providers
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0160.html
Reference: XF:emurl-account-access

---

Name: CVE-2000-0398

Description:

Buffer overflow in wconsole.dll in Rockliffe MailSite Management Agent allows remote attackers to execute arbitrary commands via a long query_string parameter in the HTTP GET request.

Status:Entry
Reference: BID:1244
Reference: URL:http://www.securityfocus.com/bid/1244
Reference: BUGTRAQ:20000524 Alert: Buffer overflow in Rockliffe's MailSite
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0286.html
Reference: XF:mailsite-get-overflow

---

Name: CVE-2000-0399

Description:

Buffer overflow in MDaemon POP server allows remote attackers to cause a denial of service via a long user name.

Status:Entry
Reference: BID:1250
Reference: URL:http://www.securityfocus.com/bid/1250
Reference: BUGTRAQ:20000524 Deerfield Communications MDaemon Mail Server DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0301.html
Reference: XF:deerfield-mdaemon-dos

---

Name: CVE-2000-0402

Description:

The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability.

Status:Entry
Reference: BID:1281
Reference: URL:http://www.securityfocus.com/bid/1281
Reference: MS:MS00-035
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-035
Reference: MSKB:Q263968
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=263968
Reference: XF:mssql-agent-stored-pw
Reference: XF:mssql-sa-pw-in-sqlsplog

---

Name: CVE-2000-0403

Description:

The CIFS Computer Browser service on Windows NT 4.0 allows a remote attacker to cause a denial of service by sending a large number of host announcement requests to the master browse tables, aka the "HostAnnouncement Flooding" or "HostAnnouncement Frame" vulnerability.

Status:Entry
Reference: BID:1261
Reference: URL:http://www.securityfocus.com/bid/1261
Reference: MS:MS00-036
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-036
Reference: MSKB:Q263307
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=263307
Reference: XF:win-browser-hostannouncement

---

Name: CVE-2000-0404

Description:

The CIFS Computer Browser service allows remote attackers to cause a denial of service by sending a ResetBrowser frame to the Master Browser, aka the "ResetBrowser Frame" vulnerability.

Status:Entry
Reference: BID:1262
Reference: URL:http://www.securityfocus.com/bid/1262
Reference: MS:MS00-036
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-036
Reference: MSKB:Q262694
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=262694
Reference: XF:win-browser-reset-frame

---

Name: CVE-2000-0405

Description:

Buffer overflow in L0pht AntiSniff allows remote attackers to execute arbitrary commands via a malformed DNS response packet.

Status:Entry
Reference: BID:1207
Reference: URL:http://www.securityfocus.com/bid/1207
Reference: L0PHT:20000515 AntiSniff version 1.01 and Researchers version 1 DNS overflow
Reference: URL:http://www.l0pht.com/advisories/asniff_advisory.txt
Reference: OSVDB:3179
Reference: URL:http://www.osvdb.org/3179
Reference: XF:antisniff-dns-overflow

---

Name: CVE-2000-0406

Description:

Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability.

Status:Entry
Reference: BID:1188
Reference: URL:http://www.securityfocus.com/bid/1188
Reference: CERT:CA-2000-05
Reference: URL:http://www.cert.org/advisories/CA-2000-05.html
Reference: MISC:http://www.acrossecurity.com/aspr/ASPR-2000-04-06-1-PUB.txt
Reference: REDHAT:RHSA-2000:028
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-028.html
Reference: XF:netscape-invalid-ssl-sessions

---

Name: CVE-2000-0407

Description:

Buffer overflow in Solaris netpr program allows local users to execute arbitrary commands via a long -p option.

Status:Entry
Reference: BID:1200
Reference: URL:http://www.securityfocus.com/bid/1200
Reference: BUGTRAQ:20000512 New Solaris root exploit for /usr/lib/lp/bin/netpr
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0141.html
Reference: XF:sol-netpr-bo

---

Name: CVE-2000-0408

Description:

IIS 4.05 and 5.0 allow remote attackers to cause a denial of service via a long, complex URL that appears to contain a large number of file extensions, aka the "Malformed Extension Data in URL" vulnerability.

Status:Entry
Reference: BID:1190
Reference: URL:http://www.securityfocus.com/bid/1190
Reference: MISC:http://www.ussrback.com/labs40.html
Reference: MS:MS00-030
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-030
Reference: MSKB:Q260205
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=260205
Reference: XF:iis-url-extension-data-dos

---

Name: CVE-2000-0409

Description:

Netscape 4.73 and earlier follows symlinks when it imports a new certificate, which allows local users to overwrite files of the user importing the certificate.

Status:Entry
Reference: BID:1201
Reference: URL:http://www.securityfocus.com/bid/1201
Reference: BUGTRAQ:20000510 Possible symlink problems with Netscape 4.73
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0126.html
Reference: XF:netscape-import-certificate-symlink

---

Name: CVE-2000-0410

Description:

ColdFusion Server 4.5.1 allows remote attackers to cause a denial of service by making repeated requests to a CFCACHE tagged cache file that is not stored in memory.

Status:Entry
Reference: BID:1192
Reference: URL:http://www.securityfocus.com/bid/1192
Reference: NTBUGTRAQ:20000510 Cold Fusion Server 4.5.1 DoS Vulnerability.
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0005&L=ntbugtraq&F=&S=&P=4843
Reference: XF:coldfusion-cfcache-dos

---

Name: CVE-2000-0411

Description:

Matt Wright's FormMail CGI script allows remote attackers to obtain environmental variables via the env_report parameter.

Status:Entry
Reference: BID:1187
Reference: URL:http://www.securityfocus.com/bid/1187
Reference: BUGTRAQ:20000510 Black Watch Labs Vulnerability Alert
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0125.html
Reference: MISC:http://www.perfectotech.com/blackwatchlabs/vul5_10.html
Reference: XF:http-cgi-formmail-environment

---

Name: CVE-2000-0414

Description:

Vulnerability in shutdown command for HP-UX 11.X and 10.X allows allows local users to gain privileges via malformed input variables.

Status:Entry
Reference: BID:1214
Reference: URL:http://www.securityfocus.com/bid/1214
Reference: HP:HPSBUX0005-113
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0047.html
Reference: XF:hp-shutdown-privileges

---

Name: CVE-2000-0416

Description:

NTMail 5.x allows network users to bypass the NTMail proxy restrictions by redirecting their requests to NTMail's web configuration server.

Status:Entry
Reference: BID:1196
Reference: URL:http://www.securityfocus.com/bid/1196
Reference: BUGTRAQ:20000511 NTMail Proxy Exploit
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NABBJLKKPKIHDIMKFKGCMEFANMAB.georger@nls.net
Reference: CONFIRM:http://www.gordano.com/support/archives/ntmail/2000-05/00001114.htm
Reference: XF:ntmail-bypass-proxy

---

Name: CVE-2000-0417

Description:

The HTTP administration interface to the Cayman 3220-H DSL router allows remote attackers to cause a denial of service via a long username or password.

Status:Entry
Reference: BID:1219
Reference: URL:http://www.securityfocus.com/bid/1219
Reference: BUGTRAQ:20000505 Cayman 3220-H DSL Router DOS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0075.html
Reference: BUGTRAQ:20000523 Cayman 3220H DSL Router Software Update and New Bonus Attack
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0280.html
Reference: XF:cayman-router-dos

---

Name: CVE-2000-0418

Description:

The Cayman 3220-H DSL router allows remote attackers to cause a denial of service via oversized ICMP echo (ping) requests.

Status:Entry
Reference: BID:1240
Reference: URL:http://www.securityfocus.com/bid/1240
Reference: BUGTRAQ:20000523 Cayman 3220H DSL Router Software Update and New Bonus Attack
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0280.html
Reference: XF:cayman-dsl-dos

---

Name: CVE-2000-0419

Description:

The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability.

Status:Entry
Reference: BID:1197
Reference: URL:http://www.securityfocus.com/bid/1197
Reference: CERT:CA-2000-07
Reference: URL:http://www.cert.org/advisories/CA-2000-07.html
Reference: MS:MS00-034
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-034
Reference: MSKB:Q262767
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=262767
Reference: XF:office-ua-control

---

Name: CVE-2000-0421

Description:

The process_bug.cgi script in Bugzilla allows remote attackers to execute arbitrary commands via shell metacharacters.

Status:Entry
Reference: BID:1199
Reference: URL:http://www.securityfocus.com/bid/1199
Reference: BUGTRAQ:20000510 Advisory: Unchecked system(blaat $var blaat) call in Bugzilla 2.8
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0128.html
Reference: XF:bugzilla-unchecked-system-call

---

Name: CVE-2000-0424

Description:

The CGI counter 4.0.7 by George Burgyan allows remote attackers to execute arbitrary commands via shell metacharacters.

Status:Entry
Reference: BID:1202
Reference: URL:http://www.securityfocus.com/bid/1202
Reference: BUGTRAQ:20000514 Vulnerability in CGI counter 4.0.7 by George Burgyan
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200005151024.aa01811@blaze.arl.mil
Reference: XF:http-cgi-burgyan-counter

---

Name: CVE-2000-0425

Description:

Buffer overflow in the Web Archives component of L-Soft LISTSERV 1.8 allows remote attackers to execute arbitrary commands.

Status:Entry
Reference: BID:1167
Reference: URL:http://www.securityfocus.com/bid/1167
Reference: BUGTRAQ:20000505 Alert: Listserv Web Archives (wa) buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0048.html
Reference: CONFIRM:http://www.lsoft.com/news/default.asp?item=Advisory0
Reference: XF:http-cgi-listserv-wa-bo

---

Name: CVE-2000-0426

Description:

UltraBoard 1.6 and other versions allow remote attackers to cause a denial of service by referencing UltraBoard in the Session parameter, which causes UltraBoard to fork copies of itself.

Status:Entry
Reference: BID:1175
Reference: URL:http://www.securityfocus.com/bid/1175
Reference: BUGTRAQ:20000505 Re: Fun with UltraBoard V1.6X
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0059.html
Reference: XF:ultraboard-cgi-dos

---

Name: CVE-2000-0427

Description:

The Aladdin Knowledge Systems eToken device allows attackers with physical access to the device to obtain sensitive information without knowing the PIN of the owner by resetting the PIN in the EEPROM.

Status:Entry
Reference: BID:1170
Reference: URL:http://www.securityfocus.com/bid/1170
Reference: L0PHT:20000504 eToken Private Information Extraction and Physical Attack
Reference: URL:http://www.l0pht.com/advisories/etoken-piepa.txt
Reference: OSVDB:3266
Reference: URL:http://www.osvdb.org/3266
Reference: XF:aladdin-etoken-pin-reset

---

Name: CVE-2000-0428

Description:

Buffer overflow in the SMTP gateway for InterScan Virus Wall 3.32 and earlier allows a remote attacker to execute arbitrary commands via a long filename for a uuencoded attachment.

Status:Entry
Reference: BID:1168
Reference: URL:http://www.securityfocus.com/bid/1168
Reference: NAI:20000503 Trend Micro InterScan VirusWall Remote Overflow
Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/39_Trend.asp
Reference: XF:interscan-viruswall-bo

---

Name: CVE-2000-0430

Description:

Cart32 allows remote attackers to access sensitive debugging information by appending /expdate to the URL request.

Status:Entry
Reference: BID:1358
Reference: URL:http://www.securityfocus.com/bid/1358
Reference: BUGTRAQ:20000503 Another interesting Cart32 command
Reference: URL:http://marc.info/?l=bugtraq&m=95738697301956&w=2
Reference: XF:cart32-expdate

---

Name: CVE-2000-0431

Description:

Cobalt RaQ2 and RaQ3 does not properly set the access permissions and ownership for files that are uploaded via FrontPage, which allows attackers to bypass cgiwrap and modify files.

Status:Entry
Reference: BID:1238
Reference: URL:http://www.securityfocus.com/bid/1238
Reference: BUGTRAQ:20000522 Problem with FrontPage on Cobalt RaQ2/RaQ3
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000523100045.B11049@HiWAAY.net
Reference: BUGTRAQ:20000525 Cobalt Networks - Security Advisory - Frontpage
Reference: CONFIRM:http://archives.neohapsis.com/archives/bugtraq/2000-05/0305.html
Reference: OSVDB:1346
Reference: URL:http://www.osvdb.org/1346
Reference: XF:cobalt-cgiwrap-bypass

---

Name: CVE-2000-0432

Description:

The calender.pl and the calendar_admin.pl calendar scripts by Matt Kruse allow remote attackers to execute arbitrary commands via shell metacharacters.

Status:Entry
Reference: BID:1215
Reference: URL:http://www.securityfocus.com/bid/1215
Reference: BUGTRAQ:20000516 Vuln in calender.pl (Matt Kruse calender script)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0173.html
Reference: XF:http-cgi-calendar-execute

---

Name: CVE-2000-0435

Description:

The allmanageup.pl file upload CGI script in the Allmanage Website administration software 2.6 can be called directly by remote attackers, which allows them to modify user accounts or web pages.

Status:Entry
Reference: BID:1217
Reference: URL:http://www.securityfocus.com/bid/1217
Reference: BUGTRAQ:20000516 Allmanage.pl Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0167.html
Reference: OSVDB:1337
Reference: URL:http://www.osvdb.org/1337
Reference: XF:http-cgi-allmanage-account-access

---

Name: CVE-2000-0436

Description:

MetaProducts Offline Explorer 1.2 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:1231
Reference: URL:http://www.securityfocus.com/bid/1231
Reference: BUGTRAQ:20000522 MetaProducts Offline Explorer Directory Traversal Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0254.html
Reference: CONFIRM:http://www.metaproducts.com/mpOE-HY.html
Reference: XF:offline-explorer-directory-traversal

---

Name: CVE-2000-0437

Description:

Buffer overflow in the CyberPatrol daemon "cyberdaemon" used in gauntlet and WebShield allows remote attackers to cause a denial of service or execute arbitrary commands.

Status:Entry
Reference: BID:1234
Reference: URL:http://www.securityfocus.com/bid/1234
Reference: BUGTRAQ:20000522 Gauntlet CyberPatrol Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0249.html
Reference: CONFIRM:http://www.pgp.com/jump/gauntlet_advisory.asp
Reference: CONFIRM:http://www.tis.com/support/cyberadvisory.html
Reference: OSVDB:322
Reference: URL:http://www.osvdb.org/322
Reference: XF:gauntlet-cyberdaemon-bo

---

Name: CVE-2000-0438

Description:

Buffer overflow in fdmount on Linux systems allows local users in the "floppy" group to execute arbitrary commands via a long mountpoint parameter.

Status:Entry
Reference: BID:1239
Reference: URL:http://www.securityfocus.com/bid/1239
Reference: BUGTRAQ:20000522 fdmount buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0245.html
Reference: XF:linux-fdmount-bo

---

Name: CVE-2000-0439

Description:

Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the "Unauthorized Cookie Access" vulnerability.

Status:Entry
Reference: BID:1194
Reference: URL:http://www.securityfocus.com/bid/1194
Reference: BUGTRAQ:20000510 IE Domain Confusion Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000511135609.D7774@securityfocus.com
Reference: BUGTRAQ:20000511 IE Domain Confusion Vulnerability is an Email problem also
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NDBBKGHPMKBKDDGLDEEHAEHMDIAA.rms2000@bellatlantic.net
Reference: MS:MS00-033
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-033
Reference: OSVDB:1326
Reference: URL:http://www.osvdb.org/1326
Reference: XF:ie-cookie-disclosure(4447)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4447

---

Name: CVE-2000-0440

Description:

NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of service by sending a packet with an unaligned IP timestamp option.

Status:Entry
Reference: BID:1173
Reference: URL:http://www.securityfocus.com/bid/1173
Reference: BUGTRAQ:20000506 [NHC20000504a.0: NetBSD Panics when sent unaligned IP options]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0088.html
Reference: FREEBSD:FreeBSD-SA-00:23
Reference: NETBSD:NetBSD-SA2000-002
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-002.txt.asc
Reference: XF:netbsd-unaligned-ip-options

---

Name: CVE-2000-0441

Description:

Vulnerability in AIX 3.2.x and 4.x allows local users to gain write access to files on locally or remotely mounted AIX filesystems.

Status:Entry
Reference: BID:1241
Reference: URL:http://www.securityfocus.com/bid/1241
Reference: IBM:ERS-OAR-E01-2000:087.1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0275.html
Reference: XF:aix-local-filesystem

---

Name: CVE-2000-0442

Description:

Qpopper 2.53 and earlier allows local users to gain privileges via a formatting string in the From: header, which is processed by the euidl command.

Status:Entry
Reference: BID:1242
Reference: URL:http://www.securityfocus.com/bid/1242
Reference: BUGTRAQ:20000523 Qpopper 2.53 remote problem, user can gain gid=mail
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0267.html
Reference: SUSE:20000608 pop <= 2000.3.4
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_51.html
Reference: XF:qualcomm-qpopper-euidl

---

Name: CVE-2000-0443

Description:

The web interface server in HP Web JetAdmin 5.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:1243
Reference: URL:http://www.securityfocus.com/bid/1243
Reference: BUGTRAQ:20000524 HP Web JetAdmin Version 5.6 Web interface Server Directory Traversal Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0281.html
Reference: OSVDB:1350
Reference: URL:http://www.osvdb.org/1350
Reference: XF:hp-jetadmin-directory-traversal

---

Name: CVE-2000-0445

Description:

The pgpk command in PGP 5.x on Unix systems uses an insufficiently random data source for non-interactive key pair generation, which may produce predictable keys.

Status:Entry
Reference: BID:1251
Reference: URL:http://www.securityfocus.com/bid/1251
Reference: BUGTRAQ:20000523 Key Generation Security Flaw in PGP 5.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0273.html
Reference: CERT:CA-2000-09
Reference: URL:http://www.cert.org/advisories/CA-2000-09.html
Reference: OSVDB:1355
Reference: URL:http://www.osvdb.org/1355
Reference: XF:pgp-key-predictable

---

Name: CVE-2000-0446

Description:

Buffer overflow in MDBMS database server allows remote attackers to execute arbitrary commands via a long string.

Status:Entry
Reference: BID:1252
Reference: URL:http://www.securityfocus.com/bid/1252
Reference: BUGTRAQ:20000524 Remote xploit for MDBMS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0274.html
Reference: XF:mdbms-bo

---

Name: CVE-2000-0447

Description:

Buffer overflow in WebShield SMTP 4.5.44 allows remote attackers to execute arbitrary commands via a long configuration parameter to the WebShield remote management service.

Status:Entry
Reference: BID:1254
Reference: URL:http://www.securityfocus.com/bid/1254
Reference: BUGTRAQ:20000525 DST2K0003 : Buffer Overrun in NAI WebShield SMTP v4.5.44 Managem ent Tool
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=6C740781F92BD411831F0090273A8AB806FD4A@exchange.servers.delphis.net
Reference: OSVDB:327
Reference: URL:http://www.osvdb.org/327
Reference: XF:nai-webshield-bo

---

Name: CVE-2000-0448

Description:

The WebShield SMTP Management Tool version 4.5.44 does not properly restrict access to the management port when an IP address does not resolve to a hostname, which allows remote attackers to access the configuration via the GET_CONFIG command.

Status:Entry
Reference: BID:1253
Reference: URL:http://www.securityfocus.com/bid/1253
Reference: BUGTRAQ:20000525 DST2K0003 : Buffer Overrun in NAI WebShield SMTP v4.5.44 Managem ent Tool
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=6C740781F92BD411831F0090273A8AB806FD4A@exchange.servers.delphis.net
Reference: OSVDB:326
Reference: URL:http://www.osvdb.org/326
Reference: XF:nai-webshield-getconfig

---

Name: CVE-2000-0451

Description:

The Intel express 8100 ISDN router allows remote attackers to cause a denial of service via oversized or fragmented ICMP packets.

Status:Entry
Reference: BID:1228
Reference: URL:http://www.securityfocus.com/bid/1228
Reference: BUGTRAQ:20000518 Remote Dos attack against Intel express 8100 router
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0229.html
Reference: XF:intel-8100-remote-dos

---

Name: CVE-2000-0452

Description:

Buffer overflow in the ESMTP service of Lotus Domino Server 5.0.1 allows remote attackers to cause a denial of service via a long MAIL FROM command.

Status:Entry
Reference: BID:1229
Reference: URL:http://www.securityfocus.com/bid/1229
Reference: BUGTRAQ:20000518 Lotus ESMTP Service (Lotus Domino Release 5.0.1 (Intl))
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0219.html
Reference: OSVDB:321
Reference: URL:http://www.osvdb.org/321
Reference: XF:lotus-domino-esmtp-bo

---

Name: CVE-2000-0453

Description:

XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000.

Status:Entry
Reference: BID:1235
Reference: URL:http://www.securityfocus.com/bid/1235
Reference: BUGTRAQ:20000518 Nasty XFree Xserver DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0223.html
Reference: CALDERA:CSSA-2000-012.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-012.0.txt

---

Name: CVE-2000-0454

Description:

Buffer overflow in Linux cdrecord allows local users to gain privileges via the dev parameter.

Status:Entry
Reference: BID:1265
Reference: URL:http://www.securityfocus.com/bid/1265
Reference: BUGTRAQ:20000527 Mandrake 7.0: /usr/bin/cdrecord gid=80 (strike #2)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0367.html
Reference: BUGTRAQ:20000603 [Gael Duval ] [Security Announce] cdrecord
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0434.html
Reference: BUGTRAQ:20000607 Conectiva Linux Security Announcement - cdrecord
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0019.html
Reference: XF:linux-cdrecord-execute

---

Name: CVE-2000-0455

Description:

Buffer overflow in xlockmore xlock program version 4.16 and earlier allows local users to read sensitive data from memory via a long -mode option.

Status:Entry
Reference: BID:1267
Reference: URL:http://www.securityfocus.com/bid/1267
Reference: NAI:20000529 Initialized Data Overflow in Xlock
Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/41initialized.asp
Reference: NETBSD:NetBSD-SA2000-003
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-003.txt.asc
Reference: TURBO:TLSA2000012-1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0375.html
Reference: XF:xlock-bo-read-passwd

---

Name: CVE-2000-0456

Description:

NetBSD 1.4.2 and earlier allows local users to cause a denial of service by repeatedly running certain system calls in the kernel which do not yield the CPU, aka "cpu-hog".

Status:Entry
Reference: BID:1272
Reference: URL:http://www.securityfocus.com/bid/1272
Reference: NETBSD:NetBSD-SA2000-005
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-005.txt.asc
Reference: OSVDB:1365
Reference: URL:http://www.osvdb.org/1365
Reference: XF:bsd-syscall-cpu-dos

---

Name: CVE-2000-0457

Description:

ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR" vulnerability.

Status:Entry
Reference: BID:1193
Reference: URL:http://www.securityfocus.com/bid/1193
Reference: BUGTRAQ:20000511 Alert: IIS ism.dll exposes file contents
Reference: URL:http://marc.info/?l=bugtraq&m=95810120719608&w=2
Reference: MS:MS00-031
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-031
Reference: XF:iis-ism-file-access(4448)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4448

---

Name: CVE-2000-0458

Description:

The MSWordView application in IMP creates world-readable files in the /tmp directory, which allows other local users to read potentially sensitive information.

Status:Entry
Reference: BID:1360
Reference: URL:http://www.securityfocus.com/bid/1360
Reference: BUGTRAQ:20000424 Two Problems in IMP 2
Reference: URL:http://marc.info/?l=bugtraq&m=95672120116627&w=2
Reference: XF:imp-tmpfile-view

---

Name: CVE-2000-0459

Description:

IMP does not remove files properly if the MSWordView application quits, which allows local users to cause a denial of service by filling up the disk space by requesting a large number of documents and prematurely stopping the request.

Status:Entry
Reference: BID:1361
Reference: URL:http://www.securityfocus.com/bid/1361
Reference: BUGTRAQ:20000424 Two Problems in IMP 2
Reference: URL:http://marc.info/?l=bugtraq&m=95672120116627&w=2
Reference: XF:imp-wordfile-dos

---

Name: CVE-2000-0460

Description:

Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable.

Status:Entry
Reference: BID:1274
Reference: URL:http://www.securityfocus.com/bid/1274
Reference: BUGTRAQ:20000526 KDE: /usr/bin/kdesud, gid = 0 exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0353.html
Reference: XF:kde-display-environment-overflow

---

Name: CVE-2000-0461

Description:

The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call.

Status:Entry
Reference: BID:1270
Reference: URL:http://www.securityfocus.com/bid/1270
Reference: FREEBSD:FreeBSD-SA-00:19
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:19.semconfig.asc
Reference: NETBSD:NetBSD-SA2000-004
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-004.txt.asc
Reference: OPENBSD:20000526
Reference: URL:http://www.openbsd.org/errata26.html#semconfig
Reference: XF:bsd-semaphore-dos

---

Name: CVE-2000-0462

Description:

ftpd in NetBSD 1.4.2 does not properly parse entries in /etc/ftpchroot and does not chroot the specified users, which allows those users to access other files outside of their home directory.

Status:Entry
Reference: BID:1273
Reference: URL:http://www.securityfocus.com/bid/1273
Reference: NETBSD:NetBSD-SA2000-006
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-006.txt.asc
Reference: OSVDB:1366
Reference: URL:http://www.osvdb.org/1366
Reference: XF:netbsd-ftpchroot-parsing

---

Name: CVE-2000-0463

Description:

BeOS 5.0 allows remote attackers to cause a denial of service via fragmented TCP packets.

Status:Entry
Reference: BID:1222
Reference: URL:http://www.securityfocus.com/bid/1222
Reference: BUGTRAQ:20000517 AUX Security Advisory on Be/OS 5.0 (DoS)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0197.html
Reference: XF:beos-tcp-frag-dos

---

Name: CVE-2000-0464

Description:

Internet Explorer 4.x and 5.x allows remote attackers to execute arbitrary commands via a buffer overflow in the ActiveX parameter parsing capability, aka the "Malformed Component Attribute" vulnerability.

Status:Entry
Reference: BID:1223
Reference: URL:http://www.securityfocus.com/bid/1223
Reference: MS:MS00-033
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-033
Reference: MSKB:Q261257
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=261257
Reference: XF:ie-malformed-component-attribute

---

Name: CVE-2000-0465

Description:

Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files via the frame, aka the "Frame Domain Verification" vulnerability.

Status:Entry
Reference: BID:1224
Reference: URL:http://www.securityfocus.com/bid/1224
Reference: MS:MS00-033
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-033
Reference: MSKB:Q251108
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=251108
Reference: MSKB:Q255676
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=255676
Reference: XF:ie-frame-domain-verification

---

Name: CVE-2000-0466

Description:

AIX cdmount allows local users to gain root privileges via shell metacharacters.

Status:Entry
Reference: BID:1384
Reference: URL:http://www.securityfocus.com/bid/1384
Reference: ISS:20000620 Insecure call of external program in AIX cdmount
Reference: URL:http://xforce.iss.net/alerts/advise55.php
Reference: XF:aix-cdmount-insecure-call

---

Name: CVE-2000-0467

Description:

Buffer overflow in Linux splitvt 1.6.3 and earlier allows local users to gain root privileges via a long password in the screen locking function.

Status:Entry
Reference: BID:1346
Reference: URL:http://www.securityfocus.com/bid/1346
Reference: BUGTRAQ:20000614 Splitvt exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0125.html
Reference: DEBIAN:20000605a
Reference: XF:splitvt-screen-lock-bo

---

Name: CVE-2000-0468

Description:

man in HP-UX 10.20 and 11 allows local attackers to overwrite files via a symlink attack.

Status:Entry
Reference: BID:1302
Reference: URL:http://www.securityfocus.com/bid/1302
Reference: BUGTRAQ:20000601 HP Security vulnerability in the man command
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.SOL.4.02.10006021014400.4779-100000@nofud.nwest.attws.com
Reference: XF:hp-man-file-overwrite

---

Name: CVE-2000-0469

Description:

Selena Sol WebBanner 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:1347
Reference: URL:http://www.securityfocus.com/bid/1347
Reference: BUGTRAQ:20000613 CGI: Selena Sol's WebBanner ( Random Banner Generator ) Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-06-22&msg=ILENKALMCAFBLHBGEOFKGEJCCAAA.jwesterink@jwesterink.daxis.nl
Reference: BUGTRAQ:20000620 Re: CGI: Selena Sol's WebBanner ( Random Banner Generator ) Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4.2.0.58.20000620193604.00979950@mail.clark.net
Reference: XF:webbanner-input-validation-exe

---

Name: CVE-2000-0470

Description:

Allegro RomPager HTTP server allows remote attackers to cause a denial of service via a malformed authentication request.

Status:Entry
Reference: BID:1290
Reference: URL:http://www.securityfocus.com/bid/1290
Reference: BUGTRAQ:20000601 Hardware Exploit - Gets network Down
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0398.html
Reference: XF:rompager-malformed-dos(4588)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4588

---

Name: CVE-2000-0471

Description:

Buffer overflow in ufsrestore in Solaris 8 and earlier allows local users to gain root privileges via a long pathname.

Status:Entry
Reference: BID:1348
Reference: URL:http://www.securityfocus.com/bid/1348
Reference: BUGTRAQ:20000614 Vulnerability in Solaris ufsrestore
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0114.html
Reference: CERT-VN:VU#36866
Reference: URL:http://www.kb.cert.org/vuls/id/36866
Reference: OSVDB:1398
Reference: URL:http://www.osvdb.org/1398
Reference: SUN:00210
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/210
Reference: SUNBUG:4339366
Reference: XF:sol-ufsrestore-bo(4711)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4711

---

Name: CVE-2000-0472

Description:

Buffer overflow in innd 2.2.2 allows remote attackers to execute arbitrary commands via a cancel request containing a long message ID.

Status:Entry
Reference: BID:1316
Reference: URL:http://www.securityfocus.com/bid/1316
Reference: BUGTRAQ:20000106 innd 2.2.2 remote buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0003.html
Reference: BUGTRAQ:20000707 inn update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0097.html
Reference: BUGTRAQ:20000721 [ANNOUNCE] INN 2.2.3 available
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0298.html
Reference: BUGTRAQ:20000722 MDKSA-2000:023 inn update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0330.html
Reference: CALDERA:CSSA-2000-016.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-016.0.txt
Reference: XF:innd-cancel-overflow(4615)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4615

---

Name: CVE-2000-0474

Description:

Real Networks RealServer 7.x allows remote attackers to cause a denial of service via a malformed request for a page in the viewsource directory.

Status:Entry
Reference: BID:1288
Reference: URL:http://www.securityfocus.com/bid/1288
Reference: BUGTRAQ:20000601 Remote DoS attack in Real Networks Real Server (Strike #2) Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0410.html
Reference: BUGTRAQ:20000601 Remote DoS attack in RealServer: USSR-2000043
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0427.html
Reference: XF:realserver-malformed-remote-dos(4587)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4587

---

Name: CVE-2000-0475

Description:

Windows 2000 allows a local user process to access another user's desktop within the same windows station, aka the "Desktop Separation" vulnerability.

Status:Entry
Reference: BID:1350
Reference: URL:http://www.securityfocus.com/bid/1350
Reference: MS:MS00-020
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-020
Reference: XF:win2k-desktop-separation(4714)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4714

---

Name: CVE-2000-0477

Description:

Buffer overflow in Norton Antivirus for Exchange (NavExchange) allows remote attackers to cause a denial of service via a .zip file that contains long file names.

Status:Entry
Reference: BID:1351
Reference: URL:http://www.securityfocus.com/bid/1351
Reference: BUGTRAQ:20000614 Vulnerabilities in Norton Antivirus for Exchange
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0136.html
Reference: XF:antivirus-nav-zip-bo(4710)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4710

---

Name: CVE-2000-0478

Description:

In some cases, Norton Antivirus for Exchange (NavExchange) enters a "fail-open" state which allows viruses to pass through the server.

Status:Entry
Reference: BID:1351
Reference: URL:http://www.securityfocus.com/bid/1351
Reference: BUGTRAQ:20000614 Vulnerabilities in Norton Antivirus for Exchange
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0136.html
Reference: OSVDB:6266
Reference: URL:http://www.osvdb.org/6266
Reference: XF:antivirus-nav-fail-open(4709)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4709

---

Name: CVE-2000-0481

Description:

Buffer overflow in KDE Kmail allows a remote attacker to cause a denial of service via an attachment with a long file name.

Status:Entry
Reference: BID:1380
Reference: URL:http://www.securityfocus.com/bid/1380
Reference: VULN-DEV:20000601 Kmail heap overflow
Reference: URL:http://securityfocus.com/templates/archive.pike?list=82&date=2000-06-22&msg=00060200422401.01667@lez
Reference: XF:kde-kmail-attachment-dos(4993)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4993

---

Name: CVE-2000-0482

Description:

Check Point Firewall-1 allows remote attackers to cause a denial of service by sending a large number of malformed fragmented IP packets.

Status:Entry
Reference: BID:1312
Reference: URL:http://www.securityfocus.com/bid/1312
Reference: BUGTRAQ:20000605 FW-1 IP Fragmentation Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0473.html
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#IP_Fragmentation
Reference: OSVDB:1379
Reference: URL:http://www.osvdb.org/1379
Reference: XF:fw1-packet-fragment-dos(4609)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4609

---

Name: CVE-2000-0483

Description:

The DocumentTemplate package in Zope 2.2 and earlier allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization.

Status:Entry
Reference: BID:1354
Reference: URL:http://www.securityfocus.com/bid/1354
Reference: BUGTRAQ:20000615 [Brian@digicool.com: [Zope] Zope security alert and 2.1.7 update [*important*]]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0144.html
Reference: BUGTRAQ:20000728 MDKSA-2000:026 Zope update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0412.html
Reference: BUGTRAQ:2000615 Conectiva Linux Security Announcement - ZOPE
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000616103807.A3768@conectiva.com.br
Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_06_16_2000/security_alert
Reference: FREEBSD:FreeBSD-SA-00:38
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A38.zope.asc
Reference: REDHAT:RHSA-2000:038
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-038.html
Reference: XF:zope-dtml-remote-modify(4716)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4716

---

Name: CVE-2000-0484

Description:

Small HTTP Server ver 3.06 contains a memory corruption bug causing a memory overflow. The overflowed buffer crashes into a Structured Exception Handler resulting in a Denial of Service.

Status:Entry
Reference: BID:1355
Reference: URL:http://www.securityfocus.com/bid/1355
Reference: BUGTRAQ:20000616 Remote DoS Attack in Small HTTP Server ver. 1.212 Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=96113651713414&w=2
Reference: MISC:https://gist.github.com/0xHop/66609ec1e243b913361e1acfa5253806
Reference: NTBUGTRAQ:20000616 Remote DoS Attack in Small HTTP Server ver. 1.212 Vulnerability
Reference: URL:http://marc.info/?l=ntbugtraq&m=96151775004229&w=2
Reference: XF:small-http-get-overflow-dos(4692)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4692

---

Name: CVE-2000-0485

Description:

Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the "DTS Password" vulnerability.

Status:Entry
Reference: BID:1292
Reference: URL:http://www.securityfocus.com/bid/1292
Reference: BUGTRAQ:20000530 Fw: Steal Passwords Using SQL Server EM
Reference: URL:http://www.securityfocus.com/archive/1/62771
Reference: MS:MS00-041
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-041
Reference: XF:mssql-dts-reveal-passwords(4582)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4582

---

Name: CVE-2000-0486

Description:

Buffer overflow in Cisco TACACS+ tac_plus server allows remote attackers to cause a denial of service via a malformed packet with a long length field.

Status:Entry
Reference: BID:1293
Reference: URL:http://www.securityfocus.com/bid/1293
Reference: BUGTRAQ:20000530 An Analysis of the TACACS+ Protocol and its Implementations
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0369.html
Reference: CONFIRM:http://archives.neohapsis.com/archives/bugtraq/2000-05/0370.html
Reference: XF:tacacsplus-packet-length-dos(4985)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4985

---

Name: CVE-2000-0488

Description:

Buffer overflow in ITHouse mail server 1.04 allows remote attackers to execute arbitrary commands via a long RCPT TO mail command.

Status:Entry
Reference: BID:1285
Reference: URL:http://www.securityfocus.com/bid/1285
Reference: BUGTRAQ:20000601 DST2K0007: Buffer Overrun in ITHouse Mail Server v1.04
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0148.html
Reference: XF:ithouse-rcpt-overflow(4580)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4580

---

Name: CVE-2000-0489

Description:

FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size via setsockopt, then writing large buffers.

Status:Entry
Reference: BID:622
Reference: URL:http://www.securityfocus.com/bid/622
Reference: BUGTRAQ:19990826 Local DoS in FreeBSD
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9908270039010.16315-100000@thetis.deor.org
Reference: BUGTRAQ:20000601 Local FreeBSD, Openbsd, NetBSD, DoS Vulnerability - Mac OS X affected
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPCEJLCEAA.labs@ussrback.com
Reference: XF:bsd-setsockopt-dos(3298)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3298

---

Name: CVE-2000-0490

Description:

Buffer overflow in the NetWin DSMTP 2.7q in the NetWin dmail package allows remote attackers to execute arbitrary commands via a long ETRN request.

Status:Entry
Reference: BID:1297
Reference: URL:http://www.securityfocus.com/bid/1297
Reference: BUGTRAQ:20000601 Netwin's Dmail package
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0407.html
Reference: CONFIRM:http://netwinsite.com/dmail/security.htm
Reference: XF:dmail-etrn-dos(4579)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4579

---

Name: CVE-2000-0493

Description:

Buffer overflow in Simple Network Time Sync (SMTS) daemon allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long string.

Status:Entry
Reference: BID:1289
Reference: URL:http://www.securityfocus.com/bid/1289
Reference: VULN-DEV:20000601 Vulnerability in SNTS
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/0843.html
Reference: XF:timesync-bo-execute(4602)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4602

---

Name: CVE-2000-0494

Description:

Veritas Volume Manager creates a world writable .server_pids file, which allows local users to add arbitrary commands into the file, which is then executed by the vmsa_server script.

Status:Entry
Reference: BID:1356
Reference: URL:http://www.securityfocus.com/bid/1356
Reference: BUGTRAQ:20000616 Veritas Volume Manager 3.0.x hole
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0151.html
Reference: CONFIRM:http://seer.support.veritas.com/tnotes/volumeman/230053.htm
Reference: XF:veritas-volume-manager

---

Name: CVE-2000-0495

Description:

Microsoft Windows Media Encoder allows remote attackers to cause a denial of service via a malformed request, aka the "Malformed Windows Media Encoder Request" vulnerability.

Status:Entry
Reference: BID:1282
Reference: URL:http://www.securityfocus.com/bid/1282
Reference: MS:MS00-038
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-038
Reference: XF:ms-malformed-media-dos(4585)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4585

---

Name: CVE-2000-0497

Description:

IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.

Status:Entry
Reference: BID:1328
Reference: URL:http://www.securityfocus.com/bid/1328
Reference: CONFIRM:http://www-4.ibm.com/software/webservers/appserv/efix.html
Reference: NTBUGTRAQ:20000612 IBM WebSphere JSP showcode vulnerability
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0263.html
Reference: XF:websphere-jsp-source-read

---

Name: CVE-2000-0498

Description:

Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.

Status:Entry
Reference: BID:1328
Reference: URL:http://www.securityfocus.com/bid/1328
Reference: NTBUGTRAQ:20000608 Potential vulnerability in Unify eWave ServletExec
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0250.html
Reference: XF:ewave-servletexec-jsp-source-read(4649)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4649

---

Name: CVE-2000-0499

Description:

The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.

Status:Entry
Reference: BID:1328
Reference: URL:http://www.securityfocus.com/bid/1328
Reference: CONFIRM:http://developer.bea.com/alerts/security_000612.html
Reference: NTBUGTRAQ:20000612 BEA WebLogic JSP showcode vulnerability
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0262.htm
Reference: XF:weblogic-jsp-source-read(4694)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4694

---

Name: CVE-2000-0500

Description:

The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing.

Status:Entry
Reference: BID:1378
Reference: URL:http://www.securityfocus.com/bid/1378
Reference: BUGTRAQ:20000621 BEA WebLogic /file/ showcode vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=96161462915381&w=2
Reference: CONFIRM:http://www.weblogic.com/docs51/admindocs/http.html#file
Reference: XF:weblogic-file-source-read(4775)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4775

---

Name: CVE-2000-0501

Description:

Race condition in MDaemon 2.8.5.0 POP server allows local users to cause a denial of service by entering a UIDL command and quickly exiting the server.

Status:Entry
Reference: BID:1366
Reference: URL:http://www.securityfocus.com/bid/1366
Reference: NTBUGTRAQ:20000616 mdaemon 2.8.5.0 WinNT and Win9x remote DoS
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0277.html
Reference: XF:mdaemon-pass-dos(4745)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4745

---

Name: CVE-2000-0502

Description:

Mcafee VirusScan 4.03 does not properly restrict access to the alert text file before it is sent to the Central Alert Server, which allows local users to modify alerts in an arbitrary fashion.

Status:Entry
Reference: BID:1326
Reference: URL:http://www.securityfocus.com/bid/1326
Reference: BUGTRAQ:20000607 Mcafee Alerting DOS vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0038.html
Reference: OSVDB:6287
Reference: URL:http://www.osvdb.org/6287
Reference: XF:mcafee-alerting-dos(4641)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4641

---

Name: CVE-2000-0504

Description:

libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.

Status:Entry
Reference: BID:1369
Reference: URL:http://www.securityfocus.com/bid/1369
Reference: BUGTRAQ:20000619 XFree86: libICE DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0170.html
Reference: CONFIRM:http://www.xfree86.org/security/
Reference: XF:linux-libice-dos

---

Name: CVE-2000-0505

Description:

The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.

Status:Entry
Reference: BID:1284
Reference: URL:http://www.securityfocus.com/bid/1284
Reference: BUGTRAQ:20000603 Re: IBM HTTP SERVER / APACHE
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSF.4.20.0006031912360.45740-100000@alive.znep.com
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
Reference: URL:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
Reference: URL:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
Reference: XF:ibm-http-file-retrieve(4575)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4575

---

Name: CVE-2000-0506

Description:

The "capabilities" feature in Linux before 2.2.16 allows local users to cause a denial of service or gain privileges by setting the capabilities to prevent a setuid program from dropping privileges, aka the "Linux kernel setuid/setcap vulnerability."

Status:Entry
Reference: BID:1322
Reference: URL:http://www.securityfocus.com/bid/1322
Reference: BUGTRAQ:20000608 CONECTIVA LINUX SECURITY ANNOUNCEMENT - kernel
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0063.html
Reference: BUGTRAQ:20000609 Sendmail & procmail local root exploits on Linux kernel up to 2.2.16pre5
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006090852340.3475-300000@alfa.elzabsoft.pl
Reference: BUGTRAQ:20000609 Trustix Security Advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0062.html
Reference: REDHAT:RHSA-2000:037
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-037.html
Reference: SGI:20000802-01-P
Reference: URL:ftp://sgigate.sgi.com/security/20000802-01-P
Reference: TURBO:TLSA2000013-1
Reference: XF:linux-kernel-capabilities

---

Name: CVE-2000-0507

Description:

Imate Webmail Server 2.5 allows remote attackers to cause a denial of service via a long HELO command.

Status:Entry
Reference: BID:1286
Reference: URL:http://www.securityfocus.com/bid/1286
Reference: BUGTRAQ:20000601 DST2K0006: Denial of Service Possibility in Imate WebMail Server
Reference: URL:http://marc.info/?l=bugtraq&m=95990195708509&w=2
Reference: XF:nt-webmail-dos(4586)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4586

---

Name: CVE-2000-0508

Description:

rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to cause a denial of service via a malformed request.

Status:Entry
Reference: BID:1372
Reference: URL:http://www.securityfocus.com/bid/1372
Reference: BUGTRAQ:20000608 Remote DOS in linux rpc.lockd
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0073.html
Reference: XF:linux-lockd-remote-dos(5050)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5050

---

Name: CVE-2000-0510

Description:

CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a malformed IPP request.

Status:Entry
Reference: BID:1373
Reference: URL:http://www.securityfocus.com/bid/1373
Reference: BUGTRAQ:20000620 CUPS DoS Bugs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html
Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch
Reference: XF:debian-cups-malformed-ipp(4846)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4846

---

Name: CVE-2000-0511

Description:

CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a CGI POST request.

Status:Entry
Reference: BID:1373
Reference: URL:http://www.securityfocus.com/bid/1373
Reference: BUGTRAQ:20000620 CUPS DoS Bugs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html
Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch
Reference: XF:debian-cups-posts(4846)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4846

---

Name: CVE-2000-0512

Description:

CUPS (Common Unix Printing System) 1.04 and earlier does not properly delete request files, which allows a remote attacker to cause a denial of service.

Status:Entry
Reference: BID:1373
Reference: URL:http://www.securityfocus.com/bid/1373
Reference: BUGTRAQ:20000620 CUPS DoS Bugs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html
Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch
Reference: XF:debian-cups-posts(4846)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4846

---

Name: CVE-2000-0513

Description:

CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service by authenticating with a user name that does not exist or does not have a shadow password.

Status:Entry
Reference: BID:1373
Reference: URL:http://www.securityfocus.com/bid/1373
Reference: BUGTRAQ:20000620 CUPS DoS Bugs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0188.html
Reference: CONFIRM:ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch
Reference: XF:debian-cups-posts(4846)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4846

---

Name: CVE-2000-0514

Description:

GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict access to some FTP commands, which allows remote attackers to cause a denial of service, and local users to gain root privileges.

Status:Entry
Reference: BID:1374
Reference: URL:http://www.securityfocus.com/bid/1374
Reference: BUGTRAQ:20000614 Security Advisory: REMOTE ROOT VULNERABILITY IN GSSFTP DAEMON
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=ldvsnufao18.fsf@saint-elmos-fire.mit.edu
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/ftp.txt
Reference: OSVDB:4885
Reference: URL:http://www.osvdb.org/4885
Reference: XF:kerberos-gssftpd-dos(4734)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4734

---

Name: CVE-2000-0515

Description:

The snmpd.conf configuration file for the SNMP daemon (snmpd) in HP-UX 11.0 is world writable, which allows local users to modify SNMP configuration or gain privileges.

Status:Entry
Reference: BID:1327
Reference: URL:http://www.securityfocus.com/bid/1327
Reference: BUGTRAQ:20000607 [ Hackerslab bug_paper ] HP-UX SNMP daemon vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006070511.OAA05492@dogfoot.hackerslab.org
Reference: BUGTRAQ:20000608 Re: HP-UX SNMP daemon vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006090640.XAA00779@hpchs.cup.hp.com
Reference: XF:hpux-snmp-daemon(4643)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4643

---

Name: CVE-2000-0516

Description:

When configured to store configuration information in an LDAP directory, Shiva Access Manager 5.0.0 stores the root DN (Distinguished Name) name and password in cleartext in a file that is world readable, which allows local users to compromise the LDAP server.

Status:Entry
Reference: BID:1329
Reference: URL:http://www.securityfocus.com/bid/1329
Reference: BUGTRAQ:20000606 Shiva Access Manager 5.0.0 Plaintext LDAP root password.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0008.html
Reference: XF:shiva-plaintext-ldap-password(4612)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4612

---

Name: CVE-2000-0517

Description:

Netscape 4.73 and earlier does not properly warn users about a potentially invalid certificate if the user has previously accepted the certificate for a different web site, which could allow remote attackers to spoof a legitimate web site by compromising that site's DNS information.

Status:Entry
Reference: BID:1260
Reference: URL:http://www.securityfocus.com/bid/1260
Reference: CERT:CA-2000-08
Reference: URL:http://www.cert.org/advisories/CA-2000-08.html
Reference: XF:netscape-ssl-certificate(4550)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4550

---

Name: CVE-2000-0518

Description:

Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities.

Status:Entry
Reference: BID:1309
Reference: URL:http://www.securityfocus.com/bid/1309
Reference: CERT:CA-2000-10
Reference: URL:http://www.cert.org/advisories/CA-2000-10.html
Reference: MISC:http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt
Reference: MS:MS00-039
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-039
Reference: XF:ie-invalid-frame-image-certificate(4624)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4624

---

Name: CVE-2000-0519

Description:

Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities.

Status:Entry
Reference: BID:1309
Reference: URL:http://www.securityfocus.com/bid/1309
Reference: CERT:CA-2000-10
Reference: URL:http://www.cert.org/advisories/CA-2000-10.html
Reference: MISC:http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt
Reference: MS:MS00-039
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-039
Reference: XF:ie-revalidate-certificate(4627)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4627

---

Name: CVE-2000-0521

Description:

Savant web server allows remote attackers to read source code of CGI scripts via a GET request that does not include the HTTP version number.

Status:Entry
Reference: BID:1313
Reference: URL:http://www.securityfocus.com/bid/1313
Reference: BUGTRAQ:20000605 MDMA Advisory #5: Reading of CGI Scripts under Savant Webserver
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0469.html
Reference: XF:savant-source-read(4616)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4616

---

Name: CVE-2000-0522

Description:

RSA ACE/Server allows remote attackers to cause a denial of service by flooding the server's authentication request port with UDP packets, which causes the server to crash.

Status:Entry
Reference: BID:1332
Reference: URL:http://www.securityfocus.com/bid/1332
Reference: BUGTRAQ:20000608 Potential DoS Attack on RSA's ACE/Server
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=011a01bfd14c$3c206960$050010ac@xtranet.co.uk
Reference: BUGTRAQ:20000714 Re: RSA Aceserver UDP Flood Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0197.html
Reference: CONFIRM:ftp://ftp.securid.com/support/outgoing/dos/readme.txt
Reference: XF:aceserver-udp-packet-dos(5053)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5053

---

Name: CVE-2000-0523

Description:

Buffer overflow in the logging feature of EServ 2.9.2 and earlier allows an attacker to execute arbitrary commands via a long MKD command.

Status:Entry
Reference: BID:1315
Reference: URL:http://www.securityfocus.com/bid/1315
Reference: BUGTRAQ:20000606 MDMA Advisory #6: EServ Logging Heap Overflow Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0009.html
Reference: XF:eserv-logging-overflow(4614)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4614

---

Name: CVE-2000-0525

Description:

OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon.

Status:Entry
Reference: BID:1334
Reference: URL:http://www.securityfocus.com/bid/1334
Reference: BUGTRAQ:20000609 OpenSSH's UseLogin option allows remote access with root privilege.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0065.html
Reference: OPENBSD:20000606 The non-default UseLogin feature in /etc/sshd_config is broken and should not be used.
Reference: URL:http://www.openbsd.org/errata.html#uselogin
Reference: OSVDB:341
Reference: URL:http://www.osvdb.org/341
Reference: XF:openssh-uselogin-remote-exec(4646)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4646

---

Name: CVE-2000-0528

Description:

Net Tools PKI Server does not properly restrict access to remote attackers when the XUDA template files do not contain absolute pathnames for other files.

Status:Entry
Reference: BID:1364
Reference: URL:http://www.securityfocus.com/bid/1364
Reference: BUGTRAQ:20000619 Net Tools PKI server exploits
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0166.html
Reference: CONFIRM:ftp://ftp.tis.com/gauntlet/hide/pki/hotfix.txt
Reference: OSVDB:4353
Reference: URL:http://www.osvdb.org/4353
Reference: XF:nettools-pki-unauthenticated-access(4743)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4743

---

Name: CVE-2000-0529

Description:

Net Tools PKI Server allows remote attackers to cause a denial of service via a long HTTP request.

Status:Entry
Reference: BID:1363
Reference: URL:http://www.securityfocus.com/bid/1363
Reference: BUGTRAQ:20000619 Net Tools PKI server exploits
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0166.html
Reference: CONFIRM:ftp://ftp.tis.com/gauntlet/hide/pki/hotfix.txt
Reference: OSVDB:4352
Reference: URL:http://www.osvdb.org/4352
Reference: XF:nettools-pki-http-bo(4744)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4744

---

Name: CVE-2000-0530

Description:

The KApplication class in the KDE 1.1.2 configuration file management capability allows local users to overwrite arbitrary files.

Status:Entry
Reference: BID:1291
Reference: URL:http://www.securityfocus.com/bid/1291
Reference: BUGTRAQ:20000531 KDE::KApplication feature?
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0387.html
Reference: CALDERA:CSSA-2000-015.0
Reference: URL:ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-2000-015.0.txt
Reference: REDHAT:RHSA-2000:032
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-032.html
Reference: XF:kde-configuration-file-creation(4583)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4583

---

Name: CVE-2000-0532

Description:

A FreeBSD patch for SSH on 2000-01-14 configures ssh to listen on port 722 as well as port 22, which might allow remote attackers to access SSH through port 722 even if port 22 is otherwise filtered.

Status:Entry
Reference: BID:1323
Reference: URL:http://www.securityfocus.com/bid/1323
Reference: FREEBSD:FreeBSD-SA-00:21
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-06/0031.html
Reference: OSVDB:1387
Reference: URL:http://www.osvdb.org/1387
Reference: XF:freebsd-ssh-ports(4638)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4638

---

Name: CVE-2000-0533

Description:

Vulnerability in cvconnect in SGI IRIX WorkShop allows local users to overwrite arbitrary files.

Status:Entry
Reference: BID:1379
Reference: URL:http://www.securityfocus.com/bid/1379
Reference: SGI:20000601-01-P
Reference: URL:ftp://sgigate.sgi.com/security/20000601-01-P
Reference: XF:irix-workshop-cvconnect-overwrite(4725)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4725

---

Name: CVE-2000-0534

Description:

The apsfilter software in the FreeBSD ports package does not properly read user filter configurations, which allows local users to execute commands as the lpd user.

Status:Entry
Reference: BID:1325
Reference: URL:http://www.securityfocus.com/bid/1325
Reference: FREEBSD:FreeBSD-SA-00:22
Reference: OSVDB:1389
Reference: URL:http://www.osvdb.org/1389
Reference: XF:apsfilter-elevate-privileges(4617)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4617

---

Name: CVE-2000-0536

Description:

xinetd 2.1.8.x does not properly restrict connections if hostnames are used for access control and the connecting host does not have a reverse DNS entry.

Status:Entry
Reference: BID:1381
Reference: URL:http://www.securityfocus.com/bid/1381
Reference: CONFIRM:http://www.synack.net/xinetd/
Reference: DEBIAN:20000619 xinetd: bug in access control mechanism
Reference: URL:http://www.debian.org/security/2000/20000619
Reference: XF:xinetd-improper-restrictions(4986)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4986

---

Name: CVE-2000-0537

Description:

BRU backup software allows local users to append data to arbitrary files by specifying an alternate configuration file with the BRUEXECLOG environmental variable.

Status:Entry
Reference: BID:1321
Reference: URL:http://www.securityfocus.com/bid/1321
Reference: BUGTRAQ:20000606 BRU Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0013.html
Reference: CALDERA:CSSA-2000-018.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-018.0.txt
Reference: XF:bru-execlog-env-variable(4644)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4644

---

Name: CVE-2000-0538

Description:

ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows remote attackers to cause a denial of service via a long login password.

Status:Entry
Reference: ALLAIRE:ASB00-14
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=16122&Method=Full
Reference: BID:1314
Reference: URL:http://www.securityfocus.com/bid/1314
Reference: BUGTRAQ:20000607 New Allaire ColdFusion DoS
Reference: URL:http://marc.info/?l=bugtraq&m=96045469627806&w=2
Reference: OSVDB:3399
Reference: URL:http://www.osvdb.org/3399
Reference: XF:coldfusion-parse-dos(4611)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4611

---

Name: CVE-2000-0539

Description:

Servlet examples in Allaire JRun 2.3.x allow remote attackers to obtain sensitive information, e.g. listing HttpSession ID's via the SessionServlet servlet.

Status:Entry
Reference: ALLAIRE:ASB00-015
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=16290&Method=Full
Reference: BID:1386
Reference: URL:http://www.securityfocus.com/bid/1386
Reference: OSVDB:818
Reference: URL:http://www.osvdb.org/818
Reference: XF:jrun-read-sample-files(4774)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4774

---

Name: CVE-2000-0540

Description:

JSP sample files in Allaire JRun 2.3.x allow remote attackers to access arbitrary files (e.g. via viewsource.jsp) or obtain configuration information.

Status:Entry
Reference: ALLAIRE:ASB00-015
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=16290&Method=Full
Reference: BID:1386
Reference: URL:http://www.securityfocus.com/bid/1386
Reference: OSVDB:2713
Reference: URL:http://www.osvdb.org/2713
Reference: XF:jrun-read-sample-files(4774)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4774

---

Name: CVE-2000-0541

Description:

The Panda Antivirus console on port 2001 allows local users to execute arbitrary commands without authentication via the CMD command.

Status:Entry
Reference: BID:1359
Reference: URL:http://www.securityfocus.com/bid/1359
Reference: BUGTRAQ:20000617 Infosec.20000617.panda.a
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0164.html
Reference: XF:panda-antivirus-remote-admin(4707)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4707

---

Name: CVE-2000-0542

Description:

Tigris remote access server before 11.5.4.22 does not properly record Radius accounting information when a user fails the initial login authentication but subsequently succeeds.

Status:Entry
Reference: BID:1345
Reference: URL:http://www.securityfocus.com/bid/1345
Reference: BUGTRAQ:20000612 ACC/Ericsson Tigris Accounting Failure
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0104.html
Reference: XF:tigris-radius-login-failure(4705)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4705

---

Name: CVE-2000-0548

Description:

Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function.

Status:Entry
Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html
Reference: CERT:CA-2000-11
Reference: URL:http://www.cert.org/advisories/CA-2000-11.html
Reference: CIAC:K-051
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/k-051.shtml
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt
Reference: OSVDB:4875
Reference: URL:http://www.osvdb.org/4875
Reference: REDHAT:RHSA-2000:031
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-031.html
Reference: XF:kerberos-emsg-bo

---

Name: CVE-2000-0549

Description:

Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request.

Status:Entry
Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html
Reference: CERT:CA-2000-11
Reference: URL:http://www.cert.org/advisories/CA-2000-11.html
Reference: CIAC:K-051
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/k-051.shtml
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt
Reference: REDHAT:RHSA-2000:031
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-031.html

---

Name: CVE-2000-0550

Description:

Kerberos 4 KDC program improperly frees memory twice (aka "double-free"), which allows remote attackers to cause a denial of service.

Status:Entry
Reference: BID:1465
Reference: URL:http://www.securityfocus.com/bid/1465
Reference: BUGTRAQ:20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0064.html
Reference: CERT:CA-2000-11
Reference: URL:http://www.cert.org/advisories/CA-2000-11.html
Reference: CIAC:K-051
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/k-051.shtml
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt
Reference: REDHAT:RHSA-2000:031
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-031.html
Reference: XF:kerberos-free-memory

---

Name: CVE-2000-0551

Description:

The file transfer mechanism in Danware NetOp 6.0 does not provide authentication, which allows remote attackers to access and modify arbitrary files.

Status:Entry
Reference: BID:1263
Reference: URL:http://www.securityfocus.com/bid/1263
Reference: BUGTRAQ:20000523 I think
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0339.html
Reference: XF:danware-netop-bypass-security(4569)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4569

---

Name: CVE-2000-0552

Description:

ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information.

Status:Entry
Reference: BID:1307
Reference: URL:http://www.securityfocus.com/bid/1307
Reference: NTBUGTRAQ:20000606 ICQ2000A ICQmail temparary internet link vulnearbility
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0237.html
Reference: XF:icq-temp-link(4607)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4607

---

Name: CVE-2000-0553

Description:

Race condition in IPFilter firewall 3.4.3 and earlier, when configured with overlapping "return-rst" and "keep state" rules, allows remote attackers to bypass access restrictions.

Status:Entry
Reference: BID:1308
Reference: URL:http://www.securityfocus.com/bid/1308
Reference: BUGTRAQ:20000525 Security Vulnerability in IPFilter 3.3.15 and 3.4.3
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-05/0326.html
Reference: OSVDB:1377
Reference: URL:http://www.osvdb.org/1377
Reference: XF:ipfilter-firewall-race-condition(4994)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4994

---

Name: CVE-2000-0555

Description:

Ceilidh allows remote attackers to cause a denial of service via a large number of POST requests.

Status:Entry
Reference: BID:1320
Reference: URL:http://www.securityfocus.com/bid/1320
Reference: NTBUGTRAQ:20000608 DST2K0010: DoS & Path Revealing Vulnerability in Ceilidh v2.60a
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0246.html
Reference: XF:ceilidh-post-dos(4622)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4622

---

Name: CVE-2000-0556

Description:

Buffer overflow in the web interface for Cmail 2.4.7 allows remote attackers to cause a denial of service by sending a large user name to the user dialog running on port 8002.

Status:Entry
Reference: BID:1319
Reference: URL:http://www.securityfocus.com/bid/1319
Reference: CONFIRM:http://www.computalynx.net/news/Jun2000/news0806200001.html
Reference: NTBUGTRAQ:20000608 DST2K0011: DoS & BufferOverrun in CMail v2.4.7 WebMail
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0248.html
Reference: XF:cmail-long-username-dos(4625)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4625

---

Name: CVE-2000-0557

Description:

Buffer overflow in the web interface for Cmail 2.4.7 allows remote attackers to execute arbitrary commands via a long GET request.

Status:Entry
Reference: BID:1318
Reference: URL:http://www.securityfocus.com/bid/1318
Reference: NTBUGTRAQ:20000608 DST2K0011: DoS & BufferOverrun in CMail v2.4.7 WebMail
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0248.html
Reference: XF:cmail-get-overflow-execute(4626)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4626

---

Name: CVE-2000-0558

Description:

Buffer overflow in HP Openview Network Node Manager 6.1 allows remote attackers to execute arbitrary commands via the Alarm service (OVALARMSRV) on port 2345.

Status:Entry
Reference: BID:1317
Reference: URL:http://www.securityfocus.com/bid/1317
Reference: NTBUGTRAQ:20000608 DST2K0012: BufferOverrun in HP Openview Network Node Manager v6.1
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0249.html

---

Name: CVE-2000-0561

Description:

Buffer overflow in WebBBS 1.15 allows remote attackers to execute arbitrary commands via a long HTTP GET request.

Status:Entry
Reference: BID:1365
Reference: URL:http://www.securityfocus.com/bid/1365
Reference: BUGTRAQ:20000620 DST2K0018: Multiple BufferOverruns in WebBBS HTTP Server v1.15
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0175.html
Reference: OSVDB:3544
Reference: URL:http://www.osvdb.org/3544
Reference: XF:webbbs-get-request-overflow(4742)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4742

---

Name: CVE-2000-0565

Description:

SmartFTP Daemon 0.2 allows a local user to access arbitrary files by uploading and specifying an alternate user configuration file via a .. (dot dot) attack.

Status:Entry
Reference: BID:1344
Reference: URL:http://www.securityfocus.com/bid/1344
Reference: BUGTRAQ:20000613 SmartFTP Daemon v0.2 Beta Build 9 - Remote Exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0100.html
Reference: OSVDB:1394
Reference: URL:http://www.osvdb.org/1394
Reference: XF:smartftp-directory-traversal(4706)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4706

---

Name: CVE-2000-0566

Description:

makewhatis in Linux man package allows local users to overwrite files via a symlink attack.

Status:Entry
Reference: BID:1434
Reference: URL:http://www.securityfocus.com/bid/1434
Reference: BUGTRAQ:20000707 [Security Announce] man update
Reference: BUGTRAQ:20000727 CONECTIVA LINUX SECURITY ANNOUNCEMENT - MAN
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0390.html
Reference: CALDERA:CSSA-2000-021.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-021.0.txt
Reference: ISS:20000712 Insecure temporary file handling in Linux makewhatis
Reference: MANDRAKE:MDKSA-2000:015
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:015
Reference: REDHAT:RHSA-2000:041
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-041.html
Reference: XF:linux-man-makewhatis-tmp(4900)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4900

---

Name: CVE-2000-0567

Description:

Buffer overflow in Microsoft Outlook and Outlook Express allows remote attackers to execute arbitrary commands via a long Date field in an email header, aka the "Malformed E-mail Header" vulnerability.

Status:Entry
Reference: BID:1481
Reference: URL:http://www.securityfocus.com/bid/1481
Reference: BUGTRAQ:20000719 Aaron Drew - Security Advisory: Buffer Overflow in MS Outlook & Outlook Express Email Clients
Reference: BUGTRAQ:20000719 Buffer Overflow in MS Outlook Email Clients
Reference: MS:MS00-043
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-043
Reference: XF:outlook-date-overflow(4953)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4953

---

Name: CVE-2000-0568

Description:

Sybergen Secure Desktop 2.1 does not properly protect against false router advertisements (ICMP type 9), which allows remote attackers to modify default routes.

Status:Entry
Reference: BID:1417
Reference: URL:http://www.securityfocus.com/bid/1417
Reference: BUGTRAQ:20000630 Multiple vulnerabilities in Sybergen Secure Desktop
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=4125690E.00524395.00@guardianit.se
Reference: XF:sybergen-routing-table-modify

---

Name: CVE-2000-0569

Description:

Sybergen Sygate allows remote attackers to cause a denial of service by sending a malformed DNS UDP packet to its internal interface.

Status:Entry
Reference: BID:1420
Reference: URL:http://www.securityfocus.com/bid/1420
Reference: WIN2KSEC:20000630 Any LAN user can crash Sygate
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0189.html
Reference: XF:sygate-udp-packet-dos(5049)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5049

---

Name: CVE-2000-0570

Description:

FirstClass Internet Services server 5.770, and other versions before 6.1, allows remote attackers to cause a denial of service by sending an email with a long To: mail header.

Status:Entry
Reference: BID:1421
Reference: URL:http://www.securityfocus.com/bid/1421
Reference: BUGTRAQ:20000627 DoS in FirstClass Internet Services 5.770
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0295.html
Reference: OSVDB:5718
Reference: URL:http://www.osvdb.org/5718
Reference: XF:firstclass-large-bcc-dos(4843)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4843

---

Name: CVE-2000-0571

Description:

LocalWEB HTTP server 1.2.0 allows remote attackers to cause a denial of service via a long GET request.

Status:Entry
Reference: BID:1423
Reference: URL:http://www.securityfocus.com/bid/1423
Reference: BUGTRAQ:20000703 Remote DoS Attack in LocalWEB HTTP Server 1.2.0 Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&date=2000-07-8&msg=NCBBKFKDOLAGKIAPMILPCEIHCFAA.labs@ussrback.com
Reference: XF:localweb-get-bo(4896)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4896

---

Name: CVE-2000-0573

Description:

The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command.

Status:Entry
Reference: AUSCERT:AA-2000.02
Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-2000.02
Reference: BID:1387
Reference: URL:http://www.securityfocus.com/bid/1387
Reference: BUGTRAQ:20000622 WuFTPD: Providing *remote* root since at least1994
Reference: URL:http://marc.info/?l=bugtraq&m=96171893218000&w=2
Reference: BUGTRAQ:20000623 WUFTPD 2.6.0 remote root exploit
Reference: URL:http://marc.info/?l=bugtraq&m=96179429114160&w=2
Reference: BUGTRAQ:20000623 ftpd: the advisory version
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000623091822.3321.qmail@fiver.freemessage.com
Reference: BUGTRAQ:20000702 [Security Announce] wu-ftpd update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0017.html
Reference: BUGTRAQ:20000707 New Released Version of the WuFTPD Sploit
Reference: URL:http://marc.info/?l=bugtraq&m=96299933720862&w=2
Reference: BUGTRAQ:20000723 CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD (re-release)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0244.html
Reference: BUGTRAQ:20000929 [slackware-security] wuftpd vulnerability - Slackware 4.0, 7.0, 7.1, -current
Reference: CALDERA:CSSA-2000-020.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-020.0.txt
Reference: CERT:CA-2000-13
Reference: URL:http://www.cert.org/advisories/CA-2000-13.html
Reference: DEBIAN:20000623
Reference: FREEBSD:FreeBSD-SA-00:29
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:29.wu-ftpd.asc.v1.1
Reference: NETBSD:NetBSD-SA2000-009
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2000-009.txt.asc
Reference: REDHAT:RHSA-2000:039
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-039.html
Reference: XF:wuftp-format-string-stack-overwrite
Reference: XF:wuftp-format-string-stack-overwrite(4773)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4773

---

Name: CVE-2000-0575

Description:

SSH 1.2.27 with Kerberos authentication support stores Kerberos tickets in a file which is created in the current directory of the user who is logging in, which could allow remote attackers to sniff the ticket cache if the home directory is installed on NFS.

Status:Entry
Reference: BID:1426
Reference: URL:http://www.securityfocus.com/bid/1426
Reference: BUGTRAQ:20000630 Kerberos security vulnerability in SSH-1.2.27
Reference: URL:http://marc.info/?l=bugtraq&m=96256265914116&w=2
Reference: XF:ssh-kerberos-tickets-disclosure(4903)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4903

---

Name: CVE-2000-0576

Description:

Oracle Web Listener for AIX versions 4.0.7.0.0 and 4.0.8.1.0 allows remote attackers to cause a denial of service via a malformed URL.

Status:Entry
Reference: BID:1427
Reference: URL:http://www.securityfocus.com/bid/1427
Reference: BUGTRAQ:20000704 Oracle Web Listener for AIX DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0027.html

---

Name: CVE-2000-0577

Description:

Netscape Professional Services FTP Server 1.3.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:1411
Reference: URL:http://www.securityfocus.com/bid/1411
Reference: BUGTRAQ:20000621 Netscape FTP Server - "Professional" as hell :>
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006211351280.23780-100000@nimue.tpi.pl
Reference: BUGTRAQ:20000629 (forw) Re: Netscape ftp Server (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0345.html
Reference: XF:netscape-ftpserver-chroot

---

Name: CVE-2000-0579

Description:

IRIX crontab creates temporary files with predictable file names and with the umask of the user, which could allow local users to modify another user's crontab file as it is being edited.

Status:Entry
Reference: BID:1413
Reference: URL:http://www.securityfocus.com/bid/1413
Reference: BUGTRAQ:20000621 Predictability Problems in IRIX Cron and Compilers
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0204.html
Reference: XF:irix-cron-modify-crontab

---

Name: CVE-2000-0581

Description:

Windows 2000 Telnet Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros, which causes the server to crash.

Status:Entry
Reference: BID:1414
Reference: URL:http://www.securityfocus.com/bid/1414
Reference: BUGTRAQ:20000630 SecureXpert Advisory [SX-20000620-1]
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.1000630161841.4619A-100000@fjord.fscinternet.com
Reference: XF:win2k-telnetserver-dos

---

Name: CVE-2000-0582

Description:

Check Point FireWall-1 4.0 and 4.1 allows remote attackers to cause a denial of service by sending a stream of invalid commands (such as binary zeros) to the SMTP Security Server proxy.

Status:Entry
Reference: BID:1416
Reference: URL:http://www.securityfocus.com/bid/1416
Reference: BUGTRAQ:20000630 SecureXpert Advisory [SX-20000620-3]
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.3.96.1000630162106.4619C-100000@fjord.fscinternet.com
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#SMTP_Security
Reference: OSVDB:1438
Reference: URL:http://www.osvdb.org/1438
Reference: XF:fw1-resource-overload-dos

---

Name: CVE-2000-0583

Description:

vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of service via a USER or PASS command that contains arbitrary formatting directives.

Status:Entry
Reference: BID:1418
Reference: URL:http://www.securityfocus.com/bid/1418
Reference: BUGTRAQ:20000626 vpopmail-3.4.11 problems
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=395BD2A8.5D3396A7@secureaustin.com
Reference: CONFIRM:http://www.vpopmail.cx/vpopmail-ChangeLog
Reference: XF:vpopmail-format-string

---

Name: CVE-2000-0584

Description:

Buffer overflow in Canna input system allows remote attackers to execute arbitrary commands via an SR_INIT command with a long user name or group name.

Status:Entry
Reference: BID:1445
Reference: URL:http://www.securityfocus.com/bid/1445
Reference: DEBIAN:20000702
Reference: FREEBSD:FreeBSD-SA-00:31
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:31.canna.asc.v1.1
Reference: MISC:http://shadowpenguin.backsection.net/advisories/advisory038.html
Reference: XF:canna-bin-execute-bo(4912)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4912

---

Name: CVE-2000-0585

Description:

ISC DHCP client program dhclient allows remote attackers to execute arbitrary commands via shell metacharacters.

Status:Entry
Reference: BID:1388
Reference: URL:http://www.securityfocus.com/bid/1388
Reference: BUGTRAQ:20000624 Possible root exploit in ISC DHCP client.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0247.html
Reference: BUGTRAQ:20000702 [Security Announce] dhcp update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0014.html
Reference: DEBIAN:20000628 dhcp client: remote root exploit in dhcp client
Reference: URL:http://www.debian.org/security/2000/20000628
Reference: FREEBSD:FreeBSD-SA-00:34
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:34.dhclient.asc
Reference: NETBSD:NetBSD-SA2000-008
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-008.txt.asc
Reference: OPENBSD:20000624 A serious bug in dhclient(8) could allow strings from a malicious dhcp server to be executed in the shell as root.
Reference: SUSE:20000711 Security Hole in dhclient < 2.0
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_56.html
Reference: XF:openbsd-isc-dhcp(4772)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4772

---

Name: CVE-2000-0586

Description:

Buffer overflow in Dalnet IRC server 4.6.5 allows remote attackers to cause a denial of service or execute arbitrary commands via the SUMMON command.

Status:Entry
Reference: BID:1404
Reference: URL:http://www.securityfocus.com/bid/1404
Reference: VULN-DEV:20000628 dalnet 4.6.5 remote vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/1092.html
Reference: XF:ircd-dalnet-summon-bo

---

Name: CVE-2000-0587

Description:

The privpath directive in glftpd 1.18 allows remote attackers to bypass access restrictions for directories by using the file name completion capability.

Status:Entry
Reference: BID:1401
Reference: URL:http://www.securityfocus.com/bid/1401
Reference: BUGTRAQ:20000626 Glftpd privpath bugs... +fix
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10006261041360.31907-200000@twix.thrijswijk.nl
Reference: BUGTRAQ:20000627 Re: Glftpd privpath bugs... +fix
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0317.html
Reference: XF:glftpd-privpath-directive

---

Name: CVE-2000-0588

Description:

SawMill 5.0.21 CGI program allows remote attackers to read the first line of arbitrary files by listing the file in the rfcf parameter, whose contents SawMill attempts to parse as configuration commands.

Status:Entry
Reference: BID:1402
Reference: URL:http://www.securityfocus.com/bid/1402
Reference: BUGTRAQ:20000626 sawmill5.0.21 old path bug & weak hash algorithm
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0271.html
Reference: BUGTRAQ:20000706 Patch for Flowerfire Sawmill Vulnerabilities Available
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0080.html
Reference: XF:sawmill-file-access

---

Name: CVE-2000-0590

Description:

Poll It 2.0 CGI script allows remote attackers to read arbitrary files by specifying the file name in the data_dir parameter.

Status:Entry
Reference: BID:1431
Reference: URL:http://www.securityfocus.com/bid/1431
Reference: BUGTRAQ:20000706 Vulnerability in Poll_It cgi v2.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0076.html
Reference: XF:http-cgi-pollit-variable-overwrite(4878)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4878

---

Name: CVE-2000-0591

Description:

Novell BorderManager 3.0 and 3.5 allows remote attackers to bypass URL filtering by encoding characters in the requested URL.

Status:Entry
Reference: BID:1432
Reference: URL:http://www.securityfocus.com/bid/1432
Reference: BUGTRAQ:20000705 Novell BorderManager 3.0 EE - Encoded URL rule bypass
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0038.html
Reference: XF:bordermanager-bypass-url-restriction

---

Name: CVE-2000-0593

Description:

WinProxy 2.0 and 2.0.1 allows remote attackers to cause a denial of service by sending an HTTP GET request without listing an HTTP version number.

Status:Entry
Reference: BID:1400
Reference: URL:http://www.securityfocus.com/bid/1400
Reference: BUGTRAQ:20000627 [SPSadvisory #37]WinProxy 2.0.0/2.0.1 DoS and Exploitable Buffer Overflow
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200006271417.GFE84146.-BJXON@lac.co.jp
Reference: XF:winproxy-get-dos(4831)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4831

---

Name: CVE-2000-0594

Description:

BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters.

Status:Entry
Reference: BID:1436
Reference: URL:http://www.securityfocus.com/bid/1436
Reference: BUGTRAQ:20000704 BitchX exploit possibly waiting to happen, certain DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0026.html
Reference: BUGTRAQ:20000707 BitchX update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0105.html
Reference: BUGTRAQ:20000707 CONECTIVA LINUX SECURITY ANNOUNCEMENT - BitchX
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0098.html
Reference: CALDERA:CSSA-2000-022.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-022.0.txt
Reference: FREEBSD:FreeBSD-SA-00:32
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-07/0042.html
Reference: REDHAT:RHSA-2000:042
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-042.html
Reference: VULN-DEV:20000704 BitchX /ignore bug
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q3/0018.html
Reference: XF:irc-bitchx-invite-dos(4897)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4897

---

Name: CVE-2000-0595

Description:

libedit searches for the .editrc file in the current directory instead of the user's home directory, which may allow local users to execute arbitrary commands by installing a modified .editrc in another directory.

Status:Entry
Reference: BID:1437
Reference: URL:http://www.securityfocus.com/bid/1437
Reference: FREEBSD:FreeBSD-SA-00:24
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-07/0035.html
Reference: OSVDB:1446
Reference: URL:http://www.osvdb.org/1446
Reference: XF:bsd-libedit-editrc

---

Name: CVE-2000-0596

Description:

Internet Explorer 5.x does not warn a user before opening a Microsoft Access database file that is referenced within ActiveX OBJECT tags in an HTML document, which could allow remote attackers to execute arbitrary commands, aka the "IE Script" vulnerability.

Status:Entry
Reference: BID:1398
Reference: URL:http://www.securityfocus.com/bid/1398
Reference: BUGTRAQ:20000627 FW: IE 5 and Access 2000 vulnerability - executing programs
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=000d01bfe0fb$418f59b0$96217aa8@src.bu.edu
Reference: BUGTRAQ:20000627 IE 5 and Access 2000 vulnerability - executing programs
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=39589359.762392DB@nat.bg
Reference: CERT:CA-2000-16
Reference: URL:http://www.cert.org/advisories/CA-2000-16.html
Reference: MS:MS00-049
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-049
Reference: XF:ie-access-vba-code-execute

---

Name: CVE-2000-0597

Description:

Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability.

Status:Entry
Reference: BID:1399
Reference: URL:http://www.securityfocus.com/bid/1399
Reference: BUGTRAQ:20000627 IE 5 and Excel 2000, PowerPoint 2000 vulnerability - executing programs
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=39589349.ED9DBCAB@nat.bg
Reference: MS:MS00-049
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-049
Reference: XF:ie-powerpoint-activex-object-execute

---

Name: CVE-2000-0598

Description:

Fortech Proxy+ allows remote attackers to bypass access restrictions for to the administration service by redirecting their connections through the telnet proxy.

Status:Entry
Reference: BID:1395
Reference: URL:http://www.securityfocus.com/bid/1395
Reference: BUGTRAQ:20000626 Proxy+ Telnet Gateway Problems
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0268.html
Reference: MISC:http://www.proxyplus.cz/faq/articles/EN/art01002.htm
Reference: XF:fortech-proxy-telnet-gateway

---

Name: CVE-2000-0599

Description:

Buffer overflow in iMesh 1.02 allows remote attackers to execute arbitrary commands via a long string to the iMesh port.

Status:Entry
Reference: BID:1407
Reference: URL:http://www.securityfocus.com/bid/1407
Reference: BUGTRAQ:20000629 iMesh 1.02 vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0335.html
Reference: MISC:http://www.imesh.com/download/download.html
Reference: XF:imesh-tcp-port-overflow

---

Name: CVE-2000-0600

Description:

Netscape Enterprise Server in NetWare 5.1 allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed URL.

Status:Entry
Reference: BID:1393
Reference: URL:http://www.securityfocus.com/bid/1393
Reference: BUGTRAQ:20000626 Netscape Enterprise Server for NetWare Virtual Directory Vulnerab ility
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0264.html
Reference: XF:netscape-virtual-directory-bo(4780)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4780

---

Name: CVE-2000-0601

Description:

LeafChat 1.7 IRC client allows a remote IRC server to cause a denial of service by rapidly sending a large amount of error messages.

Status:Entry
Reference: BID:1396
Reference: URL:http://www.securityfocus.com/bid/1396
Reference: BUGTRAQ:20000625 LeafChat Denial of Service
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.BSF.4.10.10006252056110.74551-100000@unix.za.net
Reference: CONFIRM:http://www.leafdigital.com/Software/leafChat/history.html
Reference: XF:irc-leafchat-dos

---

Name: CVE-2000-0602

Description:

Secure Locate (slocate) in Red Hat Linux allows local users to gain privileges via a malformed configuration file that is specified in the LOCATE_PATH environmental variable.

Status:Entry
Reference: BID:1385
Reference: URL:http://www.securityfocus.com/bid/1385
Reference: BUGTRAQ:20000621 rh 6.2 - gid compromises, etc
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006211209500.22969-100000@nimue.tpi.pl
Reference: XF:redhat-secure-locate-path

---

Name: CVE-2000-0603

Description:

Microsoft SQL Server 7.0 allows a local user to bypass permissions for stored procedures by referencing them via a temporary stored procedure, aka the "Stored Procedure Permissions" vulnerability.

Status:Entry
Reference: BID:1444
Reference: URL:http://www.securityfocus.com/bid/1444
Reference: MS:MS00-048
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-048
Reference: XF:mssql-procedure-perms(4921)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4921

---

Name: CVE-2000-0604

Description:

gkermit in Red Hat Linux is improperly installed with setgid uucp, which allows local users to modify files owned by uucp.

Status:Entry
Reference: BID:1383
Reference: URL:http://www.securityfocus.com/bid/1383
Reference: BUGTRAQ:20000621 rh 6.2 - gid compromises, etc
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.21.0006211209500.22969-100000@nimue.tpi.pl
Reference: XF:redhat-gkermit

---

Name: CVE-2000-0610

Description:

NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to bypass authentication and use the server for mail relay via a username that contains a carriage return.

Status:Entry
Reference: BID:1390
Reference: URL:http://www.securityfocus.com/bid/1390
Reference: BUGTRAQ:20000623 NetWin dMailWeb Unrestricted Mail Relay
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0243.html
Reference: XF:netwin-dmailweb-newline(4770)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4770

---

Name: CVE-2000-0611

Description:

The default configuration of NetWin dMailWeb and cwMail trusts all POP servers, which allows attackers to bypass normal authentication and cause a denial of service.

Status:Entry
Reference: BID:1391
Reference: URL:http://www.securityfocus.com/bid/1391
Reference: BUGTRAQ:20000623 NetWin dMailWeb Unrestricted Mail Relay
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0243.html
Reference: XF:netwin-dmailweb-auth(4771)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4771

---

Name: CVE-2000-0613

Description:

Cisco Secure PIX Firewall does not properly identify forged TCP Reset (RST) packets, which allows remote attackers to force the firewall to close legitimate connections.

Status:Entry
Reference: BID:1454
Reference: URL:http://www.securityfocus.com/bid/1454
Reference: BUGTRAQ:20000320 PIX DMZ Denial of Service - TCP Resets
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=B3D6883199DBD311868100A0C9FC2CDC046B72@protea.citec.net
Reference: CISCO:20000711 Cisco Secure PIX Firewall TCP Reset Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/pixtcpreset-pub.shtml
Reference: OSVDB:1457
Reference: URL:http://www.osvdb.org/1457
Reference: XF:cisco-pix-firewall-tcp(4928)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4928

---

Name: CVE-2000-0615

Description:

LPRng 3.6.x improperly installs lpd as setuid root, which can allow local users to append lpd trace and logging messages to files.

Status:Entry
Reference: BID:1447
Reference: URL:http://www.securityfocus.com/bid/1447
Reference: BUGTRAQ:20000709 LPRng lpd should not be SETUID root
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0117.html
Reference: XF:lpd-suid-root(7361)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7361

---

Name: CVE-2000-0616

Description:

Vulnerability in HP TurboIMAGE DBUTIL allows local users to gain additional privileges via DBUTIL.PUB.SYS.

Status:Entry
Reference: BID:1405
Reference: URL:http://www.securityfocus.com/bid/1405
Reference: HP:HPSBMP0006-007
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-06/0294.html
Reference: XF:hp-turboimage-dbutil

---

Name: CVE-2000-0619

Description:

Top Layer AppSwitch 2500 allows remote attackers to cause a denial of service via malformed ICMP packets.

Status:Entry
Reference: BID:1258
Reference: URL:http://www.securityfocus.com/bid/1258
Reference: VULN-DEV:20000520 TopLayer layer 7 switch Advisory
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/0680.html
Reference: VULN-DEV:20000614 Update on TopLayer Advisory
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2000-q2/0921.html
Reference: XF:toplayer-icmp-dos(7364)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7364

---

Name: CVE-2000-0620

Description:

libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop.

Status:Entry
Reference: BID:1409
Reference: URL:http://www.securityfocus.com/bid/1409
Reference: BUGTRAQ:20000619 XFree86: Various nasty libX11 holes
Reference: URL:http://marc.info/?l=bugtraq&m=96146116627474&w=2
Reference: XF:libx11-infinite-loop-dos(4996)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4996

---

Name: CVE-2000-0621

Description:

Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.

Status:Entry
Reference: BID:1501
Reference: URL:http://www.securityfocus.com/bid/1501
Reference: CERT:CA-2000-14
Reference: URL:http://www.cert.org/advisories/CA-2000-14.html
Reference: MS:MS00-046
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-046
Reference: XF:outlook-cache-bypass(5013)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5013

---

Name: CVE-2000-0622

Description:

Buffer overflow in Webfind CGI program in O'Reilly WebSite Professional web server 2.x allows remote attackers to execute arbitrary commands via a URL containing a long "keywords" parameter.

Status:Entry
Reference: BID:1487
Reference: URL:http://www.securityfocus.com/bid/1487
Reference: CONFIRM:http://website.oreilly.com/support/software/wspro25_releasenotes.txt
Reference: NAI:20000719 O'Reilly WebSite Professional Overflow
Reference: URL:http://www.nai.com/research/covert/advisories/043.asp
Reference: XF:website-webfind-bo(4962)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4962

---

Name: CVE-2000-0624

Description:

Buffer overflow in Winamp 2.64 and earlier allows remote attackers to execute arbitrary commands via a long #EXTINF: extension in the M3U playlist.

Status:Entry
Reference: BID:1496
Reference: URL:http://www.securityfocus.com/bid/1496
Reference: BUGTRAQ:20000720 Winamp M3U playlist parser buffer overflow security vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0289.html
Reference: CONFIRM:http://www.winamp.com/getwinamp/newfeatures.jhtml
Reference: XF:winamp-playlist-parser-bo(4956)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4956

---

Name: CVE-2000-0627

Description:

BlackBoard CourseInfo 4.0 does not properly authenticate users, which allows local users to modify CourseInfo database information and gain privileges by directly calling the supporting CGI programs such as user_update_passwd.pl and user_update_admin.pl.

Status:Entry
Reference: BID:1486
Reference: URL:http://www.securityfocus.com/bid/1486
Reference: BUGTRAQ:20000718 Blackboard Courseinfo v4.0 User Authentication
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0254.html
Reference: BUGTRAQ:20000719 Security Fix for Blackboard CourseInfo 4.0
Reference: URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D20000719151904.I17986@securityfocus.com
Reference: XF:blackboard-courseinfo-dbase-modification(4946)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4946

---

Name: CVE-2000-0628

Description:

The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.

Status:Entry
Reference: BID:1457
Reference: URL:http://www.securityfocus.com/bid/1457
Reference: BUGTRAQ:20000710 ANNOUNCE Apache::ASP v1.95 - Security Hole Fixed
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0142.html
Reference: CONFIRM:http://www.nodeworks.com/asp/changes.html
Reference: XF:apache-source-asp-file-write(4931)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4931

---

Name: CVE-2000-0630

Description:

IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source code by appending a +.htr to the URL, a variant of the "File Fragment Reading via .HTR" vulnerability.

Status:Entry
Reference: BID:1488
Reference: URL:http://www.securityfocus.com/bid/1488
Reference: MS:MS00-044
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-044
Reference: XF:iis-htr-obtain-code(5104)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5104

---

Name: CVE-2000-0631

Description:

An administrative script from IIS 3.0, later included in IIS 4.0 and 5.0, allows remote attackers to cause a denial of service by accessing the script without a particular argument, aka the "Absent Directory Browser Argument" vulnerability.

Status:Entry
Reference: BID:1476
Reference: URL:http://www.securityfocus.com/bid/1476
Reference: BUGTRAQ:20000718 ISBASE Security Advisory(SA2000-02)
Reference: URL:http://marc.info/?l=bugtraq&m=96390444022878&w=2
Reference: MS:MS00-044
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-044
Reference: XF:iis-absent-directory-dos(4951)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4951

---

Name: CVE-2000-0632

Description:

Buffer overflow in the web archive component of L-Soft Listserv 1.8d and earlier allows remote attackers to execute arbitrary commands via a long query string.

Status:Entry
Reference: BID:1490
Reference: URL:http://www.securityfocus.com/bid/1490
Reference: CONFIRM:http://www.lsoft.com/news/default.asp?item=Advisory1
Reference: NAI:20000717 [COVERT-2000-07] LISTSERV Web Archive Remote Overflow
Reference: URL:http://www.nai.com/nai_labs/asp_set/advisory/43_Advisory.asp
Reference: XF:lsoft-listserv-querystring-bo(4952)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4952

---

Name: CVE-2000-0633

Description:

Vulnerability in Mandrake Linux usermode package allows local users to to reboot or halt the system.

Status:Entry
Reference: BID:1489
Reference: URL:http://www.securityfocus.com/bid/1489
Reference: BUGTRAQ:20000718 MDKSA-2000:020 usermode update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0251.html
Reference: BUGTRAQ:20000812 Conectiva Linux security announcement - usermode
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0117.html
Reference: REDHAT:RHSA-2000:053
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-053.html
Reference: XF:linux-usermode-dos(4944)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4944

---

Name: CVE-2000-0634

Description:

The web administration interface for CommuniGate Pro 3.2.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:1493
Reference: URL:http://www.securityfocus.com/bid/1493
Reference: BUGTRAQ:20000717 S21SEC-003: Vulnerabilities in CommuniGate Pro v3.2.4
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0223.html
Reference: OSVDB:5774
Reference: URL:http://www.osvdb.org/5774
Reference: XF:communigate-pro-file-read(5105)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5105

---

Name: CVE-2000-0635

Description:

The view_page.html sample page in the MiniVend shopping cart program allows remote attackers to execute arbitrary commands via shell metacharacters.

Status:Entry
Reference: BID:1449
Reference: URL:http://www.securityfocus.com/bid/1449
Reference: BUGTRAQ:20000711 Akopia MiniVend Piped Command Execution Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0150.html
Reference: CONFIRM:http://www.zdnet.com/zdnn/stories/news/0,4586,2600258,00.html
Reference: XF:minivend-viewpage-sample(4880)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4880

---

Name: CVE-2000-0636

Description:

HP JetDirect printers versions G.08.20 and H.08.20 and earlier allow remote attackers to cause a denial of service via a malformed FTP quote command.

Status:Entry
Reference: BID:1491
Reference: URL:http://www.securityfocus.com/bid/1491
Reference: BUGTRAQ:20000719 HP Jetdirect - Invalid FTP Command DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0265.html
Reference: XF:hp-jetdirect-quote-dos(4947)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4947

---

Name: CVE-2000-0637

Description:

Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability.

Status:Entry
Reference: BID:1451
Reference: URL:http://www.securityfocus.com/bid/1451
Reference: BUGTRAQ:20000711 Excel 2000 vulnerability - executing programs
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=396B3F8F.9244D290@nat.bg
Reference: MS:MS00-051
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-051
Reference: XF:excel-register-function(5016)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5016

---

Name: CVE-2000-0638

Description:

bb-hostsvc.sh in Big Brother 1.4h1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack on the HOSTSVC parameter.

Status:Entry
Reference: BID:1455
Reference: URL:http://www.securityfocus.com/bid/1455
Reference: BUGTRAQ:20000711 BIG BROTHER EXPLOIT
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0146.html
Reference: BUGTRAQ:20000711 REMOTE EXPLOIT IN ALL CURRENT VERSIONS OF BIG BROTHER
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0147.html
Reference: CONFIRM:http://bb4.com/README.CHANGES
Reference: XF:http-cgi-bigbrother-bbhostsvc(4879)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4879

---

Name: CVE-2000-0639

Description:

The default configuration of Big Brother 1.4h2 and earlier does not include proper access restrictions, which allows remote attackers to execute arbitrary commands by using bbd to upload a file whose extension will cause it to be executed as a CGI script by the web server.

Status:Entry
Reference: BID:1494
Reference: URL:http://www.securityfocus.com/bid/1494
Reference: BUGTRAQ:20000711 Big Brother filename extension vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0171.html
Reference: OSVDB:1472
Reference: URL:http://www.osvdb.org/1472
Reference: XF:big-brother-filename-extension(5103)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5103

---

Name: CVE-2000-0640

Description:

Guild FTPd allows remote attackers to determine the existence of files outside the FTP root via a .. (dot dot) attack, which provides different error messages depending on whether the file exists or not.

Status:Entry
Reference: BID:1452
Reference: URL:http://www.securityfocus.com/bid/1452
Reference: BUGTRAQ:20000708 gnu-pop3d (FTGate problem), Savant Webserver, Guild FTPd
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0114.html
Reference: OSVDB:573
Reference: URL:http://www.osvdb.org/573
Reference: XF:guild-ftpd-disclosure(4922)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4922

---

Name: CVE-2000-0641

Description:

Savant web server allows remote attackers to execute arbitrary commands via a long GET request.

Status:Entry
Reference: BID:1453
Reference: URL:http://www.securityfocus.com/bid/1453
Reference: BUGTRAQ:20000708 gnu-pop3d (FTGate problem), Savant Webserver, Guild FTPd
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0114.html
Reference: XF:savant-get-bo(4901)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4901

---

Name: CVE-2000-0642

Description:

The default configuration of WebActive HTTP Server 1.00 stores the web access log active.log in the document root, which allows remote attackers to view the logs by directly requesting the page.

Status:Entry
Reference: BID:1497
Reference: URL:http://www.securityfocus.com/bid/1497
Reference: BUGTRAQ:20000711 Lame DoS in WEBactive win65/NT server
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007130827.BAA32671@Rage.Resentment.org
Reference: XF:webactive-active-log(5184)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5184

---

Name: CVE-2000-0643

Description:

Buffer overflow in WebActive HTTP Server 1.00 allows remote attackers to cause a denial of service via a long URL.

Status:Entry
Reference: BID:1470
Reference: URL:http://www.securityfocus.com/bid/1470
Reference: BUGTRAQ:20000711 Lame DoS in WEBactive win65/NT server
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200007130827.BAA32671@Rage.Resentment.org
Reference: XF:webactive-long-get-dos(4949)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4949

---

Name: CVE-2000-0644

Description:

WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing a STAT command while the LIST command is still executing.

Status:Entry
Reference: BID:1506
Reference: URL:http://www.securityfocus.com/bid/1506
Reference: BUGTRAQ:20000721 WFTPD/WFTPD Pro 2.41 RC11 vulnerabilities.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0295.html
Reference: OSVDB:1477
Reference: URL:http://www.osvdb.org/1477
Reference: XF:wftpd-stat-dos(5003)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5003

---

Name: CVE-2000-0650

Description:

The default installation of VirusScan 4.5 and NetShield 4.5 has insecure permissions for the registry key that identifies the AutoUpgrade directory, which allows local users to execute arbitrary commands by replacing SETUP.EXE in that directory with a Trojan Horse.

Status:Entry
Reference: BID:1458
Reference: URL:http://www.securityfocus.com/bid/1458
Reference: NTBUGTRAQ:20000711 Potential Vulnerability in McAfee Netshield and VirusScan 4.5
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0007&L=ntbugtraq&F=&S=&P=2753
Reference: OSVDB:1458
Reference: URL:http://www.osvdb.org/1458
Reference: OSVDB:4200
Reference: URL:http://www.osvdb.org/4200
Reference: XF:nai-virusscan-netshield-autoupgrade(5177)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5177

---

Name: CVE-2000-0651

Description:

The ClientTrust program in Novell BorderManager does not properly verify the origin of authentication requests, which could allow remote attackers to impersonate another user by replaying the authentication requests and responses from port 3024 of the victim's machine.

Status:Entry
Reference: BID:1440
Reference: URL:http://www.securityfocus.com/bid/1440
Reference: BUGTRAQ:20000707 Novell Border Manger - Anyone can pose as an authenticated user
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=06256915.00591E18.00@uprrsmtp2.notes.up.com
Reference: XF:novell-bordermanager-verification(5186)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5186

---

Name: CVE-2000-0652

Description:

IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which contains the "/servlet/file" string.

Status:Entry
Reference: BID:1500
Reference: URL:http://www.securityfocus.com/bid/1500
Reference: BUGTRAQ:20000723 IBM WebSphere default servlet handler showcode vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0342.html
Reference: XF:websphere-showcode(5012)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5012

---

Name: CVE-2000-0654

Description:

Microsoft Enterprise Manager allows local users to obtain database passwords via the Data Transformation Service (DTS) package Registered Servers Dialog dialog, aka a variant of the "DTS Password" vulnerability.

Status:Entry
Reference: BID:1466
Reference: URL:http://www.securityfocus.com/bid/1466
Reference: MS:MS00-041
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-041
Reference: XF:mssql-dts-reveal-passwords(4582)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4582

---

Name: CVE-2000-0655

Description:

Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1.

Status:Entry
Reference: BID:1503
Reference: URL:http://www.securityfocus.com/bid/1503
Reference: BUGTRAQ:20000724 JPEG COM Marker Processing Vulnerability in Netscape Browsers
Reference: URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3D200007242356.DAA01274%40false.com
Reference: BUGTRAQ:20000801 MDKSA-2000:027-1 netscape update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0456.html
Reference: BUGTRAQ:20000810 Conectiva Linux Security Announcement - netscape
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0116.html
Reference: FREEBSD:FreeBSD-SA-00:39
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:39.netscape.asc
Reference: NETBSD:NetBSD-SA2000-011
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-011.txt.asc
Reference: REDHAT:RHSA-2000:046
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-046.html
Reference: SUSE:20000823 Security Hole in Netscape, Versions 4.x, possibly others
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_60.html
Reference: TURBO:TLSA2000017-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000016.html
Reference: XF:netscape-jpg-comment

---

Name: CVE-2000-0660

Description:

The WDaemon web server for WorldClient 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:1462
Reference: URL:http://www.securityfocus.com/bid/1462
Reference: BUGTRAQ:20000712 Infosec.20000712.worldclient.2.1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0173.html
Reference: CONFIRM:http://www.altn.com/Downloads/WorldClient/Release/RelNotes.txt
Reference: OSVDB:1459
Reference: URL:http://www.osvdb.org/1459
Reference: XF:worldclient-dir-traverse(4913)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4913

---

Name: CVE-2000-0661

Description:

WircSrv IRC Server 5.07s allows remote attackers to cause a denial of service via a long string to the server port.

Status:Entry
Reference: BID:1448
Reference: URL:http://www.securityfocus.com/bid/1448
Reference: BUGTRAQ:20000710 Remote DoS Attack in WircSrv Irc Server v5.07s Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0120.html
Reference: XF:wircsrv-character-flood-dos(4914)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4914

---

Name: CVE-2000-0662

Description:

Internet Explorer 5.x and Microsoft Outlook allows remote attackers to read arbitrary files by redirecting the contents of an IFRAME using the DHTML Edit Control (DHTMLED).

Status:Entry
Reference: BID:1474
Reference: URL:http://www.securityfocus.com/bid/1474
Reference: BUGTRAQ:20000714 IE 5.5 and 5.01 vulnerability - reading at least local and from any host text and parsed html files
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=396EF9D5.62EEC625@nat.bg
Reference: XF:ie-dhtmled-file-read(5107)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5107

---

Name: CVE-2000-0663

Description:

The registry entry for the Windows Shell executable (Explorer.exe) in Windows NT and Windows 2000 uses a relative path name, which allows local users to execute arbitrary commands by inserting a Trojan Horse named Explorer.exe into the %Systemdrive% directory, aka the "Relative Shell Path" vulnerability.

Status:Entry
Reference: BID:1507
Reference: URL:http://www.securityfocus.com/bid/1507
Reference: MS:MS00-052
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-052
Reference: MSKB:Q269049
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=269049
Reference: XF:explorer-relative-path-name(5040)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5040

---

Name: CVE-2000-0664

Description:

AnalogX SimpleServer:WWW 1.06 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack that uses the %2E URL encoding for the dots.

Status:Entry
Reference: BID:1508
Reference: URL:http://www.securityfocus.com/bid/1508
Reference: BUGTRAQ:20000726 AnalogX "SimpleServer:WWW" dot dot bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0374.html
Reference: CONFIRM:http://www.analogx.com/contents/download/network/sswww.htm
Reference: OSVDB:388
Reference: URL:http://www.osvdb.org/388
Reference: XF:analogx-simpleserver-directory-path(4999)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4999

---

Name: CVE-2000-0665

Description:

GAMSoft TelSrv telnet server 1.5 and earlier allows remote attackers to cause a denial of service via a long username.

Status:Entry
Reference: BID:1478
Reference: URL:http://www.securityfocus.com/bid/1478
Reference: NTBUGTRAQ:20000717 DoS in Gamsoft TelSrv telnet server for MS Windows 95/98/NT/2k.
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0031.html
Reference: NTBUGTRAQ:20000729 TelSrv Reveals Usernames & Passwords After DoS Attack
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0056.html
Reference: OSVDB:373
Reference: URL:http://www.osvdb.org/373
Reference: XF:gamsoft-telsrv-dos(4945)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4945

---

Name: CVE-2000-0666

Description:

rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.

Status:Entry
Reference: BID:1480
Reference: URL:http://www.securityfocus.com/bid/1480
Reference: BUGTRAQ:20000716 Lots and lots of fun with rpc.statd
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0206.html
Reference: BUGTRAQ:20000717 CONECTIVA LINUX SECURITY ANNOUNCEMENT - nfs-utils
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0230.html
Reference: BUGTRAQ:20000718 Trustix Security Advisory - nfs-utils
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0236.html
Reference: BUGTRAQ:20000718 [Security Announce] MDKSA-2000:021 nfs-utils update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0260.html
Reference: CALDERA:CSSA-2000-025.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-025.0.txt
Reference: CERT:CA-2000-17
Reference: URL:http://www.cert.org/advisories/CA-2000-17.html
Reference: DEBIAN:20000719a
Reference: REDHAT:RHSA-2000:043
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-043.html
Reference: XF:linux-rpcstatd-format-overwrite(4939)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4939

---

Name: CVE-2000-0668

Description:

pam_console PAM module in Linux systems allows a user to access the system console and reboot the system when a display manager such as gdm or kdm has XDMCP enabled.

Status:Entry
Reference: BID:1513
Reference: URL:http://www.securityfocus.com/bid/1513
Reference: BUGTRAQ:20000727 CONECTIVA LINUX SECURITY ANNOUNCEMENT - PAM
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0398.html
Reference: BUGTRAQ:20000801 MDKSA-2000:029 pam update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0455.html
Reference: REDHAT:RHSA-2000:044
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-044.html
Reference: XF:linux-pam-console(5001)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5001

---

Name: CVE-2000-0669

Description:

Novell NetWare 5.0 allows remote attackers to cause a denial of service by flooding port 40193 with random data.

Status:Entry
Reference: BID:1467
Reference: URL:http://www.securityfocus.com/bid/1467
Reference: BUGTRAQ:20000711 Remote Denial Of Service -- NetWare 5.0 with SP 5
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=000501bfeab5$9330c3d0$d801a8c0@dimuthu.baysidegrp.com.au
Reference: XF:netware-port40193-dos

---

Name: CVE-2000-0670

Description:

The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with write access to a CVS repository to execute arbitrary commands via shell metacharacters.

Status:Entry
Reference: BID:1469
Reference: URL:http://www.securityfocus.com/bid/1469
Reference: BUGTRAQ:20000712 cvsweb: remote shell for cvs committers
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0178.html
Reference: BUGTRAQ:20000714 MDKSA-2000:019 cvsweb update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0196.html
Reference: DEBIAN:20000719b
Reference: FREEBSD:FreeBSD-SA-00:37
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:37.cvsweb.asc
Reference: TURBO:TLSA2000016-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000015.html
Reference: XF:cvsweb-shell-access(4925)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4925

---

Name: CVE-2000-0671

Description:

Roxen web server earlier than 2.0.69 allows allows remote attackers to bypass access restrictions, list directory contents, and read source code by inserting a null character (%00) to the URL.

Status:Entry
Reference: BID:1510
Reference: URL:http://www.securityfocus.com/bid/1510
Reference: BUGTRAQ:20000721 Roxen Web Server Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0307.html
Reference: BUGTRAQ:20000721 Roxen security alert: Problems with URLs containing null characters.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0321.html
Reference: XF:roxen-null-char-url(4965)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4965

---

Name: CVE-2000-0672

Description:

The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory.

Status:Entry
Reference: BID:1548
Reference: URL:http://www.securityfocus.com/bid/1548
Reference: BUGTRAQ:20000721 Jakarta-tomcat.../admin
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0309.html
Reference: XF:jakarta-tomcat-admin(5160)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5160

---

Name: CVE-2000-0673

Description:

The NetBIOS Name Server (NBNS) protocol does not perform authentication, which allows remote attackers to cause a denial of service by sending a spoofed Name Conflict or Name Release datagram, aka the "NetBIOS Name Server Protocol Spoofing" vulnerability.

Status:Entry
Reference: BID:1514
Reference: URL:http://www.securityfocus.com/bid/1514
Reference: BID:1515
Reference: URL:http://www.securityfocus.com/bid/1515
Reference: MS:MS00-047
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-047
Reference: NAI:20000727 Windows NetBIOS Name Conflicts
Reference: URL:http://www.nai.com/research/covert/advisories/044.asp
Reference: XF:netbios-name-server-spoofing(5035)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5035

---

Name: CVE-2000-0674

Description:

ftp.pl CGI program for Virtual Visions FTP browser allows remote attackers to read directories outside of the document root via a .. (dot dot) attack.

Status:Entry
Reference: BID:1471
Reference: URL:http://www.securityfocus.com/bid/1471
Reference: BUGTRAQ:20000712 ftp.pl vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0177.html
Reference: XF:virtualvision-ftp-browser(5187)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5187

---

Name: CVE-2000-0675

Description:

Buffer overflow in Infopulse Gatekeeper 3.5 and earlier allows remote attackers to execute arbitrary commands via a long string.

Status:Entry
Reference: BID:1477
Reference: URL:http://www.securityfocus.com/bid/1477
Reference: BUGTRAQ:20000713 The MDMA Crew's GateKeeper Exploit
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=00af01bfece2$a52cbd80$367e1ec4@kungphusion
Reference: XF:gatekeeper-long-string-bo(4948)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4948

---

Name: CVE-2000-0676

Description:

Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice.

Status:Entry
Reference: BID:1546
Reference: URL:http://www.securityfocus.com/bid/1546
Reference: BUGTRAQ:20000804 Dangerous Java/Netscape Security Hole
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0019.html
Reference: BUGTRAQ:20000810 MDKSA-2000:033 Netscape Java vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0115.html
Reference: BUGTRAQ:20000818 Conectiva Linux Security Announcement - netscape
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0236.html
Reference: BUGTRAQ:20000821 MDKSA-2000:036 - netscape update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0265.html
Reference: CALDERA:CSSA-2000-027.1
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-027.1.txt
Reference: CERT:CA-2000-15
Reference: URL:http://www.cert.org/advisories/CA-2000-15.html
Reference: FREEBSD:FreeBSD-SA-00:39
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:39.netscape.asc
Reference: REDHAT:RHSA-2000:054
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-054.html
Reference: SUSE:20000823 Security Hole in Netscape, Versions 4.x, possibly others
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_60.html
Reference: XF:java-brownorifice

---

Name: CVE-2000-0677

Description:

Buffer overflow in IBM Net.Data db2www CGI program allows remote attackers to execute arbitrary commands via a long PATH_INFO environmental variable.

Status:Entry
Reference: ISS:20000907 Buffer Overflow in IBM Net.Data db2www CGI program.
Reference: URL:http://xforce.iss.net/alerts/advise60.php
Reference: XF:ibm-netdata-db2www-bo(4976)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4976

---

Name: CVE-2000-0678

Description:

PGP 5.5.x through 6.5.3 does not properly check if an Additional Decryption Key (ADK) is stored in the signed portion of a public certificate, which allows an attacker who can modify a victim's public certificate to decrypt any data that has been encrypted with the modified certificate.

Status:Entry
Reference: BID:1606
Reference: URL:http://www.securityfocus.com/bid/1606
Reference: CERT:CA-2000-18
Reference: URL:http://www.cert.org/advisories/CA-2000-18.html
Reference: OSVDB:4354
Reference: URL:http://www.osvdb.org/4354

---

Name: CVE-2000-0679

Description:

The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files.

Status:Entry
Reference: BID:1523
Reference: URL:http://www.securityfocus.com/bid/1523
Reference: BUGTRAQ:20000728 cvs security problem
Reference: URL:http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org
Reference: XF:cvs-client-creates-file

---

Name: CVE-2000-0681

Description:

Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .JSP extension.

Status:Entry
Reference: BID:1570
Reference: URL:http://www.securityfocus.com/bid/1570
Reference: BUGTRAQ:20000815 BEA Weblogic server proxy library vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0186.html
Reference: XF:weblogic-plugin-bo

---

Name: CVE-2000-0682

Description:

BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet.

Status:Entry
Reference: BID:1518
Reference: URL:http://www.securityfocus.com/bid/1518
Reference: BUGTRAQ:20000728 BEA's WebLogic force handlers show code vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0410.html
Reference: CONFIRM:http://developer.bea.com/alerts/security_000731.html
Reference: OSVDB:1481
Reference: URL:http://www.osvdb.org/1481
Reference: XF:weblogic-fileservlet-show-code

---

Name: CVE-2000-0683

Description:

BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtml/ into the URL, which invokes the SSIServlet.

Status:Entry
Reference: BID:1517
Reference: URL:http://www.securityfocus.com/bid/1517
Reference: BUGTRAQ:20000728 BEA's WebLogic force handlers show code vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0410.html
Reference: CONFIRM:http://developer.bea.com/alerts/security_000728.html
Reference: OSVDB:1480
Reference: URL:http://www.osvdb.org/1480

---

Name: CVE-2000-0684

Description:

BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file.

Status:Entry
Reference: BID:1525
Reference: URL:http://www.securityfocus.com/bid/1525
Reference: BUGTRAQ:20000731 BEA's WebLogic *.jsp/*.jhtml remote command execution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0434.html
Reference: CONFIRM:http://developer.bea.com/alerts/security_000731.html
Reference: XF:html-malicious-tags

---

Name: CVE-2000-0685

Description:

BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and execute Java JHTML code by directly invoking the servlet on any source file.

Status:Entry
Reference: BID:1525
Reference: URL:http://www.securityfocus.com/bid/1525
Reference: BUGTRAQ:20000731 BEA's WebLogic *.jsp/*.jhtml remote command execution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0434.html
Reference: CONFIRM:http://developer.bea.com/alerts/security_000731.html
Reference: XF:html-malicious-tags

---

Name: CVE-2000-0693

Description:

pgxconfig in the Raptor GFX configuration tool uses a relative path name for a system call to the "cp" program, which allows local users to execute arbitrary commands by modifying their path to point to an alternate "cp" program.

Status:Entry
Reference: BID:1563
Reference: URL:http://www.securityfocus.com/bid/1563
Reference: BUGTRAQ:20000802 Local root compromise in PGX Config Sun Sparc Solaris
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0463.html
Reference: OSVDB:1501
Reference: URL:http://www.osvdb.org/1501

---

Name: CVE-2000-0694

Description:

pgxconfig in the Raptor GFX configuration tool allows local users to gain privileges via a symlink attack.

Status:Entry
Reference: BUGTRAQ:20000802 Local root compromise in PGX Config Sun Sparc Solaris
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0463.html
Reference: OSVDB:5740
Reference: URL:http://www.osvdb.org/5740

---

Name: CVE-2000-0698

Description:

Minicom 1.82.1 and earlier on some Linux systems allows local users to create arbitrary files owned by the uucp user via a symlink attack.

Status:Entry
Reference: BID:1599
Reference: URL:http://www.securityfocus.com/bid/1599
Reference: BUGTRAQ:20000819 RH 6.1 / 6.2 minicom vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/77361
Reference: XF:minicom-capture-groupown(5151)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5151

---

Name: CVE-2000-0699

Description:

Format string vulnerability in ftpd in HP-UX 10.20 allows remote attackers to cause a denial of service or execute arbitrary commands via format strings in the PASS command.

Status:Entry
Reference: BID:1560
Reference: URL:http://www.securityfocus.com/bid/1560
Reference: BUGTRAQ:20000806 HPUX FTPd vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0028.html

---

Name: CVE-2000-0700

Description:

Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit Ethernet cards, from IOS versions 11.2(15)GS1A up to 11.2(19)GS0.2 and some versions of 12.0, do not properly handle line card failures, which allows remote attackers to bypass ACLs or force the interface to stop forwarding packets.

Status:Entry
Reference: BID:1541
Reference: URL:http://www.securityfocus.com/bid/1541
Reference: CISCO:20000803 Possible Access Control Bypass and Denial of Service in Gigabit Switch Routers Using Gigabit Ethernet or Fast Ethernet Cards
Reference: URL:http://www.cisco.com/warp/public/707/gsraclbypassdos-pub.shtml
Reference: OSVDB:793
Reference: URL:http://www.osvdb.org/793
Reference: OSVDB:798
Reference: URL:http://www.osvdb.org/798

---

Name: CVE-2000-0702

Description:

The net.init rc script in HP-UX 11.00 (S008net.init) allows local users to overwrite arbitrary files via a symlink attack that points from /tmp/stcp.conf to the targeted file.

Status:Entry
Reference: BID:1602
Reference: URL:http://www.securityfocus.com/bid/1602
Reference: BUGTRAQ:20000821 [HackersLab bugpaper] HP-UX net.init rc script
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0261.html
Reference: XF:hp-netinit-symlink(5131)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5131

---

Name: CVE-2000-0703

Description:

suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence.

Status:Entry
Reference: BID:1547
Reference: URL:http://www.securityfocus.com/bid/1547
Reference: BUGTRAQ:20000805 sperl 5.00503 (and newer ;) exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0022.html
Reference: BUGTRAQ:20000808 MDKSA-2000:031 perl update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0086.html
Reference: BUGTRAQ:20000810 Conectiva Linux security announcemente - PERL
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0113.html
Reference: BUGTRAQ:20000814 Trustix Security Advisory - perl and mailx
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0153.html
Reference: CALDERA:CSSA-2000-026.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-026.0.txt
Reference: DEBIAN:20000810
Reference: REDHAT:RHSA-2000:048
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-048.html
Reference: SUSE:20000810 Security Hole in perl, all versions
Reference: URL:http://www.novell.com/linux/security/advisories/suse_security_announce_59.html
Reference: TURBO:TLSA2000018-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-August/000017.html
Reference: XF:perl-shell-escape

---

Name: CVE-2000-0705

Description:

ntop running in web mode allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:1550
Reference: URL:http://www.securityfocus.com/bid/1550
Reference: BUGTRAQ:20000802 [ Hackerslab bug_paper ] ntop web mode vulnerabliity
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0459.html
Reference: OSVDB:1496
Reference: URL:http://www.osvdb.org/1496
Reference: REDHAT:RHSA-2000:049
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-049.html
Reference: XF:ntop-remote-file-access

---

Name: CVE-2000-0706

Description:

Buffer overflows in ntop running in web mode allows remote attackers to execute arbitrary commands.

Status:Entry
Reference: BID:1576
Reference: URL:http://www.securityfocus.com/bid/1576
Reference: DEBIAN:20000830 ntop: Still remotely exploitable using buffer overflows
Reference: URL:http://www.debian.org/security/2000/20000830
Reference: FREEBSD:FreeBSD-SA-00:36
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:36.ntop.asc
Reference: OSVDB:1513
Reference: URL:http://www.osvdb.org/1513
Reference: XF:ntop-bo

---

Name: CVE-2000-0707

Description:

PCCS MySQLDatabase Admin Tool Manager 1.2.4 and earlier installs the file dbconnect.inc within the web root, which allows remote attackers to obtain sensitive information such as the administrative password.

Status:Entry
Reference: BID:1557
Reference: URL:http://www.securityfocus.com/bid/1557
Reference: BUGTRAQ:20000804 PCCS MySQL DB Admin Tool v1.2.3- Advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0015.html
Reference: CONFIRM:http://pccs-linux.com/public/view.php3?bn=agora_pccslinux&key=965951324
Reference: XF:pccs-mysql-admin-tool

---

Name: CVE-2000-0708

Description:

Buffer overflow in Pragma Systems TelnetServer 2000 version 4.0 allows remote attackers to cause a denial of service via a long series of null characters to the rexec port.

Status:Entry
Reference: BID:1605
Reference: URL:http://www.securityfocus.com/bid/1605
Reference: CONFIRM:http://www.pragmasys.com/TelnetServer/
Reference: NTBUGTRAQ:20000824 Remote DoS Attack in Pragma TelnetServer 2000 (Remote Execute Daemon) Vulnerability
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0008&L=NTBUGTRAQ&P=R4247
Reference: XF:telnetserver-rpc-bo

---

Name: CVE-2000-0711

Description:

Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice.

Status:Entry
Reference: BID:1545
Reference: URL:http://www.securityfocus.com/bid/1545
Reference: BUGTRAQ:20000805 Dangerous Java/Netscape Security Hole
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000805020429.11774.qmail@securityfocus.com
Reference: BUGTRAQ:20000816 JDK 1.1.x Listening Socket Vulnerability (was Re: BrownOrifice can break firewalls!)
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=3999922128E.EE84TAKAGI@java-house.etl.go.jp
Reference: CERT:CA-2000-15
Reference: URL:http://www.cert.org/advisories/CA-2000-15.html

---

Name: CVE-2000-0712

Description:

Linux Intrusion Detection System (LIDS) 0.9.7 allows local users to gain root privileges when LIDS is disabled via the security=0 boot option.

Status:Entry
Reference: BID:1549
Reference: URL:http://www.securityfocus.com/bid/1549
Reference: BUGTRAQ:2000803 LIDS severe bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0486.html
Reference: CONFIRM:http://www.lids.org/changelog.html
Reference: MISC:http://www.egroups.com/message/lids/1038
Reference: OSVDB:1495
Reference: URL:http://www.osvdb.org/1495

---

Name: CVE-2000-0716

Description:

WorldClient email client in MDaemon 2.8 includes the session ID in the referer field of an HTTP request when the user clicks on a URL, which allows the visited web site to hijack the session ID and read the user's email.

Status:Entry
Reference: BID:1553
Reference: URL:http://www.securityfocus.com/bid/1553
Reference: NTBUGTRAQ:20000809 Session hijacking in Alt-N's MDaemon 2.8
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0008&L=ntbugtraq&F=&S=&P=459
Reference: XF:mdaemon-session-id-hijack(5070)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5070

---

Name: CVE-2000-0717

Description:

GoodTech FTP server allows remote attackers to cause a denial of service via a large number of RNTO commands.

Status:Entry
Reference: BID:1619
Reference: URL:http://www.securityfocus.com/bid/1619
Reference: BUGTRAQ:20000830 [EXPL] GoodTech's FTP Server vulnerable to a DoS (RNTO)
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=02ff01c0124c$e9387660$0201a8c0@aviram
Reference: XF:ftp-goodtech-rnto-dos(5166)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5166

---

Name: CVE-2000-0718

Description:

A race condition in MandrakeUpdate allows local users to modify RPM files while they are in the /tmp directory before they are installed.

Status:Entry
Reference: BID:1567
Reference: URL:http://www.securityfocus.com/bid/1567
Reference: BUGTRAQ:20000812 MDKSA-2000:034 MandrakeUpdate update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0146.html

---

Name: CVE-2000-0720

Description:

news.cgi in GWScripts News Publisher does not properly authenticate requests to add an author to the author index, which allows remote attackers to add new authors by directly posting an HTTP request to the new.cgi program with an addAuthor parameter, and setting the Referer to the news.cgi program.

Status:Entry
Reference: BID:1621
Reference: URL:http://www.securityfocus.com/bid/1621
Reference: BUGTRAQ:20000829 News Publisher CGI Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=003301c0123b$18f8c1a0$953b29d4@e8s9s4
Reference: XF:news-publisher-add-author(5169)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5169

---

Name: CVE-2000-0725

Description:

Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.

Status:Entry
Reference: BID:1577
Reference: URL:http://www.securityfocus.com/bid/1577
Reference: BUGTRAQ:20000816 MDKSA-2000:035 Zope update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0198.html
Reference: BUGTRAQ:20000821 Conectiva Linux Security Announcement - Zope
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0259.html
Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert
Reference: DEBIAN:20000821 zope: unauthorized escalation of privilege (update)
Reference: URL:http://www.debian.org/security/2000/20000821
Reference: REDHAT:RHSA-2000:052
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-052.html

---

Name: CVE-2000-0726

Description:

CGIMail.exe CGI program in Stalkerlab Mailers 1.1.2 allows remote attackers to read arbitrary files by specifying the file in the $Attach$ hidden form variable.

Status:Entry
Reference: BID:1623
Reference: URL:http://www.securityfocus.com/bid/1623
Reference: BUGTRAQ:20000829 Stalker's CGImail Gives Read Access to All Server Files
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000829194618.H7744@thathost.com
Reference: XF:mailers-cgimail-spoof(5165)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5165

---

Name: CVE-2000-0727

Description:

xpdf PDF viewer client earlier than 0.91 does not properly launch a web browser for embedded URL's, which allows an attacker to execute arbitrary commands via a URL that contains shell metacharacters.

Status:Entry
Reference: BID:1624
Reference: URL:http://www.securityfocus.com/bid/1624
Reference: BUGTRAQ:20000829 MDKSA-2000:041 - xpdf update
Reference: URL:http://marc.info/?l=bugtraq&m=96766355023239&w=2
Reference: BUGTRAQ:20000913 Conectiva Linux Security Announcement - xpdf
Reference: URL:http://marc.info/?l=bugtraq&m=96886599829687&w=2
Reference: CALDERA:CSSA-2000-031.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-031.0.txt
Reference: DEBIAN:20000910 xpdf: local exploit
Reference: URL:http://www.debian.org/security/2000/20000910a
Reference: REDHAT:RHSA-2000:060
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-060.html

---

Name: CVE-2000-0728

Description:

xpdf PDF viewer client earlier than 0.91 allows local users to overwrite arbitrary files via a symlink attack.

Status:Entry
Reference: BID:1624
Reference: URL:http://www.securityfocus.com/bid/1624
Reference: BUGTRAQ:20000829 MDKSA-2000:041 - xpdf update
Reference: URL:http://marc.info/?l=bugtraq&m=96766355023239&w=2
Reference: BUGTRAQ:20000913 Conectiva Linux Security Announcement - xpdf
Reference: URL:http://marc.info/?l=bugtraq&m=96886599829687&w=2
Reference: CALDERA:CSSA-2000-031.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-031.0.txt
Reference: DEBIAN:20000910a
Reference: REDHAT:RHSA-2000:060
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-060.html

---

Name: CVE-2000-0729

Description:

FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header.

Status:Entry
Reference: BID:1625
Reference: URL:http://www.securityfocus.com/bid/1625
Reference: FREEBSD:FreeBSD-SA-00:41
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0337.html
Reference: OSVDB:1534
Reference: URL:http://www.osvdb.org/1534
Reference: XF:freebsd-elf-dos(5967)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5967

---

Name: CVE-2000-0730

Description:

Vulnerability in newgrp command in HP-UX 11.0 allows local users to gain privileges.

Status:Entry
Reference: BID:1580
Reference: URL:http://www.securityfocus.com/bid/1580
Reference: HP:HPSBUX0008-118
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0144.html

---

Name: CVE-2000-0731

Description:

Directory traversal vulnerability in Worm HTTP server allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:1626
Reference: URL:http://www.securityfocus.com/bid/1626
Reference: NTBUGTRAQ:20000825 DST2K0023: Directory Traversal Possible & Denial of Service in Wo rm HTTP Server
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0111.html
Reference: OSVDB:1535
Reference: URL:http://www.osvdb.org/1535
Reference: XF:wormhttp-dir-traverse(5148)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5148

---

Name: CVE-2000-0732

Description:

Worm HTTP server allows remote attackers to cause a denial of service via a long URL.

Status:Entry
Reference: BID:1626
Reference: URL:http://www.securityfocus.com/bid/1626
Reference: NTBUGTRAQ:20000825 DST2K0023: Directory Traversal Possible & Denial of Service in Wo rm HTTP Server
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0111.html
Reference: XF:wormhttp-filename-dos(5149)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5149

---

Name: CVE-2000-0733

Description:

Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans user-injected format strings, which allows remote attackers to execute arbitrary commands via a long RLD variable in the IAC-SB-TELOPT_ENVIRON request.

Status:Entry
Reference: BID:1572
Reference: URL:http://www.securityfocus.com/bid/1572
Reference: BUGTRAQ:20000814 [LSD] IRIX telnetd remote vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0154.html
Reference: SGI:20000801-02-P
Reference: URL:ftp://sgigate.sgi.com/security/20000801-02-P

---

Name: CVE-2000-0737

Description:

The Service Control Manager (SCM) in Windows 2000 creates predictable named pipes, which allows a local user with console access to gain administrator privileges, aka the "Service Control Manager Named Pipe Impersonation" vulnerability.

Status:Entry
Reference: BID:1535
Reference: URL:http://www.securityfocus.com/bid/1535
Reference: MS:MS00-053
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-053

---

Name: CVE-2000-0738

Description:

WebShield SMTP 4.5 allows remote attackers to cause a denial of service by sending e-mail with a From: address that has a . (period) at the end, which causes WebShield to continuously send itself copies of the e-mail.

Status:Entry
Reference: BID:1589
Reference: URL:http://www.securityfocus.com/bid/1589
Reference: NTBUGTRAQ:20000818 WebShield SMTP infinite loop DoS Attack
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0101.html
Reference: XF:webshield-smtp-dos(5100)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5100

---

Name: CVE-2000-0739

Description:

Directory traversal vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to read arbitrary files via a .. (dot dot) attack in an HTTPS request to the enrollment server.

Status:Entry
Reference: BID:1537
Reference: URL:http://www.securityfocus.com/bid/1537
Reference: BUGTRAQ:20000802 NAI Net Tools PKI Server vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0473.html
Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/hf3pki10.txt
Reference: OSVDB:1489
Reference: URL:http://www.osvdb.org/1489
Reference: XF:nettools-pki-dir-traverse(5066)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5066

---

Name: CVE-2000-0740

Description:

Buffer overflow in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary commands via a long URL in the HTTPS port.

Status:Entry
Reference: BID:1536
Reference: URL:http://www.securityfocus.com/bid/1536
Reference: BUGTRAQ:20000802 NAI Net Tools PKI Server vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0473.html
Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/hf3pki10.txt
Reference: OSVDB:1488
Reference: URL:http://www.osvdb.org/1488
Reference: XF:nai-nettools-strong-bo(5026)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5026

---

Name: CVE-2000-0741

Description:

Format string vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary code via format strings in a URL with a .XUDA extension.

Status:Entry
Reference: BID:1538
Reference: URL:http://www.securityfocus.com/bid/1538
Reference: BUGTRAQ:20000802 NAI Net Tools PKI Server vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0473.html
Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/hf3pki10.txt
Reference: OSVDB:1490
Reference: URL:http://www.osvdb.org/1490

---

Name: CVE-2000-0742

Description:

The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that is a broadcast address, aka the "Malformed IPX Ping Packet" vulnerability.

Status:Entry
Reference: BID:1544
Reference: URL:http://www.securityfocus.com/bid/1544
Reference: BUGTRAQ:20000602 ipx storm
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&mid=63120
Reference: MS:MS00-054
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-054
Reference: XF:win-ipx-ping-packet(5079)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5079

---

Name: CVE-2000-0743

Description:

Buffer overflow in University of Minnesota (UMN) gopherd 2.x allows remote attackers to execute arbitrary commands via a DES key generation request (GDESkey) that contains a long ticket value.

Status:Entry
Reference: BID:1569
Reference: URL:http://www.securityfocus.com/bid/1569
Reference: BUGTRAQ:20000810 Remote vulnerability in Gopherd 2.x
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0112.html

---

Name: CVE-2000-0744

Description:

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2000-0743. Reason: This candidate is a duplicate of CVE-2000-0743. Notes: All CVE users should reference CVE-2000-0743 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Status:Entry

---

Name: CVE-2000-0745

Description:

admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke administrator password, which allows remote attackers to gain privileges by requesting a URL that does not specify the aid or pwd parameter.

Status:Entry
Reference: BID:1592
Reference: URL:http://www.securityfocus.com/bid/1592
Reference: BUGTRAQ:20000821 Vuln. in all sites using PHP-Nuke, versions less than 3
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0243.html
Reference: OSVDB:1521
Reference: URL:http://www.osvdb.org/1521

---

Name: CVE-2000-0747

Description:

The logrotate script for OpenLDAP before 1.2.11 in Conectiva Linux sends an improper signal to the kernel log daemon (klogd) and kills it.

Status:Entry
Reference: BUGTRAQ:20000726 CONECTIVA LINUX SECURITY ANNOUNCEMENT - OPENLDAP
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0379.html
Reference: XF:openldap-logrotate-script-dos(5036)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5036

---

Name: CVE-2000-0749

Description:

Buffer overflow in the Linux binary compatibility module in FreeBSD 3.x through 5.x allows local users to gain root privileges via long filenames in the linux shadow file system.

Status:Entry
Reference: BID:1628
Reference: URL:http://www.securityfocus.com/bid/1628
Reference: FREEBSD:FreeBSD-SA-00:42
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0338.html
Reference: OSVDB:1536
Reference: URL:http://www.osvdb.org/1536
Reference: XF:freebsd-linux-module-bo(5968)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5968

---

Name: CVE-2000-0750

Description:

Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file name.

Status:Entry
Reference: BID:1558
Reference: URL:http://www.securityfocus.com/bid/1558
Reference: BUGTRAQ:20000808 OpenBSD 2.7 / NetBSD 1.4.2 mopd buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0064.html
Reference: FREEBSD:FreeBSD-SA-00:40
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0336.html
Reference: MISC:http://cvsweb.netbsd.org/bsdweb.cgi/basesrc/usr.sbin/mopd/mopd/process.c.diff?r1=1.7&r2=1.8&f=h
Reference: OPENBSD:20000705 Mopd contained a buffer overflow.
Reference: URL:http://www.openbsd.org/errata.html#mopd
Reference: REDHAT:RHSA-2000:050
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-050.html

---

Name: CVE-2000-0751

Description:

mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands.

Status:Entry
Reference: BID:1559
Reference: URL:http://www.securityfocus.com/bid/1559
Reference: BUGTRAQ:20000808 OpenBSD 2.7 / NetBSD 1.4.2 mopd buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0064.html
Reference: FREEBSD:FreeBSD-SA-00:40
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0336.html
Reference: MISC:http://cvsweb.netbsd.org/bsdweb.cgi/basesrc/usr.sbin/mopd/mopd/process.c.diff?r1=1.7&r2=1.8&f=h
Reference: OPENBSD:20000705 Mopd contained a buffer overflow.
Reference: URL:http://www.openbsd.org/errata.html#mopd
Reference: REDHAT:RHSA-2000:050
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-050.html

---

Name: CVE-2000-0753

Description:

The Microsoft Outlook mail client identifies the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files.

Status:Entry
Reference: BID:1631
Reference: URL:http://www.securityfocus.com/bid/1631
Reference: BUGTRAQ:20000824 Outlook winmail.dat
Reference: URL:http://www.securityfocus.com/archive/1/78240
Reference: BUGTRAQ:20010802 Outlook 2000 Rich Text information disclosure
Reference: URL:http://www.securityfocus.com/archive/1/201422
Reference: XF:outlook-reveal-path(5508)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5508

---

Name: CVE-2000-0754

Description:

Vulnerability in HP OpenView Network Node Manager (NMM) version 6.1 related to passwords.

Status:Entry
Reference: BID:1581
Reference: URL:http://www.securityfocus.com/bid/1581
Reference: HP:HPSBUX0008-119
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0144.html

---

Name: CVE-2000-0758

Description:

The web interface for Lyris List Manager 3 and 4 allows list subscribers to obtain administrative access by modifying the value of the list_admin hidden form field.

Status:Entry
Reference: BID:1584
Reference: URL:http://www.securityfocus.com/bid/1584
Reference: BUGTRAQ:20000811 Lyris List Manager Administration Hole
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0149.html
Reference: CONFIRM:http://www.lyris.com/lm/lm_updates.html

---

Name: CVE-2000-0761

Description:

OS2/Warp 4.5 FTP server allows remote attackers to cause a denial of service via a long username.

Status:Entry
Reference: BID:1582
Reference: URL:http://www.securityfocus.com/bid/1582
Reference: BUGTRAQ:20000815 OS/2 Warp 4.5 FTP Server DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0166.html
Reference: CONFIRM:ftp://ftp.software.ibm.com/ps/products/tcpip/fixes/v4.3os2/ic27721/README

---

Name: CVE-2000-0762

Description:

The default installation of eTrust Access Control (formerly SeOS) uses a default encryption key, which allows remote attackers to spoof the eTrust administrator and gain privileges.

Status:Entry
Reference: BID:1583
Reference: URL:http://www.securityfocus.com/bid/1583
Reference: BUGTRAQ:20000811 eTrust Access Control - Root compromise for default install
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=004601c003a1$ba473260$ddeaa2cd@itradefair.net
Reference: CONFIRM:http://support.ca.com/techbases/eTrust/etrust_access_control-response.html
Reference: OSVDB:1517
Reference: URL:http://www.osvdb.org/1517
Reference: XF:etrust-access-control-default(5076)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5076

---

Name: CVE-2000-0763

Description:

xlockmore and xlockf do not properly cleanse user-injected format strings, which allows local users to gain root privileges via the -d option.

Status:Entry
Reference: BID:1585
Reference: URL:http://www.securityfocus.com/bid/1585
Reference: BUGTRAQ:20000816 xlock vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000815231724.A14694@subterrain.net
Reference: BUGTRAQ:20000817 Conectiva Linux Security Announcement - xlockmore
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0212.html
Reference: BUGTRAQ:20000823 MDKSA-2000:038 - xlockmore update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0294.html
Reference: DEBIAN:20000816 xlockmore: possible shadow file compromise
Reference: URL:http://www.debian.org/security/2000/20000816
Reference: FREEBSD:FreeBSD-SA-00:44.xlockmore
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0340.html

---

Name: CVE-2000-0764

Description:

Intel Express 500 series switches allow a remote attacker to cause a denial of service via a malformed IP packet.

Status:Entry
Reference: BID:1609
Reference: URL:http://www.securityfocus.com/bid/1609
Reference: BUGTRAQ:20000828 Intel Express Switch 500 series DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0338.html
Reference: XF:intel-express-switch-dos(5154)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5154

---

Name: CVE-2000-0765

Description:

Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.

Status:Entry
Reference: BID:1561
Reference: URL:http://www.securityfocus.com/bid/1561
Reference: MS:MS00-056
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-056

---

Name: CVE-2000-0766

Description:

Buffer overflow in vqSoft vqServer 1.4.49 allows remote attackers to cause a denial of service or possibly gain privileges via a long HTTP GET request.

Status:Entry
Reference: BID:1610
Reference: URL:http://www.securityfocus.com/bid/1610
Reference: BUGTRAQ:20000819 D.o.S Vulnerability in vqServer
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008270354.UAA10952@user4.hushmail.com
Reference: XF:vqserver-get-dos(5152)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5152

---

Name: CVE-2000-0767

Description:

The ActiveX control for invoking a scriptlet in Internet Explorer 4.x and 5.x renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka the "Scriptlet Rendering" vulnerability.

Status:Entry
Reference: BID:1564
Reference: URL:http://www.securityfocus.com/bid/1564
Reference: MS:MS00-055
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-055

---

Name: CVE-2000-0768

Description:

A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability.

Status:Entry
Reference: BID:1564
Reference: URL:http://www.securityfocus.com/bid/1564
Reference: MS:MS00-055
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-055

---

Name: CVE-2000-0770

Description:

IIS 4.0 and 5.0 does not properly restrict access to certain types of files when their parent folders have less restrictive permissions, which could allow remote attackers to bypass access restrictions to some files, aka the "File Permission Canonicalization" vulnerability.

Status:Entry
Reference: BID:1565
Reference: URL:http://www.securityfocus.com/bid/1565
Reference: MS:MS00-057
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-057

---

Name: CVE-2000-0771

Description:

Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.

Status:Entry
Reference: BID:1613
Reference: URL:http://www.securityfocus.com/bid/1613
Reference: MS:MS00-062
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-062

---

Name: CVE-2000-0773

Description:

Bajie HTTP web server 0.30a allows remote attackers to read arbitrary files via a URL that contains a "....", a variant of the dot dot directory traversal attack.

Status:Entry
Reference: BID:1522
Reference: URL:http://www.securityfocus.com/bid/1522
Reference: BUGTRAQ:20000731 Two security flaws in Bajie Webserver
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0426.html
Reference: XF:bajie-view-arbitrary-files(5021)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5021

---

Name: CVE-2000-0776

Description:

Mediahouse Statistics Server 5.02x allows remote attackers to execute arbitrary commands via a long HTTP GET request.

Status:Entry
Reference: BID:1568
Reference: URL:http://www.securityfocus.com/bid/1568
Reference: BUGTRAQ:20000810 [DeepZone Advisory] Statistics Server 5.02x stack overflow (Win2k remote exploit)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0118.html
Reference: XF:mediahouse-stats-livestats-bo(5113)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5113

---

Name: CVE-2000-0777

Description:

The password protection feature of Microsoft Money can store the password in plaintext, which allows attackers with physical access to the system to obtain the password, aka the "Money Password" vulnerability.

Status:Entry
Reference: BID:1615
Reference: URL:http://www.securityfocus.com/bid/1615
Reference: MS:MS00-061
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-061

---

Name: CVE-2000-0778

Description:

IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability.

Status:Entry
Reference: BID:1578
Reference: URL:http://www.securityfocus.com/bid/1578
Reference: BUGTRAQ:20000815 Translate:f summary, history and thoughts
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=080D5336D882D211B56B0060080F2CD696A7C9@beta.mia.cz
Reference: MS:MS00-058
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-058
Reference: NTBUGTRAQ:20000816 Translate: f
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0008&L=ntbugtraq&F=&S=&P=5212
Reference: OVAL:oval:org.mitre.oval:def:927
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A927

---

Name: CVE-2000-0779

Description:

Checkpoint Firewall-1 with the RSH/REXEC setting enabled allows remote attackers to bypass access restrictions and connect to a RSH/REXEC client via malformed connection requests.

Status:Entry
Reference: BID:1534
Reference: URL:http://www.securityfocus.com/bid/1534
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Improper_stderr
Reference: OSVDB:1487
Reference: URL:http://www.osvdb.org/1487

---

Name: CVE-2000-0780

Description:

The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:1617
Reference: URL:http://www.securityfocus.com/bid/1617
Reference: BUGTRAQ:20000830 Vulnerability Report On IPSWITCH's IMail
Reference: URL:http://marc.info/?l=bugtraq&m=96767207207553&w=2
Reference: CONFIRM:http://www.ipswitch.com/Support/IMail/news.html

---

Name: CVE-2000-0781

Description:

uagentsetup in ARCServeIT Client Agent 6.62 does not properly check for the existence or ownership of a temporary file which is moved to the agent.cfg configuration file, which allows local users to execute arbitrary commands by modifying the temporary file before it is moved.

Status:Entry
Reference: BID:1519
Reference: URL:http://www.securityfocus.com/bid/1519
Reference: BUGTRAQ:20000728 Client Agent 6.62 for Unix Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0431.html
Reference: XF:arcserveit-clientagent-temp-file(5023)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5023

---

Name: CVE-2000-0782

Description:

netauth.cgi program in Netwin Netauth 4.2e and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:1587
Reference: URL:http://www.securityfocus.com/bid/1587
Reference: BUGTRAQ:20000817 Netauth: Web Based Email Management System
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=NEBBJCLKGNOGCOIOBJNAGEHLCPAA.marc@eeye.com
Reference: CONFIRM:http://netwinsite.com/netauth/updates.htm
Reference: XF:netwin-netauth-dir-traverse(5090)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5090

---

Name: CVE-2000-0783

Description:

Watchguard Firebox II allows remote attackers to cause a denial of service by sending a malformed URL to the authentication service on port 4100.

Status:Entry
Reference: BID:1573
Reference: URL:http://www.securityfocus.com/bid/1573
Reference: BUGTRAQ:20000815 Watchguard Firebox Authentication DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0162.html
Reference: XF:firebox-url-dos(5098)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5098

---

Name: CVE-2000-0786

Description:

GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERV_GROUPS and USERV_GIDS environmental variables and allow local users to bypass some access restrictions.

Status:Entry
Reference: BID:1516
Reference: URL:http://www.securityfocus.com/bid/1516
Reference: BUGTRAQ:20000726 userv security boundary tool 1.0.1 (SECURITY FIX)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-07/0389.html
Reference: CONFIRM:http://marc.info/?l=bugtraq&m=96473640717095&w=2
Reference: DEBIAN:20000727 userv: local exploit
Reference: URL:http://www.debian.org/security/2000/20000727

---

Name: CVE-2000-0787

Description:

IRC Xchat client versions 1.4.2 and earlier allows remote attackers to execute arbitrary commands by encoding shell metacharacters into a URL which XChat uses to launch a web browser.

Status:Entry
Reference: BID:1601
Reference: URL:http://www.securityfocus.com/bid/1601
Reference: BUGTRAQ:20000817 XChat URL handler vulnerabilty
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0215.html
Reference: BUGTRAQ:20000824 MDKSA-2000:039 - xchat update
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0301.html
Reference: BUGTRAQ:20000825 Conectiva Linux Security Announcement - xchat
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0305.html
Reference: REDHAT:RHSA-2000:055
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-055.html

---

Name: CVE-2000-0788

Description:

The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, which could allow an attacker to execute arbitrary commands.

Status:Entry
Reference: BID:1566
Reference: URL:http://www.securityfocus.com/bid/1566
Reference: BUGTRAQ:20000807 MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=398EB9CA.27E03A9C@nat.bg
Reference: MS:MS00-071
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-071
Reference: XF:word-mail-merge(5322)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5322

---

Name: CVE-2000-0790

Description:

The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb method in the ShellDefView ActiveX control to specify a default execute option for the first file that is listed in the folder.

Status:Entry
Reference: BID:1571
Reference: URL:http://www.securityfocus.com/bid/1571
Reference: BUGTRAQ:20000828 IE 5.5/5.x for Win98 may execute arbitrary files that can be accessed thru Microsoft Networking. Also local Administrator compromise at least on default Windows 2000.
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=3998370D.732A03F1@nat.bg
Reference: XF:ie-folder-remote-exe(5097)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5097

---

Name: CVE-2000-0792

Description:

Gnome Lokkit firewall package before 0.41 does not properly restrict access to some ports, even if a user does not make any services available.

Status:Entry
Reference: BID:1590
Reference: URL:http://www.securityfocus.com/bid/1590
Reference: BUGTRAQ:20000819 Security update for Gnome-Lokkit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0252.html
Reference: OSVDB:1520
Reference: URL:http://www.osvdb.org/1520

---

Name: CVE-2000-0795

Description:

Buffer overflow in lpstat in IRIX 6.2 and 6.3 allows local users to gain root privileges via a long -n option.

Status:Entry
Reference: BID:1529
Reference: URL:http://www.securityfocus.com/bid/1529
Reference: BUGTRAQ:20000802 [LSD] some unpublished LSD exploit codes
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl
Reference: OSVDB:1485
Reference: URL:http://www.osvdb.org/1485

---

Name: CVE-2000-0796

Description:

Buffer overflow in dmplay in IRIX 6.2 and 6.3 allows local users to gain root privileges via a long command line option.

Status:Entry
Reference: BID:1528
Reference: URL:http://www.securityfocus.com/bid/1528
Reference: BUGTRAQ:20000802 [LSD] some unpublished LSD exploit codes
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl
Reference: OSVDB:1484
Reference: URL:http://www.osvdb.org/1484
Reference: XF:irix-dmplay-bo(5064)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5064

---

Name: CVE-2000-0797

Description:

Buffer overflow in gr_osview in IRIX 6.2 and 6.3 allows local users to gain privileges via a long -D option.

Status:Entry
Reference: BID:1526
Reference: URL:http://www.securityfocus.com/bid/1526
Reference: BUGTRAQ:20000802 [LSD] some unpublished LSD exploit codes
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl
Reference: OSVDB:3815
Reference: URL:http://www.osvdb.org/3815
Reference: SGI:20040104-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040104-01-P.asc
Reference: XF:irix-grosview-bo(5062)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5062

---

Name: CVE-2000-0799

Description:

inpview in InPerson in SGI IRIX 5.3 through IRIX 6.5.10 allows local users to gain privileges via a symlink attack on the .ilmpAAA temporary file.

Status:Entry
Reference: BID:1530
Reference: URL:http://www.securityfocus.com/bid/1530
Reference: BUGTRAQ:20000802 [LSD] some unpublished LSD exploit codes
Reference: URL:http://www.securityfocus.com/templates/archive.pike?list=1&msg=200008021924.e72JOVs12558@ix.put.poznan.pl
Reference: SGI:20001101-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20001101-01-I
Reference: XF:irix-inpview-symlink(5065)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5065

---

Name: CVE-2000-0803

Description:

GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff.

Status:Entry
Reference: ISS:20001004 GNU Groff utilities read untrusted commands from current working directory
Reference: XF:gnu-groff-utilities(5280)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5280

---

Name: CVE-2000-0804

Description:

Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass the directionality check via fragmented TCP connection requests or reopening closed TCP connection requests, aka "One-way Connection Enforcement Bypass."

Status:Entry
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#One-way_Connection
Reference: OSVDB:4419
Reference: URL:http://www.osvdb.org/4419
Reference: XF:fw1-remote-bypass(5468)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5468

---

Name: CVE-2000-0805

Description:

Check Point VPN-1/FireWall-1 4.1 and earlier improperly retransmits encapsulated FWS packets, even if they do not come from a valid FWZ client, aka "Retransmission of Encapsulated Packets."

Status:Entry
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Retransmission_of
Reference: OSVDB:4415
Reference: URL:http://www.osvdb.org/4415
Reference: XF:fw1-client-spoof(5469)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5469

---

Name: CVE-2000-0806

Description:

The inter-module authentication mechanism (fwa1) in Check Point VPN-1/FireWall-1 4.1 and earlier may allow remote attackers to conduct a denial of service, aka "Inter-module Communications Bypass."

Status:Entry
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Inter-module_Communications
Reference: OSVDB:4413
Reference: URL:http://www.osvdb.org/4413
Reference: XF:fw1-fwa1-auth-replay(5162)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5162

---

Name: CVE-2000-0807

Description:

The OPSEC communications authentication mechanism (fwn1) in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to spoof connections, aka the "OPSEC Authentication Vulnerability."

Status:Entry
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#OPSEC_Authentication
Reference: OSVDB:4420
Reference: URL:http://www.osvdb.org/4420
Reference: XF:fw1-opsec-auth-spoof(5471)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5471

---

Name: CVE-2000-0808

Description:

The seed generation mechanism in the inter-module S/Key authentication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass authentication via a brute force attack, aka "One-time (s/key) Password Authentication."

Status:Entry
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#One-time_Password
Reference: OSVDB:4421
Reference: URL:http://www.osvdb.org/4421
Reference: XF:fw1-localhost-auth(5137)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5137

---

Name: CVE-2000-0809

Description:

Buffer overflow in Getkey in the protocol checker in the inter-module communication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to cause a denial of service.

Status:Entry
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#Getkey_Buffer
Reference: OSVDB:4422
Reference: URL:http://www.osvdb.org/4422
Reference: XF:fw1-getkey-bo(5139)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5139

---

Name: CVE-2000-0810

Description:

Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. (dot dot) attack.

Status:Entry
Reference: BID:1782
Reference: URL:http://www.securityfocus.com/bid/1782
Reference: BUGTRAQ:20001016 File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04
Reference: OSVDB:1600
Reference: URL:http://www.osvdb.org/1600
Reference: XF:auction-weaver-delete-files(5371)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5371

---

Name: CVE-2000-0811

Description:

Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the username or bidfile form fields.

Status:Entry
Reference: BID:1783
Reference: URL:http://www.securityfocus.com/bid/1783
Reference: BUGTRAQ:20001016 File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04
Reference: OSVDB:4053
Reference: URL:http://www.osvdb.org/4053
Reference: XF:auction-weaver-username-bidfile(5372)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5372

---

Name: CVE-2000-0813

Description:

Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to redirect FTP connections to other servers ("FTP Bounce") via invalid FTP commands that are processed improperly by FireWall-1, aka "FTP Connection Enforcement Bypass."

Status:Entry
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/list_vun.html#FTP_Connection
Reference: OSVDB:4434
Reference: URL:http://www.osvdb.org/4434
Reference: XF:fw1-ftp-redirect(5474)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5474

---

Name: CVE-2000-0816

Description:

Linux tmpwatch --fuser option allows local users to execute arbitrary commands by creating files whose names contain shell metacharacters.

Status:Entry
Reference: BID:1785
Reference: URL:http://www.securityfocus.com/bid/1785
Reference: ISS:20001006 Insecure call of external programs in Red Hat Linux tmpwatch
Reference: URL:http://xforce.iss.net/alerts/advise64.php
Reference: MANDRAKE:MDKSA-2000:056
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-056.php3?dis=7.1
Reference: REDHAT:RHSA-2000:080
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-080.html
Reference: XF:linux-tmpwatch-fuser(5320)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5320

---

Name: CVE-2000-0818

Description:

The default installation for the Oracle listener program 7.3.4, 8.0.6, and 8.1.6 allows an attacker to cause logging information to be appended to arbitrary files and execute commands via the SET TRC_FILE or SET LOG_FILE commands.

Status:Entry
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/listener_alert.pdf
Reference: ISS:20001025 Vulnerability in the Oracle Listener Program
Reference: URL:http://xforce.iss.net/alerts/advise66.php
Reference: XF:oracle-listener-connect-statements(5380)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5380

---

Name: CVE-2000-0824

Description:

The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or LD_LIBRARY_PATH.

Status:Entry
Reference: BID:1639
Reference: URL:http://www.securityfocus.com/bid/1639
Reference: BID:648
Reference: URL:http://www.securityfocus.com/bid/648
Reference: BUGTRAQ:19990917 A few bugs...
Reference: URL:http://marc.info/?l=bugtraq&m=93760201002154&w=2
Reference: BUGTRAQ:20000831 glibc unsetenv bug
Reference: URL:http://www.securityfocus.com/archive/1/79537
Reference: BUGTRAQ:20000902 Conectiva Linux Security Announcement - glibc
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0436.html
Reference: BUGTRAQ:20000905 Conectiva Linux Security Announcement - glibc
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0509.html
Reference: BUGTRAQ:20000906 [slackware-security]: glibc 2.1.3 vulnerabilities patched
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0525.html
Reference: CALDERA:CSSA-2000-028.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-028.0.txt
Reference: DEBIAN:20000902 glibc: local root exploit
Reference: URL:http://www.debian.org/security/2000/20000902
Reference: MANDRAKE:MDKSA-2000:040
Reference: URL:http://www.linux-mandrake.com/en/updates/MDKSA-2000-040.php3
Reference: MANDRAKE:MDKSA-2000:045
Reference: URL:http://www.linux-mandrake.com/en/updates/MDKSA-2000-045.php3
Reference: REDHAT:RHSA-2000:057
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-057.html
Reference: SUSE:20000924 glibc locale security problem
Reference: URL:http://www.novell.com/linux/security/advisories/adv5_draht_glibc_txt.html
Reference: TURBO:TLSA2000020-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html
Reference: XF:glibc-ld-unsetenv(5173)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5173

---

Name: CVE-2000-0825

Description:

Ipswitch Imail 6.0 allows remote attackers to cause a denial of service via a large number of connections in which a long Host: header is sent, which causes a thread to crash.

Status:Entry
Reference: BID:2011
Reference: URL:http://www.securityfocus.com/bid/2011
Reference: BUGTRAQ:20000817 Imail Web Service Remote DoS Attack v.2
Reference: URL:http://marc.info/?l=bugtraq&m=96659012127444&w=2
Reference: NTBUGTRAQ:20000817 Imail Web Service Remote DoS Attack v.2
Reference: URL:http://marc.info/?l=ntbugtraq&m=96654521004571&w=2
Reference: WIN2KSEC:20000817 Imail Web Service Remote DoS Attack v.2
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0071.html
Reference: XF:ipswitch-imail-remote-dos(5475)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5475

---

Name: CVE-2000-0829

Description:

The tmpwatch utility in Red Hat Linux forks a new process for each directory level, which allows local users to cause a denial of service by creating deeply nested directories in /tmp or /var/tmp/.

Status:Entry
Reference: BID:1664
Reference: URL:http://www.securityfocus.com/bid/1664
Reference: BUGTRAQ:20000909 tmpwatch: local DoS : fork()bomb as root
Reference: URL:http://www.securityfocus.com/archive/1/81364
Reference: REDHAT:RHSA-2000:080
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-080.html
Reference: XF:linux-tmpwatch-fork-dos(5217)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5217

---

Name: CVE-2000-0830

Description:

annclist.exe in webTV for Windows allows remote attackers to cause a denial of service by via a large, malformed UDP packet to ports 22701 through 22705.

Status:Entry
Reference: BID:1671
Reference: URL:http://www.securityfocus.com/bid/1671
Reference: BUGTRAQ:20000913 trivial DoS in webTV
Reference: URL:http://www.securityfocus.com/archive/1/81852
Reference: MS:MS00-074
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-074
Reference: XF:webtv-udp-dos(5216)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5216

---

Name: CVE-2000-0834

Description:

The Windows 2000 telnet client attempts to perform NTLM authentication by default, which allows remote attackers to capture and replay the NTLM challenge/response via a telnet:// URL that points to the malicious server, aka the "Windows 2000 Telnet Client NTLM Authentication" vulnerability.

Status:Entry
Reference: ATSTAKE:A091400-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a091400-1.txt
Reference: BID:1683
Reference: URL:http://www.securityfocus.com/bid/1683
Reference: MS:MS00-067
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-067
Reference: XF:win2k-telnet-ntlm-authentication(5242)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5242

---

Name: CVE-2000-0837

Description:

FTP Serv-U 2.5e allows remote attackers to cause a denial of service by sending a large number of null bytes.

Status:Entry
Reference: BID:1543
Reference: URL:http://www.securityfocus.com/bid/1543
Reference: BUGTRAQ:20000804 FTP Serv-U 2.5e vulnerability.
Reference: URL:http://www.securityfocus.com/archive/1/73843
Reference: XF:servu-null-character-dos(5029)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5029

---

Name: CVE-2000-0838

Description:

Fastream FUR HTTP server 1.0b allows remote attackers to cause a denial of service via a long GET request.

Status:Entry
Reference: WIN2KSEC:20000914 DST2K0028: DoS in FUR HTTP Server v1.0b
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0111.html
Reference: XF:fur-get-dos(5237)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5237

---

Name: CVE-2000-0839

Description:

WinCOM LPD 1.00.90 allows remote attackers to cause a denial of service via a large number of LPD options to the LPD port (515).

Status:Entry
Reference: BID:1701
Reference: URL:http://www.securityfocus.com/bid/1701
Reference: BUGTRAQ:20000919 VIGILANTE-2000013: WinCOM LPD DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0212.html
Reference: XF:wincom-lpd-dos(5258)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5258

---

Name: CVE-2000-0844

Description:

Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.

Status:Entry
Reference: AIXAPAR:IY13753
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0427.html
Reference: BID:1634
Reference: URL:http://www.securityfocus.com/bid/1634
Reference: BUGTRAQ:20000902 Conectiva Linux Security Announcement - glibc
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0436.html
Reference: BUGTRAQ:20000904 UNIX locale format string vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0457.html
Reference: CALDERA:CSSA-2000-030.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-030.0.txt
Reference: COMPAQ:SSRT0689U
Reference: URL:http://archives.neohapsis.com/archives/tru64/2000-q4/0000.html
Reference: DEBIAN:20000902 glibc: local root exploit
Reference: URL:http://www.debian.org/security/2000/20000902
Reference: REDHAT:RHSA-2000:057
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-057.html
Reference: SGI:20000901-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20000901-01-P
Reference: SUSE:20000906 glibc locale security problem
Reference: URL:http://www.novell.com/linux/security/advisories/adv5_draht_glibc_txt.html
Reference: TURBO:TLSA2000020-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html
Reference: XF:unix-locale-format-string(5176)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5176

---

Name: CVE-2000-0846

Description:

Buffer overflow in Darxite 0.4 and earlier allows a remote attacker to execute arbitrary commands via a long username or password.

Status:Entry
Reference: BID:1598
Reference: URL:http://www.securityfocus.com/bid/1598
Reference: BUGTRAQ:20000821 Darxite daemon remote exploit/DoS problem
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0256.html
Reference: XF:darxite-login-bo(5134)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5134

---

Name: CVE-2000-0847

Description:

Buffer overflow in University of Washington c-client library (used by pine and other programs) allows remote attackers to execute arbitrary commands via a long X-Keywords header.

Status:Entry
Reference: BID:1646
Reference: URL:http://www.securityfocus.com/bid/1646
Reference: BID:1687
Reference: URL:http://www.securityfocus.com/bid/1687
Reference: BUGTRAQ:20000901 More about UW c-client library
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0437.html
Reference: BUGTRAQ:20000901 UW c-client library vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0425.html
Reference: FREEBSD:FreeBSD-SA-00:47.pine
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0108.html
Reference: XF:c-client-dos(5223)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5223

---

Name: CVE-2000-0848

Description:

Buffer overflow in IBM WebSphere web application server (WAS) allows remote attackers to execute arbitrary commands via a long Host: request header.

Status:Entry
Reference: BID:1691
Reference: URL:http://www.securityfocus.com/bid/1691
Reference: BUGTRAQ:20000915 WebSphere application server plugin issue & vendor fix
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0192.html
Reference: MISC:http://www-4.ibm.com/software/webservers/appserv/doc/v3022/fxpklst.htm#Security
Reference: XF:websphere-header-dos(5252)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5252

---

Name: CVE-2000-0849

Description:

Race condition in Microsoft Windows Media server allows remote attackers to cause a denial of service in the Windows Media Unicast Service via a malformed request, aka the "Unicast Service Race Condition" vulnerability.

Status:Entry
Reference: BID:1655
Reference: URL:http://www.securityfocus.com/bid/1655
Reference: MS:MS00-064
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-064
Reference: XF:unicast-service-dos(5193)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5193

---

Name: CVE-2000-0850

Description:

Netegrity SiteMinder before 4.11 allows remote attackers to bypass its authentication mechanism by appending "$/FILENAME.ext" (where ext is .ccc, .class, or .jpg) to the requested URL.

Status:Entry
Reference: ATSTAKE:A091100-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a091100-1.txt
Reference: BID:1681
Reference: URL:http://www.securityfocus.com/bid/1681
Reference: XF:siteminder-bypass-authentication(5230)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5230

---

Name: CVE-2000-0851

Description:

Buffer overflow in the Still Image Service in Windows 2000 allows local users to gain additional privileges via a long WM_USER message, aka the "Still Image Service Privilege Escalation" vulnerability.

Status:Entry
Reference: ATSTAKE:A090700-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a090700-1.txt
Reference: BID:1651
Reference: URL:http://www.securityfocus.com/bid/1651
Reference: MS:MS00-065
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-065
Reference: XF:w2k-still-image-service(5203)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5203

---

Name: CVE-2000-0852

Description:

Multiple buffer overflows in eject on FreeBSD and possibly other OSes allows local users to gain root privileges.

Status:Entry
Reference: BID:1686
Reference: URL:http://www.securityfocus.com/bid/1686
Reference: FREEBSD:FreeBSD-SA-00:49
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0110.html
Reference: OSVDB:1559
Reference: URL:http://www.osvdb.org/1559
Reference: XF:freebsd-eject-port(5248)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5248

---

Name: CVE-2000-0853

Description:

YaBB Bulletin Board 9.1.2000 allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:1668
Reference: URL:http://www.securityfocus.com/bid/1668
Reference: BUGTRAQ:20000909 YaBB 1.9.2000 Vulnerabilitie
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0072.html
Reference: XF:yabb-file-access(5254)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5254

---

Name: CVE-2000-0854

Description:

When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.

Status:Entry
Reference: BID:1699
Reference: URL:http://www.securityfocus.com/bid/1699
Reference: BUGTRAQ:20000922 Eudora + riched20.dll affects WinZip v8.0 as well
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0277.html
Reference: NTBUGTRAQ:20000921 Mitigators for possible exploit of Eudora via Guninski #21,2000
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0155.html
Reference: WIN2KSEC:20000918 Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0117.html
Reference: XF:office-dll-execution(5263)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5263

---

Name: CVE-2000-0856

Description:

Buffer overflow in SunFTP build 9(1) allows remote attackers to cause a denial of service or possibly execute arbitrary commands via a long GET request.

Status:Entry
Reference: BID:1638
Reference: URL:http://www.securityfocus.com/bid/1638
Reference: BUGTRAQ:20000901 [EXPL] SunFTP vulnerable to two Denial-of-Service attacks (long buffer, half-open)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0408.html

---

Name: CVE-2000-0858

Description:

Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability.

Status:Entry
Reference: BID:1642
Reference: URL:http://www.securityfocus.com/bid/1642
Reference: BUGTRAQ:20000906 VIGILANTE-2000009: "Invalid URL" DoS
Reference: URL:http://www.securityfocus.com/archive/1/80413
Reference: MS:MS00-063
Reference: URL:http://archives.neohapsis.com/archives/vendor/2000-q3/0065.html
Reference: XF:iis-invald-url-dos(5202)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5202

---

Name: CVE-2000-0859

Description:

The web configuration server for NTMail V5 and V6 allows remote attackers to cause a denial of service via a series of partial HTTP requests.

Status:Entry
Reference: BID:1640
Reference: URL:http://www.securityfocus.com/bid/1640
Reference: BUGTRAQ:20000904 VIGILANTE-2000008: NTMail Configuration Service DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0471.html
Reference: XF:ntmail-incomplete-http-requests(5182)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5182

---

Name: CVE-2000-0860

Description:

The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables.

Status:Entry
Reference: BID:1649
Reference: URL:http://www.securityfocus.com/bid/1649
Reference: BUGTRAQ:20000903 (SRADV00001) Arbitrary file disclosure through PHP file upload
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0455.html
Reference: BUGTRAQ:20000904 Re: [PHP-DEV] RE: (SRADV00001) Arbitrary file disclosure through PHP file upload
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0477.html
Reference: CONFIRM:http://cvsweb.php.net/viewcvs.cgi/php4/main/rfc1867.c.diff?r1=1.38%3Aphp_4_0_2&tr1=1.1&r2=text&tr2=1.45&diff_format=u
Reference: MANDRAKE:MDKSA-2000:048
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0150.html
Reference: XF:php-file-upload(5190)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5190

---

Name: CVE-2000-0861

Description:

Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion.

Status:Entry
Reference: BID:1667
Reference: URL:http://www.securityfocus.com/bid/1667
Reference: BUGTRAQ:20000907 Mailman 1.1 + external archiver vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0040.html
Reference: FREEBSD:FreeBSD-SA-00:51
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0112.html
Reference: XF:mailman-execute-external-commands(5493)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5493

---

Name: CVE-2000-0862

Description:

Vulnerability in an administrative interface utility for Allaire Spectra 1.0.1 allows remote attackers to read and modify sensitive configuration information.

Status:Entry
Reference: ALLAIRE:ASB00-23
Reference: URL:http://archives.neohapsis.com/archives/vendor/2000-q3/0059.html
Reference: XF:allaire-spectra-admin-access(5466)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5466

---

Name: CVE-2000-0863

Description:

Buffer overflow in listmanager earlier than 2.105.1 allows local users to gain additional privileges.

Status:Entry
Reference: FREEBSD:FreeBSD-SA-00:50
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-09/0111.html
Reference: XF:listmanager-port-bo(5503)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5503

---

Name: CVE-2000-0864

Description:

Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack.

Status:Entry
Reference: BID:1659
Reference: URL:http://www.securityfocus.com/bid/1659
Reference: BUGTRAQ:20000911 Patch for esound-0.2.19
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0095.html
Reference: BUGTRAQ:20001006 Immunix OS Security Update for esound
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0118.html
Reference: DEBIAN:20001008 esound: race condition
Reference: URL:http://www.debian.org/security/2000/20001008
Reference: FREEBSD:FreeBSD-SA-00:45
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-08/0365.html
Reference: MANDRAKE:MDKSA-2000:051
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0328.htm
Reference: REDHAT:RHSA-2000:077
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-077.html
Reference: SUSE:20001012 esound daemon race condition
Reference: URL:http://www.novell.com/linux/security/advisories/esound_daemon_race_condition.html
Reference: XF:gnome-esound-symlink(5213)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5213

---

Name: CVE-2000-0865

Description:

Buffer overflow in dvtermtype in Tridia Double Vision 3.07.00 allows local users to gain root privileges via a long terminal type argument.

Status:Entry
Reference: BID:1697
Reference: URL:http://www.securityfocus.com/bid/1697
Reference: BUGTRAQ:20000916 Advisory: Tridia DoubleVision / SCO UnixWare
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0185.html
Reference: XF:doublevision-dvtermtype-bo(5261)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5261

---

Name: CVE-2000-0867

Description:

Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.

Status:Entry
Reference: BUGTRAQ:20000917 klogd format bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0193.html
Reference: BUGTRAQ:20000918 Conectiva Linux Security Announcement - sysklogd
Reference: URL:http://marc.info/?l=bugtraq&m=97726239017741&w=2
Reference: CALDERA:CSSA-2000-032.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-032.0.txt
Reference: DEBIAN:20000919
Reference: MANDRAKE:MDKSA-2000:050
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:050
Reference: OSVDB:5824
Reference: URL:http://www.osvdb.org/5824
Reference: REDHAT:RHSA-2000:061
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-061.html
Reference: SUSE:20000920 syslogd + klogd format string parsing error
Reference: URL:http://www.novell.com/linux/security/advisories/adv9_draht_syslogd_txt.html
Reference: TURBO:TLSA2000022-2
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000023.html
Reference: XF:klogd-format-string(5259)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5259

---

Name: CVE-2000-0868

Description:

The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.

Status:Entry
Reference: ATSTAKE:A090700-2
Reference: URL:http://www.atstake.com/research/advisories/2000/a090700-2.txt
Reference: BID:1658
Reference: URL:http://www.securityfocus.com/bid/1658
Reference: SUSE:20000907
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q3/0906.html
Reference: XF:suse-apache-cgi-source-code(5197)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5197

---

Name: CVE-2000-0869

Description:

The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary directories via the PROPFIND HTTP request method.

Status:Entry
Reference: ATSTAKE:A090700-3
Reference: URL:http://www.atstake.com/research/advisories/2000/a090700-3.txt
Reference: BID:1656
Reference: URL:http://www.securityfocus.com/bid/1656
Reference: SUSE:20000907
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q3/0906.html
Reference: XF:apache-webdav-directory-listings(5204)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5204

---

Name: CVE-2000-0870

Description:

Buffer overflow in EFTP allows remote attackers to cause a denial of service via a long string.

Status:Entry
Reference: BID:1675
Reference: URL:http://www.securityfocus.com/bid/1675
Reference: BUGTRAQ:20000911[EXPL] EFTP vulnerable to two DoS attacks
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0089.html
Reference: OSVDB:1555
Reference: URL:http://www.osvdb.org/1555
Reference: XF:eftp-bo(5219)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5219

---

Name: CVE-2000-0871

Description:

Buffer overflow in EFTP allows remote attackers to cause a denial of service by sending a string that does not contain a newline, then disconnecting from the server.

Status:Entry
Reference: BID:1677
Reference: URL:http://www.securityfocus.com/bid/1677
Reference: BUGTRAQ:20000911[EXPL] EFTP vulnerable to two DoS attacks
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0089.html
Reference: OSVDB:409
Reference: URL:http://www.osvdb.org/409
Reference: XF:eftp-newline-dos(5220)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5220

---

Name: CVE-2000-0873

Description:

netstat in AIX 4.x.x does not properly restrict access to the -Zi option, which allows local users to clear network interface statistics and possibly hide evidence of unusual network activities.

Status:Entry
Reference: BID:1660
Reference: URL:http://www.securityfocus.com/bid/1660
Reference: BUGTRAQ:20000903 aix allows clearing the interface stats
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0454.html
Reference: XF:aix-clear-netstat(5214)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5214

---

Name: CVE-2000-0874

Description:

Eudora mail client includes the absolute path of the sender's host within a virtual card (VCF).

Status:Entry
Reference: BID:1653
Reference: URL:http://www.securityfocus.com/bid/1653
Reference: BUGTRAQ:20000907 Eudora disclosure
Reference: URL:http://www.securityfocus.com/archive/1/80888
Reference: OSVDB:1545
Reference: URL:http://www.osvdb.org/1545
Reference: XF:eudora-path-disclosure(5206)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5206

---

Name: CVE-2000-0875

Description:

WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to cause a denial of service by sending a long string of unprintable characters.

Status:Entry
Reference: BUGTRAQ:20000905 WFTPD/WFTPD Pro 2.41 RC12 vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0488.html
Reference: CONFIRM:http://www.wftpd.com/bug_gpf.htm
Reference: XF:wftpd-long-string-dos(5194)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5194

---

Name: CVE-2000-0876

Description:

WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the full pathname of the server via a "%C" command, which generates an error message that includes the pathname.

Status:Entry
Reference: BUGTRAQ:20000905 WFTPD/WFTPD Pro 2.41 RC12 vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0488.html
Reference: OSVDB:5829
Reference: URL:http://www.osvdb.org/5829
Reference: XF:wftpd-path-disclosure(5196)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5196

---

Name: CVE-2000-0877

Description:

mailform.pl CGI script in MailForm 2.0 allows remote attackers to read arbitrary files by specifying the file name in the XX-attach_file parameter, which MailForm then sends to the attacker.

Status:Entry
Reference: BID:1670
Reference: URL:http://www.securityfocus.com/bid/1670
Reference: BUGTRAQ:20000911 Unsafe passing of variables to mailform.pl in MailForm V2.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0092.html
Reference: XF:mailform-attach-file(5224)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5224

---

Name: CVE-2000-0878

Description:

The mailto CGI script allows remote attacker to execute arbitrary commands via shell metacharacters in the emailadd form field.

Status:Entry
Reference: BID:1669
Reference: URL:http://www.securityfocus.com/bid/1669
Reference: BUGTRAQ:20000911 Fwd: Poor variable checking in mailto.cgi
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0088.html
Reference: XF:mailto-piped-address(5241)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5241

---

Name: CVE-2000-0883

Description:

The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.

Status:Entry
Reference: BID:1678
Reference: URL:http://www.securityfocus.com/bid/1678
Reference: MANDRAKE:MDKSA-2000:046
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0111.html
Reference: XF:linux-mod-perl(5257)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5257

---

Name: CVE-2000-0884

Description:

IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.

Status:Entry
Reference: BID:1806
Reference: URL:http://www.securityfocus.com/bid/1806
Reference: BUGTRAQ:20001017 IIS %c1%1c remote command execution
Reference: MS:MS00-078
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-078
Reference: OSVDB:436
Reference: URL:http://www.osvdb.org/436
Reference: OVAL:oval:org.mitre.oval:def:44
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A44
Reference: XF:iis-unicode-translation(5377)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5377

---

Name: CVE-2000-0886

Description:

IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability.

Status:Entry
Reference: BID:1912
Reference: URL:http://www.securityfocus.com/bid/1912
Reference: BUGTRAQ:20001107 NSFOCUS SA2000-07 : Microsoft IIS 4.0/5.0 CGI File Name Inspection Vulnerability
Reference: URL:http://www.securityfocus.com/templates/archive.pike?mid=143604&list=1&fromthread=0&end=2000-11-11&threads=0&start=2000-11-05&
Reference: MS:MS00-086
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-086
Reference: OVAL:oval:org.mitre.oval:def:191
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A191
Reference: XF:iis-invalid-filename-passing(5470)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5470

---

Name: CVE-2000-0887

Description:

named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by making a compressed zone transfer (ZXFR) request and performing a name service query on an authoritative record that is not cached, aka the "zxfr bug."

Status:Entry
Reference: BID:1923
Reference: URL:http://www.securityfocus.com/bid/1923
Reference: BUGTRAQ:20001107 BIND 8.2.2-P5 Possible DOS
Reference: URL:http://www.securityfocus.com/archive/1/143843
Reference: BUGTRAQ:20001115 Trustix Security Advisory - bind and openssh (and modutils)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0217.html
Reference: CERT:CA-2000-20
Reference: URL:http://www.cert.org/advisories/CA-2000-20.html
Reference: CONECTIVA:CLSA-2000:338
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000338
Reference: CONECTIVA:CLSA-2000:339
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000339
Reference: DEBIAN:20001112 bind: remote Denial of Service
Reference: URL:http://www.debian.org/security/2000/20001112
Reference: IBM:ERS-SVA-E01-2000:005.1
Reference: MANDRAKE:MDKSA-2000:067
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:067
Reference: REDHAT:RHSA-2000:107
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-107.html
Reference: SUSE:SuSE-SA:2000:45
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0657.html
Reference: VULN-DEV:20001107 Possible DOS in Bind 8.2.2-P5
Reference: VULN-DEV:20001109 Re: Possible DOS in Bind 8.2.2-P5
Reference: XF:bind-zxfr-dos(5540)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5540

---

Name: CVE-2000-0888

Description:

named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by sending an SRV record to the server, aka the "srv bug."

Status:Entry
Reference: CERT:CA-2000-20
Reference: URL:http://www.cert.org/advisories/CA-2000-20.html
Reference: CONECTIVA:CLSA-2000:338
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000338
Reference: CONECTIVA:CLSA-2000:339
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000339
Reference: DEBIAN:20001112 bind: remote Denial of Service
Reference: URL:http://www.debian.org/security/2000/20001112
Reference: IBM:ERS-SVA-E01-2000:005.1
Reference: MANDRAKE:MDKSA-2000:067
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:067
Reference: REDHAT:RHSA-2000:107
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-107.html
Reference: SUSE:SuSE-SA:2000:45
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0657.html
Reference: XF:bind-srv-dos(5814)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5814

---

Name: CVE-2000-0890

Description:

periodic in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows local users to overwrite arbitrary files via a symlink attack.

Status:Entry
Reference: BID:2325
Reference: URL:http://www.securityfocus.com/bid/2325
Reference: CERT-VN:VU#626919
Reference: URL:http://www.kb.cert.org/vuls/id/626919
Reference: FREEBSD:FreeBSD-SA-01:12
Reference: OSVDB:1754
Reference: URL:http://www.osvdb.org/1754
Reference: XF:periodic-temp-file-symlink(6047)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6047

---

Name: CVE-2000-0891

Description:

A default ECL in Lotus Notes before 5.02 allows remote attackers to execute arbitrary commands by attaching a malicious program in an email message that is automatically executed when the user opens the email.

Status:Entry
Reference: CERT-VN:VU#5962
Reference: URL:http://www.kb.cert.org/vuls/id/5962
Reference: CONFIRM:http://www.notes.net/R5FixList.nsf/Search!SearchView&Query=CBAT45TU9S
Reference: XF:lotus-notes-bypass-ecl(5045)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5045

---

Name: CVE-2000-0892

Description:

Some telnet clients allow remote telnet servers to request environment variables from the client that may contain sensitive information, or remote web servers to obtain the information via a telnet: URL.

Status:Entry
Reference: CERT-VN:VU#22404
Reference: URL:http://www.kb.cert.org/vuls/id/22404
Reference: XF:telnet-obtain-env-variable(6644)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6644

---

Name: CVE-2000-0894

Description:

HTTP server on the WatchGuard SOHO firewall does not properly restrict access to administrative functions such as password resets or rebooting, which allows attackers to cause a denial of service or conduct unauthorized activities.

Status:Entry
Reference: BID:2119
Reference: URL:http://www.securityfocus.com/bid/2119
Reference: ISS:20001214 Multiple vulnerabilities in the WatchGuard SOHO Firewall
Reference: URL:http://xforce.iss.net/alerts/advise70.php
Reference: OSVDB:4404
Reference: URL:http://www.osvdb.org/4404
Reference: XF:watchguard-soho-web-auth(5554)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5554

---

Name: CVE-2000-0895

Description:

Buffer overflow in HTTP server on the WatchGuard SOHO firewall allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long GET request.

Status:Entry
Reference: BID:2114
Reference: URL:http://www.securityfocus.com/bid/2114
Reference: ISS:20001214 Multiple vulnerabilities in the WatchGuard SOHO Firewall
Reference: URL:http://xforce.iss.net/alerts/advise70.php
Reference: OSVDB:4403
Reference: URL:http://www.osvdb.org/4403
Reference: XF:watchguard-soho-web-dos(5218)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5218

---

Name: CVE-2000-0896

Description:

WatchGuard SOHO firewall allows remote attackers to cause a denial of service via a flood of fragmented IP packets, which causes the firewall to drop connections and stop forwarding packets.

Status:Entry
Reference: BID:2113
Reference: URL:http://www.securityfocus.com/bid/2113
Reference: ISS:20001214 Multiple vulnerabilities in the WatchGuard SOHO Firewall
Reference: URL:http://xforce.iss.net/alerts/advise70.php
Reference: OSVDB:1690
Reference: URL:http://www.osvdb.org/1690
Reference: XF:watchguard-soho-fragmented-packets(5749)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5749

---

Name: CVE-2000-0897

Description:

Small HTTP Server 2.03 and earlier allows remote attackers to cause a denial of service by repeatedly requesting a URL that references a directory that does not contain an index.html file, which consumes memory that is not released after the request is completed.

Status:Entry
Reference: BID:1941
Reference: URL:http://www.securityfocus.com/bid/1941
Reference: BUGTRAQ:20001114 Vulnerabilites in SmallHTTP Server
Reference: URL:http://marc.info/?l=bugtraq&m=97421834001092&w=2
Reference: CONFIRM:http://home.lanck.net/mf/srv/index.htm
Reference: XF:small-http-nofile-dos(5524)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5524

---

Name: CVE-2000-0900

Description:

Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack.

Status:Entry
Reference: BID:1737
Reference: URL:http://www.securityfocus.com/bid/1737
Reference: BUGTRAQ:20001002 thttpd ssi: retrieval of arbitrary world-readable files
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0025.html
Reference: FREEBSD:FreeBSD-SA-00:73
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:73.thttpd.asc
Reference: XF:acme-thttpd-ssi(5313)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5313

---

Name: CVE-2000-0901

Description:

Format string vulnerability in screen 3.9.5 and earlier allows local users to gain root privileges via format characters in the vbell_msg initialization variable.

Status:Entry
Reference: BID:1641
Reference: URL:http://www.securityfocus.com/bid/1641
Reference: BUGTRAQ:20000905 screen 3.9.5 root vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/80178
Reference: BUGTRAQ:20000906 Screen-3.7.6 local compromise
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-08/0530.html
Reference: DEBIAN:20000902a
Reference: FREEBSD:FreeBSD-SA-00:46
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:46.screen.asc
Reference: MANDRAKE:MDKSA-2000:044
Reference: URL:http://www.linux-mandrake.com/en/updates/MDKSA-2000-044.php3
Reference: REDHAT:RHSA-2000:058
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-058.html
Reference: SUSE:20000906 screen format string parsing security problem
Reference: URL:http://www.novell.com/linux/security/advisories/adv6_draht_screen_txt.html
Reference: XF:screen-format-string(5188)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5188

---

Name: CVE-2000-0908

Description:

BrowseGate 2.80 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via long Authorization or Referer MIME headers in the HTTP request.

Status:Entry
Reference: BID:1702
Reference: URL:http://www.securityfocus.com/bid/1702
Reference: BUGTRAQ:20000921 DST2K0031: DoS in BrowseGate(Home) v2.80(H)
Reference: URL:http://marc.info/?l=bugtraq&m=96956211605302&w=2
Reference: CONFIRM:http://www.netcplus.com/browsegate.htm#BGLatest
Reference: WIN2KSEC:20000921 DST2K0031: DoS in BrowseGate(Home) v2.80(H)
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q3/0128.html
Reference: XF:browsegate-http-dos(5270)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5270

---

Name: CVE-2000-0909

Description:

Buffer overflow in the automatic mail checking component of Pine 4.21 and earlier allows remote attackers to execute arbitrary commands via a long From: header.

Status:Entry
Reference: BID:1709
Reference: URL:http://www.securityfocus.com/bid/1709
Reference: BUGTRAQ:20000922 [ no subject ]
Reference: URL:http://www.securityfocus.com/archive/1/84901
Reference: BUGTRAQ:20001031 FW: Pine 4.30 now available
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0441.html
Reference: FREEBSD:FreeBSD-SA-00:59
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:59.pine.asc
Reference: MANDRAKE:MDKSA-2000:073
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-073.php3
Reference: REDHAT:RHSA-2000:102
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-102.html
Reference: XF:pine-check-mail-bo(5283)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5283

---

Name: CVE-2000-0910

Description:

Horde library 1.02 allows attackers to execute arbitrary commands via shell metacharacters in the "from" address.

Status:Entry
Reference: BID:1674
Reference: URL:http://www.securityfocus.com/bid/1674
Reference: BUGTRAQ:20000908 horde library bug - unchecked from-address
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0051.html
Reference: CONFIRM:http://ssl.coc-ag.de/sec/hordelib-1.2.0.frombug.patch
Reference: DEBIAN:20000910 imp: remote compromise
Reference: URL:http://www.debian.org/security/2000/20000910
Reference: XF:horde-imp-sendmail-command(5278)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5278

---

Name: CVE-2000-0911

Description:

IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachment_name hidden form variable, which causes IMP to send the file to the attacker as an attachment.

Status:Entry
Reference: BID:1679
Reference: URL:http://www.securityfocus.com/bid/1679
Reference: BUGTRAQ:20000912 (SRADV00003) Arbitrary file disclosure through IMP
Reference: URL:http://www.securityfocus.com/archive/1/82088
Reference: XF:imp-attach-file(5227)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5227

---

Name: CVE-2000-0912

Description:

MultiHTML CGI script allows remote attackers to read arbitrary files and possibly execute arbitrary commands by specifying the file name to the "multi" parameter.

Status:Entry
Reference: BUGTRAQ:20000913 MultiHTML vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0146.html
Reference: XF:http-cgi-multihtml(5285)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5285

---

Name: CVE-2000-0913

Description:

mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.

Status:Entry
Reference: BID:1728
Reference: URL:http://www.securityfocus.com/bid/1728
Reference: BUGTRAQ:20000929 Security vulnerability in Apache mod_rewrite
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0352.html
Reference: BUGTRAQ:20001011 Conectiva Linux Security Announcement - apache
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0174.html
Reference: CALDERA:CSSA-2000-035.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-035.0.txt
Reference: HP:HPSBUX0010-126
Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0021.html
Reference: MANDRAKE:MDKSA-2000:060
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-060-2.php3?dis=7.1
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
Reference: URL:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
Reference: URL:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
Reference: REDHAT:RHSA-2000:088
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-088.html
Reference: REDHAT:RHSA-2000:095
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-095.html
Reference: XF:apache-rewrite-view-files(5310)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5310

---

Name: CVE-2000-0914

Description:

OpenBSD 2.6 and earlier allows remote attackers to cause a denial of service by flooding the server with ARP requests.

Status:Entry
Reference: BID:1759
Reference: URL:http://www.securityfocus.com/bid/1759
Reference: BUGTRAQ:20001005 obsd_fun.c
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0078.html
Reference: OSVDB:1592
Reference: URL:http://www.osvdb.org/1592
Reference: XF:bsd-arp-request-dos(5340)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5340

---

Name: CVE-2000-0915

Description:

fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary files by specifying the target file name instead of a regular user name.

Status:Entry
Reference: BID:1803
Reference: URL:http://www.securityfocus.com/bid/1803
Reference: BUGTRAQ:20001002 [sa2c@and.or.jp: bin/21704: enabling fingerd makes files world readable]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0017.html
Reference: FREEBSD:FreeBSD-SA-00:54
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:54.fingerd.asc
Reference: OSVDB:433
Reference: URL:http://www.osvdb.org/433
Reference: XF:freebsd-fingerd-files(5385)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5385

---

Name: CVE-2000-0917

Description:

Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands.

Status:Entry
Reference: BID:1712
Reference: URL:http://www.securityfocus.com/bid/1712
Reference: BUGTRAQ:20000925 Format strings: bug #2: LPRng
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0293.html
Reference: CALDERA:CSSA-2000-033.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-033.0.txt
Reference: CERT:CA-2000-22
Reference: URL:http://www.cert.org/advisories/CA-2000-22.html
Reference: FREEBSD:FreeBSD-SA-00:56
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:56.lprng.asc
Reference: REDHAT:RHSA-2000:065
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-065.html
Reference: XF:lprng-format-string(5287)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5287

---

Name: CVE-2000-0919

Description:

Directory traversal vulnerability in PHPix Photo Album 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:1773
Reference: URL:http://www.securityfocus.com/bid/1773
Reference: BUGTRAQ:20001007 PHPix advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0117.html
Reference: OSVDB:472
Reference: URL:http://www.osvdb.org/472
Reference: XF:phpix-dir-traversal(5331)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5331

---

Name: CVE-2000-0920

Description:

Directory traversal vulnerability in BOA web server 0.94.8.2 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack in the GET HTTP request that uses a "%2E" instead of a "."

Status:Entry
Reference: BID:1770
Reference: URL:http://www.securityfocus.com/bid/1770
Reference: BUGTRAQ:20001006 Vulnerability in BOA web server v0.94.8.2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0092.html
Reference: DEBIAN:20001009 boa: exposes contents of local files
Reference: URL:http://www.debian.org/security/2000/20001009
Reference: FREEBSD:FreeBSD-SA-00:60
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:60.boa.asc
Reference: XF:boa-webserver-get-dir-traversal(5330)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5330

---

Name: CVE-2000-0921

Description:

Directory traversal vulnerability in Hassan Consulting shop.cgi shopping cart program allows remote attackers to read arbitrary files via a .. (dot dot) attack on the page parameter.

Status:Entry
Reference: BID:1777
Reference: URL:http://www.securityfocus.com/bid/1777
Reference: BUGTRAQ:20001007 Security Advisory: Hassan Consulting's shop.cgi Directory Traversal Vulnerability.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0115.html
Reference: OSVDB:1596
Reference: URL:http://www.osvdb.org/1596
Reference: XF:hassan-shopping-cart-dir-traversal(5342)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5342

---

Name: CVE-2000-0922

Description:

Directory traversal vulnerability in Bytes Interactive Web Shopper shopping cart program (shopper.cgi) 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack on the newpage parameter.

Status:Entry
Reference: BID:1776
Reference: URL:http://www.securityfocus.com/bid/1776
Reference: BUGTRAQ:20001008 Security Advisory: Bytes Interactive's Web Shopper (shopper.cgi) Directory Traversal Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0120.html
Reference: XF:web-shopper-directory-traversal(5351)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5351

---

Name: CVE-2000-0923

Description:

authenticate.cgi CGI program in Aplio PRO allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter.

Status:Entry
Reference: BID:1784
Reference: URL:http://www.securityfocus.com/bid/1784
Reference: BUGTRAQ:20001006 Fwd: APlio PRO web shell
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0107.html
Reference: XF:uclinux-apliophone-bin-execute(5333)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5333

---

Name: CVE-2000-0924

Description:

Directory traversal vulnerability in search.cgi CGI script in Armada Master Index allows remote attackers to read arbitrary files via a .. (dot dot) attack in the "catigory" parameter.

Status:Entry
Reference: BID:1772
Reference: URL:http://www.securityfocus.com/bid/1772
Reference: BUGTRAQ:20001009 Master Index traverse advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0141.html
Reference: OSVDB:461
Reference: URL:http://www.osvdb.org/461
Reference: XF:master-index-directory-traversal(5355)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5355

---

Name: CVE-2000-0925

Description:

The default installation of SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) installs the _private directory with world readable permissions, which allows remote attackers to obtain sensitive information.

Status:Entry
Reference: BID:1734
Reference: URL:http://www.securityfocus.com/bid/1734
Reference: BUGTRAQ:20001002 DST2K0035: Credit card (customer) details exposed within CyberOff ice Shopping Cart v2
Reference: URL:http://marc.info/?l=bugtraq&m=97050819812055&w=2
Reference: WIN2KSEC:20001002 DST2K0035: Credit card (customer) details exposed within CyberOff ice Shopping Cart v2
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0001.html
Reference: XF:cyberoffice-world-readable-directory(5318)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5318

---

Name: CVE-2000-0926

Description:

SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) allows remote attackers to modify price information by changing the "Price" hidden form variable.

Status:Entry
Reference: BID:1733
Reference: URL:http://www.securityfocus.com/bid/1733
Reference: BUGTRAQ:20001002 DST2K0036: Price modification possible in CyberOffice Shopping Cart
Reference: URL:http://marc.info/?l=bugtraq&m=97050627707128&w=2
Reference: WIN2KSEC:20001002 DST2K0036: Price modification possible in CyberOffice Shopping Ca rt
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2000-q4/0000.html
Reference: XF:cyberoffice-price-modification(5319)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5319

---

Name: CVE-2000-0927

Description:

WQuinn QuotaAdvisor 4.1 does not properly record file sizes if they are stored in alternative data streams, which allows users to bypass quota restrictions.

Status:Entry
Reference: BID:1724
Reference: URL:http://www.securityfocus.com/bid/1724
Reference: BUGTRAQ:20000928 DST2K0037: QuotaAdvisor 4.1 by WQuinn is susceptible to alternati ve datastreams to bypass quotas.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09//0331.html
Reference: NTBUGTRAQ:20000928 DST2K0037: QuotaAdvisor 4.1 by WQuinn is susceptible to alternati ve datastreams to bypass quotas.
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0173.html
Reference: XF:quotaadvisor-quota-bypass(5302)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5302

---

Name: CVE-2000-0928

Description:

WQuinn QuotaAdvisor 4.1 allows users to list directories and files by running a report on the targeted shares.

Status:Entry
Reference: BID:1765
Reference: URL:http://www.securityfocus.com/bid/1765
Reference: BUGTRAQ:20001006 DST2K0040: QuotaAdvisor 4.1 by WQuinn susceptible to any user bei ng able to list (not read) all files on any server running QuotaAdvisor.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0091.html
Reference: XF:quotaadvisor-list-files(5327)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5327

---

Name: CVE-2000-0929

Description:

Microsoft Windows Media Player 7 allows attackers to cause a denial of service in RTF-enabled email clients via an embedded OCX control that is not closed properly, aka the "OCX Attachment" vulnerability.

Status:Entry
Reference: BID:1714
Reference: URL:http://www.securityfocus.com/bid/1714
Reference: BUGTRAQ:20000929 Malformed Embedded Windows Media Player 7 "OCX Attachment"
Reference: URL:http://marc.info/?l=bugtraq&m=97024839222747&w=2
Reference: MS:MS00-068
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-068
Reference: XF:mediaplayer-outlook-dos(5309)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5309

---

Name: CVE-2000-0930

Description:

Pegasus Mail 3.12 allows remote attackers to read arbitrary files via an embedded URL that calls the mailto: protocol with a -F switch.

Status:Entry
Reference: BID:1738
Reference: URL:http://www.securityfocus.com/bid/1738
Reference: BUGTRAQ:20001003 Pegasus mail file reading vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0039.html
Reference: BUGTRAQ:20001030 Pegasus Mail file reading vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0436.html
Reference: XF:pegasus-file-forwarding(5326)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5326

---

Name: CVE-2000-0932

Description:

MAILsweeper for SMTP 3.x does not properly handle corrupt CDA documents in a ZIP file and hangs, which allows remote attackers to cause a denial of service.

Status:Entry
Reference: NTBUGTRAQ:20000926 FW: DOS for Content Technologies' MAILsweeper for SMTP.
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0181.html
Reference: XF:mailsweeper-smtp-dos(5641)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5641

---

Name: CVE-2000-0933

Description:

The Input Method Editor (IME) in the Simplified Chinese version of Windows 2000 does not disable access to privileged functionality that should normally be restricted, which allows local users to gain privileges, aka the "Simplified Chinese IME State Recognition" vulnerability.

Status:Entry
Reference: BID:1729
Reference: URL:http://www.securityfocus.com/bid/1729
Reference: MS:MS00-069
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-069
Reference: XF:win2k-simplified-chinese-ime(5301)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5301

---

Name: CVE-2000-0934

Description:

Glint in Red Hat Linux 5.2 allows local users to overwrite arbitrary files and cause a denial of service via a symlink attack.

Status:Entry
Reference: BID:1703
Reference: URL:http://www.securityfocus.com/bid/1703
Reference: REDHAT:RHSA-2000:062
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-062.html
Reference: XF:glint-symlink(5271)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5271

---

Name: CVE-2000-0935

Description:

Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users to overwrite arbitrary files via a symlink attack on the cgi.log file.

Status:Entry
Reference: BID:1872
Reference: URL:http://www.securityfocus.com/bid/1872
Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html
Reference: XF:samba-swat-logging-sym-link(5443)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5443

---

Name: CVE-2000-0936

Description:

Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords.

Status:Entry
Reference: BID:1874
Reference: URL:http://www.securityfocus.com/bid/1874
Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html
Reference: XF:samba-swat-logfile-info(5445)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5445

---

Name: CVE-2000-0937

Description:

Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login attempts in which the username is correct but the password is wrong, which allows remote attackers to conduct brute force password guessing attacks.

Status:Entry
Reference: BID:1873
Reference: URL:http://www.securityfocus.com/bid/1873
Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html
Reference: XF:samba-swat-brute-force(5442)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5442

---

Name: CVE-2000-0938

Description:

Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server.

Status:Entry
Reference: BUGTRAQ:20001030 Samba 2.0.7 SWAT vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html
Reference: XF:samba-swat-brute-force(5442)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5442

---

Name: CVE-2000-0941

Description:

Kootenay Web KW Whois 1.0 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "whois" parameter.

Status:Entry
Reference: BID:1883
Reference: URL:http://www.securityfocus.com/bid/1883
Reference: BUGTRAQ:20001029 Re: Remote command execution via KW Whois 1.0 (addition)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0420.html
Reference: BUGTRAQ:20001029 Remote command execution via KW Whois 1.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0419.html
Reference: MISC:http://www.kootenayweb.bc.ca/scripts/whois.txt
Reference: XF:kw-whois-meta(5438)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5438

---

Name: CVE-2000-0942

Description:

The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.

Status:Entry
Reference: BID:1861
Reference: URL:http://www.securityfocus.com/bid/1861
Reference: BUGTRAQ:20001028 IIS 5.0 cross site scripting vulnerability - using .htw
Reference: URL:http://www.securityfocus.com/archive/1/141903
Reference: MS:MS00-084
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-084
Reference: XF:iis-htw-cross-scripting(5441)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5441

---

Name: CVE-2000-0943

Description:

Buffer overflow in bftp daemon (bftpd) 1.0.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long USER command.

Status:Entry
Reference: BID:1858
Reference: URL:http://www.securityfocus.com/bid/1858
Reference: BUGTRAQ:20001027 Potential Security Problem in bftpd-1.0.11
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0397.html
Reference: XF:bftpd-user-bo(5426)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5426

---

Name: CVE-2000-0944

Description:

CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password.

Status:Entry
Reference: BID:1881
Reference: URL:http://www.securityfocus.com/bid/1881
Reference: BUGTRAQ:20001027 CGI-Bug: News Update 1.1 administration password bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0402.html
Reference: XF:news-update-bypass-password(5433)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5433

---

Name: CVE-2000-0945

Description:

The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory.

Status:Entry
Reference: BID:1846
Reference: URL:http://www.securityfocus.com/bid/1846
Reference: BUGTRAQ:20001026 Advisory def-2000-02: Cisco Catalyst remote command execution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0380.html
Reference: BUGTRAQ:20001113 Re: 3500XL
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0194.html
Reference: OSVDB:444
Reference: URL:http://www.osvdb.org/444
Reference: XF:cisco-catalyst-remote-commands(5415)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5415

---

Name: CVE-2000-0946

Description:

Compaq Easy Access Keyboard software 1.3 does not properly disable access to custom buttons when the screen is locked, which could allow an attacker to gain privileges or execute programs without authorization.

Status:Entry
Reference: CONFIRM:http://www5.compaq.com/support/files/desktops/us/revision/1723.html
Reference: NTBUGTRAQ:20001012 Security issue with Compaq Easy Access Keyboard software
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q4/0023.html
Reference: OSVDB:5831
Reference: URL:http://www.osvdb.org/5831
Reference: XF:compaq-ea-elevate-privileges(5718)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5718

---

Name: CVE-2000-0947

Description:

Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command.

Status:Entry
Reference: BID:1757
Reference: URL:http://www.securityfocus.com/bid/1757
Reference: BUGTRAQ:20001002 Very probable remote root vulnerability in cfengine
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0004.html
Reference: MANDRAKE:MDKSA-2000:061
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-061.php3?dis=7.1
Reference: NETBSD:NetBSD-SA2000-013
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-013.txt.asc
Reference: XF:cfengine-cfd-format-string(5630)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5630

---

Name: CVE-2000-0948

Description:

GnoRPM before 0.95 allows local users to modify arbitrary files via a symlink attack.

Status:Entry
Reference: BID:1761
Reference: URL:http://www.securityfocus.com/bid/1761
Reference: BUGTRAQ:20001002 GnoRPM local /tmp vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/136866
Reference: BUGTRAQ:20001003 Conectiva Linux Security Announcement - gnorpm
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0043.html
Reference: BUGTRAQ:20001011 Immunix OS Security Update for gnorpm package
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0184.html
Reference: MANDRAKE:MDKSA-2000:055
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-055.php3?dis=7.0
Reference: REDHAT:RHSA-2000:072
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-072.html
Reference: XF:gnorpm-temp-symlink(5317)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5317

---

Name: CVE-2000-0949

Description:

Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier allows a local user to execute arbitrary commands via the -g option.

Status:Entry
Reference: BID:1739
Reference: URL:http://www.securityfocus.com/bid/1739
Reference: BUGTRAQ:20000928 Very interesting traceroute flaw
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0344.html
Reference: BUGTRAQ:20000930 Conectiva Linux Security Announcement - traceroute
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0357.html
Reference: CALDERA:CSSA-2000-034.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-034.0.txt
Reference: DEBIAN:20001013 traceroute: local root exploit
Reference: URL:http://www.debian.org/security/2000/20001013
Reference: MANDRAKE:MDKSA-2000:053
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-053.php3?dis=7.1
Reference: REDHAT:RHSA-2000:078
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-078.html
Reference: TURBO:TLSA2000023-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2000-October/000025.html
Reference: XF:traceroute-heap-overflow(5311)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5311

---

Name: CVE-2000-0951

Description:

A misconfiguration in IIS 5.0 with Index Server enabled and the Index property set allows remote attackers to list directories in the web root via a Web Distributed Authoring and Versioning (WebDAV) search.

Status:Entry
Reference: ATSTAKE:A100400-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a100400-1.txt
Reference: BID:1756
Reference: URL:http://www.securityfocus.com/bid/1756
Reference: MSKB:Q272079
Reference: URL:http://www.microsoft.com/technet/support/kb.asp?ID=272079
Reference: XF:iis-index-dir-traverse(5335)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5335

---

Name: CVE-2000-0952

Description:

global.cgi CGI program in Global 3.55 and earlier on NetBSD allows remote attackers to execute arbitrary commands via shell metacharacters.

Status:Entry
Reference: FREEBSD:FreeBSD-SA-00:64
Reference: NETBSD:NetBSD-SA2000-014
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-014.txt.asc
Reference: OSVDB:6486
Reference: URL:http://www.osvdb.org/6486
Reference: XF:global-execute-remote-commands(5424)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5424

---

Name: CVE-2000-0953

Description:

Shambala Server 4.5 allows remote attackers to cause a denial of service by opening then closing a connection.

Status:Entry
Reference: BID:1778
Reference: URL:http://www.securityfocus.com/bid/1778
Reference: BUGTRAQ:20001009 Shambala 4.5 vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0134.html
Reference: XF:shambala-connection-dos(5345)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5345

---

Name: CVE-2000-0956

Description:

cyrus-sasl before 1.5.24 in Red Hat Linux 7.0 does not properly verify the authorization for a local user, which could allow the users to bypass specified access restrictions.

Status:Entry
Reference: BID:1875
Reference: URL:http://www.securityfocus.com/bid/1875
Reference: REDHAT:RHSA-2000:094
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-094.html
Reference: XF:cyrus-sasl-gain-access(5427)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5427

---

Name: CVE-2000-0957

Description:

The pluggable authentication module for mysql (pam_mysql) before 0.4.7 does not properly cleanse user input when constructing SQL statements, which allows attackers to obtain plaintext passwords or hashes.

Status:Entry
Reference: BUGTRAQ:20001026 (SRADV00004) Remote and local vulnerabilities in pam_mysql
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0374.html
Reference: XF:pammysql-auth-input(5447)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5447

---

Name: CVE-2000-0958

Description:

HotJava Browser 3.0 allows remote attackers to access the DOM of a web page by opening a javascript: URL in a named window.

Status:Entry
Reference: BUGTRAQ:20001025 HotJava Browser 3.0 JavaScript security vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0349.html
Reference: XF:hotjava-browser-dom-access(5428)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5428

---

Name: CVE-2000-0959

Description:

glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack.

Status:Entry
Reference: BID:1719
Reference: URL:http://www.securityfocus.com/bid/1719
Reference: BUGTRAQ:20000926 ld.so bug - LD_DEBUG_OUTPUT follows symlinks
Reference: URL:http://www.securityfocus.com/archive/1/85028
Reference: XF:glibc-unset-symlink(5299)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5299

---

Name: CVE-2000-0960

Description:

The POP3 server in Netscape Messaging Server 4.15p1 generates different error messages for incorrect user names versus incorrect passwords, which allows remote attackers to determine valid users on the system and harvest email addresses for spam abuse.

Status:Entry
Reference: BID:1787
Reference: URL:http://www.securityfocus.com/bid/1787
Reference: BUGTRAQ:20001011 Netscape Messaging server 4.15 poor error strings
Reference: URL:http://marc.info/?l=bugtraq&m=97138100426121&w=2
Reference: XF:netscape-messaging-email-verify(5364)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5364

---

Name: CVE-2000-0961

Description:

Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch 2 allows local users to execute arbitrary commands via a long LIST command.

Status:Entry
Reference: BID:1721
Reference: URL:http://www.securityfocus.com/bid/1721
Reference: BUGTRAQ:20000928 commercial products and security [ + new bug ]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0334.html
Reference: XF:netscape-messaging-list-dos(5292)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5292

---

Name: CVE-2000-0962

Description:

The IPSEC implementation in OpenBSD 2.7 does not properly handle empty AH/ESP packets, which allows remote attackers to cause a denial of service.

Status:Entry
Reference: BID:1723
Reference: URL:http://www.securityfocus.com/bid/1723
Reference: BUGTRAQ:20000925 Nmap Protocol Scanning DoS against OpenBSD IPSEC
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0299.html
Reference: OPENBSD:20000918 Bad ESP/AH packets could cause a crash under certain conditions.
Reference: OSVDB:1574
Reference: URL:http://www.osvdb.org/1574
Reference: XF:openbsd-nmap-dos(5634)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5634

---

Name: CVE-2000-0964

Description:

Buffer overflow in the web administration service for the HiNet LP5100 IP-phone allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.

Status:Entry
Reference: BID:1727
Reference: URL:http://www.securityfocus.com/bid/1727
Reference: BUGTRAQ:20000928 Another thingy.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0336.html
Reference: XF:hinet-ipphone-get-bo(5298)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5298

---

Name: CVE-2000-0965

Description:

The NSAPI plugins for TGA and the Java Servlet proxy in HP-UX VVOS 10.24 and 11.04 allows an attacker to cause a denial of service (high CPU utilization).

Status:Entry
Reference: HP:HPSBUX0010-124
Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0012.html
Reference: XF:hp-virtualvault-nsapi-dos(5361)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5361

---

Name: CVE-2000-0966

Description:

Buffer overflows in lpspooler in the fileset PrinterMgmt.LP-SPOOL of HP-UX 11.0 and earlier allows local users to gain privileges.

Status:Entry
Reference: HP:HPSBUX0010-125
Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0020.html
Reference: OSVDB:7244
Reference: URL:http://www.osvdb.org/7244
Reference: XF:hp-lpspooler-bo(5379)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5379

---

Name: CVE-2000-0967

Description:

PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.

Status:Entry
Reference: ATSTAKE:A101200-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a101200-1.txt
Reference: BID:1786
Reference: URL:http://www.securityfocus.com/bid/1786
Reference: BUGTRAQ:20001012 Conectiva Linux Security Announcement - mod_php3
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0204.html
Reference: CALDERA:CSSA-2000-037.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-037.0.txt
Reference: DEBIAN:20001014a
Reference: DEBIAN:20001014b
Reference: FREEBSD:FreeBSD-SA-00:75
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:75.php.asc
Reference: MANDRAKE:MDKSA-2000:062
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-062.php3?dis=7.1
Reference: REDHAT:RHSA-2000:088
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-088.html
Reference: REDHAT:RHSA-2000:095
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-095.html
Reference: XF:php-logging-format-string(5359)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5359

---

Name: CVE-2000-0968

Description:

Buffer overflow in Half Life dedicated server before build 3104 allows remote attackers to execute arbitrary commands via a long rcon command.

Status:Entry
Reference: BID:1799
Reference: URL:http://www.securityfocus.com/bid/1799
Reference: BUGTRAQ:20001016 Half-Life Dedicated Server Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0254.html
Reference: BUGTRAQ:20001024 Tamandua Sekure Labs Security Advisory 2000-01
Reference: URL:http://www.securityfocus.com/archive/1/141060
Reference: BUGTRAQ:20001027 Re: Half Life dedicated server Patch
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0409.html
Reference: XF:halflife-server-changelevel-bo(5375)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5375

---

Name: CVE-2000-0969

Description:

Format string vulnerability in Half Life dedicated server build 3104 and earlier allows remote attackers to execute arbitrary commands by injecting format strings into the changelevel command, via the system console or rcon.

Status:Entry
Reference: BUGTRAQ:20001016 Half-Life Dedicated Server Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0254.html
Reference: BUGTRAQ:20001024 Tamandua Sekure Labs Security Advisory 2000-01
Reference: URL:http://www.securityfocus.com/archive/1/141060
Reference: BUGTRAQ:20001027 Re: Half Life dedicated server Patch
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0409.html
Reference: OSVDB:6983
Reference: URL:http://www.osvdb.org/6983
Reference: XF:halflife-rcon-format-string(5413)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5413

---

Name: CVE-2000-0970

Description:

IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability.

Status:Entry
Reference: MISC:http://www.acrossecurity.com/aspr/ASPR-2000-07-22-1-PUB.txt
Reference: MS:MS00-080
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-080
Reference: OSVDB:7265
Reference: URL:http://www.osvdb.org/7265
Reference: XF:session-cookie-remote-retrieval(5396)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5396

---

Name: CVE-2000-0972

Description:

HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates.

Status:Entry
Reference: BUGTRAQ:20001020 [ Hackerslab bug_paper ] HP-UX crontab temporary file symbolic link vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0317.html
Reference: XF:hp-crontab-read-files(5410)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5410

---

Name: CVE-2000-0973

Description:

Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier than 6.0-1.2, allows remote attackers to execute arbitrary commands by forcing a long error message to be generated.

Status:Entry
Reference: BID:1804
Reference: URL:http://www.securityfocus.com/bid/1804
Reference: DEBIAN:20001013a
Reference: FREEBSD:FreeBSD-SA-00:72
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:72.curl.asc
Reference: REDHAT:RHBA-2000:092-01
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0331.html
Reference: XF:curl-error-bo(5374)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5374

---

Name: CVE-2000-0974

Description:

GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection.

Status:Entry
Reference: BID:1797
Reference: URL:http://www.securityfocus.com/bid/1797
Reference: BUGTRAQ:20001011 GPG 1.0.3 doesn't detect modifications to files with multiple signatures
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0201.html
Reference: BUGTRAQ:20001025 Immunix OS Security Update for gnupg package
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0361.html
Reference: CALDERA:CSSA-2000-038.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2000-038.0.txt
Reference: CONECTIVA:CLSA-2000:334
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000334
Reference: DEBIAN:20001111 gnupg: incorrect signature verification
Reference: URL:http://www.debian.org/security/2000/20001111
Reference: FREEBSD:FreeBSD-SA-00:67
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:67.gnupg.asc
Reference: MANDRAKE:MDKSA-2000:063-1
Reference: OSVDB:1608
Reference: URL:http://www.osvdb.org/1608
Reference: REDHAT:RHSA-2000:089
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-089.html
Reference: XF:gnupg-message-modify(5386)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5386

---

Name: CVE-2000-0975

Description:

Directory traversal vulnerability in apexec.pl in Anaconda Foundation Directory allows remote attackers to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BUGTRAQ:20001012 Anaconda Advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0210.html
Reference: OSVDB:435
Reference: URL:http://www.osvdb.org/435
Reference: XF:anaconda-apexec-directory-traversal(5750)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5750

---

Name: CVE-2000-0976

Description:

Buffer overflow in xlib in XFree 3.3.x possibly allows local users to execute arbitrary commands via a long DISPLAY environment variable or a -display command line parameter.

Status:Entry
Reference: BID:1805
Reference: URL:http://www.securityfocus.com/bid/1805
Reference: BUGTRAQ:20001012 another Xlib buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0211.html
Reference: SGI:20020502-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020502-01-I
Reference: XF:xfree-xlib-bo(5751)
Reference: URL:http://www.iss.net/security_center/static/5751.php

---

Name: CVE-2000-0977

Description:

mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to read arbitrary files by specifying the target file name in the "filename" parameter in a POST request, which is then sent by email to the address specified in the "email" parameter.

Status:Entry
Reference: BID:1807
Reference: URL:http://www.securityfocus.com/bid/1807
Reference: BUGTRAQ:20001011 Mail File POST Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0172.html
Reference: XF:mailfile-post-file-read(5358)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5358

---

Name: CVE-2000-0978

Description:

bbd server in Big Brother System and Network Monitor before 1.5c2 allows remote attackers to execute arbitrary commands via the "&" shell metacharacter.

Status:Entry
Reference: BID:1779
Reference: URL:http://www.securityfocus.com/bid/1779
Reference: BUGTRAQ:20001010 Big Brother Systems and Network Monitor vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0162.html
Reference: XF:bb4-netmon-execute-commands(5719)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5719

---

Name: CVE-2000-0979

Description:

File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which allows remote attackers to bypass share access controls by sending a 1-byte password that matches the first character of the real password, aka the "Share Level Password" vulnerability.

Status:Entry
Reference: BID:1780
Reference: URL:http://www.securityfocus.com/bid/1780
Reference: BUGTRAQ:20001012 NSFOCUS SA2000-05: Microsoft Windows 9x NETBIOS password
Reference: URL:http://marc.info/?l=bugtraq&m=97147777618139&w=2
Reference: MS:MS00-072
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-072
Reference: OVAL:oval:org.mitre.oval:def:996
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A996
Reference: XF:win9x-share-level-password(5395)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5395

---

Name: CVE-2000-0980

Description:

NMPI (Name Management Protocol on IPX) listener in Microsoft NWLink does not properly filter packets from a broadcast address, which allows remote attackers to cause a broadcast storm and flood the network.

Status:Entry
Reference: BID:1781
Reference: URL:http://www.securityfocus.com/bid/1781
Reference: MS:MS00-073
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-073
Reference: XF:win-nmpi-packet-dos(5357)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5357

---

Name: CVE-2000-0981

Description:

MySQL Database Engine uses a weak authentication method which leaks information that could be used by a remote attacker to recover the password.

Status:Entry
Reference: BUGTRAQ:20001023 [CORE SDI ADVISORY] MySQL weak authentication
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0318.html
Reference: CONFIRM:http://www.mysql.com/documentation/mysql/commented/manual.php?section=Security
Reference: XF:mysql-authentication(5409)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5409

---

Name: CVE-2000-0982

Description:

Internet Explorer before 5.5 forwards cached user credentials for a secure web site to insecure pages on the same web site, which could allow remote attackers to obtain the credentials by monitoring connections to the web server, aka the "Cached Web Credentials" vulnerability.

Status:Entry
Reference: BID:1793
Reference: URL:http://www.securityfocus.com/bid/1793
Reference: MISC:http://www.acrossecurity.com/aspr/ASPR-2000-07-22-2-PUB.txt
Reference: MS:MS00-076
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-076
Reference: XF:ie-cache-info(5367)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5367

---

Name: CVE-2000-0983

Description:

Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service (CPU utilization) via a sequence of null bytes to the NetMeeting port, aka the "NetMeeting Desktop Sharing" vulnerability.

Status:Entry
Reference: BID:1798
Reference: URL:http://www.securityfocus.com/bid/1798
Reference: BUGTRAQ:20001018 Denial of Service attack against computers running Microsoft NetMeeting
Reference: URL:http://www.securityfocus.com/archive/1/140341
Reference: MS:MS00-077
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-077
Reference: MSKB:Q273854
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q273854
Reference: XF:netmeeting-desktop-sharing-dos(5368)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5368

---

Name: CVE-2000-0984

Description:

The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a "?/" string.

Status:Entry
Reference: BID:1838
Reference: URL:http://www.securityfocus.com/bid/1838
Reference: BUGTRAQ:20001026 [CORE SDI ADVISORY] Cisco IOS HTTP server DoS
Reference: CISCO:20001025 Cisco IOS HTTP Server Query Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/ioshttpserverquery-pub.shtml
Reference: XF:cisco-ios-query-dos(5412)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5412

---

Name: CVE-2000-0989

Description:

Buffer overflow in Intel InBusiness eMail Station 1.04.87 POP service allows remote attackers to cause a denial of service and possibly execute commands via a long username.

Status:Entry
Reference: BUGTRAQ:20001020 DoS in Intel corporation 'InBusiness eMail Station'
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0293.html
Reference: OSVDB:6488
Reference: URL:http://www.osvdb.org/6488
Reference: XF:intel-email-username-bo(5414)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5414

---

Name: CVE-2000-0990

Description:

cmd5checkpw 0.21 and earlier allows remote attackers to cause a denial of service via an "SMTP AUTH" command with an unknown username.

Status:Entry
Reference: BID:1809
Reference: URL:http://www.securityfocus.com/bid/1809
Reference: BUGTRAQ:20001016 Authentication failure in cmd5checkpw 0.21
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0258.html
Reference: CONFIRM:http://members.elysium.pl/brush/cmd5checkpw/changes.html
Reference: XF:cmd5checkpw-qmail-bypass-authentication(5382)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5382

---

Name: CVE-2000-0991

Description:

Buffer overflow in Hilgraeve, Inc. HyperTerminal client on Windows 98, ME, and 2000 allows remote attackers to execute arbitrary commands via a long telnet URL, aka the "HyperTerminal Buffer Overflow" vulnerability.

Status:Entry
Reference: BID:1815
Reference: URL:http://www.securityfocus.com/bid/1815
Reference: MS:MS00-079
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-079
Reference: XF:win-hyperterminal-telnet-bo(5387)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5387

---

Name: CVE-2000-0992

Description:

Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: BID:1742
Reference: URL:http://www.securityfocus.com/bid/1742
Reference: BUGTRAQ:20000930 scp file transfer hole
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0359.html
Reference: BUGTRAQ:20001001 openssh2.2.p1 - Re: scp file transfer hole
Reference: MANDRAKE:MDKSA-2000:057
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:057
Reference: XF:scp-overwrite-files(5312)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5312

---

Name: CVE-2000-0993

Description:

Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.

Status:Entry
Reference: BID:1744
Reference: URL:http://www.securityfocus.com/bid/1744
Reference: BUGTRAQ:20001004 Re: OpenBSD Security Advisory
Reference: URL:http://marc.info/?l=bugtraq&m=97068555106135&w=2
Reference: FREEBSD:FreeBSD-SA-00:58
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:58.chpass.asc
Reference: NETBSD:NetBSD-SA2000-015
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-015.txt.asc
Reference: OPENBSD:20001003 A format string vulnerability exists in the pw_error(3) function.
Reference: URL:http://www.openbsd.org/errata27.html#pw_error
Reference: XF:bsd-libutil-format(5339)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5339

---

Name: CVE-2000-0994

Description:

Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating systems) allows local users to gain root privileges via the PWD environmental variable.

Status:Entry
Reference: BID:1746
Reference: URL:http://www.securityfocus.com/bid/1746
Reference: BUGTRAQ:20001004 Re: OpenBSD Security Advisory
Reference: URL:http://marc.info/?l=bugtraq&m=97068555106135&w=2
Reference: MISC:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch
Reference: OPENBSD:20001006 There are printf-style format string bugs in several privileged programs.
Reference: XF:bsd-fstat-format(5338)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5338

---

Name: CVE-2000-0995

Description:

Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed name.

Status:Entry
Reference: MISC:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch
Reference: OPENBSD:20001006 There are printf-style format string bugs in several privileged programs.
Reference: OSVDB:6125
Reference: URL:http://www.osvdb.org/6125
Reference: XF:bsd-yp-passwd-format(5635)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5635

---

Name: CVE-2000-0996

Description:

Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed shell.

Status:Entry
Reference: MISC:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch
Reference: OPENBSD:20001006 There are printf-style format string bugs in several privileged programs.
Reference: OSVDB:6124
Reference: URL:http://www.osvdb.org/6124
Reference: XF:bsd-su-format(5636)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5636

---

Name: CVE-2000-1000

Description:

Format string vulnerability in AOL Instant Messenger (AIM) 4.1.2010 allows remote attackers to cause a denial of service and possibly execute arbitrary commands by transferring a file whose name includes format characters.

Status:Entry
Reference: BID:1747
Reference: URL:http://www.securityfocus.com/bid/1747
Reference: BUGTRAQ:20001003 AOL Instant Messenger DoS
Reference: URL:http://www.securityfocus.com/archive/1/137374
Reference: XF:aim-file-transfer-dos(5314)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5314

---

Name: CVE-2000-1001

Description:

add_2_basket.asp in Element InstantShop allows remote attackers to modify price information via the "price" hidden form variable.

Status:Entry
Reference: BUGTRAQ:20001024 Price modification in Element InstantShop
Reference: URL:http://marc.info/?l=bugtraq&m=97240616129614&w=2
Reference: OSVDB:6487
Reference: URL:http://www.osvdb.org/6487
Reference: XF:instantshop-modify-price(5402)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5402

---

Name: CVE-2000-1002

Description:

POP3 daemon in Stalker CommuniGate Pro 3.3.2 generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to determine valid email addresses on the server for SPAM attacks.

Status:Entry
Reference: BID:1792
Reference: URL:http://www.securityfocus.com/bid/1792
Reference: BUGTRAQ:20001012 Re: Netscape Messaging server 4.15 poor error strings
Reference: URL:http://www.securityfocus.com/archive/1/139523
Reference: XF:communigate-email-verify(5363)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5363

---

Name: CVE-2000-1003

Description:

NETBIOS client in Windows 95 and Windows 98 allows a remote attacker to cause a denial of service by changing a file sharing service to return an unknown driver type, which causes the client to crash.

Status:Entry
Reference: BID:1794
Reference: URL:http://www.securityfocus.com/bid/1794
Reference: BUGTRAQ:20001012 NSFOCUS SA2000-04: Microsoft Win9x client driver type comparing vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/139511
Reference: XF:win-netbios-driver-type-dos(5370)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5370

---

Name: CVE-2000-1004

Description:

Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting characters.

Status:Entry
Reference: BUGTRAQ:20001004 Re: OpenBSD Security Advisory
Reference: URL:http://marc.info/?l=bugtraq&m=97068555106135&w=2
Reference: OSVDB:6123
Reference: URL:http://www.osvdb.org/6123
Reference: XF:bsd-photurisd-format(5336)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5336

---

Name: CVE-2000-1005

Description:

Directory traversal vulnerability in html_web_store.cgi and web_store.cgi CGI programs in eXtropia WebStore allows remote attackers to read arbitrary files via a .. (dot dot) attack on the page parameter.

Status:Entry
Reference: BID:1774
Reference: URL:http://www.securityfocus.com/bid/1774
Reference: BUGTRAQ:20001009 Security Advisory : eXtropia WebStore (web_store.cgi) Directory Traversal Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/138495
Reference: XF:extropia-webstore-fileread(5347)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5347

---

Name: CVE-2000-1006

Description:

Microsoft Exchange Server 5.5 does not properly handle a MIME header with a blank charset specified, which allows remote attackers to cause a denial of service via a charset="" command, aka the "Malformed MIME Header" vulnerability.

Status:Entry
Reference: BID:1869
Reference: URL:http://www.securityfocus.com/bid/1869
Reference: MS:MS00-082
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-082
Reference: XF:ms-exchange-mime-dos(5448)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5448

---

Name: CVE-2000-1007

Description:

I-gear 3.5.7 and earlier does not properly process log entries in which a URL is longer than 255 characters, which allows an attacker to cause reporting errors.

Status:Entry
Reference: NTBUGTRAQ:20001025 I-gear 3.5.x for Microsoft Proxy logging vulnerability + temporary fix.
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2000-q4/0048.html
Reference: XF:igear-invalid-log(5791)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5791

---

Name: CVE-2000-1010

Description:

Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary commands via a user name that contains format characters.

Status:Entry
Reference: BID:1764
Reference: URL:http://www.securityfocus.com/bid/1764
Reference: BUGTRAQ:20001006 talkd [WAS: Re: OpenBSD Security Advisory]
Reference: URL:http://www.securityfocus.com/archive/1/137890
Reference: XF:linux-talkd-overwrite-root(5344)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5344

---

Name: CVE-2000-1011

Description:

Buffer overflow in catopen() function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to gain root privileges via a long environmental variable.

Status:Entry
Reference: FREEBSD:FreeBSD-SA-00:53
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:53.catopen.asc
Reference: OSVDB:6070
Reference: URL:http://www.osvdb.org/6070
Reference: XF:freebsd-catopen-bo(5638)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5638

---

Name: CVE-2000-1014

Description:

Format string vulnerability in the search97.cgi CGI script in SCO help http server for Unixware 7 allows remote attackers to execute arbitrary commands via format characters in the queryText parameter.

Status:Entry
Reference: BID:1717
Reference: URL:http://www.securityfocus.com/bid/1717
Reference: BUGTRAQ:20000927 Unixware SCOhelp http server format string vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0325.html
Reference: OSVDB:3240
Reference: URL:http://www.osvdb.org/3240
Reference: XF:unixware-scohelp-format(5291)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5291

---

Name: CVE-2000-1016

Description:

The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.

Status:Entry
Reference: BID:1707
Reference: URL:http://www.securityfocus.com/bid/1707
Reference: BUGTRAQ:20000921 httpd.conf in Suse 6.4
Reference: URL:http://www.securityfocus.com/archive/1/84360
Reference: XF:suse-installed-packages-exposed(5276)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5276

---

Name: CVE-2000-1018

Description:

shred 1.0 file wiping utility does not properly open a file for overwriting or flush its buffers, which prevents shred from properly replacing the file's data and allows local users to recover the file.

Status:Entry
Reference: BID:1788
Reference: URL:http://www.securityfocus.com/bid/1788
Reference: BUGTRAQ:20001010 Shred 1.0 Bug Report
Reference: URL:http://marc.info/?l=bugtraq&m=97119799515246&w=2
Reference: BUGTRAQ:20001011 Shred v1.0 Fix
Reference: URL:http://marc.info/?l=bugtraq&m=97131166004145&w=2
Reference: XF:shred-recover-files(5722)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5722

---

Name: CVE-2000-1019

Description:

Search engine in Ultraseek 3.1 and 3.1.10 (aka Inktomi Search) allows remote attackers to cause a denial of service via a malformed URL.

Status:Entry
Reference: BID:1866
Reference: URL:http://www.securityfocus.com/bid/1866
Reference: BUGTRAQ:20001030 Ultraseek 3.1.x Remote DoS Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=97301487015664&w=2
Reference: XF:ultraseek-malformed-url-dos(5439)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5439

---

Name: CVE-2000-1022

Description:

The mailguard feature in Cisco Secure PIX Firewall 5.2(2) and earlier does not properly restrict access to SMTP commands, which allows remote attackers to execute restricted commands by sending a DATA command before sending the restricted commands.

Status:Entry
Reference: BID:1698
Reference: URL:http://www.securityfocus.com/bid/1698
Reference: BUGTRAQ:20000919 Cisco PIX Firewall (smtp content filtering hack)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0222.html
Reference: BUGTRAQ:20000920 Re: Cisco PIX Firewall (smtp content filtering hack) - Version 4.2(1) not exploitable
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0241.html
Reference: CISCO:20001005 Cisco Secure PIX Firewall Mailguard Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/PIXfirewallSMTPfilter-pub.shtml
Reference: XF:cisco-pix-smtp-filtering(5277)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5277

---

Name: CVE-2000-1024

Description:

eWave ServletExec 3.0C and earlier does not restrict access to the UploadServlet Java/JSP servlet, which allows remote attackers to upload files and execute arbitrary commands.

Status:Entry
Reference: BID:1876
Reference: URL:http://www.securityfocus.com/bid/1876
Reference: BUGTRAQ:20001101 Unify eWave ServletExec upload
Reference: URL:http://marc.info/?l=bugtraq&m=97306581513537&w=2
Reference: XF:ewave-servletexec-file-upload(5450)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5450

---

Name: CVE-2000-1026

Description:

Multiple buffer overflows in LBNL tcpdump allow remote attackers to execute arbitrary commands.

Status:Entry
Reference: BID:1870
Reference: URL:http://www.securityfocus.com/bid/1870
Reference: DEBIAN:20001120a
Reference: FREEBSD:FreeBSD-SA-00:61
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:61.tcpdump.v1.1.asc
Reference: SUSE:SuSE-SA:2000:46
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0681.html
Reference: XF:tcpdump-afs-packet-overflow(5480)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5480

---

Name: CVE-2000-1027

Description:

Cisco Secure PIX Firewall 5.2(2) allows remote attackers to determine the real IP address of a target FTP server by flooding the server with PASV requests, which includes the real IP address in the response when passive mode is established.

Status:Entry
Reference: BID:1877
Reference: URL:http://www.securityfocus.com/bid/1877
Reference: BUGTRAQ:20001003 Cisco PIX Firewall allow external users to discover internal IPs
Reference: URL:http://marc.info/?l=bugtraq&m=97059440000367&w=2
Reference: OSVDB:1623
Reference: URL:http://www.osvdb.org/1623
Reference: XF:cisco-pix-reveal-address(5646)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5646

---

Name: CVE-2000-1031

Description:

Buffer overflow in dtterm in HP-UX 11.0 and HP Tru64 UNIX 4.0f through 5.1a allows local users to execute arbitrary code via a long -tn option.

Status:Entry
Reference: BID:1889
Reference: URL:http://www.securityfocus.com/bid/1889
Reference: BUGTRAQ:20000810 Re: Possible vulnerability in HPUX ( Add vulnerability List )
Reference: URL:http://www.securityfocus.com/archive/1/75188
Reference: BUGTRAQ:20020902 Happy Labor Day from Snosoft
Reference: URL:http://www.securityfocus.com/archive/1/290115
Reference: BUGTRAQ:20020919 iDEFENSE OSF1/Tru64 3.x vuln clarification
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html
Reference: CERT-VN:VU#320067
Reference: URL:http://www.kb.cert.org/vuls/id/320067
Reference: FULLDISC:20020919 iDEFENSE OSF1/Tru64 3.x vuln clarification
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2002-q3/1203.html
Reference: HP:HPSBUX0011-128
Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0034.html
Reference: HP:SSRT2275
Reference: URL:http://wwss1pro.compaq.com/support/reference_library/viewdocument.asp?source=SRB0039W.xml&dt=11
Reference: HP:SSRT2280
Reference: XF:hp-dtterm(5461)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5461

---

Name: CVE-2000-1032

Description:

The client authentication interface for Check Point Firewall-1 4.0 and earlier generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to identify valid usernames on the firewall.

Status:Entry
Reference: BID:1890
Reference: URL:http://www.securityfocus.com/bid/1890
Reference: BUGTRAQ:20001101 Re: Samba 2.0.7 SWAT vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/142808
Reference: OSVDB:1632
Reference: URL:http://www.osvdb.org/1632
Reference: XF:fw1-login-response(5816)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5816

---

Name: CVE-2000-1034

Description:

Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a long LogFileName parameter in HTML source code, aka the "ActiveX Parameter Validation" vulnerability.

Status:Entry
Reference: BID:1899
Reference: URL:http://www.securityfocus.com/bid/1899
Reference: BUGTRAQ:20001106 System Monitor ActiveX Buffer Overflow Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=97349782305448&w=2
Reference: MS:MS00-085
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-085
Reference: XF:system-monitor-activex-bo(5467)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5467

---

Name: CVE-2000-1036

Description:

Directory traversal vulnerability in Extent RBS ISP web server allows remote attackers to read sensitive information via a .. (dot dot) attack on the Image parameter.

Status:Entry
Reference: BID:1704
Reference: URL:http://www.securityfocus.com/bid/1704
Reference: BUGTRAQ:20000920 Extent RBS directory Transversal.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0252.html
Reference: XF:rbs-isp-directory-traversal(5275)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5275

---

Name: CVE-2000-1038

Description:

The web administration interface for IBM AS/400 Firewall allows remote attackers to cause a denial of service via an empty GET request.

Status:Entry
Reference: AIXAPAR:SA90544
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=SA90544&apar=only
Reference: CONFIRM:http://as400service.rochester.ibm.com/n_dir/nas4apar.NSF/5ec6cdc6ab42894a862568f90073c74a/9ce636030a58807186256955003d128d?OpenDocument
Reference: XF:as400-firewall-dos(5266)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5266

---

Name: CVE-2000-1040

Description:

Format string vulnerability in logging function of ypbind 3.3, while running in debug mode, leaks file descriptors and allows an attacker to cause a denial of service.

Status:Entry
Reference: BID:1820
Reference: URL:http://www.securityfocus.com/bid/1820
Reference: BUGTRAQ:20001025 Immunix OS Security Update for ypbind package
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0356.html
Reference: BUGTRAQ:20001030 Trustix Security Advisory - ping gnupg ypbind
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0429.html
Reference: CALDERA:CSSA-2000-039.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-039.0.txt
Reference: DEBIAN:20001014 nis: local exploit
Reference: URL:http://www.debian.org/security/2000/20001014
Reference: MANDRAKE:MDKSA-2000:064
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1
Reference: REDHAT:RHSA-2000:086
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-086.html
Reference: SUSE:SuSE-SA:2000:042
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0262.html
Reference: XF:ypbind-printf-format-string(5394)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5394

---

Name: CVE-2000-1041

Description:

Buffer overflow in ypbind 3.3 possibly allows an attacker to gain root privileges.

Status:Entry
Reference: CALDERA:CSSA-2000-039.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-039.0.txt
Reference: MANDRAKE:MDKSA-2000:064
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1
Reference: SUSE:SuSE-SA:2000:042
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0262.html
Reference: XF:ypbind-remote-bo(5759)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5759

---

Name: CVE-2000-1042

Description:

Buffer overflow in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.

Status:Entry
Reference: MANDRAKE:MDKSA-2000:064
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1
Reference: XF:linux-ypserv-bo(5730)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5730

---

Name: CVE-2000-1043

Description:

Format string vulnerability in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.

Status:Entry
Reference: MANDRAKE:MDKSA-2000:064
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-064.php3?dis=7.1
Reference: XF:linux-ypserv-format-string(5731)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5731

---

Name: CVE-2000-1044

Description:

Format string vulnerability in ypbind-mt in SuSE SuSE-6.2, and possibly other Linux operating systems, allows an attacker to gain root privileges.

Status:Entry
Reference: BID:1820
Reference: URL:http://www.securityfocus.com/bid/1820
Reference: SUSE:SuSE-SA:2000:042
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0262.html
Reference: XF:ypbind-printf-format-string(5394)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5394

---

Name: CVE-2000-1045

Description:

nss_ldap earlier than 121, when run with nscd (name service caching daemon), allows remote attackers to cause a denial of service via a flood of LDAP requests.

Status:Entry
Reference: BID:1863
Reference: URL:http://www.securityfocus.com/bid/1863
Reference: MANDRAKE:MDKSA-2000-066
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-066-1.php3
Reference: REDHAT:RHSA-2000:024
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-024.html
Reference: XF:nssldap-nscd-dos(5449)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5449

---

Name: CVE-2000-1047

Description:

Buffer overflow in SMTP service of Lotus Domino 5.0.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long ENVID keyword in the "MAIL FROM" command.

Status:Entry
Reference: BID:1905
Reference: URL:http://www.securityfocus.com/bid/1905
Reference: BUGTRAQ:20001103 [SAFER] Buffer overflow in Lotus Domino SMTP Server
Reference: URL:http://www.securityfocus.com/archive/1/143071
Reference: OSVDB:442
Reference: URL:http://www.osvdb.org/442
Reference: XF:lotus-domino-smtp-envid(5488)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5488

---

Name: CVE-2000-1049

Description:

Allaire JRun 3.0 http servlet server allows remote attackers to cause a denial of service via a URL that contains a long string of "." characters.

Status:Entry
Reference: ALLAIRE:ASB00-030
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=18085&Method=Full
Reference: BUGTRAQ:20001101 Allaire's JRUN DoS
Reference: URL:http://marc.info/?l=bugtraq&m=97310314724964&w=2
Reference: XF:allaire-jrun-servlet-dos(5452)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5452

---

Name: CVE-2000-1050

Description:

Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request (aka the "extra leading slash").

Status:Entry
Reference: ALLAIRE:ASB00-027
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=17966&Method=Full
Reference: BUGTRAQ:20001023 Allaire's JRUN Unauthenticated Access to WEB-INF directory
Reference: URL:http://marc.info/?l=bugtraq&m=97236316510117&w=2
Reference: OSVDB:500
Reference: URL:http://www.osvdb.org/500
Reference: XF:allaire-jrun-webinf-access(5407)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5407

---

Name: CVE-2000-1051

Description:

Directory traversal vulnerability in Allaire JRun 2.3 server allows remote attackers to read arbitrary files via the SSIFilter servlet.

Status:Entry
Reference: ALLAIRE:ASB00-028
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=17968&Method=Full
Reference: BUGTRAQ:20001023 Allaire JRUN 2.3 Arbitrary File Retrieval
Reference: URL:http://marc.info/?l=bugtraq&m=97236692714978&w=2
Reference: XF:allaire-jrun-ssifilter-url(5405)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5405

---

Name: CVE-2000-1054

Description:

Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet.

Status:Entry
Reference: BID:1705
Reference: URL:http://www.securityfocus.com/bid/1705
Reference: CISCO:20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server
Reference: URL:http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml
Reference: XF:ciscosecure-csadmin-bo(5272)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5272

---

Name: CVE-2000-1055

Description:

Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large TACACS+ packet.

Status:Entry
Reference: BID:1706
Reference: URL:http://www.securityfocus.com/bid/1706
Reference: CISCO:20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server
Reference: URL:http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml
Reference: OSVDB:1569
Reference: URL:http://www.osvdb.org/1569
Reference: XF:ciscosecure-tacacs-dos(5273)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5273

---

Name: CVE-2000-1056

Description:

CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to bypass LDAP authentication on the server if the LDAP server allows null passwords.

Status:Entry
Reference: BID:1708
Reference: URL:http://www.securityfocus.com/bid/1708
Reference: CISCO:20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server
Reference: URL:http://www.cisco.com/warp/public/707/csecureacsnt-pub.shtml
Reference: XF:ciscosecure-ldap-bypass-authentication(5274)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5274

---

Name: CVE-2000-1057

Description:

Vulnerabilities in database configuration scripts in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows local users to gain privileges, possibly via insecure permissions.

Status:Entry
Reference: BID:1682
Reference: URL:http://www.securityfocus.com/bid/1682
Reference: HP:HPSBUX0009-120
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0140.html
Reference: XF:hp-openview-nnm-scripts(5229)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5229

---

Name: CVE-2000-1058

Description:

Buffer overflow in OverView5 CGI program in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, in the SNMP service (snmp.exe), aka the "Java SNMP MIB Browser Object ID parsing problem."

Status:Entry
Reference: BUGTRAQ:20000926 DST2K0014: BufferOverrun in HP Openview Network Node Manager v6.1 (Round2)
Reference: URL:http://marc.info/?l=bugtraq&m=97004856403173&w=2
Reference: HP:HPSBUX0009-121
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0274.html
Reference: XF:openview-nmm-snmp-bo(5282)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5282

---

Name: CVE-2000-1059

Description:

The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges.

Status:Entry
Reference: BID:1735
Reference: URL:http://www.securityfocus.com/bid/1735
Reference: BUGTRAQ:20000929 Mandrake 7.1 bypasses Xauthority X session security.
Reference: URL:http://www.securityfocus.com/archive/1/136495
Reference: MANDRAKE:MDKSA-2000:052
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-052.php3
Reference: XF:xinitrc-bypass-xauthority(5305)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5305

---

Name: CVE-2000-1060

Description:

The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an "xhost + localhost" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges.

Status:Entry
Reference: BID:1736
Reference: URL:http://www.securityfocus.com/bid/1736
Reference: BUGTRAQ:20001002 Local vulnerability in XFCE 3.5.1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0022.html
Reference: FREEBSD:FreeBSD-SA-00:65
Reference: XF:xinitrc-bypass-xauthority(5305)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5305

---

Name: CVE-2000-1061

Description:

Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the "Microsoft VM ActiveX Component" vulnerability.

Status:Entry
Reference: MS:MS00-075
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-075
Reference: XF:java-vm-applet(5127)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5127

---

Name: CVE-2000-1068

Description:

pollit.cgi in Poll It 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the poll_options parameter.

Status:Entry
Reference: BUGTRAQ:20001023 Re: Poll It v2.0 cgi (again)
Reference: URL:http://marc.info/?l=bugtraq&m=97236719315352&w=2
Reference: CONFIRM:http://www.cgi-world.com/pollit.html
Reference: XF:pollit-polloptions-execute-commands(5792)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5792

---

Name: CVE-2000-1069

Description:

pollit.cgi in Poll It 2.01 and earlier allows remote attackers to access administrative functions without knowing the real password by specifying the same value to the entered_password and admin_password parameters.

Status:Entry
Reference: BUGTRAQ:20001023 Re: Poll It v2.0 cgi (again)
Reference: URL:http://marc.info/?l=bugtraq&m=97236719315352&w=2
Reference: XF:pollit-admin-password-var(5419)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5419

---

Name: CVE-2000-1070

Description:

pollit.cgi in Poll It 2.01 and earlier uses data files that are located under the web document root, which allows remote attackers to access sensitive or private information.

Status:Entry
Reference: BUGTRAQ:20001023 Re: Poll It v2.0 cgi (again)
Reference: URL:http://marc.info/?l=bugtraq&m=97236719315352&w=2
Reference: XF:pollit-webroot-gain-access(5794)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5794

---

Name: CVE-2000-1071

Description:

The GUI installation for iCal 2.1 Patch 2 disables access control for the X server using an "xhost +" command, which allows remote attackers to monitor X Windows events and gain privileges.

Status:Entry
Reference: ATSTAKE:A100900-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a100900-1.txt
Reference: BID:1767
Reference: URL:http://www.securityfocus.com/bid/1767
Reference: OSVDB:7213
Reference: URL:http://www.osvdb.org/7213
Reference: XF:ical-xhost-gain-privileges(5752)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5752

---

Name: CVE-2000-1072

Description:

iCal 2.1 Patch 2 installs many files with world-writeable permissions, which allows local users to modify the iCal configuration and execute arbitrary commands by replacing the iplncal.sh program with a Trojan horse.

Status:Entry
Reference: ATSTAKE:A100900-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a100900-1.txt
Reference: BID:1768
Reference: URL:http://www.securityfocus.com/bid/1768
Reference: OSVDB:7212
Reference: URL:http://www.osvdb.org/7212
Reference: XF:ical-iplncal-gain-access(5756)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5756

---

Name: CVE-2000-1073

Description:

csstart program in iCal 2.1 Patch 2 searches for the cshttpd program in the current working directory, which allows local users to gain root privileges by creating a Trojan Horse cshttpd program in a directory and calling csstart from that directory.

Status:Entry
Reference: ATSTAKE:A100900-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a100900-1.txt
Reference: BID:1769
Reference: URL:http://www.securityfocus.com/bid/1769
Reference: OSVDB:7210
Reference: URL:http://www.osvdb.org/7210
Reference: XF:ical-csstart-gain-access(5757)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5757

---

Name: CVE-2000-1074

Description:

csstart program in iCal 2.1 Patch 2 uses relative pathnames to install the libsocket and libnsl libraries, which could allow the icsuser account to gain root privileges by creating a Trojan Horse library in the current or parent directory.

Status:Entry
Reference: ATSTAKE:A100900-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a100900-1.txt
Reference: BID:1769
Reference: URL:http://www.securityfocus.com/bid/1769
Reference: OSVDB:7209
Reference: URL:http://www.osvdb.org/7209
Reference: XF:ical-csstart-gain-access(5757)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5757

---

Name: CVE-2000-1075

Description:

Directory traversal vulnerability in iPlanet Certificate Management System 4.2 and Directory Server 4.12 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the Agent, End Entity, or Administrator services.

Status:Entry
Reference: BID:1839
Reference: URL:http://www.securityfocus.com/bid/1839
Reference: BUGTRAQ:20001026 [CORE SDI ADVISORY] iPlanet Certificate Management System 4.2 path traversal bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-10/0383.html
Reference: CONFIRM:http://www.iplanet.com/downloads/patches/0122.html
Reference: OSVDB:4086
Reference: URL:http://www.osvdb.org/4086
Reference: OSVDB:486
Reference: URL:http://www.osvdb.org/486
Reference: XF:iplanet-netscape-directory-traversal(5421)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5421

---

Name: CVE-2000-1077

Description:

Buffer overflow in the SHTML logging functionality of iPlanet Web Server 4.x allows remote attackers to execute arbitrary commands via a long filename with a .shtml extension.

Status:Entry
Reference: BUGTRAQ:20001026 Buffer overflow in iPlanet Web Server 4 server side SHTML parsing module
Reference: URL:http://www.securityfocus.com/archive/1/141435
Reference: XF:iplanet-web-server-shtml-bo(5446)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5446

---

Name: CVE-2000-1080

Description:

Quake 1 (quake1) and ProQuake 1.01 and earlier allow remote attackers to cause a denial of service via a malformed (empty) UDP packet.

Status:Entry
Reference: BID:1900
Reference: URL:http://www.securityfocus.com/bid/1900
Reference: BUGTRAQ:20001102 dos on quake1 servers
Reference: URL:http://marc.info/?l=bugtraq&m=97318797630246&w=2
Reference: CONFIRM:http://proquake.ai.mit.edu/
Reference: XF:quake-empty-udp-dos(5527)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5527

---

Name: CVE-2000-1089

Description:

Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability.

Status:Entry
Reference: ATSTAKE:A120400-1
Reference: URL:http://www.stake.com/research/advisories/2000/a120400-1.txt
Reference: BID:2048
Reference: URL:http://www.securityfocus.com/bid/2048
Reference: MS:MS00-094
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-094
Reference: XF:phone-book-service-bo(5623)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5623

---

Name: CVE-2000-1094

Description:

Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows remote attackers to execute arbitrary commands via a "buddyicon" command with a long "src" argument.

Status:Entry
Reference: ATSTAKE:A121200-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a121200-1.txt
Reference: BUGTRAQ:20001213 Administrivia & AOL IM Advisory
Reference: URL:http://marc.info/?l=bugtraq&m=97668265628917&w=2
Reference: BUGTRAQ:20001214 Re: AIM & @stake's advisory
Reference: URL:http://marc.info/?l=bugtraq&m=97683774417132&w=2
Reference: OSVDB:1692
Reference: URL:http://www.osvdb.org/1692
Reference: XF:aolim-buddyicon-bo

---

Name: CVE-2000-1095

Description:

modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters.

Status:Entry
Reference: BID:1936
Reference: URL:http://www.securityfocus.com/bid/1936
Reference: BUGTRAQ:20001112 RedHat 7.0 (and SuSE): modutils + netkit = root compromise. (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0179.html
Reference: CONECTIVA:CLSA-2000:340
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000340
Reference: DEBIAN:20001120 modutils: local exploit
Reference: URL:http://www.debian.org/security/2000/20001120
Reference: MANDRAKE:MDKSA-2000:071
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-071-1.php3?dis=7.1
Reference: REDHAT:RHSA-2000:108
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-108.html
Reference: SUSE:SuSE-SA:2000:44
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2000-q4/0596.html
Reference: XF:linux-modprobe-execute-code(5516)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5516

---

Name: CVE-2000-1096

Description:

crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating world-writeable temporary files and modifying them while the victim is editing the file.

Status:Entry
Reference: BID:1960
Reference: URL:http://www.securityfocus.com/bid/1960
Reference: BUGTRAQ:20001116 vixie cron...
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0237.html
Reference: DEBIAN:20001118a
Reference: XF:vixie-cron-execute-commands(5543)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5543

---

Name: CVE-2000-1097

Description:

The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via a long username in the authentication page.

Status:Entry
Reference: BID:2013
Reference: URL:http://www.securityfocus.com/bid/2013
Reference: BUGTRAQ:20001129 DoS in Sonicwall SOHO firewall
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0406.html
Reference: BUGTRAQ:20001201 FW: SonicWALL SOHO Vulnerability (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0435.html
Reference: OSVDB:1667
Reference: URL:http://www.osvdb.org/1667
Reference: XF:sonicwall-soho-dos(5596)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5596

---

Name: CVE-2000-1099

Description:

Java Runtime Environment in Java Development Kit (JDK) 1.2.2_05 and earlier can allow an untrusted Java class to call into a disallowed class, which could allow an attacker to escape the Java sandbox and conduct unauthorized activities.

Status:Entry
Reference: HP:HPSBUX0011-132
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0011-132
Reference: OSVDB:7255
Reference: URL:http://www.osvdb.org/7255
Reference: SUN:00199
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/199&type=0&nav=sec.sba
Reference: XF:jdk-untrusted-java-class(5605)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5605

---

Name: CVE-2000-1101

Description:

Directory traversal vulnerability in Winsock FTPd (WFTPD) 3.00 and 2.41 with the "Restrict to home directory" option enabled allows local users to escape the home directory via a "/../" string, a variation of the .. (dot dot) attack.

Status:Entry
Reference: BID:2005
Reference: URL:http://www.securityfocus.com/bid/2005
Reference: BUGTRAQ:20001127 Vulnerability in Winsock FTPD 2.41/3.00 (Pro)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0386.html
Reference: XF:wftpd-dir-traverse(5608)
Reference: URL:http://www.iss.net/security_center/static/5608.php

---

Name: CVE-2000-1106

Description:

Trend Micro InterScan VirusWall creates an "Intscan" share to the "InterScan" directory with permissions that grant Full Control permissions to the Everyone group, which allows attackers to gain privileges by modifying the VirusWall programs.

Status:Entry
Reference: BID:2014
Reference: URL:http://www.securityfocus.com/bid/2014
Reference: BUGTRAQ:20001128 TrendMicro InterScan VirusWall shared folder problem
Reference: URL:http://www.securityfocus.com/archive/1/147563
Reference: BUGTRAQ:20001201 Responding to BugTraq ID 2014 - "Trend Micro InterScan VirusWall Shared Directory Vulnerability"
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0016.html
Reference: XF:interscan-viruswall-unauth-access(5606)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5606

---

Name: CVE-2000-1107

Description:

in.identd ident server in SuSE Linux 6.x and 7.0 allows remote attackers to cause a denial of service via a long request, which causes the server to access a NULL pointer and crash.

Status:Entry
Reference: BID:2015
Reference: URL:http://www.securityfocus.com/bid/2015
Reference: BUGTRAQ:20001128 SuSE Linux 6.x 7.0 Ident buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0387.html
Reference: XF:linux-ident-bo(5590)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5590

---

Name: CVE-2000-1108

Description:

cons.saver in Midnight Commander (mc) 4.5.42 and earlier does not properly verify if an output file descriptor is a TTY, which allows local users to corrupt files by creating a symbolic link to the target file, calling mc, and specifying that link as a TTY argument.

Status:Entry
Reference: BID:1945
Reference: URL:http://www.securityfocus.com/bid/1945
Reference: BUGTRAQ:20001113 Problems with cons.saver
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0192.html
Reference: DEBIAN:20001125 mc: local DoS
Reference: URL:http://www.debian.org/security/2000/20001125
Reference: MANDRAKE:MDKSA-2000:078
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-078.php3
Reference: XF:midnight-commander-conssaver-symlink(5519)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5519

---

Name: CVE-2000-1109

Description:

Midnight Commander (mc) 4.5.51 and earlier does not properly process malformed directory names when a user opens a directory, which allows other local users to gain privileges by creating directories that contain special characters followed by the commands to be executed.

Status:Entry
Reference: BID:2016
Reference: URL:http://www.securityfocus.com/bid/2016
Reference: BUGTRAQ:20001127 Midnight Commander
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0373.html
Reference: DEBIAN:DSA-036
Reference: URL:http://www.debian.org/security/2001/dsa-036
Reference: SUSE:SuSE-SA:2001:11
Reference: URL:http://www.novell.com/linux/security/advisories/2001_011_mc.html
Reference: XF:midnight-commander-elevate-privileges(5929)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5929

---

Name: CVE-2000-1111

Description:

Telnet Service for Windows 2000 Professional does not properly terminate incomplete connection attempts, which allows remote attackers to cause a denial of service by connecting to the server and not providing any input.

Status:Entry
Reference: BID:2018
Reference: URL:http://www.securityfocus.com/bid/2018
Reference: BUGTRAQ:20001129 Windows 2000 Telnet Service DoS
Reference: URL:http://www.securityfocus.com/archive/1/147914
Reference: XF:win2k-telnet-dos(5598)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5598

---

Name: CVE-2000-1112

Description:

Microsoft Windows Media Player 7 executes scripts in custom skin (.WMS) files, which could allow remote attackers to gain privileges via a skin that contains a malicious script, aka the ".WMS Script Execution" vulnerability.

Status:Entry
Reference: BID:1976
Reference: URL:http://www.securityfocus.com/bid/1976
Reference: MS:MS00-090
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-090
Reference: XF:mediaplayer-wms-script-exe(5575)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5575

---

Name: CVE-2000-1113

Description:

Buffer overflow in Microsoft Windows Media Player allows remote attackers to execute arbitrary commands via a malformed Active Stream Redirector (.ASX) file, aka the ".ASX Buffer Overrun" vulnerability.

Status:Entry
Reference: ATSTAKE:A112300-1
Reference: URL:http://www.atstake.com/research/advisories/2000/a112300-1.txt
Reference: BID:1980
Reference: URL:http://www.securityfocus.com/bid/1980
Reference: MS:MS00-090
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-090
Reference: XF:mediaplayer-asx-bo(5574)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5574

---

Name: CVE-2000-1115

Description:

Buffer overflow in remote web administration component (webprox.dll) of 602Pro LAN SUITE before 2000.0.1.33 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.

Status:Entry
Reference: BID:1979
Reference: URL:http://www.securityfocus.com/bid/1979
Reference: BUGTRAQ:20001122 602Pro Lan Suite Web Admin Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0299.html
Reference: CONFIRM:http://www.software602.com/products/ls/support/newbuild.html
Reference: XF:software602-lan-suite-bo(5583)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5583

---

Name: CVE-2000-1119

Description:

Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands via a long "x=" argument.

Status:Entry
Reference: AIXAPAR:IY08812
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY08812&apar=only
Reference: AIXAPAR:IY10721
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY10721&apar=only
Reference: BID:2032
Reference: URL:http://www.securityfocus.com/bid/2032
Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities
Reference: URL:http://marc.info/?l=bugtraq&m=97569466809056&w=2
Reference: OSVDB:1676
Reference: URL:http://www.osvdb.org/1676
Reference: XF:aix-setsenv-bo(5621)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5621

---

Name: CVE-2000-1120

Description:

Buffer overflow in digest command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands.

Status:Entry
Reference: AIXAPAR:IY08143
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY08143&apar=only
Reference: AIXAPAR:IY08287
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY08287&apar=only
Reference: BID:2033
Reference: URL:http://www.securityfocus.com/bid/2033
Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities
Reference: URL:http://marc.info/?l=bugtraq&m=97569466809056&w=2
Reference: XF:aix-digest-bo(5620)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5620

---

Name: CVE-2000-1121

Description:

Buffer overflow in enq command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long -M argument.

Status:Entry
Reference: AIXAPAR:IY08143
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY08143&apar=only
Reference: AIXAPAR:IY08287
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY08287&apar=only
Reference: BID:2034
Reference: URL:http://www.securityfocus.com/bid/2034
Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities
Reference: URL:http://marc.info/?l=bugtraq&m=97569466809056&w=2
Reference: XF:aix-enq-bo(5619)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5619

---

Name: CVE-2000-1122

Description:

Buffer overflow in setclock command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long argument.

Status:Entry
Reference: AIXAPAR:IY07790
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY07790&apar=only
Reference: AIXAPAR:IY07831
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY07831&apar=only
Reference: BID:2035
Reference: URL:http://www.securityfocus.com/bid/2035
Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities
Reference: URL:http://marc.info/?l=bugtraq&m=97569466809056&w=2

---

Name: CVE-2000-1123

Description:

Buffer overflow in pioout command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands.

Status:Entry
Reference: AIXAPAR:IY12638
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY12638&apar=only
Reference: BID:2036
Reference: URL:http://www.securityfocus.com/bid/2036
Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities
Reference: URL:http://marc.info/?l=bugtraq&m=97569466809056&w=2
Reference: XF:aix-pioout-bo(5617)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5617

---

Name: CVE-2000-1124

Description:

Buffer overflow in piobe command in IBM AIX 4.3.x allows local users to gain privileges via long environmental variables.

Status:Entry
Reference: AIXAPAR:IY12638
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY12638&apar=only
Reference: BID:2037
Reference: URL:http://www.securityfocus.com/bid/2037
Reference: BUGTRAQ:20001201 Fixed local AIX V43 vulnerabilities
Reference: URL:http://marc.info/?l=bugtraq&m=97569466809056&w=2
Reference: XF:aix-piobe-bo(5616)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5616

---

Name: CVE-2000-1131

Description:

Bill Kendrick web site guestbook (GBook) allows remote attackers to execute arbitrary commands via shell metacharacters in the _MAILTO form variable.

Status:Entry
Reference: BID:1940
Reference: URL:http://www.securityfocus.com/bid/1940
Reference: BUGTRAQ:20001110 [hacksware] gbook.cgi remote command execution vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0144.html
Reference: XF:gbook-cgi-remote-execution(5509)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5509

---

Name: CVE-2000-1132

Description:

DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed "forum" variable.

Status:Entry
Reference: BID:1951
Reference: URL:http://www.securityfocus.com/bid/1951
Reference: BUGTRAQ:20001114 Cgisecurity.com advisory on dcforum
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0218.html
Reference: CONFIRM:http://www.dcscripts.com/dcforum/dcfNews/124.html#1
Reference: OSVDB:1646
Reference: URL:http://www.osvdb.org/1646
Reference: XF:dcforum-cgi-view-files(5533)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5533

---

Name: CVE-2000-1135

Description:

fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite files of other users via a symlink attack.

Status:Entry
Reference: DEBIAN:20001130 DSA-002-1 fsh: symlink attack
Reference: URL:http://www.debian.org/security/2000/20001130
Reference: OSVDB:7208
Reference: URL:http://www.osvdb.org/7208
Reference: XF:linux-fsh-symlink(5633)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5633

---

Name: CVE-2000-1136

Description:

elvis-tiny before 1.4-10 in Debian GNU/Linux, and possibly other Linux operating systems, allows local users to overwrite files of other users via a symlink attack.

Status:Entry
Reference: BID:1984
Reference: URL:http://www.securityfocus.com/bid/1984
Reference: BUGTRAQ:20001122 New version of elvis-tiny released
Reference: URL:http://marc.info/?l=bugtraq&m=97502995616099&w=2
Reference: XF:linux-tinyelvis-tmpfiles(5632)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5632

---

Name: CVE-2000-1137

Description:

GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack.

Status:Entry
Reference: BUGTRAQ:20001211 Immunix OS Security update for ed
Reference: CONECTIVA:CLA-2000:359-2
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000359
Reference: DEBIAN:20001129 DSA-001-1 ed: symlink attack
Reference: URL:http://www.debian.org/security/2000/20001129
Reference: MANDRAKE:MDKSA-2000:076
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-076.php3
Reference: OSVDB:6491
Reference: URL:http://www.osvdb.org/6491
Reference: REDHAT:RHSA-2000:123
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-123.html
Reference: XF:gnu-ed-symlink(5723)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5723

---

Name: CVE-2000-1139

Description:

The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.

Status:Entry
Reference: BID:1958
Reference: URL:http://www.securityfocus.com/bid/1958
Reference: MS:MS00-088
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-088
Reference: XF:ms-exchange-username-pwd(5537)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5537

---

Name: CVE-2000-1140

Description:

Recourse ManTrap 1.6 does not properly hide processes from attackers, which could allow attackers to determine that they are in a honeypot system by comparing the results from kill commands with the process listing in the /proc filesystem.

Status:Entry
Reference: BID:1908
Reference: URL:http://www.securityfocus.com/bid/1908
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: XF:mantrap-hidden-processes(5473)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5473

---

Name: CVE-2000-1141

Description:

Recourse ManTrap 1.6 modifies the kernel so that ".." does not appear in the /proc listing, which allows attackers to determine that they are in a honeypot system.

Status:Entry
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://marc.info/?l=bugtraq&m=97349791405580&w=2
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: XF:mantrap-hidden-processes(5473)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5473

---

Name: CVE-2000-1142

Description:

Recourse ManTrap 1.6 generates an error when an attacker cd's to /proc/self/cwd and executes the pwd command, which allows attackers to determine that they are in a honeypot system.

Status:Entry
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://marc.info/?l=bugtraq&m=97349791405580&w=2
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: XF:mantrap-pwd-reveal-information(5949)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5949

---

Name: CVE-2000-1143

Description:

Recourse ManTrap 1.6 hides the first 4 processes that run on a Solaris system, which allows attackers to determine that they are in a honeypot system.

Status:Entry
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://marc.info/?l=bugtraq&m=97349791405580&w=2
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: XF:mantrap-hidden-processes(5473)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5473

---

Name: CVE-2000-1144

Description:

Recourse ManTrap 1.6 sets up a chroot environment to hide the fact that it is running, but the inode number for the resulting "/" file system is higher than normal, which allows attackers to determine that they are in a chroot environment.

Status:Entry
Reference: BID:1909
Reference: URL:http://www.securityfocus.com/bid/1909
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://marc.info/?l=bugtraq&m=97349791405580&w=2
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: XF:mantrap-inode-disclosure(5472)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5472

---

Name: CVE-2000-1145

Description:

Recourse ManTrap 1.6 allows attackers who have gained root access to use utilities such as crash or fsdb to read /dev/mem and raw disk devices to identify ManTrap processes or modify arbitrary data files.

Status:Entry
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://marc.info/?l=bugtraq&m=97349791405580&w=2
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: XF:mantrap-identify-processes(5950)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5950

---

Name: CVE-2000-1146

Description:

Recourse ManTrap 1.6 allows attackers to cause a denial of service via a sequence of commands that navigate into and out of the /proc/self directory and executing various commands such as ls or pwd.

Status:Entry
Reference: BID:1913
Reference: URL:http://www.securityfocus.com/bid/1913
Reference: BUGTRAQ:20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0041.html
Reference: BUGTRAQ:20001105 Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://marc.info/?l=bugtraq&m=97349791405580&w=2
Reference: BUGTRAQ:20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0100.html
Reference: XF:mantrap-dir-dos(5528)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5528

---

Name: CVE-2000-1148

Description:

The installation of VolanoChatPro chat server sets world-readable permissions for its configuration file and stores the server administrator passwords in plaintext, which allows local users to gain privileges on the server.

Status:Entry
Reference: BID:1906
Reference: URL:http://www.securityfocus.com/bid/1906
Reference: BUGTRAQ:20001104 Filesystem Access + VolanoChat = VChat admin (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0072.html
Reference: BUGTRAQ:20001106 Re: FW: Filesystem Access + VolanoChat = VChat admin (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0085.html
Reference: XF:volanochatpro-plaintext-password(5465)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5465

---

Name: CVE-2000-1149

Description:

Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server allows remote attackers to execute arbitrary commands via a long username, aka the "Terminal Server Login Buffer Overflow" vulnerability.

Status:Entry
Reference: BID:1924
Reference: URL:http://www.securityfocus.com/bid/1924
Reference: BUGTRAQ:20001108 [CORE SDI ADVISORY] MS NT4.0 Terminal Server Edition GINA buffer overflow
Reference: URL:http://www.securityfocus.com/archive/1/143991
Reference: MS:MS00-087
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-087
Reference: XF:nt-termserv-gina-bo(5489)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5489

---

Name: CVE-2000-1162

Description:

ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack.

Status:Entry
Reference: BID:1990
Reference: URL:http://www.securityfocus.com/bid/1990
Reference: CALDERA:CSSA-2000-041
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-041.0.txt
Reference: CONECTIVA:CLSA-2000:343
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000343
Reference: DEBIAN:20001123 ghostscript: symlink attack
Reference: URL:http://www.debian.org/security/2000/20001123
Reference: MANDRAKE:MDKSA-2000:074
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-074.php3
Reference: REDHAT:RHSA-2000:114
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-114.html
Reference: XF:ghostscript-sym-link(5563)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5563

---

Name: CVE-2000-1163

Description:

ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript.

Status:Entry
Reference: BID:1991
Reference: URL:http://www.securityfocus.com/bid/1991
Reference: CALDERA:CSSA-2000-041
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2000-041.0.txt
Reference: CONECTIVA:CLSA-2000:343
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000343
Reference: DEBIAN:20001123 ghostscript: symlink attack
Reference: URL:http://www.debian.org/security/2000/20001123
Reference: MANDRAKE:MDKSA-2000:074
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-074.php3
Reference: XF:ghostscript-env-variable(5564)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5564

---

Name: CVE-2000-1164

Description:

WinVNC installs the WinVNC3 registry key with permissions that give Special Access (read and modify) to the Everybody group, which allows users to read and modify sensitive information such as passwords and gain access to the system.

Status:Entry
Reference: BID:1961
Reference: URL:http://www.securityfocus.com/bid/1961
Reference: BUGTRAQ:20001118 WinVNC 3.3.x
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0253.html
Reference: XF:winvnc-modify-registry(5545)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5545

---

Name: CVE-2000-1165

Description:

Balabit syslog-ng allows remote attackers to cause a denial of service (application crash) via a malformed log message that does not have a closing > in the priority specifier.

Status:Entry
Reference: BID:1981
Reference: URL:http://www.securityfocus.com/bid/1981
Reference: BUGTRAQ:20001122 DoS possibility in syslog-ng
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0300.html
Reference: CONFIRM:http://www.balabit.hu/products/syslog-ng/
Reference: FREEBSD:FreeBSD-SA-01:02
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:02.syslog-ng.asc
Reference: XF:balabit-syslog-ng-dos(5576)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5576

---

Name: CVE-2000-1166

Description:

Twig webmail system does not properly set the "vhosts" variable if it is not configured on the site, which allows remote attackers to insert arbitrary PHP (PHP3) code by specifying an alternate vhosts as an argument to the index.php3 program.

Status:Entry
Reference: BID:1998
Reference: URL:http://www.securityfocus.com/bid/1998
Reference: BUGTRAQ:20001124 Security problems with TWIG webmail system
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0351.html
Reference: CONFIRM:http://twig.screwdriver.net/file.php3?file=CHANGELOG
Reference: XF:twig-php3-script-execute(5581)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5581

---

Name: CVE-2000-1167

Description:

ppp utility in FreeBSD 4.1.1 and earlier does not properly restrict access as specified by the "nat deny_incoming" command, which allows remote attackers to connect to the target system.

Status:Entry
Reference: BID:1974
Reference: URL:http://www.securityfocus.com/bid/1974
Reference: FREEBSD:FreeBSD-SA-00:70
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:70.ppp-nat.asc
Reference: OSVDB:1655
Reference: URL:http://www.osvdb.org/1655
Reference: XF:freebsd-ppp-bypass-gateway(5584)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5584

---

Name: CVE-2000-1169

Description:

OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent.

Status:Entry
Reference: BID:1949
Reference: URL:http://www.securityfocus.com/bid/1949
Reference: BUGTRAQ:20001115 Trustix Security Advisory - bind and openssh (and modutils)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0217.html
Reference: BUGTRAQ:20001123 OpenSSH Security Advisory (adv.fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0195.html
Reference: CONECTIVA:CLSA-2000:345
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000345
Reference: DEBIAN:20001118 openssh: possible remote exploit
Reference: URL:http://www.debian.org/security/2000/20001118
Reference: MANDRAKE:MDKSA-2000:068
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-068.php3
Reference: OSVDB:2114
Reference: URL:http://www.osvdb.org/2114
Reference: OSVDB:6248
Reference: URL:http://www.osvdb.org/6248
Reference: REDHAT:RHSA-2000:111
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-111.html
Reference: SUSE:SuSE-SA:2000:47
Reference: URL:http://lists.suse.com/archives/suse-security-announce/2000-Nov/0004.html
Reference: XF:openssh-unauthorized-access(5517)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5517

---

Name: CVE-2000-1170

Description:

Buffer overflow in Netsnap webcam HTTP server before 1.2.9 allows remote attackers to execute arbitrary commands via a long GET request.

Status:Entry
Reference: BID:1956
Reference: URL:http://www.securityfocus.com/bid/1956
Reference: BUGTRAQ:20001115 Netsnap Webcam Software Remote Overflow
Reference: URL:http://marc.info/?l=bugtraq&m=97439536016554&w=2
Reference: CONFIRM:http://www.netsnap.com/new.htm
Reference: XF:netsnap-remote-bo(5534)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5534

---

Name: CVE-2000-1171

Description:

Directory traversal vulnerability in cgiforum.pl script in CGIForum 1.0 allows remote attackers to ready arbitrary files via a .. (dot dot) attack in the "thesection" parameter.

Status:Entry
Reference: BID:1963
Reference: URL:http://www.securityfocus.com/bid/1963
Reference: BUGTRAQ:20001120 CGIForum 1.0 Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0263.html
Reference: XF:cgiforum-view-files(5553)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5553

---

Name: CVE-2000-1174

Description:

Multiple buffer overflows in AFS ACL parser for Ethereal 0.8.13 and earlier allows remote attackers to execute arbitrary commands via a packet with a long username.

Status:Entry
Reference: BID:1972
Reference: URL:http://www.securityfocus.com/bid/1972
Reference: BUGTRAQ:20001118 [hacksware] Ethereal 0.8.13 AFS ACL parsing buffer overflow bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0251.html
Reference: CONECTIVA:CLSA-2000:342
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000342
Reference: DEBIAN:20001121 ethereal: remote exploit
Reference: URL:http://www.debian.org/security/2000/20001122a
Reference: FREEBSD:FreeBSD-SA-00:81
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:81.ethereal.asc
Reference: REDHAT:RHSA-2000:116
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-116.html
Reference: XF:ethereal-afs-bo(5557)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5557

---

Name: CVE-2000-1178

Description:

Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes.

Status:Entry
Reference: BID:1959
Reference: URL:http://www.securityfocus.com/bid/1959
Reference: BUGTRAQ:20001116 Joe's Own Editor File Link Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0227.html
Reference: BUGTRAQ:20001121 Immunix OS Security update for joe
Reference: URL:http://marc.info/?l=bugtraq&m=97500174210821&w=2
Reference: CONECTIVA:CLA-2000:356
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000356
Reference: DEBIAN:20001122
Reference: DEBIAN:20001201 DSA-003-1 joe: symlink attack
Reference: URL:http://www.debian.org/security/2000/20001201
Reference: MANDRAKE:MDKSA-2000:072
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-072.php3
Reference: REDHAT:RHSA-2000:110
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-110.html
Reference: XF:joe-symlink-corruption(5546)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5546

---

Name: CVE-2000-1179

Description:

Netopia ISDN Router 650-ST before 4.3.5 allows remote attackers to read system logs without authentication by directly connecting to the login screen and typing certain control characters.

Status:Entry
Reference: BID:1952
Reference: URL:http://www.securityfocus.com/bid/1952
Reference: BUGTRAQ:20001115 Netopia ISDN Router 650-ST: Viewing of all system logs without login
Reference: URL:http://marc.info/?l=bugtraq&m=97440068130051&w=2
Reference: XF:netopia-view-system-log(5536)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5536

---

Name: CVE-2000-1180

Description:

Buffer overflow in cmctl program in Oracle 8.1.5 Connection Manager Control allows local users to gain privileges via a long command line argument.

Status:Entry
Reference: BID:1968
Reference: URL:http://www.securityfocus.com/bid/1968
Reference: BUGTRAQ:20001120 vulnerability in Connection Manager Control binary in Oracle
Reference: URL:http://marc.info/?l=bugtraq&m=97474521003453&w=2
Reference: BUGTRAQ:20010118 Patch for Potential Security Vulnerability in Oracle Connection Manager Control
Reference: XF:oracle-cmctl-bo(5551)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5551

---

Name: CVE-2000-1181

Description:

Real Networks RealServer 7 and earlier allows remote attackers to obtain portions of RealServer's memory contents, possibly including sensitive information, by accessing the /admin/includes/ URL.

Status:Entry
Reference: BID:1957
Reference: URL:http://www.securityfocus.com/bid/1957
Reference: BUGTRAQ:20001116 [CORE SDI ADVISORY] RealServer memory contents disclosure
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0236.html
Reference: CONFIRM:http://service.real.com/help/faq/security/memory.html
Reference: XF:realserver-gain-access(5538)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5538

---

Name: CVE-2000-1182

Description:

WatchGuard Firebox II allows remote attackers to cause a denial of service by flooding the Firebox with a large number of FTP or SMTP requests, which disables proxy handling.

Status:Entry
Reference: BID:1953
Reference: URL:http://www.securityfocus.com/bid/1953
Reference: BUGTRAQ:20001116 Possible Watchguard Firebox II DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0224.html
Reference: CONFIRM:https://www.watchguard.com/support/patches.html
Reference: XF:watchguard-firebox-ftp-dos(5535)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5535

---

Name: CVE-2000-1184

Description:

telnetd in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service by specifying an arbitrary large file in the TERMCAP environmental variable, which consumes resources as the server processes the file.

Status:Entry
Reference: FREEBSD:FreeBSD-SA-00:69
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:69.telnetd.v1.1.asc
Reference: OSVDB:6083
Reference: URL:http://www.osvdb.org/6083
Reference: XF:telnetd-termcap-dos(5959)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5959

---

Name: CVE-2000-1187

Description:

Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field.

Status:Entry
Reference: BUGTRAQ:20001121 Immunix OS Security update for netscape
Reference: URL:http://marc.info/?l=bugtraq&m=97500270012529&w=2
Reference: CONECTIVA:CLSA-2000:344
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000344
Reference: FREEBSD:FreeBSD-SA-00:66
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:66.netscape.asc
Reference: OSVDB:7207
Reference: URL:http://www.osvdb.org/7207
Reference: REDHAT:RHSA-2000:109
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-109.html
Reference: SUSE:SuSE-SA:2000:48
Reference: URL:http://lists.suse.com/archives/suse-security-announce/2000-Nov/0005.html
Reference: XF:netscape-client-html-bo(5542)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5542

---

Name: CVE-2000-1189

Description:

Buffer overflow in pam_localuser PAM module in Red Hat Linux 7.x and 6.x allows attackers to gain privileges.

Status:Entry
Reference: CONECTIVA:CLA-2000:358
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000358
Reference: MANDRAKE:MDKSA-2000:082-1
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-082.php3
Reference: REDHAT:RHSA-2000:120
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-120.html
Reference: XF:pam-localuser-bo(5747)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5747

---

Name: CVE-2000-1190

Description:

imwheel-solo in imwheel package allows local users to modify arbitrary files via a symlink attack from the .imwheelrc file.

Status:Entry
Reference: BUGTRAQ:20000531 Re: strike#2
Reference: URL:http://marc.info/?l=bugtraq&m=95984116811100&w=2
Reference: REDHAT:RHSA-2000:016
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-016.html
Reference: XF:linux-imwheel-symlink(4941)
Reference: URL:http://www.iss.net/security_center/static/4941.php

---

Name: CVE-2000-1193

Description:

Performance Metrics Collector Daemon (PMCD) in Performance Copilot in IRIX 6.x allows remote attackers to cause a denial of service (resource exhaustion) via an extremely long string to the PMCD port.

Status:Entry
Reference: BUGTRAQ:20000412 Performance Copilot for IRIX 6.5
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-04/0056.html
Reference: SGI:20020407-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020407-01-I
Reference: XF:irix-pcp-pmcd-dos(4284)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4284

---

Name: CVE-2000-1195

Description:

telnet daemon (telnetd) from the Linux netkit package before netkit-telnet-0.16 allows remote attackers to bypass authentication when telnetd is running with the -L command line option.

Status:Entry
Reference: CALDERA:CSSA-2000-008.0
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2000-008.0.txt
Reference: XF:telnetd-login-bypass(4225)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4225

---

Name: CVE-2000-1196

Description:

PSCOErrPage.htm in Netscape PublishingXpert 2.5 before SP2 allows remote attackers to read arbitrary files by specifying the target file in the errPagePath parameter.

Status:Entry
Reference: CONFIRM:http://docs.iplanet.com/docs/manuals/pubx/2.5.2_Relnotes.html
Reference: MISC:http://packetstormsecurity.org/0004-exploits/ooo1.txt
Reference: XF:publishingxpert-pscoerrpage-url(7362)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7362

---

Name: CVE-2000-1200

Description:

Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users.

Status:Entry
Reference: BID:959
Reference: URL:http://www.securityfocus.com/bid/959
Reference: BUGTRAQ:20000201 Windows NT and account list leak ! A new SID usage
Reference: URL:http://www.securityfocus.com/archive/1/44430
Reference: XF:nt-lsa-domain-sid(4015)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/4015

---

Name: CVE-2000-1203

Description:

Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop.

Status:Entry
Reference: BID:3212
Reference: URL:http://www.securityfocus.com/bid/3212
Reference: BUGTRAQ:20010820 Lotus Domino DoS
Reference: URL:http://www.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-01-21&end=2002-01-27&mid=209116&threads=1
Reference: BUGTRAQ:20010823 Lotus Domino DoS solution
Reference: URL:http://www.securityfocus.com/archive/1/209754
Reference: VULN-DEV:20000520 Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER
Reference: URL:http://marc.info/?l=vuln-dev&m=95886062521327&w=2
Reference: XF:lotus-domino-bounced-message-dos(7012)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7012

---

Name: CVE-2000-1210

Description:

Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.

Status:Entry
Reference: BUGTRAQ:20000322 Security bug in Apache project: Jakarta Tomcat
Reference: URL:http://marc.info/?l=bugtraq&m=95371672300045&w=2
Reference: XF:apache-tomcat-file-contents(4205)
Reference: URL:http://www.iss.net/security_center/static/4205.php

---

Name: CVE-2000-1211

Description:

Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities.

Status:Entry
Reference: BUGTRAQ:20001222 Zope DTML Role Issue
Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_2000-12-08/security_alert
Reference: MANDRAKE:MDKSA-2000:083
Reference: URL:http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-083.php3
Reference: OSVDB:6282
Reference: URL:http://www.osvdb.org/6282
Reference: REDHAT:RHSA-2000:125
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-125.html
Reference: XF:zope-legacy-names(5824)
Reference: URL:http://www.iss.net/security_center/static/5824.php

---

Name: CVE-2000-1212

Description:

Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects.

Status:Entry
Reference: CONECTIVA:CLA-2000:365
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000365
Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_2000-12-18/security_alert
Reference: DEBIAN:DSA-007
Reference: URL:http://www.debian.org/security/2001/dsa-007
Reference: MANDRAKE:MDKSA-2000:086
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2000:086
Reference: OSVDB:6283
Reference: URL:http://www.osvdb.org/6283
Reference: REDHAT:RHSA-2000:135
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-135.html
Reference: XF:zope-image-file(5778)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5778

---

Name: CVE-2001-0001

Description:

cookiedecode function in PHP-Nuke 4.4 allows users to bypass authentication and gain access to other user accounts by extracting the authentication information from a cookie.

Status:Entry
Reference: BUGTRAQ:20010213 RFP2101: RFPlutonium to fuel your PHP-Nuke
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0257.html
Reference: XF:php-nuke-elevate-privileges(6183)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6183

---

Name: CVE-2001-0002

Description:

Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs.

Status:Entry
Reference: BID:2456
Reference: URL:http://www.securityfocus.com/bid/2456
Reference: BUGTRAQ:20001120 IE 5.x/Outlook allows executing arbitrary programs using .chm files and temporary internet files folder
Reference: MISC:http://www.guninski.com/chmtempmain.html
Reference: MS:MS01-015
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-015
Reference: OSVDB:7823
Reference: URL:http://www.osvdb.org/7823
Reference: OVAL:oval:org.mitre.oval:def:920
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A920
Reference: XF:ie-chm-execute-files(5567)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5567

---

Name: CVE-2001-0003

Description:

Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.

Status:Entry
Reference: BID:2199
Reference: URL:http://www.securityfocus.com/bid/2199
Reference: MS:MS01-001
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-001
Reference: XF:wec-ntlm-authentication(5920)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5920

---

Name: CVE-2001-0004

Description:

IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability.

Status:Entry
Reference: BID:2313
Reference: URL:http://www.securityfocus.com/bid/2313
Reference: BUGTRAQ:20010108 IIS 5.0 allows viewing files using %3F+.htr
Reference: URL:http://marc.info/?l=bugtraq&m=97897954625305&w=2
Reference: MS:MS01-004
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-004
Reference: XF:iis-read-files(5903)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5903

---

Name: CVE-2001-0005

Description:

Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands.

Status:Entry
Reference: ATSTAKE:A012301-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a012301-1.txt
Reference: MS:MS01-002
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-002
Reference: XF:powerpoint-execute-code(5996)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5996

---

Name: CVE-2001-0006

Description:

The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex" vulnerability.

Status:Entry
Reference: BUGTRAQ:20010126 ntsecurity.nu advisory: Winsock Mutex Vulnerability in Windows NT 4.0 SP6 and below
Reference: URL:http://marc.info/?l=bugtraq&m=98075221915234&w=2
Reference: MS:MS01-003
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-003
Reference: XF:winnt-mutex-dos(6006)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6006

---

Name: CVE-2001-0007

Description:

Buffer overflow in NetScreen Firewall WebUI allows remote attackers to cause a denial of service via a long URL request to the web administration interface.

Status:Entry
Reference: BID:2176
Reference: URL:http://www.securityfocus.com/bid/2176
Reference: BUGTRAQ:20010109 NSFOCUS SA2001-01: NetScreen Firewall WebUI Buffer Overflow vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/155149
Reference: OSVDB:1707
Reference: URL:http://www.osvdb.org/1707
Reference: XF:netscreen-webui-bo(5908)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5908

---

Name: CVE-2001-0008

Description:

Backdoor account in Interbase database server allows remote attackers to overwrite arbitrary files using stored procedures.

Status:Entry
Reference: BID:2192
Reference: URL:http://www.securityfocus.com/bid/2192
Reference: CERT:CA-2001-01
Reference: URL:http://www.cert.org/advisories/CA-2001-01.html
Reference: XF:interbase-backdoor-account(5911)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5911

---

Name: CVE-2001-0009

Description:

Directory traversal vulnerability in Lotus Domino 5.0.5 web server allows remote attackers to read arbitrary files via a .. attack.

Status:Entry
Reference: BID:2173
Reference: URL:http://www.securityfocus.com/bid/2173
Reference: BUGTRAQ:20010105 Lotus Domino 5.0.5 Web Server vulnerability - reading files outside the web root
Reference: URL:http://www.securityfocus.com/archive/1/154537
Reference: BUGTRAQ:20010109 bugtraq id 2173 Lotus Domino Server
Reference: URL:http://www.securityfocus.com/archive/1/155124
Reference: OSVDB:1703
Reference: URL:http://www.osvdb.org/1703
Reference: XF:lotus-domino-directory-traversal(5899)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5899

---

Name: CVE-2001-0010

Description:

Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges.

Status:Entry
Reference: BID:2302
Reference: URL:http://www.securityfocus.com/bid/2302
Reference: CERT:CA-2001-02
Reference: URL:http://www.cert.org/advisories/CA-2001-02.html
Reference: CONECTIVA:000377
Reference: DEBIAN:DSA-026
Reference: URL:http://www.debian.org/security/2001/dsa-026
Reference: FREEBSD:FreeBSD-SA-01:18
Reference: IBM:ERS-SVA-E01-2001:002.1
Reference: MANDRAKE:MDKSA-2001-017
Reference: NAI:20010129 Vulnerabilities in BIND 4 and 8
Reference: URL:http://www.nai.com/research/covert/advisories/047.asp
Reference: REDHAT:RHSA-2001:007
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-007.html
Reference: XF:bind-tsig-bo

---

Name: CVE-2001-0011

Description:

Buffer overflow in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges.

Status:Entry
Reference: BID:2307
Reference: URL:http://www.securityfocus.com/bid/2307
Reference: CERT:CA-2001-02
Reference: URL:http://www.cert.org/advisories/CA-2001-02.html
Reference: CONECTIVA:000377
Reference: FREEBSD:FreeBSD-SA-01:18
Reference: IBM:ERS-SVA-E01-2001:002.1
Reference: MANDRAKE:MDKSA-2001-017
Reference: NAI:20010129 Vulnerabilities in BIND 4 and 8
Reference: URL:http://www.nai.com/research/covert/advisories/047.asp
Reference: REDHAT:RHSA-2001:007
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-007.html
Reference: XF:bind-complain-bo

---

Name: CVE-2001-0012

Description:

BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables.

Status:Entry
Reference: BID:2321
Reference: URL:http://www.securityfocus.com/bid/2321
Reference: CERT:CA-2001-02
Reference: URL:http://www.cert.org/advisories/CA-2001-02.html
Reference: CONECTIVA:000377
Reference: DEBIAN:DSA-026
Reference: URL:http://www.debian.org/security/2001/dsa-026
Reference: FREEBSD:FreeBSD-SA-01:18
Reference: IBM:ERS-SVA-E01-2001:002.1
Reference: MANDRAKE:MDKSA-2001-017
Reference: NAI:20010129 Vulnerabilities in BIND 4 and 8
Reference: URL:http://www.nai.com/research/covert/advisories/047.asp
Reference: REDHAT:RHSA-2001:007
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-007.html
Reference: XF:bind-inverse-query-disclosure

---

Name: CVE-2001-0013

Description:

Format string vulnerability in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges.

Status:Entry
Reference: BID:2309
Reference: URL:http://www.securityfocus.com/bid/2309
Reference: CERT:CA-2001-02
Reference: URL:http://www.cert.org/advisories/CA-2001-02.html
Reference: CONECTIVA:000377
Reference: FREEBSD:FreeBSD-SA-01:18
Reference: IBM:ERS-SVA-E01-2001:002.1
Reference: MANDRAKE:MDKSA-2001-017
Reference: NAI:20010129 Vulnerabilities in BIND 4 and 8
Reference: URL:http://www.nai.com/research/covert/advisories/047.asp
Reference: REDHAT:RHSA-2001:007
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-007.html
Reference: XF:bind-complain-format-string

---

Name: CVE-2001-0014

Description:

Remote Data Protocol (RDP) in Windows 2000 Terminal Service does not properly handle certain malformed packets, which allows remote attackers to cause a denial of service, aka the "Invalid RDP Data" vulnerability.

Status:Entry
Reference: BID:2326
Reference: URL:http://www.securityfocus.com/bid/2326
Reference: MS:MS01-006
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-006
Reference: XF:win2k-rdp-dos

---

Name: CVE-2001-0015

Description:

Network Dynamic Data Exchange (DDE) in Windows 2000 allows local users to gain SYSTEM privileges via a "WM_COPYDATA" message to an invisible window that is running with the privileges of the WINLOGON process.

Status:Entry
Reference: ATSTAKE:A020501-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a020501-1.txt
Reference: BID:2341
Reference: URL:http://www.securityfocus.com/bid/2341
Reference: MS:MS01-007
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-007
Reference: XF:win-dde-elevate-privileges(6062)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6062

---

Name: CVE-2001-0016

Description:

NTLM Security Support Provider (NTLMSSP) service does not properly check the function number in an LPC request, which could allow local users to gain administrator level access.

Status:Entry
Reference: BID:2348
Reference: URL:http://www.securityfocus.com/bid/2348
Reference: BINDVIEW:20010207 Local promotion vulnerability in NT4's NTLM Security Support Provider
Reference: URL:http://razor.bindview.com/publish/advisories/adv_NTLMSSP.html
Reference: MS:MS01-008
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-008
Reference: XF:ntlm-ssp-elevate-privileges(6076)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6076

---

Name: CVE-2001-0017

Description:

Memory leak in PPTP server in Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed data packet, aka the "Malformed PPTP Packet Stream" vulnerability.

Status:Entry
Reference: BID:2368
Reference: URL:http://www.securityfocus.com/bid/2368
Reference: MS:MS01-009
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-009
Reference: XF:winnt-pptp-dos(6103)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6103

---

Name: CVE-2001-0018

Description:

Windows 2000 domain controller in Windows 2000 Server, Advanced Server, or Datacenter Server allows remote attackers to cause a denial of service via a flood of malformed service requests.

Status:Entry
Reference: CIAC:L-049
Reference: URL:http://www.ciac.org/ciac/bulletins/l-049.shtml
Reference: MS:MS01-011
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-011
Reference: VULN-DEV:20001202 UDP Ping-pong in Win2k
Reference: URL:http://online.securityfocus.com/archive/82/148411
Reference: XF:win2k-domain-controller-dos(6136)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6136

---

Name: CVE-2001-0020

Description:

Directory traversal vulnerability in Arrowpoint (aka Cisco Content Services, or CSS) allows local unprivileged users to read arbitrary files via a .. (dot dot) attack.

Status:Entry
Reference: ATSTAKE:A013101-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a013101-1.txt
Reference: BID:2331
Reference: URL:http://www.securityfocus.com/bid/2331
Reference: CISCO:20010131 Cisco Content Services Switch Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/arrowpoint-cli-filesystem-pub.shtml
Reference: OSVDB:1757
Reference: URL:http://www.osvdb.org/1757
Reference: XF:cisco-ccs-file-access(6031)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6031

---

Name: CVE-2001-0021

Description:

MailMan Webmail 3.0.25 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the alternate_template parameter.

Status:Entry
Reference: BID:2063
Reference: URL:http://www.securityfocus.com/bid/2063
Reference: BUGTRAQ:20001206 (SRADV00005) Remote command execution vulnerabilities in MailMan Webmail
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0057.html
Reference: CONFIRM:http://www.endymion.com/products/mailman/history.htm
Reference: XF:mailman-alternate-templates(5649)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5649

---

Name: CVE-2001-0026

Description:

rp-pppoe PPPoE client allows remote attackers to cause a denial of service via the Clamp MSS option and a TCP packet with a zero-length TCP option.

Status:Entry
Reference: BID:2098
Reference: URL:http://www.securityfocus.com/bid/2098
Reference: BUGTRAQ:20001211 DoS vulnerability in rp-pppoe versions <= 2.4
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0134.html
Reference: CONECTIVA:CLA-2000:357
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000357
Reference: MANDRAKE:MDKSA-2000:084
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-084.php3
Reference: REDHAT:RHSA-2000:130
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-130.html
Reference: XF:rppppoe-zero-length-dos(5727)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5727

---

Name: CVE-2001-0028

Description:

Buffer overflow in the HTML parsing code in oops WWW proxy server 1.5.2 and earlier allows remote attackers to execute arbitrary commands via a large number of " (quotation) characters.

Status:Entry
Reference: BID:2099
Reference: URL:http://www.securityfocus.com/bid/2099
Reference: BUGTRAQ:20001211 [pkc] remote heap buffer overflow in oops
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0127.html
Reference: FREEBSD:FreeBSD-SA-00:79
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-12/0418.html
Reference: XF:oops-ftputils-bo(5725)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5725

---

Name: CVE-2001-0033

Description:

KTH Kerberos IV allows local users to change the configuration of a Kerberos server running at an elevated privilege by specifying an alternate directory using with the KRBCONFDIR environmental variable, which allows the user to gain additional privileges.

Status:Entry
Reference: BUGTRAQ:20001208 Vulnerabilities in KTH Kerberos IV
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html
Reference: BUGTRAQ:20001210 KTH upgrade and FIX
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html
Reference: XF:kerberos4-user-config(5738)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5738

---

Name: CVE-2001-0034

Description:

KTH Kerberos IV allows local users to specify an alternate proxy using the krb4_proxy variable, which allows the user to generate false proxy responses and possibly gain privileges.

Status:Entry
Reference: BUGTRAQ:20001208 Vulnerabilities in KTH Kerberos IV
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html
Reference: BUGTRAQ:20001210 KTH upgrade and FIX
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html
Reference: XF:kerberos4-arbitrary-proxy(5733)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5733

---

Name: CVE-2001-0035

Description:

Buffer overflow in the kdc_reply_cipher function in KTH Kerberos IV allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long authentication request.

Status:Entry
Reference: BUGTRAQ:20001208 Vulnerabilities in KTH Kerberos IV
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html
Reference: BUGTRAQ:20001210 KTH upgrade and FIX
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html
Reference: BUGTRAQ:20010130 Buffer overflow in old ssh-1.2.2x-afs-kerberosv4 patches
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0511.html
Reference: XF:kerberos4-auth-packet-overflow(5734)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5734

---

Name: CVE-2001-0036

Description:

KTH Kerberos IV allows local users to overwrite arbitrary files via a symlink attack on a ticket file.

Status:Entry
Reference: BUGTRAQ:20001208 Vulnerabilities in KTH Kerberos IV
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html
Reference: BUGTRAQ:20001210 KTH upgrade and FIX
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html
Reference: REDHAT:RHSA-2001:025
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-025.html
Reference: XF:kerberos4-tmpfile-dos(5754)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5754

---

Name: CVE-2001-0039

Description:

IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of service using the SMTP AUTH command by sending a base64-encoded user password whose length is between 80 and 136 bytes.

Status:Entry
Reference: BID:2083
Reference: URL:http://www.securityfocus.com/bid/2083
Reference: BUGTRAQ:20001206 DoS by SMTP AUTH command in IPSwitch IMail server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0071.html
Reference: CONFIRM:http://www.ipswitch.com/Support/IMail/news.html
Reference: XF:imail-smtp-auth-dos(5674)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5674

---

Name: CVE-2001-0040

Description:

APC UPS daemon, apcupsd, saves its process ID in a world-writable file, which allows local users to kill an arbitrary process by specifying the target process ID in the apcupsd.pid file.

Status:Entry
Reference: BID:2070
Reference: URL:http://www.securityfocus.com/bid/2070
Reference: BUGTRAQ:20001206 apcupsd 3.7.2 Denial of Service
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0066.html
Reference: MANDRAKE:MDKSA-2000:077
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-077.php3
Reference: XF:apc-apcupsd-dos(5654)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5654

---

Name: CVE-2001-0041

Description:

Memory leak in Cisco Catalyst 4000, 5000, and 6000 series switches allows remote attackers to cause a denial of service via a series of failed telnet authentication attempts.

Status:Entry
Reference: BID:2072
Reference: URL:http://www.securityfocus.com/bid/2072
Reference: CISCO:20001206 Cisco Catalyst Memory Leak Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/catalyst-memleak-pub.shtml
Reference: OSVDB:801
Reference: URL:http://www.osvdb.org/801
Reference: XF:cisco-catalyst-telnet-dos(5656)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5656

---

Name: CVE-2001-0042

Description:

PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.

Status:Entry
Reference: BID:2060
Reference: URL:http://www.securityfocus.com/bid/2060
Reference: BUGTRAQ:20001206 CHINANSL Security Advisory(CSA-200011)
Reference: URL:http://www.securityfocus.com/archive/1/149210
Reference: XF:apache-php-disclose-files(5659)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5659

---

Name: CVE-2001-0043

Description:

phpGroupWare before 0.9.7 allows remote attackers to execute arbitrary PHP commands by specifying a malicious include file in the phpgw_info parameter of the phpgw.inc.php program.

Status:Entry
Reference: BID:2069
Reference: URL:http://www.securityfocus.com/bid/2069
Reference: BUGTRAQ:20001206 (SRADV00006) Remote command execution vulnerabilities in phpGroupWare
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0053.html
Reference: MISC:http://sourceforge.net/project/shownotes.php?release_id=17604
Reference: OSVDB:1682
Reference: URL:http://www.osvdb.org/1682
Reference: XF:phpgroupware-include-files(5650)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5650

---

Name: CVE-2001-0050

Description:

Buffer overflow in BitchX IRC client allows remote attackers to cause a denial of service and possibly execute arbitrary commands via an IP address that resolves to a long DNS hostname or domain name.

Status:Entry
Reference: BID:2087
Reference: URL:http://www.securityfocus.com/bid/2087
Reference: BUGTRAQ:20001207 BitchX DNS Overflow Patch
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0081.html
Reference: BUGTRAQ:20001207 bitchx/ircd DNS overflow demonstration
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0086.html
Reference: CONECTIVA:CLA-2000:364
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000364
Reference: FREEBSD:FreeBSD-SA-00:78
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:78.bitchx.v1.1.asc
Reference: MANDRAKE:MDKSA-2000:079
Reference: URL:http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-079.php3
Reference: REDHAT:RHSA-2000:126
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-126.html
Reference: XF:irc-bitchx-dns-bo(5701)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5701

---

Name: CVE-2001-0053

Description:

One-byte buffer overflow in replydirname function in BSD-based ftpd allows remote attackers to gain root privileges.

Status:Entry
Reference: BID:2124
Reference: URL:http://www.securityfocus.com/bid/2124
Reference: BUGTRAQ:20001218 Trustix Security Advisory - ed, tcsh, and ftpd-BSD
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0275.html
Reference: NETBSD:NetBSD-SA2000-018
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-018.txt.asc
Reference: OPENBSD:20001218
Reference: URL:http://www.openbsd.org/advisories/ftpd_replydirname.txt
Reference: XF:bsd-ftpd-replydirname-bo(5776)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5776

---

Name: CVE-2001-0054

Description:

Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as "/..%20." to a CD command, a variant of a .. (dot dot) attack.

Status:Entry
Reference: BID:2052
Reference: URL:http://www.securityfocus.com/bid/2052
Reference: BUGTRAQ:20001205 (no subject)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0043.html
Reference: BUGTRAQ:20001205 Serv-U FTP directory traversal vunerability (all versions)
Reference: URL:http://marc.info/?l=bugtraq&m=97604119024280&w=2
Reference: OSVDB:464
Reference: URL:http://www.osvdb.org/464
Reference: XF:ftp-servu-homedir-travers(5639)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5639

---

Name: CVE-2001-0055

Description:

CBOS 2.4.1 and earlier in Cisco 600 routers allows remote attackers to cause a denial of service via a slow stream of TCP SYN packets.

Status:Entry
Reference: CISCO:20001204 Multiple Vulnerabilities in CBOS
Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple.shtml
Reference: XF:cisco-cbos-syn-packets(5627)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5627

---

Name: CVE-2001-0056

Description:

The Cisco Web Management interface in routers running CBOS 2.4.1 and earlier does not log invalid logins, which allows remote attackers to guess passwords without detection.

Status:Entry
Reference: CISCO:20001204 Multiple Vulnerabilities in CBOS
Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple.shtml
Reference: XF:cisco-cbos-invalid-login(5628)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5628

---

Name: CVE-2001-0057

Description:

Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a large ICMP echo (ping) packet.

Status:Entry
Reference: CISCO:20001204 Multiple Vulnerabilities in CBOS
Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple.shtml
Reference: XF:cisco-cbos-icmp-echo(5629)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5629

---

Name: CVE-2001-0058

Description:

The Web interface to Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a URL that does not end in a space character.

Status:Entry
Reference: CISCO:20001204 Multiple Vulnerabilities in CBOS
Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple.shtml
Reference: OSVDB:460
Reference: URL:http://www.osvdb.org/460
Reference: XF:cisco-cbos-web-access(5626)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5626

---

Name: CVE-2001-0059

Description:

patchadd in Solaris allows local users to overwrite arbitrary files via a symlink attack.

Status:Entry
Reference: BID:2127
Reference: URL:http://www.securityfocus.com/bid/2127
Reference: BUGTRAQ:20001218 Solaris patchadd(1) (3) symlink vulnerabilty
Reference: URL:http://marc.info/?l=bugtraq&m=97720205217707&w=2
Reference: XF:solaris-patchadd-symlink(5789)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5789

---

Name: CVE-2001-0060

Description:

Format string vulnerability in stunnel 3.8 and earlier allows attackers to execute arbitrary commands via a malformed ident username.

Status:Entry
Reference: BID:2128
Reference: URL:http://www.securityfocus.com/bid/2128
Reference: BUGTRAQ:20001209 Trustix Security Advisory - stunnel
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0337.html
Reference: BUGTRAQ:20001218 Stunnel format bug
Reference: URL:http://www.securityfocus.com/archive/1/151719
Reference: CONECTIVA:CLA-2000:363
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000363
Reference: DEBIAN:DSA-009
Reference: URL:http://www.debian.org/security/2001/dsa-009
Reference: FREEBSD:FreeBSD-SA-01:05
Reference: REDHAT:RHSA-2000:129
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-129.html
Reference: XF:stunnel-format-logfile(5807)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5807

---

Name: CVE-2001-0061

Description:

procfs in FreeBSD and possibly other operating systems does not properly restrict access to per-process mem and ctl files, which allows local users to gain root privileges by forking a child process and executing a privileged process from the child, while the parent retains access to the child's address space.

Status:Entry
Reference: BID:2130
Reference: URL:http://www.securityfocus.com/bid/2130
Reference: FREEBSD:FreeBSD-SA-00:77
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:77.procfs.v1.1.asc
Reference: OSVDB:1697
Reference: URL:http://www.osvdb.org/1697
Reference: XF:procfs-elevate-privileges(6106)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6106

---

Name: CVE-2001-0062

Description:

procfs in FreeBSD and possibly other operating systems allows local users to cause a denial of service by calling mmap on the process' own mem file, which causes the kernel to hang.

Status:Entry
Reference: BID:2131
Reference: URL:http://www.securityfocus.com/bid/2131
Reference: FREEBSD:FreeBSD-SA-00:77
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:77.procfs.v1.1.asc
Reference: OSVDB:1698
Reference: URL:http://www.osvdb.org/1698
Reference: OSVDB:6082
Reference: URL:http://www.osvdb.org/6082
Reference: XF:procfs-mmap-dos(6107)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6107

---

Name: CVE-2001-0063

Description:

procfs in FreeBSD and possibly other operating systems allows local users to bypass access control restrictions for a jail environment and gain additional privileges.

Status:Entry
Reference: BID:2132
Reference: URL:http://www.securityfocus.com/bid/2132
Reference: FREEBSD:FreeBSD-SA-00:77
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:77.procfs.v1.1.asc
Reference: OSVDB:1691
Reference: URL:http://www.osvdb.org/1691
Reference: XF:procfs-access-control-bo(6108)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6108

---

Name: CVE-2001-0066

Description:

Secure Locate (slocate) allows local users to corrupt memory via a malformed database file that specifies an offset value that accesses memory outside of the intended buffer.

Status:Entry
Reference: BID:2004
Reference: URL:http://www.securityfocus.com/bid/2004
Reference: BUGTRAQ:20001126 [MSY] S(ecure)Locate heap corruption vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0356.html
Reference: CONECTIVA:CLA-2001:369
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000369
Reference: DEBIAN:20001217a
Reference: DEBIAN:DSA-005-1
Reference: URL:http://www.debian.org/security/2000/20001217a
Reference: MANDRAKE:MDKSA-2000:085
Reference: URL:http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-085.php3
Reference: REDHAT:RHSA-2000:128
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-128.html
Reference: TURBO:TLSA2001002-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2001-February/000144.html
Reference: XF:slocate-heap-execute-code(5594)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5594

---

Name: CVE-2001-0069

Description:

dialog before 0.9a-20000118-3bis in Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack.

Status:Entry
Reference: BID:2151
Reference: URL:http://www.securityfocus.com/bid/2151
Reference: DEBIAN:DSA-008-1
Reference: URL:http://www.debian.org/security/2000/20001225
Reference: XF:dialog-symlink(5809)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5809

---

Name: CVE-2001-0071

Description:

gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection.

Status:Entry
Reference: BID:2141
Reference: URL:http://www.securityfocus.com/bid/2141
Reference: BUGTRAQ:20001220 Trustix Security Advisory - gnupg, ftpd-BSD
Reference: URL:http://www.securityfocus.com/archive/1/152197
Reference: CONECTIVA:CLA-2000:368
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000368
Reference: DEBIAN:DSA-010-1
Reference: URL:http://www.debian.org/security/2000/20001225b
Reference: MANDRAKE:MDKSA-2000-087
Reference: URL:http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3
Reference: OSVDB:1699
Reference: URL:http://www.osvdb.org/1699
Reference: REDHAT:RHSA-2000:131
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-131.html
Reference: XF:gnupg-detached-sig-modify(5802)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5802

---

Name: CVE-2001-0072

Description:

gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust.

Status:Entry
Reference: BID:2153
Reference: URL:http://www.securityfocus.com/bid/2153
Reference: BUGTRAQ:20001220 Trustix Security Advisory - gnupg, ftpd-BSD
Reference: URL:http://www.securityfocus.com/archive/1/152197
Reference: CONECTIVA:CLA-2000:368
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000368
Reference: DEBIAN:DSA-010-1
Reference: URL:http://www.debian.org/security/2000/20001225b
Reference: MANDRAKE:MDKSA-2000-087
Reference: URL:http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3
Reference: OSVDB:1702
Reference: URL:http://www.osvdb.org/1702
Reference: REDHAT:RHSA-2000:131
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-131.html
Reference: XF:gnupg-reveal-private(5803)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5803

---

Name: CVE-2001-0077

Description:

The clustmon service in Sun Cluster 2.x does not require authentication, which allows remote attackers to obtain sensitive information such as system logs and cluster configurations.

Status:Entry
Reference: BUGTRAQ:20001212 Two Holes in Sun Cluster 2.x
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0180.html
Reference: XF:clustmon-no-authentication(6123)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6123

---

Name: CVE-2001-0078

Description:

in.mond in Sun Cluster 2.x allows local users to read arbitrary files via a symlink attack on the status file of a host running HA-NFS.

Status:Entry
Reference: BUGTRAQ:20001212 Two Holes in Sun Cluster 2.x
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0180.html
Reference: OSVDB:6437
Reference: URL:http://www.osvdb.org/6437
Reference: XF:ha-nfs-symlink(6125)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6125

---

Name: CVE-2001-0080

Description:

Cisco Catalyst 6000, 5000, or 4000 switches allow remote attackers to cause a denial of service by connecting to the SSH service with a non-SSH client, which generates a protocol mismatch error.

Status:Entry
Reference: BID:2117
Reference: URL:http://www.securityfocus.com/bid/2117
Reference: CISCO:20001213 Cisco Catalyst SSH Protocol Mismatch Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/catalyst-ssh-protocolmismatch-pub.shtml
Reference: XF:cisco-catalyst-ssh-mismatch(5760)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5760

---

Name: CVE-2001-0081

Description:

swinit in nCipher does not properly disable the Operator Card Set recovery feature even when explicitly disabled by the user, which could allow attackers to gain access to application keys.

Status:Entry
Reference: BUGTRAQ:20001212 nCipher Security Advisory: Operator Cards unexpectedly recoverable
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0152.html
Reference: CONFIRM:http://active.ncipher.com/updates/advisory.txt
Reference: OSVDB:4849
Reference: URL:http://www.osvdb.org/4849
Reference: XF:ncipher-recover-operator-cards(5999)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5999

---

Name: CVE-2001-0083

Description:

Windows Media Unicast Service in Windows Media Services 4.0 and 4.1 does not properly shut down some types of connections, producing a memory leak that allows remote attackers to cause a denial of service via a series of severed connections, aka the "Severed Windows Media Server Connection" vulnerability.

Status:Entry
Reference: MS:MS00-097
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-097
Reference: MSKB:Q281256
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q281256
Reference: XF:mediaservices-dropped-connection-dos(5785)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5785

---

Name: CVE-2001-0085

Description:

Buffer overflow in Kermit communications software in HP-UX 11.0 and earlier allows local users to cause a denial of service and possibly execute arbitrary commands.

Status:Entry
Reference: BID:2170
Reference: URL:http://www.securityfocus.com/bid/2170
Reference: HP:HPSBUX0012-135
Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0083.html
Reference: XF:hpux-kermit-bo(5793)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5793

---

Name: CVE-2001-0089

Description:

Internet Explorer 5.0 through 5.5 allows remote attackers to read arbitrary files from the client via the INPUT TYPE element in an HTML form, aka the "File Upload via Form" vulnerability.

Status:Entry
Reference: MS:MS00-093
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-093
Reference: XF:ie-form-file-upload(5615)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5615

---

Name: CVE-2001-0090

Description:

The Print Templates feature in Internet Explorer 5.5 executes arbitrary custom print templates without prompting the user, which could allow an attacker to execute arbitrary ActiveX controls, aka the "Browser Print Template" vulnerability.

Status:Entry
Reference: BID:2046
Reference: URL:http://www.securityfocus.com/bid/2046
Reference: MS:MS00-093
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-093
Reference: XF:ie-print-template(5614)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5614

---

Name: CVE-2001-0091

Description:

The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 through 5.5 renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka a variant of the "Scriptlet Rendering" vulnerability.

Status:Entry
Reference: MS:MS00-093
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-093
Reference: OSVDB:7820
Reference: URL:http://www.osvdb.org/7820
Reference: XF:ie-scriptlet-rendering-read-files(6085)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6085

---

Name: CVE-2001-0092

Description:

A function in Internet Explorer 5.0 through 5.5 does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a new variant of the "Frame Domain Verification" vulnerability.

Status:Entry
Reference: MS:MS00-093
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-093
Reference: OSVDB:7817
Reference: URL:http://www.osvdb.org/7817
Reference: XF:ie-frame-verification-read-files(6086)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6086

---

Name: CVE-2001-0094

Description:

Buffer overflow in kdc_reply_cipher of libkrb (Kerberos 4 authentication library) in NetBSD 1.5 and FreeBSD 4.2 and earlier, as used in Kerberised applications such as telnetd and login, allows local users to gain root privileges.

Status:Entry
Reference: FREEBSD:FreeBSD-SA-01:25
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:25.kerberosIV.asc
Reference: NETBSD:NetBSD-SA2000-017
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-017.txt.asc
Reference: XF:kerberos4-auth-packet-overflow(5734)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5734

---

Name: CVE-2001-0095

Description:

catman in Solaris 2.7 and 2.8 allows local users to overwrite arbitrary files via a symlink attack on the sman_PID temporary file.

Status:Entry
Reference: BUGTRAQ:20001218 Catman file clobbering vulnerability Solaris 2.x
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0313.html
Reference: OSVDB:6024
Reference: URL:http://www.osvdb.org/6024
Reference: SUNBUG:4392144
Reference: XF:solaris-catman-symlink(5788)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5788

---

Name: CVE-2001-0096

Description:

FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote attackers to cause a denial of service via a malformed form, aka the "Malformed Web Form Submission" vulnerability.

Status:Entry
Reference: MS:MS00-100
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-100
Reference: XF:iis-web-form-submit(5823)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5823

---

Name: CVE-2001-0099

Description:

bsguest.cgi guestbook script allows remote attackers to execute arbitrary commands via shell metacharacters in the email address.

Status:Entry
Reference: BUGTRAQ:20001221 BS Scripts Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0390.html
Reference: MISC:http://www.stanback.net/
Reference: XF:bsguest-cgi-execute-commands(5796)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5796

---

Name: CVE-2001-0100

Description:

bslist.cgi mailing list script allows remote attackers to execute arbitrary commands via shell metacharacters in the email address.

Status:Entry
Reference: BUGTRAQ:20001221 BS Scripts Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0390.html
Reference: MISC:http://www.stanback.net/
Reference: XF:bslist-cgi-execute-commands(5797)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5797

---

Name: CVE-2001-0105

Description:

Vulnerability in top in HP-UX 11.04 and earlier allows local users to overwrite files owned by the "sys" group.

Status:Entry
Reference: HP:HPSBUX0012-134
Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0079.html
Reference: XF:hp-top-sys-files(5773)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5773

---

Name: CVE-2001-0106

Description:

Vulnerability in inetd server in HP-UX 11.04 and earlier allows attackers to cause a denial of service when the "swait" state is used by a server.

Status:Entry
Reference: HP:HPSBUX0101-136
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0009.html
Reference: XF:hp-inetd-swait-dos(5904)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5904

---

Name: CVE-2001-0108

Description:

PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.

Status:Entry
Reference: BID:2206
Reference: URL:http://www.securityfocus.com/bid/2206
Reference: BUGTRAQ:20010112 PHP Security Advisory - Apache Module bugs
Reference: URL:http://marc.info/?l=bugtraq&m=97957961212852
Reference: CONECTIVA:CLA-2001:373
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000373
Reference: DEBIAN:DSA-020
Reference: URL:http://www.debian.org/security/2001/dsa-020
Reference: MANDRAKE:MDKSA-2001:013
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-013.php3
Reference: REDHAT:RHSA-2000:136
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-136.html
Reference: XF:php-htaccess-unauth-access(5940)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5940

---

Name: CVE-2001-0109

Description:

rctab in SuSE 7.0 and earlier allows local users to create or overwrite arbitrary files via a symlink attack on the rctmp temporary file.

Status:Entry
Reference: BID:2207
Reference: URL:http://www.securityfocus.com/bid/2207
Reference: BUGTRAQ:20010113 Serious security flaw in SuSE rctab
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0226.html
Reference: BUGTRAQ:20010117 Re: Serious security flaw in SuSE rctab
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0272.html
Reference: XF:rctab-elevate-privileges(5945)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5945

---

Name: CVE-2001-0110

Description:

Buffer overflow in jaZip Zip/Jaz drive manager allows local users to gain root privileges via a long DISPLAY environmental variable.

Status:Entry
Reference: BID:2209
Reference: URL:http://www.securityfocus.com/bid/2209
Reference: BUGTRAQ:20010114 Vulnerability in jaZip.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0228.html
Reference: DEBIAN:DSA-017
Reference: URL:http://www.debian.org/security/2001/dsa-017
Reference: XF:jazip-display-bo(5942)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5942

---

Name: CVE-2001-0111

Description:

Format string vulnerability in splitvt before 1.6.5 allows local users to execute arbitrary commands via the -rcfile command line argument.

Status:Entry
Reference: BID:2210
Reference: URL:http://www.securityfocus.com/bid/2210
Reference: BUGTRAQ:20010114 [MSY] Multiple vulnerabilities in splitvt
Reference: URL:http://marc.info/?l=bugtraq&m=97958269320974&w=2
Reference: DEBIAN:DSA-014-1
Reference: URL:http://www.debian.org/security/2001/dsa-014
Reference: XF:splitvt-perserc-format-string(5948)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5948

---

Name: CVE-2001-0115

Description:

Buffer overflow in arp command in Solaris 7 and earlier allows local users to execute arbitrary commands via a long -f parameter.

Status:Entry
Reference: BID:2193
Reference: URL:http://www.securityfocus.com/bid/2193
Reference: BUGTRAQ:20010111 Solaris Arp Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=97934312727101&w=2
Reference: BUGTRAQ:20010112 arp exploit
Reference: URL:http://marc.info/?l=bugtraq&m=97957435729702&w=2
Reference: SUN:00200
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/200&type=0&nav=sec.sba
Reference: XF:solaris-arp-bo(5928)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5928

---

Name: CVE-2001-0116

Description:

gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink attack.

Status:Entry
Reference: BID:2188
Reference: URL:http://www.securityfocus.com/bid/2188
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.info/?l=bugtraq&m=97916374410647&w=2
Reference: MANDRAKE:MDKSA-2001:006
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-006.php3
Reference: XF:linux-gpm-symlink(5917)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5917

---

Name: CVE-2001-0117

Description:

sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack.

Status:Entry
Reference: BID:2191
Reference: URL:http://www.securityfocus.com/bid/2191
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.info/?l=bugtraq&m=97916374410647&w=2
Reference: CERT-VN:VU#579928
Reference: URL:http://www.kb.cert.org/vuls/id/579928
Reference: IMMUNIX:IMNX-2000-70-028-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2000-70-028-01
Reference: MANDRAKE:MDKSA-2001:008-1
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-008.php3
Reference: REDHAT:RHSA-2001:116
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-116.html
Reference: XF:linux-diffutils-sdiff-symlink(5914)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5914

---

Name: CVE-2001-0118

Description:

rdist 6.1.5 allows local users to overwrite arbitrary files via a symlink attack.

Status:Entry
Reference: BID:2195
Reference: URL:http://www.securityfocus.com/bid/2195
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.info/?l=bugtraq&m=97916374410647&w=2
Reference: MANDRAKE:MDKSA-2001-005
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-005.php3
Reference: XF:rdist-symlink(5925)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5925

---

Name: CVE-2001-0119

Description:

getty_ps 2.0.7j allows local users to overwrite arbitrary files via a symlink attack.

Status:Entry
Reference: BID:2194
Reference: URL:http://www.securityfocus.com/bid/2194
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.info/?l=bugtraq&m=97916374410647&w=2
Reference: MANDRAKE:MDKSA-2001:004
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-004.php3
Reference: XF:gettyps-symlink(5924)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5924

---

Name: CVE-2001-0120

Description:

useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack.

Status:Entry
Reference: BID:2196
Reference: URL:http://www.securityfocus.com/bid/2196
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.info/?l=bugtraq&m=97916374410647&w=2
Reference: MANDRAKE:MDKSA-2001:007
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-007.php3
Reference: XF:shadow-utils-useradd-symlink(5927)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5927

---

Name: CVE-2001-0121

Description:

ImageCast Control Center 4.1.0 allows remote attackers to cause a denial of service (resource exhaustion or system crash) via a long string to port 12002.

Status:Entry
Reference: BID:2174
Reference: URL:http://www.securityfocus.com/bid/2174
Reference: BUGTRAQ:20010108 def-2001-01: ImageCast IC3 Control Center DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0071.html
Reference: XF:storagesoft-imagecast-dos(5901)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5901

---

Name: CVE-2001-0122

Description:

Kernel leak in AfpaCache module of the Fast Response Cache Accelerator (FRCA) component of IBM HTTP Server 1.3.x and Websphere 3.52 allows remote attackers to cause a denial of service via a series of malformed HTTP requests that generate a "bad request" error.

Status:Entry
Reference: BID:2175
Reference: URL:http://www.securityfocus.com/bid/2175
Reference: BUGTRAQ:20010108 def-2001-02: IBM Websphere 3.52 Kernel Leak DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0079.html
Reference: BUGTRAQ:20010307 def-2001-02: IBM HTTP Server Kernel Leak DoS (re-release)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0061.html
Reference: CONFIRM:http://www-4.ibm.com/software/webservers/security.html
Reference: XF:ibm-websphere-dos(5900)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5900

---

Name: CVE-2001-0123

Description:

Directory traversal vulnerability in eXtropia bbs_forum.cgi 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the file parameter.

Status:Entry
Reference: BID:2177
Reference: URL:http://www.securityfocus.com/bid/2177
Reference: BUGTRAQ:20010107 Cgisecurity.com Advisory #3.1
Reference: URL:http://marc.info/?l=bugtraq&m=97905792214999&w=2
Reference: CONFIRM:http://www.extropia.com/hacks/bbs_security.html
Reference: OSVDB:3546
Reference: URL:http://www.osvdb.org/3546
Reference: XF:http-cgi-bbs-forum(5906)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5906

---

Name: CVE-2001-0124

Description:

Buffer overflow in exrecover in Solaris 2.6 and earlier possibly allows local users to gain privileges via a long command line argument.

Status:Entry
Reference: BID:2179
Reference: URL:http://www.securityfocus.com/bid/2179
Reference: BUGTRAQ:20010109 Solaris /usr/lib/exrecover buffer overflow
Reference: URL:http://marc.info/?l=bugtraq&m=97908386502156&w=2
Reference: SUNBUG:4161925
Reference: XF:solaris-exrecover-bo(5913)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5913

---

Name: CVE-2001-0125

Description:

exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exmhErrorMsg temporary file.

Status:Entry
Reference: BUGTRAQ:20001231 Advisory: exmh symlink vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=97846489313059&w=2
Reference: BUGTRAQ:20010112 exmh security vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=97958594330100&w=2
Reference: CONFIRM:http://www.beedub.com/exmh/symlink.html
Reference: DEBIAN:DSA-022
Reference: URL:http://www.debian.org/security/2001/dsa-022
Reference: FREEBSD:FreeBSD-SA-01:17
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-01/0543.html
Reference: MANDRAKE:MDKSA-2001:015
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-015.php3
Reference: XF:exmh-error-symlink(5829)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5829

---

Name: CVE-2001-0126

Description:

Oracle XSQL servlet 1.0.3.0 and earlier allows remote attackers to execute arbitrary Java code by redirecting the XSQL server to another source via the xml-stylesheet parameter in the xslt stylesheet.

Status:Entry
Reference: BUGTRAQ:20010109 Oracle XSQL servlet and xml-stylesheet allow executing java on the web server
Reference: URL:http://marc.info/?l=bugtraq&m=97906670012796&w=2
Reference: BUGTRAQ:20010123 Patch for Potential Vulnerability in Oracle XSQL Servlet
Reference: URL:http://marc.info/?l=bugtraq&m=98027700625521&w=2
Reference: XF:oracle-xsql-execute-code(5905)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5905

---

Name: CVE-2001-0128

Description:

Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.

Status:Entry
Reference: CONECTIVA:CLA-2000:365
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000365
Reference: DEBIAN:DSA-006-1
Reference: URL:http://www.debian.org/security/2000/20001219
Reference: FREEBSD:FreeBSD-SA-01:06
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:06.zope.asc
Reference: MANDRAKE:MDKSA-2000-083
Reference: URL:http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-083.php3
Reference: OSVDB:6284
Reference: URL:http://www.osvdb.org/6284
Reference: REDHAT:RHSA-2000:127
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-127.html
Reference: XF:zope-calculate-roles(5777)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5777

---

Name: CVE-2001-0129

Description:

Buffer overflow in Tinyproxy HTTP proxy 1.3.3 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long connect request.

Status:Entry
Reference: BID:2217
Reference: URL:http://www.securityfocus.com/bid/2217
Reference: BUGTRAQ:20010117 [pkc] remote heap overflow in tinyproxy
Reference: URL:http://marc.info/?l=bugtraq&m=97975486527750&w=2
Reference: DEBIAN:DSA-018
Reference: URL:http://www.debian.org/security/2001/dsa-018
Reference: FREEBSD:FreeBSD-SA-01:15
Reference: XF:tinyproxy-remote-bo(5954)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5954

---

Name: CVE-2001-0130

Description:

Buffer overflow in HTML parser of the Lotus R5 Domino Server before 5.06, and Domino Client before 5.05, allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed font size specifier.

Status:Entry
Reference: MISC:http://service1.symantec.com/sarc/sarc.nsf/info/html/Lotus.Domino.Denial.of.Service.Malformed.HTML.Email.html
Reference: XF:lotus-html-bo(6207)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6207

---

Name: CVE-2001-0136

Description:

Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.

Status:Entry
Reference: BUGTRAQ:20001220 ProFTPD 1.2.0 Memory leakage - denial of service
Reference: URL:http://www.securityfocus.com/archive/1/152206
Reference: BUGTRAQ:20010109 Memory leakage in ProFTPd leads to remote DoS (SIZE FTP); (Exploit Code)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0122.html
Reference: BUGTRAQ:20010110 Re: Memory leakage in ProFTPd leads to remote DoS (SIZE FTP); (Exploit Code)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0132.html
Reference: BUGTRAQ:20010213 Trustix Security Advisory - proftpd, kernel
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html
Reference: CONECTIVA:CLA-2001:380
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000380
Reference: DEBIAN:DSA-029
Reference: URL:http://www.debian.org/security/2001/dsa-029
Reference: MANDRAKE:MDKSA-2001:021
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-021.php3
Reference: XF:proftpd-size-memory-leak(5801)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5801

---

Name: CVE-2001-0137

Description:

Windows Media Player 7 allows remote attackers to execute malicious Java applets in Internet Explorer clients by enclosing the applet in a skin file named skin.wmz, then referencing that skin in the codebase parameter to an applet tag, aka the Windows Media Player Skins File Download" vulnerability.

Status:Entry
Reference: BID:2203
Reference: URL:http://www.securityfocus.com/bid/2203
Reference: BUGTRAQ:20010115 Windows Media Player 7 and IE java vulnerability - executing arbitrary programs
Reference: URL:http://marc.info/?l=bugtraq&m=97958100816503&w=2
Reference: MS:MS01-010
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-010
Reference: XF:win-mediaplayer-arbitrary-code(5937)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5937

---

Name: CVE-2001-0138

Description:

privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack.

Status:Entry
Reference: BID:2189
Reference: URL:http://www.securityfocus.com/bid/2189
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.info/?l=bugtraq&m=97916374410647&w=2
Reference: DEBIAN:DSA-016
Reference: URL:http://www.debian.org/security/2001/dsa-016
Reference: MANDRAKE:MDKSA-2001-001
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-001.php3
Reference: XF:linux-wuftpd-privatepw-symlink(5915)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5915

---

Name: CVE-2001-0139

Description:

inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations.

Status:Entry
Reference: BID:2190
Reference: URL:http://www.securityfocus.com/bid/2190
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.info/?l=bugtraq&m=97916374410647&w=2
Reference: CALDERA:CSSA-2001-001.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-001.0.txt
Reference: MANDRAKE:MDKSA-2001:010
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-010.php3
Reference: XF:linux-inn-symlink(5916)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5916

---

Name: CVE-2001-0140

Description:

arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations.

Status:Entry
Reference: BID:2183
Reference: URL:http://www.securityfocus.com/bid/2183
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.info/?l=bugtraq&m=97916374410647&w=2
Reference: MANDRAKE:MDKSA-2001:002
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-002.php3
Reference: XF:tcpdump-arpwatch-symlink(5922)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5922

---

Name: CVE-2001-0141

Description:

mgetty 1.1.22 allows local users to overwrite arbitrary files via a symlink attack in some configurations.

Status:Entry
Reference: BID:2187
Reference: URL:http://www.securityfocus.com/bid/2187
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.info/?l=bugtraq&m=97916374410647&w=2
Reference: CALDERA:CSSA-2001-002.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-002.0.txt
Reference: DEBIAN:DSA-011
Reference: URL:http://www.debian.org/security/2001/dsa-011
Reference: MANDRAKE:MDKSA-2001:009
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-009.php3
Reference: REDHAT:RHSA-2001:050
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-050.html
Reference: XF:linux-mgetty-symlink(5918)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5918

---

Name: CVE-2001-0142

Description:

squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.

Status:Entry
Reference: BID:2184
Reference: URL:http://www.securityfocus.com/bid/2184
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.info/?l=bugtraq&m=97916374410647&w=2
Reference: BUGTRAQ:20010112 Trustix Security Advisory - diffutils squid
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0212.html
Reference: DEBIAN:DSA-019
Reference: URL:http://www.debian.org/security/2001/dsa-019
Reference: MANDRAKE:MDKSA-2001:003
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-003.php3
Reference: XF:squid-email-symlink(5921)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5921

---

Name: CVE-2001-0143

Description:

vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.

Status:Entry
Reference: BID:2186
Reference: URL:http://www.securityfocus.com/bid/2186
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.info/?l=bugtraq&m=97916374410647&w=2
Reference: MANDRAKE:MDKSA-2001:011
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-011.php3
Reference: XF:linuxconf-vpop3d-symlink(5923)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5923

---

Name: CVE-2001-0144

Description:

CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow.

Status:Entry
Reference: BID:2347
Reference: URL:http://www.securityfocus.com/bid/2347
Reference: BINDVIEW:20010208 Remote vulnerability in SSH daemon crc32 compensation attack detector
Reference: URL:http://razor.bindview.com/publish/advisories/adv_ssh1crc.html
Reference: BUGTRAQ:20010208 [CORE SDI ADVISORY] SSH1 CRC-32 compensation attack detector
Reference: URL:http://marc.info/?l=bugtraq&m=98168366406903&w=2
Reference: BUGTRAQ:20011122 Secure Computing SafeWord uses vulnerable ssh server
Reference: CERT:CA-2001-35
Reference: URL:http://www.cert.org/advisories/CA-2001-35.html
Reference: OSVDB:503
Reference: URL:http://www.osvdb.org/503
Reference: OSVDB:795
Reference: URL:http://www.osvdb.org/795
Reference: XF:ssh-deattack-overwrite-memory(6083)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6083

---

Name: CVE-2001-0147

Description:

Buffer overflow in Windows 2000 event viewer snap-in allows attackers to execute arbitrary commands via a malformed field that is improperly handled during the detailed view of event records.

Status:Entry
Reference: MS:MS01-013
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-013

---

Name: CVE-2001-0148

Description:

The WMP ActiveX Control in Windows Media Player 7 allows remote attackers to execute commands in Internet Explorer via javascript URLs, a variant of the "Frame Domain Verification" vulnerability.

Status:Entry
Reference: BUGTRAQ:20010101 Windows Media Player 7 and IE vulnerability - executing arbitrary programs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0000.html
Reference: MS:MS01-015
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-015
Reference: XF:media-player-execute-commands(6227)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6227

---

Name: CVE-2001-0149

Description:

Windows Scripting Host in Internet Explorer 5.5 and earlier allows remote attackers to read arbitrary files via the GetObject Javascript function and the htmlfile ActiveX object.

Status:Entry
Reference: BID:1718
Reference: URL:http://www.securityfocus.com/bid/1718
Reference: BUGTRAQ:20000926 IE 5.5/Outlook Express security vulnerability - GetObject() expose user's files
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0305.html
Reference: MS:MS01-015
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-015
Reference: NTBUGTRAQ:20000926 IE 5.5/Outlook Express security vulnerability - GetObject() expose user's files
Reference: URL:http://marc.info/?l=ntbugtraq&m=96999020527583&w=2
Reference: XF:ie-getobject-expose-files(5293)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5293

---

Name: CVE-2001-0150

Description:

Internet Explorer 5.5 and earlier executes Telnet sessions using command line arguments that are specified by the web site, which could allow remote attackers to execute arbitrary commands if the IE client is using the Telnet client provided in Services for Unix (SFU) 2.0, which creates session transcripts.

Status:Entry
Reference: BID:2463
Reference: URL:http://www.securityfocus.com/bid/2463
Reference: BUGTRAQ:20010313 Internet Explorer and Services for Unix 2.0 Telnet Client
Reference: MS:MS01-015
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-015
Reference: OSVDB:7816
Reference: URL:http://www.osvdb.org/7816
Reference: XF:ie-telnet-execute-commands(6230)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6230

---

Name: CVE-2001-0151

Description:

IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests.

Status:Entry
Reference: MS:MS01-016
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-016
Reference: OVAL:oval:org.mitre.oval:def:90
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A90
Reference: XF:iis-webdav-dos(6205)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6205

---

Name: CVE-2001-0152

Description:

The password protection option for the Compressed Folders feature in Plus! for Windows 98 and Windows Me writes password information to a file, which allows local users to recover the passwords and read the compressed folders.

Status:Entry
Reference: MS:MS01-019
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-019

---

Name: CVE-2001-0153

Description:

Buffer overflow in VB-TSQL debugger object (vbsdicli.exe) in Visual Studio 6.0 Enterprise Edition allows remote attackers to execute arbitrary commands.

Status:Entry
Reference: BINDVIEW:20010327 Remote buffer overflow in DCOM VB T-SQL debugger
Reference: URL:http://razor.bindview.com/publish/advisories/adv_vbtsql.html
Reference: MS:MS01-018
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-018

---

Name: CVE-2001-0154

Description:

HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly.

Status:Entry
Reference: BID:2524
Reference: URL:http://www.securityfocus.com/bid/2524
Reference: BUGTRAQ:20010330 Incorrect MIME Header Can Cause IE to Execute E-mail Attachment
Reference: URL:http://marc.info/?l=bugtraq&m=98596775905044&w=2
Reference: CERT:CA-2001-06
Reference: URL:http://www.cert.org/advisories/CA-2001-06.html
Reference: CIAC:L-066
Reference: URL:http://www.ciac.org/ciac/bulletins/l-066.shtml
Reference: MS:MS01-020
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-020
Reference: OSVDB:7806
Reference: URL:http://www.osvdb.org/7806
Reference: OVAL:oval:org.mitre.oval:def:141
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A141
Reference: SECTRACK:1001197
Reference: URL:http://securitytracker.com/id?1001197
Reference: XF:ie-mime-execute-code(6306)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6306

---

Name: CVE-2001-0155

Description:

Format string vulnerability in VShell SSH gateway 1.0.1 and earlier allows remote attackers to execute arbitrary commands via a user name that contains format string specifiers.

Status:Entry
Reference: ATSTAKE:A021601-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a021601-1.txt
Reference: CONFIRM:http://www.vandyke.com/products/vshell/security102.html

---

Name: CVE-2001-0156

Description:

VShell SSH gateway 1.0.1 and earlier has a default port forwarding rule of 0.0.0.0/0.0.0.0, which could allow local users to conduct arbitrary port forwarding to other systems.

Status:Entry
Reference: ATSTAKE:A021601-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a021601-1.txt
Reference: BID:2402
Reference: URL:http://www.securityfocus.com/bid/2402
Reference: CONFIRM:http://www.vandyke.com/products/vshell/security102.html
Reference: XF:vshell-port-forwarding-rule(6148)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6148

---

Name: CVE-2001-0157

Description:

Debugging utility in the backdoor mode of Palm OS 3.5.2 and earlier allows attackers with physical access to a Palm device to bypass access restrictions and obtain passwords, even if the system lockout mechanism is enabled.

Status:Entry
Reference: ATSTAKE:A030101-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a030101-1.txt
Reference: XF:palm-debug-bypass-password(6196)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6196

---

Name: CVE-2001-0164

Description:

Buffer overflow in Netscape Directory Server 4.12 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed recipient field.

Status:Entry
Reference: ATSTAKE:A030701-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a030701-1.txt
Reference: XF:netscape-directory-server-bo(6233)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6233

---

Name: CVE-2001-0165

Description:

Buffer overflow in ximp40 shared library in Solaris 7 and Solaris 8 allows local users to gain privileges via a long "arg0" (process name) argument.

Status:Entry
Reference: BID:2322
Reference: URL:http://www.securityfocus.com/bid/2322
Reference: BUGTRAQ:20010131 [SPSadvisory#40]Solaris7/8 ximp40 shared library buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0517.html
Reference: SUNBUG:4409148
Reference: XF:solaris-ximp40-bo(6039)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6039

---

Name: CVE-2001-0166

Description:

Macromedia Shockwave Flash plugin version 8 and earlier allows remote attackers to cause a denial of service via malformed tag length specifiers in a SWF file.

Status:Entry
Reference: BUGTRAQ:20001229 Shockwave Flash buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0491.html
Reference: XF:shockwave-flash-swf-bo(5826)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5826

---

Name: CVE-2001-0169

Description:

When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.

Status:Entry
Reference: BID:2223
Reference: URL:http://www.securityfocus.com/bid/2223
Reference: BUGTRAQ:20010121 Trustix Security Advisory - glibc
Reference: URL:http://www.securityfocus.com/archive/1/157650
Reference: CALDERA:CSSA-2001-007
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-007.0.txt
Reference: DEBIAN:DSA-039
Reference: URL:http://www.debian.org/security/2001/dsa-039
Reference: MANDRAKE:MDKSA-2001:012
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-012.php3?dis=7.2
Reference: REDHAT:RHSA-2001:002
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-002.html
Reference: SUSE:SuSE-SA:2001:01
Reference: URL:http://www.novell.com/linux/security/advisories/2001_001_glibc_txt.html
Reference: TURBO:TLSA2000021-2
Reference: URL:http://archives.neohapsis.com/archives/linux/turbolinux/2001-q1/0004.html
Reference: XF:linux-glibc-preload-overwrite(5971)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5971

---

Name: CVE-2001-0170

Description:

glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files.

Status:Entry
Reference: BID:2181
Reference: URL:http://www.securityfocus.com/bid/2181
Reference: BUGTRAQ:20010110 Glibc Local Root Exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0131.html
Reference: BUGTRAQ:20010110 [slackware-security] glibc 2.2 local vulnerability on setuid binaries
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0186.html
Reference: REDHAT:RHSA-2001:001
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-001.html
Reference: XF:linux-glibc-read-files(5907)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5907

---

Name: CVE-2001-0174

Description:

Buffer overflow in Trend Micro Virus Buster 2001 8.00 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a large "To" address.

Status:Entry
Reference: BUGTRAQ:20010130 Security hole in Virus Buster 2001
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0500.html
Reference: OSVDB:6138
Reference: URL:http://www.osvdb.org/6138
Reference: XF:virusbuster-mua-bo(6034)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6034

---

Name: CVE-2001-0175

Description:

The caching module in Netscape Fasttrack Server 4.1 allows remote attackers to cause a denial of service (resource exhaustion) by requesting a large number of non-existent URLs.

Status:Entry
Reference: BID:2273
Reference: URL:http://www.securityfocus.com/bid/2273
Reference: BUGTRAQ:20010122 def-2001-05: Netscape Fasttrack Server Caching DoS
Reference: URL:http://marc.info/?l=bugtraq&m=98021351718874&w=2
Reference: BUGTRAQ:20010124 iPlanet FastTrack/Enterprise 4.1 DoS clarifications
Reference: URL:http://marc.info/?l=bugtraq&m=98035833331446&w=2
Reference: XF:netscape-fasttrack-cache-dos(5985)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5985

---

Name: CVE-2001-0176

Description:

The setuid doroot program in Voyant Sonata 3.x executes arbitrary command line arguments, which allows local users to gain root privileges.

Status:Entry
Reference: BID:2125
Reference: URL:http://www.securityfocus.com/bid/2125
Reference: BUGTRAQ:20001218 More Sonata Conferencing software vulnerabilities.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0278.html
Reference: XF:sonata-command-execute(5787)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5787

---

Name: CVE-2001-0178

Description:

kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges.

Status:Entry
Reference: CALDERA:CSSA-2001-005.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-005.0.txt
Reference: MANDRAKE:MDKSA-2001:018
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-018.php3?dis=7.2
Reference: SUSE:SuSE-SA:2001:02
Reference: URL:http://www.novell.com/linux/security/advisories/2001_002_kdesu_txt.html
Reference: XF:kde2-kdesu-retrieve-passwords(5995)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5995

---

Name: CVE-2001-0179

Description:

Allaire JRun 3.0 allows remote attackers to list contents of the WEB-INF directory, and the web.xml file in the WEB-INF directory, via a malformed URL that contains a "."

Status:Entry
Reference: ALLAIRE:ASB01-02
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=19546&Method=Full
Reference: XF:jrun-webinf-file-retrieval(6008)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6008

---

Name: CVE-2001-0182

Description:

FireWall-1 4.1 with a limited-IP license allows remote attackers to cause a denial of service by sending a large number of spoofed IP packets with various source addresses to the inside interface, which floods the console with warning messages and consumes CPU resources.

Status:Entry
Reference: BID:2238
Reference: URL:http://www.securityfocus.com/bid/2238
Reference: BUGTRAQ:20010117 Licensing Firewall-1 DoS Attack
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0298.html
Reference: OSVDB:1733
Reference: URL:http://www.osvdb.org/1733
Reference: XF:fw1-limited-license-dos(5966)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5966

---

Name: CVE-2001-0183

Description:

ipfw and ip6fw in FreeBSD 4.2 and earlier allows remote attackers to bypass access restrictions by setting the ECE flag in a TCP packet, which makes the packet appear to be part of an established connection.

Status:Entry
Reference: BID:2293
Reference: URL:http://www.securityfocus.com/bid/2293
Reference: BUGTRAQ:20010125 ecepass - proof of concept code for FreeBSD ipfw bypass
Reference: URL:http://www.security-express.com/archives/bugtraq/2001-01/0424.html
Reference: CIAC:L-029
Reference: URL:http://www.ciac.org/ciac/bulletins/l-029.shtml
Reference: FREEBSD:FreeBSD-SA-01:08
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:08.ipfw.asc
Reference: OSVDB:1743
Reference: URL:http://www.osvdb.org/1743
Reference: XF:ipfw-bypass-firewall(5998)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5998

---

Name: CVE-2001-0185

Description:

Netopia R9100 router version 4.6 allows authenticated users to cause a denial of service by using the router's telnet program to connect to the router's IP address, which causes a crash.

Status:Entry
Reference: BID:2287
Reference: URL:http://www.securityfocus.com/bid/2287
Reference: BUGTRAQ:20010123 Make The Netopia R9100 Router To Crash
Reference: URL:http://www.securityfocus.com/archive/1/157952
Reference: XF:netopia-telnet-dos(6001)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6001

---

Name: CVE-2001-0187

Description:

Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment.

Status:Entry
Reference: BID:2296
Reference: URL:http://www.securityfocus.com/bid/2296
Reference: CONECTIVA:CLA-2001:443
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000443
Reference: CONFIRM:ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_current/missing_format_strings.patch
Reference: DEBIAN:DSA-016
Reference: URL:http://www.debian.org/security/2001/dsa-016
Reference: XF:wuftp-debug-format-string(6020)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6020

---

Name: CVE-2001-0189

Description:

Directory traversal vulnerability in LocalWEB2000 HTTP server allows remote attackers to read arbitrary commands via a .. (dot dot) attack in an HTTP GET request.

Status:Entry
Reference: BID:2268
Reference: URL:http://www.securityfocus.com/bid/2268
Reference: BUGTRAQ:20010119 LocalWEB2000 Directory Traversal Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0346.html
Reference: XF:localweb2k-directory-traversal(5982)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5982

---

Name: CVE-2001-0190

Description:

Buffer overflow in /usr/bin/cu in Solaris 2.8 and earlier, and possibly other operating systems, allows local users to gain privileges by executing cu with a long program name (arg0).

Status:Entry
Reference: BUGTRAQ:20010117 Solaris /usr/bin/cu Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=97983943716311&w=2
Reference: BUGTRAQ:20010123 Solaris /usr/bin/cu Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=98028642319440&w=2
Reference: SUNBUG:4406722
Reference: XF:cu-argv-bo(6224)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6224

---

Name: CVE-2001-0191

Description:

gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length.

Status:Entry
Reference: BUGTRAQ:20010202 Remote vulnerability in gnuserv/XEmacs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0030.html
Reference: MANDRAKE:MDKSA-2001:019
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-019.php3
Reference: REDHAT:RHSA-2001:010
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-010.html
Reference: REDHAT:RHSA-2001:011
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-011.html
Reference: XF:gnuserv-tcp-cookie-overflow(6056)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6056

---

Name: CVE-2001-0193

Description:

Format string vulnerability in man in some Linux distributions allows local users to gain privileges via a malformed -l parameter.

Status:Entry
Reference: BID:2327
Reference: URL:http://www.securityfocus.com/bid/2327
Reference: BUGTRAQ:20010131 SuSe / Debian man package format string vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=98096782126481&w=2
Reference: DEBIAN:DSA-028
Reference: URL:http://www.debian.org/security/2001/dsa-028
Reference: XF:man-i-format-string(6059)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6059

---

Name: CVE-2001-0194

Description:

Buffer overflow in httpGets function in CUPS 1.1.5 allows remote attackers to execute arbitrary commands via a long input line.

Status:Entry
Reference: MANDRAKE:MDKSA-2001:020-1
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-020.php3
Reference: OSVDB:6064
Reference: URL:http://www.osvdb.org/6064
Reference: XF:cups-httpgets-dos(6043)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6043

---

Name: CVE-2001-0195

Description:

sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking.

Status:Entry
Reference: DEBIAN:DSA-015
Reference: URL:http://www.debian.org/security/2001/dsa-015
Reference: XF:linux-sash-shadow-readable(5994)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5994

---

Name: CVE-2001-0196

Description:

inetd ident server in FreeBSD 4.x and earlier does not properly set group permissions, which allows remote attackers to read the first 16 bytes of files that are accessible by the wheel group.

Status:Entry
Reference: BID:2324
Reference: URL:http://www.securityfocus.com/bid/2324
Reference: FREEBSD:FreeBSD-SA-01:11
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:11.inetd.v1.1.asc
Reference: OSVDB:1753
Reference: URL:http://www.osvdb.org/1753
Reference: XF:inetd-ident-read-files(6052)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6052

---

Name: CVE-2001-0197

Description:

Format string vulnerability in print_client in icecast 1.3.8beta2 and earlier allows remote attackers to execute arbitrary commands.

Status:Entry
Reference: BID:2264
Reference: URL:http://www.securityfocus.com/bid/2264
Reference: BUGTRAQ:20010121 [pkc] format bugs in icecast 1.3.8b2 and prior
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0348.html
Reference: CONECTIVA:CLA-2001:374
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000374
Reference: REDHAT:RHSA-2001:004
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-004.html
Reference: XF:icecast-format-string(5978)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5978

---

Name: CVE-2001-0203

Description:

Watchguard Firebox II firewall allows users with read-only access to gain read-write access, and administrative privileges, by accessing a file that contains hashed passphrases, and using the hashes during authentication.

Status:Entry
Reference: BID:2284
Reference: URL:http://www.securityfocus.com/bid/2284
Reference: BUGTRAQ:20010120 Watchguard Firewall Elevated Privilege Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0342.html
Reference: XF:watchguard-firebox-obtain-passphrase(5979)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5979

---

Name: CVE-2001-0204

Description:

Watchguard Firebox II allows remote attackers to cause a denial of service by establishing multiple connections and sending malformed PPTP packets.

Status:Entry
Reference: BID:2369
Reference: URL:http://www.securityfocus.com/bid/2369
Reference: BUGTRAQ:20010214 def-2001-07: Watchguard Firebox II PPTP DoS
Reference: URL:http://www.securityfocus.com/archive/1/162965
Reference: XF:firebox-pptp-dos(6109)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6109

---

Name: CVE-2001-0207

Description:

Buffer overflow in bing allows remote attackers to execute arbitrary commands via a long hostname, which is copied to a small buffer after a reverse DNS lookup using the gethostbyaddr function.

Status:Entry
Reference: BID:2279
Reference: URL:http://www.securityfocus.com/bid/2279
Reference: BUGTRAQ:20010119 Buffer overflow in bing
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0330.html
Reference: XF:linux-bing-bo(6036)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6036

---

Name: CVE-2001-0215

Description:

ROADS search.pl program allows remote attackers to read arbitrary files by specifying the file name in the form parameter and terminating the filename with a null byte.

Status:Entry
Reference: BID:2371
Reference: URL:http://www.securityfocus.com/bid/2371
Reference: BUGTRAQ:20010212 ROADS search system "show files" Vulnerability with "null bite" bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0213.html
Reference: CONFIRM:http://www.roads.lut.ac.uk/lists/open-roads/2001/02/0001.html
Reference: XF:roads-search-view-files(6097)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6097

---

Name: CVE-2001-0218

Description:

Format string vulnerability in mars_nwe 0.99.pl19 allows remote attackers to execute arbitrary commands.

Status:Entry
Reference: BUGTRAQ:20010126 format string vulnerability in mars_nwe 0.99pl19
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0456.html
Reference: FREEBSD:FreeBSD-SA-01:20
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-02/0081.html
Reference: XF:mars-nwe-format-string(6019)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6019

---

Name: CVE-2001-0219

Description:

Vulnerability in Support Tools Manager (xstm,cstm,stm) in HP-UX 11.11 and earlier allows local users to cause a denial of service.

Status:Entry
Reference: BID:2239
Reference: URL:http://www.securityfocus.com/bid/2239
Reference: HP:HPSBUX0101-137
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0016.html
Reference: OSVDB:6991
Reference: URL:http://www.osvdb.org/6991
Reference: OSVDB:7029
Reference: URL:http://www.osvdb.org/7029
Reference: OSVDB:7030
Reference: URL:http://www.osvdb.org/7030
Reference: XF:hp-stm-dos(5957)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5957

---

Name: CVE-2001-0221

Description:

Buffer overflow in ja-xklock 2.7.1 and earlier allows local users to gain root privileges.

Status:Entry
Reference: FREEBSD:FreeBSD-SA-01:19
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-02/0079.html
Reference: XF:ja-xklock-bo(6073)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6073

---

Name: CVE-2001-0222

Description:

webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack.

Status:Entry
Reference: CALDERA:CSSA-2001-004.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-004.0.txt
Reference: MANDRAKE:MDKSA-2001-016
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-016.php3
Reference: XF:linux-webmin-tmpfiles(6011)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6011

---

Name: CVE-2001-0230

Description:

Buffer overflow in dc20ctrl before 0.4_1 in FreeBSD, and possibly other operating systems, allows local users to gain privileges.

Status:Entry
Reference: FREEBSD:FreeBSD-SA-01:22
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-02/0083.html
Reference: OSVDB:6081
Reference: URL:http://www.osvdb.org/6081
Reference: XF:dc20ctrl-port-bo(6077)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6077

---

Name: CVE-2001-0233

Description:

Buffer overflow in micq client 0.4.6 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Description field.

Status:Entry
Reference: BUGTRAQ:20010118 [PkC] Advisory #003: micq-0.4.6 remote buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0307.html
Reference: BUGTRAQ:20010124 patch Re: [PkC] Advisory #003: micq-0.4.6 remote buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0395.html
Reference: DEBIAN:DSA-012
Reference: URL:http://www.debian.org/security/2001/dsa-012
Reference: FREEBSD:FreeBSD-SA-01:14
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:14.micq.asc
Reference: REDHAT:RHSA-2001:005
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-005.html
Reference: XF:micq-sprintf-remote-bo(5962)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5962

---

Name: CVE-2001-0234

Description:

NewsDaemon before 0.21b allows remote attackers to execute arbitrary SQL queries and gain privileges via a malformed user_username parameter.

Status:Entry
Reference: BUGTRAQ:20010126 NewsDaemon remote administrator access
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0460.html
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=60570
Reference: XF:newsdaemon-gain-admin-access(6010)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6010

---

Name: CVE-2001-0235

Description:

Vulnerability in crontab allows local users to read crontab files of other users by replacing the temporary file that is being edited while crontab is running.

Status:Entry
Reference: BID:2332
Reference: URL:http://www.securityfocus.com/bid/2332
Reference: DEBIAN:DSA-024
Reference: URL:http://www.debian.org/security/2001/dsa-024
Reference: FREEBSD:FreeBSD-SA-01:09
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:09.crontab.v1.1.asc
Reference: XF:crontab-read-files(6225)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6225

---

Name: CVE-2001-0236

Description:

Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows remote attackers to execute arbitrary commands via a long "indication" event.

Status:Entry
Reference: BID:2417
Reference: URL:http://www.securityfocus.com/bid/2417
Reference: BUGTRAQ:20010314 Solaris /usr/lib/dmi/snmpXdmid vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=98462536724454&w=2
Reference: CERT:CA-2001-05
Reference: URL:http://www.cert.org/advisories/CA-2001-05.html
Reference: CIAC:L-065
Reference: URL:http://www.ciac.org/ciac/bulletins/l-065.shtml
Reference: SUN:00207
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/207
Reference: XF:solaris-snmpxdmid-bo(6245)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6245

---

Name: CVE-2001-0237

Description:

Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data.

Status:Entry
Reference: BID:2707
Reference: URL:http://www.securityfocus.com/bid/2707
Reference: BUGTRAQ:20010509 def-2001-24: Windows 2000 Kerberos DoS
Reference: URL:http://marc.info/?l=bugtraq&m=98942093221908&w=2
Reference: CIAC:L-079
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-079.shtml
Reference: MS:MS01-024
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-024
Reference: XF:win2k-kerberos-dos(6506)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6506

---

Name: CVE-2001-0238

Description:

Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests.

Status:Entry
Reference: CIAC:L-074
Reference: URL:http://www.ciac.org/ciac/bulletins/l-074.shtml
Reference: MS:MS01-022
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-022
Reference: XF:ms-dacipp-webdav-access(6405)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6405

---

Name: CVE-2001-0239

Description:

Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type.

Status:Entry
Reference: BID:2600
Reference: URL:http://www.securityfocus.com/bid/2600
Reference: BUGTRAQ:20010416 [SX-20010320-2] - Microsoft ISA Server Denial of Service
Reference: URL:http://www.securityfocus.com/archive/1/176912
Reference: BUGTRAQ:20010417 [SX-20010320-2b] - Followup re. Microsoft ISA Server Denial of Service
Reference: URL:http://www.securityfocus.com/archive/1/177160
Reference: BUGTRAQ:20010427 Microsoft ISA Server Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/179986
Reference: CIAC:L-073
Reference: URL:http://www.ciac.org/ciac/bulletins/l-073.shtml
Reference: MS:MS01-021
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-021
Reference: XF:isa-web-proxy-dos(6383)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6383

---

Name: CVE-2001-0240

Description:

Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro.

Status:Entry
Reference: BID:2753
Reference: URL:http://www.securityfocus.com/bid/2753
Reference: MS:MS01-028
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-028
Reference: XF:word-rtf-macro-execution(6571)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6571

---

Name: CVE-2001-0241

Description:

Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0.

Status:Entry
Reference: BID:2674
Reference: URL:http://www.securityfocus.com/bid/2674
Reference: BUGTRAQ:20010501 Windows 2000 IIS 5.0 Remote buffer overflow vulnerability (Remote SYSTEM Level Access)
Reference: URL:http://marc.info/?l=bugtraq&m=98874912915948&w=2
Reference: CERT:CA-2001-10
Reference: URL:http://www.cert.org/advisories/CA-2001-10.html
Reference: MS:MS01-023
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-023
Reference: OSVDB:3323
Reference: URL:http://www.osvdb.org/3323
Reference: OVAL:oval:org.mitre.oval:def:1068
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1068
Reference: XF:iis-isapi-printer-bo(6485)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6485

---

Name: CVE-2001-0243

Description:

Windows Media Player 7 and earlier stores Internet shortcuts in a user's Temporary Files folder with a fixed filename instead of in the Internet Explorer cache, which causes the HTML in those shortcuts to run in the Local Computer Zone instead of the Internet Zone, which allows remote attackers to read certain files.

Status:Entry
Reference: BID:2765
Reference: URL:http://www.securityfocus.com/bid/2765
Reference: MS:MS01-029
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-029
Reference: XF:mediaplayer-html-shortcut(6584)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6584

---

Name: CVE-2001-0244

Description:

Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter.

Status:Entry
Reference: BID:2709
Reference: URL:http://www.securityfocus.com/bid/2709
Reference: MS:MS01-025
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-025
Reference: XF:winnt-indexserver-search-bo(6517)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6517

---

Name: CVE-2001-0245

Description:

Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability.

Status:Entry
Reference: MS:MS01-025
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-025
Reference: XF:win-indexserver-view-files(6518)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6518

---

Name: CVE-2001-0252

Description:

iPlanet (formerly Netscape) Enterprise Server 4.1 allows remote attackers to cause a denial of service via a long HTTP GET request that contains many "/../" (dot dot) sequences.

Status:Entry
Reference: BID:2282
Reference: URL:http://www.securityfocus.com/bid/2282
Reference: BUGTRAQ:20010122 def-2001-04: Netscape Enterprise Server Dot-DoS
Reference: URL:http://www.securityfocus.com/archive/1/157641
Reference: BUGTRAQ:20010124 iPlanet FastTrack/Enterprise 4.1 DoS clarifications
Reference: URL:http://marc.info/?l=bugtraq&m=98035833331446&w=2
Reference: XF:netscape-enterprise-dot-dos(5983)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5983

---

Name: CVE-2001-0259

Description:

ssh-keygen in ssh 1.2.27 - 1.2.30 with Secure-RPC can allow local attackers to recover a SUN-DES-1 magic phrase generated by another user, which the attacker can use to decrypt that user's private key file.

Status:Entry
Reference: BID:2222
Reference: URL:http://www.securityfocus.com/bid/2222
Reference: BUGTRAQ:20010116 Bug in SSH1 secure-RPC support can expose users' private keys
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0262.html
Reference: CONFIRM:http://www.ssh.com/products/ssh/patches/secureRPCvulnerability.html
Reference: XF:ssh-rpc-private-key(5963)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5963

---

Name: CVE-2001-0260

Description:

Buffer overflow in Lotus Domino Mail Server 5.0.5 and earlier allows a remote attacker to crash the server or execute arbitrary code via a long "RCPT TO" command.

Status:Entry
Reference: BID:2283
Reference: URL:http://www.securityfocus.com/bid/2283
Reference: BUGTRAQ:20010123 [SAFER] Security Bulletin 010123.EXP.1.10
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0360.html
Reference: OSVDB:3321
Reference: URL:http://www.osvdb.org/3321
Reference: XF:lotus-domino-smtp-bo(5993)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5993

---

Name: CVE-2001-0265

Description:

ASCII Armor parser in Windows PGP 7.0.3 and earlier allows attackers to create files in arbitrary locations via a malformed ASCII armored file.

Status:Entry
Reference: ATSTAKE:A040901-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a040901-1.txt
Reference: BID:2556
Reference: URL:http://www.securityfocus.com/bid/2556
Reference: OSVDB:1782
Reference: URL:http://www.osvdb.org/1782
Reference: XF:pgp-armor-code-execution(6643)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6643

---

Name: CVE-2001-0266

Description:

Vulnerability in Software Distributor SD-UX in HP-UX 11.0 and earlier allows local users to gain privileges.

Status:Entry
Reference: HP:HPSBUX0102-143
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0069.html
Reference: OSVDB:6033
Reference: URL:http://www.osvdb.org/6033

---

Name: CVE-2001-0267

Description:

NM debug in HP MPE/iX 6.5 and earlier does not properly handle breakpoints, which allows local users to gain privileges.

Status:Entry
Reference: HP:HPSBMP0102-008
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0050.html
Reference: OSVDB:6032
Reference: URL:http://www.osvdb.org/6032
Reference: XF:hp-nmdebug-gain-privileges(6226)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6226

---

Name: CVE-2001-0268

Description:

The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table (LDT) with a target that specifies an arbitrary kernel address.

Status:Entry
Reference: BID:2739
Reference: URL:http://www.securityfocus.com/bid/2739
Reference: BUGTRAQ:20010219 Re: your mail
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0353.html
Reference: CALDERA:CSSA-2001-SCO.35
Reference: URL:http://archives.neohapsis.com/archives/linux/caldera/2001-q4/0014.html
Reference: CERT-VN:VU#358960
Reference: URL:http://www.kb.cert.org/vuls/id/358960
Reference: NETBSD:NetBSD-SA:2001-002
Reference: URL:http://archives.neohapsis.com/archives/netbsd/2001-q1/0093.html
Reference: OPENBSD:20010302 The USER_LDT kernel option allows an attacker to gain access to privileged areas of kernel memory.
Reference: URL:http://www.openbsd.org/errata.html#userldt
Reference: OSVDB:6141
Reference: URL:http://www.osvdb.org/6141
Reference: XF:user-ldt-validation(6222)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6222

---

Name: CVE-2001-0269

Description:

pam_ldap authentication module in Solaris 8 allows remote attackers to bypass authentication via a NULL password.

Status:Entry
Reference: BUGTRAQ:20010217 Solaris 8 pam_ldap.so.1 module broken
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0344.html
Reference: OSVDB:6030
Reference: URL:http://www.osvdb.org/6030
Reference: SUNBUG:4384816
Reference: XF:solaris-pamldap-bypass-authentication(6440)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6440

---

Name: CVE-2001-0274

Description:

kicq IRC client 1.0.0, and possibly later versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

Status:Entry
Reference: BUGTRAQ:20010214 Security hole in kicq
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0276.html
Reference: BUGTRAQ:20010303 Re: Security hole in kicq
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0536.html
Reference: XF:kicq-execute-commands(6112)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6112

---

Name: CVE-2001-0276

Description:

ext.dll in BadBlue 1.02.07 Personal Edition web server allows remote attackers to determine the physical path of the server by directly calling ext.dll without any arguments, which produces an error message that contains the path.

Status:Entry
Reference: BID:2390
Reference: URL:http://www.securityfocus.com/bid/2390
Reference: BUGTRAQ:20010217 BadBlue Web Server Ext.dll Vulnerabilities
Reference: URL:http://marc.info/?l=bugtraq&m=98263019502565&w=2
Reference: CONFIRM:http://www.badblue.com/p010219.htm
Reference: XF:badblue-ext-reveal-path(6130)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6130

---

Name: CVE-2001-0278

Description:

Vulnerability in linkeditor in HP MPE/iX 6.5 and earlier allows local users to gain privileges.

Status:Entry
Reference: HP:HPSBMP0102-009
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0050.html
Reference: XF:hp-linkeditor-gain-privileges(6223)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6223

---

Name: CVE-2001-0279

Description:

Buffer overflow in sudo earlier than 1.6.3p6 allows local users to gain root privileges.

Status:Entry
Reference: BUGTRAQ:20010222 Sudo version 1.6.3p6 now available (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0414.html
Reference: BUGTRAQ:20010225 [slackware-security] buffer overflow in sudo fixed
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0437.html
Reference: BUGTRAQ:20010226 Trustix Security Advisory - sudo
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0427.html
Reference: CONECTIVA:CLA-2001:381
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000381
Reference: DEBIAN:DSA-031
Reference: URL:http://www.debian.org/security/2001/dsa-031
Reference: MANDRAKE:MDKSA-2001:024
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-024.php3
Reference: REDHAT:RHSA-2001:018
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-018.html
Reference: REDHAT:RHSA-2001:019
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-019.html

---

Name: CVE-2001-0280

Description:

Buffer overflow in MERCUR SMTP server 3.30 allows remote attackers to execute arbitrary commands via a long EXPN command.

Status:Entry
Reference: BUGTRAQ:20010223 Mercur Mailserver 3.3 buffer overflow with EXPN
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0413.html
Reference: OSVDB:6027
Reference: URL:http://www.osvdb.org/6027
Reference: XF:mercur-expn-bo(6149)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6149

---

Name: CVE-2001-0284

Description:

Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed Authentication header (AH) IPv4 option.

Status:Entry
Reference: OPENBSD:20010302 Insufficient checks in the IPSEC AH IPv4 option handling code can lead to a buffer overrun in the kernel.
Reference: URL:http://www.openbsd.org/errata.html#ipsec_ah
Reference: OSVDB:6026
Reference: URL:http://www.osvdb.org/6026

---

Name: CVE-2001-0287

Description:

VERITAS Cluster Server (VCS) 1.3.0 on Solaris allows local users to cause a denial of service (system panic) via the -L option to the lltstat command.

Status:Entry
Reference: BUGTRAQ:20010302 Option to VERITAS Cluster Server (VCS) lltstat command will panic system.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0528.html
Reference: CONFIRM:http://seer.support.veritas.com/docs/234326.htm
Reference: OSVDB:6025
Reference: URL:http://www.osvdb.org/6025

---

Name: CVE-2001-0288

Description:

Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.

Status:Entry
Reference: CISCO:20010228 Cisco IOS Software TCP Initial Sequence Number Randomization Improvements
Reference: URL:http://www.cisco.com/warp/public/707/ios-tcp-isn-random-pub.shtml

---

Name: CVE-2001-0289

Description:

Joe text editor 2.8 searches the current working directory (CWD) for the .joerc configuration file, which could allow local users to gain privileges of other users by placing a Trojan Horse .joerc file into a directory, then waiting for users to execute joe from that directory.

Status:Entry
Reference: BUGTRAQ:20010228 Joe's Own Editor File Handling Error
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0490.html
Reference: DEBIAN:DSA-041
Reference: URL:http://www.debian.org/security/2001/dsa-041
Reference: MANDRAKE:MDKSA-2001:026
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-026.php3
Reference: REDHAT:RHSA-2001:024
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-024.html

---

Name: CVE-2001-0290

Description:

Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords.

Status:Entry
Reference: BUGTRAQ:20010306 [Mailman-Announce] ANNOUNCE Mailman 2.0.2 (important privacy patch)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0031.html

---

Name: CVE-2001-0295

Description:

Directory traversal vulnerability in War FTP 1.67.04 allows remote attackers to list directory contents and possibly read files via a "dir *./../.." command.

Status:Entry
Reference: BID:2444
Reference: URL:http://www.securityfocus.com/bid/2444
Reference: BUGTRAQ:20010306 Warftp 1.67b04 Directory Traversal
Reference: URL:http://marc.info/?l=bugtraq&m=98390925726814&w=2
Reference: CONFIRM:http://support.jgaa.com/?cmd=ShowArticle&ID=31
Reference: OSVDB:874
Reference: URL:http://www.osvdb.org/874

---

Name: CVE-2001-0299

Description:

Buffer overflow in Voyager web administration server for Nokia IP440 allows local users to cause a denial of service, and possibly execute arbitrary commands, via a long URL.

Status:Entry
Reference: BID:2054
Reference: URL:http://www.securityfocus.com/bid/2054
Reference: BUGTRAQ:20001127 Nokia firewalls
Reference: URL:http://marc.info/?l=bugtraq&m=97535202912588&w=2
Reference: BUGTRAQ:20001205 Nokia firewalls - Response from Nokia
Reference: URL:http://marc.info/?l=bugtraq&m=97603879517777&w=2
Reference: OSVDB:6020
Reference: URL:http://www.osvdb.org/6020
Reference: XF:nokia-ip440-bo(5640)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5640

---

Name: CVE-2001-0301

Description:

Buffer overflow in Analog before 4.16 allows remote attackers to execute arbitrary commands by using the ALIAS command to construct large strings.

Status:Entry
Reference: BID:2377
Reference: URL:http://www.securityfocus.com/bid/2377
Reference: BUGTRAQ:20010213 Security advisory for analog
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0264.html
Reference: CONFIRM:http://www.analog.cx/security2.html
Reference: DEBIAN:DSA-033
Reference: URL:http://www.debian.org/security/2001/dsa-033
Reference: OSVDB:1762
Reference: URL:http://www.osvdb.org/1762
Reference: REDHAT:RHSA-2001:017
Reference: URL:http://archives.neohapsis.com/archives/linux/redhat/2001-q1/0056.html
Reference: XF:analog-alias-bo(6105)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6105

---

Name: CVE-2001-0309

Description:

inetd in Red Hat 6.2 does not properly close sockets for internal services such as chargen, daytime, echo, etc., which allows remote attackers to cause a denial of service via a series of connections to the internal services.

Status:Entry
Reference: REDHAT:RHSA-2001:006
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-006.html
Reference: XF:inetd-internal-socket-dos(6380)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6380

---

Name: CVE-2001-0310

Description:

sort in FreeBSD 4.1.1 and earlier, and possibly other operating systems, uses predictable temporary file names and does not properly handle when the temporary file already exists, which causes sort to crash and possibly impacts security-sensitive scripts.

Status:Entry
Reference: BID:3960
Reference: URL:http://www.securityfocus.com/bid/3960
Reference: FREEBSD:FreeBSD-SA-01:13
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:13.sort.asc
Reference: XF:sort-temp-file-abort(6038)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6038

---

Name: CVE-2001-0311

Description:

Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows attackers to gain unauthorized access to an OmniBack client.

Status:Entry
Reference: HP:HPSBUX0102-142
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0102-142
Reference: HPBUG:PHSS_22914
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0022.html
Reference: HPBUG:PHSS_22915
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0023.html
Reference: XF:omniback-unauthorized-access(6434)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6434

---

Name: CVE-2001-0316

Description:

Linux kernel 2.4 and 2.2 allows local users to read kernel memory and possibly gain privileges via a negative argument to the sysctl call.

Status:Entry
Reference: BID:2364
Reference: URL:http://www.securityfocus.com/bid/2364
Reference: BUGTRAQ:20010213 Trustix Security Advisory - proftpd, kernel
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html
Reference: CALDERA:CSSA-2001-009
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-009.0.txt
Reference: OSVDB:6017
Reference: URL:http://www.osvdb.org/6017
Reference: REDHAT:RHSA-2001:013
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-013.html
Reference: XF:linux-sysctl-read-memory(6079)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6079

---

Name: CVE-2001-0317

Description:

Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local users to gain privileges by using ptrace to track and modify a running setuid process.

Status:Entry
Reference: BUGTRAQ:20010213 Trustix Security Advisory - proftpd, kernel
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html
Reference: CALDERA:CSSA-2001-009
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-009.0.txt
Reference: REDHAT:RHSA-2001:013
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-013.html
Reference: XF:linux-ptrace-modify-process(6080)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6080

---

Name: CVE-2001-0318

Description:

Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory (cwd).

Status:Entry
Reference: BUGTRAQ:20010110 proftpd 1.2.0rc2 -- example of bad coding
Reference: URL:http://marc.info/?l=bugtraq&m=97916525715657&w=2
Reference: BUGTRAQ:20010206 Response to ProFTPD issues
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0117.html
Reference: CONECTIVA:CLA-2001:380
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000380
Reference: DEBIAN:DSA-029
Reference: URL:http://www.debian.org/security/2001/dsa-029
Reference: MANDRAKE:MDKSA-2001:021
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-021.php3
Reference: XF:proftpd-format-string(6433)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6433

---

Name: CVE-2001-0319

Description:

orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability.

Status:Entry
Reference: BID:2350
Reference: URL:http://www.securityfocus.com/bid/2350
Reference: BUGTRAQ:20010205 IBM NetCommerce Security
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0072.html
Reference: CONFIRM:http://www-4.ibm.com/software/webservers/commerce/netcomletter.html
Reference: XF:ibm-netcommerce-reveal-information(6067)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6067

---

Name: CVE-2001-0321

Description:

opendir.php script in PHP-Nuke allows remote attackers to read arbitrary files by specifying the filename as an argument to the requesturl parameter.

Status:Entry
Reference: BUGTRAQ:20010212 Fwd: Re: phpnuke, security problem...
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0214.html
Reference: XF:phpnuke-opendir-read-files(6512)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6512

---

Name: CVE-2001-0326

Description:

Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to read arbitrary files via the .jsp and .sqljsp file extensions when the server is configured to use the <<ALL FILES>> FilePermission.

Status:Entry
Reference: BUGTRAQ:20010212 Solution for Potential Vunerability in Granting FilePermission to Oracle Java Virtual Machine
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0255.html
Reference: OSVDB:5706
Reference: URL:http://www.osvdb.org/5706
Reference: XF:oracle-jvm-file-permissions(6438)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6438

---

Name: CVE-2001-0327

Description:

iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to retrieve sensitive data from memory allocation pools, or cause a denial of service, via a URL-encoded Host: header in the HTTP request, which reveals memory in the Location: header that is returned by the server.

Status:Entry
Reference: ATSTAKE:A041601-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a041601-1.txt
Reference: CERT-VN:VU#276767
Reference: URL:http://www.kb.cert.org/vuls/id/276767
Reference: CONFIRM:http://www.iplanet.com/products/iplanet_web_enterprise/iwsalert4.16.html
Reference: OSVDB:5704
Reference: URL:http://www.osvdb.org/5704

---

Name: CVE-2001-0330

Description:

Bugzilla 2.10 allows remote attackers to access sensitive information, including the database username and password, via an HTTP request for the globals.pl file, which is normally returned by the web server without being executed.

Status:Entry
Reference: ATSTAKE:A043001-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a043001-1.txt
Reference: BID:2671
Reference: URL:http://www.securityfocus.com/bid/2671
Reference: XF:bugzilla-gobalpl-gain-information(6489)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6489

---

Name: CVE-2001-0331

Description:

Buffer overflow in Embedded Support Partner (ESP) daemon (rpc.espd) in IRIX 6.5.8 and earlier allows remote attackers to execute arbitrary commands.

Status:Entry
Reference: BID:2714
Reference: URL:http://www.securityfocus.com/bid/2714
Reference: CERT-VN:VU#258632
Reference: URL:http://www.kb.cert.org/vuls/id/258632
Reference: ISS:20010509 Remote Buffer Overflow Vulnerability in IRIX Embedded Support Partner Infrastructure
Reference: URL:http://xforce.iss.net/alerts/advise76.php
Reference: ISS:20010509 Remote Buffer Overflow Vulnerability in IRIX Embedded Support Partner Infrastructure
Reference: URL:http://xforce.iss.net/alerts/advise76.php
Reference: OSVDB:1822
Reference: URL:http://www.osvdb.org/1822
Reference: SGI:20010501-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20010501-01-P
Reference: XF:irix-espd-bo(6502)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6502

---

Name: CVE-2001-0333

Description:

Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.

Status:Entry
Reference: BID:2708
Reference: URL:http://www.securityfocus.com/bid/2708
Reference: BUGTRAQ:20010515 NSFOCUS SA2001-02 : Microsoft IIS CGI Filename Decode Error Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=98992056521300&w=2
Reference: CERT:CA-2001-12
Reference: URL:http://www.cert.org/advisories/CA-2001-12.html
Reference: MS:MS01-026
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-026
Reference: OVAL:oval:org.mitre.oval:def:1018
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1018
Reference: OVAL:oval:org.mitre.oval:def:1051
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1051
Reference: OVAL:oval:org.mitre.oval:def:37
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A37
Reference: OVAL:oval:org.mitre.oval:def:78
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A78
Reference: XF:iis-url-decoding(6534)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6534

---

Name: CVE-2001-0334

Description:

FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded.

Status:Entry
Reference: MS:MS01-026
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-026
Reference: XF:iis-ftp-wildcard-dos(6535)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6535

---

Name: CVE-2001-0335

Description:

FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters.

Status:Entry
Reference: BID:2719
Reference: URL:http://www.securityfocus.com/bid/2719
Reference: MS:MS01-026
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-026
Reference: XF:iis-ftp-domain-authentication(6545)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6545

---

Name: CVE-2001-0336

Description:

The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request.

Status:Entry
Reference: MS:MS01-026
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-026
Reference: OSVDB:5693
Reference: URL:http://www.osvdb.org/5693
Reference: XF:iis-crosssitescripting-patch-dos(6858)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6858

---

Name: CVE-2001-0338

Description:

Internet Explorer 5.5 and earlier does not properly validate digital certificates when Certificate Revocation List (CRL) checking is enabled, which could allow remote attackers to spoof trusted web sites, aka the "Server certificate validation vulnerability."

Status:Entry
Reference: BID:2735
Reference: URL:http://www.securityfocus.com/bid/2735
Reference: CIAC:L-087
Reference: URL:http://www.ciac.org/ciac/bulletins/l-087.shtml
Reference: MS:MS01-027
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-027
Reference: XF:ie-crl-certificate-spoofing(6555)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6555

---

Name: CVE-2001-0339

Description:

Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the "Web page spoofing vulnerability."

Status:Entry
Reference: BID:2737
Reference: URL:http://www.securityfocus.com/bid/2737
Reference: CIAC:L-087
Reference: URL:http://www.ciac.org/ciac/bulletins/l-087.shtml
Reference: MS:MS01-027
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-027
Reference: OSVDB:5694
Reference: URL:http://www.osvdb.org/5694
Reference: OVAL:oval:org.mitre.oval:def:1096
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1096
Reference: XF:ie-html-url-spoofing(6556)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6556

---

Name: CVE-2001-0340

Description:

An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically.

Status:Entry
Reference: CIAC:L-091
Reference: URL:http://www.ciac.org/ciac/bulletins/l-091.shtml
Reference: MS:MS01-030
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-030
Reference: XF:exchange-owa-script-execution(6652)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6652

---

Name: CVE-2001-0341

Description:

Buffer overflow in Microsoft Visual Studio RAD Support sub-component of FrontPage Server Extensions allows remote attackers to execute arbitrary commands via a long registration request (URL) to fp30reg.dll.

Status:Entry
Reference: BID:2906
Reference: URL:http://www.securityfocus.com/bid/2906
Reference: BUGTRAQ:20010625 NSFOCUS SA2001-03 : Microsoft FrontPage 2000 Server Extensions Buffer Overflow Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=99348216322147&w=2
Reference: MS:MS01-035
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-035
Reference: OSVDB:577
Reference: URL:http://www.osvdb.org/577
Reference: XF:frontpage-ext-rad-bo(6730)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6730

---

Name: CVE-2001-0344

Description:

An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.

Status:Entry
Reference: CIAC:L-095
Reference: URL:http://www.ciac.org/ciac/bulletins/l-095.shtml
Reference: MS:MS01-032
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-032
Reference: OVAL:oval:org.mitre.oval:def:71
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A71
Reference: XF:mssql-cached-connection-access(6684)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6684

---

Name: CVE-2001-0345

Description:

Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions.

Status:Entry
Reference: BID:2843
Reference: URL:http://www.securityfocus.com/bid/2843
Reference: MS:MS01-031
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-031
Reference: XF:win2k-telnet-idle-sessions-dos(6667)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6667

---

Name: CVE-2001-0346

Description:

Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them.

Status:Entry
Reference: MS:MS01-031
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-031
Reference: XF:win2k-telnet-handle-leak-dos(6668)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6668

---

Name: CVE-2001-0347

Description:

Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid.

Status:Entry
Reference: BID:2847
Reference: URL:http://www.securityfocus.com/bid/2847
Reference: CIAC:L-092
Reference: URL:http://www.ciac.org/ciac/bulletins/l-092.shtml
Reference: MS:MS01-031
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-031
Reference: OSVDB:5686
Reference: URL:http://www.osvdb.org/5686
Reference: XF:win2k-telnet-domain-authentication(6665)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6665

---

Name: CVE-2001-0348

Description:

Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace.

Status:Entry
Reference: BID:2838
Reference: URL:http://www.securityfocus.com/bid/2838
Reference: BINDVIEW:20010608 Range checking fault condition in Microsoft Windows 2000 Telnet server
Reference: URL:http://razor.bindview.com/publish/advisories/adv_mstelnet.html
Reference: BUGTRAQ:20050511 Microsoft Windows 2000 Telnet server vulnerability
Reference: CIAC:L-092
Reference: URL:http://www.ciac.org/ciac/bulletins/l-092.shtml
Reference: MS:MS01-031
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-031
Reference: XF:win2k-telnet-username-dos(6666)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6666

---

Name: CVE-2001-0351

Description:

Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service.

Status:Entry
Reference: BID:2846
Reference: URL:http://www.securityfocus.com/bid/2846
Reference: CIAC:L-092
Reference: URL:http://www.ciac.org/ciac/bulletins/l-092.shtml
Reference: MS:MS01-031
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-031
Reference: XF:win2k-telnet-system-call-dos(6669)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6669

---

Name: CVE-2001-0353

Description:

Buffer overflow in the line printer daemon (in.lpd) for Solaris 8 and earlier allows local and remote attackers to gain root privileges via a "transfer job" routine.

Status:Entry
Reference: BID:2894
Reference: URL:http://www.securityfocus.com/bid/2894
Reference: CERT:CA-2001-15
Reference: URL:http://www.cert.org/advisories/CA-2001-15.html
Reference: ISS:20010619 Remote Buffer Overflow Vulnerability in Solaris Print Protocol Daemon
Reference: URL:http://xforce.iss.net/alerts/advise80.php
Reference: SUN:00206
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/206
Reference: XF:solaris-lpd-bo(6718)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6718

---

Name: CVE-2001-0361

Description:

Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5.

Status:Entry
Reference: BID:2344
Reference: URL:http://www.securityfocus.com/bid/2344
Reference: BUGTRAQ:20010207 [CORE SDI ADVISORY] SSH1 session key recovery vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=98158450021686&w=2
Reference: CIAC:L-047
Reference: URL:http://www.ciac.org/ciac/bulletins/l-047.shtml
Reference: CISCO:20010627 Multiple SSH Vulnerabilities
Reference: DEBIAN:DSA-023
Reference: URL:http://www.debian.org/security/2001/dsa-023
Reference: DEBIAN:DSA-027
Reference: URL:http://www.debian.org/security/2001/dsa-027
Reference: DEBIAN:DSA-086
Reference: URL:http://www.debian.org/security/2001/dsa-086
Reference: FREEBSD:FreeBSD-SA-01:24
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:24.ssh.asc
Reference: OSVDB:2116
Reference: URL:http://www.osvdb.org/2116
Reference: SUSE:SuSE-SA:2001:04
Reference: URL:http://www.novell.com/linux/security/advisories/adv004_ssh.html
Reference: XF:ssh-session-key-recovery(6082)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6082

---

Name: CVE-2001-0364

Description:

SSH Communications Security sshd 2.4 for Windows allows remote attackers to create a denial of service via a large number of simultaneous connections.

Status:Entry
Reference: BID:2477
Reference: URL:http://www.securityfocus.com/bid/2477
Reference: BUGTRAQ:20010315 Remote DoS attack against SSH Secure Shell for Windows Servers
Reference: URL:http://marc.info/?l=bugtraq&m=98467799732241&w=2
Reference: XF:ssh-ssheloop-dos(6241)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6241

---

Name: CVE-2001-0365

Description:

Eudora before 5.1 allows a remote attacker to execute arbitrary code, when the 'Use Microsoft Viewer' and 'allow executables in HTML content' options are enabled, via an HTML email message containing Javascript, with ActiveX controls and malicious code within IMG tags.

Status:Entry
Reference: BID:2490
Reference: URL:http://www.securityfocus.com/bid/2490
Reference: BUGTRAQ:20010318 feeble.you!dora.exploit
Reference: URL:http://marc.info/?l=bugtraq&m=98503741910995&w=2
Reference: XF:eudora-html-execute-code(6262)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6262

---

Name: CVE-2001-0366

Description:

saposcol in SAP R/3 Web Application Server Demo before 1.5 trusts the PATH environmental variable to find and execute the expand program, which allows local users to obtain root access by modifying the PATH to point to a Trojan horse expand program.

Status:Entry
Reference: BID:2662
Reference: URL:http://www.securityfocus.com/bid/2662
Reference: BUGTRAQ:20010429 SAP R/3 Web Application Server Demo for Linux: root exploit
Reference: URL:http://www.securityfocus.com/archive/1/180498
Reference: CONFIRM:ftp://ftp.sap.com/pub/linuxlab/saptools/README.saposcol
Reference: XF:linux-sap-execute-code(6487)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6487

---

Name: CVE-2001-0368

Description:

Directory traversal vulnerability in BearShare 2.2.2 and earlier allows a remote attacker to read certain files via a URL containing a series of . characters, a variation of the .. (dot dot) attack.

Status:Entry
Reference: BID:2672
Reference: URL:http://www.securityfocus.com/bid/2672
Reference: BUGTRAQ:20010430 A Serious Security Vulnerability Found in BearShare (Directory Traversal)
Reference: URL:http://www.securityfocus.com/archive/1/180644
Reference: OSVDB:1810
Reference: URL:http://www.osvdb.org/1810
Reference: XF:bearshare-dot-download-files(6481)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6481

---

Name: CVE-2001-0371

Description:

Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and earlier, and possibly other operating systems, makes deleted data available to user processes before it is zeroed out, which allows a local user to access otherwise restricted information.

Status:Entry
Reference: FREEBSD:FreeBSD-SA-01:30
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-03/0403.html
Reference: OSVDB:5682
Reference: URL:http://www.osvdb.org/5682
Reference: XF:ufs-ext2fs-data-disclosure(6268)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6268

---

Name: CVE-2001-0373

Description:

The default configuration of the Dr. Watson program in Windows NT and Windows 2000 generates user.dmp crash dump files with world-readable permissions, which could allow a local user to gain access to sensitive information.

Status:Entry
Reference: BID:2501
Reference: URL:http://www.securityfocus.com/bid/2501
Reference: BUGTRAQ:20010323 NT crash dump files insecure by default
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0336.html
Reference: OSVDB:5683
Reference: URL:http://www.osvdb.org/5683
Reference: XF:win-userdmp-insecure-permission(6275)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6275

---

Name: CVE-2001-0375

Description:

Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa authentication to a TACACS+ server allows remote attackers to cause a denial of service via a large number of authentication requests.

Status:Entry
Reference: BID:2551
Reference: URL:http://www.securityfocus.com/bid/2551
Reference: BUGTRAQ:20010406 PIX Firewall 5.1 DoS Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=98658271707833&w=2
Reference: CISCO:20011003 Cisco PIX Firewall Authentication Denial of Service Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/pixfirewall-authen-flood-pub.shtml
Reference: XF:cisco-pix-tacacs-dos(6353)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6353

---

Name: CVE-2001-0377

Description:

Infradig Inframail prior to 3.98a allows a remote attacker to create a denial of service via a malformed POST request which includes a space followed by a large string.

Status:Entry
Reference: BUGTRAQ:20010328 Inframail Denial of Service Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0428.html
Reference: OSVDB:5685
Reference: URL:http://www.osvdb.org/5685
Reference: XF:inframail-post-dos(6297)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6297

---

Name: CVE-2001-0378

Description:

readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history files with insecure permissions, which allows a local attacker to recover potentially sensitive information via readline history files.

Status:Entry
Reference: CONFIRM:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/024_readline.patch
Reference: OSVDB:5680
Reference: URL:http://www.osvdb.org/5680
Reference: XF:bsd-readline-permissions(6586)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6586

---

Name: CVE-2001-0379

Description:

Vulnerability in the newgrp program included with HP9000 servers running HP-UX 11.11 allows a local attacker to obtain higher access rights.

Status:Entry
Reference: CERT-VN:VU#249224
Reference: URL:http://www.kb.cert.org/vuls/id/249224
Reference: HP:HPSBUX0103-147
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0101.html
Reference: OSVDB:5681
Reference: URL:http://www.osvdb.org/5681
Reference: XF:hp-newgrp-additional-privileges(6282)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6282

---

Name: CVE-2001-0383

Description:

banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to modify banner ad URLs by directly calling the Change operation, which does not require authentication.

Status:Entry
Reference: BID:2544
Reference: URL:http://www.securityfocus.com/bid/2544
Reference: BUGTRAQ:20010401 Php-nuke exploit...
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0017.html
Reference: CONFIRM:http://phpnuke.org/download.php?dcategory=Fixes
Reference: XF:php-nuke-url-redirect(6342)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6342

---

Name: CVE-2001-0386

Description:

AnalogX SimpleServer:WWW 1.08 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory.

Status:Entry
Reference: BID:2608
Reference: URL:http://www.securityfocus.com/bid/2608
Reference: BUGTRAQ:20010417 Advisory for SimpleServer:WWW (analogX)
Reference: URL:http://www.securityfocus.com/archive/1/177156
Reference: OSVDB:3781
Reference: URL:http://www.osvdb.org/3781
Reference: XF:analogx-simpleserver-aux-dos(6395)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6395

---

Name: CVE-2001-0387

Description:

Format string vulnerability in hfaxd in HylaFAX before 4.1.b2_2 allows local users to gain privileges via the -q command line argument.

Status:Entry
Reference: BID:2574
Reference: URL:http://www.securityfocus.com/bid/2574
Reference: BUGTRAQ:20010412 HylaFAX vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/175963
Reference: BUGTRAQ:20010415 **SECURITY ADVISORY** - HylaFAX format string vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0236.html
Reference: FREEBSD:FreeBSD-SA-01:34
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-04/0606.html
Reference: MANDRAKE:MDKSA-2001:041
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-041.php3
Reference: OSVDB:5679
Reference: URL:http://www.osvdb.org/5679
Reference: SUSE:SuSE-SA:2001:15
Reference: URL:http://lists.suse.com/archives/suse-security-announce/2001-Apr/0005.html
Reference: XF:hylafax-hfaxd-format-string(6377)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6377

---

Name: CVE-2001-0388

Description:

time server daemon timed allows remote attackers to cause a denial of service via malformed packets.

Status:Entry
Reference: FREEBSD:FreeBSD-SA-01:28
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:28.timed.asc
Reference: MANDRAKE:MDKSA-2001:034
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-034.php3
Reference: SUSE:SuSE-SA:2001:07
Reference: URL:http://www.novell.com/linux/security/advisories/2001_007_nkitserv.html
Reference: XF:timed-remote-dos(6228)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6228

---

Name: CVE-2001-0394

Description:

Remote manager service in Website Pro 3.0.37 allows remote attackers to cause a denial of service via a series of malformed HTTP requests to the /dyn directory.

Status:Entry
Reference: BUGTRAQ:20010328 def-2001-15: Website Pro Remote Manager DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0425.html
Reference: OSVDB:5669
Reference: URL:http://www.osvdb.org/5669
Reference: XF:website-pro-remote-dos(6295)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6295

---

Name: CVE-2001-0402

Description:

IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrestricted port.

Status:Entry
Reference: BUGTRAQ:20010408 A fragmentation attack against IP Filter
Reference: URL:http://marc.info/?l=bugtraq&m=98679734015538&w=2
Reference: FREEBSD:FreeBSD-SA-01:32
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-04/0338.html
Reference: XF:ipfilter-access-ports(6331)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6331

---

Name: CVE-2001-0405

Description:

ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote attackers to bypass access restrictions for an FTP server via a PORT command that lists an arbitrary IP address and port number, which is added to the RELATED table and allowed by the firewall.

Status:Entry
Reference: BID:2602
Reference: URL:http://www.securityfocus.com/bid/2602
Reference: BUGTRAQ:20010416 Tempest Security Techonologies -- Adivsory #01/2001 -- Linux IPTables
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0271.html
Reference: MANDRAKE:MDKSA-2001:071
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-071.php3
Reference: REDHAT:RHSA-2001:052
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-052.html
Reference: REDHAT:RHSA-2001:084
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-084.html
Reference: XF:linux-netfilter-iptables(6390)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6390

---

Name: CVE-2001-0407

Description:

Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot).

Status:Entry
Reference: BID:2522
Reference: URL:http://www.securityfocus.com/bid/2522
Reference: BUGTRAQ:20010318 potential vulnerability of mysqld running with root privileges (can be used as good DoS or r00t expoloit)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0237.html
Reference: BUGTRAQ:20010327 MySQL 3.23.36 is relased (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0396.html
Reference: XF:mysql-dot-directory-traversal(6617)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6617

---

Name: CVE-2001-0408

Description:

vim (aka gvim) processes VIM control codes that are embedded in a file, which could allow attackers to execute arbitrary commands when another user opens a file containing malicious VIM control codes.

Status:Entry
Reference: BID:2510
Reference: URL:http://www.securityfocus.com/bid/2510
Reference: BUGTRAQ:20010329 Immunix OS Security update for vim
Reference: URL:http://marc.info/?l=bugtraq&m=98593106111968&w=2
Reference: CALDERA:CSSA-2001-014.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-014.0.txt
Reference: MANDRAKE:MDKSA-2001:035
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-035.php3
Reference: REDHAT:RHSA-2001:008
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-008.html
Reference: SUSE:SuSE-SA:2001:12
Reference: URL:http://www.novell.com/linux/security/advisories/2001_012_vim.html
Reference: XF:vim-elevate-privileges(6259)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6259

---

Name: CVE-2001-0409

Description:

vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the victim is editing the file in a world writable directory.

Status:Entry
Reference: CALDERA:CSSA-2001-014.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-014.0.txt
Reference: SUSE:SuSE-SA:2001:12
Reference: URL:http://www.novell.com/linux/security/advisories/2001_012_vim.html
Reference: XF:vim-tmp-symlink(6628)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6628

---

Name: CVE-2001-0412

Description:

Cisco Content Services (CSS) switch products 11800 and earlier, aka Arrowpoint, allows local users to gain privileges by entering debug mode.

Status:Entry
Reference: BID:2559
Reference: URL:http://www.securityfocus.com/bid/2559
Reference: CISCO:20010404 Cisco Content Services Switch User Account Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/arrowpoint-useraccnt-debug-pub.shtml
Reference: OSVDB:1784
Reference: URL:http://www.osvdb.org/1784
Reference: XF:cisco-css-elevate-privileges(6322)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6322

---

Name: CVE-2001-0413

Description:

BinTec X4000 Access router, and possibly other versions, allows remote attackers to cause a denial of service via a SYN port scan, which causes the router to hang.

Status:Entry
Reference: BUGTRAQ:20010404 BinTec X4000 Access Router DoS Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=98644414226344&w=2
Reference: BUGTRAQ:20010406 X4000 DoS: Details and workaround
Reference: URL:http://marc.info/?l=bugtraq&m=98659862317070&w=2
Reference: BUGTRAQ:20010409 BINTEC X1200
Reference: URL:http://marc.info/?l=bugtraq&m=98697054804197&w=2
Reference: BUGTRAQ:20010410 BinTec Router DoS: Workaround and Details
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0145.html
Reference: XF:bintec-x4000-nmap-dos(6323)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6323

---

Name: CVE-2001-0414

Description:

Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument.

Status:Entry
Reference: BID:2540
Reference: URL:http://www.securityfocus.com/bid/2540
Reference: BUGTRAQ:20010404 ntpd =< 4.0.99k remote buffer overflow
Reference: URL:http://marc.info/?l=bugtraq&m=98642418618512&w=2
Reference: BUGTRAQ:20010405 Re: ntpd =< 4.0.99k remote buffer overflow]
Reference: URL:http://marc.info/?l=bugtraq&m=98654963328381&w=2
Reference: BUGTRAQ:20010406 Immunix OS Security update for ntp and xntp3
Reference: URL:http://marc.info/?l=bugtraq&m=98659782815613&w=2
Reference: BUGTRAQ:20010408 [slackware-security] buffer overflow fix for NTP
Reference: URL:http://marc.info/?l=bugtraq&m=98679815917014&w=2
Reference: BUGTRAQ:20010409 PROGENY-SA-2001-02: ntpd remote buffer overflow
Reference: URL:http://marc.info/?l=bugtraq&m=98684202610470&w=2
Reference: BUGTRAQ:20010409 [ESA-20010409-01] xntp buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0127.html
Reference: BUGTRAQ:20010409 ntp-4.99k23.tar.gz is available
Reference: URL:http://marc.info/?l=bugtraq&m=98683952401753&w=2
Reference: BUGTRAQ:20010409 ntpd - new Debian 2.2 (potato) version is also vulnerable
Reference: URL:http://marc.info/?l=bugtraq&m=98684532921941&w=2
Reference: BUGTRAQ:20010413 PROGENY-SA-2001-02A: [UPDATE] ntpd remote buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0225.html
Reference: BUGTRAQ:20010418 IBM MSS Outside Advisory Redistribution: IBM AIX: Buffer Overflow Vulnerability in (x)ntp
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0314.html
Reference: CALDERA:CSSA-2001-013
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-013.0.txt
Reference: CONECTIVA:CLA-2001:392
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000392
Reference: DEBIAN:DSA-045
Reference: URL:https://www.debian.org/security/2001/dsa-045
Reference: FREEBSD:FreeBSD-SA-01:31
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:31.ntpd.asc
Reference: MANDRAKE:MDKSA-2001:036
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-036.php3
Reference: NETBSD:NetBSD-SA2001-004
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2001-004.txt.asc
Reference: OSVDB:805
Reference: URL:http://www.osvdb.org/805
Reference: OVAL:oval:org.mitre.oval:def:3831
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3831
Reference: REDHAT:RHSA-2001:045
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-045.html
Reference: SCO:SSE073
Reference: URL:ftp://ftp.sco.com/SSE/sse073.ltr
Reference: SCO:SSE074
Reference: URL:ftp://ftp.sco.com/SSE/sse074.ltr
Reference: SUSE:SuSE-SA:2001:10
Reference: URL:http://lists.suse.com/archives/suse-security-announce/2001-Apr/0000.html
Reference: XF:ntpd-remote-bo(6321)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6321

---

Name: CVE-2001-0416

Description:

sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools.

Status:Entry
Reference: BID:2506
Reference: URL:http://www.securityfocus.com/bid/2506
Reference: BID:2683
Reference: URL:http://www.securityfocus.com/bid/2683
Reference: BUGTRAQ:20010316 Immunix OS Security update for sgml-tools
Reference: URL:http://marc.info/?l=bugtraq&m=98477491130367&w=2
Reference: CONECTIVA:CLA-2001:390
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000390
Reference: DEBIAN:DSA-038
Reference: URL:http://www.debian.org/security/2001/dsa-038
Reference: MANDRAKE:MDKSA-2001:030
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-030.php3
Reference: REDHAT:RHSA-2001:027
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-027.html
Reference: SUSE:SuSE-SA:2001:16
Reference: URL:http://www.novell.com/linux/security/advisories/2001_016_sgmltool_txt.html
Reference: XF:sgmltools-symlink(6201)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6201

---

Name: CVE-2001-0422

Description:

Buffer overflow in Xsun in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable.

Status:Entry
Reference: BID:2561
Reference: URL:http://www.securityfocus.com/bid/2561
Reference: BUGTRAQ:20010410 Solaris Xsun buffer overflow vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0158.html
Reference: OVAL:oval:org.mitre.oval:def:555
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A555
Reference: SUNBUG:4356377
Reference: SUNBUG:4425845
Reference: SUNBUG:4440161
Reference: XF:solaris-xsun-home-bo(6343)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6343

---

Name: CVE-2001-0423

Description:

Buffer overflow in ipcs in Solaris 7 x86 allows local users to execute arbitrary code via a long TZ (timezone) environmental variable, a different vulnerability than CAN-2002-0093.

Status:Entry
Reference: BID:2581
Reference: URL:http://www.securityfocus.com/bid/2581
Reference: BUGTRAQ:20010412 Solaris ipcs vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0217.html
Reference: XF:solaris-ipcs-bo(6369)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6369

---

Name: CVE-2001-0427

Description:

Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts.

Status:Entry
Reference: CISCO:20010328 VPN3000 Concentrator TELNET Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtml
Reference: OSVDB:5643
Reference: URL:http://www.osvdb.org/5643
Reference: XF:cisco-vpn-telnet-dos(6298)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6298

---

Name: CVE-2001-0428

Description:

Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via an IP packet with an invalid IP option.

Status:Entry
Reference: BID:2573
Reference: URL:http://www.securityfocus.com/bid/2573
Reference: CISCO:20010412 VPN 3000 Concentrator IP Options Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-ipoptions-vuln-pub.shtml
Reference: OSVDB:1786
Reference: URL:http://www.osvdb.org/1786
Reference: XF:cisco-vpn-ip-dos(6360)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6360

---

Name: CVE-2001-0429

Description:

Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an 802.1x frame on a Spanning Tree Protocol (STP) blocked port, which causes a network storm and a denial of service.

Status:Entry
Reference: BID:2604
Reference: URL:http://www.securityfocus.com/bid/2604
Reference: CIAC:L-072
Reference: URL:http://www.ciac.org/ciac/bulletins/l-072.shtml
Reference: CISCO:20010416 Catalyst 5000 Series 802.1x Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/cat5k-8021x-vuln-pub.shtml
Reference: XF:cisco-catalyst-8021x-dos(6379)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6379

---

Name: CVE-2001-0430

Description:

Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates temporary files.

Status:Entry
Reference: DEBIAN:DSA-046
Reference: URL:https://www.debian.org/security/2001/dsa-046
Reference: OSVDB:5642
Reference: URL:http://www.osvdb.org/5642
Reference: XF:exuberant-ctags-symlink(6388)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6388

---

Name: CVE-2001-0434

Description:

The LogDataListToFile ActiveX function used in (1) Knowledge Center and (2) Back web components of Compaq Presario computers allows remote attackers to modify arbitrary files and cause a denial of service.

Status:Entry
Reference: COMPAQ:SSRT0716
Reference: URL:http://ftp.support.compaq.com/patches/.new/html/SSRT0716-01.shtml
Reference: XF:compaq-activex-dos(6355)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6355

---

Name: CVE-2001-0439

Description:

licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

Status:Entry
Reference: CONECTIVA:CLA-2001:389
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000389
Reference: FREEBSD:FreeBSD-SA-01:35
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-04/0607.html
Reference: MANDRAKE:MDKSA-2001:032
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-032.php3
Reference: OSVDB:5641
Reference: URL:http://www.osvdb.org/5641
Reference: REDHAT:RHSA-2001:022
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-022.html
Reference: REDHAT:RHSA-2001:023
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-023.html
Reference: XF:licq-url-execute-commands(6261)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6261

---

Name: CVE-2001-0440

Description:

Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands.

Status:Entry
Reference: CONECTIVA:CLA-2001:389
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000389
Reference: FREEBSD:FreeBSD-SA-01:35
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-04/0607.html
Reference: MANDRAKE:MDKSA-2001:032
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-032.php3
Reference: OSVDB:5601
Reference: URL:http://www.osvdb.org/5601
Reference: REDHAT:RHSA-2001:022
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-022.html
Reference: REDHAT:RHSA-2001:023
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-023.html
Reference: XF:licq-logging-bo(6645)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6645

---

Name: CVE-2001-0442

Description:

Buffer overflow in Mercury MTA POP3 server for NetWare 1.48 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long APOP command.

Status:Entry
Reference: BID:2641
Reference: URL:http://www.securityfocus.com/bid/2641
Reference: BUGTRAQ:20010421 Mercury for NetWare POP3 server vulnerable to remote buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0378.html
Reference: BUGTRAQ:20010424 Re: Mercury for NetWare POP3 server vulnerable to remote buffer overflow
Reference: URL:http://online.securityfocus.com/archive/1/179217
Reference: XF:mercury-mta-bo(6444)
Reference: URL:http://www.iss.net/security_center/static/6444.php

---

Name: CVE-2001-0444

Description:

Cisco CBOS 2.3.0.053 sends output of the "sh nat" (aka "show nat") command to the terminal of the next user who attempts to connect to the router via telnet, which could allow that user to obtain sensitive information.

Status:Entry
Reference: BID:2635
Reference: URL:http://www.securityfocus.com/bid/2635
Reference: BUGTRAQ:20010420 Bug in Cisco CBOS v2.3.0.053
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0380.html
Reference: OSVDB:1796
Reference: URL:http://www.osvdb.org/1796
Reference: XF:cisco-cbos-gain-information(6453)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6453

---

Name: CVE-2001-0449

Description:

Buffer overflow in WinZip 8.0 allows attackers to execute arbitrary commands via a long file name that is processed by the /zipandemail command line option.

Status:Entry
Reference: BUGTRAQ:20010302 def-2001-09: Winzip32 zipandemail Buffer Overflow
Reference: URL:http://www.securityfocus.com/archive/1/166211
Reference: XF:winzip-zipandemail-bo(6191)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6191

---

Name: CVE-2001-0455

Description:

Cisco Aironet 340 Series wireless bridge before 8.55 does not properly disable access to the web interface, which allows remote attackers to modify its configuration.

Status:Entry
Reference: CISCO:20010307 Access to the Cisco Aironet 340 Series Wireless Bridge via Web Interface
Reference: URL:http://www.cisco.com/warp/public/707/Aironet340-pub.shtml
Reference: OSVDB:5597
Reference: URL:http://www.osvdb.org/5597
Reference: XF:cisco-aironet-web-access(6200)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6200

---

Name: CVE-2001-0456

Description:

postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended.

Status:Entry
Reference: DEBIAN:DSA-032
Reference: URL:http://www.debian.org/security/2001/dsa-032
Reference: XF:proftpd-postinst-root(6208)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6208

---

Name: CVE-2001-0457

Description:

man2html before 1.5-22 allows remote attackers to cause a denial of service (memory exhaustion).

Status:Entry
Reference: DEBIAN:DSA-035
Reference: URL:http://www.debian.org/security/2001/dsa-035
Reference: OSVDB:5631
Reference: URL:http://www.osvdb.org/5631
Reference: XF:man2html-remote-dos(6211)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6211

---

Name: CVE-2001-0461

Description:

template.cgi in Free On-Line Dictionary of Computing (FOLDOC) allows remote attackers to read files and execute commands via shell metacharacters in the argument to template.cgi.

Status:Entry
Reference: BUGTRAQ:20010309 Cgisecurity.com advisory #4 The Free On-line Dictionary of Computing
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0109.html
Reference: CONFIRM:http://wombat.doc.ic.ac.uk/foldoc/index.html
Reference: OSVDB:5591
Reference: URL:http://www.osvdb.org/5591
Reference: XF:foldoc-cgi-execute-commands(6217)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6217

---

Name: CVE-2001-0462

Description:

Directory traversal vulnerability in Perl web server 0.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.

Status:Entry
Reference: BID:2648
Reference: URL:http://www.securityfocus.com/bid/2648
Reference: BUGTRAQ:20010424 Advisory for perl webserver
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0426.html
Reference: XF:perl-webserver-directory-traversal(6451)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6451

---

Name: CVE-2001-0463

Description:

Directory traversal vulnerability in cal_make.pl in PerlCal allows remote attackers to read arbitrary files via a .. (dot dot) in the p0 parameter.

Status:Entry
Reference: BID:2663
Reference: URL:http://www.securityfocus.com/bid/2663
Reference: BUGTRAQ:20010427 PerlCal (CGI) show files vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0506.html
Reference: CONFIRM:http://www.perlcal.com/calendar/docs/bugs.txt
Reference: XF:perlcal-calmake-directory-traversal(6480)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6480

---

Name: CVE-2001-0465

Description:

TurboTax saves passwords in a temporary file when a user imports investment tax information from a financial institution, which could allow local users to obtain sensitive information.

Status:Entry
Reference: BUGTRAQ:20010405
Reference: URL:http://marc.info/?l=bugtraq&m=98653594732053&w=2
Reference: CONFIRM:http://www.turbotax.com/atr/update/
Reference: XF:turbotax-save-passwords(6622)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6622

---

Name: CVE-2001-0467

Description:

Directory traversal vulnerability in RobTex Viking Web server before 1.07-381 allows remote attackers to read arbitrary files via a \... (modified dot dot) in an HTTP URL request.

Status:Entry
Reference: BID:2643
Reference: URL:http://www.securityfocus.com/bid/2643
Reference: BUGTRAQ:20010423 Vulnerability in Viking Web Server
Reference: URL:http://www.securityfocus.com/archive/1/178935
Reference: CONFIRM:http://www.robtex.com/files/viking/beta/chglog.txt
Reference: XF:viking-dot-directory-traversal(6450)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6450

---

Name: CVE-2001-0469

Description:

rwho daemon rwhod in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service via malformed packets with a short length.

Status:Entry
Reference: BID:2473
Reference: URL:http://www.securityfocus.com/bid/2473
Reference: FREEBSD:FreeBSD-SA-01:29
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-03/0163.html
Reference: XF:rwhod-remote-dos(6229)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6229

---

Name: CVE-2001-0473

Description:

Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands.

Status:Entry
Reference: BUGTRAQ:20010315 Immunix OS Security update for mutt
Reference: URL:http://marc.info/?l=bugtraq&m=98473109630421&w=2
Reference: BUGTRAQ:20010320 Trustix Security Advisory - mutt
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0246.html
Reference: CONECTIVA:CLA-2001:385
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000385
Reference: MANDRAKE:MDKSA-2001-031
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-031.php3
Reference: OSVDB:5615
Reference: URL:http://www.osvdb.org/5615
Reference: REDHAT:RHSA-2001:029
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-029.html
Reference: XF:mutt-imap-format-string(6235)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6235

---

Name: CVE-2001-0474

Description:

Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/glxmemory file.

Status:Entry
Reference: MANDRAKE:MDKSA-2001:029
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-029.php3
Reference: XF:mesa-utahglx-symlink(6231)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6231

---

Name: CVE-2001-0475

Description:

index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote attackers to execute arbitrary PHP code via special characters in the templatecache parameter.

Status:Entry
Reference: BID:2474
Reference: URL:http://www.securityfocus.com/bid/2474
Reference: BUGTRAQ:20010315 vBulletin allows arbitrary code execution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0180.html
Reference: CONFIRM:http://www.vbulletin.com/forum/showthread.php?s=b20af207b5b908ecf7a4ecf56fbe3cd3&threadid=10839
Reference: XF:vbulletin-php-elevate-privileges(6237)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6237

---

Name: CVE-2001-0481

Description:

Vulnerability in rpmdrake in Mandrake Linux 8.0 related to insecure temporary file handling.

Status:Entry
Reference: MANDRAKE:MDKSA-2001:043
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-043.php3
Reference: OSVDB:5612
Reference: URL:http://www.osvdb.org/5612
Reference: XF:linux-rpmdrake-temp-file(6494)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6494

---

Name: CVE-2001-0482

Description:

Configuration error in Argus PitBull LX allows root users to bypass specified access control restrictions and cause a denial of service or execute arbitrary commands by modifying kernel variables such as MaxFiles, MaxInodes, and ModProbePath in /proc/sys via calls to sysctl.

Status:Entry
Reference: BUGTRAQ:20010330 Serious Pitbull LX Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0475.html
Reference: XF:pitbull-lx-modify-kernel(6623)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6623

---

Name: CVE-2001-0485

Description:

Unknown vulnerability in netprint in IRIX 6.2, and possibly other versions, allows local users with lp privileges attacker to execute arbitrary commands via the -n option.

Status:Entry
Reference: BID:2656
Reference: URL:http://www.securityfocus.com/bid/2656
Reference: BUGTRAQ:20010426 IRIX /usr/lib/print/netprint local root symbols exploit.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0475.html
Reference: BUGTRAQ:20010427 Re: IRIX /usr/lib/print/netprint local root symbols exploit.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0502.html
Reference: OSVDB:8571
Reference: URL:http://www.osvdb.org/8571
Reference: SGI:20010701-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20010701-01-P
Reference: XF:irix-netprint-shared-library(6473)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6473

---

Name: CVE-2001-0486

Description:

Remote attackers can cause a denial of service in Novell BorderManager 3.6 and earlier by sending TCP SYN flood to port 353.

Status:Entry
Reference: BID:2623
Reference: URL:http://www.securityfocus.com/bid/2623
Reference: BUGTRAQ:20010420 Novell BorderManager 3.5 VPN Denial of Service
Reference: URL:http://marc.info/?l=bugtraq&m=98779821207867&w=2
Reference: BUGTRAQ:20010429 Proof of concept DoS against novell border manager enterprise
Reference: URL:http://marc.info/?l=bugtraq&m=98865027328391&w=2
Reference: BUGTRAQ:20010501 Re: Proof of concept DoS against novell border manager enterprise edition 3.5
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0000.html
Reference: CONFIRM:http://support.novell.com/cgi-bin/search/searchtid.cgi?/2959062.htm
Reference: VULN-DEV:20010402 (no subject)
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0020.html
Reference: XF:bordermanager-vpn-syn-dos(6429)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6429

---

Name: CVE-2001-0487

Description:

AIX SNMP server snmpd allows remote attackers to cause a denial of service via a RST during the TCP connection.

Status:Entry
Reference: AIXAPAR:IY17630
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY17630&apar=only
Reference: OSVDB:5611
Reference: URL:http://www.osvdb.org/5611
Reference: XF:aix-snmpd-rst-dos(6996)
Reference: URL:http://www.iss.net/security_center/static/6996.php

---

Name: CVE-2001-0488

Description:

pcltotiff in HP-UX 10.x has unnecessary set group id permissions, which allows local users to cause a denial of service.

Status:Entry
Reference: BID:2646
Reference: URL:http://www.securityfocus.com/bid/2646
Reference: HP:HPSBUX0104-149
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0104-149
Reference: OSVDB:2188
Reference: URL:http://www.osvdb.org/2188
Reference: XF:hp-pcltotiff-insecure-permissions(6447)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6447

---

Name: CVE-2001-0489

Description:

Format string vulnerability in gftp prior to 2.0.8 allows remote malicious FTP servers to execute arbitrary commands.

Status:Entry
Reference: BID:2657
Reference: URL:http://www.securityfocus.com/bid/2657
Reference: DEBIAN:DSA-057
Reference: URL:http://www.debian.org/security/2001/dsa-057
Reference: MANDRAKE:MDKSA-2001-044
Reference: OSVDB:1805
Reference: URL:http://www.osvdb.org/1805
Reference: REDHAT:RHSA-2001:053
Reference: URL:http://archives.neohapsis.com/archives/linux/redhat/2001-q2/0043.html
Reference: VULN-DEV:20010417 gftp exploitable?
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0231.html
Reference: XF:gftp-format-string(6478)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6478

---

Name: CVE-2001-0493

Description:

Small HTTP server 2.03 allows remote attackers to cause a denial of service via a URL that contains an MS-DOS device name such as aux.

Status:Entry
Reference: BID:2649
Reference: URL:http://www.securityfocus.com/bid/2649
Reference: BUGTRAQ:20010424 Advisory for Small HTTP Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0428.html
Reference: CONFIRM:http://home.lanck.net/mf/srv/index.htm
Reference: XF:small-http-aux-dos(6446)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6446

---

Name: CVE-2001-0494

Description:

Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior versions allows remote attackers to execute arbitrary code via a long From: header.

Status:Entry
Reference: BUGTRAQ:20010424 IPSwitch IMail 6.06 SMTP Remote System Access Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0433.html
Reference: CONFIRM:http://ipswitch.com/Support/IMail/news.html
Reference: OSVDB:5610
Reference: URL:http://www.osvdb.org/5610
Reference: XF:ipswitch-imail-smtp-bo(6445)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6445

---

Name: CVE-2001-0495

Description:

Directory traversal in DataWizard WebXQ server 1.204 allows remote attackers to view files outside of the web root via a .. (dot dot) attack.

Status:Entry
Reference: BID:2660
Reference: URL:http://www.securityfocus.com/bid/2660
Reference: BUGTRAQ:20010426 Vulnerability in WebXQ Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0490.html
Reference: OSVDB:1799
Reference: URL:http://www.osvdb.org/1799
Reference: XF:webxq-dot-directory-traversal(6466)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6466

---

Name: CVE-2001-0497

Description:

dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates.

Status:Entry
Reference: ISS:20010611 BIND Inadvertent Local Exposure of HMAC-MD5 (TSIG) Keys
Reference: URL:http://xforce.iss.net/alerts/advise78.php
Reference: OSVDB:5609
Reference: URL:http://www.osvdb.org/5609
Reference: XF:bind-local-key-exposure(6694)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6694

---

Name: CVE-2001-0500

Description:

Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.

Status:Entry
Reference: BID:2880
Reference: URL:http://www.securityfocus.com/bid/2880
Reference: BUGTRAQ:20010618 All versions of Microsoft Internet Information Services, Remote buffer overflow (SYSTEM Level Access)
Reference: URL:http://www.securityfocus.com/archive/1/191873
Reference: CERT:CA-2001-13
Reference: URL:http://www.cert.org/advisories/CA-2001-13.html
Reference: CIAC:L-098
Reference: URL:http://www.ciac.org/ciac/bulletins/l-098.shtml
Reference: MS:MS01-033
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-033
Reference: OVAL:oval:org.mitre.oval:def:197
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A197
Reference: XF:iis-isapi-idq-bo(6705)
Reference: URL:http://www.iss.net/security_center/static/6705.php

---

Name: CVE-2001-0501

Description:

Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner.

Status:Entry
Reference: BID:2876
Reference: URL:http://www.securityfocus.com/bid/2876
Reference: BUGTRAQ:20010622 Fwd: Microsoft Word macro vulnerability advisory MS01-034
Reference: URL:http://marc.info/?l=bugtraq&m=99325144322224&w=2
Reference: MS:MS01-034
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-034
Reference: XF:msword-macro-bypass-security(6732)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6732

---

Name: CVE-2001-0502

Description:

Running Windows 2000 LDAP Server over SSL, a function does not properly check the permissions of a user request when the directory principal is a domain user and the data attribute is the domain password, which allows local users to modify the login password of other users.

Status:Entry
Reference: BID:2929
Reference: URL:http://www.securityfocus.com/bid/2929
Reference: CIAC:L-101
Reference: URL:http://www.ciac.org/ciac/bulletins/l-101.shtml
Reference: MS:MS01-036
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-036
Reference: XF:win2k-ldap-change-passwords(6745)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6745

---

Name: CVE-2001-0503

Description:

Microsoft NetMeeting 3.01 with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service via a malformed string to the NetMeeting service port, aka a variant of the "NetMeeting Desktop Sharing" vulnerability.

Status:Entry
Reference: MS:MS00-077
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2000/ms00-077
Reference: OSVDB:5608
Reference: URL:http://www.osvdb.org/5608
Reference: XF:netmeeting-desktop-sharing-dos(5368)
Reference: URL:http://www.iss.net/security_center/static/5368.php

---

Name: CVE-2001-0504

Description:

Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activities such as mail relaying.

Status:Entry
Reference: BID:2988
Reference: URL:http://www.securityfocus.com/bid/2988
Reference: CERT-VN:VU#435963
Reference: URL:http://www.kb.cert.org/vuls/id/435963
Reference: CIAC:L-107
Reference: URL:http://www.ciac.org/ciac/bulletins/l-107.shtml
Reference: MS:MS01-037
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-037
Reference: XF:win2k-smtp-mail-relay(6803)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6803

---

Name: CVE-2001-0506

Description:

Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability.

Status:Entry
Reference: BID:3190
Reference: URL:http://www.securityfocus.com/bid/3190
Reference: BUGTRAQ:20010817 NSFOCUS SA2001-06 : Microsoft IIS ssinc.dll Buffer Overflow Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=99802093532233&w=2
Reference: BUGTRAQ:20011127 IIS Server Side Include Buffer overflow exploit code
Reference: URL:http://online.securityfocus.com/archive/1/242541
Reference: CIAC:L-132
Reference: URL:http://www.ciac.org/ciac/bulletins/l-132.shtml
Reference: MS:MS01-044
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-044
Reference: XF:iis-ssi-directive-bo(6984)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6984

---

Name: CVE-2001-0507

Description:

IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability.

Status:Entry
Reference: BUGTRAQ:20010816 ENTERCEPT SECURITY ALERT: Privilege Escalation Vulnerability in Microsoft IIS
Reference: URL:http://online.securityfocus.com/archive/1/205069
Reference: CIAC:L-132
Reference: URL:http://www.ciac.org/ciac/bulletins/l-132.shtml
Reference: MS:MS01-044
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-044
Reference: OSVDB:5607
Reference: URL:http://www.osvdb.org/5607
Reference: OVAL:oval:org.mitre.oval:def:909
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A909
Reference: OVAL:oval:org.mitre.oval:def:912
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A912
Reference: XF:iis-relative-path-privilege-elevation(6985)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6985

---

Name: CVE-2001-0508

Description:

Vulnerability in IIS 5.0 allows remote attackers to cause a denial of service (restart) via a long, invalid WebDAV request.

Status:Entry
Reference: BID:2690
Reference: URL:http://www.securityfocus.com/bid/2690
Reference: BUGTRAQ:20010506 IIS 5.0 PROPFIND DOS #2
Reference: URL:http://online.securityfocus.com/archive/1/182579
Reference: MS:MS01-044
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-044
Reference: OSVDB:5606
Reference: URL:http://www.osvdb.org/5606
Reference: OSVDB:5633
Reference: URL:http://www.osvdb.org/5633
Reference: XF:iis-webdav-long-request-dos(6982)
Reference: URL:http://www.iss.net/security_center/static/6982.php

---

Name: CVE-2001-0513

Description:

Oracle listener process on Windows NT redirects connection requests to another port and creates a separate thread to process the request, which allows remote attackers to cause a denial of service by repeatedly connecting to the Oracle listener but not connecting to the redirected port.

Status:Entry
Reference: CERT-VN:VU#105259
Reference: URL:http://www.kb.cert.org/vuls/id/105259
Reference: ISS:20010619 Oracle Redirect Denial of Service
Reference: URL:http://xforce.iss.net/alerts/advise81.php
Reference: OSVDB:5600
Reference: URL:http://www.osvdb.org/5600
Reference: XF:oracle-listener-redirect-dos(6717)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6717

---

Name: CVE-2001-0514

Description:

SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used in Netgear ME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain sensitive information such as WEP keys, cause a denial of service, or gain access to the network.

Status:Entry
Reference: BID:2896
Reference: URL:http://www.securityfocus.com/bid/2896
Reference: ISS:20010620 Multiple Vendor 802.11b Access Point SNMP authentication flaw
Reference: URL:http://xforce.iss.net/alerts/advise83.php
Reference: XF:atmel-vnetb-ap-snmp-security(6576)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6576

---

Name: CVE-2001-0517

Description:

Oracle listener in Oracle 8i on Solaris allows remote attackers to cause a denial of service via a malformed connection packet with a maximum transport data size that is set to 0.

Status:Entry
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf
Reference: ISS:20010515 Multiple Oracle Listener Denial of Service Vulnerabilities
Reference: URL:http://xforce.iss.net/alerts/advise82.php
Reference: OSVDB:5590
Reference: URL:http://www.osvdb.org/5590
Reference: XF:oracle-listener-data-transport-dos(6715)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6715

---

Name: CVE-2001-0518

Description:

Oracle listener before Oracle 9i allows attackers to cause a denial of service by repeatedly sending the first portion of a fragmented Oracle command without sending the remainder of the command, which causes the listener to hang.

Status:Entry
Reference: CONFIRM:http://otn.oracle.com/deploy/security/alerts.htm
Reference: ISS:20010515 Multiple Oracle Listener Denial of Service Vulnerabilities
Reference: URL:http://xforce.iss.net/alerts/advise82.php
Reference: XF:oracle-listener-fragmentation-dos(6716)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6716

---

Name: CVE-2001-0522

Description:

Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file.

Status:Entry
Reference: BID:2797
Reference: URL:http://www.securityfocus.com/bid/2797
Reference: BUGTRAQ:20010529 [synnergy] - GnuPG remote format string vulnerability
Reference: BUGTRAQ:20010601 The GnuPG format string bug (was: TSLSA-2001-0009 - GnuPG)
Reference: URL:http://online.securityfocus.com/archive/1/188218
Reference: CALDERA:CSSA-2001-020.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-020.0.txt
Reference: CERT-VN:VU#403051
Reference: URL:http://www.kb.cert.org/vuls/id/403051
Reference: CONECTIVA:CLA-2001:399
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000399
Reference: CONFIRM:http://www.gnupg.org/whatsnew.html#rn20010529
Reference: DEBIAN:DSA-061
Reference: URL:http://www.debian.org/security/2001/dsa-061
Reference: IMMUNIX:IMNX-2001-70-023-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-023-01
Reference: MANDRAKE:MDKSA-2001:053
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-053.php3
Reference: OSVDB:1845
Reference: URL:http://www.osvdb.org/1845
Reference: REDHAT:RHSA-2001:073
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-073.html
Reference: SUSE:SuSE-SA:2001:020
Reference: URL:http://www.novell.com/linux/security/advisories/2001_020_gpg_txt.html
Reference: TURBO:TLSA2001028
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2001-June/000439.html
Reference: XF:gnupg-tty-format-string(6642)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6642

---

Name: CVE-2001-0525

Description:

Buffer overflow in dsh in dqs 3.2.7 in SuSE Linux 7.0 and earlier, and possibly other operating systems, allows local users to gain privileges via a long first command line argument.

Status:Entry
Reference: BID:2749
Reference: URL:http://www.securityfocus.com/bid/2749
Reference: BUGTRAQ:20010519 Re: dqs 3.2.7 local root exploit.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0195.html
Reference: BUGTRAQ:20010519 dqs 3.2.7 local root exploit.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0193.html
Reference: XF:dqs-dsh-bo(6577)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6577

---

Name: CVE-2001-0526

Description:

Buffer overflow in the Xview library as used by mailtool in Solaris 8 and earlier allows a local attacker to gain privileges via the OPENWINHOME environment variable.

Status:Entry
Reference: BUGTRAQ:20010528 [synnergy] - Solaris mailtool(1) buffer overflow vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0258.html
Reference: SUNBUG:4458476
Reference: XF:solaris-mailtool-openwinhome-bo(6626)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6626

---

Name: CVE-2001-0527

Description:

DCScripts DCForum versions 2000 and earlier allow a remote attacker to gain additional privileges by inserting pipe symbols (|) and newlines into the last name in the registration form, which will create an extra entry in the registration database.

Status:Entry
Reference: BID:2728
Reference: URL:http://www.securityfocus.com/bid/2728
Reference: BUGTRAQ:20010515 DCForum Password File Manipukation Vulnerability (qDefense Advisory Number QDAV-5-2000-2)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0122.html
Reference: CONFIRM:http://www.dcscripts.com/dcforum/dcfNews/167.html
Reference: OSVDB:480
Reference: URL:http://www.osvdb.org/480
Reference: XF:dcforum-cgi-admin-access(6538)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6538

---

Name: CVE-2001-0528

Description:

Oracle E-Business Suite Release 11i Applications Desktop Integrator (ADI) version 7.x includes a debug version of FNDPUB11I.DLL, which logs the APPS schema password in cleartext in a debug file, which allows local users to obtain the password and gain privileges.

Status:Entry
Reference: BID:2694
Reference: URL:http://www.securityfocus.com/bid/2694
Reference: BUGTRAQ:20010507 Oracle's ADI 7.1.1.10.1 Major security hole
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0044.html
Reference: BUGTRAQ:20010522 Vulnerability in Oracle E-Business Suite Release 11i Applications Desktop Integrator
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0223.html
Reference: XF:oracle-adi-plaintext-passwords(6501)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6501

---

Name: CVE-2001-0529

Description:

OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack.

Status:Entry
Reference: BID:2825
Reference: URL:http://www.securityfocus.com/bid/2825
Reference: BUGTRAQ:20010604 Re: SSH allows deletion of other users files...
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0007.html
Reference: BUGTRAQ:20010604 SSH allows deletion of other users files...
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0322.html
Reference: BUGTRAQ:20010605 OpenSSH_2.5.2p2 RH7.0 <- version info
Reference: URL:http://online.securityfocus.com/archive/1/188737
Reference: CALDERA:CSSA-2001-023.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-023.0.txt
Reference: CERT-VN:VU#655259
Reference: URL:http://www.kb.cert.org/vuls/id/655259
Reference: CONECTIVA:CLA-2001:431
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000431
Reference: IMMUNIX:IMNX-2001-70-034-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-034-01
Reference: NETBSD:NetBSD-SA2001-010
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-010.txt.asc
Reference: OPENBSD:20010612
Reference: URL:http://www.openbsd.org/errata29.html
Reference: OSVDB:1853
Reference: URL:http://www.osvdb.org/1853
Reference: XF:openssh-symlink-file-deletion(6676)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6676

---

Name: CVE-2001-0530

Description:

Spearhead NetGAP 200 and 300 before build 78 allow a remote attacker to bypass file blocking and content inspection via specially encoded URLs which include '%' characters.

Status:Entry
Reference: BID:2798
Reference: URL:http://www.securityfocus.com/bid/2798
Reference: BUGTRAQ:20010528 Vulnerability discovered in SpearHead NetGap
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0256.html
Reference: BUGTRAQ:20010607 SpearHead Security NetGAP
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0047.html
Reference: XF:netgap-unicode-bypass-filter(6625)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6625

---

Name: CVE-2001-0533

Description:

Buffer overflow in libi18n library in IBM AIX 5.1 and 4.3.x allows local users to gain root privileges via a long LANG environmental variable.

Status:Entry
Reference: CIAC:L-123
Reference: URL:http://www.ciac.org/ciac/bulletins/l-123.shtml
Reference: IBM:MSS-OAR-E01-2001:271.1
Reference: URL:http://www-1.ibm.com/services/continuity/recover1.nsf/advisories/85256A3400529A8685256A8D00804A37/$file/oar271.txt
Reference: OSVDB:5585
Reference: URL:http://www.osvdb.org/5585
Reference: XF:aix-libi18n-lang-bo(6863)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6863

---

Name: CVE-2001-0537

Description:

HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.

Status:Entry
Reference: BID:2936
Reference: URL:http://www.securityfocus.com/bid/2936
Reference: BUGTRAQ:20010629 Re: Cisco Security Advisory: IOS HTTP authorization vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/4.3.2.7.2.20010629095801.0c3e6a70@brussels.cisco.com
Reference: BUGTRAQ:20010702 Cisco IOS HTTP Configuration Exploit
Reference: URL:http://www.securityfocus.com/archive/1/1601227034.20010702112207@olympos.org
Reference: BUGTRAQ:20010702 Cisco device HTTP exploit...
Reference: URL:http://www.securityfocus.com/archive/1/Pine.LNX.3.96.1010702134611.22995B-100000@Lib-Vai.lib.asu.edu
Reference: BUGTRAQ:20010702 ios-http-auth.sh
Reference: URL:http://www.securityfocus.com/archive/1/20010703011650.60515.qmail@web14910.mail.yahoo.com
Reference: CERT:CA-2001-14
Reference: URL:http://www.cert.org/advisories/CA-2001-14.html
Reference: CIAC:L-106
Reference: URL:http://www.ciac.org/ciac/bulletins/l-106.shtml
Reference: CISCO:20010627 IOS HTTP authorization vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html
Reference: OSVDB:578
Reference: URL:http://www.osvdb.org/578
Reference: XF:cisco-ios-admin-access(6749)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6749

---

Name: CVE-2001-0538

Description:

Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.

Status:Entry
Reference: BID:3025
Reference: URL:http://www.securityfocus.com/bid/3025
Reference: BUGTRAQ:20010712 MS Office XP - the more money I give to Microsoft, the more vulnerable my Windows computers are
Reference: URL:http://marc.info/?l=bugtraq&m=99496431214078&w=2
Reference: CERT-VN:VU#131569
Reference: URL:http://www.kb.cert.org/vuls/id/131569
Reference: CIAC:L-113
Reference: URL:http://www.ciac.org/ciac/bulletins/l-113.shtml
Reference: MS:MS01-038
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-038
Reference: NTBUGTRAQ:20010712 Vulnerability in IE/Outlook ActiveX control
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0107&L=ntbugtraq&F=P&S=&P=862
Reference: XF:outlook-activex-view-control(6831)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6831

---

Name: CVE-2001-0540

Description:

Memory leak in Terminal servers in Windows NT and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed Remote Desktop Protocol (RDP) requests to port 3389.

Status:Entry
Reference: BID:3099
Reference: URL:http://www.securityfocus.com/bid/3099
Reference: MS:MS01-040
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-040
Reference: XF:win-terminal-rdp-dos(6912)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6912

---

Name: CVE-2001-0541

Description:

Buffer overflow in Microsoft Windows Media Player 7.1 and earlier allows remote attackers to execute arbitrary commands via a malformed Windows Media Station (.NSC) file.

Status:Entry
Reference: BID:3105
Reference: URL:http://www.securityfocus.com/bid/3105
Reference: BUGTRAQ:20010527 Microsoft Windows Media Player Buffer Overflow Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/187001
Reference: MS:MS01-042
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-042
Reference: XF:mediaplayer-nsc-bo(6907)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6907

---

Name: CVE-2001-0543

Description:

Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts.

Status:Entry
Reference: BID:3183
Reference: URL:http://www.securityfocus.com/bid/3183
Reference: MS:MS01-043
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-043
Reference: OVAL:oval:org.mitre.oval:def:334
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A334
Reference: XF:win-nntp-dos(6977)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6977

---

Name: CVE-2001-0544

Description:

IIS 5.0 allows local users to cause a denial of service (hang) via by installing content that produces a certain invalid MIME Content-Type header, which corrupts the File Type table.

Status:Entry
Reference: BID:3195
Reference: URL:http://www.securityfocus.com/bid/3195
Reference: CIAC:L-132
Reference: URL:http://www.ciac.org/ciac/bulletins/l-132.shtml
Reference: MS:MS01-044
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-044
Reference: XF:iis-invalid-mime-header-dos(6983)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6983

---

Name: CVE-2001-0545

Description:

IIS 4.0 with URL redirection enabled allows remote attackers to cause a denial of service (crash) via a malformed request that specifies a length that is different than the actual length.

Status:Entry
Reference: CIAC:L-132
Reference: URL:http://www.ciac.org/ciac/bulletins/l-132.shtml
Reference: MS:MS01-044
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-044
Reference: OSVDB:5736
Reference: URL:http://www.osvdb.org/5736
Reference: XF:iis-url-redirection-dos(6981)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6981

---

Name: CVE-2001-0546

Description:

Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data.

Status:Entry
Reference: BID:3196
Reference: URL:http://www.securityfocus.com/bid/3196
Reference: MS:MS01-045
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-045
Reference: XF:isa-h323-gatekeeper-dos(6989)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6989

---

Name: CVE-2001-0547

Description:

Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion).

Status:Entry
Reference: BID:3197
Reference: URL:http://www.securityfocus.com/bid/3197
Reference: MS:MS01-045
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-045
Reference: XF:isa-proxy-memory-leak-dos(6990)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6990

---

Name: CVE-2001-0548

Description:

Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to gain privileges via the MAIL environment variable.

Status:Entry
Reference: BID:3081
Reference: URL:http://www.securityfocus.com/bid/3081
Reference: BUGTRAQ:20010724 NSFOCUS SA2001-04 : Solaris dtmail Buffer Overflow Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=99598918914068&w=2
Reference: XF:solaris-dtmail-bo(6879)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6879

---

Name: CVE-2001-0549

Description:

Symantec LiveUpdate 1.5 stores proxy passwords in cleartext in a registry key, which could allow local users to obtain the passwords.

Status:Entry
Reference: CERT-VN:VU#814187
Reference: URL:http://www.kb.cert.org/vuls/id/814187
Reference: CONFIRM:http://www.sarc.com/avcenter/security/Content/2001_07_20.html
Reference: XF:liveupdate-obtain-proxy-password(7013)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7013

---

Name: CVE-2001-0550

Description:

wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).

Status:Entry
Reference: BID:3581
Reference: URL:http://www.securityfocus.com/bid/3581
Reference: BUGTRAQ:20011128 CORE-20011001: Wu-FTP glob heap corruption vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=100700363414799&w=2
Reference: CALDERA:CSSA-2001-041.0
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt
Reference: CALDERA:CSSA-2001-SCO.36
Reference: CALDERA:CSSA-2002-SCO.1
Reference: CERT:CA-2001-33
Reference: URL:http://www.cert.org/advisories/CA-2001-33.html
Reference: CERT-VN:VU#886083
Reference: URL:http://www.kb.cert.org/vuls/id/886083
Reference: CONECTIVA:CLA-2001:442
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000442
Reference: DEBIAN:DSA-087
Reference: URL:http://www.debian.org/security/2001/dsa-087
Reference: HP:HPSBUX0107-162
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0107-162
Reference: IMMUNIX:IMNX-2001-70-036-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-036-01
Reference: ISS:20011129 WU-FTPD Heap Corruption Vulnerability
Reference: MANDRAKE:MDKSA-2001:090
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3
Reference: REDHAT:RHSA-2001:157
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-157.html
Reference: SUSE:SuSE-SA:2001:043
Reference: URL:http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html
Reference: VULN-DEV:20010430 some ftpd implementations mishandle CWD ~{
Reference: URL:http://www.securityfocus.com/archive/82/180823
Reference: XF:wuftp-glob-heap-corruption(7611)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7611

---

Name: CVE-2001-0553

Description:

SSH Secure Shell 3.0.0 on Unix systems does not properly perform password authentication to the sshd2 daemon, which allows local users to gain access to accounts with short password fields, such as locked accounts that use "NP" in the password field.

Status:Entry
Reference: BID:3078
Reference: URL:http://www.securityfocus.com/bid/3078
Reference: BUGTRAQ:20010720 URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0486.html
Reference: CERT-VN:VU#737451
Reference: URL:http://www.kb.cert.org/vuls/id/737451
Reference: CIAC:L-121
Reference: URL:http://www.ciac.org/ciac/bulletins/l-121.shtml
Reference: CONFIRM:http://www.ssh.com/products/ssh/exploit.cfm
Reference: OSVDB:586
Reference: URL:http://www.osvdb.org/586
Reference: XF:ssh-password-length-unauth-access(6868)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6868

---

Name: CVE-2001-0554

Description:

Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.

Status:Entry
Reference: BID:3064
Reference: URL:http://www.securityfocus.com/bid/3064
Reference: BUGTRAQ:20010718 multiple vendor telnet daemon vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/197804
Reference: BUGTRAQ:20010725 SCO - Telnetd AYT overflow ?
Reference: URL:http://online.securityfocus.com/archive/1/199541
Reference: BUGTRAQ:20010725 Telnetd AYT overflow scanner
Reference: URL:http://online.securityfocus.com/archive/1/199496
Reference: BUGTRAQ:20010810 ADV/EXP: netkit <=0.17 in.telnetd remote buffer overflow
Reference: URL:http://online.securityfocus.com/archive/1/203000
Reference: CALDERA:CSSA-2001-030.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-030.0.txt
Reference: CALDERA:CSSA-2001-SCO.10
Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.10/CSSA-2001-SCO.10.txt
Reference: CERT:CA-2001-21
Reference: URL:http://www.cert.org/advisories/CA-2001-21.html
Reference: CIAC:L-131
Reference: URL:http://www.ciac.org/ciac/bulletins/l-131.shtml
Reference: CISCO:20020129 Cisco CatOS Telnet Buffer Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/catos-telrcv-vuln-pub.shtml
Reference: COMPAQ:SSRT0745U
Reference: URL:http://ftp.support.compaq.com/patches/.new/html/SSRT0745U.shtml
Reference: CONECTIVA:CLA-2001:413
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000413
Reference: DEBIAN:DSA-070
Reference: URL:http://www.debian.org/security/2001/dsa-070
Reference: DEBIAN:DSA-075
Reference: URL:http://www.debian.org/security/2001/dsa-075
Reference: FREEBSD:FreeBSD-SA-01:49
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:49.telnetd.asc
Reference: HP:HPSBUX0110-172
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q4/0014.html
Reference: IBM:MSS-OAR-E01-2001:298
Reference: URL:http://online.securityfocus.com/advisories/3476
Reference: MANDRAKE:MDKSA-2001:068
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-068.php3
Reference: NETBSD:NetBSD-SA2001-012
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-012.txt.asc
Reference: OSVDB:809
Reference: URL:http://www.osvdb.org/809
Reference: REDHAT:RHSA-2001:099
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-099.html
Reference: REDHAT:RHSA-2001:100
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-100.html
Reference: SGI:20010801-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20010801-01-P
Reference: SUSE:SuSE-SA:2001:029
Reference: URL:http://www.novell.com/linux/security/advisories/2001_029_nkitb_txt.html
Reference: XF:telnetd-option-telrcv-bo(6875)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6875

---

Name: CVE-2001-0558

Description:

T. Hauck Jana Webserver 2.01 beta 1 and earlier allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name (i.e. GET /aux HTTP/1.0).

Status:Entry
Reference: BID:2704
Reference: URL:http://www.securityfocus.com/bid/2704
Reference: BUGTRAQ:20010507 Advisory for Jana server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0086.html
Reference: OSVDB:1817
Reference: URL:http://www.osvdb.org/1817
Reference: XF:jana-server-device-dos(6521)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6521

---

Name: CVE-2001-0559

Description:

crontab in Vixie cron 3.0.1 and earlier does not properly drop privileges after the failed parsing of a modification operation, which could allow a local attacker to gain additional privileges when an editor is called to correct the error.

Status:Entry
Reference: BID:2687
Reference: URL:http://www.securityfocus.com/bid/2687
Reference: BUGTRAQ:20010507 Vixie cron vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/183029
Reference: DEBIAN:DSA-054
Reference: URL:http://www.debian.org/security/2001/dsa-054
Reference: MANDRAKE:MDKSA-2001:050
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-050.php3
Reference: SUSE:SuSE-SA:2001:17
Reference: URL:http://www.novell.com/linux/security/advisories/2001_017_cron_txt.html
Reference: XF:vixie-cron-gain-privileges(6508)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6508

---

Name: CVE-2001-0560

Description:

Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local attacker to gain additional privileges via a long username (> 20 characters).

Status:Entry
Reference: AIXAPAR:IY17048
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY17048&apar=only
Reference: AIXAPAR:IY17261
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY17261&apar=only
Reference: BUGTRAQ:20010210 vixie cron possible local root compromise
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0197.html
Reference: BUGTRAQ:20010220 Immunix OS Security update for vixie-cron
Reference: URL:http://archives.neohapsis.com/archives/linux/immunix/2001-q1/0066.html
Reference: MANDRAKE:MDKSA-2001:022
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-022.php3
Reference: OSVDB:5583
Reference: URL:http://www.osvdb.org/5583
Reference: REDHAT:RHSA-2001:014
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-014.html
Reference: XF:vixie-crontab-bo(6098)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6098

---

Name: CVE-2001-0563

Description:

ElectroSystems Engineering Inc. ElectroComm 2.0 and earlier allows a remote attacker to create a denial of service via large (> 160000 character) strings sent to port 23.

Status:Entry
Reference: BID:2706
Reference: URL:http://www.securityfocus.com/bid/2706
Reference: BUGTRAQ:20010507 Advisory for Electrocomm 2.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0049.html
Reference: XF:electrocomm-telnet-dos(6514)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6514

---

Name: CVE-2001-0564

Description:

APC Web/SNMP Management Card prior to Firmware 310 only supports one telnet connection, which allows a remote attacker to create a denial of service via repeated failed logon attempts which temporarily locks the card.

Status:Entry
Reference: BID:2430
Reference: URL:http://www.securityfocus.com/bid/2430
Reference: BUGTRAQ:20010225 APC web/snmp/telnet management card dos
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0436.html
Reference: MISC:ftp://ftp.apcftp.com/hardware/webcard/firmware/sy/v310/install.txt
Reference: XF:apc-telnet-dos(6199)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6199

---

Name: CVE-2001-0565

Description:

Buffer overflow in mailx in Solaris 8 and earlier allows a local attacker to gain additional privileges via a long '-F' command line option.

Status:Entry
Reference: BID:2610
Reference: URL:http://www.securityfocus.com/bid/2610
Reference: BUGTRAQ:20010502 Solaris mailx Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0016.html
Reference: BUGTRAQ:20010511 Solaris /usr/bin/mailx exploit (SPARC)
Reference: URL:http://online.securityfocus.com/archive/1/184210
Reference: CERT-VN:VU#446864
Reference: URL:http://www.kb.cert.org/vuls/id/446864
Reference: SUNBUG:4452732
Reference: XF:solaris-mailx-f-bo(8246)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/8246

---

Name: CVE-2001-0567

Description:

Digital Creations Zope 2.3.2 and earlier allows a local attacker to gain additional privileges via the changing of ZClass permission mappings for objects and methods in the ZClass.

Status:Entry
Reference: CONECTIVA:CLA-2001:407
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000407
Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_2001-05-01/security_alert
Reference: DEBIAN:DSA-055
Reference: URL:http://www.debian.org/security/2001/dsa-055
Reference: MANDRAKE:MDKSA-2001:049
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-049.php3
Reference: REDHAT:RHSA-2001:065
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-065.html
Reference: XF:zope-zclass-gain-privileges(6958)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6958

---

Name: CVE-2001-0573

Description:

lsfs in AIX 4.x allows a local user to gain additional privileges by creating Trojan horse programs named (1) grep or (2) lslv in a certain directory that is under the user's control, which cause lsfs to access the programs in that directory.

Status:Entry
Reference: AIXAPAR:IY16909
Reference: URL:http://archives.neohapsis.com/archives/aix/2001-q2/0000.html
Reference: CERT-VN:VU#123651
Reference: URL:http://www.kb.cert.org/vuls/id/123651
Reference: OSVDB:5582
Reference: URL:http://www.osvdb.org/5582
Reference: XF:aix-lsfs-path(7007)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7007

---

Name: CVE-2001-0574

Description:

Directory traversal vulnerability in MP3Mystic prior to 1.04b3 allows a remote attacker to download arbitrary files via a '..' (dot dot) in the URL.

Status:Entry
Reference: BID:2699
Reference: URL:http://www.securityfocus.com/bid/2699
Reference: BUGTRAQ:20010507 Advisory for MP3Mystic
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0046.html
Reference: CONFIRM:http://mp3mystic.com/mp3mystic/news.phtml
Reference: OSVDB:1815
Reference: URL:http://www.osvdb.org/1815
Reference: XF:mp3mystic-dot-directory-traversal(6504)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6504

---

Name: CVE-2001-0585

Description:

Gordano NTMail 6.0.3c allows a remote attacker to create a denial of service via a long (>= 255 characters) URL request to port 8000 or port 9000.

Status:Entry
Reference: BID:2494
Reference: URL:http://www.securityfocus.com/bid/2494
Reference: BUGTRAQ:20010320 def-2001-13: NTMail Web Services DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0248.html
Reference: XF:ntmail-long-url-dos(6249)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6249

---

Name: CVE-2001-0586

Description:

TrendMicro ScanMail for Exchange 3.5 Evaluation allows a local attacker to recover the administrative credentials for ScanMail via a combination of unprotected registry keys and weakly encrypted passwords.

Status:Entry
Reference: BUGTRAQ:20010330 STAT Security Advisory: Trend Micro's ScanMail for Exchange store s passwords in registry unprotected
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2001-q1/0049.html
Reference: OSVDB:5581
Reference: URL:http://www.osvdb.org/5581
Reference: XF:scanmail-reveals-credentials(6311)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6311

---

Name: CVE-2001-0589

Description:

NetScreen ScreenOS prior to 2.5r6 on the NetScreen-10 and Netscreen-100 can allow a local attacker to bypass the DMZ 'denial' policy via specific traffic patterns.

Status:Entry
Reference: BID:2523
Reference: URL:http://www.securityfocus.com/bid/2523
Reference: BUGTRAQ:20010326 Netscreen: DMZ Network Receives Some "Denied" Traffic
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0375.html
Reference: OSVDB:1780
Reference: URL:http://www.osvdb.org/1780
Reference: XF:netscreen-screenos-bypass-firewall(6317)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6317

---

Name: CVE-2001-0590

Description:

Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).

Status:Entry
Reference: BUGTRAQ:20010403 Re: Tomcat may reveal script source code by URL trickery
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0031.html
Reference: HP:HPSBTL0112-004
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0112-004
Reference: OSVDB:5580
Reference: URL:http://www.osvdb.org/5580
Reference: XF:jakarta-tomcat-jsp-source(6971)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6971

---

Name: CVE-2001-0591

Description:

Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 and Oracle 8.1.7 iAS Release 1.0.2 can allow a remote attacker to read or execute arbitrary .jsp files via a '..' (dot dot) attack.

Status:Entry
Reference: BID:2286
Reference: URL:http://www.securityfocus.com/bid/2286
Reference: BUGTRAQ:20010212 Patch for Potential Vulnerability in the execution of JSPs outside doc_root
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0239.html
Reference: WIN2KSEC:20010122 Oracle JSP/SQLJS handlers allow viewing files and executing JSP outside the web root
Reference: XF:oracle-handlers-directory-traversal(5986)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5986

---

Name: CVE-2001-0593

Description:

Anaconda Partners Clipper 3.3 and earlier allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in the template parameter.

Status:Entry
Reference: BID:2512
Reference: URL:http://www.securityfocus.com/bid/2512
Reference: BUGTRAQ:20010327 advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0395.html
Reference: MISC:http://anacondapartners.com/cgi-local/apexec.pl?template=ap_releasenotestemplate.html&f1=ap_af_updates_menu&f2=ap_af_releasenotes_clip
Reference: XF:anaconda-clipper-directory-traversal(6286)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6286

---

Name: CVE-2001-0594

Description:

kcms_configure as included with Solaris 7 and 8 allows a local attacker to gain additional privileges via a buffer overflow in a command line argument.

Status:Entry
Reference: BID:2558
Reference: URL:http://www.securityfocus.com/bid/2558
Reference: BUGTRAQ:20010409 Solaris kcms_configure vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0140.html
Reference: OVAL:oval:org.mitre.oval:def:65
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A65
Reference: OVAL:oval:org.mitre.oval:def:7
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7
Reference: SUNBUG:4199722
Reference: XF:solaris-kcms-command-bo(6359)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6359

---

Name: CVE-2001-0595

Description:

Buffer overflow in the kcsSUNWIOsolf.so library in Solaris 7 and 8 allows local attackers to execute arbitrary commands via the KCMS_PROFILES environment variable, e.g. as demonstrated using the kcms_configure program.

Status:Entry
Reference: BID:2605
Reference: URL:http://www.securityfocus.com/bid/2605
Reference: BUGTRAQ:20010411 [LSD] Solaris kcsSUNWIOsolf.so and dtsession vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0203.html
Reference: SUNBUG:4415570
Reference: XF:solaris-kcssunwiosolf-bo(6365)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6365

---

Name: CVE-2001-0596

Description:

Netscape Communicator before 4.77 allows remote attackers to execute arbitrary Javascript via a GIF image whose comment contains the Javascript.

Status:Entry
Reference: BID:2637
Reference: URL:http://www.securityfocus.com/bid/2637
Reference: BUGTRAQ:20010409 Netscape 4.76 gif comment flaw
Reference: URL:http://marc.info/?l=bugtraq&m=98685237415117&w=2
Reference: CONECTIVA:CLA-2001:393
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000393
Reference: DEBIAN:DSA-051
Reference: URL:http://www.debian.org/security/2001/dsa-051
Reference: IMMUNIX:IMNX-2001-70-014-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-014-01
Reference: OSVDB:5579
Reference: URL:http://www.osvdb.org/5579
Reference: REDHAT:RHSA-2001:046
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-046.html
Reference: XF:netscape-javascript-access-data(6344)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6344

---

Name: CVE-2001-0611

Description:

Becky! 2.00.05 and earlier can allow a remote attacker to gain additional privileges via a buffer overflow attack on long messages without newline characters.

Status:Entry
Reference: BID:2723
Reference: URL:http://www.securityfocus.com/bid/2723
Reference: BUGTRAQ:20010514 Becky! 2.00.05 Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0089.html
Reference: XF:becky-mail-message-bo(6531)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6531

---

Name: CVE-2001-0612

Description:

McAfee Remote Desktop 3.0 and earlier allows remote attackers to cause a denial of service (crash) via a large number of packets to port 5045.

Status:Entry
Reference: BID:2726
Reference: URL:http://www.securityfocus.com/bid/2726
Reference: BUGTRAQ:20010516 Remote Desktop DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0158.html
Reference: OSVDB:6288
Reference: URL:http://www.osvdb.org/6288
Reference: XF:remote-desktop-dos(6547)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6547

---

Name: CVE-2001-0613

Description:

Omnicron Technologies OmniHTTPD Professional 2.08 and earlier allows a remote attacker to create a denial of service via a long POST URL request.

Status:Entry
Reference: BID:2730
Reference: URL:http://www.securityfocus.com/bid/2730
Reference: BUGTRAQ:20010515 OmniHTTPd Pro Denial of Service Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0131.html
Reference: XF:omnihttpd-post-dos(6540)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6540

---

Name: CVE-2001-0615

Description:

Directory traversal vulnerability in Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a remote attacker to read arbitrary files via a specially crafted URL which includes variations of a '..' (dot dot) attack such as '...' or '....'.

Status:Entry
Reference: BID:2776
Reference: URL:http://www.securityfocus.com/bid/2776
Reference: BUGTRAQ:20010525 Advisory for Freestyle Chat server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0241.html
Reference: OSVDB:1841
Reference: URL:http://www.osvdb.org/1841
Reference: XF:freestyle-chat-directory-traversal(6601)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6601

---

Name: CVE-2001-0616

Description:

Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name (e.g., GET /aux HTTP/1.0).

Status:Entry
Reference: BID:2777
Reference: URL:http://www.securityfocus.com/bid/2777
Reference: BUGTRAQ:20010525 Advisory for Freestyle Chat server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0241.html
Reference: XF:freestyle-chat-device-dos(6602)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6602

---

Name: CVE-2001-0621

Description:

The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands.

Status:Entry
Reference: BID:2745
Reference: URL:http://www.securityfocus.com/bid/2745
Reference: CIAC:L-085
Reference: URL:http://www.ciac.org/ciac/bulletins/l-085.shtml
Reference: CISCO:20010517 Cisco Content Service Switch 11000 Series FTP Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/arrowpoint-ftp-pub.shtml
Reference: OSVDB:1834
Reference: URL:http://www.osvdb.org/1834
Reference: XF:cisco-css-ftp-commands(6557)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6557

---

Name: CVE-2001-0622

Description:

The web management service on Cisco Content Service series 11000 switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote attacker to gain additional privileges by directly requesting the web management URL instead of navigating through the interface.

Status:Entry
Reference: BID:2806
Reference: URL:http://www.securityfocus.com/bid/2806
Reference: CISCO:20010531 Cisco Content Service Switch 11000 Series Web Management Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/arrowpoint-webmgmt-vuln-pub.shtml
Reference: OSVDB:1848
Reference: URL:http://www.osvdb.org/1848
Reference: XF:cisco-css-web-management(6631)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6631

---

Name: CVE-2001-0625

Description:

ftpdownload in Computer Associates InoculateIT 6.0 allows a local attacker to overwrite arbitrary files via a symlink attack on /tmp/ftpdownload.log .

Status:Entry
Reference: BID:2778
Reference: URL:http://www.securityfocus.com/bid/2778
Reference: BUGTRAQ:20010525 Security Bug in InoculateIT for Linux (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0245.html
Reference: OSVDB:1843
Reference: URL:http://www.osvdb.org/1843
Reference: XF:inoculateit-ftpdownload-symlink(6607)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6607

---

Name: CVE-2001-0626

Description:

O'Reilly Website Professional 2.5.4 and earlier allows remote attackers to determine the physical path to the root directory via a URL request containing a ":" character.

Status:Entry
Reference: BID:2488
Reference: URL:http://www.securityfocus.com/bid/2488
Reference: BUGTRAQ:20010316 WebServer Pro All Version Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0236.html
Reference: XF:website-pro-dir-path(3839)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/3839

---

Name: CVE-2001-0627

Description:

vi as included with SCO OpenServer 5.0 - 5.0.6 allows a local attacker to overwrite arbitrary files via a symlink attack.

Status:Entry
Reference: BID:2752
Reference: URL:http://www.securityfocus.com/bid/2752
Reference: BUGTRAQ:20010522 [SRT2001-09] - vi and crontab -e /tmp issues
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0220.html
Reference: CALDERA:CSSA-2001-SCO.17
Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.17/CSSA-2001-SCO.17.txt
Reference: CERT-VN:VU#747736
Reference: URL:http://www.kb.cert.org/vuls/id/747736
Reference: XF:sco-openserver-vi-symlink(6588)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6588

---

Name: CVE-2001-0628

Description:

Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user.

Status:Entry
Reference: BID:2760
Reference: URL:http://www.securityfocus.com/bid/2760
Reference: MSKB:Q274228
Reference: URL:http://support.microsoft.com/support/kb/articles/Q274/2/28.asp
Reference: XF:word-asd-macro-execution(6614)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6614

---

Name: CVE-2001-0629

Description:

HP Event Correlation Service (ecsd) as included with OpenView Network Node Manager 6.1 allows a remote attacker to gain addition privileges via a buffer overflow attack in the '-restore_config' command line parameter.

Status:Entry
Reference: BID:2761
Reference: URL:http://www.securityfocus.com/bid/2761
Reference: BUGTRAQ:20010523 HP OpenView NNM v6.1 buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0226.html
Reference: HP:HPSBUX0107-158
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0107-158
Reference: XF:openview-nnm-ecsd-bo(6582)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6582

---

Name: CVE-2001-0630

Description:

Directory traversal vulnerability in MIMAnet viewsrc.cgi 2.0 allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in the 'loc' variable.

Status:Entry
Reference: BID:2762
Reference: URL:http://www.securityfocus.com/bid/2762
Reference: BUGTRAQ:20010523 Vulnerability in viewsrc.cgi
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0231.html
Reference: OSVDB:5565
Reference: URL:http://www.osvdb.org/5565
Reference: XF:viewsrc-cgi-view-files(6583)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6583

---

Name: CVE-2001-0631

Description:

Centrinity First Class Internet Services 5.50 allows for the circumventing of the default 'spam' filters via the presence of '<@>' in the 'From:' field, which allows remote attackers to send spoofed email with the identity of local users.

Status:Entry
Reference: BID:2423
Reference: URL:http://www.securityfocus.com/bid/2423
Reference: BUGTRAQ:20010221 FirstClass Internetgateway "stupidity"
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0376.html
Reference: BUGTRAQ:20010226 Re: [Fwd: FirstClass Internetgateway "stupidity"]
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0440.html
Reference: XF:centrinity-firstclass-email-spoofing(6192)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6192

---

Name: CVE-2001-0634

Description:

Sun Chili!Soft ASP has weak permissions on various configuration files, which allows a local attacker to gain additional privileges and create a denial of service.

Status:Entry
Reference: BID:2409
Reference: URL:http://www.securityfocus.com/bid/2409
Reference: BUGTRAQ:20010220 Advisory: Chili!Soft ASP Multiple Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0378.html
Reference: BUGTRAQ:20010226 Re: Advisory: Chili!Soft ASP Multiple Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0443.html
Reference: XF:chilisoft-asp-license-dos(6176)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6176

---

Name: CVE-2001-0635

Description:

Red Hat Linux 7.1 sets insecure permissions on swap files created during installation, which can allow a local attacker to gain additional privileges by reading sensitive information from the swap file, such as passwords.

Status:Entry
Reference: OSVDB:5564
Reference: URL:http://www.osvdb.org/5564
Reference: REDHAT:RHSA-2001:058
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-058.html
Reference: XF:mount-swap-world-readable(6493)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6493

---

Name: CVE-2001-0641

Description:

Buffer overflow in man program in various distributions of Linux allows local user to execute arbitrary code as group man via a long -S option.

Status:Entry
Reference: BID:2711
Reference: URL:http://www.securityfocus.com/bid/2711
Reference: BUGTRAQ:20010513 RH 7.0:/usr/bin/man exploit: gid man + more
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0087.html
Reference: BUGTRAQ:20010612 man 1.5h10 + man 1.5i-4 exploits
Reference: URL:http://www.securityfocus.com/archive/1/190136
Reference: REDHAT:RHSA-2001:069
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-069.html
Reference: SUSE:SuSE-SA:2001:019
Reference: URL:http://www.novell.com/linux/security/advisories/2001_019_man_txt.html
Reference: XF:man-s-bo(6530)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6530

---

Name: CVE-2001-0643

Description:

Internet Explorer 5.5 does not display the Class ID (CLSID) when it is at the end of the file name, which could allow attackers to trick the user into executing dangerous programs by making it appear that the document is of a safe file type.

Status:Entry
Reference: BID:2612
Reference: URL:http://www.securityfocus.com/bid/2612
Reference: BUGTRAQ:20010416 Double clicking on innocent looking files may be dangerous
Reference: URL:http://www.securityfocus.com/archive/1/176909
Reference: MISC:http://vil.nai.com/vil/virusSummary.asp?virus_k=99048
Reference: MISC:http://www.guninski.com/clsidext.html
Reference: MISC:http://www.sarc.com/avcenter/venc/data/vbs.postcard@mm.html
Reference: OSVDB:7858
Reference: URL:http://www.osvdb.org/7858
Reference: XF:ie-clsid-execute-files(6426)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6426

---

Name: CVE-2001-0644

Description:

Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 stores passwords in plaintext in the "Rumpus User Database" file in the prefs folder, which could allow attackers to gain privileges on the server.

Status:Entry
Reference: BID:2718
Reference: URL:http://www.securityfocus.com/bid/2718
Reference: BUGTRAQ:20010515 Rumpus FTP DoS
Reference: URL:http://www.securityfocus.com/archive/1/184751
Reference: XF:rumpus-plaintext-passwords(6543)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6543

---

Name: CVE-2001-0646

Description:

Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 allows a remote attacker to perform a denial of service (hang) by creating a directory name of a specific length.

Status:Entry
Reference: BID:2716
Reference: URL:http://www.securityfocus.com/bid/2716
Reference: BUGTRAQ:20010515 Rumpus FTP DoS
Reference: URL:http://www.securityfocus.com/archive/1/184751
Reference: XF:rumpus-long-directory-dos(6542)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6542

---

Name: CVE-2001-0648

Description:

Directory traversal vulnerability in PHProjekt 2.1 and earlier allows a remote attacker to conduct unauthorized activities via a dot dot (..) attack on the file module.

Status:Entry
Reference: BID:2702
Reference: URL:http://www.securityfocus.com/bid/2702
Reference: BUGTRAQ:20010508 security hole in os groupware suite PHProjekt
Reference: URL:http://www.securityfocus.com/archive/1/184215
Reference: XF:phprojekt-dot-directory-traversal(6522)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6522

---

Name: CVE-2001-0650

Description:

Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a crash, or bad route updates, via malformed BGP updates with unrecognized transitive attribute.

Status:Entry
Reference: BID:2733
Reference: URL:http://www.securityfocus.com/bid/2733
Reference: CERT-VN:VU#106392
Reference: URL:http://www.kb.cert.org/vuls/id/106392
Reference: CIAC:L-082
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-082.shtml
Reference: CISCO:20010510 Cisco IOS BGP Attribute Corruption Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/ios-bgp-attr-corruption-pub.shtml
Reference: OSVDB:1830
Reference: URL:http://www.osvdb.org/1830
Reference: XF:cisco-ios-bgp-dos(6566)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6566

---

Name: CVE-2001-0652

Description:

Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable.

Status:Entry
Reference: BID:3160
Reference: URL:http://www.securityfocus.com/bid/3160
Reference: BUGTRAQ:20010810 NSFOCUS SA2001-05 : Solaris Xlock Heap Overflow Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=99745571104126&w=2
Reference: OVAL:oval:org.mitre.oval:def:10
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10
Reference: OVAL:oval:org.mitre.oval:def:131
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A131
Reference: SUNBUG:4483090
Reference: XF:solaris-xlock-bo(6967)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6967

---

Name: CVE-2001-0653

Description:

Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local users to modify process memory and possibly gain privileges via a large value in the 'category' part of debugger (-d) command line arguments, which is interpreted as a negative number.

Status:Entry
Reference: BID:3163
Reference: URL:http://www.securityfocus.com/bid/3163
Reference: BUGTRAQ:20010821 *ALERT* UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger Arbitrary Code Execution Vulnerability (fwd)
Reference: URL:http://marc.info/?l=bugtraq&m=99841063100516&w=2
Reference: CALDERA:CSSA-2001-032.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-032.0.txt
Reference: CALDERA:CSSA-2001-SCO.31
Reference: CIAC:L-133
Reference: URL:http://www.ciac.org/ciac/bulletins/l-133.shtml
Reference: CONECTIVA:CLA-2001:412
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000412
Reference: CONFIRM:http://www.sendmail.org/8.11.html
Reference: HP:HPSBTL0112-007
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0112-007
Reference: IMMUNIX:IMNX-2001-70-032-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-032-01
Reference: MANDRAKE:MDKSA-2001:075
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-075.php3
Reference: NETBSD:NetBSD-SA2001-017
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-017.txt.asc
Reference: REDHAT:RHSA-2001:106
Reference: URL:http://rhn.redhat.com/errata/RHSA-2001-106.html
Reference: SUSE:SuSE-SA:2001:028
Reference: URL:http://www.novell.com/linux/security/advisories/2001_028_sendmail_txt.html
Reference: XF:sendmail-debug-signed-int-overflow(7016)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7016

---

Name: CVE-2001-0658

Description:

Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message.

Status:Entry
Reference: BID:3198
Reference: URL:http://www.securityfocus.com/bid/3198
Reference: MS:MS01-045
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-045
Reference: XF:isa-cross-site-scripting(6991)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6991

---

Name: CVE-2001-0659

Description:

Buffer overflow in IrDA driver providing infrared data exchange on Windows 2000 allows attackers who are physically close to the machine to cause a denial of service (reboot) via a malformed IrDA packet.

Status:Entry
Reference: BID:3215
Reference: URL:http://www.securityfocus.com/bid/3215
Reference: BUGTRAQ:20010821 IrDA semiremote vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/209385
Reference: MS:MS01-046
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-046
Reference: XF:win2k-irda-dos(7008)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7008

---

Name: CVE-2001-0660

Description:

Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, allows remote attackers to identify valid user email addresses by directly accessing a back-end function that processes the global address list (GAL).

Status:Entry
Reference: BID:3301
Reference: URL:http://www.securityfocus.com/bid/3301
Reference: MS:MS01-047
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-047
Reference: MSKB:Q307195
Reference: URL:http://support.microsoft.com/support/kb/articles/Q307/1/95.ASP
Reference: XF:exchange-owa-obtain-addresses(7089)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7089

---

Name: CVE-2001-0662

Description:

RPC endpoint mapper in Windows NT 4.0 allows remote attackers to cause a denial of service (loss of RPC services) via a malformed request.

Status:Entry
Reference: BID:3313
Reference: URL:http://www.securityfocus.com/bid/3313
Reference: CIAC:L-142
Reference: URL:http://www.ciac.org/ciac/bulletins/l-142.shtml
Reference: MS:MS01-048
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-048
Reference: XF:winnt-rpc-endpoint-dos(7105)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7105

---

Name: CVE-2001-0663

Description:

Terminal Server in Windows NT and Windows 2000 allows remote attackers to cause a denial of service via a sequence of invalid Remote Desktop Protocol (RDP) packets.

Status:Entry
Reference: BID:3445
Reference: URL:http://www.securityfocus.com/bid/3445
Reference: MS:MS01-052
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-052
Reference: XF:win-rdp-packet-dos(7302)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7302

---

Name: CVE-2001-0664

Description:

Internet Explorer 5.5 and 5.01 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing vulnerability."

Status:Entry
Reference: BID:3420
Reference: URL:http://www.securityfocus.com/bid/3420
Reference: BUGTRAQ:20011011 Serious security Flaw in Microsoft Internet Explorer - Zone Spoofing
Reference: URL:http://marc.info/?l=bugtraq&m=100281551611595&w=2
Reference: MISC:http://morph3us.org/blog/?p=31
Reference: MS:MS01-051
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051
Reference: OSVDB:1971
Reference: URL:http://www.osvdb.org/1971
Reference: XF:ie-incorrect-security-zone(7258)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7258

---

Name: CVE-2001-0665

Description:

Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the "HTTP Request Encoding vulnerability."

Status:Entry
Reference: BID:3421
Reference: URL:http://www.securityfocus.com/bid/3421
Reference: MS:MS01-051
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051
Reference: OSVDB:1972
Reference: URL:http://www.osvdb.org/1972
Reference: XF:ie-url-http-requests(7259)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7259

---

Name: CVE-2001-0666

Description:

Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.

Status:Entry
Reference: BID:3368
Reference: URL:http://www.securityfocus.com/bid/3368
Reference: MS:MS01-049
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-049
Reference: XF:exchange-owa-folder-request-dos(7168)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7168

---

Name: CVE-2001-0667

Description:

Internet Explorer 6 and earlier, when used with the Telnet client in Services for Unix (SFU) 2.0, allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbitrary code into an executable file which is later executed, aka a new variant of the Telnet Invocation vulnerability as described in CVE-2001-0150.

Status:Entry
Reference: CERT-VN:VU#952611
Reference: URL:http://www.kb.cert.org/vuls/id/952611
Reference: CIAC:M-024
Reference: URL:http://www.ciac.org/ciac/bulletins/m-024.shtml
Reference: MS:MS01-051
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-051
Reference: XF:ie-telnet-command-execution-variant(7260)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7260

---

Name: CVE-2001-0668

Description:

Buffer overflow in line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to execute arbitrary commands.

Status:Entry
Reference: BID:3240
Reference: URL:http://www.securityfocus.com/bid/3240
Reference: CERT:CA-2001-30
Reference: URL:http://www.cert.org/advisories/CA-2001-30.html
Reference: CERT-VN:VU#966075
Reference: URL:http://www.kb.cert.org/vuls/id/966075
Reference: CIAC:L-134
Reference: URL:http://www.ciac.org/ciac/bulletins/l-134.shtml
Reference: HP:HPSBUX0108-163
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q3/0047.html
Reference: ISS:20010827 Remote Buffer Overflow Vulnerability in HP-UX Line Printer Daemon
Reference: URL:http://xforce.iss.net/alerts/advise93.php
Reference: XF:hpux-rlpd-bo(6811)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6811

---

Name: CVE-2001-0670

Description:

Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue.

Status:Entry
Reference: BID:3252
Reference: URL:http://www.securityfocus.com/bid/3252
Reference: CALDERA:CSSA-2001-SCO.20
Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.20/CSSA-2001-SCO.20.txt
Reference: CERT:CA-2001-30
Reference: URL:http://www.cert.org/advisories/CA-2001-30.html
Reference: CERT-VN:VU#274043
Reference: URL:http://www.kb.cert.org/vuls/id/274043
Reference: ISS:20010829 Remote Buffer Overflow Vulnerability in BSD Line Printer Daemon
Reference: URL:http://xforce.iss.net/alerts/advise94.php
Reference: NETBSD:NetBSD-SA2001-018
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-018.txt.asc
Reference: OPENBSD:20010829
Reference: URL:http://www.openbsd.com/errata28.html
Reference: REDHAT:RHSA-2001:147
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-147.html
Reference: XF:bsd-lpd-bo(7046)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7046

---

Name: CVE-2001-0675

Description:

Rit Research Labs The Bat! 1.51 for Windows allows a remote attacker to cause a denial of service by sending an email to a user's account containing a carriage return <CR> that is not followed by a line feed <LF>.

Status:Entry
Reference: BID:2636
Reference: URL:http://www.securityfocus.com/bid/2636
Reference: BUGTRAQ:20010418 SECURITY.NNOV: The Bat! <cr> bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0345.html
Reference: BUGTRAQ:20010421 Re: SECURITY.NNOV: The Bat! <cr> bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0381.html
Reference: BUGTRAQ:20010423 Re: SECURITY.NNOV: The Bat! <cr> bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0410.html
Reference: XF:thebat-pop3-dos(6423)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6423

---

Name: CVE-2001-0676

Description:

Directory traversal vulnerability in Rit Research Labs The Bat! 1.48f and earlier allows a remote attacker to create arbitrary files via a "dot dot" attack in the filename for an attachment.

Status:Entry
Reference: BUGTRAQ:20010104 SECURITY.NNOV advisory - The Bat! directory traversal (public release)
Reference: URL:http://www.securityfocus.com/archive/1/154359
Reference: XF:thebat-attachment-directory-traversal(5871)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5871

---

Name: CVE-2001-0677

Description:

Eudora 5.0.2 allows a remote attacker to read arbitrary files via an email with the path of the target file in the "Attachment Converted" MIME header, which sends the file when the email is forwarded to the attacker by the user.

Status:Entry
Reference: BID:2616
Reference: URL:http://www.securityfocus.com/bid/2616
Reference: BUGTRAQ:20010418 Eudora file leakage problem (still)
Reference: URL:http://www.securityfocus.com/archive/1/177369
Reference: OSVDB:3085
Reference: URL:http://www.osvdb.org/3085
Reference: XF:eudora-plain-text-attachment(6431)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6431

---

Name: CVE-2001-0680

Description:

Directory traversal vulnerability in ftpd in QPC QVT/Net 4.0 and AVT/Term 5.0 allows a remote attacker to traverse directories on the web server via a "dot dot" attack in a LIST (ls) command.

Status:Entry
Reference: BID:2618
Reference: URL:http://www.securityfocus.com/bid/2618
Reference: BUGTRAQ:20010413 QPC FTPd Directory Traversal and BoF Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/176712
Reference: BUGTRAQ:20010925 Vulnerabilities in QVT/Term
Reference: URL:http://online.securityfocus.com/archive/1/216555
Reference: OSVDB:1794
Reference: URL:http://www.osvdb.org/1794
Reference: OSVDB:4050
Reference: URL:http://www.osvdb.org/4050
Reference: XF:qpc-ftpd-directory-traversal(6375)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6375

---

Name: CVE-2001-0682

Description:

ZoneAlarm and ZoneAlarm Pro allows a local attacker to cause a denial of service by running a trojan to initialize a ZoneAlarm mutex object which prevents ZoneAlarm from starting.

Status:Entry
Reference: NTBUGTRAQ:20001230 [DiamondCS Advisory] ZoneAlarm and ZoneAlarm Pro can be blocked from loading by setting a Mutex in memory
Reference: URL:http://marc.info/?l=ntbugtraq&m=97818917222992&w=2
Reference: XF:zonealarm-mutex-dos(5821)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5821

---

Name: CVE-2001-0685

Description:

Thibault Godouet FCron prior to 1.1.1 allows a local user to corrupt another user's crontab file via a symlink attack on the fcrontab temporary file.

Status:Entry
Reference: BID:2835
Reference: URL:http://www.securityfocus.com/bid/2835
Reference: BUGTRAQ:20010228 fcron 0.9.5 is vulnerable to a symlink attack
Reference: URL:http://marc.info/?l=bugtraq&m=98339581702282&w=2
Reference: CONFIRM:http://fcron.free.fr/CHANGES.html
Reference: XF:fcron-tmpfile-symlink(7127)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7127

---

Name: CVE-2001-0686

Description:

Buffer overflow in mail included with SunOS 5.8 for x86 allows a local user to gain privileges via a long HOME environment variable.

Status:Entry
Reference: BID:2819
Reference: URL:http://www.securityfocus.com/bid/2819
Reference: BUGTRAQ:20010604 $HOME buffer overflow in SunOS 5.8 x86
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0000.html
Reference: SUNBUG:4465086
Reference: XF:solaris-mail-home-bo(6638)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6638

---

Name: CVE-2001-0690

Description:

Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers.

Status:Entry
Reference: BID:2828
Reference: URL:http://www.securityfocus.com/bid/2828
Reference: BUGTRAQ:20010606 lil' exim format bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0041.html
Reference: CONECTIVA:CLA-2001:402
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000402
Reference: DEBIAN:DSA-058
Reference: URL:http://www.debian.org/security/2001/dsa-058
Reference: REDHAT:RHSA-2001:078
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-078.html
Reference: XF:exim-syntax-format-string(6671)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6671

---

Name: CVE-2001-0692

Description:

SMTP proxy in WatchGuard Firebox (2500 and 4500) 4.5 and 4.6 allows a remote attacker to bypass firewall filtering via a base64 MIME encoded email attachment whose boundary name ends in two dashes.

Status:Entry
Reference: BID:2855
Reference: URL:http://www.securityfocus.com/bid/2855
Reference: BUGTRAQ:20010608 WatchGuard SMTP Proxy issue
Reference: URL:http://www.securityfocus.com/archive/1/189783
Reference: BUGTRAQ:20010628 RE: WatchGuard SMTP Proxy issue
Reference: URL:http://marc.info/?l=bugtraq&m=99379787421319&w=2
Reference: XF:firebox-smtp-bypass-filter(6682)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6682

---

Name: CVE-2001-0696

Description:

NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a denial of service (crash) via a CD command to a directory with an MS-DOS device name such as con.

Status:Entry
Reference: BID:2891
Reference: URL:http://www.securityfocus.com/bid/2891
Reference: BUGTRAQ:20010619 SurgeFTP vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/191916
Reference: MISC:http://netwinsite.com/surgeftp/manual/updates.htm
Reference: XF:surgeftp-concon-dos(6712)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6712

---

Name: CVE-2001-0697

Description:

NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a denial of service (crash) via an 'ls ..' command.

Status:Entry
Reference: BID:2442
Reference: URL:http://www.securityfocus.com/bid/2442
Reference: BUGTRAQ:20010228 SurgeFTP Denial of Service
Reference: URL:http://www.securityfocus.com/archive/1/165816
Reference: CONFIRM:http://netwinsite.com/surgeftp/manual/updates.htm
Reference: WIN2KSEC:20010301 SurgeFTP 1.0b Denial of Service
Reference: URL:http://www.secadministrator.com/Articles/Index.cfm?ArticleID=20200
Reference: XF:surgeftp-listing-dos(6168)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6168

---

Name: CVE-2001-0698

Description:

Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to list arbitrary files and directories via the 'nlist ...' command.

Status:Entry
Reference: BID:2892
Reference: URL:http://www.securityfocus.com/bid/2892
Reference: BUGTRAQ:20010619 SurgeFTP vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/191916
Reference: CONFIRM:http://www.netwinsite.com/surgeftp/manual/updates.htm
Reference: XF:surgeftp-nlist-directory-traversal(6711)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6711

---

Name: CVE-2001-0699

Description:

Buffer overflow in cb_reset in the System Service Processor (SSP) package of SunOS 5.8 allows a local user to execute arbitrary code via a long argument.

Status:Entry
Reference: BID:2893
Reference: URL:http://www.securityfocus.com/bid/2893
Reference: BUGTRAQ:20010620 Solaris /opt/SUNWssp/bin/cb_reset Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/192299
Reference: SUNBUG:4469366
Reference: XF:sun-cbreset-bo(6726)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6726

---

Name: CVE-2001-0700

Description:

Buffer overflow in w3m 0.2.1 and earlier allows a remote attacker to execute arbitrary code via a long base64 encoded MIME header.

Status:Entry
Reference: BID:2895
Reference: URL:http://www.securityfocus.com/bid/2895
Reference: BUGTRAQ:20010621 [SNS Advisory No.32] w3m malformed MIME header Buffer Overflow Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/192371
Reference: CONECTIVA:CLA-2001:434
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000434
Reference: CONFIRM:http://mi.med.tohoku.ac.jp/~satodai/w3m-dev-en/200106.month/537.html
Reference: DEBIAN:DSA-064
Reference: URL:http://www.debian.org/security/2001/dsa-064
Reference: DEBIAN:DSA-081
Reference: URL:http://www.debian.org/security/2001/dsa-081
Reference: XF:w3m-mime-header-bo(6725)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6725

---

Name: CVE-2001-0701

Description:

Buffer overflow in ptexec in the Sun Validation Test Suite 4.3 and earlier allows a local user to gain privileges via a long -o argument.

Status:Entry
Reference: BID:2898
Reference: URL:http://www.securityfocus.com/bid/2898
Reference: BUGTRAQ:20010621 Solaris /opt/SUNWvts/bin/ptexec Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/192667
Reference: SUNBUG:4469370
Reference: XF:sunvts-ptexec-bo(6736)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6736

---

Name: CVE-2001-0706

Description:

Maximum Rumpus FTP Server 2.0.3 dev and before allows an attacker to cause a denial of service (crash) via a mkdir command that specifies a large number of sub-folders.

Status:Entry
Reference: BID:2864
Reference: URL:http://www.securityfocus.com/bid/2864
Reference: BUGTRAQ:20010612 Rumpus FTP DoS vol. 2
Reference: URL:http://www.securityfocus.com/archive/1/190932
Reference: XF:rumpus-ftp-directory-dos(6699)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6699

---

Name: CVE-2001-0710

Description:

NetBSD 1.5 and earlier and FreeBSD 4.3 and earlier allows a remote attacker to cause a denial of service by sending a large number of IP fragments to the machine, exhausting the mbuf pool.

Status:Entry
Reference: BID:2799
Reference: URL:http://www.securityfocus.com/bid/2799
Reference: FREEBSD:FreeBSD-SA-01:52
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:52.fragment.asc
Reference: NETBSD:NetBSD-SA2001-006
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-006.txt.asc
Reference: XF:bsd-ip-fragments-dos(6636)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6636

---

Name: CVE-2001-0716

Description:

Citrix MetaFrame 1.8 Server with Service Pack 3, and XP Server Service Pack 1 and earlier, allows remote attackers to cause a denial of service (crash) via a large number of incomplete connections to the server.

Status:Entry
Reference: BID:3440
Reference: URL:http://www.securityfocus.com/bid/3440
Reference: ISS:20011016 Citrix MetaFrame Remote Denial of Service Vulnerability
Reference: URL:http://xforce.iss.net/alerts/advise99.php
Reference: XF:metaframe-multiple-sessions-dos(7068)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7068

---

Name: CVE-2001-0717

Description:

Format string vulnerability in ToolTalk database server rpc.ttdbserverd allows remote attackers to execute arbitrary commands via format string specifiers that are passed to the syslog function.

Status:Entry
Reference: BID:3382
Reference: URL:http://www.securityfocus.com/bid/3382
Reference: CALDERA:CSSA-2001-SCO.28
Reference: URL:ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.28/CSSA-2001-SCO.28.txt
Reference: CERT:CA-2001-27
Reference: URL:http://www.cert.org/advisories/CA-2001-27.html
Reference: CIAC:M-002
Reference: URL:http://www.ciac.org/ciac/bulletins/m-002.shtml
Reference: COMPAQ:SSRT0767U
Reference: URL:http://ftp.support.compaq.com/patches/.new/html/SSRT0767U.shtml
Reference: HP:HPSBUX0110-168
Reference: URL:http://online.securityfocus.com/advisories/3584
Reference: ISS:20011002 Multi-Vendor Format String Vulnerability in ToolTalk Service
Reference: URL:http://xforce.iss.net/alerts/advise98.php
Reference: SECTRACK:1002479
Reference: URL:http://securitytracker.com/id?1002479
Reference: SUN:00212
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/212
Reference: XF:tooltalk-ttdbserverd-format-string(7069)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7069

---

Name: CVE-2001-0718

Description:

Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document.

Status:Entry
Reference: BID:3402
Reference: URL:http://www.securityfocus.com/bid/3402
Reference: BUGTRAQ:20011005 Symantec Security Response SecBul-10042001, Revision1, Malformed Microsoft Excel or PowerPoint documents bypass Microsoft macro security features
Reference: URL:http://online.securityfocus.com/archive/1/218802
Reference: CERT:CA-2001-28
Reference: URL:http://www.cert.org/advisories/CA-2001-28.html
Reference: CERT-VN:VU#287067
Reference: URL:http://www.kb.cert.org/vuls/id/287067
Reference: MS:MS01-050
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-050
Reference: XF:ms-malformed-document-macro(7223)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7223

---

Name: CVE-2001-0719

Description:

Buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via a malformed Advanced Streaming Format (ASF) file.

Status:Entry
Reference: BID:3156
Reference: URL:http://www.securityfocus.com/bid/3156
Reference: BUGTRAQ:20010807 MS Windows Media Player ASF Marker Buffer Overflow
Reference: URL:http://online.securityfocus.com/archive/1/202470
Reference: MS:MS01-056
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-056
Reference: OSVDB:5558
Reference: URL:http://www.osvdb.org/5558
Reference: OVAL:oval:org.mitre.oval:def:287
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A287
Reference: XF:mediaplayer-asf-marker-bo(6962)
Reference: URL:http://www.iss.net/security_center/static/6962.php

---

Name: CVE-2001-0720

Description:

Internet Explorer 5.1 for Macintosh on Mac OS X allows remote attackers to execute arbitrary commands by causing a BinHex or MacBinary file type to be downloaded, which causes the files to be executed if automatic decoding is enabled.

Status:Entry
Reference: BID:3471
Reference: URL:http://www.securityfocus.com/bid/3471
Reference: CIAC:M-013
Reference: URL:http://www.ciac.org/ciac/bulletins/m-013.shtml
Reference: MS:MS01-053
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-053
Reference: XF:ie-mac-downloaded-file-execution(7336)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7336

---

Name: CVE-2001-0722

Description:

Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript in an about: URL, aka the "First Cookie Handling Vulnerability."

Status:Entry
Reference: BID:3513
Reference: URL:http://www.securityfocus.com/bid/3513
Reference: BUGTRAQ:20011019 Minor IE vulnerability: about: URLs
Reference: URL:http://www.securityfocus.com/archive/1/221612
Reference: BUGTRAQ:20011108 Microsoft IE cookies readable via about: URLS
Reference: URL:http://marc.info/?l=bugtraq&m=100527618108521&w=2
Reference: CIAC:M-016
Reference: URL:http://www.ciac.org/ciac/bulletins/m-016.shtml
Reference: MS:MS01-055
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-055
Reference: OSVDB:1982
Reference: URL:http://www.osvdb.org/1982
Reference: XF:ie-about-cookie-information(7486)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7486

---

Name: CVE-2001-0723

Description:

Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript, aka the "Second Cookie Handling Vulnerability."

Status:Entry
Reference: BID:3546
Reference: URL:http://www.securityfocus.com/bid/3546
Reference: MS:MS01-055
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-055

---

Name: CVE-2001-0724

Description:

Internet Explorer 5.5 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing Vulnerability variant" of CVE-2001-0664.

Status:Entry
Reference: MS:MS01-055
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-055
Reference: OSVDB:5556
Reference: URL:http://www.osvdb.org/5556
Reference: XF:ie-incorrect-security-zone-variant(8471)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/8471

---

Name: CVE-2001-0726

Description:

Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used with Internet Explorer, does not properly detect certain inline script, which can allow remote attackers to perform arbitrary actions on a user's Exchange mailbox via an HTML e-mail message.

Status:Entry
Reference: BID:3650
Reference: URL:http://www.securityfocus.com/bid/3650
Reference: MS:MS01-057
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-057
Reference: OSVDB:5557
Reference: URL:http://www.osvdb.org/5557
Reference: XF:exchange-owa-embedded-script-execution(7663)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7663

---

Name: CVE-2001-0727

Description:

Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability."

Status:Entry
Reference: BID:3578
Reference: URL:http://www.securityfocus.com/bid/3578
Reference: BUGTRAQ:20011214 MSIE may download and run progams automatically
Reference: URL:http://marc.info/?l=bugtraq&m=100835204509262&w=2
Reference: BUGTRAQ:20011216 Re: MSIE may download and run progams automatically - NOT SO FAST
Reference: URL:http://marc.info/?l=bugtraq&m=100861273114437&w=2
Reference: CERT:CA-2001-36
Reference: URL:http://www.cert.org/advisories/CA-2001-36.html
Reference: CERT-VN:VU#443699
Reference: URL:http://www.kb.cert.org/vuls/id/443699
Reference: CIAC:M-027
Reference: URL:http://www.ciac.org/ciac/bulletins/m-027.shtml
Reference: MS:MS01-058
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-058
Reference: OSVDB:3033
Reference: URL:http://www.osvdb.org/3033
Reference: OVAL:oval:org.mitre.oval:def:921
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A921
Reference: XF:ie-file-download-execution(7703)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7703

---

Name: CVE-2001-0728

Description:

Buffer overflow in Compaq Management Agents before 5.2, included in Compaq Web-enabled Management Software, allows local users to gain privileges.

Status:Entry
Reference: BID:3376
Reference: URL:http://www.securityfocus.com/bid/3376
Reference: CERT-VN:VU#275979
Reference: URL:http://www.kb.cert.org/vuls/id/275979
Reference: COMPAQ:SSRT0758
Reference: URL:http://www.compaq.com/products/servers/management/mgtsw-advisory2.html
Reference: XF:compaq-wbm-bo(7189)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7189

---

Name: CVE-2001-0730

Description:

split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.

Status:Entry
Reference: CONECTIVA:CLA-2001:430
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000430
Reference: CONFIRM:http://www.apacheweek.com/issues/01-09-28#security
Reference: ENGARDE:ESA-20011019-01
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1649.html
Reference: MANDRAKE:MDKSA-2001:077
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2001:077
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
Reference: URL:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
Reference: URL:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
Reference: REDHAT:RHSA-2001:126
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-126.html
Reference: REDHAT:RHSA-2001:164
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-164.html
Reference: XF:apache-log-file-overwrite(7419)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7419

---

Name: CVE-2001-0731

Description:

Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.

Status:Entry
Reference: BID:3009
Reference: URL:http://www.securityfocus.com/bid/3009
Reference: BUGTRAQ:20010709 How Google indexed a file with no external link
Reference: URL:http://www.securityfocus.com/archive/1/20010709214744.A28765@brasscannon.net
Reference: CONFIRM:http://www.apacheweek.com/issues/01-10-05#security
Reference: MANDRAKE:MDKSA-2001:077
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2001:077
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
Reference: URL:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
Reference: URL:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
Reference: REDHAT:RHSA-2001:126
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-126.html
Reference: REDHAT:RHSA-2001:164
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-164.html
Reference: SGI:20020301-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020301-01-P
Reference: XF:apache-multiviews-directory-listing(8275)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/8275

---

Name: CVE-2001-0733

Description:

The #sinclude directive in Embedded Perl (ePerl) 2.2.14 and earlier allows a remote attacker to execute arbitrary code by modifying the 'sinclude' file to point to another file that contains a #include directive that references a file that contains the code.

Status:Entry
Reference: BID:2912
Reference: URL:http://www.securityfocus.com/bid/2912
Reference: BUGTRAQ:20010621 bugtraq submission
Reference: URL:http://www.securityfocus.com/archive/1/192711
Reference: XF:eperl-embedded-code-execution(6743)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6743

---

Name: CVE-2001-0738

Description:

LogLine function in klogd in sysklogd 1.3 in various Linux distributions allows an attacker to cause a denial of service (hang) by causing null bytes to be placed in log messages.

Status:Entry
Reference: BUGTRAQ:20010614 sysklogd update -- Immunix OS 6.2, 7.0-beta, 7.0
Reference: URL:http://marc.info/?l=bugtraq&m=99258618906506&w=2
Reference: CERT-VN:VU#249579
Reference: URL:http://www.kb.cert.org/vuls/id/249579
Reference: IMMUNIX:IMNX-2001-70-026-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-026-01
Reference: XF:klogd-null-byte-dos(7098)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7098

---

Name: CVE-2001-0739

Description:

Guardian Digital WebTool in EnGarde Secure Linux 1.0.1 allows restarted services to inherit some environmental variables, which could allow local users to gain root privileges.

Status:Entry
Reference: ENGARDE:ESA-20010529-02
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1404.html
Reference: REDHAT:RHSA-2001:126
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-126.html
Reference: XF:linux-webtool-inherit-privileges(7404)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7404

---

Name: CVE-2001-0740

Description:

3COM OfficeConnect 812 and 840 ADSL Router 4.2, running OCR812 router software 1.1.9 and earlier, allows remote attackers to cause a denial of service via a long string containing a large number of "%s" strings, possibly triggering a format string vulnerability.

Status:Entry
Reference: BID:2721
Reference: URL:http://www.securityfocus.com/bid/2721
Reference: BUGTRAQ:20010515 3COM OfficeConnect DSL router vulneratibilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0115.html
Reference: BUGTRAQ:20010921 3Com OfficeConnect 812/840 Router DoS exploit code
Reference: URL:http://marc.info/?l=bugtraq&m=100119572524232&w=2
Reference: BUGTRAQ:20010924 Regarding: 3Com OfficeConnect 812/840 Router DoS exploit code
Reference: URL:http://marc.info/?l=bugtraq&m=100137290421828&w=2
Reference: XF:3com-officeconnect-http-dos(6573)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6573

---

Name: CVE-2001-0741

Description:

Cisco Hot Standby Routing Protocol (HSRP) allows local attackers to cause a denial of service by spoofing HSRP packets.

Status:Entry
Reference: BID:2684
Reference: URL:http://www.securityfocus.com/bid/2684
Reference: BUGTRAQ:20010503 Cisco HSRP Weakness/DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0035.html
Reference: MISC:http://www.cisco.com/networkers/nw00/pres/2402.pdf
Reference: XF:cisco-hsrp-dos(6497)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6497

---

Name: CVE-2001-0745

Description:

Netscape 4.7x allows remote attackers to obtain sensitive information such as the user's login, mailbox location and installation path via Javascript that accesses the mailbox: URL in the document.referrer property.

Status:Entry
Reference: BUGTRAQ:20010605 SECURITY.NNOV: Netscape 4.7x Messanger user information retrival
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0014.html
Reference: OSVDB:5543
Reference: URL:http://www.osvdb.org/5543
Reference: XF:netscape-user-info-retrieval(7417)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7417

---

Name: CVE-2001-0748

Description:

Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other products, allows remote attackers to read arbitrary files by prepending several / (slash) characters to the URI.

Status:Entry
Reference: BID:2809
Reference: URL:http://www.securityfocus.com/bid/2809
Reference: BUGTRAQ:20010531 Acme.Server v1.7 of 13nov96 Directory Browsing
Reference: URL:http://www.securityfocus.com/archive/1/188141
Reference: CISCO:20020702 Cisco Secure ACS Unix Acme.server Information Disclosure Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/acmeweb-acsunix-dirtravers-vuln-pub.shtml
Reference: OSVDB:5544
Reference: URL:http://www.osvdb.org/5544
Reference: XF:acme-serve-directory-traversal(6634)
Reference: URL:http://www.iss.net/security_center/static/6634.php

---

Name: CVE-2001-0749

Description:

Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to read arbitrary files via a webserver root directory set to system root.

Status:Entry
Reference: BID:2775
Reference: URL:http://www.securityfocus.com/bid/2775
Reference: BUGTRAQ:20010524 IPC@Chip Security
Reference: URL:http://www.securityfocus.com/archive/1/186418
Reference: XF:ipcchip-web-root-system(8922)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/8922

---

Name: CVE-2001-0750

Description:

Cisco IOS 12.1(2)T, 12.1(3)T allow remote attackers to cause a denial of service (reload) via a connection to TCP ports 3100-3999, 5100-5999, 7100-7999 and 10100-10999.

Status:Entry
Reference: BID:2804
Reference: URL:http://www.securityfocus.com/bid/2804
Reference: CISCO:20010524 IOS Reload after Scanning Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/ios-tcp-scanner-reload-pub.shtml
Reference: OSVDB:800
Reference: URL:http://www.osvdb.org/800
Reference: XF:cisco-ios-tcp-dos(6589)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6589

---

Name: CVE-2001-0751

Description:

Cisco switches and routers running CBOS 2.3.8 and earlier use predictable TCP Initial Sequence Numbers (ISN), which allows remote attackers to spoof or hijack TCP connections.

Status:Entry
Reference: CISCO:20010522 More Multiple Vulnerabilities in CBOS
Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple2-pub.html
Reference: XF:tcp-seq-predict(139)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/139

---

Name: CVE-2001-0752

Description:

Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via an ICMP ECHO REQUEST (ping) with the IP Record Route option set.

Status:Entry
Reference: CISCO:20010522 More Multiple Vulnerabilities in CBOS
Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple2-pub.html
Reference: OSVDB:5573
Reference: URL:http://www.osvdb.org/5573
Reference: XF:cisco-cbos-record-dos(7298)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7298

---

Name: CVE-2001-0754

Description:

Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via a series of large ICMP ECHO REPLY (ping) packets, which cause it to enter ROMMON mode and stop forwarding packets.

Status:Entry
Reference: CISCO:20010522 More Multiple Vulnerabilities in CBOS
Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple2-pub.html
Reference: XF:cisco-cbos-multiple-echo(7299)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7299

---

Name: CVE-2001-0757

Description:

Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) 12.1DC card does not properly disable access when a password has not been set for vtys, which allows remote attackers to obtain access via telnet.

Status:Entry
Reference: BID:2874
Reference: URL:http://www.securityfocus.com/bid/2874
Reference: CERT-VN:VU#516659
Reference: URL:http://www.kb.cert.org/vuls/id/516659
Reference: CIAC:L-097
Reference: URL:http://www.ciac.org/ciac/bulletins/l-097.shtml
Reference: CISCO:20010614 Cisco 6400 NRP2 Telnet Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/6400-nrp2-telnet-vuln-pub.shtml
Reference: OSVDB:804
Reference: URL:http://www.osvdb.org/804
Reference: XF:cisco-nrp2-telnet-access(6691)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6691

---

Name: CVE-2001-0760

Description:

Citrix Nfuse 1.51 allows remote attackers to obtain the absolute path of the web root via a malformed request to launch.asp that does not provide the session field.

Status:Entry
Reference: BID:2956
Reference: URL:http://www.securityfocus.com/bid/2956
Reference: BUGTRAQ:20010630 Nfuse reveals full path
Reference: URL:http://www.securityfocus.com/archive/1/194449
Reference: BUGTRAQ:20010702 Re: Nfuse reveals full path
Reference: URL:http://www.securityfocus.com/archive/1/194522
Reference: XF:citrix-nfuse-path-disclosure(6786)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6786

---

Name: CVE-2001-0763

Description:

Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow remote attackers to execute arbitrary code via a long ident response, which is not properly handled by the svc_logprint function.

Status:Entry
Reference: BID:2840
Reference: URL:http://www.securityfocus.com/bid/2840
Reference: BUGTRAQ:20010608 potential buffer overflow in xinetd-2.1.8.9pre11-1
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0064.html
Reference: CIAC:L-104
Reference: URL:http://www.ciac.org/ciac/bulletins/l-104.shtml
Reference: CONECTIVA:CLA-2001:404
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000404
Reference: DEBIAN:DSA-063
Reference: URL:http://www.debian.org/security/2001/dsa-063
Reference: ENGARDE:ESA-20010621-01
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1469.html
Reference: FREEBSD:FreeBSD-SA-01:47
Reference: IMMUNIX:IMNX-2001-70-024-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-024-01
Reference: REDHAT:RHSA-2001:075
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-075.html
Reference: SUSE:SA:2001:022
Reference: XF:xinetd-identd-bo(6670)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6670

---

Name: CVE-2001-0764

Description:

Buffer overflow in ntping in scotty 2.1.0 allows local users to execute arbitrary code via a long hostname as a command line argument.

Status:Entry
Reference: BID:2911
Reference: URL:http://www.securityfocus.com/bid/2911
Reference: BUGTRAQ:20010621 suid scotty (ntping) overflow (fwd)
Reference: URL:http://www.securityfocus.com/archive/1/192664
Reference: SUSE:SuSE-SA:2001:023
Reference: URL:http://www.novell.com/linux/security/advisories/2001_023_scotty_txt.html
Reference: VULN-DEV:20010609 suid scotty / ntping overflow
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0579.html
Reference: VULN-DEV:20010615 Re: suid scotty (ntping) overflow (fwd)
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0627.html
Reference: XF:scotty-ntping-bo(6735)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6735

---

Name: CVE-2001-0765

Description:

BisonFTP V4R1 allows local users to access directories outside of their home directory by uploading .bdl files, which can then be linked to other directories.

Status:Entry
Reference: BID:2963
Reference: URL:http://www.securityfocus.com/bid/2963
Reference: BUGTRAQ:20010702 BisonFTP Server V4R1 *.bdl upload Directory Traversal
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0025.html
Reference: CONFIRM:http://www.bisonftp.com/ServRev.htm
Reference: OSVDB:1888
Reference: URL:http://www.osvdb.org/1888
Reference: XF:bisonftp-bdl-directory-traversal(6782)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6782

---

Name: CVE-2001-0769

Description:

Memory leak in GuildFTPd Server 0.97 allows remote attackers to cause a denial of service via a request containing a null character.

Status:Entry
Reference: BUGTRAQ:20010527 def-2001-27: GuildFTPD Buffer Overflow and Memory Leak DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0254.html
Reference: XF:guildftpd-null-memory-leak(6613)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6613

---

Name: CVE-2001-0770

Description:

Buffer overflow in GuildFTPd Server 0.97 allows remote attacker to execute arbitrary code via a long SITE command.

Status:Entry
Reference: BUGTRAQ:20010527 def-2001-27: GuildFTPD Buffer Overflow and Memory Leak DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0254.html
Reference: CONFIRM:http://www.nitrolic.com/help/history.htm
Reference: XF:guildftpd-site-bo(6612)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6612

---

Name: CVE-2001-0773

Description:

Cayman 3220-H DSL Router 1.0 allows remote attacker to cause a denial of service (crash) via a series of SYN or TCP connect requests.

Status:Entry
Reference: BID:3001
Reference: URL:http://www.securityfocus.com/bid/3001
Reference: BUGTRAQ:20010709 Cayman-DSL Model 3220-H DOS with nmap
Reference: URL:http://www.securityfocus.com/archive/1/195644
Reference: CERT-VN:VU#312761
Reference: URL:http://www.kb.cert.org/vuls/id/312761
Reference: XF:cayman-dsl-portscan-dos(6825)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6825

---

Name: CVE-2001-0774

Description:

Tripwire 1.3.1, 2.2.1 and 2.3.0 allows local users to overwrite arbitrary files and possible gain privileges via a symbolic link attack on temporary files.

Status:Entry
Reference: BID:3003
Reference: URL:http://www.securityfocus.com/bid/3003
Reference: BUGTRAQ:20010709 Tripwire temporary files
Reference: URL:http://www.securityfocus.com/archive/1/195617
Reference: CERT-VN:VU#349019
Reference: URL:http://www.kb.cert.org/vuls/id/349019
Reference: MANDRAKE:MDKSA-2001:064
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-064.php3
Reference: OSVDB:1895
Reference: URL:http://www.osvdb.org/1895
Reference: XF:tripwire-tmpfile-symlink(6820)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6820

---

Name: CVE-2001-0779

Description:

Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username.

Status:Entry
Reference: BID:2763
Reference: URL:http://www.securityfocus.com/bid/2763
Reference: BUGTRAQ:20010528 solaris 2.6, 7 yppasswd vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/187086
Reference: BUGTRAQ:20011004 Patches for Solaris rpc.yppasswdd available
Reference: URL:http://www.securityfocus.com/archive/1/200110041632.JAA28125@dim.ucsd.edu
Reference: CERT-VN:VU#327281
Reference: URL:http://www.kb.cert.org/vuls/id/327281
Reference: CIAC:M-008
Reference: URL:http://www.ciac.org/ciac/bulletins/m-008.shtml
Reference: OVAL:oval:org.mitre.oval:def:102
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A102
Reference: OVAL:oval:org.mitre.oval:def:56
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A56
Reference: SUN:00209
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/209
Reference: SUNBUG:4456994
Reference: XF:solaris-yppasswd-bo(6629)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6629

---

Name: CVE-2001-0784

Description:

Directory traversal vulnerability in Icecast 1.3.10 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack using encoded URL characters.

Status:Entry
Reference: BID:2932
Reference: URL:http://www.securityfocus.com/bid/2932
Reference: BUGTRAQ:20010626 Advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0353.html
Reference: DEBIAN:DSA-089
Reference: URL:http://www.debian.org/security/2001/dsa-089
Reference: OSVDB:1883
Reference: URL:http://www.osvdb.org/1883
Reference: REDHAT:RHSA-2001:105
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-105.html
Reference: REDHAT:RHSA-2002:063
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-063.html
Reference: XF:icecast-dot-directory-traversal(6752)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6752

---

Name: CVE-2001-0787

Description:

LPRng in Red Hat Linux 7.0 and 7.1 does not properly drop memberships in supplemental groups when lowering privileges, which could allow a local user to elevate privileges.

Status:Entry
Reference: BID:2865
Reference: URL:http://www.securityfocus.com/bid/2865
Reference: CIAC:L-096
Reference: URL:http://www.ciac.org/ciac/bulletins/l-096.shtml
Reference: REDHAT:RHSA-2001:077
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-077.html
Reference: XF:lprng-supplementary-groups(6703)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6703

---

Name: CVE-2001-0792

Description:

Format string vulnerability in XChat 1.2.x allows remote attackers to execute arbitrary code via a malformed nickname.

Status:Entry
Reference: MISC:http://www.securiteam.com/exploits/5AP0Q2A4AQ.html
Reference: XF:xchat-nickname-format-string(7416)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7416

---

Name: CVE-2001-0796

Description:

SGI IRIX 6.5 through 6.5.12f and possibly earlier versions, and FreeBSD 3.0, allows remote attackers to cause a denial of service via a malformed IGMP multicast packet with a small response delay.

Status:Entry
Reference: BID:3463
Reference: URL:http://www.securityfocus.com/bid/3463
Reference: CONFIRM:http://www.freebsd.org/cgi/query-pr.cgi?pr=8990
Reference: SGI:20011001-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20011001-01-P
Reference: XF:irix-igmp-dos(7332)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7332

---

Name: CVE-2001-0797

Description:

Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.

Status:Entry
Reference: AIXAPAR:IY26221
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY26221&apar=only
Reference: BID:3681
Reference: URL:http://www.securityfocus.com/bid/3681
Reference: BUGTRAQ:20011214 Sun Solaris login bug patches out
Reference: URL:http://marc.info/?l=bugtraq&m=100844757228307&w=2
Reference: BUGTRAQ:20011219 Linux distributions and /bin/login overflow
Reference: URL:http://www.securityfocus.com/archive/1/246487
Reference: CALDERA:CSSA-2001-SCO.40
Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.40/CSSA-2001-SCO.40.txt
Reference: CERT:CA-2001-34
Reference: URL:http://www.cert.org/advisories/CA-2001-34.html
Reference: CERT-VN:VU#569272
Reference: URL:http://www.kb.cert.org/vuls/id/569272
Reference: ISS:20011212 Buffer Overflow in /bin/login
Reference: URL:http://xforce.iss.net/alerts/advise105.php
Reference: OVAL:oval:org.mitre.oval:def:2025
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2025
Reference: SGI:20011201-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20011201-01-I
Reference: SUN:00213
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/213
Reference: SUNBUG:4516885
Reference: XF:telnet-tab-bo(7284)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7284

---

Name: CVE-2001-0801

Description:

lpstat in IRIX 6.5.13f and earlier allows local users to gain root privileges by specifying a Trojan Horse nettype shared library.

Status:Entry
Reference: MISC:http://www.lsd-pl.net/files/get?IRIX/irx_lpstat2
Reference: SGI:20011003-02-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20011003-02-P
Reference: XF:irix-lpstat-net-type-library(7639)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7639

---

Name: CVE-2001-0803

Description:

Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary commands.

Status:Entry
Reference: BID:3517
Reference: URL:http://www.securityfocus.com/bid/3517
Reference: CALDERA:CSSA-2001-SCO.30
Reference: URL:ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.30/
Reference: CERT:CA-2001-31
Reference: URL:http://www.cert.org/advisories/CA-2001-31.html
Reference: CERT:CA-2002-01
Reference: URL:http://www.cert.org/advisories/CA-2002-01.html
Reference: CERT-VN:VU#172583
Reference: URL:http://www.kb.cert.org/vuls/id/172583
Reference: COMPAQ:SSRT541
Reference: URL:http://ftp.support.compaq.com/patches/.new/html/SSRT-541.shtml
Reference: HP:HPSBUX0111-175
Reference: URL:http://www.securityfocus.com/advisories/3651
Reference: ISS:20011112 Multi-Vendor Buffer Overflow Vulnerability in CDE Subprocess Control Service
Reference: URL:http://xforce.iss.net/alerts/advise101.php
Reference: OVAL:oval:org.mitre.oval:def:70
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A70
Reference: OVAL:oval:org.mitre.oval:def:74
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A74
Reference: SGI:20011107-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20011107-01-P
Reference: SUN:00214
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/214
Reference: XF:cde-dtspcd-bo(7396)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7396

---

Name: CVE-2001-0804

Description:

Directory traversal vulnerability in story.pl in Interactive Story 1.3 allows a remote attacker to read arbitrary files via a .. (dot dot) attack on the "next" parameter.

Status:Entry
Reference: BID:3028
Reference: URL:http://www.securityfocus.com/bid/3028
Reference: BUGTRAQ:20010715 Interactive Story File Disclosure Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/4.3.2.7.2.20010715184257.00b20100@compumodel.com
Reference: CONFIRM:http://www.valeriemates.com/story_download.html
Reference: OSVDB:683
Reference: URL:http://www.osvdb.org/683
Reference: XF:interactive-story-next-directory-traversal(6843)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6843

---

Name: CVE-2001-0805

Description:

Directory traversal vulnerability in ttawebtop.cgi in Tarantella Enterprise 3.00 and 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the pg parameter.

Status:Entry
Reference: BID:2890
Reference: URL:http://www.securityfocus.com/bid/2890
Reference: BUGTRAQ:20010618 SCO Tarantella Remote file read via ttawebtop.cgi
Reference: URL:http://www.securityfocus.com/archive/1/3B2E37D0.81D9ED9D@snosoft.com
Reference: BUGTRAQ:20010619 Re: SCO Tarantella Remote file read via ttawebtop.cgi
Reference: URL:http://www.securityfocus.com/archive/1/20010619150935.A5226@tarantella.com
Reference: XF:tarantella-ttawebtop-read-files(6723)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6723

---

Name: CVE-2001-0806

Description:

Apple MacOS X 10.0 and 10.1 allow a local user to read and write to a user's desktop folder via insecure default permissions for the Desktop when it is created in some languages.

Status:Entry
Reference: BID:2930
Reference: URL:http://www.securityfocus.com/bid/2930
Reference: BUGTRAQ:20010626 MacOSX 10.0.X Permissions uncorrectly set
Reference: URL:http://marc.info/?l=bugtraq&m=99358249631139&w=2
Reference: BUGTRAQ:20010704 Re: MacOSX 10.0.X Permissions uncorrectly set - I got it
Reference: URL:http://marc.info/?l=bugtraq&m=99436289015729&w=2
Reference: BUGTRAQ:20011007 OS X 10.1 and localized desktop folder still vulnerable
Reference: URL:http://online.securityfocus.com/archive/1/219166
Reference: OSVDB:1882
Reference: URL:http://www.osvdb.org/1882
Reference: XF:macos-desktop-insecure-permissions(6750)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6750

---

Name: CVE-2001-0815

Description:

Buffer overflow in PerlIS.dll in Activestate ActivePerl 5.6.1.629 and earlier allows remote attackers to execute arbitrary code via an HTTP request for a long filename that ends in a .pl extension.

Status:Entry
Reference: BID:3526
Reference: URL:http://www.securityfocus.com/bid/3526
Reference: BUGTRAQ:20011115 NSFOCUS SA2001-07 : ActivePerl PerlIS.dll Remote Buffer Overflow Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=100583978302585&w=2
Reference: CONFIRM:http://bugs.activestate.com/show_bug.cgi?id=18062
Reference: OSVDB:678
Reference: URL:http://www.osvdb.org/678
Reference: XF:activeperl-perlis-filename-bo(7539)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7539

---

Name: CVE-2001-0816

Description:

OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands.

Status:Entry
Reference: BUGTRAQ:20010918 OpenSSH: sftp & bypassing keypair auth restrictions
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0153.html
Reference: CONECTIVA:CLSA-2001:431
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000431
Reference: IMMUNIX:IMNX-2001-70-034-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-034-01
Reference: OSVDB:5536
Reference: URL:http://www.osvdb.org/5536
Reference: REDHAT:RHSA-2001:154
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-154.html
Reference: XF:openssh-sftp-bypass-restrictions(7634)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7634

---

Name: CVE-2001-0819

Description:

A buffer overflow in Linux fetchmail before 5.8.6 allows remote attackers to execute arbitrary code via a large 'To:' field in an email header.

Status:Entry
Reference: BID:2877
Reference: URL:http://www.securityfocus.com/bid/2877
Reference: CALDERA:CSSA-2001-022.1
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-022.1.txt
Reference: CONECTIVA:CLA-2001:403
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000403
Reference: DEBIAN:DSA-060
Reference: URL:http://www.debian.org/security/2001/dsa-060
Reference: ENGARDE:ESA-20010620-01
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1451.html
Reference: FREEBSD:FreeBSD-SA-01:43
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:43.fetchmail.asc
Reference: IMMUNIX:IMNX-2001-70-025-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-025-01
Reference: MANDRAKE:MDKSA-2001:063
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-063.php3?dis=7.1
Reference: REDHAT:RHSA-2001:103
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-103.html
Reference: SUSE:SuSE-SA:2001:026
Reference: URL:http://www.novell.com/linux/security/advisories/2001_026_fetchmail_txt.html
Reference: XF:fetchmail-long-header-bo(6704)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6704

---

Name: CVE-2001-0822

Description:

FPF kernel module 1.0 allows a remote attacker to cause a denial of service via fragmented packets.

Status:Entry
Reference: BID:2816
Reference: URL:http://www.securityfocus.com/bid/2816
Reference: BUGTRAQ:20010602 fpf module and packet fragmentation:local/remote DoS.
Reference: URL:http://marc.info/?l=bugtraq&m=99167206319643&w=2
Reference: CONFIRM:http://www.pkcrew.org/news.php
Reference: XF:linux-fpf-kernel-dos(6659)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6659

---

Name: CVE-2001-0823

Description:

The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR).

Status:Entry
Reference: BID:2887
Reference: URL:http://www.securityfocus.com/bid/2887
Reference: BUGTRAQ:20010618 pmpost - another nice symlink follower
Reference: URL:http://marc.info/?l=bugtraq&m=99290754901708&w=2
Reference: BUGTRAQ:20010619 Re: pmpost - another nice symlink follower
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0245.html
Reference: SGI:20010601-01-A
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20010601-01-A
Reference: XF:irix-pcp-pmpost-symlink(6724)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6724

---

Name: CVE-2001-0825

Description:

Buffer overflow in internal string handling routines of xinetd before 2.1.8.8 allows remote attackers to execute arbitrary commands via a length argument of zero or less, which disables the length check.

Status:Entry
Reference: BID:2971
Reference: URL:http://www.securityfocus.com/bid/2971
Reference: CONECTIVA:CLA-2001:406
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000406
Reference: IMMUNIX:IMNX-2001-70-029-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-029-01
Reference: REDHAT:RHSA-2001:092
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-092.html
Reference: SUSE:SuSE-SA:2001:022
Reference: XF:xinetd-zero-length-bo(6804)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6804

---

Name: CVE-2001-0828

Description:

A cross-site scripting vulnerability in Caucho Technology Resin before 1.2.4 allows a malicious webmaster to embed Javascript in a hyperlink that ends in a .jsp extension, which causes an error message that does not properly quote the Javascript.

Status:Entry
Reference: BID:2981
Reference: URL:http://www.securityfocus.com/bid/2981
Reference: BUGTRAQ:20010702 Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability
Reference: URL:http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00021.html
Reference: CERT-VN:VU#981651
Reference: URL:http://www.kb.cert.org/vuls/id/981651
Reference: CONFIRM:http://www.caucho.com/products/resin/changes.xtp
Reference: OSVDB:1890
Reference: URL:http://www.osvdb.org/1890
Reference: XF:java-servlet-crosssite-scripting(6793)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6793

---

Name: CVE-2001-0830

Description:

6tunnel 0.08 and earlier does not properly close sockets that were initiated by a client, which allows remote attackers to cause a denial of service (resource exhaustion) by repeatedly connecting to and disconnecting from the server.

Status:Entry
Reference: BID:3467
Reference: URL:http://www.securityfocus.com/bid/3467
Reference: BUGTRAQ:20011023 Remote DoS in 6tunnel
Reference: URL:http://marc.info/?l=bugtraq&m=100386451702966&w=2
Reference: CONFIRM:ftp://213.146.38.146/pub/wojtekka/6tunnel-0.09.tar.gz
Reference: XF:6tunnel-open-socket-dos(7337)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7337

---

Name: CVE-2001-0833

Description:

Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable, aka the "Oracle Trace Collection Security Vulnerability."

Status:Entry
Reference: BID:3139
Reference: URL:http://www.securityfocus.com/bid/3139
Reference: BUGTRAQ:20010802 vulnerability in otrcrep binary in Oracle 8.0.5.
Reference: URL:http://online.securityfocus.com/archive/1/201295
Reference: BUGTRAQ:20011023 FW: ASI Oracle Security Alert: 3 new security alerts
Reference: URL:http://marc.info/?l=bugtraq&m=100386756715645&w=2
Reference: BUGTRAQ:20011024 Oracle Trace Collection Security Vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/222612
Reference: CIAC:M-011
Reference: URL:http://www.ciac.org/ciac/bulletins/m-011.shtml
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/otrcrep.pdf
Reference: VULNWATCH:20011024 Oracle Trace Collection Security Vulnerability
Reference: XF:oracle-binary-symlink(6940)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6940

---

Name: CVE-2001-0834

Description:

htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.

Status:Entry
Reference: BID:3410
Reference: URL:http://www.securityfocus.com/bid/3410
Reference: BUGTRAQ:20011007 Re: Bug found in ht://Dig htsearch CGI
Reference: URL:http://marc.info/?l=bugtraq&m=100260195401753&w=2
Reference: CALDERA:CSSA-2001-035.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-035.0.txt
Reference: CONECTIVA:CLA-2001:429
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000429
Reference: DEBIAN:DSA-080
Reference: URL:http://www.debian.org/security/2001/dsa-080
Reference: MANDRAKE:MDKSA-2001:083
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-083.php3
Reference: MISC:http://sourceforge.net/tracker/index.php?func=detail&aid=458013&group_id=4593&atid=104593
Reference: REDHAT:RHSA-2001:139
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-139.html
Reference: SUSE:SuSE-SA:2001:035
Reference: URL:http://www.novell.com/linux/security/advisories/2001_035_htdig_txt.html
Reference: XF:htdig-htsearch-infinite-loop(7262)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7262
Reference: XF:htdig-htsearch-retrieve-files(7263)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7263

---

Name: CVE-2001-0836

Description:

Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request.

Status:Entry
Reference: BUGTRAQ:20011018 def-2001-30
Reference: URL:http://marc.info/?l=bugtraq&m=100342151132277&w=2
Reference: BUGTRAQ:20011024 Oracle9iAS Web Cache Overflow Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=100395487007578&w=2
Reference: CERT:CA-2001-29
Reference: URL:http://www.cert.org/advisories/CA-2001-29.html
Reference: CERT-VN:VU#649979
Reference: URL:http://www.kb.cert.org/vuls/id/649979
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/webcache.pdf
Reference: OSVDB:5534
Reference: URL:http://www.osvdb.org/5534
Reference: XF:oracle-appserver-http-bo(7306)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7306

---

Name: CVE-2001-0837

Description:

DeltaThree Pc-To-Phone 3.0.3 places sensitive data in world-readable locations in the installation directory, which allows local users to read the information in (1) temp.html, (2) the log folder, and (3) the PhoneBook folder.

Status:Entry
Reference: BID:3475
Reference: URL:http://www.securityfocus.com/bid/3475
Reference: BUGTRAQ:20011025 Pc-to-Phone vulnerability - broken by design
Reference: URL:http://marc.info/?l=bugtraq&m=100403691432052&w=2
Reference: XF:pc2phone-temp-account-readable(7393)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7393

---

Name: CVE-2001-0843

Description:

Squid proxy server 2.4 and earlier allows remote attackers to cause a denial of service (crash) via a mkdir-only FTP PUT request.

Status:Entry
Reference: BID:3354
Reference: URL:http://www.securityfocus.com/bid/3354
Reference: BUGTRAQ:20010921 squid DoS
Reference: URL:http://marc.info/?l=bugtraq&m=100109679010256&w=2
Reference: CONECTIVA:CLA-2001:426
Reference: URL:http://archives.neohapsis.com/archives/linux/conectiva/2001-q3/0020.html
Reference: DEBIAN:DSA-077
Reference: URL:http://www.debian.org/security/2001/dsa-077
Reference: MANDRAKE:MDKSA-2001:088
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-088.php3
Reference: REDHAT:RHSA-2001:113
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-113.html
Reference: SUSE:SuSE-SA:2001:037
Reference: URL:http://www.novell.com/linux/security/advisories/2001_037_squid_txt.html
Reference: XF:squid-mkdir-put-dos(7157)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7157

---

Name: CVE-2001-0846

Description:

Lotus Domino 5.x allows remote attackers to read files or execute arbitrary code by requesting the ReplicaID of the Web Administrator template file (webadmin.ntf).

Status:Entry
Reference: BID:3491
Reference: URL:http://www.iss.net/security_center/static/7424.php
Reference: BUGTRAQ:20011030 Lotus Domino Web Administrator Template ReplicaID Access (#NISR29102001A)
Reference: URL:http://marc.info/?l=bugtraq&m=100448721830960&w=2
Reference: OSVDB:1979
Reference: URL:http://www.osvdb.org/1979
Reference: XF:lotus-domino-replicaid-access(7424)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7424

---

Name: CVE-2001-0850

Description:

A configuration error in the libdb1 package in OpenLinux 3.1 uses insecure versions of the snprintf and vsnprintf functions, which could allow local or remote users to exploit those functions with a buffer overflow.

Status:Entry
Reference: CALDERA:CSSA-2001-037.0
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-037.0.txt
Reference: XF:openlinux-libdb-bo(7427)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7427

---

Name: CVE-2001-0851

Description:

Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie.

Status:Entry
Reference: CALDERA:CSSA-2001-38.0
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-038.0.txt
Reference: CONECTIVA:CLA-2001:432
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000432
Reference: ENGARDE:ESA-20011106-01
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1683.html
Reference: MANDRAKE:MDKSA-2001:082
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-082.php3
Reference: REDHAT:RHSA-2001:142
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-142.html
Reference: SUSE:SuSE-SA:2001:039
Reference: URL:http://www.novell.com/linux/security/advisories/2001_039_kernel2_txt.html
Reference: XF:linux-syncookie-bypass-filter(7461)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7461

---

Name: CVE-2001-0852

Description:

TUX HTTP server 2.1.0-2 in Red Hat Linux allows remote attackers to cause a denial of service via a long Host: header.

Status:Entry
Reference: BID:3506
Reference: URL:http://www.securityfocus.com/bid/3506
Reference: BUGTRAQ:20011105 RH Linux Tux HTTPD DoS
Reference: URL:http://marc.info/?l=bugtraq&m=100498100112191&w=2
Reference: CONFIRM:http://marc.info/?l=tux-list&m=100584714702328&w=2
Reference: REDHAT:RHSA-2001:142
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-142.html
Reference: VULNWATCH:20011102 [RH Linux7.2] Tux HTTPD Denial of Service
Reference: XF:tux-http-host-dos(7464)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7464

---

Name: CVE-2001-0857

Description:

Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter.

Status:Entry
Reference: BID:3525
Reference: URL:http://www.securityfocus.com/bid/3525
Reference: BUGTRAQ:20011109 Imp Webmail session hijacking vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=100535679608486&w=2
Reference: BUGTRAQ:20011110 IMP 2.2.7 (SECURITY) released
Reference: URL:http://marc.info/?l=bugtraq&m=100540578822469&w=2
Reference: CALDERA:CSSA-2001-039.0
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-039.0.txt
Reference: CONECTIVA:CLA-2001:437
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000437
Reference: OSVDB:668
Reference: URL:http://www.osvdb.org/668
Reference: XF:imp-css-steal-cookies(7496)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7496

---

Name: CVE-2001-0859

Description:

2.4.3-12 kernel in Red Hat Linux 7.1 Korean installation program sets the setting default umask for init to 000, which installs files with world-writeable permissions.

Status:Entry
Reference: BID:3527
Reference: URL:http://www.securityfocus.com/bid/3527
Reference: HP:HPSBTL0112-006
Reference: URL:http://online.securityfocus.com/advisories/3725
Reference: REDHAT:RHSA-2001:148
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-148.html
Reference: XF:linux-korean-default-umask(7549)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7549

---

Name: CVE-2001-0860

Description:

Terminal Services Manager MMC in Windows 2000 and XP trusts the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through a Network Address Translation (NAT).

Status:Entry
Reference: BID:3541
Reference: URL:http://www.securityfocus.com/bid/3541
Reference: BUGTRAQ:20011114 Xato Advisory: Win2k/XP Terminal Services IP Spoofing
Reference: URL:http://marc.info/?l=bugtraq&m=100578220002083&w=2
Reference: XF:win-terminal-spoof-address(7538)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7538

---

Name: CVE-2001-0861

Description:

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier allows remote attackers to cause a denial of service (CPU consumption) by flooding the router with traffic that generates a large number of ICMP Unreachable replies.

Status:Entry
Reference: BID:3534
Reference: URL:http://www.securityfocus.com/bid/3534
Reference: CIAC:M-018
Reference: URL:http://www.ciac.org/ciac/bulletins/m-018.shtml
Reference: CISCO:20011114 ICMP Unreachable Vulnerability in Cisco 12000 Series Internet Router
Reference: URL:http://www.cisco.com/warp/public/707/GSR-unreachables-pub.shtml
Reference: OSVDB:794
Reference: URL:http://www.osvdb.org/794
Reference: XF:cisco-icmp-unreachable-dos(7536)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7536

---

Name: CVE-2001-0862

Description:

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not block non-initial packet fragments, which allows remote attackers to bypass the ACL.

Status:Entry
Reference: BID:3535
Reference: URL:http://www.securityfocus.com/bid/3535
Reference: CIAC:M-018
Reference: URL:http://www.ciac.org/ciac/bulletins/m-018.shtml
Reference: CISCO:20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router
Reference: URL:http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml
Reference: OSVDB:1985
Reference: URL:http://www.osvdb.org/1985
Reference: XF:cisco-acl-noninital-dos(7550)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7550

---

Name: CVE-2001-0863

Description:

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not handle the "fragment" keyword in a compiled ACL (Turbo ACL) for packets that are sent to the router, which allows remote attackers to cause a denial of service via a flood of fragments.

Status:Entry
Reference: BID:3539
Reference: URL:http://www.securityfocus.com/bid/3539
Reference: CIAC:M-018
Reference: URL:http://www.ciac.org/ciac/bulletins/m-018.shtml
Reference: CISCO:20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router
Reference: URL:http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml
Reference: OSVDB:1987
Reference: URL:http://www.osvdb.org/1987
Reference: XF:cisco-acl-outgoing-fragment(7551)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7551

---

Name: CVE-2001-0864

Description:

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly handle the implicit "deny ip any any" rule in an outgoing ACL when the ACL contains exactly 448 entries, which can allow some outgoing packets to bypass access restrictions.

Status:Entry
Reference: BID:3536
Reference: URL:http://www.securityfocus.com/bid/3536
Reference: CIAC:M-018
Reference: URL:http://www.ciac.org/ciac/bulletins/m-018.shtml
Reference: CISCO:20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router
Reference: URL:http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml
Reference: OSVDB:1986
Reference: URL:http://www.osvdb.org/1986
Reference: XF:cisco-acl-deny-ip(7553)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7553

---

Name: CVE-2001-0865

Description:

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not support the "fragment" keyword in an outgoing ACL, which could allow fragmented packets in violation of the intended access.

Status:Entry
Reference: BID:3540
Reference: URL:http://www.securityfocus.com/bid/3540
Reference: CIAC:M-018
Reference: URL:http://www.ciac.org/ciac/bulletins/m-018.shtml
Reference: CISCO:20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router
Reference: URL:http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml
Reference: OSVDB:1988
Reference: URL:http://www.osvdb.org/1988
Reference: XF:cisco-turbo-acl-dos(7552)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7552

---

Name: CVE-2001-0866

Description:

Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access controls.

Status:Entry
Reference: BID:3537
Reference: URL:http://www.securityfocus.com/bid/3537
Reference: CIAC:M-018
Reference: URL:http://www.ciac.org/ciac/bulletins/m-018.shtml
Reference: CISCO:20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router
Reference: URL:http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml
Reference: OSVDB:1984
Reference: URL:http://www.osvdb.org/1984
Reference: XF:cisco-input-acl-configured(7554)
Reference: URL:http://www.iss.net/security_center/static/7554.php

---

Name: CVE-2001-0867

Description:

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly filter does not properly filter packet fragments even when the "fragment" keyword is used in an ACL, which allows remote attackers to bypass the intended access controls.

Status:Entry
Reference: BID:3538
Reference: URL:http://www.securityfocus.com/bid/3538
Reference: CIAC:M-018
Reference: URL:http://www.ciac.org/ciac/bulletins/m-018.shtml
Reference: CISCO:20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router
Reference: URL:http://www.cisco.com/warp/public/707/GSR-ACL-pub.shtml
Reference: OSVDB:1989
Reference: URL:http://www.osvdb.org/1989
Reference: XF:cisco-acl-fragment-bypass(7555)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7555

---

Name: CVE-2001-0869

Description:

Format string vulnerability in the default logging callback function _sasl_syslog in common.c in Cyrus SASL library (cyrus-sasl) may allow remote attackers to execute arbitrary commands.

Status:Entry
Reference: BID:3498
Reference: URL:http://www.securityfocus.com/bid/3498
Reference: BUGTRAQ:20011101 Formatting string bug on cyrus-sasl library
Reference: CALDERA:CSSA-2001-040.0
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-040.0.txt
Reference: CONECTIVA:CLA-2001:444
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000444
Reference: FREEBSD:FreeBSD-SA-02:15
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:15.cyrus-sasl.asc
Reference: MANDRAKE:MDKSA-2002:018
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:018
Reference: REDHAT:RHSA-2001:150
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-150.html
Reference: REDHAT:RHSA-2001:151
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-151.html
Reference: SUSE:SuSE-SA:2001:042
Reference: URL:http://lwn.net/alerts/SuSE/SuSE-SA%3A2001%3A042.php3
Reference: XF:cyrus-sasl-format-string(7443)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7443

---

Name: CVE-2001-0872

Description:

OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges.

Status:Entry
Reference: BID:3614
Reference: URL:http://www.securityfocus.com/bid/3614
Reference: BUGTRAQ:20011204 [Fwd: OpenSSH 3.0.2 fixes UseLogin vulnerability]
Reference: URL:http://marc.info/?l=bugtraq&m=100749779131514&w=2
Reference: BUGTRAQ:20011220 TSL-2001-0030 - openssh (updated)
Reference: CALDERA:CSSA-2001-042.1
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-042.1.txt
Reference: CERT-VN:VU#157447
Reference: URL:http://www.kb.cert.org/vuls/id/157447
Reference: CIAC:M-026
Reference: URL:http://www.ciac.org/ciac/bulletins/m-026.shtml
Reference: CONECTIVA:CLA-2001:446
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000446
Reference: CONFIRM:http://marc.info/?l=openssh-unix-dev&m=100747128105913&w=2
Reference: DEBIAN:DSA-091
Reference: URL:http://www.debian.org/security/2001/dsa-091
Reference: FREEBSD:FreeBSD-SA-01:63
Reference: HP:HPSBUX0112-005
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0112-005
Reference: MANDRAKE:MDKSA-2001:092
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2001:092
Reference: OSVDB:688
Reference: URL:http://www.osvdb.org/688
Reference: REDHAT:RHSA-2001:161
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-161.html
Reference: SUSE:SuSE-SA:2001:045
Reference: URL:http://lists.suse.com/archives/suse-security-announce/2001-Dec/0001.html
Reference: TURBO:TLSA2002001
Reference: VULN-DEV:20011205 OpenSSH UseLogin proof of concept exploit
Reference: XF:openssh-uselogin-execute-code(7647)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7647

---

Name: CVE-2001-0873

Description:

uuxqt in Taylor UUCP package does not properly remove dangerous long options, which allows local users to gain privileges by calling uux and specifying an alternate configuration file with the --config option.

Status:Entry
Reference: BID:3312
Reference: URL:http://www.securityfocus.com/bid/3312
Reference: BUGTRAQ:20010908 Multiple vendor 'Taylor UUCP' problems.
Reference: URL:http://www.securityfocus.com/archive/1/212892
Reference: BUGTRAQ:20011130 Redhat 7.0 local root (via uucp) (attempt 2)
Reference: URL:http://marc.info/?l=bugtraq&m=100715446131820
Reference: CALDERA:CSSA-2001-033.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-033.0.txt
Reference: CONECTIVA:CLA-2001:425
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000425
Reference: DEBIAN:DSA-079
Reference: URL:http://www.debian.org/security/2001/dsa-079
Reference: REDHAT:RHSA-2001:165
Reference: URL:http://rhn.redhat.com/errata/RHSA-2001-165.html
Reference: SUSE:SuSE-SA:2001:38
Reference: URL:http://www.novell.com/linux/security/advisories/2001_038_uucp_txt.html
Reference: XF:uucp-argument-gain-privileges(7099)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7099

---

Name: CVE-2001-0874

Description:

Internet Explorer 5.5 and 6.0 allow remote attackers to read certain files via HTML that passes information from a frame in the client's domain to a frame in the web site's domain, a variant of the "Frame Domain Verification" vulnerability.

Status:Entry
Reference: BID:3693
Reference: URL:http://www.securityfocus.com/bid/3693
Reference: CIAC:M-027
Reference: URL:http://www.ciac.org/ciac/bulletins/m-027.shtml
Reference: MS:MS01-058
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-058
Reference: XF:ie-frame-verification-variant2(7702)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7702

---

Name: CVE-2001-0875

Description:

Internet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download.

Status:Entry
Reference: BID:3597
Reference: URL:http://www.securityfocus.com/bid/3597
Reference: BUGTRAQ:20011126 File extensions spoofable in MSIE download dialog
Reference: URL:http://www.securityfocus.com/archive/1/245594
Reference: MS:MS01-058
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-058
Reference: OVAL:oval:org.mitre.oval:def:1014
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1014
Reference: XF:ie-file-download-ext-spoof(7636)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7636

---

Name: CVE-2001-0876

Description:

Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to execute arbitrary code via a NOTIFY directive with a long Location URL.

Status:Entry
Reference: BID:3723
Reference: URL:http://www.securityfocus.com/bid/3723
Reference: BUGTRAQ:20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities
Reference: URL:http://marc.info/?l=bugtraq&m=100887440810532&w=2
Reference: CERT:CA-2001-37
Reference: URL:http://www.cert.org/advisories/CA-2001-37.html
Reference: CERT-VN:VU#951555
Reference: URL:http://www.kb.cert.org/vuls/id/951555
Reference: CIAC:M-030
Reference: URL:http://www.ciac.org/ciac/bulletins/m-030.shtml
Reference: MS:MS01-059
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-059
Reference: NTBUGTRAQ:20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities
Reference: URL:http://marc.info/?l=ntbugtraq&m=100887271006313&w=2
Reference: XF:win-upnp-notify-bo(7721)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7721

---

Name: CVE-2001-0877

Description:

Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service via (1) a spoofed SSDP advertisement that causes the client to connect to a service on another machine that generates a large amount of traffic (e.g., chargen), or (2) via a spoofed SSDP announcement to broadcast or multicast addresses, which could cause all UPnP clients to send traffic to a single target system.

Status:Entry
Reference: BID:3724
Reference: URL:http://www.securityfocus.com/bid/3724
Reference: BUGTRAQ:20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities
Reference: URL:http://marc.info/?l=bugtraq&m=100887440810532&w=2
Reference: BUGTRAQ:20020109 UPNP Denial of Service
Reference: URL:http://www.securityfocus.com/archive/1/249238
Reference: CERT:CA-2001-37
Reference: URL:http://www.cert.org/advisories/CA-2001-37.html
Reference: CERT-VN:VU#411059
Reference: URL:http://www.kb.cert.org/vuls/id/411059
Reference: CIAC:M-030
Reference: URL:http://www.ciac.org/ciac/bulletins/m-030.shtml
Reference: MS:MS01-059
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-059
Reference: NTBUGTRAQ:20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities
Reference: URL:http://marc.info/?l=ntbugtraq&m=100887271006313&w=2
Reference: XF:win-upnp-udp-dos(7722)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7722

---

Name: CVE-2001-0879

Description:

Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service.

Status:Entry
Reference: ATSTAKE:A122001-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a122001-1.txt
Reference: BID:3732
Reference: URL:http://www.securityfocus.com/bid/3732
Reference: BUGTRAQ:20011221 @stake advisory: Multiple overflow and format string vulnerabilities in in Microsoft SQL Server
Reference: URL:http://marc.info/?l=bugtraq&m=100891252317406&w=2
Reference: MS:MS01-060
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-060
Reference: OVAL:oval:org.mitre.oval:def:253
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A253
Reference: XF:mssql-c-runtime-format-string(7725)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7725

---

Name: CVE-2001-0884

Description:

Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users.

Status:Entry
Reference: BID:3602
Reference: URL:http://www.securityfocus.com/bid/3602
Reference: BUGTRAQ:20011128 Cgisecurity.com Advisory #7: Mailman Email Archive Cross Site Scripting
Reference: URL:http://www.securityfocus.com/archive/1/242839
Reference: CONECTIVA:CLA-2001:445
Reference: URL:http://www.securityfocus.com/advisories/3721
Reference: REDHAT:RHSA-2001:168
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-168.html
Reference: REDHAT:RHSA-2001:169
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-169.html
Reference: REDHAT:RHSA-2001:170
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-170.html
Reference: XF:mailman-java-css(7617)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7617

---

Name: CVE-2001-0886

Description:

Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a glob pattern that ends in a brace "{" character.

Status:Entry
Reference: BID:3707
Reference: URL:http://www.securityfocus.com/bid/3707
Reference: BUGTRAQ:20011217 [Global InterSec 2001121001] glibc globbing issues.
Reference: URL:http://www.securityfocus.com/archive/1/245956
Reference: BUGTRAQ:20011220 TSLSA-2001-0029 - glibc
Reference: CIAC:M-029
Reference: URL:http://www.ciac.org/ciac/bulletins/m-029.shtml
Reference: CONECTIVA:CLA-2002:447
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000447
Reference: DEBIAN:DSA-103
Reference: URL:http://www.debian.org/security/2002/dsa-103
Reference: ENGARDE:ESA-20011217-01
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1752.html
Reference: HP:HPSBTL0112-008
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0112-008
Reference: IMMUNIX:IMNX-2001-70-037-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-037-01
Reference: MANDRAKE:MDKSA-2001:095
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-095.php3
Reference: MISC:http://sources.redhat.com/ml/bug-glibc/2001-11/msg00109.html
Reference: REDHAT:RHSA-2001:160
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-160.html
Reference: SUSE:SuSE-SA:2001:046
Reference: XF:glibc-glob-bo(7705)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7705

---

Name: CVE-2001-0887

Description:

xSANE 0.81 and earlier allows local users to modify files of other xSANE users via a symlink attack on temporary files.

Status:Entry
Reference: BID:3700
Reference: URL:http://www.securityfocus.com/bid/3700
Reference: FREEBSD:FreeBSD-SA-01:68
Reference: URL:http://www.securityfocus.com/advisories/3734
Reference: REDHAT:RHSA-2001:171
Reference: URL:http://rhn.redhat.com/errata/RHSA-2001-171.html
Reference: REDHAT:RHSA-2001:172
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-172.html
Reference: XF:xsane-temp-symlink(7714)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7714

---

Name: CVE-2001-0888

Description:

Atmel Firmware 1.3 Wireless Access Point (WAP) allows remote attackers to cause a denial of service via a SNMP request with (1) a community string other than "public" or (2) an unknown OID, which causes the WAP to deny subsequent SNMP requests.

Status:Entry
Reference: BID:3734
Reference: URL:http://www.securityfocus.com/bid/3734
Reference: BUGTRAQ:20011221 VIGILANTe advisory 2001003 : Atmel SNMP Non Public Community String DoS Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=100895903202798&w=2
Reference: XF:atmel-snmp-community-dos(7734)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7734

---

Name: CVE-2001-0889

Description:

Exim 3.22 and earlier, in some configurations, does not properly verify the local part of an address when redirecting the address to a pipe, which could allow remote attackers to execute arbitrary commands via shell metacharacters.

Status:Entry
Reference: BID:3728
Reference: URL:http://www.securityfocus.com/bid/3728
Reference: BUGTRAQ:20011219 [ph10@cus.cam.ac.uk: [Exim] Potential security problem]
Reference: URL:http://marc.info/?l=bugtraq&m=100877978506387&w=2
Reference: CERT-VN:VU#283723
Reference: URL:http://www.kb.cert.org/vuls/id/283723
Reference: DEBIAN:DSA-097
Reference: URL:http://www.debian.org/security/2002/dsa-097
Reference: REDHAT:RHSA-2001:176
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-176.html
Reference: XF:exim-pipe-hostname-commands(7738)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7738

---

Name: CVE-2001-0891

Description:

Format string vulnerability in NQS daemon (nqsdaemon) in NQE 3.3.0.16 for CRAY UNICOS and SGI IRIX allows a local user to gain root privileges by using qsub to submit a batch job whose name contains formatting characters.

Status:Entry
Reference: BID:3590
Reference: URL:http://www.securityfocus.com/bid/3590
Reference: BUGTRAQ:20011127 UNICOS LOCAL HOLE ALL VERSIONS
Reference: URL:http://marc.info/?l=bugtraq&m=100695627423924&w=2
Reference: OSVDB:3275
Reference: URL:http://www.osvdb.org/3275
Reference: SGI:20020101-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020101-01-I
Reference: XF:unicos-nqsd-format-string(7618)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7618

---

Name: CVE-2001-0894

Description:

Vulnerability in Postfix SMTP server before 20010228-pl07, when configured to email the postmaster when SMTP errors cause the session to terminate, allows remote attackers to cause a denial of service (memory exhaustion) by generating a large number of SMTP errors, which forces the SMTP session log to grow too large.

Status:Entry
Reference: BID:3544
Reference: URL:http://www.securityfocus.com/bid/3544
Reference: BUGTRAQ:20011115 Postfix session log memory exhaustion bugfix
Reference: URL:http://marc.info/?l=bugtraq&m=100584160110303&w=2
Reference: CONECTIVA:CLA-2001:439
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000439
Reference: DEBIAN:DSA-093
Reference: URL:http://www.debian.org/security/2001/dsa-093
Reference: MANDRAKE:MDKSA-2001:089
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2001:089
Reference: REDHAT:RHSA-2001:156
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-156.html
Reference: XF:postfix-smtp-log-dos(7568)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7568

---

Name: CVE-2001-0895

Description:

Multiple Cisco networking products allow remote attackers to cause a denial of service on the local network via a series of ARP packets sent to the router's interface that contains a different MAC address for the router, which eventually causes the router to overwrite the MAC address in its ARP table.

Status:Entry
Reference: BID:3547
Reference: URL:http://www.securityfocus.com/bid/3547
Reference: CERT-VN:VU#399355
Reference: URL:http://www.kb.cert.org/vuls/id/399355
Reference: CISCO:20011115 Cisco IOS ARP Table Overwrite Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/IOS-arp-overwrite-vuln-pub.shtml
Reference: OSVDB:807
Reference: URL:http://www.osvdb.org/807
Reference: XF:cisco-arp-overwrite-table(7547)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7547

---

Name: CVE-2001-0896

Description:

Inetd in OpenServer 5.0.5 allows remote attackers to cause a denial of service (crash) via a port scan, e.g. with nmap -PO.

Status:Entry
Reference: BUGTRAQ:20020201 RE: DoS bug on Tru64
Reference: URL:http://marc.info/?l=bugtraq&m=101284101228656&w=2
Reference: BUGTRAQ:20020205 nmap vs. inetd on Caldera (ex-SCO) OpenServer, Re: DoS bug on Tru64
Reference: URL:http://marc.info/?l=bugtraq&m=101303877215098&w=2
Reference: CALDERA:CSSA-2001-SCO.33
Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.33/CSSA-2001-SCO.33.txt
Reference: XF:openserver-nmap-po-option(7571)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7571

---

Name: CVE-2001-0899

Description:

Network Tools 0.2 for PHP-Nuke allows remote attackers to execute commands on the server via shell metacharacters in the $hostinput variable.

Status:Entry
Reference: BUGTRAQ:20011116 Network Tool 0.2 Addon for PHPNuke vulnerable to remote command execution
Reference: URL:http://marc.info/?l=bugtraq&m=100593523104176&w=2
Reference: CONFIRM:http://phpnukerz.org/modules.php?name=Downloads&d_op=viewsdownload&sid=32
Reference: XF:phpnuke-nettools-command-execution(7578)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7578

---

Name: CVE-2001-0900

Description:

Directory traversal vulnerability in modules.php in Gallery before 1.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the include parameter.

Status:Entry
Reference: BID:3554
Reference: URL:http://www.securityfocus.com/bid/3554
Reference: BUGTRAQ:20011118 Gallery Addon for PhpNuke remote file viewing vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=100619599000590&w=2
Reference: CONFIRM:http://www.menalto.com/projects/gallery/article.php?sid=33&mode=&order=
Reference: OSVDB:677
Reference: URL:http://www.osvdb.org/677
Reference: XF:phpnuke-gallery-directory-traversal(7580)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7580

---

Name: CVE-2001-0901

Description:

Hypermail allows remote attackers to execute arbitrary commands on a server supporting SSI via an attachment with a .shtml extension, which is archived on the server and can then be executed by requesting the URL for the attachment.

Status:Entry
Reference: BUGTRAQ:20011119 Hypermail SSI Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=100626603407639&w=2
Reference: CONFIRM:http://www.hypermail.org/dist/hypermail-2.1.4.tar.gz
Reference: XF:hypermail-ssi-execute-commands(7576)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7576

---

Name: CVE-2001-0902

Description:

Microsoft IIS 5.0 allows remote attackers to spoof web log entries via an HTTP request that includes hex-encoded newline or form-feed characters.

Status:Entry
Reference: BID:6795
Reference: URL:http://www.securityfocus.com/bid/6795
Reference: BUGTRAQ:20011120 IIS logging issue
Reference: URL:http://marc.info/?l=bugtraq&m=100626531103946&w=2
Reference: NTBUGTRAQ:20011120 IIS logging issue
Reference: URL:http://marc.info/?l=ntbugtraq&m=100627497122247&w=2
Reference: XF:iis-fake-log-entry(7613)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7613

---

Name: CVE-2001-0905

Description:

Race condition in signal handling of procmail 3.20 and earlier, when running setuid, allows local users to cause a denial of service or gain root privileges by sending a signal while a signal handling routine is already running.

Status:Entry
Reference: BID:3071
Reference: URL:http://www.securityfocus.com/bid/3071
Reference: CONECTIVA:CLA-2001:433
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000433
Reference: DEBIAN:DSA-083
Reference: URL:http://www.debian.org/security/2001/dsa-083
Reference: FREEBSD:FreeBSD-SA-01:60
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:60.procmail.asc
Reference: MANDRAKE:MDKSA-2001:085
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-085.php3
Reference: REDHAT:RHSA-2001:093
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-093.html
Reference: XF:procmail-signal-handling-race(6872)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6872

---

Name: CVE-2001-0906

Description:

teTeX filter before 1.0.7 allows local users to gain privileges via a symlink attack on temporary files that are produced when printing .dvi files using lpr.

Status:Entry
Reference: BID:2974
Reference: URL:http://www.securityfocus.com/bid/2974
Reference: BUGTRAQ:20010622 LPRng + tetex tmpfile race - uid lp exploit
Reference: URL:http://www.securityfocus.com/archive/1/192647
Reference: IMMUNIX:IMNX-2001-70-030-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-030-01
Reference: MANDRAKE:MDKSA-2001:086
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-086.php3
Reference: REDHAT:RHSA-2001:102
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-102.html
Reference: XF:tetex-lprng-tmp-race(6785)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6785

---

Name: CVE-2001-0907

Description:

Linux kernel 2.2.1 through 2.2.19, and 2.4.1 through 2.4.10, allows local users to cause a denial of service via a series of deeply nested symlinks, which causes the kernel to spend extra time when trying to access the link.

Status:Entry
Reference: BID:3444
Reference: URL:http://www.securityfocus.com/bid/3444
Reference: BUGTRAQ:20011018 Flaws in recent Linux kernels
Reference: URL:http://marc.info/?l=bugtraq&m=100343090106914&w=2
Reference: BUGTRAQ:20011019 TSLSA-2001-0028
Reference: URL:http://marc.info/?l=bugtraq&m=100350685431610&w=2
Reference: CALDERA:CSSA-2001-036.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-036.0.txt
Reference: ENGARDE:ESA-20011019-02
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1650.html
Reference: IMMUNIX:IMNX-2001-70-035-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-035-01
Reference: MANDRAKE:MDKSA-2001:079
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2001:079
Reference: MANDRAKE:MDKSA-2001:082
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-082.php3
Reference: SUSE:SuSE-SA:2001:036
Reference: URL:http://www.novell.com/linux/security/advisories/2001_036_kernel_txt.html
Reference: XF:linux-multiple-symlink-dos(7312)
Reference: URL:http://www.iss.net/security_center/static/7312.php

---

Name: CVE-2001-0909

Description:

Buffer overflow in helpctr.exe program in Microsoft Help Center for Windows XP allows remote attackers to execute arbitrary code via a long hcp: URL.

Status:Entry
Reference: BID:6802
Reference: URL:http://www.securityfocus.com/bid/6802
Reference: BUGTRAQ:20011121 Buffer overflow in Windows XP "helpctr.exe"
Reference: URL:http://marc.info/?l=bugtraq&m=100638955422011&w=2
Reference: XF:winxp-helpctr-bo(7605)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7605

---

Name: CVE-2001-0912

Description:

Packaging error for expect 8.3.3 in Mandrake Linux 8.1 causes expect to search for its libraries in the /home/snailtalk directory before other directories, which could allow a local user to gain root privileges.

Status:Entry
Reference: MANDRAKE:MDKSA-2001:087
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-087.php3?dis=8.1
Reference: XF:linux-expect-unauth-root(7604)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7604

---

Name: CVE-2001-0914

Description:

Linux kernel before 2.4.11pre3 in multiple Linux distributions allows local users to cause a denial of service (crash) by starting the core vmlinux kernel, possibly related to poor error checking during ELF loading.

Status:Entry
Reference: BID:3570
Reference: URL:http://www.securityfocus.com/bid/3570
Reference: BUGTRAQ:20011121 SuSE 7.3 : Kernel 2.4.10-4GB Bug
Reference: URL:http://marc.info/?l=bugtraq&m=100638584813349&w=2
Reference: BUGTRAQ:20011122 Re: SuSE 7.3 : Kernel 2.4.10-4GB Bug
Reference: URL:http://marc.info/?l=bugtraq&m=100654787226869&w=2L:2
Reference: XF:linux-vmlinux-dos(7591)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7591

---

Name: CVE-2001-0917

Description:

Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a long URL with a .JSP extension.

Status:Entry
Reference: BUGTRAQ:20011122 Hi
Reference: URL:http://marc.info/?l=bugtraq&m=100654722925155&w=2
Reference: CONFIRM:http://marc.info/?l=tomcat-dev&m=100658457507305&w=2
Reference: MLIST:[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
Reference: URL:https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
Reference: MLIST:[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
Reference: URL:https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
Reference: MLIST:[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/
Reference: URL:https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
Reference: XF:tomcat-reveal-install-path(7599)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7599

---

Name: CVE-2001-0918

Description:

Vulnerabilities in CGI scripts in susehelp in SuSE 7.2 and 7.3 allow remote attackers to execute arbitrary commands by not opening files securely.

Status:Entry
Reference: BID:3576
Reference: URL:http://www.securityfocus.com/bid/3576
Reference: SUSE:SuSE-SA:2001:041
Reference: URL:http://www.novell.com/linux/security/advisories/2001_041_susehelp_txt.html
Reference: XF:susehelp-cgi-command-execution(7583)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7583

---

Name: CVE-2001-0920

Description:

Format string vulnerability in auto nice daemon (AND) 1.0.4 and earlier allows a local user to possibly execute arbitrary code via a process name containing a format string.

Status:Entry
Reference: BID:3580
Reference: URL:http://www.securityfocus.com/bid/3580
Reference: BUGTRAQ:20011126 [CERT-intexxia] Auto Nice Daemon Format String Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=100680319004162&w=2
Reference: CONFIRM:http://and.sourceforge.net/
Reference: XF:and-format-string(7606)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7606

---

Name: CVE-2001-0921

Description:

Netscape 4.79 and earlier for MacOS allows an attacker with access to the browser to obtain passwords from form fields by printing the document into which the password has been typed, which is printed in cleartext.

Status:Entry
Reference: BID:3565
Reference: URL:http://www.securityfocus.com/bid/3565
Reference: BUGTRAQ:20011121 Mac Netscape password fields
Reference: URL:http://marc.info/?l=bugtraq&m=100638816318705&w=2
Reference: OSVDB:5524
Reference: URL:http://www.osvdb.org/5524
Reference: XF:macos-netscape-print-passwords(7593)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7593

---

Name: CVE-2001-0929

Description:

Cisco IOS Firewall Feature set, aka Context Based Access Control (CBAC) or Cisco Secure Integrated Software, for IOS 11.2P through 12.2T does not properly check the IP protocol type, which could allow remote attackers to bypass access control lists.

Status:Entry
Reference: BID:3588
Reference: URL:http://www.securityfocus.com/bid/3588
Reference: CERT-VN:VU#362483
Reference: URL:http://www.kb.cert.org/vuls/id/362483
Reference: CISCO:20011128 A Vulnerability in IOS Firewall Feature Set
Reference: URL:http://www.cisco.com/warp/public/707/IOS-cbac-dynacl-pub.shtml
Reference: OSVDB:808
Reference: URL:http://www.osvdb.org/808
Reference: XF:ios-cbac-bypass-acl(7614)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7614

---

Name: CVE-2001-0936

Description:

Buffer overflow in Frox transparent FTP proxy 0.6.6 and earlier, with the local caching method selected, allows remote FTP servers to run arbitrary code via a long response to an MDTM request.

Status:Entry
Reference: BID:3606
Reference: URL:http://www.securityfocus.com/bid/3606
Reference: BUGTRAQ:20011130 Alert: Vulnerability in frox transparent ftp proxy.
Reference: URL:http://marc.info/?l=bugtraq&m=100713367307799&w=2
Reference: CONFIRM:http://frox.sourceforge.net/security.txt
Reference: XF:frox-ftp-proxy-bo(7632)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7632

---

Name: CVE-2001-0939

Description:

Lotus Domino 5.08 and earlier allows remote attackers to cause a denial of service (crash) via a SunRPC NULL command to port 443.

Status:Entry
Reference: BID:3607
Reference: URL:http://www.securityfocus.com/bid/3607
Reference: BUGTRAQ:20011130 Denial of Service in Lotus Domino 5.08 and earlier HTTP Server
Reference: URL:http://marc.info/?l=bugtraq&m=100715316426817&w=2
Reference: CONFIRM:http://www-1.ibm.com/support/manager.wss?rs=0&rt=0&org=sims&doc=4C8E450DBF2E7F1885256B200079FA88
Reference: OSVDB:1998
Reference: URL:http://www.osvdb.org/1998
Reference: XF:lotus-domino-nhttp-dos(7631)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7631

---

Name: CVE-2001-0940

Description:

Buffer overflow in the GUI authentication code of Check Point VPN-1/FireWall-1 Management Server 4.0 and 4.1 allows remote attackers to execute arbitrary code via a long user name.

Status:Entry
Reference: BID:3336
Reference: URL:http://www.securityfocus.com/bid/3336
Reference: BUGTRAQ:20010919 Check Point FireWall-1 GUI Log Viewer vulnerability (vuldb 3336)
Reference: URL:http://marc.info/?l=bugtraq&m=100094268017271&w=2
Reference: BUGTRAQ:20011128 Firewall-1 remote SYSTEM shell buffer overflow
Reference: URL:http://marc.info/?l=bugtraq&m=100698954308436&w=2
Reference: BUGTRAQ:20011130 Fw: Firewall-1 remote SYSTEM shell buffer overflow
Reference: URL:http://cert.uni-stuttgart.de/archive/bugtraq/2001/11/msg00291.html
Reference: CHECKPOINT:20010919 GUI Buffer Overflow
Reference: URL:http://www.checkpoint.com/techsupport/alerts/buffer_overflow.html
Reference: OSVDB:1951
Reference: URL:http://www.osvdb.org/1951
Reference: WIN2KSEC:20010921 Check Point FireWall-1 GUI Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/win2ksecadvice/2001-q3/0151.html
Reference: XF:fw1-log-viewer-bo(7145)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7145

---

Name: CVE-2001-0946

Description:

apmscript in Apmd in Red Hat 7.2 "Enigma" allows local users to create or change the modification dates of arbitrary files via a symlink attack on the LOW_POWER temporary file, which could be used to cause a denial of service, e.g. by creating /etc/nologin and disabling logins.

Status:Entry
Reference: BUGTRAQ:20011204 Symlink attack with apmd of RH 7.2
Reference: URL:http://marc.info/?l=bugtraq&m=100743394701962&w=2
Reference: MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=56389
Reference: OSVDB:5493
Reference: URL:http://www.osvdb.org/5493
Reference: XF:apmd-apmscript-symlink(8268)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/8268

---

Name: CVE-2001-0951

Description:

Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that contain a large number of dot characters.

Status:Entry
Reference: BID:3652
Reference: URL:http://www.securityfocus.com/bid/3652
Reference: BUGTRAQ:20011207 UDP DoS attack in Win2k via IKE
Reference: URL:http://marc.info/?l=bugtraq&m=100774842520403&w=2
Reference: BUGTRAQ:20011211 UDP DoS attack in Win2k via IKE
Reference: URL:http://marc.info/?l=bugtraq&m=100813081913496&w=2
Reference: XF:win2k-ike-dos(7667)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7667

---

Name: CVE-2001-0954

Description:

Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows remote attackers to cause a denial of service (block access to databases that have not been previously accessed) via a URL that includes the . (dot) directory.

Status:Entry
Reference: BID:3656
Reference: URL:http://www.securityfocus.com/bid/3656
Reference: BUGTRAQ:20011207 Lotus Domino Web server vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=100780146532131&w=2L:1
Reference: CONFIRM:http://www-1.ibm.com/support/manager.wss?rs=1&rt=0&org=sims&doc=255CC03D83CFF50C85256B1E005E349B
Reference: OSVDB:2000
Reference: URL:http://www.osvdb.org/2000
Reference: XF:lotus-domino-database-dos(7684)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7684

---

Name: CVE-2001-0959

Description:

Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 creates a hidden share named ARCSERVE$, which allows remote attackers to obtain sensitive information and overwrite critical files.

Status:Entry
Reference: BID:3342
Reference: URL:http://www.securityfocus.com/bid/3342
Reference: BUGTRAQ:20010915 ARCserve 6.61 Share Access Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0137.html
Reference: MISC:http://support.ca.com/Download/patches/asitnt/QO00945.html
Reference: OSVDB:5483
Reference: URL:http://www.osvdb.org/5483
Reference: XF:arcserve-aremote-plaintext(7122)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7122

---

Name: CVE-2001-0960

Description:

Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 stores the backup agent user name and password in cleartext in the aremote.dmp file in the ARCSERVE$ hidden share, which allows local and remote attackers to gain privileges.

Status:Entry
Reference: BID:3343
Reference: URL:http://www.securityfocus.com/bid/3343
Reference: BUGTRAQ:20010915 ARCserve 6.61 Share Access Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0137.html
Reference: MISC:http://support.ca.com/Download/patches/asitnt/QO00945.html
Reference: XF:arcserve-aremote-plaintext(7122)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7122

---

Name: CVE-2001-0961

Description:

Buffer overflow in tab expansion capability of the most program allows local or remote attackers to execute arbitrary code via a malformed file that is viewed with most.

Status:Entry
Reference: BID:3347
Reference: URL:http://www.securityfocus.com/bid/3347
Reference: DEBIAN:DSA-076
Reference: URL:http://www.debian.org/security/2001/dsa-076
Reference: XF:most-file-create-bo(7149)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7149

---

Name: CVE-2001-0962

Description:

IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing.

Status:Entry
Reference: BUGTRAQ:20010919 Websphere cookie/sessionid predictable
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html
Reference: BUGTRAQ:20010928 Re: Websphere cookie/sessionid predictable
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0234.html
Reference: CONFIRM:http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805&pf=Multi-Platform&v=3.0.2&e=Standard+%26+Advanced+Editions&cat=&s=p
Reference: OSVDB:5492
Reference: URL:http://www.osvdb.org/5492
Reference: XF:ibm-websphere-seq-predict(7153)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7153

---

Name: CVE-2001-0963

Description:

Directory traversal vulnerability in SpoonFTP 1.1 allows local and sometimes remote attackers to access files outside of the FTP root via a ... (modified dot dot) in the CD (CWD) command.

Status:Entry
Reference: BID:3351
Reference: URL:http://www.securityfocus.com/bid/3351
Reference: BUGTRAQ:20010920 Vulnerability in SpoonFTP
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0171.html
Reference: CONFIRM:http://www.pi-soft.com/spoonftp/index.shtml
Reference: OSVDB:1953
Reference: URL:http://www.osvdb.org/1953
Reference: XF:spoonftp-dot-directory-traversal(7147)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7147

---

Name: CVE-2001-0965

Description:

glFTPD 1.23 allows remote attackers to cause a denial of service (CPU consumption) via a LIST command with an argument that contains a large number of * (asterisk) characters.

Status:Entry
Reference: BID:3201
Reference: URL:http://www.securityfocus.com/bid/3201
Reference: BUGTRAQ:20010817 [ASGUARD-LABS] glFTPD v1.23 DOS Attack
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0239.html
Reference: CONFIRM:http://www.glftpd.org/
Reference: XF:glftpd-list-dos(7001)
Reference: URL:http://www.iss.net/security_center/static/7001.php

---

Name: CVE-2001-0969

Description:

ipfw in FreeBSD does not properly handle the use of "me" in its rules when point to point interfaces are used, which causes ipfw to allow connections from arbitrary remote hosts.

Status:Entry
Reference: BID:3206
Reference: URL:http://www.securityfocus.com/bid/3206
Reference: FREEBSD:FreeBSD-SA-01:53
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:53.ipfw.asc
Reference: OSVDB:1937
Reference: URL:http://www.osvdb.org/1937
Reference: XF:ipfw-me-unauthorized-access(7002)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7002

---

Name: CVE-2001-0973

Description:

BSCW groupware system 3.3 through 4.0.2 beta allows remote attackers to read or modify arbitrary files by uploading and extracting a tar file with a symlink into the data-bag space.

Status:Entry
Reference: BID:3227
Reference: URL:http://www.securityfocus.com/bid/3227
Reference: BUGTRAQ:20010822 BSCW symlink vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0328.html
Reference: CERT-VN:VU#465971
Reference: URL:http://www.kb.cert.org/vuls/id/465971
Reference: CONFIRM:http://bscw.gmd.de/Bulletins/BSCW-SB-2001-08.extract.txt
Reference: XF:bscw-extracted-file-symlink(7029)
Reference: URL:http://www.iss.net/security_center/static/7029.php

---

Name: CVE-2001-0977

Description:

slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field.

Status:Entry
Reference: BID:3049
Reference: URL:http://www.securityfocus.com/bid/3049
Reference: CERT:CA-2001-18
Reference: URL:http://www.cert.org/advisories/CA-2001-18.html
Reference: CERT-VN:VU#935800
Reference: URL:http://www.kb.cert.org/vuls/id/935800
Reference: CONECTIVA:CLA-2001:417
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000417
Reference: DEBIAN:DSA-068
Reference: URL:http://www.debian.org/security/2001/dsa-068
Reference: MANDRAKE:MDKSA-2001:069
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-069.php3
Reference: OSVDB:1905
Reference: URL:http://www.osvdb.org/1905
Reference: REDHAT:RHSA-2001:098
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-098.html
Reference: XF:openldap-ldap-protos-dos(6904)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6904

---

Name: CVE-2001-0978

Description:

login in HP-UX 10.26 does not record failed login attempts in /var/adm/btmp, which could allow attackers to conduct brute force password guessing attacks without being detected or observed using the lastb program.

Status:Entry
Reference: BID:3289
Reference: URL:http://www.securityfocus.com/bid/3289
Reference: HPBUG:PHCO_17719
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q3/0052.html
Reference: HPBUG:PHCO_24454
Reference: XF:hpux-login-btmp(8632)
Reference: URL:http://www.iss.net/security_center/static/8632.php

---

Name: CVE-2001-0980

Description:

docview before 1.0-15 allows remote attackers to execute arbitrary commands via shell metacharacters that are processed when converting a man page to a web page.

Status:Entry
Reference: BID:3052
Reference: URL:http://www.securityfocus.com/bid/3052
Reference: CALDERA:CSSA-2001-026.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-026.0.txt
Reference: XF:docview-httpd-command-execution(6854)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6854

---

Name: CVE-2001-0981

Description:

HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix password sync" option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different user.

Status:Entry
Reference: HP:HPSBUX0108-164
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q3/0048.html
Reference: XF:hp-cifs-change-passwords(7051)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7051

---

Name: CVE-2001-0982

Description:

Directory traversal vulnerability in IBM Tivoli WebSEAL Policy Director 3.01 through 3.7.1 allows remote attackers to read arbitrary files or directories via encoded .. (dot dot) sequences containing "%2e" strings.

Status:Entry
Reference: AIXAPAR:IY18152
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY18152&apar=only
Reference: BID:3080
Reference: URL:http://www.securityfocus.com/bid/3080
Reference: BUGTRAQ:20010723 iXsecurity.20010618.policy_director.a
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0497.html
Reference: CONFIRM:ftp://ftp.tivoli.com/support/patches/patches_3.7.1/3.7.1-POL-0003/3.7.1-POL-0003.README
Reference: OSVDB:1908
Reference: URL:http://www.osvdb.org/1908
Reference: XF:tivoli-secureway-dot-directory-traversal(6884)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6884

---

Name: CVE-2001-0987

Description:

Cross-site scripting vulnerability in CGIWrap before 3.7 allows remote attackers to execute arbitrary Javascript on other web clients by causing the Javascript to be inserted into error messages that are generated by CGIWrap.

Status:Entry
Reference: BID:3084
Reference: URL:http://www.securityfocus.com/bid/3084
Reference: BUGTRAQ:20010722 Re: [cgiwrap-users] Re: Security hole in CGIWrap (cross-site scripting vulnerability)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0499.html
Reference: CONFIRM:http://cgiwrap.sourceforge.net/changes.html
Reference: OSVDB:1909
Reference: URL:http://www.osvdb.org/1909
Reference: XF:cgiwrap-cross-site-scripting(6886)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6886

---

Name: CVE-2001-0993

Description:

sendmsg function in NetBSD 1.3 through 1.5 allows local users to cause a denial of service (kernel trap or panic) via a msghdr structure with a large msg_controllen length.

Status:Entry
Reference: BID:3088
Reference: URL:http://www.securityfocus.com/bid/3088
Reference: NETBSD:NetBSD-SA2001-011
Reference: URL:http://archives.neohapsis.com/archives/netbsd/2001-q3/0102.html
Reference: OSVDB:1910
Reference: URL:http://www.osvdb.org/1910
Reference: XF:bsd-kernel-sendmsg-dos(6908)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6908

---

Name: CVE-2001-0995

Description:

PHProjekt before 2.4a allows remote attackers to perform actions as other PHProjekt users by modifying the ID number in an HTTP request to PHProjekt CGI programs.

Status:Entry
Reference: BID:3239
Reference: URL:http://www.securityfocus.com/bid/3239
Reference: BUGTRAQ:20010826 security hole in os groupware suite PHProjekt
Reference: URL:http://www.securityfocus.com/archive/1/210349
Reference: MISC:http://www.phprojekt.com/ChangeLog
Reference: XF:phprojekt-id-modify(7035)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7035

---

Name: CVE-2001-0998

Description:

IBM HACMP 4.4 allows remote attackers to cause a denial of service via a completed TCP connection to HACMP ports (e.g., using a port scan) that does not send additional data, which causes a failure in snmpd.

Status:Entry
Reference: AIXAPAR:IY17630
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY17630&apar=only
Reference: AIXAPAR:IY20943
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY20943&apar=only
Reference: BID:3358
Reference: URL:http://www.securityfocus.com/bid/3358
Reference: BUGTRAQ:20010924 HACMP and port scans
Reference: URL:http://www.securityfocus.com/archive/1/216105
Reference: BUGTRAQ:20011002 Vulnerability 3358, "IBM HACMP Port Scan Denial of Service Vulnerability"
Reference: URL:http://www.securityfocus.com/archive/1/217910
Reference: XF:hacmp-portscan-dos(7165)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7165

---

Name: CVE-2001-1002

Description:

The default configuration of the DVI print filter (dvips) in Red Hat Linux 7.0 and earlier does not run dvips in secure mode when dvips is executed by lpd, which could allow remote attackers to gain privileges by printing a DVI file that contains malicious commands.

Status:Entry
Reference: BID:3241
Reference: URL:http://www.securityfocus.com/bid/3241
Reference: BUGTRAQ:20010827 LPRng/rhs-printfilters - remote execution of commands
Reference: URL:http://marc.info/?l=bugtraq&m=99892644616749&w=2
Reference: REDHAT:RHSA-2001:102
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-102.html
Reference: XF:dvips-lpd-command-execution(16509)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/16509

---

Name: CVE-2001-1008

Description:

Java Plugin 1.4 for JRE 1.3 executes signed applets even if the certificate is expired, which could allow remote attackers to conduct unauthorized activities via an applet that has been signed by an expired certificate.

Status:Entry
Reference: BID:3245
Reference: URL:http://www.securityfocus.com/bid/3245
Reference: BUGTRAQ:20010824 Java Plugin 1.4 with JRE 1.3 -> Ignores certificates.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0359.html
Reference: XF:javaplugin-jre-expired-certificate(7048)
Reference: URL:http://www.iss.net/security_center/static/7048.php

---

Name: CVE-2001-1010

Description:

Directory traversal vulnerability in pagecount CGI script in Sambar Server before 5.0 beta 5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) attack on the page parameter.

Status:Entry
Reference: BID:3092
Reference: URL:http://www.securityfocus.com/bid/3092
Reference: BUGTRAQ:20010721 Sambar Web Server pagecount exploit code
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0565.html
Reference: CONFIRM:http://www.sambar.com/security.htm
Reference: XF:sambar-pagecount-overwrite-files(6916)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6916

---

Name: CVE-2001-1011

Description:

index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters.

Status:Entry
Reference: BID:3093
Reference: URL:http://www.securityfocus.com/bid/3093
Reference: BUGTRAQ:20010725 Serious security hole in Mambo Site Server version 3.0.X
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0569.html
Reference: CONFIRM:http://prdownloads.sourceforge.net/mambo/mambov3.0.6.tar.gz
Reference: OSVDB:1911
Reference: URL:http://www.osvdb.org/1911
Reference: XF:mambo-phpsessid-gain-privileges(6910)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6910

---

Name: CVE-2001-1016

Description:

PGP Corporate Desktop before 7.1, Personal Security before 7.0.3, Freeware before 7.0.3, and E-Business Server before 7.1 does not properly display when invalid userID's are used to sign a message, which could allow an attacker to make the user believe that the document has been signed by a trusted third party by adding a second, invalid user ID to a key which has already been signed by the third party, aka the "PGPsdk Key Validity Vulnerability."

Status:Entry
Reference: BID:3280
Reference: URL:http://www.securityfocus.com/bid/3280
Reference: BUGTRAQ:20010904 PGPsdk Key Validity Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/211806
Reference: CONFIRM:http://www.pgp.com/support/product-advisories/pgpsdk.asp
Reference: OSVDB:1946
Reference: URL:http://www.osvdb.org/1946
Reference: XF:pgp-invalid-key-display(7081)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7081

---

Name: CVE-2001-1017

Description:

rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the master.passwd file with world-readable permissions while updating the original file, which could allow local users to gain privileges by reading the copied file while rmuser is running, obtain the password hashes, and crack the passwords.

Status:Entry
Reference: BID:3282
Reference: URL:http://www.securityfocus.com/bid/3282
Reference: FREEBSD:FreeBSD-SA-01:59
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:59.rmuser.v1.1.asc
Reference: OSVDB:1947
Reference: URL:http://www.osvdb.org/1947
Reference: XF:rmuser-insecure-password-file(7086)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7086

---

Name: CVE-2001-1020

Description:

edit_image.php in Vibechild Directory Manager before 0.91 allows remote attackers to execute arbitrary commands via shell metacharacters in the userfile_name parameter, which is sent unfiltered to the PHP passthru function.

Status:Entry
Reference: BID:3288
Reference: URL:http://www.securityfocus.com/bid/3288
Reference: BUGTRAQ:20010905 directorymanager bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0013.html
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=51589
Reference: XF:directory-manager-execute-commands(7079)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7079

---

Name: CVE-2001-1022

Description:

Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command.

Status:Entry
Reference: BID:3103
Reference: URL:http://www.securityfocus.com/bid/3103
Reference: BUGTRAQ:20010727 ADV/EXP:pic/lpd remote exploit - RH 7.0
Reference: URL:http://www.securityfocus.com/archive/1/199706
Reference: CONECTIVA:CLA-2001:428
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000428
Reference: DEBIAN:DSA-072
Reference: URL:http://www.debian.org/security/2001/dsa-072
Reference: DEBIAN:DSA-107
Reference: URL:http://www.debian.org/security/2002/dsa-107
Reference: OSVDB:1914
Reference: URL:http://www.osvdb.org/1914
Reference: REDHAT:RHSA-2002:004
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-004.html
Reference: XF:linux-groff-format-string(6918)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6918

---

Name: CVE-2001-1027

Description:

Buffer overflow in WindowMaker (aka wmaker) 0.64 and earlier allows remote attackers to execute arbitrary code via a long window title.

Status:Entry
Reference: BID:3177
Reference: URL:http://www.securityfocus.com/bid/3177
Reference: CONECTIVA:CLA-2001:411
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000411
Reference: CONFIRM:http://www.windowmaker.org/src/ChangeLog
Reference: DEBIAN:DSA-074
Reference: URL:http://www.debian.org/security/2001/dsa-074
Reference: MANDRAKE:MDKSA-2001:074
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-074.php3
Reference: SUSE:SuSE-SA:2001:032
Reference: URL:http://www.novell.com/linux/security/advisories/2001_032_wmaker_txt.html
Reference: XF:windowmaker-title-bo(6969)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6969

---

Name: CVE-2001-1028

Description:

Buffer overflow in ultimate_source function of man 1.5 and earlier allows local users to gain privileges.

Status:Entry
Reference: REDHAT:RHSA-2001:072
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-072.html
Reference: XF:man-ultimate-source-bo(8622)
Reference: URL:http://www.iss.net/security_center/static/8622.php

---

Name: CVE-2001-1029

Description:

libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files.

Status:Entry
Reference: BUGTRAQ:20010920 Local vulnerability in libutil derived with FreeBSD 4.4-RC (and earlier)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0173.html
Reference: OSVDB:6073
Reference: URL:http://www.osvdb.org/6073
Reference: XF:bsd-libutil-privilege-dropping(8697)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/8697

---

Name: CVE-2001-1030

Description:

Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.

Status:Entry
Reference: BUGTRAQ:20010718 Squid httpd acceleration acl bug enables portscanning
Reference: URL:http://www.securityfocus.com/archive/1/197727
Reference: BUGTRAQ:20010719 TSLSA-2001-0013 - Squid
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0362.html
Reference: CALDERA:CSSA-2001-029.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-029.0.txt
Reference: IMMUNIX:IMNX-2001-70-031-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-031-01
Reference: MANDRAKE:MDKSA-2001:066
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-066.php3
Reference: REDHAT:RHSA-2001:097
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-097.html
Reference: XF:squid-http-accelerator-portscanning(6862)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6862

---

Name: CVE-2001-1032

Description:

admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and specifying the file to copy.

Status:Entry
Reference: BID:3361
Reference: URL:http://www.securityfocus.com/bid/3361
Reference: BUGTRAQ:20010924 twlc advisory: all versions of php nuke are vulnerable...
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0203.html
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=113892
Reference: XF:php-nuke-admin-file-overwrite(7170)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7170

---

Name: CVE-2001-1035

Description:

Binary decoding feature of slrn 0.9 and earlier allows remote attackers to execute commands via shell scripts that are inserted into a news post.

Status:Entry
Reference: BID:3364
Reference: URL:http://www.securityfocus.com/bid/3364
Reference: DEBIAN:DSA-078
Reference: URL:http://www.debian.org/security/2001/dsa-078
Reference: XF:slrn-decode-script-execution(7166)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7166

---

Name: CVE-2001-1036

Description:

GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory.

Status:Entry
Reference: BID:3127
Reference: URL:http://www.securityfocus.com/bid/3127
Reference: BUGTRAQ:20010801 Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate
Reference: URL:http://www.securityfocus.com/archive/1/200991
Reference: OSVDB:5477
Reference: URL:http://www.osvdb.org/5477
Reference: XF:locate-command-execution(6932)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6932

---

Name: CVE-2001-1037

Description:

Cisco SN 5420 Storage Router 1.1(3) and earlier allows local users to access a developer's shell without a password and execute certain restricted commands without being logged.

Status:Entry
Reference: BID:3131
Reference: URL:http://www.securityfocus.com/bid/3131
Reference: CISCO:20010711 Vulnerabilities in Cisco SN 5420 Storage Routers
Reference: URL:http://www.cisco.com/warp/public/707/SN-kernel-pub.html
Reference: OSVDB:1917
Reference: URL:http://www.osvdb.org/1917
Reference: XF:cisco-sn-gain-access(6827)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6827

---

Name: CVE-2001-1038

Description:

Cisco SN 5420 Storage Router 1.1(3) and earlier allows remote attackers to cause a denial of service (reboot) via a series of connections to TCP port 8023.

Status:Entry
Reference: BID:3014
Reference: URL:http://www.securityfocus.com/bid/3014
Reference: CIAC:L-112
Reference: URL:http://www.ciac.org/ciac/bulletins/l-112.shtml
Reference: CISCO:20010711 Vulnerabilities in Cisco SN 5420 Storage Routers
Reference: URL:http://www.cisco.com/warp/public/707/SN-kernel-pub.html
Reference: OSVDB:1899
Reference: URL:http://www.osvdb.org/1899
Reference: XF:cisco-sn-dos(6826)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6826

---

Name: CVE-2001-1043

Description:

ArGoSoft FTP Server 1.2.2.2 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.

Status:Entry
Reference: BID:2961
Reference: URL:http://www.securityfocus.com/bid/2961
Reference: BUGTRAQ:20010701 ArGoSoft 1.2.2.2 *.lnk upload Directory Traversal
Reference: URL:http://www.securityfocus.com/archive/1/194445
Reference: OSVDB:1886
Reference: URL:http://www.osvdb.org/1886
Reference: XF:ftp-lnk-directory-traversal(6760)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6760

---

Name: CVE-2001-1046

Description:

Buffer overflow in qpopper (aka qpop or popper) 4.0 through 4.0.2 allows remote attackers to gain privileges via a long username.

Status:Entry
Reference: BID:2811
Reference: URL:http://www.securityfocus.com/bid/2811
Reference: BUGTRAQ:20010602 Qpopper 4.0.3 **** Fixes Buffer Overflow **** (fwd)
Reference: URL:http://www.securityfocus.com/archive/1/188267
Reference: CALDERA:CSSA-2001-SCO.8
Reference: URL:http://archives.neohapsis.com/archives/linux/caldera/2001-q3/0006.html
Reference: VULN-DEV:20010420 Qpopper 4.0 Buffer Overflow
Reference: URL:http://marc.info/?l=vuln-dev&m=98777649031406&w=2
Reference: XF:qpopper-username-bo(6647)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6647

---

Name: CVE-2001-1048

Description:

AWOL PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.

Status:Entry
Reference: BID:3387
Reference: URL:http://www.securityfocus.com/bid/3387
Reference: BUGTRAQ:20011002 results of semi-automatic source code audit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
Reference: CONFIRM:http://www.gospelcom.net/mnn/topher/awol/changelog.php
Reference: MISC:http://www.geocrawler.com/archives/3/14414/2001/9/0/6668723/
Reference: XF:php-includedir-code-execution(7215)
Reference: URL:http://www.iss.net/security_center/static/7215.php

---

Name: CVE-2001-1049

Description:

Phorecast PHP script before 0.40 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.

Status:Entry
Reference: BID:3388
Reference: URL:http://www.securityfocus.com/bid/3388
Reference: BUGTRAQ:20011002 results of semi-automatic source code audit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
Reference: CONFIRM:http://phorecast.org/
Reference: XF:php-includedir-code-execution(7215)
Reference: URL:http://www.iss.net/security_center/static/7215.php

---

Name: CVE-2001-1053

Description:

AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to bypass authentication and gain privileges by injecting SQL code in the $password argument.

Status:Entry
Reference: BID:3032
Reference: URL:http://www.securityfocus.com/bid/3032
Reference: BUGTRAQ:20010713 AdCycle SQL Command Insertion Vulnerability - qDefense Advisory Number QDAV-2001-7-2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0249.html
Reference: CONFIRM:http://www.adcycle.com/cgi-bin/download.cgi?type=UNIX&version=1.17
Reference: XF:adcycle-insert-sql-command(6837)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6837

---

Name: CVE-2001-1054

Description:

PHPAdsNew PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.

Status:Entry
Reference: BID:3392
Reference: URL:http://www.securityfocus.com/bid/3392
Reference: BUGTRAQ:20011002 results of semi-automatic source code audit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=117952
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?thread_id=148900&forum_id=117952
Reference: XF:php-includedir-code-execution(7215)
Reference: URL:http://www.iss.net/security_center/static/7215.php

---

Name: CVE-2001-1055

Description:

The Microsoft Windows network stack allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed ARP request packets with random source IP and MAC addresses, as demonstrated by ARPNuke.

Status:Entry
Reference: BID:3113
Reference: URL:http://www.securityfocus.com/bid/3113
Reference: BUGTRAQ:20010730 ARPNuke - 80 kb/s kills a whole subnet
Reference: URL:http://www.securityfocus.com/archive/1/200323
Reference: XF:win-arp-packet-flooding-dos(6924)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6924

---

Name: CVE-2001-1056

Description:

IRC DCC helper in the ip_masq_irc IP masquerading module 2.2 allows remote attackers to bypass intended firewall restrictions by causing the target system to send a "DCC SEND" request to a malicious server which listens on port 6667, which may cause the module to believe that the traffic is a valid request and allow the connection to the port specified in the DCC SEND request.

Status:Entry
Reference: BID:3117
Reference: URL:http://www.securityfocus.com/bid/3117
Reference: BUGTRAQ:20010730 Re: [RAZOR] Linux kernel IP masquerading vulnerability (_actual_ patch)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0750.html
Reference: BUGTRAQ:20010730 [RAZOR] Linux kernel IP masquerading vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0733.html
Reference: OSVDB:1916
Reference: URL:http://www.osvdb.org/1916
Reference: XF:linux-ipmasqirc-bypass-protection(6923)
Reference: URL:http://www.iss.net/security_center/static/6923.php

---

Name: CVE-2001-1059

Description:

VMWare creates a temporary file vmware-log.USERNAME with insecure permissions, which allows local users to read or modify license information.

Status:Entry
Reference: BID:3119
Reference: URL:http://www.securityfocus.com/bid/3119
Reference: BUGTRAQ:20010730 vmware bug?
Reference: URL:http://www.securityfocus.com/archive/1/200455
Reference: OSVDB:5475
Reference: URL:http://www.osvdb.org/5475
Reference: XF:vmware-obtain-license-info(6925)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6925

---

Name: CVE-2001-1062

Description:

Buffer overflow in mana in OpenServer 5.0.6a and earlier allows local users to execute arbitrary code.

Status:Entry
Reference: CALDERA:CSSA-2001-SCO.12
Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.12/CSSA-2001-SCO.12.txt
Reference: XF:openserver-mana-bo(7034)
Reference: URL:http://www.iss.net/security_center/static/7034.php

---

Name: CVE-2001-1063

Description:

Buffer overflow in uidadmin in Caldera Open Unix 8.0.0 and UnixWare 7 allows local users to gain root privileges via a long -S (scheme) command line argument.

Status:Entry
Reference: BID:3244
Reference: URL:http://www.securityfocus.com/bid/3244
Reference: CALDERA:CSSA-2001-SCO.14
Reference: URL:ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.14/CSSA-2001-SCO.14.txt
Reference: XF:unixware-openunix-uidadmin-bo(7036)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7036

---

Name: CVE-2001-1066

Description:

ns6install installation script for Netscape 6.01 on Solaris, and other versions including 6.2.1 beta, allows local users to overwrite arbitrary files via a symlink attack.

Status:Entry
Reference: BID:3243
Reference: URL:http://www.securityfocus.com/bid/3243
Reference: BUGTRAQ:20010827 Dangerous temp file creation during installation of Netscape 6.
Reference: URL:http://marc.info/?l=bugtraq&m=99893667921216&w=2
Reference: SUNBUG:4633888
Reference: VULNWATCH:20010827 Dangerous temp file creation during installation of Netscape 6.
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0036.html
Reference: XF:netscape-install-tmpfile-symlink(7042)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7042

---

Name: CVE-2001-1067

Description:

Buffer overflow in AOLserver 3.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via an HTTP request with a long Authorization header.

Status:Entry
Reference: BID:3230
Reference: URL:http://www.securityfocus.com/bid/3230
Reference: BUGTRAQ:20010822 AOLserver 3.0 vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0325.html
Reference: BUGTRAQ:20010906 AOLserver exploit code
Reference: URL:http://www.securityfocus.com/archive/1/213041
Reference: XF:aolserver-long-password-dos(7030)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7030

---

Name: CVE-2001-1069

Description:

libCoolType library as used in Adobe Acrobat (acroread) on Linux creates the AdobeFnt.lst file with world-writable permissions, which allows local users to modify the file and possibly modify acroread's behavior.

Status:Entry
Reference: BID:3225
Reference: URL:http://www.securityfocus.com/bid/3225
Reference: BUGTRAQ:20010822 Adobe Acrobat creates world writable ~/AdobeFnt.lst files
Reference: URL:http://marc.info/?l=bugtraq&m=99849121502399&w=2
Reference: MISC:http://lists.debian.org/debian-security/2001/debian-security-200101/msg00085.html
Reference: XF:adobe-acrobat-insecure-permissions(7024)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7024

---

Name: CVE-2001-1071

Description:

Cisco IOS 12.2 and earlier running Cisco Discovery Protocol (CDP) allows remote attackers to cause a denial of service (memory consumption) via a flood of CDP neighbor announcements.

Status:Entry
Reference: BID:3412
Reference: URL:http://www.securityfocus.com/bid/3412
Reference: BUGTRAQ:20011009 Cisco CDP attacks
Reference: URL:http://www.securityfocus.com/archive/1/219257
Reference: BUGTRAQ:20011009 Cisco Systems - Vulnerability in CDP
Reference: URL:http://www.securityfocus.com/archive/1/219305
Reference: CERT-VN:VU#139491
Reference: URL:http://www.kb.cert.org/vuls/id/139491
Reference: OSVDB:1969
Reference: URL:http://www.osvdb.org/1969
Reference: XF:cisco-ios-cdp-dos(7242)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7242

---

Name: CVE-2001-1072

Description:

Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.

Status:Entry
Reference: BID:3176
Reference: URL:http://www.securityfocus.com/bid/3176
Reference: BUGTRAQ:20010812 Are your mod_rewrite rules doing what you expect?
Reference: URL:http://www.securityfocus.com/archive/1/203955
Reference: CONFIRM:http://www.apacheweek.com/issues/02-02-01#security
Reference: XF:apache-rewrite-bypass-directives(8633)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/8633

---

Name: CVE-2001-1074

Description:

Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges.

Status:Entry
Reference: BID:2795
Reference: URL:http://www.securityfocus.com/bid/2795
Reference: BUGTRAQ:20010526 Webmin Doesn't Clean Env (root exploit)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0262.html
Reference: CALDERA:CSSA-2001-019.1
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-019.1.txt
Reference: MANDRAKE:MDKSA-2001:059
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-059.php3
Reference: XF:webmin-gain-information(6627)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6627

---

Name: CVE-2001-1075

Description:

poprelayd script before 2.0 in Cobalt RaQ3 servers allows remote attackers to bypass authentication for relaying by causing a "POP login by user" string that includes the attacker's IP address to be injected into the maillog log file.

Status:Entry
Reference: BID:2986
Reference: URL:http://www.securityfocus.com/bid/2986
Reference: BUGTRAQ:20010703 poprelayd and sendmail relay authentication problem (Cobalt Raq3)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0064.html
Reference: BUGTRAQ:20010709 Re: poprelayd and sendmail relay authentication problem (Cobalt Raq3)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0150.html
Reference: XF:cobalt-poprelayd-mail-relay(6806)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6806

---

Name: CVE-2001-1079

Description:

create_keyfiles in PSSP 3.2 with DCE 3.1 authentication on AIX creates keyfile directories with world-writable permissions, which could allow a local user to delete key files and cause a denial of service.

Status:Entry
Reference: AIXAPAR:IY19069
Reference: URL:http://archives.neohapsis.com/archives/aix/2001-q3/0000.html
Reference: OSVDB:5473
Reference: URL:http://www.osvdb.org/5473
Reference: XF:aix-keyfile-world-writable(8923)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/8923

---

Name: CVE-2001-1080

Description:

diagrpt in AIX 4.3.x and 5.1 uses the DIAGDATADIR environment variable to find and execute certain programs, which allows local users to gain privileges by modifying the variable to point to a Trojan horse program.

Status:Entry
Reference: BID:2916
Reference: URL:http://www.securityfocus.com/bid/2916
Reference: IBM:MSS-OAR-E01-2001:225.1
Reference: URL:http://www-1.ibm.com/services/continuity/recover1.nsf/MSS/MSS-OAR-E01-2001.225.1/$file/oar225.txt
Reference: XF:aix-diagrpt-root-shell(6734)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6734

---

Name: CVE-2001-1081

Description:

Format string vulnerabilities in Livingston/Lucent RADIUS before 2.1.va.1 may allow local or remote attackers to cause a denial of service and possibly execute arbitrary code via format specifiers that are injected into log messages.

Status:Entry
Reference: BID:2994
Reference: URL:http://www.securityfocus.com/bid/2994
Reference: CONFIRM:http://freshmeat.net/releases/52020/
Reference: MLIST:[fm-news] 20010713 Newsletter for Friday, July 13th 2001
Reference: URL:http://archives.neohapsis.com/archives/apps/freshmeat/2001-07/0009.html
Reference: VULNWATCH:20010719 [VulnWatch] Changelog maddness (14 various broken apps)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html

---

Name: CVE-2001-1083

Description:

Icecast 1.3.7, and other versions before 1.3.11 with HTTP server file streaming support enabled allows remote attackers to cause a denial of service (crash) via a URL that ends in . (dot), / (forward slash), or \ (backward slash).

Status:Entry
Reference: BID:2933
Reference: URL:http://www.securityfocus.com/bid/2933
Reference: BUGTRAQ:20010626 Advisory
Reference: URL:http://www.securityfocus.com/archive/1/193516
Reference: CALDERA:CSSA-2002-020.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-020.0.txt
Reference: CONFIRM:http://www.icecast.org/releases/icecast-1.3.11.tar.gz
Reference: DEBIAN:DSA-089
Reference: URL:http://www.debian.org/security/2001/dsa-089
Reference: MISC:http://www.icecast.org/index.html
Reference: REDHAT:RHSA-2001:105
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-105.html
Reference: REDHAT:RHSA-2002:063
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-063.html
Reference: XF:icecast-http-remote-dos(6751)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6751

---

Name: CVE-2001-1084

Description:

Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message.

Status:Entry
Reference: ALLAIRE:MPSB01-06
Reference: URL:http://www.macromedia.com/v1/handlers/index.cfm?ID=21498&Method=Full
Reference: BID:2983
Reference: URL:http://www.securityfocus.com/bid/2983
Reference: BUGTRAQ:20010702 Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability
Reference: URL:http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00021.html
Reference: CERT-VN:VU#654643
Reference: URL:http://www.kb.cert.org/vuls/id/654643
Reference: OSVDB:1891
Reference: URL:http://www.osvdb.org/1891
Reference: XF:java-servlet-crosssite-scripting(6793)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6793

---

Name: CVE-2001-1085

Description:

Lmail 2.7 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.

Status:Entry
Reference: BID:2984
Reference: URL:http://www.securityfocus.com/bid/2984
Reference: BUGTRAQ:20010705 lmail local root exploit
Reference: URL:http://www.securityfocus.com/archive/1/195022
Reference: XF:lmail-tmpfile-symlink(6809)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6809

---

Name: CVE-2001-1088

Description:

Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.

Status:Entry
Reference: BID:2823
Reference: URL:http://www.securityfocus.com/bid/2823
Reference: BUGTRAQ:20010605 SECURITY.NNOV: Outlook Express address book spoofing
Reference: URL:http://www.securityfocus.com/archive/1/188752
Reference: CONFIRM:http://support.microsoft.com/default.aspx?scid=kb;EN-US;q234241
Reference: XF:outlook-address-book-spoofing(6655)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6655

---

Name: CVE-2001-1089

Description:

libnss-pgsql in nss-pgsql 0.9.0 and earlier allows remote attackers to execute arbitrary SQL queries by inserting SQL code into an HTTP request.

Status:Entry
Reference: BID:3314
Reference: URL:http://www.securityfocus.com/bid/3314
Reference: BUGTRAQ:20010910 RUS-CERT Advisory 2001-09:01
Reference: URL:http://www.securityfocus.com/archive/1/213331
Reference: XF:postgresql-nss-authentication-modules(7111)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7111

---

Name: CVE-2001-1095

Description:

Buffer overflow in uuq in AIX 4 could allow local users to execute arbitrary code via a long -r parameter.

Status:Entry
Reference: AIXAPAR:IY23401
Reference: URL:http://archives.neohapsis.com/archives/aix/2001-q4/0000.html
Reference: AIXAPAR:IY24231
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY24231&apar=only
Reference: OSVDB:5469
Reference: URL:http://www.osvdb.org/5469

---

Name: CVE-2001-1096

Description:

Buffer overflows in muxatmd in AIX 4 allows an attacker to cause a core dump and possibly execute code.

Status:Entry
Reference: AIXAPAR:IY23402
Reference: URL:http://archives.neohapsis.com/archives/aix/2001-q4/0000.html
Reference: OSVDB:5470
Reference: URL:http://www.osvdb.org/5470

---

Name: CVE-2001-1098

Description:

Cisco PIX firewall manager (PFM) 4.3(2)g logs the enable password in plaintext in the pfm.log file, which could allow local users to obtain the password by reading the file.

Status:Entry
Reference: BID:3419
Reference: URL:http://www.securityfocus.com/bid/3419
Reference: BUGTRAQ:20011010 Vulnerability: Cisco PIX Firewall Manager
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0071.html
Reference: CERT-VN:VU#639507
Reference: URL:http://www.kb.cert.org/vuls/id/639507
Reference: XF:cisco-pfm-plaintext-password(7265)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7265

---

Name: CVE-2001-1099

Description:

The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.

Status:Entry
Reference: BID:3305
Reference: URL:http://www.securityfocus.com/bid/3305
Reference: BUGTRAQ:20010907 Microsoft Exchange + Norton AntiVirus leak local information
Reference: URL:http://www.securityfocus.com/archive/1/212724
Reference: BUGTRAQ:20010912 Re: Microsoft Exchange + Norton AntiVirus leak local information
Reference: URL:http://www.securityfocus.com/archive/1/213762
Reference: XF:nav-exchange-reveal-information(7093)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7093

---

Name: CVE-2001-1100

Description:

sendmessage.cgi in W3Mail 1.0.2, and possibly other CGI programs, allows remote attackers to execute arbitrary commands via shell metacharacters in any field of the 'Compose Message' page.

Status:Entry
Reference: BID:3673
Reference: URL:http://www.securityfocus.com/bid/3673
Reference: BUGTRAQ:20011007 Bug found at W3Mail Webmail
Reference: URL:http://www.securityfocus.com/archive/1/218921
Reference: CONFIRM:http://www.w3mail.org/ChangeLog
Reference: XF:w3mail-metacharacters-command-execution(7230)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7230

---

Name: CVE-2001-1103

Description:

FTP Voyager ActiveX control before 8.0, when it is marked as safe for scripting (the default) or if allowed by the IObjectSafety interface, allows remote attackers to execute arbitrary commands.

Status:Entry
Reference: CERT-VN:VU#320944
Reference: URL:http://www.kb.cert.org/vuls/id/320944
Reference: XF:ftp-voyager-embedded-script-execution(7119)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7119

---

Name: CVE-2001-1106

Description:

The default configuration of Sambar Server 5 and earlier uses a symmetric key that is compiled into the binary program for encrypting passwords, which could allow local users to break all user passwords by cracking the key or modifying a copy of the sambar program to call the decryption procedure.

Status:Entry
Reference: BID:3095
Reference: URL:http://www.securityfocus.com/bid/3095
Reference: BUGTRAQ:20010725 Sambar Server password decryption
Reference: URL:http://www.securityfocus.com/archive/1/199418
Reference: XF:sambar-insecure-passwords(6909)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6909

---

Name: CVE-2001-1108

Description:

Directory traversal vulnerability in SnapStream PVS 1.2a allows remote attackers to read arbitrary files via a .. (dot dot) attack in the requested URL.

Status:Entry
Reference: BID:3100
Reference: URL:http://www.securityfocus.com/bid/3100
Reference: BUGTRAQ:20010726 Snapstream PVS vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0606.html
Reference: CONFIRM:http://discuss.snapstream.com/ubb/Forum1/HTML/000216.html
Reference: OSVDB:2080
Reference: URL:http://www.osvdb.org/2080
Reference: XF:snapstream-dot-directory-traversal(6917)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6917

---

Name: CVE-2001-1113

Description:

Buffer overflow in TrollFTPD 1.26 and earlier allows local users to execute arbitrary code by creating a series of deeply nested directories with long names, then running the ls -R (recursive) command.

Status:Entry
Reference: BID:3174
Reference: URL:http://www.securityfocus.com/bid/3174
Reference: BUGTRAQ:20010813 Local exploit for TrollFTPD-1.26
Reference: URL:http://www.securityfocus.com/archive/1/203874
Reference: CONFIRM:ftp://ftp.trolltech.com/freebies/ftpd/troll-ftpd-1.27.tar.gz
Reference: XF:trollftpd-long-path-bo(6974)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6974

---

Name: CVE-2001-1116

Description:

Identix BioLogon 2.03 and earlier does not lock secondary displays on a multi-monitor system running Windows 98 or ME, which allows an attacker with physical access to the system to bypass authentication through a secondary display.

Status:Entry
Reference: BID:3140
Reference: URL:http://www.securityfocus.com/bid/3140
Reference: NTBUGTRAQ:20010802 Identix BioLogon Client security bug
Reference: URL:http://ntbugtraq.ntadvice.com/default.asp?pid=36&sid=1&A2=IND0108&L=NTBUGTRAQ&F=P&S=&P=71
Reference: NTBUGTRAQ:20010808 Response to Identix BioLogon Client security bug
Reference: URL:http://ntbugtraq.ntadvice.com/default.asp?pid=36&sid=1&A2=ind0108&L=ntbugtraq&F=P&S=&P=724
Reference: OSVDB:5453
Reference: URL:http://www.osvdb.org/5453
Reference: XF:identix-biologon-auth-bypass(6948)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6948

---

Name: CVE-2001-1117

Description:

LinkSys EtherFast BEFSR41 Cable/DSL routers running firmware before 1.39.3 Beta allows a remote attacker to view administration and user passwords by connecting to the router and viewing the HTML source for (1) index.htm and (2) Password.htm.

Status:Entry
Reference: BID:3141
Reference: URL:http://www.securityfocus.com/bid/3141
Reference: BUGTRAQ:20010802 Advisory Update: Design Flaw in Linksys EtherFast 4-Port
Reference: URL:http://www.securityfocus.com/archive/1/201390
Reference: BUGTRAQ:20010810 Linksys router security fix
Reference: URL:http://www.securityfocus.com/archive/1/203302
Reference: CONFIRM:ftp://ftp.linksys.com/pub/befsr41/befsr-fw1402.zip
Reference: OSVDB:1920
Reference: URL:http://www.osvdb.org/1920
Reference: OSVDB:5467
Reference: URL:http://www.osvdb.org/5467
Reference: XF:linksys-etherfast-reveal-passwords(6949)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6949

---

Name: CVE-2001-1118

Description:

A module in Roxen 2.0 before 2.0.92, and 2.1 before 2.1.264, does not properly decode UTF-8, Mac and ISO-2202 encoded URLs, which could allow a remote attacker to execute arbitrary commands or view arbitrary files via an encoded URL.

Status:Entry
Reference: BID:3145
Reference: URL:http://www.securityfocus.com/bid/3145
Reference: BUGTRAQ:20010802 FW: Security alert: Remote user can access any file
Reference: URL:http://www.securityfocus.com/archive/1/201499
Reference: BUGTRAQ:20010802 Roxen security alert: URL decoding vulnerable
Reference: URL:http://www.securityfocus.com/archive/1/201476
Reference: CONFIRM:http://download.roxen.com/2.0/patch/security-notice.html
Reference: XF:roxen-urlrectifier-retrieve-files(6937)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6937

---

Name: CVE-2001-1119

Description:

cda in xmcd 3.0.2 and 2.6 in SuSE Linux allows local users to overwrite arbitrary files via a symlink attack.

Status:Entry
Reference: BID:3148
Reference: URL:http://www.securityfocus.com/bid/3148
Reference: CERT-VN:VU#105347
Reference: URL:http://www.kb.cert.org/vuls/id/105347
Reference: SUSE:SuSE-SA:2001:025
Reference: URL:http://www.novell.com/linux/security/advisories/2001_025_xmcd_txt.html
Reference: XF:xmcd-cda-symlink(6941)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6941

---

Name: CVE-2001-1121

Description:

** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2001-1084. Reason: This candidate is a duplicate of CVE-2001-1084. Notes: All CVE users should reference CVE-2001-1084 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Status:Entry

---

Name: CVE-2001-1130

Description:

Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to execute arbitrary commands by uploading a keylist.txt file that contains filenames with shell metacharacters, then causing the file to be searched using a .. in the HTTP referer (from the HTTP_REFERER variable) to point to the directory that contains the keylist.txt file.

Status:Entry
Reference: BUGTRAQ:20010802 suse: sdbsearch.cgi vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/201216
Reference: SUSE:SuSE-SA:2001:027
Reference: URL:http://www.novell.com/linux/security/advisories/2001_027_sdb_txt.html
Reference: XF:sdbsearch-cgi-command-execution(7003)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7003

---

Name: CVE-2001-1132

Description:

Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication.

Status:Entry
Reference: CONECTIVA:CLA-2001:420
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000420
Reference: OSVDB:5455
Reference: URL:http://www.osvdb.org/5455
Reference: XF:mailman-blank-passwords(7091)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7091

---

Name: CVE-2001-1141

Description:

The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers.

Status:Entry
Reference: BID:3004
Reference: URL:http://www.securityfocus.com/bid/3004
Reference: BUGTRAQ:20010710 OpenSSL Security Advisory: PRNG weakness in versions up to 0.9.6a
Reference: URL:http://www.securityfocus.com/archive/1/195829
Reference: CONECTIVA:CLA-2001:418
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000418
Reference: ENGARDE:ESA-20010709-01
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1483.html
Reference: FREEBSD:FreeBSD-SA-01:51
Reference: URL:http://www.securityfocus.com/advisories/3475
Reference: MANDRAKE:MDKSA-2001:065
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-065.php3?dis=8.0
Reference: NETBSD:NetBSD-SA2001-013
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-013.txt.asc
Reference: OSVDB:853
Reference: URL:http://www.osvdb.org/853
Reference: REDHAT:RHSA-2001:051
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-051.html
Reference: XF:openssl-prng-brute-force(6823)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6823

---

Name: CVE-2001-1144

Description:

Directory traversal vulnerability in McAfee ASaP VirusScan agent 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request.

Status:Entry
Reference: BID:3020
Reference: URL:http://www.securityfocus.com/bid/3020
Reference: BUGTRAQ:20010711 McAfee ASaP Virusscan - myCIO HTTP Server Directory Traversal Vulnerabilty
Reference: URL:http://www.securityfocus.com/archive/1/196272
Reference: CERT-VN:VU#190267
Reference: URL:http://www.kb.cert.org/vuls/id/190267
Reference: NTBUGTRAQ:20010716 McAfee ASaP Virusscan - MyCIO HTTP Server Directory Traversal Vul nerability
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0107&L=ntbugtraq&F=P&S=&P=1558
Reference: OSVDB:584
Reference: URL:http://www.osvdb.org/584
Reference: XF:mcafee-mycio-directory-traversal(6834)
Reference: URL:http://www.iss.net/security_center/static/6834.php

---

Name: CVE-2001-1145

Description:

fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on the wrong directories.

Status:Entry
Reference: BID:3205
Reference: URL:http://www.securityfocus.com/bid/3205
Reference: FREEBSD:FreeBSD-SA-01:40
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:40.fts.v1.1.asc
Reference: NETBSD:NetBSD-SA2001-016
Reference: URL:http://archives.neohapsis.com/archives/netbsd/2001-q3/0204.html
Reference: OPENBSD:20010530 029: SECURITY FIX: May 30, 2001
Reference: URL:http://www.openbsd.org/errata28.html
Reference: OSVDB:5466
Reference: URL:http://www.osvdb.org/5466
Reference: XF:bsd-fts-race-condition(8715)
Reference: URL:http://www.iss.net/security_center/static/8715.php

---

Name: CVE-2001-1146

Description:

AllCommerce with debugging enabled in EnGarde Secure Linux 1.0.1 creates temporary files with predictable names, which allows local users to modify files via a symlink attack.

Status:Entry
Reference: BID:3016
Reference: URL:http://www.securityfocus.com/bid/3016
Reference: ENGARDE:ESA-20010711-01
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1492.html
Reference: XF:allcommerce-temp-symlink(6830)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6830

---

Name: CVE-2001-1147

Description:

The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits.

Status:Entry
Reference: BID:3415
Reference: URL:http://www.securityfocus.com/bid/3415
Reference: BUGTRAQ:20011008 pam_limits.so Bug!!
Reference: URL:http://www.securityfocus.com/archive/1/219175
Reference: CIAC:M-009
Reference: URL:http://www.ciac.org/ciac/bulletins/m-009.shtml
Reference: MANDRAKE:MDKSA-2001:084
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-084.php3
Reference: REDHAT:RHSA-2001:132
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-132.html
Reference: SUSE:SuSE-SA:2001:034
Reference: URL:http://www.novell.com/linux/security/advisories/2001_034_shadow_txt.html
Reference: XF:utillinux-pamlimits-gain-privileges(7266)
Reference: URL:http://www.iss.net/security_center/static/7266.php

---

Name: CVE-2001-1149

Description:

Panda Antivirus Platinum before 6.23.00 allows a remore attacker to cause a denial of service (crash) when a user selects an action for a malformed UPX packed executable file.

Status:Entry
Reference: OSVDB:5456
Reference: URL:http://www.osvdb.org/5456
Reference: VULN-DEV:20010821 RE: Bug report -- Incident number 240649
Reference: URL:http://www.securityfocus.com/archive/82/209328

---

Name: CVE-2001-1153

Description:

lpsystem in OpenUnix 8.0.0 allows local users to cause a denial of service and possibly execute arbitrary code via a long command line argument.

Status:Entry
Reference: BID:3248
Reference: URL:http://www.securityfocus.com/bid/3248
Reference: CALDERA:CSSA-2001-SCO.15
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0391.html
Reference: XF:openunix-lpsystem-bo(7041)
Reference: URL:http://www.iss.net/security_center/static/7041.php

---

Name: CVE-2001-1155

Description:

TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing.

Status:Entry
Reference: FREEBSD:FreeBSD-SA-01:56
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:56.tcp_wrappers.asc
Reference: OSVDB:5454
Reference: URL:http://www.osvdb.org/5454

---

Name: CVE-2001-1158

Description:

Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, accept_fw1_rdp, which can allow remote attackers to bypass intended restrictions with forged RDP (internal protocol) headers to UDP port 259 of arbitrary hosts.

Status:Entry
Reference: BID:2952
Reference: URL:http://www.securityfocus.com/bid/2952
Reference: BUGTRAQ:20010709 Check Point FireWall-1 RDP Bypass Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0128.html
Reference: BUGTRAQ:20010709 Check Point response to RDP Bypass
Reference: URL:http://online.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-03-11&end=2002-03-17&mid=195647&threads=1
Reference: CERT:CA-2001-17
Reference: URL:http://www.cert.org/advisories/CA-2001-17.html
Reference: CERT-VN:VU#310295
Reference: URL:http://www.kb.cert.org/vuls/id/310295
Reference: CHECKPOINT:20010712 RDP Bypass workaround for VPN-1/FireWall 4.1 SPx
Reference: URL:http://www.checkpoint.com/techsupport/alerts/rdp.html
Reference: CIAC:L-109
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-109.shtml
Reference: OSVDB:1884
Reference: URL:http://www.osvdb.org/1884
Reference: XF:fw1-rdp-bypass(6815)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6815

---

Name: CVE-2001-1160

Description:

udirectory.pl in Microburst Technologies uDirectory 2.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the category_file field.

Status:Entry
Reference: BID:2884
Reference: URL:http://www.securityfocus.com/bid/2884
Reference: BUGTRAQ:20010618 udirectory from Microburst Technologies remote command execution
Reference: URL:http://www.securityfocus.com/archive/1/191829
Reference: XF:udirectory-remote-command-execution(6706)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6706

---

Name: CVE-2001-1161

Description:

Cross-site scripting (CSS) vulnerability in Lotus Domino 5.0.6 allows remote attackers to execute script on other web clients via a URL that ends in Javascript, which generates an error message that does not quote the resulting script.

Status:Entry
Reference: BID:2962
Reference: URL:http://www.securityfocus.com/bid/2962
Reference: BUGTRAQ:20010702 Lotus Domino Server Cross-Site Scripting Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/194465
Reference: BUGTRAQ:20010702 Re: Lotus Domino Server Cross-Site Scripting Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/194609
Reference: CERT-VN:VU#642239
Reference: URL:http://www.kb.cert.org/vuls/id/642239
Reference: OSVDB:1887
Reference: URL:http://www.osvdb.org/1887
Reference: XF:lotus-domino-css(6789)
Reference: URL:http://www.iss.net/security_center/static/6789.php

---

Name: CVE-2001-1162

Description:

Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file.

Status:Entry
Reference: BID:2928
Reference: URL:http://www.securityfocus.com/bid/2928
Reference: BUGTRAQ:20010623 smbd remote file creation vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/193027
Reference: CALDERA:CSSA-2001-024.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-024.0.txt
Reference: CIAC:L-105
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-105.shtml
Reference: CONECTIVA:CLA-2001:405
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000405
Reference: CONFIRM:http://us1.samba.org/samba/whatsnew/macroexploit.html
Reference: DEBIAN:DSA-065
Reference: URL:http://www.debian.org/security/2001/dsa-065
Reference: HP:HPSBUX0107-157
Reference: URL:http://www.securityfocus.com/advisories/3423
Reference: IMMUNIX:IMNX-2001-70-027-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-027-01
Reference: MANDRAKE:MDKSA-2001-062
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-062.php3
Reference: REDHAT:RHSA-2001:086
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-086.html
Reference: SGI:20011002-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20011002-01-P
Reference: XF:samba-netbios-file-creation(6731)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6731

---

Name: CVE-2001-1166

Description:

linprocfs on FreeBSD 4.3 and earlier does not properly restrict access to kernel memory, which allows one process with debugging rights on a privileged process to read restricted memory from that process.

Status:Entry
Reference: BID:3217
Reference: URL:http://www.securityfocus.com/bid/3217
Reference: FREEBSD:FreeBSD-SA-01:55
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:55.procfs.asc
Reference: OSVDB:1938
Reference: URL:http://www.osvdb.org/1938
Reference: XF:linprocfs-process-memory-leak(7017)
Reference: URL:http://www.iss.net/security_center/static/7017.php

---

Name: CVE-2001-1172

Description:

OmniSecure HTTProtect 1.1.1 allows a superuser without omnish privileges to modify a protected file by creating a symbolic link to that file.

Status:Entry
Reference: BUGTRAQ:20010719 [SNS Advisory No.37] HTTProtect allows attackers to change the protected file using a symlink
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0357.html
Reference: CONFIRM:http://www.omnisecure.com/security-alert.html
Reference: OSVDB:5452
Reference: URL:http://www.osvdb.org/5452
Reference: XF:httprotect-protected-file-symlink(6880)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6880

---

Name: CVE-2001-1174

Description:

Buffer overflow in Elm 2.5.5 and earlier allows remote attackers to execute arbitrary code via a long Message-ID header.

Status:Entry
Reference: MANDRAKE:MDKSA-2001:067
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-067.php
Reference: OSVDB:5451
Reference: URL:http://www.osvdb.org/5451
Reference: REDHAT:RHSA-2001:091
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-091.html
Reference: XF:elm-messageid-bo(6852)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6852

---

Name: CVE-2001-1175

Description:

vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing.

Status:Entry
Reference: BID:3036
Reference: URL:http://www.securityfocus.com/bid/3036
Reference: REDHAT:RHSA-2001:095
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-095.html
Reference: REDHAT:RHSA-2001:132
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-132.html
Reference: XF:vipw-world-readable-files(6851)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6851

---

Name: CVE-2001-1176

Description:

Format string vulnerability in Check Point VPN-1/FireWall-1 4.1 allows a remote authenticated firewall administrator to execute arbitrary code via format strings in the control connection.

Status:Entry
Reference: BID:3021
Reference: URL:http://www.securityfocus.com/bid/3021
Reference: BUGTRAQ:20010712 VPN-1/FireWall-1 Format Strings Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0209.html
Reference: CONFIRM:http://www.checkpoint.com/techsupport/alerts/format_strings.html
Reference: OSVDB:1901
Reference: URL:http://www.osvdb.org/1901
Reference: XF:fw1-management-format-string(6849)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6849

---

Name: CVE-2001-1177

Description:

ml85p in Samsung ML-85G GDI printer driver before 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

Status:Entry
Reference: BID:3008
Reference: URL:http://www.securityfocus.com/bid/3008
Reference: BUGTRAQ:20010717 Samsung ML-85G Printer Linux Helper/Driver Binary Exploit (Mandrake: ghostscript package)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0284.html
Reference: XF:samsung-printer-temp-symlink(6845)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6845

---

Name: CVE-2001-1180

Description:

FreeBSD 4.3 does not properly clear shared signal handlers when executing a process, which allows local users to gain privileges by calling rfork with a shared signal handler, having the child process execute a setuid program, and sending a signal to the child.

Status:Entry
Reference: BID:3007
Reference: URL:http://www.securityfocus.com/bid/3007
Reference: BUGTRAQ:20010710 FreeBSD 4.3 local root, yet Linux and *BSD much better than Windows
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0179.html
Reference: CERT-VN:VU#943633
Reference: URL:http://www.kb.cert.org/vuls/id/943633
Reference: CIAC:L-111
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-111.shtml
Reference: FREEBSD:FreeBSD-SA-01:42
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:42.signal.v1.1.asc
Reference: OSVDB:1897
Reference: URL:http://www.osvdb.org/1897
Reference: XF:bsd-rfork-signal-handlers(6829)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6829

---

Name: CVE-2001-1183

Description:

PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers to cause a denial of service (crash) via a malformed packet.

Status:Entry
Reference: BID:3022
Reference: URL:http://www.securityfocus.com/bid/3022
Reference: CERT-VN:VU#656315
Reference: URL:http://www.kb.cert.org/vuls/id/656315
Reference: CISCO:20010712 Cisco IOS PPTP Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/PPTP-vulnerability-pub.html
Reference: OSVDB:802
Reference: URL:http://www.osvdb.org/802
Reference: XF:cisco-ios-pptp-dos(6835)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6835

---

Name: CVE-2001-1185

Description:

Some AIO operations in FreeBSD 4.4 may be delayed until after a call to execve, which could allow a local user to overwrite memory of the new process and gain privileges.

Status:Entry
Reference: BID:3661
Reference: URL:http://www.securityfocus.com/bid/3661
Reference: BUGTRAQ:20011210 AIO vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/244583
Reference: OSVDB:2001
Reference: URL:http://www.osvdb.org/2001
Reference: XF:bsd-aio-overwrite-memory(7693)
Reference: URL:http://www.iss.net/security_center/static/7693.php

---

Name: CVE-2001-1186

Description:

Microsoft IIS 5.0 allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection.

Status:Entry
Reference: BID:3667
Reference: URL:http://www.securityfocus.com/bid/3667
Reference: BUGTRAQ:20011211 Microsoft IIS/5 bogus Content-length bug Memory attack
Reference: URL:http://online.securityfocus.com/archive/1/244931
Reference: BUGTRAQ:20011211 Microsoft IIS/5 bogus Content-length bug.
Reference: URL:http://www.securityfocus.com/archive/1/244892
Reference: BUGTRAQ:20011212 Microsoft IIS/5.0 Content-Length DoS (proved)
Reference: URL:http://online.securityfocus.com/archive/1/245100
Reference: XF:iis-false-content-length-dos(7691)
Reference: URL:http://www.iss.net/security_center/static/7691.php

---

Name: CVE-2001-1193

Description:

Directory traversal vulnerability in EFTP 2.0.8.346 allows local users to read directories via a ... (modified dot dot) in the CWD command.

Status:Entry
Reference: BID:3691
Reference: URL:http://www.securityfocus.com/bid/3691
Reference: BUGTRAQ:20011213 EFTP 2.0.8.346 directory content disclosure
Reference: URL:http://www.securityfocus.com/archive/1/245393
Reference: CERT-VN:VU#413875
Reference: URL:http://www.kb.cert.org/vuls/id/413875
Reference: CONFIRM:http://www.eftp.org/releasehistory.html
Reference: OSVDB:2003
Reference: URL:http://www.osvdb.org/2003
Reference: XF:eftp-dot-directory-traversal(7699)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7699

---

Name: CVE-2001-1199

Description:

Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through 4.0g, when debug mode is enabled, allows remote attackers to execute Javascript on other clients via the cart_id parameter.

Status:Entry
Reference: BID:3702
Reference: URL:http://www.securityfocus.com/bid/3702
Reference: BUGTRAQ:20011217 Agoracgi v3.3e Cross Site Scripting Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/246044
Reference: CONFIRM:http://www.agoracgi.com/security.html
Reference: OSVDB:698
Reference: URL:http://www.osvdb.org/698
Reference: XF:agora-cgi-css(7708)
Reference: URL:http://www.iss.net/security_center/static/7708.php

---

Name: CVE-2001-1200

Description:

Microsoft Windows XP allows local users to bypass a locked screen and run certain programs that are associated with Hot Keys.

Status:Entry
Reference: BID:3703
Reference: URL:http://www.securityfocus.com/bid/3703
Reference: BUGTRAQ:20011217 Hot keys permissions bypass under XP
Reference: URL:http://www.securityfocus.com/archive/1/246014
Reference: XF:winxp-hotkey-execute-programs(7713)
Reference: URL:http://www.iss.net/security_center/static/7713.php

---

Name: CVE-2001-1201

Description:

Buffer overflow in wmcube-gdk for WMCube/GDK 0.98 allows local users to execute arbitrary code via long lines in the object description file.

Status:Entry
Reference: BID:3706
Reference: URL:http://www.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3706
Reference: BUGTRAQ:20011217 New Advisory + Exploit
Reference: URL:http://marc.info/?l=bugtraq&m=100863301405266&w=2
Reference: BUGTRAQ:20011218 wmcube-gdk is vulnerable to a local exploit
Reference: URL:http://online.securityfocus.com/archive/1/246273
Reference: CONFIRM:http://www.ne.jp/asahi/linux/timecop/software/wmcube-gdk-0.98p2.tar.gz
Reference: XF:wmcubegdk-object-file-bo(7720)
Reference: URL:http://www.iss.net/security_center/static/7720.php

---

Name: CVE-2001-1203

Description:

Format string vulnerability in gpm-root in gpm 1.17.8 through 1.17.18 allows local users to gain root privileges.

Status:Entry
Reference: BID:3750
Reference: URL:http://www.securityfocus.com/bid/3750
Reference: DEBIAN:DSA-095
Reference: URL:http://www.debian.org/security/2001/dsa-095
Reference: XF:linux-gpm-format-string(7748)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7748

---

Name: CVE-2001-1215

Description:

Format string vulnerability in PFinger 0.7.5 through 0.7.7 allows remote attackers to execute arbitrary code via format string specifiers in a .plan file.

Status:Entry
Reference: BID:3725
Reference: URL:http://www.securityfocus.com/bid/3725
Reference: BUGTRAQ:20011220 [CERT-intexxia] pfinger Format String Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/246656
Reference: CONFIRM:http://www.xelia.ch/unix/pfinger/ChangeLog
Reference: XF:pfinger-plan-format-string(7742)
Reference: URL:http://www.iss.net/security_center/static/7742.php

---

Name: CVE-2001-1227

Description:

Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.

Status:Entry
Reference: BID:3425
Reference: URL:http://www.securityfocus.com/bid/3425
Reference: MANDRAKE:MDKSA-2001:080
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-080.php3
Reference: REDHAT:RHSA-2001:072
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-072.html
Reference: REDHAT:RHSA-2001:115
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-115.html
Reference: XF:zope-fmt-access-methods(7271)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7271

---

Name: CVE-2001-1231

Description:

GroupWise 5.5 and 6 running in live remote or smart caching mode allows remote attackers to read arbitrary users' mailboxes by extracting usernames and passwords from sniffed network traffic, as addressed by the "Padlock" fix.

Status:Entry
Reference: BID:3189
Reference: URL:http://www.securityfocus.com/bid/3189
Reference: BUGTRAQ:20010814 Fwd: Security Alert: Groupwise - Action Required
Reference: URL:http://www.securityfocus.com/archive/1/204672
Reference: CONFIRM:http://support.novell.com/padlock/details.htm
Reference: XF:novell-groupwise-admin-privileges(6998)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6998

---

Name: CVE-2001-1234

Description:

Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites via an HTTP request that modifies the includedir variable.

Status:Entry
Reference: BID:3397
Reference: URL:http://www.securityfocus.com/bid/3397
Reference: BUGTRAQ:20011002 results of semi-automatic source code audit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
Reference: CONFIRM:http://prdownloads.sourceforge.net/gallery/gallery-1.2.5.tar.gz
Reference: OSVDB:1967
Reference: URL:http://www.osvdb.org/1967
Reference: XF:php-includedir-code-execution(7215)
Reference: URL:http://www.iss.net/security_center/static/7215.php

---

Name: CVE-2001-1235

Description:

pSlash PHP script 0.7 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable.

Status:Entry
Reference: BID:3395
Reference: URL:http://www.securityfocus.com/bid/3395
Reference: BUGTRAQ:20011002 results of semi-automatic source code audit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
Reference: CERT-VN:VU#847803
Reference: URL:http://www.kb.cert.org/vuls/id/847803
Reference: XF:php-includedir-code-execution(7215)
Reference: URL:http://www.iss.net/security_center/static/7215.php

---

Name: CVE-2001-1236

Description:

myphpPagetool PHP script 0.4.3-1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable.

Status:Entry
Reference: BID:3394
Reference: URL:http://www.securityfocus.com/bid/3394
Reference: BUGTRAQ:20011002 results of semi-automatic source code audit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
Reference: CERT-VN:VU#847803
Reference: URL:http://www.kb.cert.org/vuls/id/847803
Reference: XF:php-includedir-code-execution(7215)
Reference: URL:http://www.iss.net/security_center/static/7215.php

---

Name: CVE-2001-1237

Description:

Phormation PHP script 0.9.1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the phormationdir variable.

Status:Entry
Reference: BID:3393
Reference: URL:http://www.securityfocus.com/bid/3393
Reference: BUGTRAQ:20011002 results of semi-automatic source code audit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
Reference: CERT-VN:VU#847803
Reference: URL:http://www.kb.cert.org/vuls/id/847803
Reference: CONFIRM:http://www.peaceworks.ca/phormation/phormation-0.9.2.tar.gz
Reference: XF:php-includedir-code-execution(7215)
Reference: URL:http://www.iss.net/security_center/static/7215.php

---

Name: CVE-2001-1240

Description:

The default configuration of sudo in Engarde Secure Linux 1.0.1 allows any user in the admin group to run certain commands that could be leveraged to gain full root access.

Status:Entry
Reference: ENGARDE:ESA-20010711-02
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1493.html

---

Name: CVE-2001-1246

Description:

PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.

Status:Entry
Reference: BID:2954
Reference: URL:http://www.securityfocus.com/bid/2954
Reference: BUGTRAQ:20010630 php breaks safe mode
Reference: URL:http://online.securityfocus.com/archive/1/194425
Reference: CONFIRM:http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz
Reference: REDHAT:RHSA-2002:102
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-102.html
Reference: REDHAT:RHSA-2002:129
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-129.html
Reference: REDHAT:RHSA-2003:159
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-159.html
Reference: XF:php-safemode-elevate-privileges(6787)
Reference: URL:http://www.iss.net/security_center/static/6787.php

---

Name: CVE-2001-1247

Description:

PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files.

Status:Entry
Reference: BUGTRAQ:20010630 php breaks safe mode
Reference: URL:http://online.securityfocus.com/archive/1/194425
Reference: CONFIRM:http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz
Reference: OSVDB:5440
Reference: URL:http://www.osvdb.org/5440
Reference: REDHAT:RHSA-2002:035
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-035.html

---

Name: CVE-2001-1251

Description:

SmallHTTP 1.204 through 3.00 beta 8 allows remote attackers to cause a denial of service via multiple long URL requests.

Status:Entry
Reference: BID:2980
Reference: URL:http://www.securityfocus.com/bid/2980
Reference: BUGTRAQ:20010629 4 New vulns. vWebServer and SmallHTTP
Reference: URL:http://online.securityfocus.com/archive/1/194418
Reference: XF:vwebserver-long-url-dos(6771)
Reference: URL:http://www.iss.net/security_center/static/6771.php

---

Name: CVE-2001-1252

Description:

Network Associates PGP Keyserver 7.0 allows remote attackers to bypass authentication and access the administrative web interface via URLs that directly access cgi-bin instead of keyserver/cgi-bin for the programs (1) console, (2) cs, (3) multi_config and (4) directory.

Status:Entry
Reference: BID:3375
Reference: URL:http://www.securityfocus.com/bid/3375
Reference: BUGTRAQ:20010928 SNS-43: PGP Keyserver Permissions Misconfiguration
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-09/0230.html
Reference: CONFIRM:http://www.pgp.com/support/product-advisories/keyserver.asp
Reference: OSVDB:1955
Reference: URL:http://www.osvdb.org/1955
Reference: OSVDB:4193
Reference: URL:http://www.osvdb.org/4193
Reference: XF:pgp-keyserver-http-dos(7203)
Reference: URL:http://www.iss.net/security_center/static/7203.php

---

Name: CVE-2001-1266

Description:

Directory traversal vulnerability in Doug Neal's HTTPD Daemon (DNHTTPD) before 0.4.1 allows remote attackers to view arbitrary files via a .. (dot dot) attack using the dot hex code '%2E'.

Status:Entry
Reference: CONFIRM:http://dnhttpd.sourceforge.net/changelog.html
Reference: MISC:http://archives.neohapsis.com/archives/apps/freshmeat/2001-07/0002.html

---

Name: CVE-2001-1267

Description:

Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot).

Status:Entry
Reference: BID:3024
Reference: URL:http://www.securityfocus.com/bid/3024
Reference: BUGTRAQ:20010712 SECURITY.NNOV: directory traversal and path globing in multiple archivers
Reference: URL:http://online.securityfocus.com/archive/1/196445
Reference: CONECTIVA:CLA-2002:538
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000538
Reference: CONFIRM:ftp://alpha.gnu.org/gnu/tar/tar-1.13.25.tar.gz
Reference: HP:HPSBTL0209-068
Reference: URL:http://online.securityfocus.com/advisories/4514
Reference: MANDRAKE:MDKSA-2002:066
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:066
Reference: REDHAT:RHSA-2002:096
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-096.html
Reference: REDHAT:RHSA-2002:138
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-138.html
Reference: REDHAT:RHSA-2003:218
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-218.html
Reference: SUNALERT:47800
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-47800-1
Reference: XF:archive-extraction-directory-traversal(10224)
Reference: URL:http://www.iss.net/security_center/static/10224.php

---

Name: CVE-2001-1276

Description:

ispell before 3.1.20 allows local users to overwrite files of other users via a symlink attack on a temporary file.

Status:Entry
Reference: BUGTRAQ:20010621 ispell update -- Immunix OS 6.2
Reference: URL:http://marc.info/?l=bugtraq&m=99317439131174&w=2
Reference: IMMUNIX:IMNX-2001-62-004-01
Reference: URL:http://download.immunix.org/ImmunixOS/6.2/updates/IMNX-2001-62-004-01
Reference: MANDRAKE:MDKSA-2001:058
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-058.php3
Reference: REDHAT:RHSA-2001:074
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-074.html

---

Name: CVE-2001-1277

Description:

makewhatis in the man package before 1.5i2 allows an attacker in group man to overwrite arbitrary files via a man page whose name contains shell metacharacters.

Status:Entry
Reference: BUGTRAQ:20010611 man 1.5h10 + man 1.5i-4 exploits
Reference: URL:http://marc.info/?l=bugtraq&m=99227597227747&w=2
Reference: MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=41805
Reference: REDHAT:RHSA-2001:072
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-072.html

---

Name: CVE-2001-1279

Description:

Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows remote attackers to cause a denial of service and possibly execute arbitrary code via AFS RPC packets with invalid lengths that trigger an integer signedness error, a different vulnerability than CVE-2000-1026.

Status:Entry
Reference: BID:3065
Reference: URL:http://www.securityfocus.com/bid/3065
Reference: CALDERA:CSSA-2002-025.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-025.0.txt
Reference: CERT-VN:VU#797201
Reference: URL:http://www.kb.cert.org/vuls/id/797201
Reference: CONECTIVA:CLA-2002:480
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000480
Reference: FREEBSD:FreeBSD-SA-01:48
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:48.tcpdump.asc
Reference: MANDRAKE:MDKSA-2002:032
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-032.php
Reference: REDHAT:RHSA-2001:089
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-089.html
Reference: XF:tcpdump-afs-rpc-bo(7006)
Reference: URL:http://www.iss.net/security_center/static/7006.php

---

Name: CVE-2001-1291

Description:

The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the server via brute force password guessing.

Status:Entry
Reference: BID:3034
Reference: URL:http://www.securityfocus.com/bid/3034
Reference: BUGTRAQ:20010712 3Com TelnetD
Reference: URL:http://www.securityfocus.com/archive/1/196957
Reference: XF:3com-telnetd-brute-force(6855)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6855

---

Name: CVE-2001-1295

Description:

Directory traversal vulnerability in Cerberus FTP Server 1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the CD command.

Status:Entry
Reference: CONFIRM:http://www.greenepa.net/~averett/cerberus-releasenotes.htm#ReleaseNotes
Reference: MISC:http://www.securiteam.com/windowsntfocus/5SP0M0055W.html
Reference: XF:cerberus-ftp-directory-traversal(7004)
Reference: URL:http://www.iss.net/security_center/static/7004.php

---

Name: CVE-2001-1296

Description:

More.groupware PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.

Status:Entry
Reference: BID:3383
Reference: URL:http://www.securityfocus.com/bid/3383
Reference: BUGTRAQ:20011002 results of semi-automatic source code audit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
Reference: MISC:http://www.moregroupware.org/index.php?action=detail&news_id=24
Reference: XF:php-includedir-code-execution(7215)
Reference: URL:http://www.iss.net/security_center/static/7215.php

---

Name: CVE-2001-1297

Description:

PHP remote file inclusion vulnerability in Actionpoll PHP script before 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter.

Status:Entry
Reference: BID:3384
Reference: URL:http://www.securityfocus.com/bid/3384
Reference: BUGTRAQ:20011002 results of semi-automatic source code audit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=58331
Reference: OSVDB:1960
Reference: URL:http://www.osvdb.org/1960
Reference: XF:php-includedir-code-execution(7215)
Reference: URL:http://www.iss.net/security_center/static/7215.php

---

Name: CVE-2001-1299

Description:

Zorbat Zorbstats PHP script before 0.9 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.

Status:Entry
Reference: BID:3386
Reference: URL:http://www.securityfocus.com/bid/3386
Reference: BUGTRAQ:20011002 results of semi-automatic source code audit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html
Reference: CERT-VN:VU#847803
Reference: URL:http://www.kb.cert.org/vuls/id/847803
Reference: CONFIRM:http://www.come.to/zorbat/
Reference: CONFIRM:http://www.kb.cert.org/vuls/id/JARL-53RJKV
Reference: XF:php-includedir-code-execution(7215)
Reference: URL:http://www.iss.net/security_center/static/7215.php

---

Name: CVE-2001-1301

Description:

rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file.

Status:Entry
Reference: BUGTRAQ:20010807 rcs2log
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-08/0093.html
Reference: CONFIRM:http://savannah.gnu.org/cgi-bin/viewcvs/emacs/emacs/lib-src/rcs2log?only_with_tag=EMACS_PRETEST_21_0_95
Reference: XF:rcs2log-tmp-symlink(11210)
Reference: URL:http://www.iss.net/security_center/static/11210.php

---

Name: CVE-2001-1302

Description:

The change password option in the Windows Security interface for Windows 2000 allows attackers to use the option to attempt to change passwords of other users on other systems or identify valid accounts by monitoring error messages, possibly due to a problem in the NetuserChangePassword function.

Status:Entry
Reference: BID:3063
Reference: URL:http://www.securityfocus.com/bid/3063
Reference: NTBUGTRAQ:20010718 Changing NT/2000 accounts password from the command line
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0107&L=ntbugtraq&F=P&S=&P=1911
Reference: XF:win2k-change-network-passwords(6876)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6876

---

Name: CVE-2001-1303

Description:

The default configuration of SecuRemote for Check Point Firewall-1 allows remote attackers to obtain sensitive configuration information for the protected network without authentication.

Status:Entry
Reference: BID:3058
Reference: URL:http://www.securityfocus.com/bid/3058
Reference: BUGTRAQ:20010718 Firewall-1 Information leak
Reference: URL:http://www.securityfocus.com/archive/1/197566
Reference: OSVDB:588
Reference: URL:http://www.osvdb.org/588
Reference: XF:fw1-securemote-gain-information(6857)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6857

---

Name: CVE-2001-1322

Description:

xinetd 2.1.8 and earlier runs with a default umask of 0, which could allow local users to read or modify files that are created by an application that runs under xinetd but does not set its own safe umask.

Status:Entry
Reference: BID:2826
Reference: URL:http://www.securityfocus.com/bid/2826
Reference: CONECTIVA:CLA-2001:404
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000404
Reference: DEBIAN:DSA-063
Reference: URL:http://www.debian.org/security/2001/dsa-063
Reference: ENGARDE:ESA-20010621-01
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1469.html
Reference: FREEBSD:FreeBSD-SA-01:47
Reference: IMMUNIX:IMNX-2001-70-024-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-024-01
Reference: MANDRAKE:MDKSA-2001:055
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-055.php3
Reference: REDHAT:RHSA-2001:075
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-075.html
Reference: SUSE:SuSE-SA:2001:022
Reference: XF:xinetd-insecure-permissions(6657)
Reference: URL:http://www.iss.net/security_center/static/6657.php

---

Name: CVE-2001-1327

Description:

pmake before 2.1.35 in Turbolinux 6.05 and earlier is installed with setuid root privileges, which could allow local users to gain privileges by exploiting vulnerabilities in pmake or programs that are used by pmake.

Status:Entry
Reference: TURBO:TLSA2001024
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2001-May/000313.html
Reference: XF:pmake-binary-gain-privileges(9988)
Reference: URL:http://www.iss.net/security_center/static/9988.php

---

Name: CVE-2001-1328

Description:

Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows remote attackers to execute arbitrary code.

Status:Entry
Reference: AUSCERT:AA-2001.03
Reference: URL:ftp://ftp.auscert.org.au/pub/auscert/advisory/AA-2001.03
Reference: CIAC:L-103
Reference: URL:http://www.ciac.org/ciac/bulletins/l-103.shtml
Reference: OVAL:oval:org.mitre.oval:def:1844
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1844
Reference: SUN:00203
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/203
Reference: XF:solaris-ypbind-bo(6828)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6828

---

Name: CVE-2001-1334

Description:

Block_render_url.class in PHPSlash 0.6.1 allows remote attackers with PHPSlash administrator privileges to read arbitrary files by creating a block and specifying the target file as the source URL.

Status:Entry
Reference: BID:2724
Reference: URL:http://www.securityfocus.com/bid/2724
Reference: BUGTRAQ:20010515 PHPSlash : potential vulnerability in URL blocks
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0126.html
Reference: CONFIRM:http://marc.info/?l=phpslash&m=99029398904419&w=2
Reference: XF:phpslash-block-read-files(9990)
Reference: URL:http://www.iss.net/security_center/static/9990.php

---

Name: CVE-2001-1342

Description:

Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.

Status:Entry
Reference: BID:2740
Reference: URL:http://www.securityfocus.com/bid/2740
Reference: BUGTRAQ:20010412 Apache Win32 8192 chars string bug
Reference: URL:http://online.securityfocus.com/archive/1/176144
Reference: BUGTRAQ:20010522 [Announce] Apache 1.3.20 Released
Reference: URL:http://marc.info/?l=bugtraq&m=99054258728748&w=2
Reference: CONFIRM:http://bugs.apache.org/index.cgi/full/7522
Reference: CONFIRM:http://www.apacheweek.com/issues/01-05-25
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
Reference: URL:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
Reference: URL:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
Reference: XF:apache-server-dos(6527)
Reference: URL:http://www.iss.net/security_center/static/6527.php

---

Name: CVE-2001-1345

Description:

bctool in Jetico BestCrypt 0.7 and earlier trusts the user-supplied PATH to find and execute an fsck utility program, which allows local users to gain privileges by modifying the PATH to point to a Trojan horse program.

Status:Entry
Reference: BID:2820
Reference: URL:http://www.securityfocus.com/bid/2820
Reference: BUGTRAQ:20010604 Fatal flaw in BestCrypt <= v0.7 (Linux)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0005.html
Reference: CONFIRM:http://www.jetico.com/index.htm#/linux.htm
Reference: XF:bestcrypt-bctool-gain-privileges(6648)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6648

---

Name: CVE-2001-1347

Description:

Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes.

Status:Entry
Reference: BID:2764
Reference: URL:http://www.securityfocus.com/bid/2764
Reference: BUGTRAQ:20010524 Elevation of privileges with debug registers on Win2K
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0232.html
Reference: XF:win2k-debug-elevate-privileges(6590)
Reference: URL:http://www.iss.net/security_center/static/6590.php

---

Name: CVE-2001-1349

Description:

Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local users to cause a denial of service and possibly corrupt the heap and gain privileges via race conditions in signal handlers.

Status:Entry
Reference: BID:2794
Reference: URL:http://www.securityfocus.com/bid/2794
Reference: BINDVIEW:20010528 Unsafe Signal Handling in Sendmail
Reference: URL:http://razor.bindview.com/publish/advisories/adv_sm8120.html
Reference: BUGTRAQ:20010529 sendmail 8.11.4 and 8.12.0.Beta10 available (fwd)
Reference: URL:http://www.securityfocus.com/archive/1/187127
Reference: CONFIRM:http://archives.neohapsis.com/archives/sendmail/2001-q2/0001.html
Reference: REDHAT:RHSA-2001:106
Reference: URL:http://rhn.redhat.com/errata/RHSA-2001-106.html
Reference: XF:sendmail-signal-handling(6633)
Reference: URL:http://www.iss.net/security_center/static/6633.php

---

Name: CVE-2001-1350

Description:

Cross-site scripting vulnerability in namazu.cgi for Namazu 2.0.7 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the lang parameter.

Status:Entry
Reference: MISC:http://search.namazu.org/ml/namazu-devel-ja/msg02114.html
Reference: REDHAT:RHSA-2001:162
Reference: URL:http://marc.info/?l=bugtraq&w=2&r=1&s=namazu&q=b

---

Name: CVE-2001-1351

Description:

Cross-site scripting vulnerability in Namazu 2.0.8 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the index file name that is displayed when displaying hit numbers.

Status:Entry
Reference: OSVDB:5690
Reference: URL:http://www.osvdb.org/5690
Reference: REDHAT:RHSA-2001:162
Reference: URL:http://marc.info/?l=bugtraq&w=2&r=1&s=namazu&q=b
Reference: XF:linux-namazu-css(7875)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7875

---

Name: CVE-2001-1352

Description:

Cross-site scripting vulnerability in Namazu 2.0.9 and earlier allows remote attackers to execute arbitrary Javascript as other web users via an error message that is returned when an invalid index file is specified in the idxname parameter.

Status:Entry
Reference: BUGTRAQ:20011227 Re: [RHSA-2001:162-04] Updated namazu packages are available
Reference: URL:http://marc.info/?l=bugtraq&m=100947261916155&w=2
Reference: BUGTRAQ:20020109 Details on the updated namazu packages that are available
Reference: URL:http://marc.info/?l=bugtraq&m=101068116016472&w=2
Reference: OSVDB:5691
Reference: URL:http://www.osvdb.org/5691
Reference: REDHAT:RHSA-2001:179
Reference: URL:http://marc.info/?l=bugtraq&m=101060476404565&w=2
Reference: XF:linux-namazu-css(7875)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7875

---

Name: CVE-2001-1359

Description:

Volution clients 1.0.7 and earlier attempt to contact the computer creation daemon (CCD) when an LDAP authentication failure occurs, which allows remote attackers to fully control clients via a Trojan horse Volution server.

Status:Entry
Reference: BID:2850
Reference: URL:http://www.securityfocus.com/bid/2850
Reference: CALDERA:CSSA-2001-021.0
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-021.0.txt
Reference: XF:volution-authentication-failure-access(6672)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6672

---

Name: CVE-2001-1367

Description:

The checkAccess function in PHPSlice 0.1.4, and all other versions between 0.1.1 and 0.1.6, does not properly verify the administrative access level, which could allow remote attackers to gain privileges.

Status:Entry
Reference: CONFIRM:http://phpslice.org/comments.php?aid=1031&
Reference: VULNWATCH:20010719 [VulnWatch] Changelog maddness (14 various broken apps)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2001-q3/0005.html
Reference: XF:phpslice-checkaccess-function-privileges(9649)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/9649

---

Name: CVE-2001-1369

Description:

Leon J Breedt pam-pgsql before 0.5.2 allows remote attackers to execute arbitrary SQL code and bypass authentication or modify user account records by injecting SQL statements into user or password fields.

Status:Entry
Reference: BID:3319
Reference: URL:http://www.securityfocus.com/bid/3319
Reference: FREEBSD:FreeBSD-SA-02:14
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:14.pam-pgsql.asc
Reference: XF:postgresql-pam-authentication-module(7110)
Reference: URL:http://www.iss.net/security_center/static/7110.php

---

Name: CVE-2001-1370

Description:

prepend.php3 in PHPLib before 7.2d, when register_globals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $_PHPLIB[libdir] to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages that use PHPLib.

Status:Entry
Reference: BID:3079
Reference: URL:http://www.securityfocus.com/bid/3079
Reference: BUGTRAQ:20010721 IMP 2.2.6 (SECURITY) released
Reference: URL:http://online.securityfocus.com/archive/1/198495
Reference: BUGTRAQ:20010722 [SEC] Hole in PHPLib 7.2 prepend.php3
Reference: URL:http://www.securityfocus.com/archive/1/198768
Reference: BUGTRAQ:20010726 TSLSA-2001-0014 - PHPLib
Reference: URL:http://marc.info/?l=bugtraq&m=99616122712122&w=2
Reference: CALDERA:CSSA-2001-027.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2001-027.0.txt
Reference: CONECTIVA:CLA-2001:410
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000410
Reference: DEBIAN:DSA-073
Reference: URL:http://www.debian.org/security/2001/dsa-073
Reference: XF:phplib-script-execution(6892)
Reference: URL:http://www.iss.net/security_center/static/6892.php

---

Name: CVE-2001-1371

Description:

The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager.

Status:Entry
Reference: BID:4289
Reference: URL:http://www.securityfocus.com/bid/4289
Reference: BUGTRAQ:20020206 Hackproofing Oracle Application Server paper
Reference: URL:http://marc.info/?l=bugtraq&m=101301813117562&w=2
Reference: CERT:CA-2002-08
Reference: URL:http://www.cert.org/advisories/CA-2002-08.html
Reference: CERT-VN:VU#736923
Reference: URL:http://www.kb.cert.org/vuls/id/736923
Reference: CONFIRM:http://technet.oracle.com/deploy/security/pdf/ias_soap_alert.pdf
Reference: MISC:http://www.nextgenss.com/papers/hpoas.pdf
Reference: XF:oracle-appserver-soap-components(8449)
Reference: URL:http://www.iss.net/security_center/static/8449.php

---

Name: CVE-2001-1372

Description:

Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message.

Status:Entry
Reference: BID:3341
Reference: URL:http://www.securityfocus.com/bid/3341
Reference: BUGTRAQ:20010917 Yet another path disclosure vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=100074087824021&w=2
Reference: BUGTRAQ:20010921 Response to "Path disclosure vulnerability in Oracle 9i and 8i
Reference: URL:http://marc.info/?l=bugtraq&m=100119633925473&w=2
Reference: CERT:CA-2002-08
Reference: URL:http://www.cert.org/advisories/CA-2002-08.html
Reference: CERT-VN:VU#278971
Reference: URL:http://www.kb.cert.org/vuls/id/278971
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/jspexecute_alert.pdf
Reference: MISC:http://www.nii.co.in/research.html
Reference: XF:oracle-jsp-reveal-path(7135)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7135

---

Name: CVE-2001-1373

Description:

MailSafe in Zone Labs ZoneAlarm 2.6 and earlier and ZoneAlarm Pro 2.6 and 2.4 does not block prohibited file types with long file names, which allows remote attackers to send potentially dangerous attachments.

Status:Entry
Reference: BID:3055
Reference: URL:http://www.securityfocus.com/bid/3055
Reference: BUGTRAQ:20010718 ZoneAlarm Pro
Reference: URL:http://www.securityfocus.com/archive/1/197681
Reference: CONFIRM:http://www.zonelabs.com/products/zap/rel_history.html#2.6.362
Reference: XF:zonealarm-bypass-mailsafe(6877)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6877

---

Name: CVE-2001-1374

Description:

expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges via a Trojan horse library that is accessed by mkpasswd.

Status:Entry
Reference: BID:3074
Reference: URL:http://www.securityfocus.com/bid/3074
Reference: CONECTIVA:CLA-2001:409
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000409
Reference: CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=22187
Reference: CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=28224
Reference: MANDRAKE:MDKSA-2002:060
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:060
Reference: REDHAT:RHSA-2002:148
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-148.html
Reference: XF:expect-insecure-library-search(6870)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6870

---

Name: CVE-2001-1375

Description:

tcl/tk package (tcltk) 8.3.1 searches for its libraries in the current working directory before other directories, which could allow local users to execute arbitrary code via a Trojan horse library that is under a user-controlled directory.

Status:Entry
Reference: BID:3073
Reference: URL:http://www.securityfocus.com/bid/3073
Reference: CONECTIVA:CLA-2001:409
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000409
Reference: CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=28226
Reference: MANDRAKE:MDKSA-2002:060
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:060
Reference: REDHAT:RHSA-2002:148
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-148.html
Reference: XF:tcltk-insecure-library-search(6869)
Reference: URL:http://www.iss.net/security_center/static/6869.php

---

Name: CVE-2001-1378

Description:

fetchmailconf in fetchmail before 5.7.4 allows local users to overwrite files of other users via a symlink attack on temporary files.

Status:Entry
Reference: MISC:http://lists.ccil.org/pipermail/fetchmail-announce/2001-March/000015.html
Reference: REDHAT:RHSA-2001:103
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-103.html

---

Name: CVE-2001-1380

Description:

OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses.

Status:Entry
Reference: BID:3369
Reference: URL:http://www.securityfocus.com/bid/3369
Reference: BUGTRAQ:20010926 OpenSSH Security Advisory (adv.option)
Reference: URL:http://marc.info/?l=bugtraq&m=100154541809940&w=2
Reference: BUGTRAQ:20011017 TSLSA-2001-0023 - OpenSSH
Reference: BUGTRAQ:20011018 Immunix OS update for OpenSSH
Reference: BUGTRAQ:20011019 TSLSA-2001-0026 - OpenSSH
Reference: CERT-VN:VU#905795
Reference: URL:http://www.kb.cert.org/vuls/id/905795
Reference: CIAC:M-010
Reference: URL:http://www.ciac.org/ciac/bulletins/m-010.shtml
Reference: CONECTIVA:CLSA-2001:431
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000431
Reference: IMMUNIX:IMNX-2001-70-034-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-034-01
Reference: MANDRAKE:MDKSA-2001:081
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-081.php
Reference: OSVDB:642
Reference: URL:http://www.osvdb.org/642
Reference: REDHAT:RHSA-2001:114
Reference: URL:http://rhn.redhat.com/errata/RHSA-2001-114.html
Reference: XF:openssh-access-control-bypass(7179)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7179

---

Name: CVE-2001-1382

Description:

The "echo simulation" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional echo packet after the password and carriage return is entered, which could allow remote attackers to determine that the countermeasure is being used.

Status:Entry
Reference: CONFIRM:http://www.openwall.com/Owl/CHANGES-stable.shtml
Reference: OSVDB:5408
Reference: URL:http://www.osvdb.org/5408

---

Name: CVE-2001-1383

Description:

initscript in setserial 2.17-4 and earlier uses predictable temporary file names, which could allow local users to conduct unauthorized operations on files.

Status:Entry
Reference: BID:3367
Reference: URL:http://www.securityfocus.com/bid/3367
Reference: REDHAT:RHSA-2001:110
Reference: URL:http://rhn.redhat.com/errata/RHSA-2001-110.html
Reference: XF:linux-setserial-initscript-symlink(7177)
Reference: URL:http://www.iss.net/security_center/static/7177.php

---

Name: CVE-2001-1385

Description:

The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.

Status:Entry
Reference: BID:2205
Reference: URL:http://www.securityfocus.com/bid/2205
Reference: BUGTRAQ:20010112 PHP Security Advisory - Apache Module bugs
Reference: URL:http://marc.info/?l=bugtraq&m=97957961212852
Reference: CONECTIVA:CLA-2001:373
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000373
Reference: DEBIAN:DSA-020
Reference: URL:http://www.debian.org/security/2001/dsa-020
Reference: MANDRAKE:MDKSA-2001:013
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-013.php3
Reference: REDHAT:RHSA-2000:136
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-136.html
Reference: XF:php-view-source-code(5939)
Reference: URL:http://www.iss.net/security_center/static/5939.php

---

Name: CVE-2001-1386

Description:

WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a ".lnk." extension, which bypasses WFTPD's check for a ".lnk" extension.

Status:Entry
Reference: BID:2957
Reference: URL:http://www.securityfocus.com/bid/2957
Reference: BUGTRAQ:20010701 WFTPD v3.00 R5 Directory Traversal
Reference: URL:http://www.securityfocus.com/archive/1/194442
Reference: XF:ftp-lnk-directory-traversal(6760)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/6760

---

Name: CVE-2001-1391

Description:

Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory.

Status:Entry
Reference: BUGTRAQ:20010405 Trustix Security Advisory #2001-0003 - kernel
Reference: URL:http://marc.info/?l=bugtraq&m=98653252326445&w=2
Reference: BUGTRAQ:20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels
Reference: URL:http://marc.info/?l=bugtraq&m=98684172109474&w=2
Reference: CALDERA:CSSA-2001-012.0
Reference: URL:http://marc.info/?l=bugtraq&m=98637996127004&w=2
Reference: CONECTIVA:CLA-2001:394
Reference: URL:http://marc.info/?l=bugtraq&m=98775114228203&w=2
Reference: CONFIRM:http://www.linux.org.uk/VERSION/relnotes.2219.html
Reference: DEBIAN:DSA-047
Reference: URL:https://www.debian.org/security/2001/dsa-047
Reference: IMMUNIX:IMNX-2001-70-010-01
Reference: URL:http://marc.info/?l=bugtraq&m=98575345009963&w=2
Reference: MANDRAKE:MDKSA-2001:037
Reference: URL:http://marc.info/?l=bugtraq&m=98759029811377&w=2
Reference: REDHAT:RHSA-2001:047
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-047.html
Reference: SUSE:SuSE-SA:2001:018
Reference: URL:http://marc.info/?l=bugtraq&m=99013830726309&w=2
Reference: XF:linux-cpia-memory-overwrite(11162)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/11162

---

Name: CVE-2001-1406

Description:

process_bug.cgi in Bugzilla before 2.14 does not set the "groupset" bit when a bug is moved between product groups, which will cause the bug to have the old group's restrictions, which might not be as stringent.

Status:Entry
Reference: BUGTRAQ:20010829 Security Advisory for Bugzilla v2.13 and older
Reference: URL:http://marc.info/?l=bugtraq&m=99912899900567
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=66235
Reference: REDHAT:RHSA-2001:107
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-107.html
Reference: XF:bugzilla-processbug-old-restrictions(10478)
Reference: URL:http://www.iss.net/security_center/static/10478.php

---

Name: CVE-2001-1407

Description:

Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug.

Status:Entry
Reference: BUGTRAQ:20010829 Security Advisory for Bugzilla v2.13 and older
Reference: URL:http://marc.info/?l=bugtraq&m=99912899900567
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=96085
Reference: REDHAT:RHSA-2001:107
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-107.html
Reference: XF:bugzilla-duplicate-view-restricted(10479)
Reference: URL:http://www.iss.net/security_center/static/10479.php

---

Name: CVE-2002-0002

Description:

Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code.

Status:Entry
Reference: BID:3748
Reference: URL:http://www.securityfocus.com/bid/3748
Reference: BUGTRAQ:20011227 Stunnel: Format String Bug in versions <3.22
Reference: URL:http://online.securityfocus.com/archive/1/247427
Reference: BUGTRAQ:20020102 Stunnel: Format String Bug update
Reference: URL:http://online.securityfocus.com/archive/1/248149
Reference: CONFIRM:http://stunnel.mirt.net/news.html
Reference: MANDRAKE:MDKSA-2002:004
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-004.php3
Reference: MISC:http://marc.info/?l=stunnel-users&m=100869449828705&w=2
Reference: REDHAT:RHSA-2002:002
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-002.html
Reference: XF:stunnel-client-format-string(7741)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7741

---

Name: CVE-2002-0003

Description:

Buffer overflow in the preprocessor in groff 1.16 and earlier allows remote attackers to gain privileges via lpd in the LPRng printing system.

Status:Entry
Reference: BID:3869
Reference: URL:http://www.securityfocus.com/bid/3869
Reference: HP:HPSBTL0201-014
Reference: URL:http://online.securityfocus.com/advisories/3793
Reference: MANDRAKE:MDKSA-2002:012
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-012.php
Reference: REDHAT:RHSA-2002:004
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-004.html
Reference: XF:linux-groff-preprocessor-bo(7881)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7881

---

Name: CVE-2002-0004

Description:

Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.

Status:Entry
Reference: BID:3886
Reference: URL:http://www.securityfocus.com/bid/3886
Reference: BUGTRAQ:20020117 '/usr/bin/at 31337 + vuln' problem + exploit
Reference: URL:http://marc.info/?l=bugtraq&m=101128661602088&w=2
Reference: DEBIAN:DSA-102
Reference: URL:http://www.debian.org/security/2002/dsa-102
Reference: HP:HPSBTL0201-021
Reference: URL:http://online.securityfocus.com/advisories/3833
Reference: HP:HPSBTL0302-034
Reference: URL:http://online.securityfocus.com/advisories/3969
Reference: MANDRAKE:MDKSA-2002:007
Reference: URL:http://marc.info/?l=bugtraq&m=101147632721031&w=2
Reference: REDHAT:RHSA-2002:015
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-015.html
Reference: SUSE:SuSE-SA:2002:003
Reference: URL:http://www.novell.com/linux/security/advisories/2002_003_at_txt.html
Reference: XF:linux-at-exetime-heap-corruption(7909)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7909

---

Name: CVE-2002-0005

Description:

Buffer overflow in AOL Instant Messenger (AIM) 4.7.2480, 4.8.2616, and other versions allows remote attackers to execute arbitrary code via a long argument in a game request (AddGame).

Status:Entry
Reference: BID:3769
Reference: URL:http://www.securityfocus.com/bid/3769
Reference: BUGTRAQ:20020102 AIM addendum
Reference: URL:http://www.securityfocus.com/archive/1/247944
Reference: BUGTRAQ:20020102 w00w00 on AOL Instant Messenger (serious vulnerability)
Reference: URL:http://marc.info/?l=ntbugtraq&m=100998295512885&w=2
Reference: CERT-VN:VU#907819
Reference: URL:http://www.kb.cert.org/vuls/id/907819
Reference: NTBUGTRAQ:20020102 AIM addendum
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0201&L=ntbugtraq&F=P&S=&P=198
Reference: NTBUGTRAQ:20020102 w00w00 on AOL Instant Messenger (serious vulnerability)
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0201&L=ntbugtraq&F=P&S=&P=72
Reference: XF:aim-game-overflow(7743)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7743

---

Name: CVE-2002-0006

Description:

XChat 1.8.7 and earlier, including default configurations of 1.4.2 and 1.4.3, allows remote attackers to execute arbitrary IRC commands as other clients via encoded characters in a PRIVMSG command that calls CTCP PING, which expands the characters in the client response when the percascii variable is set.

Status:Entry
Reference: BID:3830
Reference: URL:http://www.securityfocus.com/bid/3830
Reference: BUGTRAQ:20020109 xchat IRC session hijacking vulnerability (versions 1.4.1, 1.4.2)
Reference: URL:http://marc.info/?l=bugtraq&m=101060676210255&w=2
Reference: CONECTIVA:CLA-2002:453
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000453
Reference: DEBIAN:DSA-099
Reference: URL:http://www.debian.org/security/2002/dsa-099
Reference: HP:HPSBTL0201-016
Reference: URL:http://online.securityfocus.com/advisories/3806
Reference: REDHAT:RHSA-2002:005
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-005.html
Reference: XF:xchat-ctcp-ping-command(7856)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7856

---

Name: CVE-2002-0007

Description:

CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server.

Status:Entry
Reference: BID:3792
Reference: URL:http://www.securityfocus.com/bid/3792
Reference: BUGTRAQ:20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html
Reference: CONFIRM:http://www.bugzilla.org/security2_14_1.html
Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=54901
Reference: REDHAT:RHSA-2002:001
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-001.html
Reference: XF:bugzilla-ldap-auth-bypass(7812)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7812

---

Name: CVE-2002-0009

Description:

show_bug.cgi in Bugzilla before 2.14.1 allows a user with "Bugs Access" privileges to see other products that are not accessible to the user, by submitting a bug and reading the resulting Product pulldown menu.

Status:Entry
Reference: BID:3798
Reference: URL:http://www.securityfocus.com/bid/3798
Reference: BUGTRAQ:20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html
Reference: CONFIRM:http://www.bugzilla.org/security2_14_1.html
Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=102141
Reference: REDHAT:RHSA-2002:001
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-001.html
Reference: XF:bugzilla-showbug-reveal-bugs(7802)
Reference: URL:http://www.iss.net/security_center/static/7802.php

---

Name: CVE-2002-0011

Description:

Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may allow remote attackers to more easily conduct attacks on the login.

Status:Entry
Reference: BID:3800
Reference: URL:http://www.securityfocus.com/bid/3800
Reference: BUGTRAQ:20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0034.html
Reference: CONFIRM:http://www.bugzilla.org/security2_14_1.html
Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=98146
Reference: REDHAT:RHSA-2002:001
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-001.html
Reference: XF:bugzilla-doeditvotes-login-information(7803)
Reference: URL:http://www.iss.net/security_center/static/7803.php

---

Name: CVE-2002-0014

Description:

URL-handling code in Pine 4.43 and earlier allows remote attackers to execute arbitrary commands via a URL enclosed in single quotes and containing shell metacharacters (&).

Status:Entry
Reference: BID:3815
Reference: URL:http://www.securityfocus.com/bid/3815
Reference: BUGTRAQ:20020105 Pine 4.33 (at least) URL handler allows embedded commands.
Reference: URL:http://marc.info/?l=bugtraq&m=101027841605918&w=2
Reference: CONECTIVA:CLA-2002:460
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000460
Reference: ENGARDE:ESA-20020114-002
Reference: FREEBSD:FreeBSD-SA-02:05
Reference: HP:HPSBTL0201-015
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0201-015
Reference: REDHAT:RHSA-2002:009
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-009.html

---

Name: CVE-2002-0017

Description:

Buffer overflow in SNMP daemon (snmpd) on SGI IRIX 6.5 through 6.5.15m allows remote attackers to execute arbitrary code via an SNMP request.

Status:Entry
Reference: BID:4421
Reference: URL:http://www.securityfocus.com/bid/4421
Reference: ISS:20020403 Remote Buffer Overflow Vulnerability in IRIX SNMP Daemon
Reference: URL:http://www.iss.net/security_center/alerts/advise113.php
Reference: SGI:20020201-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020201-01-P
Reference: XF:irix-snmp-bo(7846)
Reference: URL:http://www.iss.net/security_center/static/7846.php

---

Name: CVE-2002-0018

Description:

In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.

Status:Entry
Reference: BID:3997
Reference: URL:http://www.securityfocus.com/bid/3997
Reference: MS:MS02-001
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-001
Reference: OVAL:oval:org.mitre.oval:def:159
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A159
Reference: OVAL:oval:org.mitre.oval:def:64
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A64
Reference: XF:win-sid-gain-privileges(8023)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/8023

---

Name: CVE-2002-0020

Description:

Buffer overflow in telnet server in Windows 2000 and Interix 2.2 allows remote attackers to execute arbitrary code via malformed protocol options.

Status:Entry
Reference: BID:4061
Reference: URL:http://www.securityfocus.com/bid/4061
Reference: MS:MS02-004
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-004
Reference: OVAL:oval:org.mitre.oval:def:424
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A424
Reference: XF:ms-telnet-option-bo(8094)
Reference: URL:http://www.iss.net/security_center/static/8094.php

---

Name: CVE-2002-0021

Description:

Network Product Identification (PID) Checker in Microsoft Office v. X for Mac allows remote attackers to cause a denial of service (crash) via a malformed product announcement.

Status:Entry
Reference: BID:4045
Reference: URL:http://www.securityfocus.com/bid/4045
Reference: MS:MS02-002
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-002
Reference: OSVDB:2041
Reference: URL:http://www.osvdb.org/2041

---

Name: CVE-2002-0022

Description:

Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated.

Status:Entry
Reference: BID:4080
Reference: URL:http://www.securityfocus.com/bid/4080
Reference: BUGTRAQ:20020213 dH & SECURITY.NNOV: buffer overflow in mshtml.dll
Reference: URL:http://marc.info/?l=bugtraq&m=101362984930597&w=2
Reference: BUGTRAQ:20020227 Details and exploitation of buffer overflow in mshtml.dll (and few sidenotes on Unicode overflows in general)
Reference: URL:http://online.securityfocus.com/archive/1/258614
Reference: CERT:CA-2002-04
Reference: URL:http://www.cert.org/advisories/CA-2002-04.html
Reference: MS:MS02-005
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005
Reference: OVAL:oval:org.mitre.oval:def:925
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A925
Reference: XF:ie-html-directive-bo(8116)
Reference: URL:http://www.iss.net/security_center/static/8116.php

---

Name: CVE-2002-0023

Description:

Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.

Status:Entry
Reference: BID:3767
Reference: URL:http://www.securityfocus.com/bid/3767
Reference: BUGTRAQ:20020101 IE GetObject() problems
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-01/0000.html
Reference: MS:MS02-005
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005
Reference: OSVDB:3030
Reference: URL:http://www.osvdb.org/3030
Reference: OVAL:oval:org.mitre.oval:def:17
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A17
Reference: OVAL:oval:org.mitre.oval:def:40
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A40
Reference: OVAL:oval:org.mitre.oval:def:50
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A50
Reference: OVAL:oval:org.mitre.oval:def:77
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A77
Reference: XF:ie-getobject-directory-traversal(7758)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7758

---

Name: CVE-2002-0024

Description:

File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an attacker to use the Content-Disposition and Content-Type HTML header fields to modify how the name of the file is displayed, which could trick a user into believing that a file is safe to download.

Status:Entry
Reference: BID:4087
Reference: URL:http://www.securityfocus.com/bid/4087
Reference: MS:MS02-005
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005

---

Name: CVE-2002-0025

Description:

Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the Content-Type HTML header field, which allows remote attackers to modify which application is used to process a document.

Status:Entry
Reference: BID:4085
Reference: URL:http://www.securityfocus.com/bid/4085
Reference: BUGTRAQ:20020212 [ GFISEC04102001 ] Internet Explorer and Access allow macros to be executed automatically
Reference: URL:http://online.securityfocus.com/archive/1/255767
Reference: MS:MS02-005
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005
Reference: XF:ie-application-invocation(8118)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/8118

---

Name: CVE-2002-0026

Description:

Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made.

Status:Entry
Reference: BID:4082
Reference: URL:http://www.securityfocus.com/bid/4082
Reference: MS:MS02-005
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005
Reference: OVAL:oval:org.mitre.oval:def:12
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12
Reference: OVAL:oval:org.mitre.oval:def:23
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A23
Reference: OVAL:oval:org.mitre.oval:def:32
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A32

---

Name: CVE-2002-0027

Description:

Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874.

Status:Entry
Reference: BID:3721
Reference: URL:http://www.securityfocus.com/bid/3721
Reference: BUGTRAQ:20011219 Internet Explorer Document.Open() Without Close() Cookie Stealing, File Reading, Site Spoofing Bug
Reference: URL:http://www.securityfocus.com/archive/1/246522
Reference: MS:MS02-005
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-005
Reference: OSVDB:3031
Reference: URL:http://www.osvdb.org/3031
Reference: OVAL:oval:org.mitre.oval:def:974
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A974

---

Name: CVE-2002-0028

Description:

Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows remote attackers to execute arbitrary code via a Voice Video & Games request.

Status:Entry
Reference: BID:3813
Reference: URL:http://www.securityfocus.com/bid/3813
Reference: BUGTRAQ:20020106 ICQ remote buffer overflow vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=101043894627851&w=2
Reference: CERT:CA-2002-02
Reference: URL:http://www.cert.org/advisories/CA-2002-02.html
Reference: CERT-VN:VU#570167
Reference: URL:http://www.kb.cert.org/vuls/id/570167
Reference: VULN-DEV:20020107 ICQ remote buffer overflow vulnerability
Reference: URL:http://marc.info/?l=vuln-dev&m=101043076806401&w=2
Reference: XF:aim-game-overflow(7743)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7743

---

Name: CVE-2002-0032

Description:

Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary script as other users via the addview parameter of a ymsgr URI.

Status:Entry
Reference: BID:4838
Reference: URL:http://www.securityfocus.com/bid/4838
Reference: BUGTRAQ:20020527 Yahoo Messenger - Multiple Vulnerabilities
Reference: URL:http://online.securityfocus.com/archive/1/274223
Reference: CERT:CA-2002-16
Reference: URL:http://www.cert.org/advisories/CA-2002-16.html
Reference: CERT-VN:VU#172315
Reference: URL:http://www.kb.cert.org/vuls/id/172315
Reference: XF:yahoo-messenger-script-injection(9184)
Reference: URL:http://www.iss.net/security_center/static/9184.php

---

Name: CVE-2002-0033

Description:

Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name.

Status:Entry
Reference: BID:4674
Reference: URL:http://www.securityfocus.com/bid/4674
Reference: BUGTRAQ:20020505 [LSD] Solaris cachefsd remote buffer overflow vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0026.html
Reference: CERT:CA-2002-11
Reference: URL:http://www.cert.org/advisories/CA-2002-11.html
Reference: CERT-VN:VU#635811
Reference: URL:http://www.kb.cert.org/vuls/id/635811
Reference: CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F44309
Reference: OVAL:oval:org.mitre.oval:def:124
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A124
Reference: OVAL:oval:org.mitre.oval:def:31
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A31
Reference: XF:solaris-cachefsd-name-bo(8999)
Reference: URL:http://www.iss.net/security_center/static/8999.php

---

Name: CVE-2002-0036

Description:

Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value.

Status:Entry
Reference: BID:6713
Reference: URL:http://www.securityfocus.com/bid/6713
Reference: CERT-VN:VU#587579
Reference: URL:http://www.kb.cert.org/vuls/id/587579
Reference: CONECTIVA:CLA-2003:639
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt
Reference: MANDRAKE:MDKSA-2003:043
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:043
Reference: OSVDB:4896
Reference: URL:http://www.osvdb.org/4896
Reference: REDHAT:RHSA-2003:051
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-051.html
Reference: REDHAT:RHSA-2003:052
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-052.html
Reference: REDHAT:RHSA-2003:168
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-168.html
Reference: XF:kerberos-kdc-neglength-bo(11190)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/11190

---

Name: CVE-2002-0038

Description:

Vulnerability in the cache-limiting function of the unified name service daemon (nsd) in IRIX 6.5.4 through 6.5.11 allows remote attackers to cause a denial of service by forcing the cache to fill the disk.

Status:Entry
Reference: BID:3882
Reference: URL:http://www.securityfocus.com/bid/3882
Reference: SGI:20020102-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020102-01-I
Reference: SGI:20020102-02-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020102-02-I
Reference: SGI:20020102-03-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020102-03-P
Reference: XF:irix-nsd-cache-dos(7907)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7907

---

Name: CVE-2002-0040

Description:

Vulnerability in SGI IRIX 6.5.11 through 6.5.15f allows local users to cause privileged applications to dump core via the HOSTALIASES environment variable, which might allow the users to gain privileges.

Status:Entry
Reference: BID:4388
Reference: URL:http://www.securityfocus.com/bid/4388
Reference: OSVDB:2058
Reference: URL:http://www.osvdb.org/2058
Reference: SGI:20020306-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020306-01-P
Reference: XF:irix-hostaliases-gain-privileges(8669)
Reference: URL:http://www.iss.net/security_center/static/8669.php

---

Name: CVE-2002-0042

Description:

Vulnerability in the XFS file system for SGI IRIX before 6.5.12 allows local users to cause a denial of service (hang) by creating a file that is not properly processed by XFS.

Status:Entry
Reference: BID:4511
Reference: URL:http://www.securityfocus.com/bid/4511
Reference: SGI:20020402-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020402-01-P
Reference: XF:irix-xfs-dos(8839)
Reference: URL:http://www.iss.net/security_center/static/8839.php

---

Name: CVE-2002-0043

Description:

sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked.

Status:Entry
Reference: BID:3871
Reference: URL:http://www.securityfocus.com/bid/3871
Reference: BUGTRAQ:20020114 Sudo version 1.6.4 now available (fwd)
Reference: URL:http://www.securityfocus.com/archive/1/250168
Reference: BUGTRAQ:20020116 Sudo +Postfix Exploit
Reference: URL:http://marc.info/?l=bugtraq&m=101120193627756&w=2
Reference: CONECTIVA:CLA-2002:451
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000451
Reference: DEBIAN:DSA-101
Reference: URL:http://www.debian.org/security/2002/dsa-101
Reference: ENGARDE:ESA-20020114-001
Reference: FREEBSD:FreeBSD-SA-02:06
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02%3A06.asc
Reference: IMMUNIX:IMNX-2002-70-001-01
Reference: URL:http://www.securityfocus.com/advisories/3800
Reference: MANDRAKE:MDKSA-2002:003
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:003
Reference: MISC:http://www.sudo.ws/sudo/alerts/postfix.html
Reference: REDHAT:RHSA-2002:011
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-011.html
Reference: REDHAT:RHSA-2002:013
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-013.html
Reference: SUSE:SuSE-SA:2002:002
Reference: URL:http://www.novell.com/linux/security/advisories/2002_002_sudo_txt.html
Reference: XF:sudo-unclean-env-root(7891)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7891

---

Name: CVE-2002-0044

Description:

GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files.

Status:Entry
Reference: BID:3920
Reference: URL:http://www.securityfocus.com/bid/3920
Reference: DEBIAN:DSA-105
Reference: URL:http://www.debian.org/security/2002/dsa-105
Reference: HP:HPSBTL0201-019
Reference: URL:http://www.securityfocus.com/advisories/3818
Reference: MANDRAKE:MDKSA-2002:010
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-010.php3
Reference: REDHAT:RHSA-2002:012
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-012.html
Reference: XF:gnu-enscript-tmpfile-symlink(7932)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7932

---

Name: CVE-2002-0045

Description:

slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous users before 2.0.8, to conduct a "replace" action on access controls without any values, which causes OpenLDAP to delete non-mandatory attributes that would otherwise be protected by ACLs.

Status:Entry
Reference: BID:3945
Reference: URL:http://www.securityfocus.com/bid/3945
Reference: CALDERA:CSSA-2002-001.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-001.0.txt
Reference: CONECTIVA:CLA-2002:459
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000459
Reference: CONFIRM:http://www.openldap.org/lists/openldap-announce/200201/msg00002.html
Reference: HP:HPSBTL0201-020
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0201-020
Reference: MANDRAKE:MDKSA-2002:013
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:013
Reference: OSVDB:5395
Reference: URL:http://www.osvdb.org/5395
Reference: REDHAT:RHSA-2002:014
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-014.html
Reference: XF:openldap-slapd-delete-attributes(7978)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7978

---

Name: CVE-2002-0046

Description:

Linux kernel, and possibly other operating systems, allows remote attackers to read portions of memory via a series of fragmented ICMP packets that generate an ICMP TTL Exceeded response, which includes portions of the memory in the response packet.

Status:Entry
Reference: BUGTRAQ:20020120 remote memory reading through tcp/icmp
Reference: URL:http://www.securityfocus.com/archive/1/251418
Reference: OSVDB:5394
Reference: URL:http://www.osvdb.org/5394
Reference: REDHAT:RHSA-2002:007
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-007.html
Reference: XF:icmp-read-memory(7998)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7998

---

Name: CVE-2002-0047

Description:

CIPE VPN package before 1.3.0-3 allows remote attackers to cause a denial of service (crash) via a short malformed packet.

Status:Entry
Reference: DEBIAN:DSA-104
Reference: URL:http://www.debian.org/security/2002/dsa-104
Reference: REDHAT:RHSA-2002:007
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-007.html
Reference: XF:cipe-packet-handling-dos(7883)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7883

---

Name: CVE-2002-0049

Description:

Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.

Status:Entry
Reference: BID:4053
Reference: URL:http://www.securityfocus.com/bid/4053
Reference: MS:MS02-003
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-003
Reference: OSVDB:2042
Reference: URL:http://www.osvdb.org/2042
Reference: OVAL:oval:org.mitre.oval:def:1022
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1022
Reference: XF:exchange-attendant-incorrect-permissions(8092)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/8092

---

Name: CVE-2002-0050

Description:

Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data.

Status:Entry
Reference: BID:4157
Reference: URL:http://www.securityfocus.com/bid/4157
Reference: MS:MS02-010
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-010

---

Name: CVE-2002-0051

Description:

Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access.

Status:Entry
Reference: BID:4438
Reference: URL:http://www.securityfocus.com/bid/4438
Reference: BUGTRAQ:20011205 SECURITY.NNOV: file locking and security (group policy DoS on Windows 2000 domain)
Reference: URL:http://online.securityfocus.com/archive/1/244329
Reference: MS:MS02-016
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-016
Reference: OVAL:oval:org.mitre.oval:def:38
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A38

---

Name: CVE-2002-0052

Description:

Internet Explorer 6.0 and earlier does not properly handle VBScript in certain domain security checks, which allows remote attackers to read arbitrary files.

Status:Entry
Reference: BID:4158
Reference: URL:http://www.securityfocus.com/bid/4158
Reference: MS:MS02-009
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-009
Reference: OSVDB:763
Reference: URL:http://www.osvdb.org/763
Reference: SECTRACK:1003630
Reference: URL:http://securitytracker.com/id?1003630

---

Name: CVE-2002-0054

Description:

SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.

Status:Entry
Reference: BID:4205
Reference: URL:http://www.securityfocus.com/bid/4205
Reference: BUGTRAQ:20020301 IIS SMTP component allows mail relaying via Null Session
Reference: URL:http://marc.info/?l=bugtraq&m=101501580409373&w=2
Reference: MS:MS02-011
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-011

---

Name: CVE-2002-0055

Description:

SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.

Status:Entry
Reference: BID:4204
Reference: URL:http://www.securityfocus.com/bid/4204
Reference: BUGTRAQ:20020306 Vulnerability Details for MS02-012
Reference: URL:http://marc.info/?l=bugtraq&m=101558498401274&w=2
Reference: MS:MS02-012
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-012
Reference: OVAL:oval:org.mitre.oval:def:30
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A30
Reference: XF:ms-smtp-data-transfer-dos(8307)
Reference: URL:http://www.iss.net/security_center/static/8307.php

---

Name: CVE-2002-0057

Description:

XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.

Status:Entry
Reference: BID:3699
Reference: URL:http://www.securityfocus.com/bid/3699
Reference: BUGTRAQ:20011214 MSIE6 can read local files
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-12/0152.html
Reference: BUGTRAQ:20020212 Update on the MS02-005 patch, holes still remain
Reference: URL:http://marc.info/?l=bugtraq&m=101366383408821&w=2
Reference: MS:MS02-008
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-008
Reference: OSVDB:3032
Reference: URL:http://www.osvdb.org/3032
Reference: XF:ie-xmlhttp-redirect(7712)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7712

---

Name: CVE-2002-0059

Description:

The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.

Status:Entry
Reference: BID:4267
Reference: URL:http://www.securityfocus.com/bid/4267
Reference: BUGTRAQ:20020311 security problem fixed in zlib 1.1.4
Reference: BUGTRAQ:20020312 Re: [VulnWatch] exploiting the zlib bug in openssh
Reference: BUGTRAQ:20020312 [OpenPKG-SA-2002.003] OpenPKG Security Advisory (zlib)
Reference: BUGTRAQ:20020312 exploiting the zlib bug in openssh
Reference: BUGTRAQ:20020312 zlib & java
Reference: BUGTRAQ:20020312 zlibscan : script to find suid binaries possibly affected by zlib vulnerability
Reference: BUGTRAQ:20020313 OpenSSH rebuild warning: problems avoiding zlib problems in Solaris
Reference: BUGTRAQ:20020314 Re: about zlib vulnerability - Microsoft products
Reference: BUGTRAQ:20020314 ZLib double free bug: Windows NT potentially unaffected
Reference: BUGTRAQ:20020314 about zlib vulnerability
Reference: BUGTRAQ:20020315 RE: [Whitehat] about zlib vulnerability
Reference: BUGTRAQ:20020318 TSLSA-2002-0040 - zlib
Reference: BUGTRAQ:20020402 VNC Security Bulletin - zlib double free issue (multiple vendors and versions)
Reference: CALDERA:CSSA-2002-014.1
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt
Reference: CALDERA:CSSA-2002-015.1
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-015.1.txt
Reference: CERT:CA-2002-07
Reference: URL:http://www.cert.org/advisories/CA-2002-07.html
Reference: CERT-VN:VU#368819
Reference: URL:http://www.kb.cert.org/vuls/id/368819
Reference: CISCO:20020403 Vulnerability in the zlib Compression Library
Reference: CONECTIVA:CLA-2002:469
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000469
Reference: DEBIAN:DSA-122
Reference: URL:http://www.debian.org/security/2002/dsa-122
Reference: ENGARDE:ESA-20020311-008
Reference: FREEBSD:FreeBSD-SA-02:18
Reference: HP:HPSBTL0204-030
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-030
Reference: HP:HPSBTL0204-036
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-036
Reference: HP:HPSBTL0204-037
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0204-037
Reference: MANDRAKE:MDKSA-2002:022
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:022
Reference: MANDRAKE:MDKSA-2002:023
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-023.php
Reference: MANDRAKE:MDKSA-2002:024
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3
Reference: OPENBSD:20020313 015: RELIABILITY FIX: March 13, 2002
Reference: REDHAT:RHSA-2002:026
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-026.html
Reference: REDHAT:RHSA-2002:027
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-027.html
Reference: SUSE:SuSE-SA:2002:010
Reference: SUSE:SuSE-SA:2002:011
Reference: VULNWATCH:20020311 [VulnWatch] zlibscan : script to find suid binaries possibly affected by zlib vulnerability
Reference: VULNWATCH:20020312 exploiting the zlib bug in openssh
Reference: XF:zlib-doublefree-memory-corruption(8427)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/8427

---

Name: CVE-2002-0060

Description:

IRC connection tracking helper module in the netfilter subsystem for Linux 2.4.18-pre9 and earlier does not properly set the mask for conntrack expectations for incoming DCC connections, which could allow remote attackers to bypass intended firewall restrictions.

Status:Entry
Reference: BID:4188
Reference: URL:http://www.securityfocus.com/bid/4188
Reference: BUGTRAQ:20020227 security advisory linux 2.4.x ip_conntrack_irc
Reference: URL:http://marc.info/?l=bugtraq&m=101483396412051&w=2
Reference: CERT-VN:VU#230307
Reference: URL:http://www.kb.cert.org/vuls/id/230307
Reference: CONFIRM:http://www.netfilter.org/security/2002-02-25-irc-dcc-mask.html
Reference: HP:HPSBUX0203-027
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0203-027
Reference: MANDRAKE:MDKSA-2002:041
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:041
Reference: REDHAT:RHSA-2002:028
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-028.html
Reference: VULN-DEV:20020227 Fwd: [ANNOUNCE] Security Advisory about IRC DCC connection tracking
Reference: URL:http://marc.info/?l=vuln-dev&m=101486352429653&w=2
Reference: XF:linux-dcc-port-access(8302)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/8302

---

Name: CVE-2002-0061

Description:

Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.

Status:Entry
Reference: BID:4335
Reference: URL:http://www.securityfocus.com/bid/4335
Reference: BUGTRAQ:20020321 Vulnerability in Apache for Win32 batch file processing - Remote command execution
Reference: URL:http://marc.info/?l=bugtraq&m=101674082427358&w=2
Reference: BUGTRAQ:20020325 Apache 1.3.24 Released! (fwd)
Reference: URL:http://online.securityfocus.com/archive/1/263927
Reference: CONFIRM:http://www.apacheweek.com/issues/02-03-29#apache1324
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
Reference: URL:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
Reference: URL:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
Reference: XF:apache-dos-batch-command-execution(8589)
Reference: URL:http://www.iss.net/security_center/static/8589.php

---

Name: CVE-2002-0062

Description:

Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling."

Status:Entry
Reference: BID:2116
Reference: URL:http://www.securityfocus.com/bid/2116
Reference: DEBIAN:DSA-113
Reference: URL:http://www.debian.org/security/2002/dsa-113
Reference: REDHAT:RHSA-2002:020
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-020.html
Reference: XF:gnu-ncurses-window-bo(8222)
Reference: URL:http://www.iss.net/security_center/static/8222.php

---

Name: CVE-2002-0063

Description:

Buffer overflow in ippRead function of CUPS before 1.1.14 may allow attackers to execute arbitrary code via long attribute names or language values.

Status:Entry
Reference: BID:4100
Reference: URL:http://www.securityfocus.com/bid/4100
Reference: CALDERA:CSSA-2002-008.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-008.0.txt
Reference: CONECTIVA:CLA-2002:471
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000471
Reference: CONFIRM:http://www.cups.org/relnotes.html
Reference: DEBIAN:DSA-110
Reference: URL:http://www.debian.org/security/2002/dsa-110
Reference: MANDRAKE:MDKSA-2002:015
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-015.php
Reference: REDHAT:RHSA-2002:032
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-032.html
Reference: SUSE:SuSE-SA:2002:005
Reference: URL:http://lists2.suse.com/archive/suse-security-announce/2001-Mar/0000.html
Reference: SUSE:SuSE-SA:2002:006
Reference: XF:cups-ippread-bo(8192)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/8192

---

Name: CVE-2002-0064

Description:

Funk Software Proxy Host 3.x is installed with insecure permissions for the registry and the file system.

Status:Entry
Reference: BID:4458
Reference: URL:http://www.securityfocus.com/bid/4458
Reference: BINDVIEW:20020408 Unauthorized remote control access to systems running Funk Software's Proxy v3.x
Reference: URL:http://razor.bindview.com/publish/advisories/adv_FunkProxy.html
Reference: XF:funk-proxy-insecure-permissions(8791)
Reference: URL:http://www.iss.net/security_center/static/8791.php

---

Name: CVE-2002-0065

Description:

Funk Software Proxy Host 3.x uses weak encryption for the Proxy Host password, which allows local users to gain privileges by recovering the passwords from the PHOST.INI file or the Windows registry.

Status:Entry
Reference: BID:4459
Reference: URL:http://www.securityfocus.com/bid/4459
Reference: BINDVIEW:20020408 Unauthorized remote control access to systems running Funk Software's Proxy v3.x
Reference: URL:http://razor.bindview.com/publish/advisories/adv_FunkProxy.html
Reference: XF:funk-proxy-weak-password(8792)
Reference: URL:http://www.iss.net/security_center/static/8792.php

---

Name: CVE-2002-0066

Description:

Funk Software Proxy Host 3.x before 3.09A creates a Named Pipe that does not require authentication and is installed with insecure access control, which allows local and possibly remote users to use the Proxy Host's configuration utilities and gain privileges.

Status:Entry
Reference: BID:4460
Reference: URL:http://www.securityfocus.com/bid/4460
Reference: BINDVIEW:20020408 Unauthorized remote control access to systems running Funk Software's Proxy v3.x
Reference: URL:http://razor.bindview.com/publish/advisories/adv_FunkProxy.html
Reference: XF:funk-proxy-named-pipe(8793)
Reference: URL:http://www.iss.net/security_center/static/8793.php

---

Name: CVE-2002-0067

Description:

Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions.

Status:Entry
Reference: BID:4150
Reference: URL:http://www.securityfocus.com/bid/4150
Reference: BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1
Reference: URL:http://marc.info/?l=bugtraq&m=101431040422095&w=2
Reference: BUGTRAQ:20020222 TSLSA-2002-0031 - squid
Reference: URL:http://marc.info/?l=bugtraq&m=101443252627021&w=2
Reference: CALDERA:CSSA-2002-SCO.7
Reference: URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html
Reference: CONECTIVA:CLA-2002:464
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/bugs/
Reference: FREEBSD:FreeBSD-SA-02:12
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc
Reference: MANDRAKE:MDKSA-2002:016
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php
Reference: OSVDB:5379
Reference: URL:http://www.osvdb.org/5379
Reference: REDHAT:RHSA-2002:029
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-029.html
Reference: XF:squid-htcp-enabled(8261)
Reference: URL:http://www.iss.net/security_center/static/8261.php

---

Name: CVE-2002-0068

Description:

Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters.

Status:Entry
Reference: BID:4148
Reference: URL:http://www.securityfocus.com/bid/4148
Reference: BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1
Reference: URL:http://marc.info/?l=bugtraq&m=101431040422095&w=2
Reference: BUGTRAQ:20020222 Squid buffer overflow
Reference: URL:http://marc.info/?l=bugtraq&m=101440163111826&w=2
Reference: BUGTRAQ:20020222 TSLSA-2002-0031 - squid
Reference: URL:http://marc.info/?l=bugtraq&m=101443252627021&w=2
Reference: CALDERA:CSSA-2002-010.0
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2002-010.0.txt
Reference: CALDERA:CSSA-2002-SCO.7
Reference: URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html
Reference: CONECTIVA:CLA-2002:464
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/bugs/
Reference: FREEBSD:FreeBSD-SA-02:12
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc
Reference: MANDRAKE:MDKSA-2002:016
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php
Reference: OSVDB:5378
Reference: URL:http://www.osvdb.org/5378
Reference: REDHAT:RHSA-2002:029
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-029.html
Reference: SUSE:SuSE-SA:2002:008
Reference: URL:http://www.novell.com/linux/security/advisories/2002_008_squid_txt.html
Reference: XF:squid-ftpbuildtitleurl-bo(8258)
Reference: URL:http://www.iss.net/security_center/static/8258.php

---

Name: CVE-2002-0069

Description:

Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service.

Status:Entry
Reference: BID:4146
Reference: URL:http://www.securityfocus.com/bid/4146
Reference: BUGTRAQ:20020221 Squid HTTP Proxy Security Update Advisory 2002:1
Reference: URL:http://marc.info/?l=bugtraq&m=101431040422095&w=2
Reference: BUGTRAQ:20020222 TSLSA-2002-0031 - squid
Reference: URL:http://marc.info/?l=bugtraq&m=101443252627021&w=2
Reference: CALDERA:CSSA-2002-SCO.7
Reference: URL:http://archives.neohapsis.com/archives/linux/caldera/2002-q1/0014.html
Reference: CONECTIVA:CLA-2002:464
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000464
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/bugs/
Reference: FREEBSD:FreeBSD-SA-02:12
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:12.squid.asc
Reference: MANDRAKE:MDKSA-2002:016
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-016.php
Reference: REDHAT:RHSA-2002:029
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-029.html
Reference: XF:squid-snmp-dos(8260)
Reference: URL:http://www.iss.net/security_center/static/8260.php

---

Name: CVE-2002-0070

Description:

Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled.

Status:Entry
Reference: BID:4248
Reference: URL:http://www.securityfocus.com/bid/4248
Reference: BUGTRAQ:20020312 ADVISORY: Windows Shell Overflow
Reference: URL:http://marc.info/?l=bugtraq&m=101594127017290&w=2
Reference: MS:MS02-014
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-014
Reference: NTBUGTRAQ:20020311 ADVISORY: Windows Shell Overflow
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0203&L=ntbugtraq&F=P&S=&P=2404
Reference: OVAL:oval:org.mitre.oval:def:147
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A147
Reference: OVAL:oval:org.mitre.oval:def:18
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18
Reference: VULNWATCH:20020311 ADVISORY: Windows Shell Overflow
Reference: XF:win-shell-bo(8384)
Reference: URL:http://www.iss.net/security_center/static/8384.php

---

Name: CVE-2002-0071

Description:

Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names.

Status:Entry
Reference: ATSTAKE:A041002-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a041002-1.txt
Reference: BID:4474
Reference: URL:http://www.securityfocus.com/bid/4474
Reference: BUGTRAQ:20020411 KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun
Reference: URL:http://marc.info/?l=bugtraq&m=101854087828265&w=2
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html
Reference: CERT-VN:VU#363715
Reference: URL:http://www.kb.cert.org/vuls/id/363715
Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
Reference: MS:MS02-018
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018
Reference: OSVDB:3325
Reference: URL:http://www.osvdb.org/3325
Reference: OVAL:oval:org.mitre.oval:def:130
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A130
Reference: OVAL:oval:org.mitre.oval:def:45
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A45
Reference: VULNWATCH:20020411 [VulnWatch] KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun
Reference: XF:iis-htr-isapi-bo(8799)
Reference: URL:http://www.iss.net/security_center/static/8799.php

---

Name: CVE-2002-0072

Description:

The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer.

Status:Entry
Reference: BID:4479
Reference: URL:http://www.securityfocus.com/bid/4479
Reference: BUGTRAQ:20020411 KPMG-2002009: Microsoft IIS W3SVC Denial of Service
Reference: URL:http://marc.info/?l=bugtraq&m=101853851025208&w=2
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html
Reference: CERT-VN:VU#521059
Reference: URL:http://www.kb.cert.org/vuls/id/521059
Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
Reference: MS:MS02-018
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018
Reference: OSVDB:3326
Reference: URL:http://www.osvdb.org/3326
Reference: XF:iis-isapi-filter-error-dos(8800)
Reference: URL:http://www.iss.net/security_center/static/8800.php

---

Name: CVE-2002-0073

Description:

The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters.

Status:Entry
Reference: BID:4482
Reference: URL:http://www.securityfocus.com/bid/4482
Reference: BUGTRAQ:20020417 Microsoft FTP Service STAT Globbing DoS
Reference: URL:http://marc.info/?l=bugtraq&m=101901273810598&w=2
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html
Reference: CERT-VN:VU#412203
Reference: URL:http://www.kb.cert.org/vuls/id/412203
Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
Reference: MISC:http://www.digitaloffense.net/msftpd/advisory.txt
Reference: MS:MS02-018
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018
Reference: OSVDB:3328
Reference: URL:http://www.osvdb.org/3328
Reference: OVAL:oval:org.mitre.oval:def:24
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A24
Reference: OVAL:oval:org.mitre.oval:def:35
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A35
Reference: VULNWATCH:20020416 [VulnWatch] Microsoft FTP Service STAT Globbing DoS
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0023.html
Reference: XF:iis-ftp-session-status-dos(8801)
Reference: URL:http://www.iss.net/security_center/static/8801.php

---

Name: CVE-2002-0074

Description:

Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session.

Status:Entry
Reference: BID:4483
Reference: URL:http://www.securityfocus.com/bid/4483
Reference: BUGTRAQ:20020410 Cgisecurity Advisory #9: Novell Websearch, and Microsoft IIS XSS Issues
Reference: URL:http://seclists.org/bugtraq/2002/Apr/0126.html
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html
Reference: CERT-VN:VU#883091
Reference: URL:http://www.kb.cert.org/vuls/id/883091
Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
Reference: MISC:http://www.cgisecurity.com/advisory/9.txt
Reference: MS:MS02-018
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018
Reference: OSVDB:3338
Reference: URL:http://www.osvdb.org/3338
Reference: OVAL:oval:org.mitre.oval:def:46
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A46
Reference: XF:iis-help-file-css(8802)
Reference: URL:http://www.iss.net/security_center/static/8802.php

---

Name: CVE-2002-0075

Description:

Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message.

Status:Entry
Reference: BID:4487
Reference: URL:http://www.securityfocus.com/bid/4487
Reference: BUGTRAQ:20020411 [SNS Advisory No.49] A Possibility of Internet Information Server/Services Cross Site Scripting
Reference: URL:http://marc.info/?l=bugtraq&m=101854677802990&w=2
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html
Reference: CERT-VN:VU#520707
Reference: URL:http://www.kb.cert.org/vuls/id/520707
Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
Reference: MS:MS02-018
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018
Reference: OSVDB:3341
Reference: URL:http://www.osvdb.org/3341
Reference: OVAL:oval:org.mitre.oval:def:210
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A210
Reference: OVAL:oval:org.mitre.oval:def:58
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A58
Reference: XF:iis-redirected-url-error-css(8804)
Reference: URL:http://www.iss.net/security_center/static/8804.php

---

Name: CVE-2002-0076

Description:

Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and earlier, and possibly other implementations that use vulnerable versions of SDK or JDK, aka a variant of the "Virtual Machine Verifier" vulnerability.

Status:Entry
Reference: BID:4313
Reference: URL:http://www.securityfocus.com/bid/4313
Reference: COMPAQ:SSRT0822
Reference: MS:MS02-013
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-013
Reference: SUN:00218
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/218
Reference: XF:java-vm-verifier-variant(8480)
Reference: URL:http://www.iss.net/security_center/static/8480.php

---

Name: CVE-2002-0078

Description:

The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vulnerability.

Status:Entry
Reference: BID:4392
Reference: URL:http://www.securityfocus.com/bid/4392
Reference: BUGTRAQ:20020330 IE: Remote webpage can script in local zone
Reference: URL:http://marc.info/?l=bugtraq&m=101781180528301&w=2
Reference: MS:MS02-015
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-015
Reference: OSVDB:3029
Reference: URL:http://www.osvdb.org/3029
Reference: OVAL:oval:org.mitre.oval:def:96
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A96
Reference: XF:ie-cookie-local-zone(8701)
Reference: URL:http://www.iss.net/security_center/static/8701.php

---

Name: CVE-2002-0079

Description:

Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code.

Status:Entry
Reference: BID:4485
Reference: URL:http://www.securityfocus.com/bid/4485
Reference: BUGTRAQ:20020410 Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow
Reference: URL:http://marc.info/?l=bugtraq&m=101846993304518&w=2
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html
Reference: CERT-VN:VU#610291
Reference: URL:http://www.kb.cert.org/vuls/id/610291
Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
Reference: MS:MS02-018
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018
Reference: OVAL:oval:org.mitre.oval:def:16
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A16
Reference: OVAL:oval:org.mitre.oval:def:25
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A25
Reference: XF:iis-asp-chunked-encoding-bo(8795)
Reference: URL:http://www.iss.net/security_center/static/8795.php

---

Name: CVE-2002-0080

Description:

rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.

Status:Entry
Reference: BID:4285
Reference: URL:http://www.securityfocus.com/bid/4285
Reference: CALDERA:CSSA-2002-014.1
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt
Reference: MANDRAKE:MDKSA-2002:024
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3
Reference: REDHAT:RHSA-2002:026
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-026.html
Reference: XF:linux-rsync-inherit-privileges(8463)
Reference: URL:http://www.iss.net/security_center/static/8463.php

---

Name: CVE-2002-0081

Description:

Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.

Status:Entry
Reference: BID:4183
Reference: URL:http://www.securityfocus.com/bid/4183
Reference: BUGTRAQ:20020227 Advisory 012002: PHP remote vulnerabilities
Reference: URL:http://marc.info/?l=bugtraq&m=101484705523351&w=2
Reference: BUGTRAQ:20020228 TSLSA-2002-0033 - mod_php
Reference: URL:http://marc.info/?l=bugtraq&m=101497256024338&w=2
Reference: BUGTRAQ:20020304 Apache+php Proof of Concept Exploit
Reference: URL:http://marc.info/?l=bugtraq&m=101537076619812&w=2
Reference: CERT:CA-2002-05
Reference: URL:http://www.cert.org/advisories/CA-2002-05.html
Reference: CERT-VN:VU#297363
Reference: URL:http://www.kb.cert.org/vuls/id/297363
Reference: CONECTIVA:CLA-2002:468
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000468
Reference: CONFIRM:http://www.php.net/downloads.php
Reference: DEBIAN:DSA-115
Reference: URL:http://www.debian.org/security/2002/dsa-115
Reference: ENGARDE:ESA-20020301-006
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1924.html
Reference: HP:HPSBTL0203-028
Reference: URL:http://online.securityfocus.com/advisories/3911
Reference: MANDRAKE:MDKSA-2002:017
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-017.php
Reference: MISC:http://security.e-matters.de/advisories/012002.html
Reference: NTBUGTRAQ:20020227 PHP remote vulnerabilities
Reference: URL:http://marc.info/?l=ntbugtraq&m=101484975231922&w=2
Reference: REDHAT:RHSA-2002:035
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-035.html
Reference: REDHAT:RHSA-2002:040
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-040.html
Reference: SUSE:SuSE-SA:2002:007
Reference: URL:http://www.novell.com/linux/security/advisories/2002_007_mod_php4_txt.html
Reference: VULN-DEV:20020225 Re: Rumours about Apache 1.3.22 exploits
Reference: URL:http://marc.info/?l=vuln-dev&m=101468694824998&w=2
Reference: XF:php-file-upload-overflow(8281)
Reference: URL:http://www.iss.net/security_center/static/8281.php

---

Name: CVE-2002-0082

Description:

The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.

Status:Entry
Reference: BID:4189
Reference: URL:http://www.securityfocus.com/bid/4189
Reference: BUGTRAQ:20020227 mod_ssl Buffer Overflow Condition (Update Available)
Reference: URL:http://online.securityfocus.com/archive/1/258646
Reference: BUGTRAQ:20020228 TSLSA-2002-0034 - apache
Reference: BUGTRAQ:20020301 Apache-SSL buffer overflow (fix available)
Reference: URL:http://marc.info/?l=bugtraq&m=101518491916936&w=2
Reference: BUGTRAQ:20020304 Apache-SSL 1.3.22+1.47 - update to security fix
Reference: URL:http://marc.info/?l=bugtraq&m=101528358424306&w=2
Reference: CALDERA:CSSA-2002-011.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2002-011.0.txt
Reference: COMPAQ:SSRT0817
Reference: URL:http://ftp.support.compaq.com/patches/.new/html/SSRT0817.shtml
Reference: CONECTIVA:CLA-2002:465
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000465
Reference: CONFIRM:http://www.apacheweek.com/issues/02-03-01#security
Reference: DEBIAN:DSA-120
Reference: URL:http://www.debian.org/security/2002/dsa-120
Reference: ENGARDE:ESA-20020301-005
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1923.html
Reference: HP:HPSBTL0203-031
Reference: URL:http://www.securityfocus.com/advisories/3965
Reference: HP:HPSBUX0204-190
Reference: URL:http://www.securityfocus.com/advisories/4008
Reference: MANDRAKE:MDKSA-2002:020
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-020.php
Reference: MISC:http://packetstormsecurity.com/files/153567/Apache-mod_ssl-OpenSSL-Remote-Buffer-Overflow.html
Reference: REDHAT:RHSA-2002:041
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-041.html
Reference: REDHAT:RHSA-2002:042
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-042.html
Reference: REDHAT:RHSA-2002:045
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-045.html
Reference: XF:apache-modssl-bo(8308)
Reference: URL:http://www.iss.net/security_center/static/8308.php

---

Name: CVE-2002-0083

Description:

Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.

Status:Entry
Reference: BID:4241
Reference: URL:http://www.securityfocus.com/bid/4241
Reference: BUGTRAQ:20020307 OpenSSH Security Advisory (adv.channelalloc)
Reference: URL:http://marc.info/?l=bugtraq&m=101553908201861&w=2
Reference: BUGTRAQ:20020307 [PINE-CERT-20020301] OpenSSH off-by-one
Reference: URL:http://marc.info/?l=bugtraq&m=101552065005254&w=2
Reference: BUGTRAQ:20020308 [OpenPKG-SA-2002.002] OpenPKG Security Advisory (openssh)
Reference: URL:http://marc.info/?l=bugtraq&m=101561384821761&w=2
Reference: BUGTRAQ:20020310 OpenSSH 2.9.9p2 packages for Immunix 6.2 with latest fix
Reference: URL:http://marc.info/?l=bugtraq&m=101586991827622&w=2
Reference: BUGTRAQ:20020311 TSLSA-2002-0039 - openssh
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0108.html
Reference: BUGTRAQ:20020328 OpenSSH channel_lookup() off by one exploit
Reference: URL:http://online.securityfocus.com/archive/1/264657
Reference: CALDERA:CSSA-2002-012.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2002-012.0.txt
Reference: CALDERA:CSSA-2002-SCO.10
Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.10/CSSA-2002-SCO.10.txt
Reference: CALDERA:CSSA-2002-SCO.11
Reference: URL:ftp://stage.caldera.com/pub/security/openunix/CSSA-2002-SCO.11/CSSA-2002-SCO.11.txt
Reference: CONECTIVA:CLA-2002:467
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000467
Reference: CONFIRM:http://www.openbsd.org/advisories/ssh_channelalloc.txt
Reference: DEBIAN:DSA-119
Reference: URL:http://www.debian.org/security/2002/dsa-119
Reference: ENGARDE:ESA-20020307-007
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-1937.html
Reference: FREEBSD:FreeBSD-SA-02:13
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:13.openssh.asc
Reference: HP:HPSBTL0203-029
Reference: URL:http://online.securityfocus.com/advisories/3960
Reference: MANDRAKE:MDKSA-2002:019
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-019.php
Reference: NETBSD:NetBSD-SA2002-004
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-004.txt.asc
Reference: OSVDB:730
Reference: URL:http://www.osvdb.org/730
Reference: REDHAT:RHSA-2002:043
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-043.html
Reference: SUSE:SuSE-SA:2002:009
Reference: URL:http://www.novell.com/linux/security/advisories/2002_009_openssh_txt.html
Reference: VULNWATCH:20020307 [VulnWatch] [PINE-CERT-20020301] OpenSSH off-by-one
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0060.html
Reference: XF:openssh-channel-error(8383)
Reference: URL:http://www.iss.net/security_center/static/8383.php

---

Name: CVE-2002-0090

Description:

Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allows local users to execute arbitrary code via a long display command line option.

Status:Entry
Reference: BID:4633
Reference: URL:http://www.securityfocus.com/bid/4633
Reference: BUGTRAQ:20020429 eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/270149
Reference: CERT-VN:VU#188507
Reference: URL:http://www.kb.cert.org/vuls/id/188507
Reference: MISC:http://www.esecurityonline.com/advisories/eSO3761.asp
Reference: OVAL:oval:org.mitre.oval:def:179
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A179
Reference: OVAL:oval:org.mitre.oval:def:86
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A86
Reference: SUNALERT:44842
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/44842
Reference: VULNWATCH:20020429 [VulnWatch] eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0041.html
Reference: XF:solaris-lbxproxy-display-bo(8958)
Reference: URL:http://www.iss.net/security_center/static/8958.php

---

Name: CVE-2002-0092

Description:

CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (server crash) via the diff capability.

Status:Entry
Reference: BID:4234
Reference: URL:http://www.securityfocus.com/bid/4234
Reference: DEBIAN:DSA-117
Reference: URL:http://www.debian.org/security/2002/dsa-117
Reference: REDHAT:RHSA-2002:026
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-026.html
Reference: VULN-DEV:20020220 Help needed with bufferoverflow in cvs
Reference: URL:http://marc.info/?l=vuln-dev&m=101422243817321&w=2
Reference: VULN-DEV:20020220 Re: [Fwd: Help needed with bufferoverflow in cvs]
Reference: URL:http://marc.info/?l=vuln-dev&m=101433077724524&w=2
Reference: XF:cvs-global-var-dos(8366)
Reference: URL:http://www.iss.net/security_center/static/8366.php

---

Name: CVE-2002-0094

Description:

config_converters.py in BSCW (Basic Support for Cooperative Work) 3.x and versions before 4.06 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name during filename conversion.

Status:Entry
Reference: BID:3776
Reference: URL:http://www.securityfocus.com/bid/3776
Reference: BUGTRAQ:20020102 BSCW: Vulnerabilities and Problems
Reference: URL:http://www.securityfocus.com/archive/1/248000
Reference: MISC:http://bscw.gmd.de/WhatsNew.html
Reference: XF:bscw-remote-shell-execution(7774)
Reference: URL:http://www.iss.net/security_center/static/7774.php

---

Name: CVE-2002-0095

Description:

The default configuration of BSCW (Basic Support for Cooperative Work) 3.x and possibly version 4 enables user self registration, which could allow remote attackers to upload files and possibly join a user community that was intended to be closed.

Status:Entry
Reference: BID:3777
Reference: URL:http://www.securityfocus.com/bid/3777
Reference: BUGTRAQ:20020102 BSCW: Vulnerabilities and Problems
Reference: URL:http://www.securityfocus.com/archive/1/248000
Reference: XF:bscw-default-installation-registration(7775)
Reference: URL:http://www.iss.net/security_center/static/7775.php

---

Name: CVE-2002-0096

Description:

The installation of Geeklog 1.3 creates an extra group_assignments record which is not properly deleted, which causes the first newly created user to be added to the GroupAdmin and UserAdmin groups, which could provide that user with administrative privileges that were not intended.

Status:Entry
Reference: BID:3783
Reference: URL:http://www.securityfocus.com/bid/3783
Reference: BUGTRAQ:20020103 Vulnerability in new user creation in Geeklog 1.3
Reference: URL:http://www.securityfocus.com/archive/1/248367
Reference: CONFIRM:http://geeklog.sourceforge.net/index.php?topic=Security
Reference: XF:geeklog-default-admin-privileges(7780)
Reference: URL:http://www.iss.net/security_center/static/7780.php

---

Name: CVE-2002-0097

Description:

Geeklog 1.3 allows remote attackers to hijack user accounts, including the administrator account, by modifying the UID of a user's permanent cookie to the target account.

Status:Entry
Reference: BID:3844
Reference: URL:http://www.securityfocus.com/bid/3844
Reference: BUGTRAQ:20020110 Cookie modification allows unauthenticated user login in Geeklog 1.3
Reference: URL:http://online.securityfocus.com/archive/1/249443
Reference: CONFIRM:http://geeklog.sourceforge.net/index.php?topic=Security
Reference: XF:geeklog-modify-auth-cookie(7869)
Reference: URL:http://www.iss.net/security_center/static/7869.php

---

Name: CVE-2002-0098

Description:

Buffer overflow in index.cgi administration interface for Boozt! Standard 0.9.8 allows local users to execute arbitrary code via a long name field when creating a new banner.

Status:Entry
Reference: BID:3787
Reference: URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3787
Reference: BUGTRAQ:20020105 BOOZT! Standard 's administration cgi vulnerable to buffer overflow
Reference: URL:http://marc.info/?l=bugtraq&m=101027773404836&w=2
Reference: BUGTRAQ:20020109 BOOZT! Standard CGI Vulnerability : Exploit Released
Reference: URL:http://online.securityfocus.com/archive/1/249219
Reference: CONFIRM:http://www.boozt.com/news_detail.php?id=3
Reference: XF:boozt-long-name-bo(7790)
Reference: URL:http://www.iss.net/security_center/static/7790.php

---

Name: CVE-2002-0107

Description:

Web administration interface in CacheFlow CacheOS 4.0.13 and earlier allows remote attackers to obtain sensitive information via a series of GET requests that do not end in with HTTP/1.0 or another version string, which causes the information to be leaked in the error message.

Status:Entry
Reference: BID:3841
Reference: URL:http://www.securityfocus.com/bid/3841
Reference: BUGTRAQ:20020108 svindel.net security advisory - web admin vulnerability in CacheOS
Reference: URL:http://marc.info/?l=bugtraq&m=101052887431488&w=2
Reference: BUGTRAQ:20020205 RE: svindel.net security advisory - web admin vulnerability in Ca cheOS
Reference: URL:http://online.securityfocus.com/archive/1/254167
Reference: XF:cachos-insecure-web-interface(7835)
Reference: URL:http://www.iss.net/security_center/static/7835.php

---

Name: CVE-2002-0111

Description:

Directory traversal vulnerability in Funsoft Dino's Webserver 1.2 and earlier allows remote attackers to read files or execute arbitrary commands via a .. (dot dot) in the URL.

Status:Entry
Reference: BID:3861
Reference: URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3861
Reference: BUGTRAQ:20020109 File Transversal Vulnerability in Dino's WebServer
Reference: URL:http://marc.info/?l=bugtraq&m=101062213627501&w=2
Reference: XF:dinos-webserver-directory-traversal(7853)
Reference: URL:http://www.iss.net/security_center/static/7853.php

---

Name: CVE-2002-0115

Description:

Snort 1.8.3 does not properly define the minimum ICMP header size, which allows remote attackers to cause a denial of service (crash and core dump) via a malformed ICMP packet.

Status:Entry
Reference: BID:3849
Reference: URL:http://www.securityfocus.com/bid/3849
Reference: BUGTRAQ:20020110 Re: Snort core dumped
Reference: URL:http://online.securityfocus.com/cgi-bin/archive.pl?id=1&start=2002-03-08&end=2002-03-14&mid=249623&threads=1
Reference: BUGTRAQ:20020110 Snort core dumped
Reference: URL:http://online.securityfocus.com/archive/1/249340
Reference: OSVDB:2022
Reference: URL:http://www.osvdb.org/2022
Reference: XF:snort-icmp-dos(7874)
Reference: URL:http://www.iss.net/security_center/static/7874.php

---

Name: CVE-2002-0117

Description:

Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag.

Status:Entry
Reference: BID:3828
Reference: URL:http://online.securityfocus.com/cgi-bin/vulns-item.pl?section=info&id=3828
Reference: BUGTRAQ:20020108 CSS vulnerabilities in YaBB and UBB allow account hijack [Multiple Vendor]
Reference: URL:http://online.securityfocus.com/archive/1/249031
Reference: CONFIRM:http://www.yabbforum.com/
Reference: OSVDB:2019
Reference: URL:http://www.osvdb.org/2019
Reference: XF:yabb-encoded-css(7840)
Reference: URL:http://www.iss.net/security_center/static/7840.php

---

Name: CVE-2002-0120

Description:

Apple Palm Desktop 4.0b76 and 4.0b77 creates world-readable backup files and folders when a hotsync is performed, which could allow a local user to obtain sensitive information.

Status:Entry
Reference: BID:3863
Reference: URL:http://www.securityfocus.com/bid/3863
Reference: BUGTRAQ:20020112 Palm Desktop 4.0b76-77 for Mac OS X
Reference: URL:http://online.securityfocus.com/archive/1/250093
Reference: XF:palm-macos-backup-permissions(7937)
Reference: URL:http://www.iss.net/security_center/static/7937.php

---

Name: CVE-2002-0121

Description:

PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections.

Status:Entry
Reference: BID:3873
Reference: URL:http://www.securityfocus.com/bid/3873
Reference: BUGTRAQ:20020113 PHP 4.x session spoofing
Reference: URL:http://online.securityfocus.com/archive/1/250196
Reference: XF:php-session-temp-disclosure(7908)
Reference: URL:http://www.iss.net/security_center/static/7908.php

---

Name: CVE-2002-0123

Description:

MDG Computer Services Web Server 4D WS4D/eCommerce 3.0 and earlier, and possibly 3.5.3, allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request.

Status:Entry
Reference: BID:3874
Reference: URL:http://www.securityfocus.com/bid/3874
Reference: BUGTRAQ:20020114 Web Server 4D/eCommerce 3.5.3 DoS Vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/250242
Reference: XF:ws4d-long-url-dos(7879)
Reference: URL:http://www.iss.net/security_center/static/7879.php

---

Name: CVE-2002-0128

Description:

cgitest.exe in Sambar Server 5.1 before Beta 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long argument.

Status:Entry
Reference: BID:3885
Reference: URL:http://www.securityfocus.com/bid/3885
Reference: BUGTRAQ:20020116 Sambar Webserver v5.1 DoS Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/250545
Reference: BUGTRAQ:20020206 Sambar Webserver Sample Script v5.1 DoS Vulnerability Exploit
Reference: URL:http://www.der-keiler.de/Mailing-Lists/securityfocus/bugtraq/2002-02/0083.html
Reference: CONFIRM:http://www.sambar.com/security.htm
Reference: XF:sambar-cgitest-dos(7894)
Reference: URL:http://www.iss.net/security_center/static/7894.php

---

Name: CVE-2002-0139

Description:

Pi-Soft SpoonFTP 1.1 and earlier allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command.

Status:Entry
Reference: BID:3910
Reference: URL:http://www.securityfocus.com/bid/3910
Reference: BUGTRAQ:20020120 Bounce vulnerability in SpoonFTP 1.1.0.1
Reference: URL:http://online.securityfocus.com/archive/1/251422
Reference: CONFIRM:http://www.pi-soft.com/spoonftp/index.shtml
Reference: XF:spoonftp-ftp-bounce(7943)
Reference: URL:http://www.iss.net/security_center/static/7943.php

---

Name: CVE-2002-0143

Description:

Buffer overflow in Eterm of Enlightenment Imlib2 1.0.4 and earlier allows local users to execute arbitrary code via a long HOME environment variable.

Status:Entry
Reference: BID:3868
Reference: URL:http://www.securityfocus.com/bid/3868
Reference: BUGTRAQ:20020113 Eterm SGID utmp Buffer Overflow (Local)
Reference: URL:http://online.securityfocus.com/archive/1/250145
Reference: BUGTRAQ:20020121 Re: Eterm SGID utmp Buffer Overflow (Local)
Reference: URL:http://online.securityfocus.com/archive/1/251597
Reference: XF:eterm-home-bo(7896)
Reference: URL:http://www.iss.net/security_center/static/7896.php

---

Name: CVE-2002-0146

Description:

fetchmail email client before 5.9.10 does not properly limit the maximum number of messages available, which allows a remote IMAP server to overwrite memory via a message count that exceeds the boundaries of an array.

Status:Entry
Reference: BID:4788
Reference: URL:http://www.securityfocus.com/bid/4788
Reference: CALDERA:CSSA-2002-027.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-027.0.txt
Reference: HP:HPSBTL0205-042
Reference: URL:http://online.securityfocus.com/advisories/4145
Reference: MANDRAKE:MDKSA-2002:036
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-036.php
Reference: REDHAT:RHSA-2002:047
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-047.html
Reference: XF:fetchmail-imap-msgnum-bo(9133)
Reference: URL:http://www.iss.net/security_center/static/9133.php

---

Name: CVE-2002-0147

Description:

Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun."

Status:Entry
Reference: BID:4490
Reference: URL:http://www.securityfocus.com/bid/4490
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html
Reference: CERT-VN:VU#669779
Reference: URL:http://www.kb.cert.org/vuls/id/669779
Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
Reference: MS:MS02-018
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018
Reference: OSVDB:3301
Reference: URL:http://www.osvdb.org/3301
Reference: OVAL:oval:org.mitre.oval:def:22
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A22
Reference: OVAL:oval:org.mitre.oval:def:72
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A72
Reference: XF:iis-asp-data-transfer-bo(8796)
Reference: URL:http://www.iss.net/security_center/static/8796.php

---

Name: CVE-2002-0148

Description:

Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page.

Status:Entry
Reference: BID:4486
Reference: URL:http://www.securityfocus.com/bid/4486
Reference: BUGTRAQ:20020410 IIS allows universal CrossSiteScripting
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html
Reference: CERT-VN:VU#886699
Reference: URL:http://www.kb.cert.org/vuls/id/886699
Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
Reference: MS:MS02-018
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018
Reference: OSVDB:3339
Reference: URL:http://www.osvdb.org/3339
Reference: OVAL:oval:org.mitre.oval:def:81
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A81
Reference: OVAL:oval:org.mitre.oval:def:92
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A92
Reference: XF:iis-http-error-page-css(8803)
Reference: URL:http://www.iss.net/security_center/static/8803.php

---

Name: CVE-2002-0149

Description:

Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names.

Status:Entry
Reference: BID:4478
Reference: URL:http://www.securityfocus.com/bid/4478
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html
Reference: CERT-VN:VU#721963
Reference: URL:http://www.kb.cert.org/vuls/id/721963
Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
Reference: MS:MS02-018
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018
Reference: OSVDB:3320
Reference: URL:http://www.osvdb.org/3320
Reference: OVAL:oval:org.mitre.oval:def:132
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A132
Reference: OVAL:oval:org.mitre.oval:def:95
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A95
Reference: XF:iis-ssi-safety-check-bo(8798)
Reference: URL:http://www.iss.net/security_center/static/8798.php

---

Name: CVE-2002-0150

Description:

Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values.

Status:Entry
Reference: BID:4476
Reference: URL:http://www.securityfocus.com/bid/4476
Reference: CERT:CA-2002-09
Reference: URL:http://www.cert.org/advisories/CA-2002-09.html
Reference: CERT-VN:VU#454091
Reference: URL:http://www.kb.cert.org/vuls/id/454091
Reference: CISCO:20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018
Reference: URL:http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml
Reference: MS:MS02-018
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-018
Reference: OSVDB:3316
Reference: URL:http://www.osvdb.org/3316
Reference: OVAL:oval:org.mitre.oval:def:137
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A137
Reference: OVAL:oval:org.mitre.oval:def:39
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A39
Reference: XF:iis-asp-http-header-bo(8797)
Reference: URL:http://www.iss.net/security_center/static/8797.php

---

Name: CVE-2002-0151

Description:

Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request.

Status:Entry
Reference: BID:4426
Reference: URL:http://www.securityfocus.com/bid/4426
Reference: BUGTRAQ:20020404 NSFOCUS SA2002-02 : Microsoft Windows MUP overlong request kernel overflow
Reference: URL:http://marc.info/?l=bugtraq&m=101793727306282&w=2
Reference: MS:MS02-017
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-017
Reference: OVAL:oval:org.mitre.oval:def:145
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A145
Reference: OVAL:oval:org.mitre.oval:def:89
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A89
Reference: VULNWATCH:20020404 NSFOCUS SA2002-02 : Microsoft Windows MUP overlong request kernel overflow
Reference: XF:win-mup-bo(8752)
Reference: URL:http://www.iss.net/security_center/static/8752.php

---

Name: CVE-2002-0152

Description:

Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh.

Status:Entry
Reference: BID:4517
Reference: URL:http://www.securityfocus.com/bid/4517
Reference: BUGTRAQ:20020416 w00w00 on Microsoft IE/Office for Mac OS
Reference: URL:http://marc.info/?l=bugtraq&m=101897994314015&w=2
Reference: MS:MS02-019
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019
Reference: OSVDB:5357
Reference: URL:http://www.osvdb.org/5357
Reference: XF:ms-mac-html-file-bo(8850)
Reference: URL:http://www.iss.net/security_center/static/8850.php

---

Name: CVE-2002-0153

Description:

Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML element, aka the "Local Applescript Invocation" vulnerability.

Status:Entry
Reference: BID:3935
Reference: URL:http://www.securityfocus.com/bid/3935
Reference: BUGTRAQ:20020122 Macinosh IE file execuion
Reference: URL:http://www.securityfocus.com/archive/1/251805
Reference: MS:MS02-019
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-019
Reference: OSVDB:5356
Reference: URL:http://www.osvdb.org/5356
Reference: XF:ie-mac-applescript-execution(8851)
Reference: URL:http://www.iss.net/security_center/static/8851.php
Reference: XF:ie-macos-file-execution(7969)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/7969

---

Name: CVE-2002-0155

Description:

Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6, allows remote attackers to execute arbitrary code via a long ResDLL parameter in the MSNChat OCX.

Status:Entry
Reference: BID:4707
Reference: URL:http://www.securityfocus.com/bid/4707
Reference: BUGTRAQ:20020508 ADVISORY: MSN Messenger OCX Buffer Overflow
Reference: URL:http://marc.info/?l=bugtraq&m=102089960531919&w=2
Reference: CERT:CA-2002-13
Reference: URL:http://www.cert.org/advisories/CA-2002-13.html
Reference: MS:MS02-022
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-022
Reference: VULNWATCH:20020508 [VulnWatch] ADVISORY: MSN Messenger OCX Buffer Overflow
Reference: XF:msn-chatcontrol-resdll-bo(9041)
Reference: URL:http://www.iss.net/security_center/static/9041.php

---

Name: CVE-2002-0157

Description:

Nautilus 1.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the .nautilus-metafile.xml metadata file.

Status:Entry
Reference: BID:4373
Reference: URL:http://www.securityfocus.com/bid/4373
Reference: BUGTRAQ:20020502 R7-0003: Nautilus Symlink Vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/270691/2002-04-29/2002-05-05/0
Reference: REDHAT:RHSA-2002:064
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-064.html
Reference: XF:nautilus-metafile-xml-symlink(8995)
Reference: URL:http://www.iss.net/security_center/static/8995.php

---

Name: CVE-2002-0158

Description:

Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument.

Status:Entry
Reference: BID:4408
Reference: URL:http://www.securityfocus.com/bid/4408
Reference: BUGTRAQ:20020402 NSFOCUS SA2002-01: Sun Solaris Xsun "-co" heap overflow
Reference: URL:http://marc.info/?l=bugtraq&m=101776858410652&w=2
Reference: CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fpatches%2F108652
Reference: OVAL:oval:org.mitre.oval:def:14
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14
Reference: OVAL:oval:org.mitre.oval:def:33
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A33
Reference: VULNWATCH:20020402 NSFOCUS SA2002-01: Sun Solaris Xsun "-co" heap overflow
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0000.html
Reference: XF:solaris-xsun-co-bo(8703)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/8703

---

Name: CVE-2002-0159

Description:

Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002.

Status:Entry
Reference: BID:4416
Reference: URL:http://www.securityfocus.com/bid/4416
Reference: BUGTRAQ:20020403 iXsecurity.20020314.csadmin_fmt.a
Reference: URL:http://marc.info/?l=bugtraq&m=101787248913611&w=2
Reference: CISCO:20020403 Web Interface Vulnerabilities in Cisco Secure ACS for Windows
Reference: URL:http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml
Reference: OSVDB:2062
Reference: URL:http://www.osvdb.org/2062
Reference: XF:ciscosecure-acs-format-string(8742)
Reference: URL:http://www.iss.net/security_center/static/8742.php

---

Name: CVE-2002-0160

Description:

The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002.

Status:Entry
Reference: BUGTRAQ:20020403 iXsecurity.20020316.csadmin_dir.a
Reference: URL:http://marc.info/?l=bugtraq&m=101786689128667&w=2
Reference: CISCO:20020403 Web Interface Vulnerabilities in Cisco Secure ACS for Windows
Reference: URL:http://www.cisco.com/warp/public/707/ACS-Win-Web.shtml
Reference: OSVDB:5352
Reference: URL:http://www.osvdb.org/5352

---

Name: CVE-2002-0163

Description:

Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses.

Status:Entry
Reference: BID:4363
Reference: URL:http://www.securityfocus.com/bid/4363
Reference: BUGTRAQ:20020326 updated squid advisory
Reference: URL:http://marc.info/?l=bugtraq&m=101716495023226&w=2
Reference: CALDERA:CSSA-2002-017.1
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-017.1.txt
Reference: CALDERA:CSSA-2002-SCO.26
Reference: CONFIRM:http://www.squid-cache.org/Advisories/SQUID-2002_2.txt
Reference: FREEBSD:FreeBSD-SA-02:19
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:19.squid.asc
Reference: MANDRAKE:MDKSA-2002:027
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-027.php
Reference: REDHAT:RHSA-2002:051
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-051.html
Reference: XF:squid-dns-reply-dos(8628)
Reference: URL:http://www.iss.net/security_center/static/8628.php

---

Name: CVE-2002-0166

Description:

Cross-site scripting vulnerability in analog before 5.22 allows remote attackers to execute Javascript via an HTTP request containing the script, which is entered into a web logfile and not properly filtered by analog during display.

Status:Entry
Reference: BID:4389
Reference: URL:http://www.securityfocus.com/bid/4389
Reference: DEBIAN:DSA-125
Reference: URL:http://www.debian.org/security/2002/dsa-125
Reference: FREEBSD:FreeBSD-SN-02:02
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:02.asc
Reference: OSVDB:2059
Reference: URL:http://www.osvdb.org/2059
Reference: REDHAT:RHSA-2002:059
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-059.html
Reference: XF:analog-logfile-css(8656)
Reference: URL:http://www.iss.net/security_center/static/8656.php

---

Name: CVE-2002-0167

Description:

Imlib before 1.9.13 sometimes uses the NetPBM package to load trusted images, which could allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain weaknesses of NetPBM.

Status:Entry
Reference: BID:4339
Reference: URL:http://www.securityfocus.com/bid/4339
Reference: CALDERA:CSSA-2002-019.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-019.0.txt
Reference: CONECTIVA:CLA-2002:470
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000470
Reference: MANDRAKE:MDKSA-2002:029
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-029.php
Reference: REDHAT:RHSA-2002:048
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-048.html
Reference: SUSE:SuSE-SA:2002:015
Reference: URL:http://www.novell.com/linux/security/advisories/2002_015_imlib_txt.html

---

Name: CVE-2002-0168

Description:

Vulnerability in Imlib before 1.9.13 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by manipulating arguments that are passed to malloc, which results in a heap corruption.

Status:Entry
Reference: BID:4336
Reference: URL:http://www.securityfocus.com/bid/4336
Reference: CALDERA:CSSA-2002-019.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-019.0.txt
Reference: CONECTIVA:CLA-2002:470
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000470
Reference: MANDRAKE:MDKSA-2002:029
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-029.php
Reference: REDHAT:RHSA-2002:048
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-048.html
Reference: SUSE:SuSE-SA:2002:015
Reference: URL:http://www.novell.com/linux/security/advisories/2002_015_imlib_txt.html

---

Name: CVE-2002-0169

Description:

The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is installed with an insecure option enabled, which could allow users to overwrite files outside of the current directory from an untrusted document by using a full pathname as an element identifier.

Status:Entry
Reference: BID:4654
Reference: URL:http://www.securityfocus.com/bid/4654
Reference: HP:HPSBTL0205-038
Reference: URL:http://online.securityfocus.com/advisories/4095
Reference: OSVDB:5349
Reference: URL:http://www.osvdb.org/5349
Reference: REDHAT:RHSA-2002:062
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-062.html
Reference: XF:linux-docbook-stylesheet-insecure(8983)
Reference: URL:http://www.iss.net/security_center/static/8983.php

---

Name: CVE-2002-0170

Description:

Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration.

Status:Entry
Reference: BID:4229
Reference: URL:http://www.securityfocus.com/bid/4229
Reference: BUGTRAQ:20020301 [matt@zope.com: [Zope-Annce] Zope Hotfix 2002-03-01 (Ownership Roles Enforcement)]
Reference: URL:http://marc.info/?l=bugtraq&m=101503023511996&w=2
Reference: CONFIRM:http://www.zope.org/Products/Zope/hotfixes/
Reference: OSVDB:5350
Reference: URL:http://www.osvdb.org/5350
Reference: REDHAT:RHSA-2002:060
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-060.html
Reference: XF:zope-proxy-role-privileges(8334)
Reference: URL:http://www.iss.net/security_center/static/8334.php

---

Name: CVE-2002-0171

Description:

IRISconsole 2.0 may allow users to log into the icadmin account with an incorrect password in some circumstances, which could allow users to gain privileges.

Status:Entry
Reference: BID:4588
Reference: URL:http://www.securityfocus.com/bid/4588
Reference: CERT-VN:VU#498707
Reference: URL:http://www.kb.cert.org/vuls/id/498707
Reference: OSVDB:5351
Reference: URL:http://www.osvdb.org/5351
Reference: SGI:20020406-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020406-01-P
Reference: XF:irix-irisconsole-icadmin-access(8933)
Reference: URL:http://www.iss.net/security_center/static/8933.php

---

Name: CVE-2002-0172

Description:

/dev/ipfilter on SGI IRIX 6.5 is installed by /dev/MAKEDEV with insecure default permissions (644), which could allow a local user to cause a denial of service (traffic disruption).

Status:Entry
Reference: BID:4648
Reference: URL:http://www.securityfocus.com/bid/4648
Reference: CERT-VN:VU#770891
Reference: URL:http://www.kb.cert.org/vuls/id/770891
Reference: OSVDB:4695
Reference: URL:http://www.osvdb.org/4695
Reference: SGI:20020408-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020408-01-I
Reference: XF:irix-ipfilter-dos(8960)
Reference: URL:http://www.iss.net/security_center/static/8960.php

---

Name: CVE-2002-0173

Description:

Buffer overflow in cpr for the eoe.sw.cpr SGI Checkpoint-Restart Software package on SGI IRIX 6.5.10 and earlier may allow local users to gain root privileges.

Status:Entry
Reference: BID:4644
Reference: URL:http://www.securityfocus.com/bid/4644
Reference: OSVDB:5359
Reference: URL:http://www.osvdb.org/5359
Reference: SGI:20020409-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020409-01-I
Reference: XF:irix-cpr-bo(8959)
Reference: URL:http://www.iss.net/security_center/static/8959.php

---

Name: CVE-2002-0174

Description:

nsd on SGI IRIX before 6.5.11 allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the nsd.dump file.

Status:Entry
Reference: BID:4655
Reference: URL:http://www.securityfocus.com/bid/4655
Reference: SGI:20020501-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020501-01-I
Reference: XF:irix-nsd-symlink(8981)
Reference: URL:http://www.iss.net/security_center/static/8981.php

---

Name: CVE-2002-0175

Description:

libsafe 2.0-11 and earlier allows attackers to bypass protection against format string vulnerabilities via format strings that use the "'" and "I" characters, which are implemented in libc but not libsafe.

Status:Entry
Reference: BID:4326
Reference: URL:http://www.securityfocus.com/bid/4326
Reference: BUGTRAQ:20020320 Bypassing libsafe format string protection
Reference: URL:http://online.securityfocus.com/archive/1/263121
Reference: MANDRAKE:MDKSA-2002:026
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-026.php
Reference: VULNWATCH:20020320 [VulnWatch] Bypassing libsafe format string protection
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0070.html
Reference: XF:libsafe-flagchar-protection-bypass(8593)
Reference: URL:http://www.iss.net/security_center/static/8593.php

---

Name: CVE-2002-0176

Description:

The printf wrappers in libsafe 2.0-11 and earlier do not properly handle argument indexing specifiers, which could allow attackers to exploit certain function calls through arguments that are not verified by libsafe.

Status:Entry
Reference: BID:4327
Reference: URL:http://www.securityfocus.com/bid/4327
Reference: BUGTRAQ:20020320 Bypassing libsafe format string protection
Reference: URL:http://online.securityfocus.com/archive/1/263121
Reference: MANDRAKE:MDKSA-2002:026
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-026.php
Reference: VULNWATCH:20020320 [VulnWatch] Bypassing libsafe format string protection
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0070.html
Reference: XF:libsafe-argnum-protection-bypass(8594)
Reference: URL:http://www.iss.net/security_center/static/8594.php

---

Name: CVE-2002-0178

Description:

uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands.

Status:Entry
Reference: BID:4742
Reference: URL:http://www.securityfocus.com/bid/4742
Reference: BUGTRAQ:20021030 GLSA: sharutils
Reference: URL:http://marc.info/?l=bugtraq&m=103599320902432&w=2
Reference: CALDERA:CSSA-2002-040.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-040.0.txt
Reference: CERT-VN:VU#336083
Reference: URL:http://www.kb.cert.org/vuls/id/336083
Reference: COMPAQ:SSRT2301
Reference: HP:HPSBTL0205-040
Reference: URL:http://online.securityfocus.com/advisories/4132
Reference: MANDRAKE:MDKSA-2002:052
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-052.php
Reference: MISC:http://www.aerasec.de/security/index.html?id=ae-200204-033&lang=en
Reference: OSVDB:8274
Reference: URL:http://www.osvdb.org/8274
Reference: REDHAT:RHSA-2002:065
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-065.html
Reference: REDHAT:RHSA-2003:180
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-180.html
Reference: XF:sharutils-uudecode-symlink(9075)
Reference: URL:http://www.iss.net/security_center/static/9075.php

---

Name: CVE-2002-0179

Description:

Buffer overflow in xpilot-server for XPilot 4.5.0 and earlier allows remote attackers to execute arbitrary code.

Status:Entry
Reference: BID:4534
Reference: URL:http://www.securityfocus.com/bid/4534
Reference: DEBIAN:DSA-127
Reference: URL:http://www.debian.org/security/2002/dsa-127
Reference: XF:xpilot-server-bo(8852)
Reference: URL:http://www.iss.net/security_center/static/8852.php

---

Name: CVE-2002-0181

Description:

Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter.

Status:Entry
Reference: BID:4444
Reference: URL:http://www.securityfocus.com/bid/4444
Reference: BUGTRAQ:20020406 IMP 2.2.8 (SECURITY) released
Reference: URL:http://marc.info/?l=bugtraq&m=101828033830744&w=2
Reference: CALDERA:CSSA-2002-016.1
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2002-016.1.txt
Reference: CONECTIVA:CLA-2001:473
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000473
Reference: DEBIAN:DSA-126
Reference: URL:http://www.debian.org/security/2002/dsa-126
Reference: MISC:http://bugs.horde.org/show_bug.cgi?id=916
Reference: OSVDB:5345
Reference: URL:http://www.osvdb.org/5345
Reference: XF:imp-status-php3-css(8769)
Reference: URL:http://www.iss.net/security_center/static/8769.php

---

Name: CVE-2002-0184

Description:

Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.

Status:Entry
Reference: BID:4593
Reference: URL:http://www.securityfocus.com/bid/4593
Reference: BUGTRAQ:20020425 Sudo version 1.6.6 now available (fwd)
Reference: URL:http://marc.info/?l=bugtraq&m=101975443619600&w=2
Reference: BUGTRAQ:20020425 [Global InterSec 2002041701] Sudo Password Prompt
Reference: URL:http://marc.info/?l=bugtraq&m=101974610509912&w=2
Reference: BUGTRAQ:20020425 [slackware-security] sudo upgrade fixes a potential vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=101979472822196&w=2
Reference: BUGTRAQ:20020429 TSLSA-2002-0046 - sudo
Reference: URL:http://marc.info/?l=bugtraq&m=102010164413135&w=2
Reference: CERT-VN:VU#820083
Reference: URL:http://www.kb.cert.org/vuls/id/820083
Reference: CONECTIVA:CLA-2002:475
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000475
Reference: DEBIAN:DSA-128
Reference: URL:http://www.debian.org/security/2002/dsa-128
Reference: ENGARDE:ESA-20020429-010
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2040.html
Reference: MANDRAKE:MDKSA-2002:028
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-028.php3
Reference: REDHAT:RHSA-2002:071
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-071.html
Reference: REDHAT:RHSA-2002:072
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-072.html
Reference: SUSE:SuSE-SA:2002:014
Reference: URL:http://www.novell.com/linux/security/advisories/2002_014_sudo_txt.html
Reference: TRUSTIX:TSLSA-2002-0046
Reference: URL:http://marc.info/?l=bugtraq&m=102010164413135&w=2
Reference: XF:sudo-password-expansion-overflow(8936)
Reference: URL:http://www.iss.net/security_center/static/8936.php

---

Name: CVE-2002-0185

Description:

mod_python version 2.7.6 and earlier allows a module indirectly imported by a published module to then be accessed via the publisher, which allows remote attackers to call possibly dangerous functions from the imported module.

Status:Entry
Reference: BID:4656
Reference: URL:http://www.securityfocus.com/bid/4656
Reference: CONECTIVA:CLA-2002:477
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000477
Reference: MISC:http://www.modpython.org/pipermail/mod_python/2002-April/001991.html
Reference: MISC:http://www.modpython.org/pipermail/mod_python/2002-April/002003.html
Reference: REDHAT:RHSA-2002:070
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-070.html
Reference: XF:modpython-imported-module-access(8997)
Reference: URL:http://www.iss.net/security_center/static/8997.php

---

Name: CVE-2002-0186

Description:

Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."

Status:Entry
Reference: BID:5004
Reference: URL:http://www.securityfocus.com/bid/5004
Reference: BUGTRAQ:20020613 wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting
Reference: URL:http://marc.info/?l=bugtraq&m=102397345410856&w=2
Reference: CERT-VN:VU#811371
Reference: URL:http://www.kb.cert.org/vuls/id/811371
Reference: MS:MS02-030
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-030
Reference: OSVDB:5347
Reference: URL:http://www.osvdb.org/5347
Reference: OVAL:oval:org.mitre.oval:def:484
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A484
Reference: OVAL:oval:org.mitre.oval:def:489
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A489
Reference: VULNWATCH:20020613 [VulnWatch] wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0100.html
Reference: XF:mssql-sqlxml-isapi-bo(9328)
Reference: URL:http://www.iss.net/security_center/static/9328.php

---

Name: CVE-2002-0187

Description:

Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."

Status:Entry
Reference: BUGTRAQ:20020613 wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting
Reference: URL:http://marc.info/?l=bugtraq&m=102397345410856&w=2
Reference: MS:MS02-030
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-030
Reference: VULNWATCH:20020613 [VulnWatch] wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0100.html

---

Name: CVE-2002-0188

Description:

Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the second variant of the "Content Disposition" vulnerability.

Status:Entry
Reference: BUGTRAQ:20020516 [SNS Advisory No.48] Microsoft Internet Explorer Still Download And Execute ANY Program Automatically
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0126.html
Reference: MISC:http://www.lac.co.jp/security/english/snsadv_e/48_e.html
Reference: MS:MS02-023
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-023
Reference: XF:ie-content-disposition-variant2(9086)
Reference: URL:http://www.iss.net/security_center/static/9086.php

---

Name: CVE-2002-0190

Description:

Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Malformed Web Page" vulnerability.

Status:Entry
Reference: BID:4753
Reference: URL:http://www.securityfocus.com/bid/4753
Reference: CERT-VN:VU#242891
Reference: URL:http://www.kb.cert.org/vuls/id/242891
Reference: MS:MS02-023
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-023
Reference: OVAL:oval:org.mitre.oval:def:923
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A923
Reference: XF:ie-netbios-incorrect-security-zone(9084)
Reference: URL:http://www.iss.net/security_center/static/9084.php

---

Name: CVE-2002-0191

Description:

Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "{" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability.

Status:Entry
Reference: BID:4411
Reference: URL:http://www.securityfocus.com/bid/4411
Reference: BUGTRAQ:20020402 Reading portions of local files in IE, depending on structure (GM#004-IE)
Reference: URL:http://marc.info/?l=bugtraq&m=101778302030981&w=2
Reference: MS:MS02-023
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-023
Reference: XF:ie-css-read-files (8740)
Reference: URL:http://www.iss.net/security_center/static/8740.php

---

Name: CVE-2002-0193

Description:

Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability.

Status:Entry
Reference: BID:4752
Reference: URL:http://www.securityfocus.com/bid/4752
Reference: MS:MS02-023
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-023
Reference: OVAL:oval:org.mitre.oval:def:27
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A27
Reference: OVAL:oval:org.mitre.oval:def:99
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A99
Reference: XF:ie-content-disposition-variant(9085)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/9085

---

Name: CVE-2002-0196

Description:

GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the server root is somewhere within the path, which could allow remote attackers to read or write files outside of the web root, in other directories whose path includes the web root.

Status:Entry
Reference: BID:3924
Reference: URL:http://www.securityfocus.com/bid/3924
Reference: BUGTRAQ:20020122 (Repost) CwpApi : GetRelativePath() returns invalid paths (security advisory)
Reference: URL:http://online.securityfocus.com/archive/1/251699
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=144966
Reference: XF:cwpapi-getrelativepath-view-files(7981)
Reference: URL:http://www.iss.net/security_center/static/7981.php

---

Name: CVE-2002-0197

Description:

psyBNC 2.3 beta and earlier allows remote attackers to spoof encrypted, trusted messages by sending lines that begin with the "[B]" sequence, which makes the message appear legitimate.

Status:Entry
Reference: BID:3931
Reference: URL:http://www.securityfocus.com/bid/3931
Reference: BUGTRAQ:20020122 psyBNC 2.3 Beta - encrypted text "spoofable" in others' irc terminals
Reference: URL:http://marc.info/?l=bugtraq&m=101173478806580&w=2
Reference: BUGTRAQ:20020122 psyBNC2.3 Beta - encrypted text spoofable in others irc terminal
Reference: URL:http://online.securityfocus.com/archive/1/251832
Reference: XF:psybnc-view-encrypted-messages(7985)
Reference: URL:http://www.iss.net/security_center/static/7985.php

---

Name: CVE-2002-0207

Description:

Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows remote attackers to execute arbitrary code via a header length value that exceeds the actual length of the header.

Status:Entry
Reference: BID:3809
Reference: URL:http://www.securityfocus.com/bid/3809
Reference: BUGTRAQ:20020124 Potential RealPlayer 8 Vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/252414
Reference: BUGTRAQ:20020124 RealPlayer Buffer Overflow [Sentinel Chicken Networks Security Advisory #01]
Reference: URL:http://online.securityfocus.com/archive/1/252425
Reference: MISC:http://sentinelchicken.com/advisories/realplayer/
Reference: VULN-DEV:20020105 RealPlayer Buffer Problem
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2002-q1/0044.html
Reference: XF:realplayer-file-header-bo(7839)
Reference: URL:http://www.iss.net/security_center/static/7839.php

---

Name: CVE-2002-0209

Description:

Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing (SLB) and Cookie-Based Persistence features enabled, allows remote attackers to determine the real IP address of a web server with a half-closed session, which causes ACEdirector to send packets from the server without changing the address to the virtual IP address.

Status:Entry
Reference: BID:3964
Reference: URL:http://www.securityfocus.com/bid/3964
Reference: BUGTRAQ:20020125 Alteon ACEdirector signature/security bug
Reference: URL:http://online.securityfocus.com/archive/1/252455
Reference: BUGTRAQ:20020312 Re: Alteon ACEdirector signature/security bug
Reference: URL:http://online.securityfocus.com/archive/1/261548
Reference: XF:acedirector-http-reveal-ip(8010)
Reference: URL:http://www.iss.net/security_center/static/8010.php

---

Name: CVE-2002-0211

Description:

Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a world-writeable temporary "gunzip" program before executing it, which could allow local users to execute arbitrary commands by modifying the program before it is executed.

Status:Entry
Reference: BID:3966
Reference: URL:http://www.securityfocus.com/bid/3966
Reference: BUGTRAQ:20020126 Vulnerability report for Tarantella Enterprise 3.
Reference: URL:http://marc.info/?l=bugtraq&m=101208650722179&w=2
Reference: BUGTRAQ:20020404 Exploit for Tarantella Enterprise 3 installation (BID 3966)
Reference: URL:http://online.securityfocus.com/archive/1/265845
Reference: CONFIRM:http://www.tarantella.com/security/bulletin-04.html
Reference: XF:tarantella-gunzip-tmp-race(7996)
Reference: URL:http://www.iss.net/security_center/static/7996.php

---

Name: CVE-2002-0213

Description:

xkas in Xinet K-AShare 0.011.01 for IRIX allows local users to read arbitrary files via a symlink attack on the VOLICON file, which is copied to the .HSicon file in a shared directory.

Status:Entry
Reference: BID:3969
Reference: URL:http://www.securityfocus.com/bid/3969
Reference: BUGTRAQ:20020128 [ Hackerslab bug_paper ] Xkas application vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=101223525118717&w=2
Reference: SGI:20020604-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020604-01-I
Reference: XF:kashare-xkas-icon-symlink(8002)
Reference: URL:http://www.iss.net/security_center/static/8002.php

---

Name: CVE-2002-0226

Description:

retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID, which allows remote attackers to request a new password on behalf of another user and use the sessionID to calculate the new password for that user.

Status:Entry
Reference: BID:4014
Reference: URL:http://www.securityfocus.com/bid/4014
Reference: BUGTRAQ:20020201 Vulnerability in all versions of DCForum from dcscripts.com
Reference: URL:http://marc.info/?l=bugtraq&m=101258311519504&w=2
Reference: CONFIRM:http://www.dcscripts.com/bugtrac/DCForumID7/3.html
Reference: OSVDB:2038
Reference: URL:http://www.osvdb.org/2038
Reference: OSVDB:3866
Reference: URL:http://www.osvdb.org/3866
Reference: XF:dcforum-cgi-recover-passwords(8044)
Reference: URL:http://www.iss.net/security_center/static/8044.php

---

Name: CVE-2002-0237

Description:

Buffer overflow in ISS BlackICE Defender 2.9 and earlier, BlackICE Agent 3.0 and 3.1, and RealSecure Server Sensor 6.0.1 and 6.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a flood of large ICMP ping packets.

Status:Entry
Reference: BID:4025
Reference: URL:http://www.securityfocus.com/bid/4025
Reference: BUGTRAQ:20020204 Vulnerability in Black ICE Defender
Reference: URL:http://marc.info/?l=bugtraq&m=101286393404301&w=2
Reference: BUGTRAQ:20020206 Black ICE Ping Vulnerability Side Note
Reference: URL:http://marc.info/?l=bugtraq&m=101302424803268&w=2
Reference: BUGTRAQ:20020209 ALERT: ISS BlackICE Kernel Overflow Exploitable
Reference: URL:http://marc.info/?l=bugtraq&m=101321744807452&w=2
Reference: ISS:20020204 DoS and Potential Overflow Vulnerability in BlackICE Products
Reference: URL:http://www.iss.net/security_center/alerts/advise109.php
Reference: NTBUGTRAQ:20020209 ALERT: ISS BlackICE Kernel Overflow Exploitable
Reference: URL:http://marc.info/?l=ntbugtraq&m=101353165915171&w=2
Reference: XF:blackice-ping-flood-dos(8058)
Reference: URL:http://www.iss.net/security_center/static/8058.php

---

Name: CVE-2002-0241

Description:

NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 does not check the Expired or Disabled state of users in the Novell Directory Services (NDS), which could allow those users to authenticate to the server.

Status:Entry
Reference: BID:4048
Reference: URL:http://www.securityfocus.com/bid/4048
Reference: CISCO:20020207 Cisco Secure Access Control Server Novell Directory Service Expired/Disabled User Authentication Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/ciscosecure-acs-nds-authentication-vuln-pub.shtml
Reference: XF:ciscosecure-nds-authentication(8106)
Reference: URL:http://www.iss.net/security_center/static/8106.php

---

Name: CVE-2002-0246

Description:

Format string vulnerability in the message catalog library functions in UnixWare 7.1.1 allows local users to gain privileges by modifying the LC_MESSAGE environment variable to read other message catalogs containing format strings from setuid programs such as vxprint.

Status:Entry
Reference: BID:4060
Reference: URL:http://www.securityfocus.com/bid/4060
Reference: BUGTRAQ:20020210 Unixware Message catalog exploit code
Reference: URL:http://online.securityfocus.com/archive/1/255414
Reference: CALDERA:CSSA-2002-SCO.3
Reference: URL:ftp://stage.caldera.com/pub/security/unixware/CSSA-2002-SCO.3/CSSA-2002-SCO.3.txt
Reference: XF:unixware-msg-catalog-format-string(8113)
Reference: URL:http://www.iss.net/security_center/static/8113.php

---

Name: CVE-2002-0250

Description:

Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration and modify the administrator password.

Status:Entry
Reference: BID:4062
Reference: URL:http://www.securityfocus.com/bid/4062
Reference: BUGTRAQ:20020208 Hewlett Packard AdvanceStack Switch Managment Authentication Bypass Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=101318469216213&w=2
Reference: HP:HPSBUX0202-185
Reference: URL:http://online.securityfocus.com/advisories/3870
Reference: VULNWATCH:20020208 Hewlett Packard AdvanceStack Switch Managment Authentication Bypass Vulnerability
Reference: XF:hp-advancestack-bypass-auth(8124)
Reference: URL:http://www.iss.net/security_center/static/8124.php

---

Name: CVE-2002-0251

Description:

Buffer overflow in licq 1.0.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string of format string characters such as "%d".

Status:Entry
Reference: BID:4036
Reference: URL:http://www.securityfocus.com/bid/4036
Reference: BUGTRAQ:20020206 -Possible- licq D.o.S
Reference: URL:http://marc.info/?l=bugtraq&m=101301254432079&w=2
Reference: BUGTRAQ:20020208 RE: -Possible- licq D.o.S
Reference: URL:http://marc.info/?l=bugtraq&m=101318594420200&w=2
Reference: XF:licq-static-bo(8107)
Reference: URL:http://www.iss.net/security_center/static/8107.php

---

Name: CVE-2002-0265

Description:

Sawmill for Solaris 6.2.14 and earlier creates the AdminPassword file with world-writable permissions, which allows local users to gain privileges by modifying the file.

Status:Entry
Reference: BID:4077
Reference: URL:http://www.securityfocus.com/bid/4077
Reference: BUGTRAQ:20020211 Vulnerability in Sawmill for Solaris v. 6.2.14
Reference: URL:http://marc.info/?l=bugtraq&m=101346206921270&w=2
Reference: CONFIRM:http://www.sawmill.net/version_history.html
Reference: XF:sawmill-admin-password-insecure(8173)
Reference: URL:http://www.iss.net/security_center/static/8173.php

---

Name: CVE-2002-0267

Description:

preferences.php in Simple Internet Publishing System (SIPS) before 0.3.1 allows remote attackers to gain administrative privileges via a linebreak in the "theme" field followed by the Status::admin command, which causes the Status line to be entered into the password file.

Status:Entry
Reference: BID:4097
Reference: URL:http://www.securityfocus.com/bid/4097
Reference: BUGTRAQ:20020212 SIPS - vulnerable to anyone gaining admin access.
Reference: URL:http://marc.info/?l=bugtraq&m=101363233905645&w=2
Reference: CONFIRM:http://sips.sourceforge.net/adminvul.html
Reference: XF:sips-theme-admin-access(8193)
Reference: URL:http://www.iss.net/security_center/static/8193.php

---

Name: CVE-2002-0274

Description:

Exim 3.34 and earlier may allow local users to gain privileges via a buffer overflow in long -C (configuration file) and other command line arguments.

Status:Entry
Reference: BID:4096
Reference: URL:http://www.securityfocus.com/bid/4096
Reference: BUGTRAQ:20020213 Exim 3.34 and lower (fwd)
Reference: URL:http://marc.info/?l=bugtraq&m=101362618118598&w=2
Reference: MLIST:[exim-announce] 20020219 Exim 3.35 released
Reference: REDHAT:RHSA-2002:208
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-208.html
Reference: XF:exim-config-arg-bo(8194)
Reference: URL:http://www.iss.net/security_center/static/8194.php

---

Name: CVE-2002-0275

Description:

Falcon web server 2.0.0.1020 and earlier allows remote attackers to bypass authentication and read restricted files via an extra / (slash) in the requested URL.

Status:Entry
Reference: BID:4099
Reference: URL:http://www.securityfocus.com/bid/4099
Reference: BUGTRAQ:20020213 Falcon Web Server Authentication Circumvention Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=101363946626951&w=2
Reference: BUGTRAQ:20020526 [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=102253858809370&w=2
Reference: VULNWATCH:20020526 [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0082.html
Reference: XF:falcon-protected-dir-access(8189)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/8189

---

Name: CVE-2002-0276

Description:

Buffer overflow in various decoders in Ettercap 0.6.3.1 and earlier, when running on networks with an MTU greater than 2000, allows remote attackers to execute arbitrary code via large packets.

Status:Entry
Reference: BID:4104
Reference: URL:http://www.securityfocus.com/bid/4104
Reference: BUGTRAQ:20020213 [NGSEC-2002-1] Ettercap, remote root compromise
Reference: URL:http://marc.info/?l=bugtraq&m=101370874219511&w=2
Reference: CONFIRM:http://ettercap.sourceforge.net/index.php?s=history
Reference: VULNWATCH:20020213 [VulnWatch] [NGSEC-2002-1] Ettercap, remote root compromise
Reference: XF:ettercap-memcpy-bo(8200)
Reference: URL:http://www.iss.net/security_center/static/8200.php

---

Name: CVE-2002-0287

Description:

pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and gain administrator privileges via an SQL injection attack when the PHP server is not configured to use magic quotes by default.

Status:Entry
Reference: BID:4114
Reference: URL:http://www.securityfocus.com/bid/4114
Reference: BUGTRAQ:20020216 pforum: mysql-injection-bug
Reference: URL:http://marc.info/?l=bugtraq&m=101389284625019&w=2
Reference: CONFIRM:http://www.powie.de/news/index.php
Reference: XF:pforum-quotes-sql-injection(8203)
Reference: URL:http://www.iss.net/security_center/static/8203.php

---

Name: CVE-2002-0290

Description:

Buffer overflow in Netwin WebNews CGI program 1.1, Webnews.exe, allows remote attackers to execute arbitrary code via a long group argument.

Status:Entry
Reference: BID:4124
Reference: URL:http://www.securityfocus.com/bid/4124
Reference: BUGTRAQ:20020218 Netwin Webnews Buffer Overflow Vulnerability (#NISR18022002)
Reference: URL:http://marc.info/?l=bugtraq&m=101413521417638&w=2
Reference: CONFIRM:ftp://netwinsite.com/pub/webnews/beta/webnews11m_solaris.tar.Z
Reference: XF:webnews-cgi-group-bo(8220)
Reference: URL:http://www.iss.net/security_center/static/8220.php

---

Name: CVE-2002-0292

Description:

Cross-site scripting vulnerability in Slash before 2.2.5, as used in Slashcode and elsewhere, allows remote attackers to steal cookies and authentication information from other users via Javascript in a URL, possibly in the formkey field.

Status:Entry
Reference: BID:4116
Reference: URL:http://www.securityfocus.com/bid/4116
Reference: BUGTRAQ:20020219 [SA-2002:01] Slashcode login vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=101414005501708&w=2
Reference: XF:slashcode-site-xss(8221)
Reference: URL:http://www.iss.net/security_center/static/8221.php

---

Name: CVE-2002-0299

Description:

CNet CatchUp before 1.3.1 allows attackers to execute arbitrary code via a .RVP file that creates a file with an arbitrary extension (such as .BAT), which is executed during a scan.

Status:Entry
Reference: BID:3975
Reference: URL:http://www.securityfocus.com/bid/3975
Reference: BUGTRAQ:20020220 CNet CatchUp arbitrary code execution
Reference: URL:http://marc.info/?l=bugtraq&m=101438631921749&w=2
Reference: XF:cnet-catchup-gain-privileges(8035)
Reference: URL:http://www.iss.net/security_center/static/8035.php

---

Name: CVE-2002-0300

Description:

gnujsp 1.0.0 and 1.0.1 allows remote attackers to list directories, read source code of certain scripts, and bypass access restrictions by directly requesting the target file from the gnujsp servlet, which does not work around a limitation of JServ and does not process the requested file.

Status:Entry
Reference: BID:4125
Reference: URL:http://www.securityfocus.com/bid/4125
Reference: BUGTRAQ:20020219 gnujsp: dir- and script-disclosure
Reference: URL:http://marc.info/?l=bugtraq&m=101415804625292&w=2
Reference: BUGTRAQ:20020220 Re: gnujsp: dir- and script-disclosure
Reference: URL:http://marc.info/?l=bugtraq&m=101422432123898&w=2
Reference: DEBIAN:DSA-114
Reference: URL:http://www.debian.org/security/2002/dsa-114
Reference: XF:gnujsp-jserv-information-disclosure(8240)
Reference: URL:http://www.iss.net/security_center/static/8240.php

---

Name: CVE-2002-0302

Description:

The Notify daemon for Symantec Enterprise Firewall (SEF) 6.5.x drops large alerts when SNMP is used as the transport, which could prevent some alerts from being sent in the event of an attack.

Status:Entry
Reference: BID:4139
Reference: URL:http://www.securityfocus.com/bid/4139
Reference: BUGTRAQ:20020220 Symantec Enterprise Firewall (SEF) Notify Daemon data loss via SN MP
Reference: URL:http://marc.info/?l=bugtraq&m=101424225814604&w=2
Reference: CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.02.20a.html
Reference: XF:sef-snmp-notify-loss(8253)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/8253

---

Name: CVE-2002-0309

Description:

SMTP proxy in Symantec Enterprise Firewall (SEF) 6.5.x includes the firewall's physical interface name and address in an SMTP protocol exchange when NAT translation is made to an address other than the firewall, which could allow remote attackers to determine certain firewall configuration information.

Status:Entry
Reference: BID:4141
Reference: URL:http://www.securityfocus.com/bid/4141
Reference: BUGTRAQ:20020220 Symantec Enterprise Firewall (SEF) SMTP proxy inconsistencies
Reference: URL:http://marc.info/?l=bugtraq&m=101424307617060&w=2
Reference: BUGTRAQ:20020221 Symantec Enterprise Firewall (SEF) SMTP proxy inconsistencies
Reference: URL:http://marc.info/?l=bugtraq&m=101430810813853&w=2
Reference: CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.02.20.html
Reference: XF:sef-smtp-proxy-information(8251)
Reference: URL:http://www.iss.net/security_center/static/8251.php

---

Name: CVE-2002-0313

Description:

Buffer overflow in Essentia Web Server 2.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long URL.

Status:Entry
Reference: BID:4159
Reference: URL:http://www.securityfocus.com/bid/4159
Reference: BUGTRAQ:20020221 SecurityOffice Security Advisory:// Essentia Web Server DoS Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=101440530023617&w=2
Reference: BUGTRAQ:20020226 SecurityOffice Security Advisory:// Essentia Web Server Vulnerabilities (Vendor Patch)
Reference: URL:http://online.securityfocus.com/archive/1/258365
Reference: FULLDISC:20030704 Essentia Web Server 2.12 (Linux)
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2003-July/006231.html
Reference: XF:essentia-server-long-request-dos(8249)
Reference: URL:http://www.iss.net/security_center/static/8249.php

---

Name: CVE-2002-0318

Description:

FreeRADIUS RADIUS server allows remote attackers to cause a denial of service (CPU consumption) via a flood of Access-Request packets.

Status:Entry
Reference: BUGTRAQ:20020221 DoS Attack against many RADIUS servers
Reference: URL:http://marc.info/?l=bugtraq&m=101440113410083&w=2
Reference: XF:freeradius-access-request-dos(9968)
Reference: URL:http://www.iss.net/security_center/static/9968.php

---

Name: CVE-2002-0329

Description:

Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and earlier allows remote attackers to execute arbitrary script as other Forums 2000 users via Javascript in an IMG tag.

Status:Entry
Reference: BID:4192
Reference: URL:http://www.securityfocus.com/bid/4192
Reference: BUGTRAQ:20020227 RE: Open Bulletin Board javascript bug.
Reference: URL:http://marc.info/?l=bugtraq&m=101485184605149&w=2
Reference: BUGTRAQ:20020227 Snitz 2000 Code Patch (was RE: Open Bulletin Board javascript bug.)
Reference: URL:http://online.securityfocus.com/archive/1/258981
Reference: CERT-VN:VU#132011
Reference: URL:http://www.kb.cert.org/vuls/id/132011
Reference: CONFIRM:http://forum.snitz.com/forum/link.asp?TOPIC_ID=23660
Reference: XF:snitz-img-css(8309)
Reference: URL:http://www.iss.net/security_center/static/8309.php

---

Name: CVE-2002-0330

Description:

Cross-site scripting vulnerability in codeparse.php of Open Bulletin Board (OpenBB) 1.0.0 allows remote attackers to execute arbitrary script and steal cookies via Javascript in the IMG tag.

Status:Entry
Reference: BID:4171
Reference: URL:http://www.securityfocus.com/bid/4171
Reference: BUGTRAQ:20020225 Open Bulletin Board javascript bug.
Reference: URL:http://marc.info/?l=bugtraq&m=101466092601554&w=2
Reference: CONFIRM:http://community.iansoft.net/read.php?TID=5159
Reference: OSVDB:5658
Reference: URL:http://www.osvdb.org/5658
Reference: XF:openbb-img-css(8278)
Reference: URL:http://www.iss.net/security_center/static/8278.php

---

Name: CVE-2002-0339

Description:

Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF) enabled includes portions of previous packets in the padding of a MAC level packet when the MAC packet's length is less than the IP level packet length.

Status:Entry
Reference: BID:4191
Reference: URL:http://www.securityfocus.com/bid/4191
Reference: CERT-VN:VU#310387
Reference: URL:http://www.kb.cert.org/vuls/id/310387
Reference: CISCO:20020227 Cisco Security Advisory: Data Leak with Cisco Express Forwarding
Reference: URL:http://www.cisco.com/warp/public/707/IOS-CEF-pub.shtml
Reference: OSVDB:806
Reference: URL:http://www.osvdb.org/806
Reference: XF:ios-cef-information-leak(8296)
Reference: URL:http://www.iss.net/security_center/static/8296.php

---

Name: CVE-2002-0355

Description:

netstat in SGI IRIX before 6.5.12 allows local users to determine the existence of files on the system, even if the users do not have the appropriate permissions.

Status:Entry
Reference: BID:4682
Reference: URL:http://www.securityfocus.com/bid/4682
Reference: SGI:20020503-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020503-01-I
Reference: XF:irix-netstat-file-existence(9023)
Reference: URL:http://www.iss.net/security_center/static/9023.php

---

Name: CVE-2002-0356

Description:

Vulnerability in XFS filesystem reorganizer (fsr_xfs) in SGI IRIX 6.5.10 and earlier allows local users to gain root privileges by overwriting critical system files.

Status:Entry
Reference: BID:4706
Reference: URL:http://www.securityfocus.com/bid/4706
Reference: SGI:20020504-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020504-01-I
Reference: XF:irix-fsrxfs-gain-privileges(9042)
Reference: URL:http://www.iss.net/security_center/static/9042.php

---

Name: CVE-2002-0357

Description:

Unknown vulnerability in rpc.passwd in the nfs.sw.nis subsystem of SGI IRIX 6.5.15 and earlier allows local users to gain root privileges.

Status:Entry
Reference: BID:4939
Reference: URL:http://www.securityfocus.com/bid/4939
Reference: CERT-VN:VU#430419
Reference: URL:http://www.kb.cert.org/vuls/id/430419
Reference: CIAC:M-087
Reference: URL:http://www.ciac.org/ciac/bulletins/m-087.shtml
Reference: OSVDB:834
Reference: URL:http://www.osvdb.org/834
Reference: SGI:20020601-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020601-01-P
Reference: XF:irix-rpcpasswd-gain-privileges(9261)
Reference: URL:http://www.iss.net/security_center/static/9261.php

---

Name: CVE-2002-0358

Description:

MediaMail and MediaMail Pro in SGI IRIX 6.5.16 and earlier allows local users to force the program to dump core via certain arguments, which could allow the users to read sensitive data or gain privileges.

Status:Entry
Reference: BID:4959
Reference: URL:http://www.securityfocus.com/bid/4959
Reference: SGI:20020602-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020602-01-I
Reference: XF:irix-mediamail-core-dump(9292)
Reference: URL:http://www.iss.net/security_center/static/9292.php

---

Name: CVE-2002-0359

Description:

xfsmd for IRIX 6.5 through 6.5.16 uses weak authentication, which allows remote attackers to call dangerous RPC functions, including those that can mount or unmount xfs file systems, to gain root privileges.

Status:Entry
Reference: BID:5072
Reference: URL:http://www.securityfocus.com/bid/5072
Reference: BUGTRAQ:20020620 [LSD] IRIX rpc.xfsmd multiple remote root vulnerabilities
Reference: URL:http://marc.info/?l=bugtraq&m=102459162909825&w=2
Reference: CERT-VN:VU#521147
Reference: URL:http://www.kb.cert.org/vuls/id/521147
Reference: SGI:20020606-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020606-01-I
Reference: XF:irix-xfsmd-bypass-authentication(9401)
Reference: URL:http://www.iss.net/security_center/static/9401.php

---

Name: CVE-2002-0362

Description:

Buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows remote attackers to execute arbitrary code via a long AddExternalApp request and a TLV type greater than 0x2711.

Status:Entry
Reference: BID:4677
Reference: URL:http://www.securityfocus.com/bid/4677
Reference: BUGTRAQ:20020506 w00w00 on AOL Instant Messenger remote overflow #2
Reference: URL:http://marc.info/?l=bugtraq&m=102071080509955&w=2
Reference: VULNWATCH:20020506 [VulnWatch] w00w00 on AOL Instant Messenger remote overflow #2
Reference: XF:aim-addexternalapp-bo(9017)
Reference: URL:http://www.iss.net/security_center/static/9017.php

---

Name: CVE-2002-0363

Description:

ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice.

Status:Entry
Reference: BID:4937
Reference: URL:http://www.securityfocus.com/bid/4937
Reference: CALDERA:CSSA-2002-026.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-026.0.txt
Reference: MISC:http://www.ghostscript.com/pipermail/gs-code-review/2002-February/001900.html
Reference: MISC:http://www.ghostscript.com/pipermail/gs-code-review/2002-January/001801.html
Reference: REDHAT:RHSA-2002:083
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-083.html
Reference: REDHAT:RHSA-2002:123
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-123.html
Reference: REDHAT:RHSA-2003:209
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-209.html
Reference: XF:ghostscript-postscript-command-execution(9254)
Reference: URL:http://www.iss.net/security_center/static/9254.php

---

Name: CVE-2002-0364

Description:

Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise."

Status:Entry
Reference: BID:4855
Reference: URL:http://www.securityfocus.com/bid/4855
Reference: BUGTRAQ:20020612 ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow [AD20020612]
Reference: URL:http://marc.info/?l=bugtraq&m=102392069305962&w=2
Reference: BUGTRAQ:20020613 VNA - .HTR HEAP OVERFLOW
Reference: URL:http://online.securityfocus.com/archive/1/276767
Reference: CERT-VN:VU#313819
Reference: URL:http://www.kb.cert.org/vuls/id/313819
Reference: MS:MS02-028
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-028
Reference: NTBUGTRAQ:20020612 ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow
Reference: URL:http://marc.info/?l=ntbugtraq&m=102392308608100&w=2
Reference: OVAL:oval:org.mitre.oval:def:182
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A182
Reference: OVAL:oval:org.mitre.oval:def:29
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A29
Reference: VULNWATCH:20020612 ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow [AD20020612]
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0099.html
Reference: XF:iis-htr-chunked-encoding-bo(9327)
Reference: URL:http://www.iss.net/security_center/static/9327.php

---

Name: CVE-2002-0366

Description:

Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry.

Status:Entry
Reference: BID:4852
Reference: URL:http://www.securityfocus.com/bid/4852
Reference: BUGTRAQ:20020613 Microsoft RASAPI32.DLL
Reference: URL:http://online.securityfocus.com/archive/1/276776
Reference: BUGTRAQ:20020620 VPN and Q318138
Reference: URL:http://online.securityfocus.com/archive/1/278145
Reference: MISC:http://www.nextgenss.com/vna/ms-ras.txt
Reference: MS:MS02-029
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-029
Reference: OVAL:oval:org.mitre.oval:def:61
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A61
Reference: OVAL:oval:org.mitre.oval:def:63
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A63

---

Name: CVE-2002-0367

Description:

smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.

Status:Entry
Reference: BID:4287
Reference: URL:http://www.securityfocus.com/bid/4287
Reference: BUGTRAQ:20020314 Fwd: DebPloit (exploit)
Reference: URL:http://www.securityfocus.com/archive/1/262074
Reference: BUGTRAQ:20020326 Re: DebPloit (exploit)
Reference: URL:http://www.securityfocus.com/archive/1/264441
Reference: BUGTRAQ:20020327 Local Security Vulnerability in Windows NT and Windows 2000
Reference: URL:http://www.securityfocus.com/archive/1/264927
Reference: MS:MS02-024
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-024
Reference: NTBUGTRAQ:20020314 DebPloit (exploit)
Reference: URL:http://marc.info/?l=ntbugtraq&m=101614320402695&w=2
Reference: OVAL:oval:org.mitre.oval:def:158
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A158
Reference: OVAL:oval:org.mitre.oval:def:76
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A76
Reference: XF:win-debug-duplicate-handles(8462)
Reference: URL:http://www.iss.net/security_center/static/8462.php

---

Name: CVE-2002-0368

Description:

The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources."

Status:Entry
Reference: BID:4881
Reference: URL:http://www.securityfocus.com/bid/4881
Reference: MS:MS02-025
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-025
Reference: XF:exchange-msg-attribute-dos(9195)
Reference: URL:http://www.iss.net/security_center/static/9195.php

---

Name: CVE-2002-0369

Description:

Buffer overflow in ASP.NET Worker Process allows remote attackers to cause a denial of service (restart) and possibly execute arbitrary code via a routine that processes cookies while in StateServer mode.

Status:Entry
Reference: BID:4958
Reference: URL:http://www.securityfocus.com/bid/4958
Reference: MS:MS02-026
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-026
Reference: XF:ms-aspdotnet-stateserver-bo(9276)
Reference: URL:http://www.iss.net/security_center/static/9276.php

---

Name: CVE-2002-0372

Description:

Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's (IE) security mechanisms and run code via an executable .wma media file with a license installation requirement stored in the IE cache, aka the "Cache Path Disclosure via Windows Media Player".

Status:Entry
Reference: BID:5107
Reference: URL:http://www.securityfocus.com/bid/5107
Reference: MS:MS02-032
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-032
Reference: OVAL:oval:org.mitre.oval:def:281
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A281
Reference: XF:mediaplayer-cache-code-execution(9420)
Reference: URL:http://www.iss.net/security_center/static/9420.php

---

Name: CVE-2002-0373

Description:

The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service".

Status:Entry
Reference: BID:5109
Reference: URL:http://www.securityfocus.com/bid/5109
Reference: MS:MS02-032
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-032
Reference: XF:mediaplayer-wmdm-privilege-elevation(9421)
Reference: URL:http://www.iss.net/security_center/static/9421.php

---

Name: CVE-2002-0374

Description:

Format string vulnerability in the logging function for the pam_ldap PAM LDAP module before version 144 allows attackers to execute arbitrary code via format strings in the configuration file name.

Status:Entry
Reference: BID:4679
Reference: URL:http://www.securityfocus.com/bid/4679
Reference: BUGTRAQ:20020506 ldap vulnerabilities
Reference: BUGTRAQ:20021030 GLSA: pam_ldap
Reference: URL:http://marc.info/?l=bugtraq&m=103601912505261&w=2
Reference: CALDERA:CSSA-2002-041.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-041.0.txt
Reference: MANDRAKE:MDKSA-2002:075
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075
Reference: REDHAT:RHSA-2002:084
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-084.html
Reference: REDHAT:RHSA-2002:141
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-141.html
Reference: REDHAT:RHSA-2002:175
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-175.html
Reference: REDHAT:RHSA-2002:180
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-180.html
Reference: VULNWATCH:20020506 ldap vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0053.html
Reference: XF:pamldap-config-format-string(9018)
Reference: URL:http://www.iss.net/security_center/static/9018.php

---

Name: CVE-2002-0376

Description:

Buffer overflow in Apple QuickTime 5.0 ActiveX component allows remote attackers to execute arbitrary code via a long pluginspage field.

Status:Entry
Reference: ATSTAKE:A091002-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a091002-1.txt
Reference: BID:5685
Reference: URL:http://www.securityfocus.com/bid/5685
Reference: BUGTRAQ:20020925 Fwd: QuickTime for Windows ActiveX security advisory
Reference: URL:http://online.securityfocus.com/archive/1/293095
Reference: XF:quicktime-activex-pluginspage-bo(10077)
Reference: URL:http://www.iss.net/security_center/static/10077.php

---

Name: CVE-2002-0377

Description:

Gaim 0.57 stores sensitive information in world-readable and group-writable files in the /tmp directory, which allows local users to access MSN web email accounts of other users who run Gaim by reading authentication information from the files.

Status:Entry
Reference: BID:4730
Reference: URL:http://www.securityfocus.com/bid/4730
Reference: BUGTRAQ:20020512 Gaim abritary Email Reading
Reference: URL:http://marc.info/?l=bugtraq&m=102130733815285&w=2
Reference: CONFIRM:http://gaim.sourceforge.net/ChangeLog
Reference: VULN-DEV:20020511 Gaim abritary Email Reading
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0584.html
Reference: XF:gaim-email-access(9061)
Reference: URL:http://www.iss.net/security_center/static/9061.php

---

Name: CVE-2002-0379

Description:

Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request.

Status:Entry
Reference: BID:4713
Reference: URL:http://www.securityfocus.com/bid/4713
Reference: BUGTRAQ:20020510 wu-imap buffer overflow condition
Reference: URL:http://marc.info/?l=bugtraq&m=102107222100529&w=2
Reference: CALDERA:CSSA-2002-021.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-021.0.txt
Reference: CERT-VN:VU#961489
Reference: URL:http://www.kb.cert.org/vuls/id/961489
Reference: CONECTIVA:CLA-2002:487
Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000487
Reference: CONFIRM:http://www.washington.edu/imap/buffer.html
Reference: ENGARDE:ESA-20020607-013
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2120.html
Reference: HP:HPSBTL0205-043
Reference: URL:http://online.securityfocus.com/advisories/4167
Reference: MANDRAKE:MDKSA-2002:034
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-034.php
Reference: REDHAT:RHSA-2002:092
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-092.html
Reference: XF:wuimapd-authenticated-user-bo(10803)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10803
Reference: XF:wuimapd-partial-mailbox-bo(9055)
Reference: URL:http://www.iss.net/security_center/static/9055.php

---

Name: CVE-2002-0380

Description:

Buffer overflow in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via an NFS packet.

Status:Entry
Reference: BID:4890
Reference: URL:http://www.securityfocus.com/bid/4890
Reference: BUGTRAQ:20020606 TSLSA-2002-0055 - tcpdump
Reference: URL:http://marc.info/?l=bugtraq&m=102339541014226&w=2
Reference: CALDERA:CSSA-2002-025.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-025.0.txt
Reference: CONECTIVA:CLA-2002:491
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000491
Reference: DEBIAN:DSA-255
Reference: URL:http://www.debian.org/security/2003/dsa-255
Reference: FREEBSD:FreeBSD-SA-02:29
Reference: URL:http://marc.info/?l=bugtraq&m=102650721503642&w=2
Reference: HP:HPSBTL0205-044
Reference: URL:http://online.securityfocus.com/advisories/4169
Reference: REDHAT:RHSA-2002:094
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-094.html
Reference: REDHAT:RHSA-2002:121
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-121.html
Reference: REDHAT:RHSA-2003:214
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-214.html
Reference: XF:tcpdump-nfs-bo(9216)
Reference: URL:http://www.iss.net/security_center/static/9216.php

---

Name: CVE-2002-0381

Description:

The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP broadcast address.

Status:Entry
Reference: BID:4309
Reference: URL:http://www.securityfocus.com/bid/4309
Reference: BUGTRAQ:20020317 TCP Connections to a Broadcast Address on BSD-Based Systems
Reference: URL:http://online.securityfocus.com/archive/1/262733
Reference: CONFIRM:http://cvsweb.netbsd.org/bsdweb.cgi/syssrc/sys/netinet/tcp_input.c.diff?r1=1.136&r2=1.137
Reference: CONFIRM:http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/tcp_input.c.diff?r1=1.109&r2=1.110
Reference: MISC:http://www.FreeBSD.org/cgi/query-pr.cgi?pr=35022
Reference: OSVDB:5308
Reference: URL:http://www.osvdb.org/5308
Reference: SGI:20030604-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20030604-01-I
Reference: XF:bsd-broadcast-address(8485)
Reference: URL:http://www.iss.net/security_center/static/8485.php

---

Name: CVE-2002-0382

Description:

XChat IRC client allows remote attackers to execute arbitrary commands via a /dns command on a host whose DNS reverse lookup contains shell metacharacters.

Status:Entry
Reference: BID:4376
Reference: URL:http://www.securityfocus.com/bid/4376
Reference: BUGTRAQ:20020327 Xchat /dns command execution vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=101725430425490&w=2
Reference: CONECTIVA:CLA-2002:526
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000526
Reference: MANDRAKE:MDKSA-2002:051
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-051.php
Reference: REDHAT:RHSA-2002:097
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-097.html
Reference: REDHAT:RHSA-2002:124
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-124.html
Reference: XF:xchat-dns-execute-commands(8704)
Reference: URL:http://www.iss.net/security_center/static/8704.php

---

Name: CVE-2002-0384

Description:

Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows remote attackers to execute arbitrary code.

Status:Entry
Reference: BID:5406
Reference: URL:http://www.securityfocus.com/bid/5406
Reference: HP:HPSBTL0208-057
Reference: URL:http://online.securityfocus.com/advisories/4358
Reference: MANDRAKE:MDKSA-2002:054
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:054
Reference: OSVDB:3729
Reference: URL:http://www.osvdb.org/3729
Reference: REDHAT:RHSA-2002:098
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-098.html
Reference: REDHAT:RHSA-2002:107
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-107.html
Reference: REDHAT:RHSA-2002:122
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-122.html
Reference: REDHAT:RHSA-2003:156
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-156.html
Reference: XF:gaim-jabber-module-bo(9766)
Reference: URL:http://www.iss.net/security_center/static/9766.php

---

Name: CVE-2002-0387

Description:

Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module for Sun ONE Application Server before 6.5 allows remote attackers to execute arbitrary code via a long HTTP request URL.

Status:Entry
Reference: ATSTAKE:A031303-1
Reference: URL:http://www.atstake.com/research/advisories/2003/a031303-1.txt
Reference: BID:7082
Reference: URL:http://www.securityfocus.com/bid/7082
Reference: CIAC:N-064
Reference: URL:http://www.ciac.org/ciac/bulletins/n-064.shtml
Reference: SUNALERT:52022
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/52022
Reference: XF:sunone-gxnsapi6-bo(11529)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/11529

---

Name: CVE-2002-0389

Description:

Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives.

Status:Entry
Reference: BID:4538
Reference: URL:http://www.securityfocus.com/bid/4538
Reference: BUGTRAQ:20020417 Mailman/Pipermail private mailing list/local user vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=101902003314968&w=2
Reference: MISC:http://sourceforge.net/tracker/?func=detail&atid=100103&aid=474616&group_id=103
Reference: REDHAT:RHSA-2015:1417
Reference: URL:http://rhn.redhat.com/errata/RHSA-2015-1417.html
Reference: XF:pipermail-view-archives(8874)
Reference: URL:http://www.iss.net/security_center/static/8874.php

---

Name: CVE-2002-0391

Description:

Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.

Status:Entry
Reference: AIXAPAR:IY34194
Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q4/0002.html
Reference: BID:5356
Reference: URL:http://www.securityfocus.com/bid/5356
Reference: BUGTRAQ:20020731 Remote Buffer Overflow Vulnerability in Sun RPC
Reference: URL:http://marc.info/?l=bugtraq&m=102813809232532&w=2
Reference: BUGTRAQ:20020801 RPC analysis
Reference: URL:http://marc.info/?l=bugtraq&m=102821785316087&w=2
Reference: BUGTRAQ:20020802 MITKRB5-SA-2002-001: Remote root vulnerability in MIT krb5 admin
Reference: URL:http://marc.info/?l=bugtraq&m=102831443208382&w=2
Reference: BUGTRAQ:20020802 kerberos rpc xdr_array
Reference: URL:http://online.securityfocus.com/archive/1/285740
Reference: BUGTRAQ:20020803 OpenAFS Security Advisory 2002-001: Remote root vulnerability in OpenAFS servers
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0514.html
Reference: BUGTRAQ:20020909 GLSA: glibc
Reference: URL:http://marc.info/?l=bugtraq&m=103158632831416&w=2
Reference: CALDERA:CSSA-2002-055.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-055.0.txt
Reference: CERT:CA-2002-25
Reference: URL:http://www.cert.org/advisories/CA-2002-25.html
Reference: CERT-VN:VU#192995
Reference: URL:http://www.kb.cert.org/vuls/id/192995
Reference: CONECTIVA:CLA-2002:515
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000515
Reference: CONECTIVA:CLA-2002:535
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000535
Reference: DEBIAN:DSA-142
Reference: URL:http://www.debian.org/security/2002/dsa-142
Reference: DEBIAN:DSA-143
Reference: URL:http://www.debian.org/security/2002/dsa-143
Reference: DEBIAN:DSA-146
Reference: URL:http://www.debian.org/security/2002/dsa-146
Reference: DEBIAN:DSA-149
Reference: URL:http://www.debian.org/security/2002/dsa-149
Reference: DEBIAN:DSA-333
Reference: URL:http://www.debian.org/security/2003/dsa-333
Reference: ENGARDE:ESA-20021003-021
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2399.html
Reference: FREEBSD:FreeBSD-SA-02:34.rpc
Reference: URL:http://marc.info/?l=bugtraq&m=102821928418261&w=2
Reference: HP:HPSBTL0208-061
Reference: URL:http://online.securityfocus.com/advisories/4402
Reference: HP:HPSBUX0209-215
Reference: URL:http://archives.neohapsis.com/archives/hp/2002-q3/0077.html
Reference: ISS:20020731 Remote Buffer Overflow Vulnerability in Sun RPC
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20823
Reference: MANDRAKE:MDKSA-2002:057
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:057
Reference: MS:MS02-057
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-057
Reference: NETBSD:NetBSD-SA2002-011
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-011.txt.asc
Reference: OVAL:oval:org.mitre.oval:def:42
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A42
Reference: OVAL:oval:org.mitre.oval:def:4728
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4728
Reference: OVAL:oval:org.mitre.oval:def:9
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9
Reference: REDHAT:RHSA-2002:166
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-166.html
Reference: REDHAT:RHSA-2002:167
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-167.html
Reference: REDHAT:RHSA-2002:172
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-172.html
Reference: REDHAT:RHSA-2002:173
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-173.html
Reference: REDHAT:RHSA-2003:168
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-168.html
Reference: REDHAT:RHSA-2003:212
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-212.html
Reference: SGI:20020801-01-A
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020801-01-A
Reference: SGI:20020801-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020801-01-P
Reference: SUSE:SuSE-SA:2002:031
Reference: XF:sunrpc-xdr-array-bo(9170)
Reference: URL:http://www.iss.net/security_center/static/9170.php

---

Name: CVE-2002-0392

Description:

Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.

Status:Entry
Reference: BID:20005
Reference: URL:http://www.securityfocus.com/bid/20005
Reference: BID:5033
Reference: URL:http://www.securityfocus.com/bid/5033
Reference: BUGTRAQ:20020617 Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server
Reference: BUGTRAQ:20020617 Re: Remote Compromise Vulnerability in Apache HTTP Server
Reference: BUGTRAQ:20020618 Fixed version of Apache 1.3 available
Reference: BUGTRAQ:20020619 Implications of Apache vuln for Oracle
Reference: BUGTRAQ:20020619 Remote Apache 1.3.x Exploit
Reference: BUGTRAQ:20020619 [OpenPKG-SA-2002.004] OpenPKG Security Advisory (apache)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0235.html
Reference: BUGTRAQ:20020620 Apache Exploit
Reference: BUGTRAQ:20020620 TSLSA-2002-0056 - apache
Reference: BUGTRAQ:20020621 [SECURITY] Remote exploit for 32-bit Apache HTTP Server known
Reference: URL:http://online.securityfocus.com/archive/1/278149
Reference: BUGTRAQ:20020621 [slackware-security] new apache/mod_ssl packages available
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0266.html
Reference: BUGTRAQ:20020622 Ending a few arguments with one simple attachment.
Reference: BUGTRAQ:20020622 blowchunks - protecting existing apache servers until upgrades arrive
Reference: CALDERA:CSSA-2002-029.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-029.0.txt
Reference: CALDERA:CSSA-2002-SCO.31
Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.31
Reference: CALDERA:CSSA-2002-SCO.32
Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.32
Reference: CERT:CA-2002-17
Reference: URL:http://www.cert.org/advisories/CA-2002-17.html
Reference: CERT-VN:VU#944335
Reference: URL:http://www.kb.cert.org/vuls/id/944335
Reference: COMPAQ:SSRT2253
Reference: CONECTIVA:CLSA-2002:498
Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000498
Reference: CONFIRM:http://httpd.apache.org/info/security_bulletin_20020617.txt
Reference: DEBIAN:DSA-131
Reference: URL:http://www.debian.org/security/2002/dsa-131
Reference: DEBIAN:DSA-132
Reference: URL:http://www.debian.org/security/2002/dsa-132
Reference: DEBIAN:DSA-133
Reference: URL:http://www.debian.org/security/2002/dsa-133
Reference: ENGARDE:ESA-20020619-014
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2137.html
Reference: FRSIRT:ADV-2006-3598
Reference: URL:http://www.frsirt.com/english/advisories/2006/3598
Reference: HP:HPSBMA02149
Reference: URL:http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000083816475
Reference: HP:HPSBTL0206-049
Reference: URL:http://online.securityfocus.com/advisories/4240
Reference: HP:HPSBUX0207-197
Reference: URL:http://online.securityfocus.com/advisories/4257
Reference: HP:SSRT050968
Reference: URL:http://www2.itrc.hp.com/service/cki/docDisplay.do?docLocale=en_US&docId=200000083816475
Reference: ISS:20020617 Remote Compromise Vulnerability in Apache HTTP Server
Reference: MANDRAKE:MDKSA-2002:039
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:039
Reference: MLIST:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
Reference: URL:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
Reference: URL:https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
Reference: URL:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
Reference: URL:https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
Reference: OSVDB:838
Reference: URL:http://www.osvdb.org/838
Reference: REDHAT:RHSA-2002:103
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-103.html
Reference: REDHAT:RHSA-2002:117
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-117.html
Reference: REDHAT:RHSA-2002:118
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-118.html
Reference: REDHAT:RHSA-2002:126
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-126.html
Reference: REDHAT:RHSA-2002:150
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-150.html
Reference: REDHAT:RHSA-2003:106
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-106.html
Reference: SECUNIA:21917
Reference: URL:http://secunia.com/advisories/21917
Reference: SGI:20020605-01-A
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020605-01-A
Reference: SGI:20020605-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020605-01-I
Reference: SUSE:SuSE-SA:2002:022
Reference: URL:http://www.novell.com/linux/security/advisories/2002_22_apache.html
Reference: VULNWATCH:20020617 [VulnWatch] Apache httpd: vulnerability with chunked encoding
Reference: XF:apache-chunked-encoding-bo(9249)
Reference: URL:http://www.iss.net/security_center/static/9249.php

---

Name: CVE-2002-0394

Description:

Red-M 1050 (Bluetooth Access Point) uses case insensitive passwords, which makes it easier for attackers to conduct a brute force guessing attack due to the smaller space of possible passwords.

Status:Entry
Reference: ATSTAKE:A060502-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt
Reference: XF:redm-1050ap-insecure-passwords(9263)
Reference: URL:http://www.iss.net/security_center/static/9263.php

---

Name: CVE-2002-0395

Description:

The TFTP server for Red-M 1050 (Bluetooth Access Point) can not be disabled and makes it easier for remote attackers to crack the administration password via brute force methods.

Status:Entry
Reference: ATSTAKE:A060502-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt
Reference: XF:redm-1050ap-tftp-bruteforce(9264)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/9264

---

Name: CVE-2002-0396

Description:

The web management server for Red-M 1050 (Bluetooth Access Point) does not use session-based credentials to authenticate users, which allows attackers to connect to the server from the same IP address as a user who has already established a session.

Status:Entry
Reference: ATSTAKE:A060502-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt
Reference: BID:4940
Reference: URL:http://www.securityfocus.com/bid/4940
Reference: XF:redm-1050ap-insecure-session(9265)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/9265

---

Name: CVE-2002-0397

Description:

Red-M 1050 (Bluetooth Access Point) publicizes its name, IP address, and other information in UDP packets to a broadcast address, which allows any system on the network to obtain potentially sensitive information about the Access Point device by monitoring UDP port 8887.

Status:Entry
Reference: ATSTAKE:A060502-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt
Reference: XF:redm-1050ap-device-existence(9266)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/9266

---

Name: CVE-2002-0398

Description:

Red-M 1050 (Bluetooth Access Point) PPP server allows bonded users to cause a denial of service and possibly execute arbitrary code via a long user name.

Status:Entry
Reference: ATSTAKE:A060502-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a060502-1.txt
Reference: BID:4943
Reference: URL:http://www.securityfocus.com/bid/4943
Reference: XF:redm-1050ap-ppp-dos(9267)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/9267

---

Name: CVE-2002-0400

Description:

ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype.

Status:Entry
Reference: BID:4936
Reference: URL:http://www.securityfocus.com/bid/4936
Reference: CALDERA:CSSA-2002-SCO.24
Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.24.1/CSSA-2002-SCO.24.1.txt
Reference: CERT:CA-2002-15
Reference: URL:http://www.cert.org/advisories/CA-2002-15.html
Reference: CERT-VN:VU#739123
Reference: URL:http://www.kb.cert.org/vuls/id/739123
Reference: CONECTIVA:CLA-2002:494
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000494
Reference: CONFIRM:http://www.isc.org/index.pl?/sw/bind/bind-security.php
Reference: HP:HPSBUX0207-202
Reference: URL:http://archives.neohapsis.com/archives/hp/2002-q3/0022.html
Reference: ISS:20020604 Remote Denial of Service Vulnerability in ISC BIND
Reference: MANDRAKE:MDKSA-2002:038
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:038
Reference: REDHAT:RHSA-2002:105
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-105.html
Reference: REDHAT:RHSA-2002:119
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-119.html
Reference: REDHAT:RHSA-2003:154
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-154.html
Reference: SUSE:SuSE-SA:2002:021
Reference: URL:http://www.novell.com/linux/security/advisories/2002_21_bind9.html
Reference: XF:bind-findtype-dos(9250)
Reference: URL:http://www.iss.net/security_center/static/9250.php

---

Name: CVE-2002-0401

Description:

SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL pointer.

Status:Entry
Reference: BID:4806
Reference: URL:http://www.securityfocus.com/bid/4806
Reference: BUGTRAQ:20020529 Potential security issues in Ethereal
Reference: URL:http://marc.info/?l=bugtraq&m=102268626526119&w=2
Reference: CALDERA:CSSA-2002-037.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt
Reference: CONECTIVA:CLSA-2002:505
Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00004.html
Reference: DEBIAN:DSA-130
Reference: URL:http://www.debian.org/security/2002/dsa-130
Reference: REDHAT:RHSA-2002:036
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-036.html
Reference: REDHAT:RHSA-2002:088
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-088.html
Reference: XF:ethereal-smb-dissector-dos(9204)
Reference: URL:http://www.iss.net/security_center/static/9204.php

---

Name: CVE-2002-0402

Description:

Buffer overflow in X11 dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code while Ethereal is parsing keysyms.

Status:Entry
Reference: BID:4805
Reference: URL:http://www.securityfocus.com/bid/4805
Reference: BUGTRAQ:20020529 Potential security issues in Ethereal
Reference: URL:http://marc.info/?l=bugtraq&m=102268626526119&w=2
Reference: CALDERA:CSSA-2002-037.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt
Reference: CONECTIVA:CLSA-2002:505
Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00004.html
Reference: DEBIAN:DSA-130
Reference: URL:http://www.debian.org/security/2002/dsa-130
Reference: REDHAT:RHSA-2002:036
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-036.html
Reference: REDHAT:RHSA-2002:088
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-088.html
Reference: REDHAT:RHSA-2002:170
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-170.html
Reference: XF:ethereal-x11-dissector-bo(9203)
Reference: URL:http://www.iss.net/security_center/static/9203.php

---

Name: CVE-2002-0403

Description:

DNS dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet that causes Ethereal to enter an infinite loop.

Status:Entry
Reference: BID:4807
Reference: URL:http://www.securityfocus.com/bid/4807
Reference: BUGTRAQ:20020529 Potential security issues in Ethereal
Reference: URL:http://marc.info/?l=bugtraq&m=102268626526119&w=2
Reference: CALDERA:CSSA-2002-037.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt
Reference: CONECTIVA:CLSA-2002:505
Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00004.html
Reference: DEBIAN:DSA-130
Reference: URL:http://www.debian.org/security/2002/dsa-130
Reference: REDHAT:RHSA-2002:036
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-036.html
Reference: REDHAT:RHSA-2002:088
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-088.html
Reference: REDHAT:RHSA-2002:170
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-170.html
Reference: XF:ethereal-dns-dissector-dos(9205)
Reference: URL:http://www.iss.net/security_center/static/9205.php

---

Name: CVE-2002-0404

Description:

Vulnerability in GIOP dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (memory consumption).

Status:Entry
Reference: BID:4808
Reference: URL:http://www.securityfocus.com/bid/4808
Reference: BUGTRAQ:20020529 Potential security issues in Ethereal
Reference: URL:http://marc.info/?l=bugtraq&m=102268626526119&w=2
Reference: CALDERA:CSSA-2002-037.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-037.0.txt
Reference: CONECTIVA:CLSA-2002:505
Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000505
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00004.html
Reference: DEBIAN:DSA-130
Reference: URL:http://www.debian.org/security/2002/dsa-130
Reference: REDHAT:RHSA-2002:036
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-036.html
Reference: REDHAT:RHSA-2002:088
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-088.html
Reference: REDHAT:RHSA-2002:170
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-170.html
Reference: XF:ethereal-giop-dissector-dos(9206)
Reference: URL:http://www.iss.net/security_center/static/9206.php

---

Name: CVE-2002-0406

Description:

Menasoft SPHERE server 0.99x and 0.5x allows remote attackers to cause a denial of service by establishing a large number of connections to the server without providing login credentials, which prevents other users from being able to log in.

Status:Entry
Reference: BID:4258
Reference: URL:http://www.securityfocus.com/bid/4258
Reference: BUGTRAQ:20020302 Denial of Service in Sphereserver
Reference: URL:http://online.securityfocus.com/archive/1/259334
Reference: XF:sphereserver-connections-dos(8338)
Reference: URL:http://www.iss.net/security_center/static/8338.php

---

Name: CVE-2002-0412

Description:

Format string vulnerability in TraceEvent function for ntop before 2.1 allows remote attackers to execute arbitrary code by causing format strings to be injected into calls to the syslog function, via (1) an HTTP GET request, (2) a user name in HTTP authentication, or (3) a password in HTTP authentication.

Status:Entry
Reference: BID:4225
Reference: URL:http://www.securityfocus.com/bid/4225
Reference: BUGTRAQ:20020304 [H20020304]: Remotely exploitable format string vulnerability in ntop
Reference: URL:http://online.securityfocus.com/archive/1/259642
Reference: BUGTRAQ:20020411 ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT
Reference: URL:http://marc.info/?l=bugtraq&m=101854261030453&w=2
Reference: BUGTRAQ:20020411 re: gobbles ntop alert
Reference: URL:http://marc.info/?l=bugtraq&m=101856541322245&w=2
Reference: BUGTRAQ:20020417 segfault in ntop
Reference: URL:http://marc.info/?l=bugtraq&m=101908224609740&w=2
Reference: CONFIRM:http://snapshot.ntop.org/
Reference: MISC:http://listmanager.unipi.it/pipermail/ntop-dev/2002-February/000489.html
Reference: OSVDB:5307
Reference: URL:http://www.osvdb.org/5307
Reference: VULNWATCH:20020304 [VulnWatch] [H20020304]: Remotely exploitable format string vulnerability in ntop
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0056.html
Reference: XF:ntop-traceevent-format-string(8347)
Reference: URL:http://www.iss.net/security_center/static/8347.php

---

Name: CVE-2002-0414

Description:

KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4 packets.

Status:Entry
Reference: BID:4224
Reference: URL:http://www.securityfocus.com/bid/4224
Reference: BUGTRAQ:20020304 BSD: IPv4 forwarding doesn't consult inbound SPD in KAME-derived IPsec
Reference: URL:http://www.securityfocus.com/archive/1/259598
Reference: CONFIRM:http://orange.kame.net/dev/cvsweb.cgi/kame/CHANGELOG
Reference: OSVDB:5304
Reference: URL:http://www.osvdb.org/5304
Reference: VULNWATCH:20020304 [VulnWatch] BSD: IPv4 forwarding doesn't consult inbound SPD in KAME-derived IPsec
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0057.html
Reference: XF:kame-forged-packet-forwarding(8416)
Reference: URL:http://www.iss.net/security_center/static/8416.php

---

Name: CVE-2002-0423

Description:

Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a finger request from an IP address with a long hostname that is obtained via a reverse DNS lookup.

Status:Entry
Reference: BID:4239
Reference: URL:http://www.securityfocus.com/bid/4239
Reference: BUGTRAQ:20020306 efingerd remote buffer overflow and a dangerous feature
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0050.html
Reference: CONFIRM:http://melkor.dnp.fmph.uniba.sk/~garabik/efingerd/efingerd_1.5.tar.gz
Reference: XF:efingerd-reverse-lookup-bo(8380)
Reference: URL:http://www.iss.net/security_center/static/8380.php

---

Name: CVE-2002-0424

Description:

efingerd 1.61 and earlier, when configured without the -u option, executes .efingerd files as the efingerd user (typically "nobody"), which allows local users to gain privileges as the efingerd user by modifying their own .efingerd file and running finger.

Status:Entry
Reference: BID:4240
Reference: URL:http://www.securityfocus.com/bid/4240
Reference: BUGTRAQ:20020306 efingerd remote buffer overflow and a dangerous feature
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0050.html
Reference: CONFIRM:http://melkor.dnp.fmph.uniba.sk/~garabik/efingerd/efingerd_1.6.2.tar.gz
Reference: XF:efingerd-file-execution(8381)
Reference: URL:http://www.iss.net/security_center/static/8381.php

---

Name: CVE-2002-0425

Description:

mIRC DCC server protocol allows remote attackers to gain sensitive information such as alternate IRC nicknames via a "100 testing" message in a DCC connection request that cannot be ignored or canceled by the user, which may leak the alternate nickname in a response message.

Status:Entry
Reference: BID:4247
Reference: URL:http://www.securityfocus.com/bid/4247
Reference: BUGTRAQ:20020306 mIRC DCC Server Security Flaw
Reference: URL:http://online.securityfocus.com/archive/1/260244
Reference: OSVDB:5301
Reference: URL:http://www.osvdb.org/5301
Reference: XF:mirc-dcc-reveal-info(8393)
Reference: URL:http://www.iss.net/security_center/static/8393.php

---

Name: CVE-2002-0429

Description:

The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a a binary compatibility interface (lcall).

Status:Entry
Reference: BID:4259
Reference: URL:http://www.securityfocus.com/bid/4259
Reference: BUGTRAQ:20020308 linux <=2.4.18 x86 traps.c problem
Reference: URL:http://marc.info/?l=bugtraq&m=101561298818888&w=2
Reference: CONFIRM:http://www.openwall.com/linux/
Reference: DEBIAN:DSA-311
Reference: URL:http://www.debian.org/security/2003/dsa-311
Reference: DEBIAN:DSA-312
Reference: URL:http://www.debian.org/security/2003/dsa-312
Reference: DEBIAN:DSA-332
Reference: URL:http://www.debian.org/security/2003/dsa-332
Reference: DEBIAN:DSA-336
Reference: URL:http://www.debian.org/security/2003/dsa-336
Reference: DEBIAN:DSA-442
Reference: URL:http://www.debian.org/security/2004/dsa-442
Reference: REDHAT:RHSA-2002:158
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-158.html
Reference: XF:linux-ibcs-lcall-process(8420)
Reference: URL:http://www.iss.net/security_center/static/8420.php

---

Name: CVE-2002-0431

Description:

XTux allows remote attackers to cause a denial of service (CPU consumption) via random inputs in the initial connection.

Status:Entry
Reference: BID:4260
Reference: URL:http://www.securityfocus.com/bid/4260
Reference: BUGTRAQ:20020309 xtux server DoS.
Reference: URL:http://online.securityfocus.com/archive/1/260912
Reference: MISC:https://sourceforge.net/tracker/index.php?func=detail&aid=529046&group_id=206&atid=100206
Reference: XF:xtux-server-dos(8422)
Reference: URL:http://www.iss.net/security_center/static/8422.php

---

Name: CVE-2002-0435

Description:

Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a ".." directory that is higher than expected, possibly up to the root file system.

Status:Entry
Reference: BID:4266
Reference: URL:http://www.securityfocus.com/bid/4266
Reference: BUGTRAQ:20020310 GNU fileutils - recursive directory removal race condition
Reference: URL:http://www.securityfocus.com/archive/1/260936
Reference: CALDERA:CSSA-2002-018.1
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-018.1.txt
Reference: CONFIRM:http://mail.gnu.org/archive/html/bug-fileutils/2002-03/msg00028.html
Reference: MANDRAKE:MDKSA-2002:031
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-031.php
Reference: REDHAT:RHSA-2003:015
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-015.html
Reference: REDHAT:RHSA-2003:016
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-016.html
Reference: XF:gnu-fileutils-race-condition(8432)
Reference: URL:http://www.iss.net/security_center/static/8432.php

---

Name: CVE-2002-0437

Description:

Smsd in SMS Server Tools (SMStools) before 1.4.8 allows remote attackers to execute arbitrary commands via shell metacharacters (backquotes) in message text, as described with the term "string format vulnerability" by some sources.

Status:Entry
Reference: BID:4268
Reference: URL:http://www.securityfocus.com/bid/4268
Reference: BUGTRAQ:20020311 SMStools vulnerabilities in release before 1.4.8
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0103.html
Reference: CONFIRM:http://www.isis.de/members/~s.frings/smstools/history.html
Reference: XF:sms-tools-format-string(8433)
Reference: URL:http://www.iss.net/security_center/static/8433.php

---

Name: CVE-2002-0441

Description:

Directory traversal vulnerability in imlist.php for Php Imglist allows remote attackers to read arbitrary code via a .. (dot dot) in the cwd parameter.

Status:Entry
Reference: BID:4276
Reference: URL:http://www.securityfocus.com/bid/4276
Reference: BUGTRAQ:20020311 Directory traversal vulnerability in phpimglist
Reference: URL:http://www.securityfocus.com/archive/1/261221
Reference: CONFIRM:http://www.liquidpulse.net/get.lp?id=17
Reference: XF:phpimglist-dot-directory-traversal(8441)
Reference: URL:http://www.iss.net/security_center/static/8441.php

---

Name: CVE-2002-0442

Description:

Buffer overflow in dlvr_audit for Caldera OpenServer 5.0.5 and 5.0.6 allows local users to gain root privileges.

Status:Entry
Reference: BID:4273
Reference: URL:http://www.securityfocus.com/bid/4273
Reference: CALDERA:CSSA-2002-SCO.8
Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.8/CSSA-2002-SCO.8.txt
Reference: XF:openserver-dlvraudit-bo(8442)
Reference: URL:http://www.iss.net/security_center/static/8442.php

---

Name: CVE-2002-0443

Description:

Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords.

Status:Entry
Reference: BID:4256
Reference: URL:http://www.securityfocus.com/bid/4256
Reference: BUGTRAQ:20020307 Windows 2000 password policy bypass possibility
Reference: URL:http://online.securityfocus.com/archive/1/260704
Reference: XF:win2k-password-bypass-policy(8402)
Reference: URL:http://www.iss.net/security_center/static/8402.php

---

Name: CVE-2002-0444

Description:

Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies.

Status:Entry
Reference: BID:4464
Reference: URL:http://www.securityfocus.com/bid/4464
Reference: BUGTRAQ:20020408 Vulnerability: Windows2000Server running Terminalservices
Reference: URL:http://www.securityfocus.com/archive/1/266729
Reference: XF:win2k-terminal-bypass-policies(8813)
Reference: URL:http://www.iss.net/security_center/static/8813.php

---

Name: CVE-2002-0445

Description:

article.php in PHP FirstPost 0.1 allows allows remote attackers to obtain the full pathname of the server via an invalid post number in the post parameter, which leaks the pathname in an error message.

Status:Entry
Reference: BID:4274
Reference: URL:http://www.securityfocus.com/bid/4274
Reference: BUGTRAQ:20020312 [ARL02-A05] PHP FirstPost System Information Path Disclosure Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/261337
Reference: OSVDB:7170
Reference: URL:http://www.osvdb.org/7170
Reference: XF:phpfirstpost-path-disclosure(8434)
Reference: URL:http://www.iss.net/security_center/static/8434.php

---

Name: CVE-2002-0451

Description:

filemanager_forms.php in PHProjekt 3.1 and 3.1a allows remote attackers to execute arbitrary PHP code by specifying the URL to the code in the lib_path parameter.

Status:Entry
Reference: BID:4284
Reference: URL:http://www.securityfocus.com/bid/4284
Reference: BUGTRAQ:20020313 Command execution in phprojekt.
Reference: URL:http://www.securityfocus.com/archive/1/261676
Reference: CONFIRM:http://www.phprojekt.com/modules.php?op=modload&name=News&file=article&sid=19&mode=&order=
Reference: XF:phpprojekt-filemanager-include-files(8448)
Reference: URL:http://www.iss.net/security_center/static/8448.php

---

Name: CVE-2002-0454

Description:

Qpopper (aka in.qpopper or popper) 4.0.3 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a very large string, which causes an infinite loop.

Status:Entry
Reference: BID:4295
Reference: URL:http://www.securityfocus.com/bid/4295
Reference: BUGTRAQ:20020315 Bug in QPopper (All Versions?)
Reference: URL:http://www.securityfocus.com/archive/1/262213
Reference: CALDERA:CSSA-2002-SCO.20
Reference: CONFIRM:ftp://ftp.qualcomm.com/eudora/servers/unix/popper/qpopper4.0.4.tar.gz
Reference: XF:qpopper-qpopper-dos(8458)
Reference: URL:http://www.iss.net/security_center/static/8458.php

---

Name: CVE-2002-0462

Description:

bigsam_guestbook.php for Big Sam (Built-In Guestbook Stand-Alone Module) 1.1.08 and earlier allows remote attackers to cause a denial of service (CPU consumption) or obtain the absolute path of the web server via a displayBegin parameter with a very large number, which leaks the web path in an error message when PHP safe_mode is enabled, or consumes resources when safe_mode is not enabled.

Status:Entry
Reference: BID:4312
Reference: URL:http://www.securityfocus.com/bid/4312
Reference: BUGTRAQ:20020318 [ARL02-A11] Big Sam (Built-In Guestbook Stand-Alone Module) Multiple Vulnerabilities
Reference: URL:http://www.securityfocus.com/archive/1/262735
Reference: CONFIRM:http://www.gezzed.net/bigsam/bigsam.1_1_12.php.txt
Reference: OSVDB:5287
Reference: URL:http://www.osvdb.org/5287
Reference: OSVDB:5288
Reference: URL:http://www.osvdb.org/5288
Reference: XF:bigsam-displaybegin-dos(8478)
Reference: URL:http://www.iss.net/security_center/static/8478.php
Reference: XF:bigsam-safemode-path-disclosure(8479)
Reference: URL:http://www.iss.net/security_center/static/8479.php

---

Name: CVE-2002-0463

Description:

home.php in ARSC (Really Simple Chat) 1.0.1 and earlier allows remote attackers to determine the full pathname of the web server via an invalid language in the arsc_language parameter, which leaks the pathname in an error message.

Status:Entry
Reference: BID:4307
Reference: URL:http://www.securityfocus.com/bid/4307
Reference: BUGTRAQ:20020316 [ARL02-A07] ARSC Really Simple Chat System Information Path Disclosure Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/262652
Reference: BUGTRAQ:20020319 Re: [ARL02-A07] ARSC Really Simple Chat System Information Path Disclosure Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/262802
Reference: XF:arsc-language-path-disclosure(8472)
Reference: URL:http://www.iss.net/security_center/static/8472.php

---

Name: CVE-2002-0464

Description:

Directory traversal vulnerability in Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files and directories via a .. (dot dot) in arguments to (1) file_editor.asp, (2) folderactions.asp, or (3) editoractions.asp.

Status:Entry
Reference: BID:4311
Reference: URL:http://www.securityfocus.com/bid/4311
Reference: BUGTRAQ:20020318 Hosting Directory Traversal madness...
Reference: URL:http://www.securityfocus.com/archive/1/262734
Reference: CONFIRM:http://www.hostingcontroller.com/english/patches/ForAll/download/dot-slash.zip

---

Name: CVE-2002-0473

Description:

db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter.

Status:Entry
Reference: BID:4380
Reference: URL:http://www.securityfocus.com/bid/4380
Reference: BUGTRAQ:20020318 Re: phpBB2 remote execution command (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0221.html
Reference: BUGTRAQ:20020318 phpBB2 remote execution command
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0229.html
Reference: CONFIRM:http://prdownloads.sourceforge.net/phpbb/phpBB-2.0.1.zip
Reference: MISC:http://phpbb.sourceforge.net/phpBB2/viewtopic.php?t=9483
Reference: OSVDB:4268
Reference: URL:http://www.osvdb.org/4268
Reference: VULN-DEV:20020318 phpBB2 remote execution command
Reference: URL:http://online.securityfocus.com/archive/82/262600
Reference: XF:phpbb-db-command-execution(8476)
Reference: URL:http://www.iss.net/security_center/static/8476.php

---

Name: CVE-2002-0484

Description:

move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system.

Status:Entry
Reference: BID:4325
Reference: URL:http://www.securityfocus.com/bid/4325
Reference: BUGTRAQ:20020317 move_uploaded_file breaks safe_mode restrictions in PHP
Reference: URL:http://online.securityfocus.com/archive/1/262999
Reference: BUGTRAQ:20020321 Re: move_uploaded_file breaks safe_mode restrictions in PHP
Reference: URL:http://online.securityfocus.com/archive/1/263259
Reference: BUGTRAQ:20020322 Re: move_uploaded_file breaks safe_mode restrictions in PHP
Reference: URL:http://marc.info/?l=bugtraq&m=101683938806677&w=2
Reference: CONFIRM:http://bugs.php.net/bug.php?id=16128
Reference: XF:php-moveuploadedfile-create-files(8591)
Reference: URL:http://www.iss.net/security_center/static/8591.php

---

Name: CVE-2002-0488

Description:

Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the host parameter.

Status:Entry
Reference: BID:4332
Reference: URL:http://www.securityfocus.com/bid/4332
Reference: BUGTRAQ:20020321 PHP script: Penguin Traceroute, Remote Command Execution
Reference: URL:http://www.securityfocus.com/archive/1/263285
Reference: CONFIRM:http://www.linux-directory.com/scripts/traceroute.pl
Reference: XF:penguin-traceroute-command-execution(8600)
Reference: URL:http://www.iss.net/security_center/static/8600.php

---

Name: CVE-2002-0490

Description:

Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php.

Status:Entry
Reference: BID:4361
Reference: URL:http://www.securityfocus.com/bid/4361
Reference: BUGTRAQ:20020323 Instant Web Mail additional POP3 commands and mail headers
Reference: URL:http://www.securityfocus.com/archive/1/264041
Reference: CONFIRM:http://instantwebmail.sourceforge.net/#changeLog
Reference: XF:instant-webmail-pop-commands(8650)
Reference: URL:http://www.iss.net/security_center/static/8650.php

---

Name: CVE-2002-0493

Description:

Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.

Status:Entry
Reference: BUGTRAQ:20020325 re: Tomcat Security Exposure
Reference: URL:http://marc.info/?l=bugtraq&m=101709002410365&w=2
Reference: MISC:http://www.apachelabs.org/tomcat-dev/200108.mbox/%3C20010810000819.6350.qmail@icarus.apache.org%3E
Reference: MLIST:[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
Reference: URL:https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
Reference: MLIST:[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
Reference: URL:https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
Reference: MLIST:[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/
Reference: URL:https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
Reference: XF:tomcat-xml-bypass-restrictions(9863)
Reference: URL:http://www.iss.net/security_center/static/9863.php

---

Name: CVE-2002-0494

Description:

Cross-site scripting vulnerability in WebSight Directory System 0.1 allows remote attackers to execute arbitrary Javascript and gain access to the WebSight administrator via a new link submission containing the script in a website name.

Status:Entry
Reference: BID:4357
Reference: URL:http://www.securityfocus.com/bid/4357
Reference: BUGTRAQ:20020325 WebSight Directory System: cross-site-scripting bug
Reference: URL:http://www.securityfocus.com/archive/1/263914
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=163389
Reference: XF:websight-directory-system-css(8624)
Reference: URL:http://www.iss.net/security_center/static/8624.php

---

Name: CVE-2002-0495

Description:

csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi.

Status:Entry
Reference: BID:4368
Reference: URL:http://www.securityfocus.com/bid/4368
Reference: BUGTRAQ:20020325 CGIscript.net - csSearch.cgi - Remote Code Execution (up to 17,000 sites vulnerable)
Reference: URL:http://www.securityfocus.com/archive/1/264169
Reference: MISC:http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=7
Reference: XF:cssearch-url-execute-commands(8636)
Reference: URL:http://www.iss.net/security_center/static/8636.php

---

Name: CVE-2002-0497

Description:

Buffer overflow in mtr 0.46 and earlier, when installed setuid root, allows local users to access a raw socket via a long MTR_OPTIONS environment variable.

Status:Entry
Reference: BID:4217
Reference: URL:http://www.securityfocus.com/bid/4217
Reference: BUGTRAQ:20020306 mtr 0.45, 0.46
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0048.html
Reference: DEBIAN:DSA-124
Reference: URL:http://www.debian.org/security/2002/dsa-124
Reference: XF:mtr-options-bo(8367)
Reference: URL:http://www.iss.net/security_center/static/8367.php

---

Name: CVE-2002-0501

Description:

Format string vulnerability in log_print() function of Posadis DNS server before version m5pre2 allows local users and possibly remote attackers to execute arbitrary code via format strings that are inserted into logging messages.

Status:Entry
Reference: BID:4378
Reference: URL:http://www.securityfocus.com/bid/4378
Reference: BUGTRAQ:20020327 Format String Bug in Posadis DNS Server
Reference: URL:http://online.securityfocus.com/archive/1/264450
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=165094
Reference: OSVDB:3516
Reference: URL:http://www.osvdb.org/3516
Reference: XF:posadis-logging-format-string(8653)
Reference: URL:http://www.iss.net/security_center/static/8653.php

---

Name: CVE-2002-0505

Description:

Memory leak in the Call Telephony Integration (CTI) Framework authentication for Cisco CallManager 3.0 and 3.1 before 3.1(3) allows remote attackers to cause a denial of service (crash and reload) via a series of authentication failures, e.g. via incorrect passwords.

Status:Entry
Reference: BID:4370
Reference: URL:http://www.securityfocus.com/bid/4370
Reference: CISCO:20020327 LDAP Connection Leak in CTI when User Authentication Fails
Reference: URL:http://www.cisco.com/warp/public/707/callmanager-ctifw-leak-pub.shtml
Reference: XF:cisco-cti-memory-leak(8655)
Reference: URL:http://www.iss.net/security_center/static/8655.php

---

Name: CVE-2002-0506

Description:

Buffer overflow in newt.c of newt windowing library (libnewt) 0.50.33 and earlier may allow attackers to cause a denial of service or execute arbitrary code in setuid programs that use libnewt.

Status:Entry
Reference: BID:4393
Reference: URL:http://www.securityfocus.com/bid/4393
Reference: BUGTRAQ:20020328 A possible buffer overflow in libnewt
Reference: URL:http://online.securityfocus.com/archive/1/264699
Reference: XF:libnewt-bo(8700)
Reference: URL:http://www.iss.net/security_center/static/8700.php

---

Name: CVE-2002-0511

Description:

The default configuration of Name Service Cache Daemon (nscd) in Caldera OpenLinux 3.1 and 3.1.1 uses cached PTR records instead of consulting the authoritative DNS server for the A record, which could make it easier for remote attackers to bypass applications that restrict access based on host names.

Status:Entry
Reference: BID:4399
Reference: URL:http://www.securityfocus.com/bid/4399
Reference: CALDERA:CSSA-2002-013.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2002-013.0.txt
Reference: XF:nscd-dns-ptr-validation(8745)
Reference: URL:http://www.iss.net/security_center/static/8745.php

---

Name: CVE-2002-0512

Description:

startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the LD_LIBRARY_PATH environment variable to include the current working directory, which could allow local users to gain privileges of other users running startkde via Trojan horse libraries.

Status:Entry
Reference: BID:4400
Reference: URL:http://www.securityfocus.com/bid/4400
Reference: CALDERA:CSSA-2002-005.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2002-005.0.txt
Reference: XF:kde-startkde-search-directory(8737)
Reference: URL:http://www.iss.net/security_center/static/8737.php

---

Name: CVE-2002-0513

Description:

The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.

Status:Entry
Reference: BID:4412
Reference: URL:http://www.securityfocus.com/bid/4412
Reference: BUGTRAQ:20020330 popper_mod 1.2.1 and previous accounts compromise
Reference: URL:http://online.securityfocus.com/archive/1/265438
Reference: CONFIRM:http://www.symatec-computer.com/forums/viewtopic.php?t=14
Reference: XF:symatec-popper-admin-access(8746)
Reference: URL:http://www.iss.net/security_center/static/8746.php

---

Name: CVE-2002-0516

Description:

SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie.

Status:Entry
Reference: BID:4385
Reference: URL:http://www.securityfocus.com/bid/4385
Reference: BUGTRAQ:20020327 squirrelmail 1.2.5 email user can execute command
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0350.html
Reference: BUGTRAQ:20020331 Re: squirrelmail 1.2.5 email user can execute command
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-03/0386.html
Reference: XF:squirrelmail-theme-command-execution(8671)
Reference: URL:http://www.iss.net/security_center/static/8671.php

---

Name: CVE-2002-0531

Description:

Directory traversal vulnerability in emumail.cgi in EMU Webmail 4.5.x and 5.1.0 allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in the type parameter.

Status:Entry
Reference: BID:4435
Reference: URL:http://www.securityfocus.com/bid/4435
Reference: BUGTRAQ:20020403 emumail.cgi
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0066.html
Reference: CONFIRM:http://www.emumail.com/downloads/download_unix.html/
Reference: XF:emumail-cgi-view-files(8766)
Reference: URL:http://www.iss.net/security_center/static/8766.php

---

Name: CVE-2002-0532

Description:

EMU Webmail allows local users to execute arbitrary programs via a .. (dot dot) in the HTTP Host header that points to a Trojan horse configuration file that contains a pageroot specifier that contains shell metacharacters.

Status:Entry
Reference: BID:4488
Reference: URL:http://www.securityfocus.com/bid/4488
Reference: BUGTRAQ:20020410 Re: emumail.cgi, one more local vulnerability (not verified)
Reference: URL:http://online.securityfocus.com/archive/1/266930
Reference: OSVDB:5270
Reference: URL:http://www.osvdb.org/5270
Reference: XF:emumail-http-host-execute(8836)
Reference: URL:http://www.iss.net/security_center/static/8836.php

---

Name: CVE-2002-0536

Description:

PHPGroupware 0.9.12 and earlier, when running with the magic_quotes_gpc feature disabled, allows remote attackers to compromise the database via a SQL injection attack.

Status:Entry
Reference: BID:4424
Reference: URL:http://www.securityfocus.com/bid/4424
Reference: BUGTRAQ:20020403 SQL injection in PHPGroupware
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0036.html
Reference: BUGTRAQ:20020411 Re: SQL injection in PHPGroupware
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0143.html
Reference: OSVDB:5153
Reference: URL:http://www.osvdb.org/5153
Reference: XF:phpgroupware-sql-injection(8755)
Reference: URL:http://www.iss.net/security_center/static/8755.php

---

Name: CVE-2002-0538

Description:

FTP proxy in Symantec Raptor Firewall 6.5.3 and Enterprise 7.0 rewrites an FTP server's "FTP PORT" responses in a way that allows remote attackers to redirect FTP data connections to arbitrary ports, a variant of the "FTP bounce" vulnerability.

Status:Entry
Reference: BID:4522
Reference: URL:http://www.securityfocus.com/bid/4522
Reference: BUGTRAQ:20020415 Raptor Firewall FTP Bounce vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0166.html
Reference: BUGTRAQ:20020417 Re: Raptor Firewall FTP Bounce vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0224.html
Reference: CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.04.17.html
Reference: XF:raptor-firewall-ftp-bounce(8847)
Reference: URL:http://www.iss.net/security_center/static/8847.php

---

Name: CVE-2002-0539

Description:

Demarc PureSecure 1.05 allows remote attackers to gain administrative privileges via a SQL injection attack in a session ID that is stored in the s_key cookie.

Status:Entry
Reference: BID:4520
Reference: URL:http://www.securityfocus.com/bid/4520
Reference: BUGTRAQ:20020415 Demarc PureSecure 1.05 may be other (user can bypass login)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0168.html
Reference: BUGTRAQ:20020417 Demarc Security Update Advisory
Reference: URL:http://online.securityfocus.com/archive/1/267941
Reference: OSVDB:5239
Reference: URL:http://www.osvdb.org/5239
Reference: XF:puresecure-sql-injection(8854)
Reference: URL:http://www.iss.net/security_center/static/8854.php

---

Name: CVE-2002-0542

Description:

mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cron.

Status:Entry
Reference: BID:4495
Reference: URL:http://www.securityfocus.com/bid/4495
Reference: BUGTRAQ:20020411 OpenBSD Local Root Compromise
Reference: URL:http://marc.info/?l=bugtraq&m=101855467811695&w=2
Reference: BUGTRAQ:20020411 local root compromise in openbsd 3.0 and below
Reference: URL:http://online.securityfocus.com/archive/1/267089
Reference: CONFIRM:http://www.openbsd.org/errata30.html#mail
Reference: OSVDB:5269
Reference: URL:http://www.osvdb.org/5269
Reference: XF:openbsd-mail-root-privileges(8818)
Reference: URL:http://www.iss.net/security_center/static/8818.php

---

Name: CVE-2002-0543

Description:

Directory traversal vulnerability in Aprelium Abyss Web Server (abyssws) before 1.0.0.2 allows remote attackers to read files outside the web root, including the abyss.conf file, via URL-encoded .. (dot dot) sequences in the HTTP request.

Status:Entry
Reference: BID:4466
Reference: URL:http://www.securityfocus.com/bid/4466
Reference: BUGTRAQ:20020409 Abyss Webserver 1.0 Administration password file retrieval exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0110.html
Reference: CONFIRM:http://www.aprelium.com/forum/viewtopic.php?t=24
Reference: XF:abyss-unicode-directory-traversal(8805)
Reference: URL:http://www.iss.net/security_center/static/8805.php

---

Name: CVE-2002-0545

Description:

Cisco Aironet before 11.21 with Telnet enabled allows remote attackers to cause a denial of service (reboot) via a series of login attempts with invalid usernames and passwords.

Status:Entry
Reference: BID:4461
Reference: URL:http://www.securityfocus.com/bid/4461
Reference: CISCO:20020409 Aironet Telnet Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/Aironet-Telnet.shtml
Reference: XF:cisco-aironet-telnet-dos(8788)
Reference: URL:http://www.iss.net/security_center/static/8788.php

---

Name: CVE-2002-0546

Description:

Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attackers to execute script via an ID3v1 or ID3v2 tag in an MP3 file.

Status:Entry
Reference: BID:4414
Reference: URL:http://www.securityfocus.com/bid/4414
Reference: BUGTRAQ:20020403 Re: Winamp: Mp3 file can control the minibrowser
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0049.html
Reference: BUGTRAQ:20020403 Winamp: Mp3 file can control the minibrowser
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0026.html
Reference: XF:winamp-mp3-browser-css(8753)
Reference: URL:http://www.iss.net/security_center/static/8753.php

---

Name: CVE-2002-0553

Description:

Cross-site scripting vulnerability in SunShop 2.5 and earlier allows remote attackers to gain administrative privileges to SunShop by injecting the script into fields during new customer registration.

Status:Entry
Reference: BID:4506
Reference: URL:http://www.securityfocus.com/bid/4506
Reference: BUGTRAQ:20020413 SunSop: cross-site-scripting bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0154.html
Reference: XF:sunshop-new-cust-css(8840)
Reference: URL:http://www.iss.net/security_center/static/8840.php

---

Name: CVE-2002-0567

Description:

Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process.

Status:Entry
Reference: BID:4033
Reference: URL:http://www.securityfocus.com/bid/4033
Reference: BUGTRAQ:20020206 Remote Compromise in Oracle 9i Database Server
Reference: URL:http://marc.info/?l=bugtraq&m=101301332402079&w=2
Reference: CERT:CA-2002-08
Reference: URL:http://www.cert.org/advisories/CA-2002-08.html
Reference: CERT-VN:VU#180147
Reference: URL:http://www.kb.cert.org/vuls/id/180147
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/plsextproc_alert.pdf
Reference: XF:oracle-plsql-remote-access(8089)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/8089

---

Name: CVE-2002-0569

Description:

Oracle 9i Application Server allows remote attackers to bypass access restrictions for configuration files via a direct request to the XSQL Servlet (XSQLServlet).

Status:Entry
Reference: BID:4298
Reference: URL:http://www.securityfocus.com/bid/4298
Reference: BUGTRAQ:20020206 Hackproofing Oracle Application Server paper
Reference: URL:http://marc.info/?l=bugtraq&m=101301813117562&w=2
Reference: CERT:CA-2002-08
Reference: URL:http://www.cert.org/advisories/CA-2002-08.html
Reference: CERT-VN:VU#977251
Reference: URL:http://www.kb.cert.org/vuls/id/977251
Reference: MISC:http://www.nextgenss.com/papers/hpoas.pdf
Reference: XF:oracle-appserver-config-file-access(8453)
Reference: URL:http://www.iss.net/security_center/static/8453.php

---

Name: CVE-2002-0571

Description:

Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax.

Status:Entry
Reference: BID:4523
Reference: URL:http://www.securityfocus.com/bid/4523
Reference: BUGTRAQ:20020416 ansi outer join syntax in Oracle allows access to any data
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0175.html
Reference: CIAC:M-071
Reference: URL:http://www.ciac.org/ciac/bulletins/m-071.shtml
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/sql_joins_alert.pdf
Reference: OSVDB:5236
Reference: URL:http://www.osvdb.org/5236
Reference: XF:oracle-ansi-sql-bypass-acl(8855)
Reference: URL:http://www.iss.net/security_center/static/8855.php

---

Name: CVE-2002-0573

Description:

Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command cannot be executed.

Status:Entry
Reference: BID:4639
Reference: URL:http://www.securityfocus.com/bid/4639
Reference: BUGTRAQ:20020430 Adivosry + Exploit for Remote Root Hole in Default Installation of Popular Commercial Operating System
Reference: URL:http://online.securityfocus.com/archive/1/270268
Reference: CERT:CA-2002-10
Reference: URL:http://www.cert.org/advisories/CA-2002-10.html
Reference: CERT-VN:VU#638099
Reference: URL:http://www.kb.cert.org/vuls/id/638099
Reference: OSVDB:778
Reference: URL:http://www.osvdb.org/778
Reference: OVAL:oval:org.mitre.oval:def:41
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A41
Reference: OVAL:oval:org.mitre.oval:def:79
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A79
Reference: VULNWATCH:20020430 [VulnWatch] Adivosry + Exploit for Remote Root Hole in Default Installation of Popular Commercial Operating System
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0049.html
Reference: XF:solaris-rwall-format-string(8971)
Reference: URL:http://www.iss.net/security_center/static/8971.php

---

Name: CVE-2002-0574

Description:

Memory leak in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (memory exhaustion) via ICMP echo packets that trigger a bug in ip_output() in which the reference count for a routing table entry is not decremented, which prevents the entry from being removed.

Status:Entry
Reference: BID:4539
Reference: URL:http://www.securityfocus.com/bid/4539
Reference: FREEBSD:FreeBSD-SA-02:21
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:21.tcpip.asc
Reference: OSVDB:5232
Reference: URL:http://www.osvdb.org/5232
Reference: XF:freebsd-icmp-echo-reply-dos(8893)
Reference: URL:http://www.iss.net/security_center/static/8893.php

---

Name: CVE-2002-0575

Description:

Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges.

Status:Entry
Reference: BID:4560
Reference: URL:http://www.securityfocus.com/bid/4560
Reference: BUGTRAQ:20020419 OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow
Reference: URL:http://online.securityfocus.com/archive/1/268718
Reference: BUGTRAQ:20020420 OpenSSH Security Advisory (adv.token)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0298.html
Reference: BUGTRAQ:20020426 Revised OpenSSH Security Advisory (adv.token)
Reference: URL:http://online.securityfocus.com/archive/1/269701
Reference: BUGTRAQ:20020429 TSLSA-2002-0047 - openssh
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0394.html
Reference: BUGTRAQ:20020517 OpenSSH 3.2.2 released (fwd)
Reference: URL:http://marc.info/?l=bugtraq&m=102167972421837&w=2
Reference: CALDERA:CSSA-2002-022.2
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-022.2.txt
Reference: OSVDB:781
Reference: URL:http://www.osvdb.org/781
Reference: VULN-DEV:20020419 OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow
Reference: URL:http://marc.info/?l=vuln-dev&m=101924296115863&w=2
Reference: XF:openssh-sshd-kerberos-bo(8896)
Reference: URL:http://www.iss.net/security_center/static/8896.php

---

Name: CVE-2002-0576

Description:

ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message.

Status:Entry
Reference: BID:4542
Reference: URL:http://www.securityfocus.com/bid/4542
Reference: BUGTRAQ:20020418 KPMG-2002013: Coldfusion Path Disclosure
Reference: URL:http://online.securityfocus.com/archive/1/268263
Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=22906
Reference: OSVDB:3337
Reference: URL:http://www.osvdb.org/3337
Reference: VULNWATCH:20020418 [VulnWatch] KPMG-2002013: Coldfusion Path Disclosure
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0028.html
Reference: XF:coldfusion-dos-device-path-disclosure(8866)
Reference: URL:http://www.iss.net/security_center/static/8866.php

---

Name: CVE-2002-0594

Description:

Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect.

Status:Entry
Reference: BID:4640
Reference: URL:http://www.securityfocus.com/bid/4640
Reference: BUGTRAQ:20020430 RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS)
Reference: URL:http://online.securityfocus.com/archive/1/270249
Reference: CONECTIVA:CLA-2002:490
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000490
Reference: REDHAT:RHSA-2002:192
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-192.html
Reference: REDHAT:RHSA-2003:046
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-046.html
Reference: XF:mozilla-css-files-exist(8977)
Reference: URL:http://www.iss.net/security_center/static/8977.php

---

Name: CVE-2002-0597

Description:

LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445.

Status:Entry
Reference: BID:4532
Reference: URL:http://www.securityfocus.com/bid/4532
Reference: BUGTRAQ:20020417 KPMG-2002011: Windows 2000 microsoft-ds Denial of Service
Reference: URL:http://online.securityfocus.com/archive/1/268066
Reference: CERT-VN:VU#693099
Reference: URL:http://www.kb.cert.org/vuls/id/693099
Reference: MSKB:Q320751
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q320751
Reference: OSVDB:5179
Reference: URL:http://www.osvdb.org/5179
Reference: VULNWATCH:20020417 [VulnWatch] KPMG-2002011: Windows 2000 microsoft-ds Denial of Service
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0025.html
Reference: XF:win2k-lanman-dos(8867)
Reference: URL:http://www.iss.net/security_center/static/8867.php

---

Name: CVE-2002-0598

Description:

Format string vulnerability in Foundstone FScan 1.12 with banner grabbing enabled allows remote attackers to execute arbitrary code on the scanning system via format string specifiers in the server banner.

Status:Entry
Reference: BID:4549
Reference: URL:http://www.securityfocus.com/bid/4549
Reference: BUGTRAQ:20020419 KPMG-2002014: Foundstone Fscan Format String Bug
Reference: URL:http://online.securityfocus.com/archive/1/268581
Reference: BUGTRAQ:20020501 FW: Fscan advisory (fwd)
Reference: CONFIRM:http://www.foundstone.com/knowledge/fscan112_advisory.html
Reference: VULNWATCH:20020419 KPMG-2002014: Foundstone Fscan Format String Bug
Reference: XF:fscan-banner-format-string(8895)
Reference: URL:http://www.iss.net/security_center/static/8895.php

---

Name: CVE-2002-0599

Description:

Blahz-DNS 0.2 and earlier allows remote attackers to bypass authentication and modify configuration by directly requesting CGI programs such as dostuff.php instead of going through the login screen.

Status:Entry
Reference: BID:4618
Reference: URL:http://www.securityfocus.com/bid/4618
Reference: BUGTRAQ:20020428 Blahz-DNS: Authentication bypass vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0395.html
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=87004
Reference: OSVDB:5178
Reference: URL:http://www.osvdb.org/5178
Reference: XF:blahzdns-auth-bypass(8951)
Reference: URL:http://www.iss.net/security_center/static/8951.php

---

Name: CVE-2002-0601

Description:

ISS RealSecure Network Sensor 5.x through 6.5 allows remote attackers to cause a denial of service (crash) via malformed DHCP packets that cause RealSecure to dereference a null pointer.

Status:Entry
Reference: BID:4649
Reference: URL:http://www.securityfocus.com/bid/4649
Reference: BUGTRAQ:20020430 ISS Advisory: Remote Denial of Service Vulnerability in RealSecure Network Sensor
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0420.html
Reference: ISS:20020430 Remote Denial of Service Vulnerability in RealSecure Network Sensor
Reference: URL:http://www.iss.net/security_center/alerts/advise116.php
Reference: OSVDB:5165
Reference: URL:http://www.osvdb.org/5165
Reference: XF:rs-ns-dhcp-dos(8961)
Reference: URL:http://www.iss.net/security_center/static/8961.php

---

Name: CVE-2002-0605

Description:

Buffer overflow in Flash OCX for Macromedia Flash 6 revision 23 (6,0,23,0) allows remote attackers to execute arbitrary code via a long movie parameter.

Status:Entry
Reference: BID:4664
Reference: URL:http://www.securityfocus.com/bid/4664
Reference: BUGTRAQ:20020503 Macromedia Flash Activex Buffer overflow
Reference: URL:http://marc.info/?l=bugtraq&m=102039374017185&w=2
Reference: CONFIRM:http://www.macromedia.com/support/flash/ts/documents/buf_ovflow_623.htm
Reference: NTBUGTRAQ:20020503 Macromedia Flash Activex Buffer overflow
Reference: OSVDB:5177
Reference: URL:http://www.osvdb.org/5177
Reference: VULN-DEV:20020503 Macromedia Flash Activex Buffer overflow
Reference: URL:http://marc.info/?l=vuln-dev&m=102038919414726&w=2
Reference: VULNWATCH:20020502 [VulnWatch] Macromedia Flash Activex Buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0051.html
Reference: XF:flash-activex-movie-bo(8993)
Reference: URL:http://www.iss.net/security_center/static/8993.php

---

Name: CVE-2002-0613

Description:

dnstools.php for DNSTools 2.0 beta 4 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user_logged_in or user_dnstools_administrator parameters.

Status:Entry
Reference: BID:4617
Reference: URL:http://www.securityfocus.com/bid/4617
Reference: BUGTRAQ:20020428 dnstools: authentication bypass vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0390.html
Reference: CONFIRM:http://www.dnstools.com/dnstools_2.0.1.tar.gz
Reference: XF:dnstools-auth-bypass(8948)
Reference: URL:http://www.iss.net/security_center/static/8948.php

---

Name: CVE-2002-0615

Description:

The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation".

Status:Entry
Reference: BID:5110
Reference: URL:http://www.securityfocus.com/bid/5110
Reference: MS:MS02-032
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-032
Reference: XF:mediaplayer-playlist-script-execution(9422)
Reference: URL:http://www.iss.net/security_center/static/9422.php

---

Name: CVE-2002-0616

Description:

The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability."

Status:Entry
Reference: BID:5063
Reference: URL:http://www.securityfocus.com/bid/5063
Reference: MS:MS02-031
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-031
Reference: XF:excel-inline-macro-execution(9397)
Reference: URL:http://www.iss.net/security_center/static/9397.php

---

Name: CVE-2002-0617

Description:

The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass."

Status:Entry
Reference: BID:5064
Reference: URL:http://www.securityfocus.com/bid/5064
Reference: MS:MS02-031
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-031
Reference: OSVDB:5175
Reference: URL:http://www.osvdb.org/5175
Reference: XF:excel-hyperlink-macro-execution(9398)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/9398

---

Name: CVE-2002-0618

Description:

The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution".

Status:Entry
Reference: BID:4821
Reference: URL:http://www.securityfocus.com/bid/4821
Reference: MISC:http://www.guninski.com/ex$el2.html
Reference: MS:MS02-031
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-031
Reference: NTBUGTRAQ:20020524 Excel XP xml stylesheet problems
Reference: URL:http://marc.info/?l=ntbugtraq&m=102256054320377&w=2
Reference: XF:excel-xsl-script-execution(9399)
Reference: URL:http://www.iss.net/security_center/static/9399.php

---

Name: CVE-2002-0619

Description:

The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788).

Status:Entry
Reference: BID:5066
Reference: URL:http://www.securityfocus.com/bid/5066
Reference: BUGTRAQ:20020514 dH team & SECURITY.NNOV: A variant of "Word Mail Merge" vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=102139136019862&w=2
Reference: MS:MS02-031
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-031
Reference: XF:word-mail-merge-variant(9077)
Reference: URL:http://www.iss.net/security_center/static/9077.php

---

Name: CVE-2002-0621

Description:

Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer.

Status:Entry
Reference: BID:5108
Reference: URL:http://www.securityfocus.com/bid/5108
Reference: BUGTRAQ:20020703 Remotely Exploitable Buffer Overruns in Microsoft's Commerce Server 2000/2 (#NISRNISR03062002)
Reference: MS:MS02-033
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-033
Reference: OSVDB:5172
Reference: URL:http://www.osvdb.org/5172
Reference: XF:mscs-owc-installer-bo(9424)
Reference: URL:http://www.iss.net/security_center/static/9424.php

---

Name: CVE-2002-0622

Description:

The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution".

Status:Entry
Reference: BID:5111
Reference: URL:http://www.securityfocus.com/bid/5111
Reference: BUGTRAQ:20020703 Remotely Exploitable Buffer Overruns in Microsoft's Commerce Server 2000/2 (#NISRNISR03062002)
Reference: MS:MS02-033
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-033
Reference: OSVDB:5170
Reference: URL:http://www.osvdb.org/5170
Reference: XF:mscs-owc-installer-permissions(9425)
Reference: URL:http://www.iss.net/security_center/static/9425.php

---

Name: CVE-2002-0623

Description:

Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun".

Status:Entry
Reference: BID:5112
Reference: URL:http://www.securityfocus.com/bid/5112
Reference: MS:MS02-033
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-033
Reference: OSVDB:5163
Reference: URL:http://www.osvdb.org/5163
Reference: XF:mscs-authfilter-isapi-bo-variant(9426)
Reference: URL:http://www.iss.net/security_center/static/9426.php

---

Name: CVE-2002-0627

Description:

The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests.

Status:Entry
Reference: BID:5632
Reference: URL:http://www.securityfocus.com/bid/5632
Reference: CIAC:M-123
Reference: URL:http://www.ciac.org/ciac/bulletins/m-123.shtml
Reference: CONFIRM:http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf
Reference: ISS:20020904 Multiple Remote Vulnerabilities in Polycom Videoconferencing Products
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089
Reference: XF:viewstation-unicode-retrieve-password(9348)
Reference: URL:http://www.iss.net/security_center/static/9348.php

---

Name: CVE-2002-0630

Description:

The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via long or malformed ICMP packets.

Status:Entry
Reference: BID:5637
Reference: URL:http://www.securityfocus.com/bid/5637
Reference: CIAC:M-123
Reference: URL:http://www.ciac.org/ciac/bulletins/m-123.shtml
Reference: CONFIRM:http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf
Reference: ISS:20020904 Multiple Remote Vulnerabilities in Polycom Videoconferencing Products
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21089
Reference: XF:viewstation-icmp-dos(9350)
Reference: URL:http://www.iss.net/security_center/static/9350.php

---

Name: CVE-2002-0631

Description:

Unknown vulnerability in nveventd in NetVisualyzer on SGI IRIX 6.5 through 6.5.16 allows local users to write arbitrary files and gain root privileges.

Status:Entry
Reference: BID:5092
Reference: URL:http://www.securityfocus.com/bid/5092
Reference: SGI:20020607-02-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020607-02-I
Reference: XF:irix-nveventd-file-write(9418)
Reference: URL:http://www.iss.net/security_center/static/9418.php

---

Name: CVE-2002-0638

Description:

setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.

Status:Entry
Reference: BID:5344
Reference: URL:http://www.securityfocus.com/bid/5344
Reference: BUGTRAQ:20020729 RAZOR advisory: Linux util-linux chfn local root vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=102795787713996&w=2
Reference: BUGTRAQ:20020730 TSLSA-2002-0064 - util-linux
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0396.html
Reference: CALDERA:CSSA-2002-043.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-043.0.txt
Reference: CERT-VN:VU#405955
Reference: URL:http://www.kb.cert.org/vuls/id/405955
Reference: CONECTIVA:CLA-2002:523
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000523
Reference: HP:HPSBTL0207-054
Reference: URL:http://online.securityfocus.com/advisories/4320
Reference: MANDRAKE:MDKSA-2002:047
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-047.php
Reference: OSVDB:5164
Reference: URL:http://www.osvdb.org/5164
Reference: REDHAT:RHSA-2002:132
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-132.html
Reference: REDHAT:RHSA-2002:137
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-137.html
Reference: VULNWATCH:20020729 [VulnWatch] RAZOR advisory: Linux util-linux chfn local root vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0357.html
Reference: XF:utillinux-chfn-race-condition(9709)
Reference: URL:http://www.iss.net/security_center/static/9709.php

---

Name: CVE-2002-0639

Description:

Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.

Status:Entry
Reference: BID:5093
Reference: URL:http://www.securityfocus.com/bid/5093
Reference: BUGTRAQ:20020626 OpenSSH Security Advisory (adv.iss)
Reference: URL:http://marc.info/?l=bugtraq&m=102514371522793&w=2
Reference: BUGTRAQ:20020626 Revised OpenSSH Security Advisory (adv.iss)
Reference: URL:http://marc.info/?l=bugtraq&m=102514631524575&w=2
Reference: BUGTRAQ:20020626 [OpenPKG-SA-2002.005] OpenPKG Security Advisory (openssh)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0335.html
Reference: BUGTRAQ:20020627 How to reproduce OpenSSH Overflow.
Reference: URL:http://marc.info/?l=bugtraq&m=102521542826833&w=2
Reference: CALDERA:CSSA-2002-030.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-030.0.txt
Reference: CERT:CA-2002-18
Reference: URL:http://www.cert.org/advisories/CA-2002-18.html
Reference: CERT-VN:VU#369347
Reference: URL:http://www.kb.cert.org/vuls/id/369347
Reference: CONECTIVA:CLA-2002:502
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000502
Reference: DEBIAN:DSA-134
Reference: URL:http://www.debian.org/security/2002/dsa-134
Reference: ENGARDE:ESA-20020702-016
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2177.html
Reference: HP:HPSBUX0206-195
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0206-195
Reference: ISS:20020626 OpenSSH Remote Challenge Vulnerability
Reference: URL:https://web.archive.org/web/20080622172542/www.iss.net/threats/advise123.html
Reference: MANDRAKE:MDKSA-2002:040
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:040
Reference: MISC:https://twitter.com/RooneyMcNibNug/status/1152332585349111810
Reference: NETBSD:2002-005
Reference: OSVDB:6245
Reference: URL:http://www.osvdb.org/6245
Reference: XF:openssh-challenge-response-bo(9169)
Reference: URL:http://www.iss.net/security_center/static/9169.php

---

Name: CVE-2002-0640

Description:

Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication (PAMAuthenticationViaKbdInt).

Status:Entry
Reference: BID:5093
Reference: URL:http://www.securityfocus.com/bid/5093
Reference: BUGTRAQ:20020626 OpenSSH Security Advisory (adv.iss)
Reference: URL:http://marc.info/?l=bugtraq&m=102514371522793&w=2
Reference: BUGTRAQ:20020626 Revised OpenSSH Security Advisory (adv.iss)
Reference: URL:http://marc.info/?l=bugtraq&m=102514631524575&w=2
Reference: BUGTRAQ:20020627 How to reproduce OpenSSH Overflow.
Reference: URL:http://marc.info/?l=bugtraq&m=102521542826833&w=2
Reference: BUGTRAQ:20020628 Sun statement on the OpenSSH Remote Challenge Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=102532054613894&w=2
Reference: CALDERA:CSSA-2002-030.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-030.0.txt
Reference: CERT:CA-2002-18
Reference: URL:http://www.cert.org/advisories/CA-2002-18.html
Reference: CERT-VN:VU#369347
Reference: URL:http://www.kb.cert.org/vuls/id/369347
Reference: CONECTIVA:CLA-2002:502
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000502
Reference: DEBIAN:DSA-134
Reference: URL:http://www.debian.org/security/2002/dsa-134
Reference: ENGARDE:ESA-20020702-016
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2177.html
Reference: HP:HPSBUX0206-195
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0206-195
Reference: MANDRAKE:MDKSA-2002:040
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:040
Reference: OSVDB:839
Reference: URL:http://www.osvdb.org/839
Reference: REDHAT:RHSA-2002:127
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-127.html
Reference: REDHAT:RHSA-2002:131
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-131.html
Reference: SUSE:SuSE-SA:2002:024
Reference: URL:http://www.novell.com/linux/security/advisories/2002_024_openssh_txt.html

---

Name: CVE-2002-0642

Description:

The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."

Status:Entry
Reference: BID:5205
Reference: URL:http://www.securityfocus.com/bid/5205
Reference: CERT:CA-2002-22
Reference: URL:http://www.cert.org/advisories/CA-2002-22.html
Reference: CERT-VN:VU#796313
Reference: URL:http://www.kb.cert.org/vuls/id/796313
Reference: MS:MS02-034
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-034
Reference: OVAL:oval:org.mitre.oval:def:1025
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1025
Reference: XF:mssql-registry-insecure-permissions(9523)
Reference: URL:http://www.iss.net/security_center/static/9523.php

---

Name: CVE-2002-0647

Description:

Buffer overflow in a legacy ActiveX control used to display specially formatted text in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code, aka "Buffer Overrun in Legacy Text Formatting ActiveX Control".

Status:Entry
Reference: BID:5558
Reference: URL:http://www.securityfocus.com/bid/5558
Reference: MS:MS02-047
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-047
Reference: XF:ms-legacytext-activex-bo(9935)
Reference: URL:http://www.iss.net/security_center/static/9935.php

---

Name: CVE-2002-0648

Description:

The legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.

Status:Entry
Reference: BID:5560
Reference: URL:http://www.securityfocus.com/bid/5560
Reference: BUGTRAQ:20020823 Accessing remote/local content in IE (GM#009-IE)
Reference: URL:http://marc.info/?l=bugtraq&m=103011639524314&w=2
Reference: MS:MS02-047
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-047
Reference: OVAL:oval:org.mitre.oval:def:1026
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1026
Reference: OVAL:oval:org.mitre.oval:def:1148
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1148
Reference: OVAL:oval:org.mitre.oval:def:1207
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1207
Reference: OVAL:oval:org.mitre.oval:def:608
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A608
Reference: OVAL:oval:org.mitre.oval:def:776
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A776
Reference: XF:ie-xml-redirect-read-files(9936)
Reference: URL:http://www.iss.net/security_center/static/9936.php

---

Name: CVE-2002-0650

Description:

The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop.

Status:Entry
Reference: BID:5312
Reference: URL:http://www.securityfocus.com/bid/5312
Reference: BUGTRAQ:20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)
Reference: URL:http://marc.info/?l=bugtraq&m=102760196931518&w=2
Reference: MS:MS02-039
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-039
Reference: NTBUGTRAQ:20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)
Reference: URL:http://marc.info/?l=ntbugtraq&m=102760479902411&w=2
Reference: OSVDB:878
Reference: URL:http://www.osvdb.org/878
Reference: XF:mssql-resolution-keepalive-dos(9662)
Reference: URL:http://www.iss.net/security_center/static/9662.php

---

Name: CVE-2002-0651

Description:

Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.

Status:Entry
Reference: AIXAPAR:IY32719
Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q3/0001.html
Reference: AIXAPAR:IY32746
Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q3/0001.html
Reference: BID:5100
Reference: URL:http://www.securityfocus.com/bid/5100
Reference: BUGTRAQ:20020626 Remote buffer overflow in resolver code of libc
Reference: URL:http://marc.info/?l=bugtraq&m=102513011311504&w=2
Reference: BUGTRAQ:20020704 [OpenPKG-SA-2002.006] OpenPKG Security Advisory (bind)
Reference: URL:http://marc.info/?l=bugtraq&m=102579743329251&w=2
Reference: CALDERA:CSSA-2002-SCO.37
Reference: URL:ftp://ftp.caldera.com/pub/updates/UnixWare/CSSA-2002-SCO.37
Reference: CALDERA:CSSA-2002-SCO.39
Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.39
Reference: CERT:CA-2002-19
Reference: URL:http://www.cert.org/advisories/CA-2002-19.html
Reference: CERT-VN:VU#803539
Reference: URL:http://www.kb.cert.org/vuls/id/803539
Reference: CONECTIVA:CLSA-2002:507
Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000507
Reference: ENGARDE:ESA-20020724-018
Reference: URL:http://archives.neohapsis.com/archives/linux/engarde/2002-q3/0002.html
Reference: FREEBSD:FreeBSD-SA-02:28
Reference: URL:http://marc.info/?l=bugtraq&m=102520962320134&w=2
Reference: MANDRAKE:MDKSA-2002:038
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:038
Reference: MANDRAKE:MDKSA-2002:043
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-043.php
Reference: MISC:http://www.pine.nl/advisories/pine-cert-20020601.txt
Reference: NETBSD:NetBSD-SA2002-006
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/security/advisories/NetBSD-SA2002-006.txt.asc
Reference: NTBUGTRAQ:20020703 Buffer overflow and DoS i BIND
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0000.html
Reference: OVAL:oval:org.mitre.oval:def:4190
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4190
Reference: REDHAT:RHSA-2002:119
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-119.html
Reference: REDHAT:RHSA-2002:133
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-133.html
Reference: REDHAT:RHSA-2002:139
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-139.html
Reference: REDHAT:RHSA-2002:167
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-167.html
Reference: REDHAT:RHSA-2003:154
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-154.html
Reference: SGI:20020701-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020701-01-I/
Reference: XF:dns-resolver-lib-bo(9432)
Reference: URL:http://www.iss.net/security_center/static/9432.php

---

Name: CVE-2002-0653

Description:

Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.

Status:Entry
Reference: BID:5084
Reference: URL:http://www.securityfocus.com/bid/5084
Reference: BUGTRAQ:20020624 Apache mod_ssl off-by-one vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=102513970919836&w=2
Reference: BUGTRAQ:20020628 TSL-2002-0058 - apache/mod_ssl
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0350.html
Reference: CALDERA:CSSA-2002-031.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-031.0.txt
Reference: CONECTIVA:CLA-2002:504
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000504
Reference: DEBIAN:DSA-135
Reference: URL:http://www.debian.org/security/2002/dsa-135
Reference: ENGARDE:ESA-20020702-017
Reference: URL:http://marc.info/?l=bugtraq&m=102563469326072&w=2
Reference: HP:HPSBTL0207-052
Reference: URL:http://archives.neohapsis.com/archives/hp/2002-q3/0018.html
Reference: MANDRAKE:MDKSA-2002:048
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-048.php
Reference: REDHAT:RHSA-2002:134
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-134.html
Reference: REDHAT:RHSA-2002:135
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-135.html
Reference: REDHAT:RHSA-2002:136
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-136.html
Reference: REDHAT:RHSA-2002:146
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-146.html
Reference: REDHAT:RHSA-2002:164
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-164.html
Reference: REDHAT:RHSA-2003:106
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-106.html
Reference: SUSE:SuSE-SA:2002:028
Reference: URL:http://www.novell.com/linux/security/advisories/2002_028_mod_ssl.html
Reference: VULN-DEV:20020622 Another flaw in Apache?
Reference: URL:http://marc.info/?l=vuln-dev&m=102477330617604&w=2
Reference: XF:apache-modssl-htaccess-bo(9415)
Reference: URL:http://www.iss.net/security_center/static/9415.php

---

Name: CVE-2002-0658

Description:

OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.

Status:Entry
Reference: BID:5352
Reference: URL:http://www.securityfocus.com/bid/5352
Reference: BUGTRAQ:20020730 [OpenPKG-SA-2002.007] OpenPKG Security Advisory (mm)
Reference: CALDERA:CSSA-2002-032.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-032.0.txt
Reference: DEBIAN:DSA-137
Reference: URL:http://www.debian.org/security/2002/dsa-137
Reference: FREEBSD:FreeBSD-SN-02:05
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc
Reference: HP:HPSBTL0208-056
Reference: URL:http://online.securityfocus.com/advisories/4392
Reference: MANDRAKE:MDKSA-2002:045
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-045.php
Reference: REDHAT:RHSA-2002:153
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-153.html
Reference: REDHAT:RHSA-2002:154
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-154.html
Reference: REDHAT:RHSA-2002:156
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-156.html
Reference: REDHAT:RHSA-2002:163
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-163.html
Reference: REDHAT:RHSA-2002:164
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-164.html
Reference: REDHAT:RHSA-2003:158
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-158.html
Reference: SUSE:SuSE-SA:2002:028
Reference: URL:http://www.novell.com/linux/security/advisories/2002_028_mod_ssl.html
Reference: XF:mm-tmpfile-symlink(9719)
Reference: URL:http://www.iss.net/security_center/static/9719.php

---

Name: CVE-2002-0662

Description:

scrollkeeper-get-cl in ScrollKeeper 0.3 to 0.3.11 allows local users to create and overwrite files via a symlink attack on the scrollkeeper-tempfile.x temporary files.

Status:Entry
Reference: BID:5602
Reference: URL:http://www.securityfocus.com/bid/5602
Reference: BUGTRAQ:20020902 The ScrollKeeper Root Trap
Reference: URL:http://marc.info/?l=bugtraq&m=103098575826031&w=2
Reference: BUGTRAQ:20020904 GLSA: scrollkeeper
Reference: URL:http://marc.info/?l=bugtraq&m=103115387102294&w=2
Reference: DEBIAN:DSA-160
Reference: URL:http://www.debian.org/security/2002/dsa-160
Reference: REDHAT:RHSA-2002:186
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-186.html
Reference: XF:scrollkeeper-tmp-file-symlink(10002)
Reference: URL:http://www.iss.net/security_center/static/10002.php

---

Name: CVE-2002-0663

Description:

Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet Firewall 3.0.4.91 and Norton Internet Security 2001 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large outgoing HTTP request.

Status:Entry
Reference: ATSTAKE:A071502-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a071502-1.txt
Reference: BID:5237
Reference: URL:http://www.securityfocus.com/bid/5237
Reference: CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.07.15.html
Reference: OSVDB:4366
Reference: URL:http://www.osvdb.org/4366
Reference: VULNWATCH:20020715 Re: [VulnWatch] Advisory Name: Norton Personal Internet Firewall HTTP Proxy Vulnerability
Reference: XF:norton-fw-http-bo(9579)
Reference: URL:http://www.iss.net/security_center/static/9579.php

---

Name: CVE-2002-0665

Description:

Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in the URL.

Status:Entry
Reference: BID:5118
Reference: URL:http://www.securityfocus.com/bid/5118
Reference: BUGTRAQ:20020628 wp-02-0009: Macromedia JRun Admin Server Authentication Bypass
Reference: URL:http://marc.info/?l=bugtraq&m=102529402127195&w=2
Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=23164
Reference: VULNWATCH:20020628 [VulnWatch] wp-02-0009: Macromedia JRun Admin Server Authentication Bypass
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0133.html
Reference: XF:jrun-forwardslash-auth-bypass(9450)
Reference: URL:http://www.iss.net/security_center/static/9450.php

---

Name: CVE-2002-0668

Description:

The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls.

Status:Entry
Reference: ATSTAKE:A071202-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a071202-1.txt
Reference: CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
Reference: OSVDB:5144
Reference: URL:http://www.osvdb.org/5144
Reference: XF:pingtel-xpressa-call-hijacking(9563)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/9563

---

Name: CVE-2002-0671

Description:

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attackers to install Trojan horse applications via DNS spoofing.

Status:Entry
Reference: ATSTAKE:A071202-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a071202-1.txt
Reference: BID:5224
Reference: URL:http://www.securityfocus.com/bid/5224
Reference: CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
Reference: XF:pingtel-xpressa-dns-spoofing(9566)
Reference: URL:http://www.iss.net/security_center/static/9566.php

---

Name: CVE-2002-0672

Description:

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to restore the phone to factory defaults without authentication via a menu option, which sets the administrator password to null.

Status:Entry
Reference: ATSTAKE:A071202-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a071202-1.txt
Reference: CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
Reference: XF:pingtel-xpressa-factory-defaults(9567)
Reference: URL:http://www.iss.net/security_center/static/9567.php

---

Name: CVE-2002-0673

Description:

The enrollment process for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to the phone to log out the current user and re-register the phone using MyPingtel Sign-In to gain remote access and perform unauthorized actions.

Status:Entry
Reference: ATSTAKE:A071202-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a071202-1.txt
Reference: CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
Reference: XF:pingtel-xpressa-phone-reregister(9568)
Reference: URL:http://www.iss.net/security_center/static/9568.php

---

Name: CVE-2002-0674

Description:

Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not "time out" an inactive administrator session, which could allow other users to perform administrator actions if the administrator does not explicitly end the authentication.

Status:Entry
Reference: ATSTAKE:A071202-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a071202-1.txt
Reference: BID:5221
Reference: URL:http://www.securityfocus.com/bid/5221
Reference: CONFIRM:http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp
Reference: XF:pingtel-xpressa-admin-timeout(9569)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/9569

---

Name: CVE-2002-0676

Description:

SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates.

Status:Entry
Reference: BID:5176
Reference: URL:http://www.securityfocus.com/bid/5176
Reference: BUGTRAQ:20020706 MacOS X SoftwareUpdate Vulnerability
Reference: MISC:http://www.cunap.com/~hardingr/projects/osx/exploit.html
Reference: OSVDB:5137
Reference: URL:http://www.osvdb.org/5137
Reference: XF:macos-softwareupdate-no-auth(9502)
Reference: URL:http://www.iss.net/security_center/static/9502.php

---

Name: CVE-2002-0678

Description:

CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.

Status:Entry
Reference: AIXAPAR:IY32368
Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q3/0002.html
Reference: AIXAPAR:IY32370
Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q3/0002.html
Reference: BID:5083
Reference: URL:http://www.securityfocus.com/bid/5083
Reference: BUGTRAQ:20020710 [CORE-20020528] Multiple vulnerabilities in ToolTalk Database server
Reference: URL:http://marc.info/?l=bugtraq&m=102635906423617&w=2
Reference: CALDERA:CSSA-2002-SCO.28
Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.28/CSSA-2002-SCO.28.txt
Reference: CERT:CA-2002-20
Reference: URL:http://www.cert.org/advisories/CA-2002-20.html
Reference: CERT-VN:VU#299816
Reference: URL:http://www.kb.cert.org/vuls/id/299816
Reference: HP:HPSBUX0207-199
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0207-199
Reference: OVAL:oval:org.mitre.oval:def:175
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A175
Reference: OVAL:oval:org.mitre.oval:def:2770
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2770
Reference: OVAL:oval:org.mitre.oval:def:80
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A80
Reference: SGI:20021101-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021101-01-P
Reference: XF:tooltalk-ttdbserverd-tttransaction-symlink(9527)
Reference: URL:http://www.iss.net/security_center/static/9527.php

---

Name: CVE-2002-0679

Description:

Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure.

Status:Entry
Reference: AIXAPAR:IY32792
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY32792&apar=only
Reference: AIXAPAR:IY32793
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY32793&apar=only
Reference: BID:5444
Reference: URL:http://www.securityfocus.com/bid/5444
Reference: BUGTRAQ:20020812 ENTERCEPT RICOCHET ADVISORY: Multi-Vendor CDE ToolTalk Database
Reference: URL:http://marc.info/?l=bugtraq&m=102917002523536&w=2
Reference: CALDERA:CSSA-2002-SCO.28.1
Reference: CERT:CA-2002-26
Reference: URL:http://www.cert.org/advisories/CA-2002-26.html
Reference: CERT-VN:VU#387387
Reference: URL:http://www.kb.cert.org/vuls/id/387387
Reference: COMPAQ:SSRT2274
Reference: CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F46366&zone_32=category%3Asecurity
Reference: HP:HPSBUX0207-199
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0207-199
Reference: OVAL:oval:org.mitre.oval:def:177
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A177
Reference: OVAL:oval:org.mitre.oval:def:192
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A192
Reference: XF:tooltalk-ttdbserverd-ttcreatefile-bo(9822)
Reference: URL:http://www.iss.net/security_center/static/9822.php

---

Name: CVE-2002-0682

Description:

Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.

Status:Entry
Reference: BID:5193
Reference: URL:http://www.securityfocus.com/bid/5193
Reference: BUGTRAQ:20020710 wp-02-0008: Apache Tomcat Cross Site Scripting
Reference: URL:http://marc.info/?l=bugtraq&m=102631703811297&w=2
Reference: MLIST:[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
Reference: URL:https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
Reference: MLIST:[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
Reference: URL:https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
Reference: MLIST:[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/
Reference: URL:https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
Reference: OSVDB:4973
Reference: URL:http://www.osvdb.org/4973
Reference: VULNWATCH:20020710 [VulnWatch] wp-02-0008: Apache Tomcat Cross Site Scripting
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0014.html
Reference: XF:tomcat-servlet-xss(9520)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/9520

---

Name: CVE-2002-0685

Description:

Heap-based buffer overflow in the message decoding functionality for PGP Outlook Encryption Plug-In, as used in NAI PGP Desktop Security 7.0.4, Personal Security 7.0.3, and Freeware 7.0.3, allows remote attackers to modify the heap and gain privileges via a large, malformed mail message.

Status:Entry
Reference: BID:5202
Reference: URL:http://www.securityfocus.com/bid/5202
Reference: BUGTRAQ:20020710 EEYE: Remote PGP Outlook Encryption Plug-in Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=102634756815773&w=2
Reference: CERT-VN:VU#821139
Reference: URL:http://www.kb.cert.org/vuls/id/821139
Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.04/hotfix/ReadMe.txt
Reference: NTBUGTRAQ:20020710 EEYE: Remote PGP Outlook Encryption Plug-in Vulnerability
Reference: URL:http://marc.info/?l=ntbugtraq&m=102639521518942&w=2
Reference: OSVDB:4364
Reference: URL:http://www.osvdb.org/4364
Reference: XF:pgp-outlook-heap-overflow(9525)
Reference: URL:http://www.iss.net/security_center/static/9525.php

---

Name: CVE-2002-0687

Description:

The "through the web code" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers.

Status:Entry
Reference: BID:5813
Reference: URL:http://www.securityfocus.com/bid/5813
Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_2002-04-15/security_alert
Reference: OSVDB:5166
Reference: URL:http://www.osvdb.org/5166
Reference: REDHAT:RHSA-2002:060
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-060.html
Reference: XF:zope-inject-headers-dos(9621)
Reference: URL:http://www.iss.net/security_center/static/9621.php

---

Name: CVE-2002-0688

Description:

ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes.

Status:Entry
Reference: BID:5812
Reference: URL:http://www.securityfocus.com/bid/5812
Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_2002-06-14/security_alert
Reference: DEBIAN:DSA-490
Reference: URL:http://www.debian.org/security/2004/dsa-490
Reference: REDHAT:RHSA-2002:060
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-060.html
Reference: XF:zope-zcatalog-index-bypass(9610)
Reference: URL:http://www.iss.net/security_center/static/9610.php

---

Name: CVE-2002-0691

Description:

Microsoft Internet Explorer 5.01 and 5.5 allows remote attackers to execute scripts in the Local Computer zone via a URL that references a local HTML resource file, a variant of "Cross-Site Scripting in Local HTML Resource" as identified by CAN-2002-0189.

Status:Entry
Reference: BID:5561
Reference: URL:http://www.securityfocus.com/bid/5561
Reference: MS:MS02-047
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-047
Reference: XF:ie-local-resource-xss(9938)
Reference: URL:http://www.iss.net/security_center/static/9938.php

---

Name: CVE-2002-0692

Description:

Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request.

Status:Entry
Reference: BID:5804
Reference: URL:http://www.securityfocus.com/bid/5804
Reference: CERT-VN:VU#723537
Reference: URL:http://www.kb.cert.org/vuls/id/723537
Reference: FULLDISC:20020927 Buffer Overrun in SmartHTML Interpreter Could Allow Code Executio n (Q324096)
Reference: MS:MS02-053
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-053
Reference: XF:fpse-smarthtml-interpreter-bo(10195)
Reference: URL:http://www.iss.net/security_center/static/10195.php
Reference: XF:fpse-smarthtml-interpreter-dos(10194)
Reference: URL:http://www.iss.net/security_center/static/10194.php

---

Name: CVE-2002-0694

Description:

The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File."

Status:Entry
Reference: MS:MS02-055
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-055
Reference: OVAL:oval:org.mitre.oval:def:403
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A403
Reference: XF:win-chm-code-execution(10254)
Reference: URL:http://www.iss.net/security_center/static/10254.php

---

Name: CVE-2002-0695

Description:

Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command.

Status:Entry
Reference: BID:5372
Reference: URL:http://www.securityfocus.com/bid/5372
Reference: MISC:http://www.nextgenss.com/advisories/mssql-ors.txt
Reference: MS:MS02-040
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-040
Reference: XF:mssql-mdac-openrowset-bo(9734)
Reference: URL:http://www.iss.net/security_center/static/9734.php

---

Name: CVE-2002-0696

Description:

Microsoft Visual FoxPro 6.0 does not register its associated files with Internet Explorer, which allows remote attackers to execute Visual FoxPro applications without warning via HTML that references specially-crafted filenames.

Status:Entry
Reference: BID:5633
Reference: URL:http://www.securityfocus.com/bid/5633
Reference: CIAC:M-120
Reference: URL:http://www.ciac.org/ciac/bulletins/m-120.shtml
Reference: MS:MS02-049
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-049
Reference: XF:ms-foxpro-app-execution(10035)
Reference: URL:http://www.iss.net/security_center/static/10035.php

---

Name: CVE-2002-0697

Description:

Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials.

Status:Entry
Reference: BID:5308
Reference: URL:http://www.securityfocus.com/bid/5308
Reference: MS:MS02-036
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-036
Reference: XF:mms-data-repository-access(9657)
Reference: URL:http://www.iss.net/security_center/static/9657.php

---

Name: CVE-2002-0698

Description:

Buffer overflow in Internet Mail Connector (IMC) for Microsoft Exchange Server 5.5 allows remote attackers to execute arbitrary code via an EHLO request from a system with a long name as obtained through a reverse DNS lookup, which triggers the overflow in IMC's hello response.

Status:Entry
Reference: BID:5306
Reference: URL:http://www.securityfocus.com/bid/5306
Reference: ISS:20020724 Remote Buffer Overflow Vulnerability in Microsoft Exchange Server
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20759
Reference: MS:MS02-037
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-037
Reference: MSKB:Q326322
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q326322
Reference: XF:exchange-imc-ehlo-bo(9658)
Reference: URL:http://www.iss.net/security_center/static/9658.php

---

Name: CVE-2002-0700

Description:

Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise."

Status:Entry
Reference: BID:5420
Reference: URL:http://www.securityfocus.com/bid/5420
Reference: MS:MS02-041
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-041
Reference: OSVDB:4862
Reference: URL:http://www.osvdb.org/4862
Reference: XF:mcms-authentication-bo(9783)
Reference: URL:http://www.iss.net/security_center/static/9783.php

---

Name: CVE-2002-0701

Description:

ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra privileges.

Status:Entry
Reference: BID:5133
Reference: URL:http://www.securityfocus.com/bid/5133
Reference: FREEBSD:FreeBSD-SA-02:30
Reference: URL:http://marc.info/?l=bugtraq&m=102650797504351&w=2
Reference: OPENBSD:20020627 009: SECURITY FIX: June 27, 2002
Reference: URL:http://www.openbsd.org/errata.html#ktrace
Reference: XF:openbsd-ktrace-gain-privileges(9474)
Reference: URL:http://www.iss.net/security_center/static/9474.php

---

Name: CVE-2002-0703

Description:

An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl could produce incorrect MD5 checksums for UTF-8 data, which could prevent a system from properly verifying the integrity of the data.

Status:Entry
Reference: BID:4716
Reference: URL:http://www.securityfocus.com/bid/4716
Reference: MANDRAKE:MDKSA-2002:035
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-035.php
Reference: REDHAT:RHSA-2002:081
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-081.html
Reference: XF:linux-utf8-incorrect-md5(9051)
Reference: URL:http://www.iss.net/security_center/static/9051.php

---

Name: CVE-2002-0704

Description:

The Network Address Translation (NAT) capability for Netfilter ("iptables") 1.2.6a and earlier leaks translated IP addresses in ICMP error messages.

Status:Entry
Reference: BID:4699
Reference: URL:http://www.securityfocus.com/bid/4699
Reference: BUGTRAQ:20020508 [CARTSA-20020402] Linux Netfilter NAT/ICMP code information leak
Reference: URL:http://marc.info/?l=bugtraq&m=102088521517722&w=2
Reference: HP:HPSBTL0205-039
Reference: URL:http://online.securityfocus.com/advisories/4116
Reference: MANDRAKE:MDKSA-2002:030
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-030.php
Reference: REDHAT:RHSA-2002:086
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-086.html
Reference: XF:linux-netfilter-information-leak(9043)
Reference: URL:http://www.iss.net/security_center/static/9043.php

---

Name: CVE-2002-0710

Description:

Directory traversal vulnerability in sendform.cgi 1.44 and earlier allows remote attackers to read arbitrary files by specifying the desired files in the BlurbFilePath parameter.

Status:Entry
Reference: BID:5286
Reference: URL:http://www.securityfocus.com/bid/5286
Reference: BUGTRAQ:20020730 Directory traversal vulnerability in sendform.cgi
Reference: URL:http://marc.info/?l=bugtraq&m=102809084218422&w=2
Reference: CONFIRM:http://www.scn.org/~bb615/scripts/sendform.html
Reference: OSVDB:3568
Reference: URL:http://www.osvdb.org/3568
Reference: VULNWATCH:20020731 [VulnWatch] Directory traversal vulnerability in sendform.cgi
Reference: XF:sendform-blurbfile-directory-traversal(9725)
Reference: URL:http://www.iss.net/security_center/static/9725.php

---

Name: CVE-2002-0714

Description:

FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses.

Status:Entry
Reference: BID:5158
Reference: URL:http://www.securityfocus.com/bid/5158
Reference: BUGTRAQ:20020715 TSLSA-2002-0062 - squid
Reference: URL:http://marc.info/?l=bugtraq&m=102674543407606&w=2
Reference: CALDERA:CSSA-2002-046.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-046.0.txt
Reference: CONECTIVA:CLA-2002:506
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000506
Reference: CONFIRM:http://www.squid-cache.org/Advisories/SQUID-2002_3.txt
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/bugs/
Reference: MANDRAKE:MDKSA-2002:044
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-044.php
Reference: OSVDB:5924
Reference: URL:http://www.osvdb.org/5924
Reference: REDHAT:RHSA-2002:051
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-051.html
Reference: REDHAT:RHSA-2002:130
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-130.html
Reference: SUSE:SuSE-SA:2002:025
Reference: XF:squid-ftp-data-injection(9479)
Reference: URL:http://www.iss.net/security_center/static/9479.php

---

Name: CVE-2002-0716

Description:

Format string vulnerability in crontab for SCO OpenServer 5.0.5 and 5.0.6 allows local users to gain privileges via format string specifiers in the file name argument.

Status:Entry
Reference: BID:4938
Reference: URL:http://www.securityfocus.com/bid/4938
Reference: BUGTRAQ:20020604 SRT Security Advisory (SRT2002-06-04-1711): SCO crontab
Reference: URL:http://marc.info/?l=bugtraq&m=102323070305101&w=2
Reference: CALDERA:CSSA-2002-SCO.35
Reference: VULN-DEV:20020604 SRT Security Advisory (SRT2002-06-04-1711): SCO crontab
Reference: URL:http://marc.info/?l=vuln-dev&m=102323386107641&w=2
Reference: XF:openserver-crontab-format-string(9271)
Reference: URL:http://www.iss.net/security_center/static/9271.php

---

Name: CVE-2002-0718

Description:

Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function."

Status:Entry
Reference: BID:5421
Reference: URL:http://www.securityfocus.com/bid/5421
Reference: MS:MS02-041
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-041
Reference: XF:mcms-authoring-file-execution(9784)
Reference: URL:http://www.iss.net/security_center/static/9784.php

---

Name: CVE-2002-0719

Description:

SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files.

Status:Entry
Reference: BID:5422
Reference: URL:http://www.securityfocus.com/bid/5422
Reference: MS:MS02-041
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-041
Reference: XF:mcms-resource-sql-injection(9785)
Reference: URL:http://www.iss.net/security_center/static/9785.php

---

Name: CVE-2002-0720

Description:

A handler routine for the Network Connection Manager (NCM) in Windows 2000 allows local users to gain privileges via a complex attack that causes the handler to run in the LocalSystem context with user-specified code.

Status:Entry
Reference: BID:5480
Reference: URL:http://www.securityfocus.com/bid/5480
Reference: MS:MS02-042
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-042
Reference: OVAL:oval:org.mitre.oval:def:26
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A26
Reference: XF:win2k-ncm-gain-privileges(9856)
Reference: URL:http://www.iss.net/security_center/static/9856.php

---

Name: CVE-2002-0722

Description:

Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to misrepresent the source of a file in the File Download dialogue box to trick users into thinking that the file type is safe to download, aka "File Origin Spoofing."

Status:Entry
Reference: BID:5559
Reference: URL:http://www.securityfocus.com/bid/5559
Reference: BUGTRAQ:20020828 Origin of downloaded files can be spoofed in MSIE
Reference: URL:http://marc.info/?l=bugtraq&m=103054692223380&w=2
Reference: MS:MS02-047
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-047
Reference: OSVDB:5129
Reference: URL:http://www.osvdb.org/5129
Reference: XF:ie-file-origin-spoofing(9937)
Reference: URL:http://www.iss.net/security_center/static/9937.php

---

Name: CVE-2002-0726

Description:

Buffer overflow in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to execute arbitrary code via a long server name field.

Status:Entry
Reference: ATSTAKE:A082802-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a082802-1.txt
Reference: BID:5554
Reference: URL:http://www.securityfocus.com/bid/5554
Reference: MS:MS02-046
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-046
Reference: XF:ms-tsac-activex-bo(9934)
Reference: URL:http://www.iss.net/security_center/static/9934.php

---

Name: CVE-2002-0727

Description:

The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.

Status:Entry
Reference: BID:4449
Reference: URL:http://www.securityfocus.com/bid/4449
Reference: BUGTRAQ:20020408 Scripting for the scriptless with OWC in IE (GM#005-IE)
Reference: URL:http://marc.info/?l=bugtraq&m=101829645415486&w=2
Reference: MS:MS02-044
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-044
Reference: OSVDB:3006
Reference: URL:http://www.osvdb.org/3006
Reference: XF:owc-spreadsheet-host-script-execution (8777)
Reference: URL:http://www.iss.net/security_center/static/8777.php

---

Name: CVE-2002-0729

Description:

Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator.

Status:Entry
Reference: BUGTRAQ:20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)
Reference: URL:http://marc.info/?l=bugtraq&m=102760196931518&w=2
Reference: NTBUGTRAQ:20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)
Reference: URL:http://marc.info/?l=ntbugtraq&m=102760479902411&w=2

---

Name: CVE-2002-0733

Description:

Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message.

Status:Entry
Reference: BID:4601
Reference: URL:http://www.securityfocus.com/bid/4601
Reference: CONFIRM:http://www.acme.com/software/thttpd/#releasenotes
Reference: MISC:http://www.ifrance.com/kitetoua/tuto/5holes1.txt
Reference: OSVDB:5125
Reference: URL:http://www.osvdb.org/5125
Reference: VULNWATCH:20020417 Smalls holes on 5 products #1
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2002-q2/0155.html
Reference: XF:thttpd-error-page-css(9029)
Reference: URL:http://www.iss.net/security_center/static/9029.php

---

Name: CVE-2002-0734

Description:

b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly load the b2config.php file in some configurations, which allows remote attackers to execute arbitrary PHP code via a URL that sets the $b2inc variable to point to a malicious program stored on a remote server.

Status:Entry
Reference: BID:4673
Reference: URL:http://www.securityfocus.com/bid/4673
Reference: BUGTRAQ:20020506 b2 php remote command execution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0027.html
Reference: CONFIRM:http://cafelog.com/
Reference: XF:b2-b2inc-command-execution(9013)
Reference: URL:http://www.iss.net/security_center/static/9013.php

---

Name: CVE-2002-0736

Description:

Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank.

Status:Entry
Reference: BID:4528
Reference: URL:http://www.securityfocus.com/bid/4528
Reference: BUGTRAQ:20020416 Back Office Web Administrator Authentication Bypass (#NISR17042002A)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0208.html
Reference: MSKB:Q316838
Reference: URL:http://support.microsoft.com/support/kb/articles/q316/8/38.asp
Reference: XF:backoffice-bypass-authentication(8862)
Reference: URL:http://www.iss.net/security_center/static/8862.php

---

Name: CVE-2002-0737

Description:

Sambar web server before 5.2 beta 1 allows remote attackers to obtain source code of server-side scripts, or cause a denial of service (resource exhaustion) via DOS devices, using a URL that ends with a space and a null character.

Status:Entry
Reference: BID:4533
Reference: URL:http://www.securityfocus.com/bid/4533
Reference: BUGTRAQ:20020417 KPMG-2002012: Sambar Webserver Serverside Fileparse Bypass
Reference: URL:http://online.securityfocus.com/archive/1/268121
Reference: CONFIRM:http://www.sambar.com/security.htm
Reference: OSVDB:5123
Reference: URL:http://www.osvdb.org/5123
Reference: VULNWATCH:20020417 [VulnWatch] KPMG-2002012: Sambar Webserver Serverside Fileparse Bypass
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0026.html
Reference: XF:sambar-script-source-disclosure(8876)
Reference: URL:http://www.iss.net/security_center/static/8876.php

---

Name: CVE-2002-0738

Description:

MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by (1) splitting the SCRIPT tag into smaller pieces, (2) including the script in a SRC argument to an IMG tag, or (3) using "&={script}" syntax.

Status:Entry
Reference: BID:4546
Reference: URL:http://www.securityfocus.com/bid/4546
Reference: BUGTRAQ:20020418 MHonArc v2.5.2 Script Filtering Bypass Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0260.html
Reference: CONFIRM:http://www.mhonarc.org/MHonArc/CHANGES
Reference: DEBIAN:DSA-163
Reference: URL:http://www.debian.org/security/2002/dsa-163
Reference: XF:mhonarc-script-filtering-bypass(8894)
Reference: URL:http://www.iss.net/security_center/static/8894.php

---

Name: CVE-2002-0741

Description:

psyBNC 2.3 allows remote attackers to cause a denial of service (CPU consumption and resource exhaustion) by sending a PASS command with a long password argument and quickly killing the connection, which is not properly terminated by psyBNC.

Status:Entry
Reference: BID:4570
Reference: URL:http://www.securityfocus.com/bid/4570
Reference: BUGTRAQ:20020422 Re: psyBNC 2.3 DoS / Bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0322.html
Reference: BUGTRAQ:20020422 psyBNC 2.3 DoS / bug
Reference: BUGTRAQ:20020423 PsyBNC Remote Dos POC
Reference: URL:http://online.securityfocus.com/archive/1/269131
Reference: XF:psybnc-long-password-dos(8912)
Reference: URL:http://www.iss.net/security_center/static/8912.php

---

Name: CVE-2002-0748

Description:

LabVIEW Web Server 5.1.1 through 6.1 allows remote attackers to cause a denial of service (crash) via an HTTP GET request that ends in two newline characters, instead of the expected carriage return/newline combinations.

Status:Entry
Reference: BID:4577
Reference: URL:http://www.securityfocus.com/bid/4577
Reference: BUGTRAQ:20020423 LabVIEW Web Server DoS Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-04/0323.html
Reference: CONFIRM:http://digital.ni.com/public.nsf/websearch/4C3F86E655E5389886256BA00064B22F?OpenDocument
Reference: OSVDB:5119
Reference: URL:http://www.osvdb.org/5119
Reference: XF:labview-http-get-dos(8919)
Reference: URL:http://www.iss.net/security_center/static/8919.php

---

Name: CVE-2002-0754

Description:

Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them.

Status:Entry
Reference: BID:3919
Reference: URL:http://www.securityfocus.com/bid/3919
Reference: FREEBSD:FreeBSD-SA-02:07
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:07.k5su.asc
Reference: XF:kerberos5-k5su-elevate-privileges(7956)
Reference: URL:http://www.iss.net/security_center/static/7956.php

---

Name: CVE-2002-0755

Description:

Kerberos 5 su (k5su) in FreeBSD 4.5 and earlier does not verify that a user is a member of the wheel group before granting superuser privileges, which could allow unauthorized users to execute commands as root.

Status:Entry
Reference: BID:4777
Reference: URL:http://www.securityfocus.com/bid/4777
Reference: FREEBSD:FreeBSD-SA-02:24
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:24.k5su.asc
Reference: OSVDB:4893
Reference: URL:http://www.osvdb.org/4893
Reference: XF:freebsd-k5su-gain-privileges(9125)
Reference: URL:http://www.iss.net/security_center/static/9125.php

---

Name: CVE-2002-0758

Description:

ifup-dhcp script in the sysconfig package for SuSE 8.0 allows remote attackers to execute arbitrary commands via spoofed DHCP responses, which are stored and executed in a file.

Status:Entry
Reference: BID:4695
Reference: URL:http://www.securityfocus.com/bid/4695
Reference: SUSE:SuSE-SA:2002:016
Reference: URL:http://www.novell.com/linux/security/advisories/2002_016_sysconfig_txt.html
Reference: XF:suse-sysconfig-command-execution(9040)
Reference: URL:http://www.iss.net/security_center/static/9040.php

---

Name: CVE-2002-0759

Description:

bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive.

Status:Entry
Reference: BID:4774
Reference: URL:http://www.securityfocus.com/bid/4774
Reference: CALDERA:CSSA-2002-039.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt
Reference: FREEBSD:FreeBSD-SA-02:25
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc
Reference: XF:bzip2-decompression-file-overwrite(9126)
Reference: URL:http://www.iss.net/security_center/static/9126.php

---

Name: CVE-2002-0760

Description:

Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.

Status:Entry
Reference: BID:4775
Reference: URL:http://www.securityfocus.com/bid/4775
Reference: CALDERA:CSSA-2002-039.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt
Reference: FREEBSD:FreeBSD-SA-02:25
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc
Reference: XF:bzip2-decompression-race-condition(9127)
Reference: URL:http://www.iss.net/security_center/static/9127.php

---

Name: CVE-2002-0761

Description:

bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended.

Status:Entry
Reference: BID:4776
Reference: URL:http://www.securityfocus.com/bid/4776
Reference: CALDERA:CSSA-2002-039.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-039.0.txt
Reference: FREEBSD:FreeBSD-SA-02:25
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:25.bzip2.asc
Reference: XF:bzip2-compression-symlink(9128)
Reference: URL:http://www.iss.net/security_center/static/9128.php

---

Name: CVE-2002-0762

Description:

shadow package in SuSE 8.0 allows local users to destroy the /etc/passwd and /etc/shadow files or assign extra group privileges to some users by changing filesize limits before calling programs that modify the files.

Status:Entry
Reference: BID:4757
Reference: URL:http://www.securityfocus.com/bid/4757
Reference: SUSE:SuSE-SA:2002:017
Reference: URL:http://www.novell.com/linux/security/advisories/2002_17_shadow.html
Reference: XF:suse-shadow-filesize-limits(9102)
Reference: URL:http://www.iss.net/security_center/static/9102.php

---

Name: CVE-2002-0765

Description:

sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password.

Status:Entry
Reference: BID:4803
Reference: URL:http://www.securityfocus.com/bid/4803
Reference: BUGTRAQ:20020527 OpenSSH 3.2.3 released (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0235.html
Reference: OPENBSD:20020522 004: SECURITY FIX: May 22, 2002
Reference: URL:http://www.openbsd.org/errata.html#sshbsdauth
Reference: OSVDB:5113
Reference: URL:http://www.osvdb.org/5113
Reference: XF:bsd-sshd-authentication-error(9215)
Reference: URL:http://www.iss.net/security_center/static/9215.php

---

Name: CVE-2002-0766

Description:

OpenBSD 2.9 through 3.1 allows local users to cause a denial of service (resource exhaustion) and gain root privileges by filling the kernel's file descriptor table and closing file descriptors 0, 1, or 2 before executing a privileged process, which is not properly handled when OpenBSD fails to open an alternate descriptor.

Status:Entry
Reference: BID:4708
Reference: URL:http://www.securityfocus.com/bid/4708
Reference: BUGTRAQ:20020509 OpenBSD local DoS and root exploit
Reference: URL:http://online.securityfocus.com/archive/1/271702
Reference: CERT-VN:VU#314963
Reference: URL:http://www.kb.cert.org/vuls/id/314963
Reference: OPENBSD:20020508 003: SECURITY FIX: May 8, 2002
Reference: URL:http://www.openbsd.org/errata.html#fdalloc2
Reference: OSVDB:5114
Reference: URL:http://www.osvdb.org/5114
Reference: OSVDB:5715
Reference: URL:http://www.osvdb.org/5715
Reference: VULNWATCH:20020509 OpenBSD local DoS and root exploit
Reference: XF:openbsd-file-descriptor-dos(9048)
Reference: URL:http://www.iss.net/security_center/static/9048.php

---

Name: CVE-2002-0768

Description:

Buffer overflow in lukemftp FTP client in SuSE 6.4 through 8.0, and possibly other operating systems, allows a malicious FTP server to execute arbitrary code via a long PASV command.

Status:Entry
Reference: SUSE:SuSE-SA:2002:018
Reference: URL:http://www.novell.com/linux/security/advisories/2002_18_lukemftp.html
Reference: XF:lukemftp-pasv-bo(9130)
Reference: URL:http://www.iss.net/security_center/static/9130.php

---

Name: CVE-2002-0776

Description:

getuserdesc.asp in Hosting Controller 2002 allows remote attackers to change the passwords of arbitrary users and gain privileges by modifying the username parameter, as addressed by the "UpdateUser" hot fix.

Status:Entry
Reference: BID:5229
Reference: URL:http://www.securityfocus.com/bid/5229
Reference: BUGTRAQ:20020713 Hosting Controller Vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/282129
Reference: CONFIRM:http://hostingcontroller.com/english/logs/sp2log.html
Reference: XF:hosting-controller-password-modification(9554)
Reference: URL:http://www.iss.net/security_center/static/9554.php

---

Name: CVE-2002-0777

Description:

Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlier allows remote attackers to execute arbitrary code via a long "bind DN" parameter.

Status:Entry
Reference: BID:4780
Reference: URL:http://www.securityfocus.com/bid/4780
Reference: BUGTRAQ:20020520 Foundstone Advisory - Buffer Overflow in Ipswitch Imail 7.1 and prior (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0172.html
Reference: XF:imail-ldap-bo(9116)
Reference: URL:http://www.iss.net/security_center/static/9116.php

---

Name: CVE-2002-0778

Description:

The default configuration of the proxy for Cisco Cache Engine and Content Engine allows remote attackers to use HTTPS to make TCP connections to allowed IP addresses while hiding the actual source IP.

Status:Entry
Reference: BID:4751
Reference: URL:http://www.securityfocus.com/bid/4751
Reference: CISCO:20020528 Transparent Cache Engine and Content Engine TCP Relay Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/transparentcache-tcp-relay-vuln-pub.shtml
Reference: XF:cisco-cache-content-tcp-forward(9082)
Reference: URL:http://www.iss.net/security_center/static/9082.php

---

Name: CVE-2002-0785

Description:

AOL Instant Messenger (AIM) allows remote attackers to cause a denial of service (crash) via an "AddBuddy" link with the ScreenName parameter set to a large number of comma-separated values, possibly triggering a buffer overflow.

Status:Entry
Reference: BID:4709
Reference: URL:http://www.securityfocus.com/bid/4709
Reference: BUGTRAQ:20020508 Hole in AOL Instant Messenger
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0086.html
Reference: CERT-VN:VU#259435
Reference: URL:http://www.kb.cert.org/vuls/id/259435
Reference: OSVDB:5109
Reference: URL:http://www.osvdb.org/5109
Reference: XF:aim-addbuddy-bo(9058)
Reference: URL:http://www.iss.net/security_center/static/9058.php

---

Name: CVE-2002-0788

Description:

An interaction between PGP 7.0.3 with the "wipe deleted files" option, when used on Windows Encrypted File System (EFS), creates a cleartext temporary files that cannot be wiped or deleted due to strong permissions, which could allow certain local users or attackers with physical access to obtain cleartext information.

Status:Entry
Reference: BID:4702
Reference: URL:http://www.securityfocus.com/bid/4702
Reference: BUGTRAQ:20020508 NTFS and PGP interact to expose EFS encrypted data
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0052.html
Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1/hotfix/ReadMe.txt
Reference: OSVDB:4363
Reference: URL:http://www.osvdb.org/4363
Reference: XF:pgp-ntfs-reveal-data(9044)
Reference: URL:http://www.iss.net/security_center/static/9044.php

---

Name: CVE-2002-0789

Description:

Buffer overflow in search.cgi in mnoGoSearch 3.1.19 and earlier allows remote attackers to execute arbitrary code via a long query (q) parameter.

Status:Entry
Reference: BID:4724
Reference: URL:http://www.securityfocus.com/bid/4724
Reference: BUGTRAQ:20020511 Bug in mnogosearch-3.1.19
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0092.html
Reference: CONFIRM:http://www.mnogosearch.org/Download/mnogosearch-3.1.20.tar.gz
Reference: MISC:http://www.mnogosearch.org/history.html#log31
Reference: XF:mnogosearch-search-cgi-bo(9060)
Reference: URL:http://www.iss.net/security_center/static/9060.php

---

Name: CVE-2002-0790

Description:

clchkspuser and clpasswdremote in AIX expose an encrypted password in the cspoc.log file, which could allow local users to gain privileges.

Status:Entry
Reference: AIXAPAR:IY24556
Reference: URL:http://techsupport.services.ibm.com/server/aix.uhuic_getrec?args=DVsteamboat.boulder.ibm.com+DBAIX2+DA6854+STIY24556+USbin

---

Name: CVE-2002-0794

Description:

The accept_filter mechanism in FreeBSD 4 through 4.5 does not properly remove entries from the incomplete listen queue when adding a syncache, which allows remote attackers to cause a denial of service (network service availability) via a large number of connection attempts, which fills the queue.

Status:Entry
Reference: BID:4879
Reference: URL:http://www.securityfocus.com/bid/4879
Reference: FREEBSD:FreeBSD-SA-02:26
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2002-05/0349.html
Reference: OSVDB:5081
Reference: URL:http://www.osvdb.org/5081
Reference: XF:freebsd-accept-filter-dos(9209)
Reference: URL:http://www.iss.net/security_center/static/9209.php

---

Name: CVE-2002-0795

Description:

The rc system startup script for FreeBSD 4 through 4.5 allows local users to delete arbitrary files via a symlink attack on X Windows lock files.

Status:Entry
Reference: BID:4880
Reference: URL:http://www.securityfocus.com/bid/4880
Reference: FREEBSD:FreeBSD-SA-02:27
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-02:27.rc.asc
Reference: OSVDB:5083
Reference: URL:http://www.osvdb.org/5083
Reference: XF:freebsd-rc-delete-directories(9217)
Reference: URL:http://www.iss.net/security_center/static/9217.php

---

Name: CVE-2002-0801

Description:

Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows remote attackers to execute arbitrary code via a direct request to the filter with a long HTTP host header field in a URL for a .jsp file.

Status:Entry
Reference: BID:4873
Reference: URL:http://www.securityfocus.com/bid/4873
Reference: BUGTRAQ:20020529 Addendum to advisory #NISR29052002 (JRun buffer overflow)
Reference: URL:http://online.securityfocus.com/archive/1/274601
Reference: BUGTRAQ:20020529 Macromedia JRUN Buffer overflow vulnerability (#NISR29052002)
Reference: URL:http://online.securityfocus.com/archive/1/274528
Reference: CERT:CA-2002-14
Reference: URL:http://www.cert.org/advisories/CA-2002-14.html
Reference: CERT-VN:VU#703835
Reference: URL:http://www.kb.cert.org/vuls/id/703835
Reference: OSVDB:5082
Reference: URL:http://www.osvdb.org/5082
Reference: VULNWATCH:20020529 [VulnWatch] FW: Macromedia JRUN Buffer overflow vulnerability (#NISR29052002)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0085.html
Reference: XF:jrun-isapi-host-bo(9194)
Reference: URL:http://www.iss.net/security_center/static/9194.php

---

Name: CVE-2002-0802

Description:

The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks.

Status:Entry
Reference: MISC:http://marc.info/?l=postgresql-general&m=102032794322362
Reference: REDHAT:RHSA-2002:149
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-149.html
Reference: XF:postgresql-sqlascii-sql-injection(10328)
Reference: URL:http://www.iss.net/security_center/static/10328.php

---

Name: CVE-2002-0804

Description:

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured to perform reverse DNS lookups, allows remote attackers to bypass IP restrictions by connecting from a system with a spoofed reverse DNS hostname.

Status:Entry
Reference: BID:4964
Reference: URL:http://www.securityfocus.com/bid/4964
Reference: BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 Prior To 2.14.2, 2.16 Prior To 2.16rc2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=129466
Reference: OSVDB:6394
Reference: URL:http://www.osvdb.org/6394
Reference: REDHAT:RHSA-2002:109
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-109.html
Reference: XF:bugzilla-reversedns-hostname-spoof(9301)
Reference: URL:http://www.iss.net/security_center/static/9301.php

---

Name: CVE-2002-0805

Description:

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code.

Status:Entry
Reference: BID:4964
Reference: URL:http://www.securityfocus.com/bid/4964
Reference: BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=134575
Reference: OSVDB:6395
Reference: URL:http://www.osvdb.org/6395
Reference: REDHAT:RHSA-2002:109
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-109.html
Reference: XF:bugzilla-world-writable-dir(9302)
Reference: URL:http://www.iss.net/security_center/static/9302.php

---

Name: CVE-2002-0806

Description:

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option.

Status:Entry
Reference: BID:4964
Reference: URL:http://www.securityfocus.com/bid/4964
Reference: BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=141557
Reference: OSVDB:5080
Reference: URL:http://www.osvdb.org/5080
Reference: REDHAT:RHSA-2002:109
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-109.html
Reference: XF:bugzilla-edituser-user-delete(9303)
Reference: URL:http://www.iss.net/security_center/static/9303.php

---

Name: CVE-2002-0808

Description:

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing a mass change, sets the groupset of all bugs to the groupset of the first bug, which could inadvertently cause insecure groupset permissions to be assigned to some bugs.

Status:Entry
Reference: BID:4964
Reference: URL:http://www.securityfocus.com/bid/4964
Reference: BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=107718
Reference: REDHAT:RHSA-2002:109
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-109.html
Reference: XF:bugzilla-masschange-change-groupset(9305)
Reference: URL:http://www.iss.net/security_center/static/9305.php

---

Name: CVE-2002-0809

Description:

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names.

Status:Entry
Reference: BID:4964
Reference: URL:http://www.securityfocus.com/bid/4964
Reference: BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=148674
Reference: REDHAT:RHSA-2002:109
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-109.html
Reference: XF:bugzilla-group-permissions-removal(10141)
Reference: URL:http://www.iss.net/security_center/static/10141.php

---

Name: CVE-2002-0810

Description:

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails.

Status:Entry
Reference: BID:4964
Reference: URL:http://www.securityfocus.com/bid/4964
Reference: BUGTRAQ:20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0054.html
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=92263
Reference: FREEBSD:FreeBSD-SN-02:05
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc
Reference: OSVDB:6399
Reference: URL:http://www.osvdb.org/6399
Reference: REDHAT:RHSA-2002:109
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-109.html
Reference: XF:bugzilla-shadow-database-information(9306)
Reference: URL:http://www.iss.net/security_center/static/9306.php

---

Name: CVE-2002-0813

Description:

Heap-based buffer overflow in the TFTP server capability in Cisco IOS 11.1, 11.2, and 11.3 allows remote attackers to cause a denial of service (reset) or modify configuration via a long filename.

Status:Entry
Reference: BID:5328
Reference: URL:http://www.securityfocus.com/bid/5328
Reference: BUGTRAQ:20020727 Phenoelit Advisory, 0815 ++ * - Cisco_tftp
Reference: URL:http://online.securityfocus.com/archive/1/284634
Reference: BUGTRAQ:20020822 Cisco IOS exploit PoC
Reference: URL:http://marc.info/?l=bugtraq&m=103002169829669&w=2
Reference: CISCO:20020730 TFTP Long Filename Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/ios-tftp-long-filename-pub.shtml
Reference: OSVDB:854
Reference: URL:http://www.osvdb.org/854
Reference: XF:cisco-tftp-filename-bo(9700)
Reference: URL:http://www.iss.net/security_center/static/9700.php

---

Name: CVE-2002-0814

Description:

Buffer overflow in VMware Authorization Service for VMware GSX Server 2.0.0 build-2050 allows remote authenticated users to execute arbitrary code via a long GLOBAL argument.

Status:Entry
Reference: BID:5294
Reference: URL:http://www.securityfocus.com/bid/5294
Reference: BUGTRAQ:20020724 VMware GSX Server Remote Buffer Overflow
Reference: URL:http://marc.info/?l=bugtraq&m=102752511030425&w=2
Reference: BUGTRAQ:20020726 Re: VMware GSX Server Remote Buffer Overflow
Reference: URL:http://marc.info/?l=bugtraq&m=102765223418716&w=2
Reference: CONFIRM:http://www.vmware.com/download/gsx_security.html
Reference: NTBUGTRAQ:20020805 VMware GSX Server 2.0.1 Release and Security Alert
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0057.html
Reference: XF:vmware-gsx-auth-bo(9663)
Reference: URL:http://www.iss.net/security_center/static/9663.php

---

Name: CVE-2002-0816

Description:

Buffer overflow in su in Tru64 Unix 5.x allows local users to gain root privileges via a long username and argument.

Status:Entry
Reference: BID:5272
Reference: URL:http://www.securityfocus.com/bid/5272
Reference: BUGTRAQ:20020719 tru64 proof of concept /bin/su non-exec bypass
Reference: URL:http://marc.info/?l=bugtraq&m=102709593117171&w=2
Reference: CERT-VN:VU#229867
Reference: URL:http://www.kb.cert.org/vuls/id/229867
Reference: COMPAQ:SSRT2257
Reference: URL:http://archives.neohapsis.com/archives/tru64/2002-q3/0019.html
Reference: XF:tru64-su-bo(9640)
Reference: URL:http://www.iss.net/security_center/static/9640.php

---

Name: CVE-2002-0817

Description:

Format string vulnerability in super for Linux allows local users to gain root privileges via a long command line argument.

Status:Entry
Reference: BID:5367
Reference: URL:http://www.securityfocus.com/bid/5367
Reference: BUGTRAQ:20020731 The SUPER Bug
Reference: URL:http://marc.info/?l=bugtraq&m=102812622416695&w=2
Reference: DEBIAN:DSA-139
Reference: URL:http://www.debian.org/security/2002/dsa-139
Reference: VULNWATCH:20020730 The SUPER Bug
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0045.html
Reference: XF:super-syslog-format-string(9741)
Reference: URL:http://www.iss.net/security_center/static/9741.php

---

Name: CVE-2002-0818

Description:

wwwoffled in World Wide Web Offline Explorer (WWWOFFLE) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative Content-Length value.

Status:Entry
Reference: BID:5260
Reference: URL:http://www.securityfocus.com/bid/5260
Reference: BUGTRAQ:20020718 wwwoffle-2.7b and prior segfaults with negative Content-Length value
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0194.html
Reference: CALDERA:CSSA-2002-048.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-048.0.txt
Reference: DEBIAN:DSA-144
Reference: URL:http://www.debian.org/security/2002/dsa-144
Reference: SUSE:SuSE-SA:2002:029
Reference: URL:http://marc.info/?l=bugtraq&m=102821890317683&w=2
Reference: XF:wwwoffle-neg-length-bo(9619)
Reference: URL:http://www.iss.net/security_center/static/9619.php

---

Name: CVE-2002-0823

Description:

Buffer overflow in Winhlp32.exe allows remote attackers to execute arbitrary code via an HTML document that calls the HTML Help ActiveX control (HHCtrl.ocx) with a long pathname in the Item parameter.

Status:Entry
Reference: BID:4857
Reference: URL:http://www.securityfocus.com/bid/4857
Reference: BUGTRAQ:20020801 Winhelp32 Remote Buffer Overrun
Reference: URL:http://marc.info/?l=bugtraq&m=102822806329440&w=2
Reference: MSKB:Q293338
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;en-us;q293338
Reference: NTBUGTRAQ:20020801 Winhlp32.exe Remote BufferOverrun
Reference: OSVDB:2991
Reference: URL:http://www.osvdb.org/2991
Reference: XF:htmlhelp-item-bo(9746)
Reference: URL:http://www.iss.net/security_center/static/9746.php

---

Name: CVE-2002-0824

Description:

BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device.

Status:Entry
Reference: BID:5355
Reference: URL:http://www.securityfocus.com/bid/5355
Reference: FREEBSD:FreeBSD-SA-02:32.pppd
Reference: URL:http://marc.info/?l=bugtraq&m=102812546815606&w=2
Reference: NETBSD:NetBSD-SA2002-010
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-010.txt.asc
Reference: OPENBSD:20020729 011: SECURITY FIX: July 29, 2002
Reference: URL:http://www.openbsd.org/errata31.html
Reference: XF:pppd-race-condition(9738)
Reference: URL:http://www.iss.net/security_center/static/9738.php

---

Name: CVE-2002-0826

Description:

Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated users to execute arbitrary code via a long SITE CPWD command.

Status:Entry
Reference: ATSTAKE:A080802-1
Reference: URL:http://www.atstake.com/research/advisories/2002/a080802-1.txt
Reference: BID:5427
Reference: URL:http://www.securityfocus.com/bid/5427
Reference: CONFIRM:http://www.ipswitch.com/Support/WS_FTP-Server/patch-upgrades.html
Reference: XF:wsftp-site-cpwd-bo(9794)
Reference: URL:http://www.iss.net/security_center/static/9794.php

---

Name: CVE-2002-0829

Description:

Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD 4.6.1 RELEASE-p4 and earlier allows local users to access arbitrary file contents within FFS to gain privileges by creating a file that is larger than allowed by the virtual memory system.

Status:Entry
Reference: BID:5399
Reference: URL:http://www.securityfocus.com/bid/5399
Reference: FREEBSD:FreeBSD-SA-02:35.ffs
Reference: URL:http://marc.info/?l=bugtraq&m=102865404413458&w=2
Reference: OSVDB:5073
Reference: URL:http://www.osvdb.org/5073
Reference: XF:freebsd-ffs-integer-overflow(9771)
Reference: URL:http://www.iss.net/security_center/static/9771.php

---

Name: CVE-2002-0830

Description:

Network File System (NFS) in FreeBSD 4.6.1 RELEASE-p7 and earlier, NetBSD 1.5.3 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service (hang) via an RPC message with a zero length payload, which causes NFS to reference a previous payload and enter an infinite loop.

Status:Entry
Reference: BID:5402
Reference: URL:http://www.securityfocus.com/bid/5402
Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html
Reference: FREEBSD:FreeBSD-SA-02:36.nfs
Reference: URL:http://marc.info/?l=bugtraq&m=102865517214722&w=2
Reference: NETBSD:NetBSD-SA2002-013
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-013.txt.asc
Reference: OSVDB:5072
Reference: URL:http://www.osvdb.org/5072
Reference: XF:bsd-nfs-rpc-dos(9772)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/9772

---

Name: CVE-2002-0831

Description:

The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local users to cause a denial of service (kernel panic) via a pipe call in which one end is terminated and an EVFILT_WRITE filter is registered for the other end.

Status:Entry
Reference: BID:5405
Reference: URL:http://www.securityfocus.com/bid/5405
Reference: FREEBSD:FreeBSD-SA-02:37.kqueue
Reference: URL:http://marc.info/?l=bugtraq&m=102865142610126&w=2
Reference: OSVDB:5069
Reference: URL:http://www.osvdb.org/5069
Reference: XF:freebsd-kqueue-dos(9774)
Reference: URL:http://www.iss.net/security_center/static/9774.php

---

Name: CVE-2002-0835

Description:

Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones.

Status:Entry
Reference: BID:5596
Reference: URL:http://www.securityfocus.com/bid/5596
Reference: CALDERA:CSSA-2002-044.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-044.0.txt
Reference: HP:HPSBTL0209-066
Reference: URL:http://online.securityfocus.com/advisories/4449
Reference: REDHAT:RHSA-2002:162
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-162.html
Reference: REDHAT:RHSA-2002:165
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-165.html
Reference: XF:pxe-dhcp-dos(10003)
Reference: URL:http://www.iss.net/security_center/static/10003.php

---

Name: CVE-2002-0836

Description:

dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.

Status:Entry
Reference: BID:5978
Reference: URL:http://www.securityfocus.com/bid/5978
Reference: BUGTRAQ:20021018 GLSA: tetex
Reference: URL:http://marc.info/?l=bugtraq&m=103497852330838&w=2
Reference: BUGTRAQ:20021216 [OpenPKG-SA-2002.015] OpenPKG Security Advisory (tetex)
Reference: URL:http://marc.info/?l=bugtraq&m=104005975415582&w=2
Reference: CERT-VN:VU#169841
Reference: URL:http://www.kb.cert.org/vuls/id/169841
Reference: CONECTIVA:CLA-2002:537
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000537
Reference: DEBIAN:DSA-207
Reference: URL:http://www.debian.org/security/2002/dsa-207
Reference: HP:HPSBTL0210-073
Reference: URL:http://www.securityfocus.com/advisories/4567
Reference: MANDRAKE:MDKSA-2002:070
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-070.php
Reference: REDHAT:RHSA-2002:194
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-194.html
Reference: REDHAT:RHSA-2002:195
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-195.html
Reference: XF:dvips-system-execute-commands(10365)
Reference: URL:http://www.iss.net/security_center/static/10365.php

---

Name: CVE-2002-0840

Description:

Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.

Status:Entry
Reference: BID:5847
Reference: URL:http://www.securityfocus.com/bid/5847
Reference: BUGTRAQ:20021002 Apache 2 Cross-Site Scripting
Reference: URL:http://marc.info/?l=bugtraq&m=103357160425708&w=2
Reference: BUGTRAQ:20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache)
Reference: URL:http://marc.info/?l=bugtraq&m=103376585508776&w=2
Reference: BUGTRAQ:20021017 TSLSA-2002-0069-apache
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0254.html
Reference: CERT-VN:VU#240329
Reference: URL:http://www.kb.cert.org/vuls/id/240329
Reference: CONECTIVA:CLA-2002:530
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000530
Reference: CONFIRM:http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2
Reference: CONFIRM:http://www.apacheweek.com/issues/02-10-04
Reference: DEBIAN:DSA-187
Reference: URL:http://www.debian.org/security/2002/dsa-187
Reference: DEBIAN:DSA-188
Reference: URL:http://www.debian.org/security/2002/dsa-188
Reference: DEBIAN:DSA-195
Reference: URL:http://www.debian.org/security/2002/dsa-195
Reference: ENGARDE:ESA-20021007-024
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2414.html
Reference: HP:HPSBUX0210-224
Reference: URL:http://online.securityfocus.com/advisories/4617
Reference: MANDRAKE:MDKSA-2002:068
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-068.php
Reference: MLIST:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
Reference: URL:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
Reference: URL:https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
Reference: URL:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
Reference: URL:https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
Reference: OSVDB:862
Reference: URL:http://www.osvdb.org/862
Reference: REDHAT:RHSA-2002:222
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-222.html
Reference: REDHAT:RHSA-2002:243
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-243.html
Reference: REDHAT:RHSA-2002:244
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-244.html
Reference: REDHAT:RHSA-2002:248
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-248.html
Reference: REDHAT:RHSA-2002:251
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-251.html
Reference: REDHAT:RHSA-2003:106
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-106.html
Reference: SGI:20021105-02-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021105-02-I
Reference: VULNWATCH:20021002 Apache 2 Cross-Site Scripting
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0003.html
Reference: XF:apache-http-host-xss(10241)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10241

---

Name: CVE-2002-0842

Description:

Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. Oracle9i Application Server 9.0.2) allows remote attackers to execute arbitrary code via a destination URI that forces a "502 Bad Gateway" response, which causes the format string specifiers to be returned from dav_lookup_uri() in mod_dav.c, which is then used in a call to ap_log_rerror().

Status:Entry
Reference: BID:6846
Reference: URL:http://www.securityfocus.com/bid/6846
Reference: BUGTRAQ:20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d)
Reference: URL:http://marc.info/?l=bugtraq&m=104549708626309&w=2
Reference: BUGTRAQ:20030218 CSSA-2003-007.0 Advisory withdrawn. Re: Security Update: [CSSA-2003-007.0] Linux: Apache mod_dav mo
Reference: URL:http://marc.info/?l=bugtraq&m=104559446010858&w=2
Reference: BUGTRAQ:20030218 Re: CSSA-2003-007.0 Advisory withdrawn.
Reference: URL:http://marc.info/?l=bugtraq&m=104560577227981&w=2
Reference: CERT:CA-2003-05
Reference: URL:http://www.cert.org/advisories/CA-2003-05.html
Reference: CERT-VN:VU#849993
Reference: URL:http://www.kb.cert.org/vuls/id/849993
Reference: CIAC:N-046
Reference: URL:http://www.ciac.org/ciac/bulletins/n-046.shtml
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert52.pdf
Reference: FULLDISC:20030218 Re: CSSA-2003-007.0 Advisory withdrawn.
Reference: MISC:http://www.nextgenss.com/advisories/ora-appservfmtst.txt
Reference: NTBUGTRAQ:20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d)
Reference: URL:http://marc.info/?l=bugtraq&m=104549708626309&w=2
Reference: VULNWATCH:20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0076.html
Reference: XF:oracle-appserver-davpublic-dos(11330)
Reference: URL:http://www.iss.net/security_center/static/11330.php

---

Name: CVE-2002-0844

Description:

Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD before 1.11.2 allows local users to execute arbitrary code.

Status:Entry
Reference: BID:4829
Reference: URL:http://www.securityfocus.com/bid/4829
Reference: BUGTRAQ:20020525 [DER ADV#8] - Local off by one in CVSD
Reference: URL:http://marc.info/?l=bugtraq&m=102233767925177&w=2
Reference: CALDERA:CSSA-2002-035.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-035.0.txt
Reference: REDHAT:RHSA-2004:004
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-004.html
Reference: SGI:20040103-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc
Reference: VULNWATCH:20020525 [DER ADV#8] - Local off by one in CVSD
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0081.html
Reference: XF:cvs-rcs-offbyone-bo(9175)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/9175

---

Name: CVE-2002-0845

Description:

Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows remote attackers to execute arbitrary code via an HTTP request using chunked transfer encoding.

Status:Entry
Reference: BID:5433
Reference: URL:http://www.securityfocus.com/bid/5433
Reference: BUGTRAQ:20020808 EEYE: Sun(TM) ONE / iPlanet Web Server 4.1 and 6.0 Remote Buffer Overflow
Reference: URL:http://marc.info/?l=bugtraq&m=102890933623192&w=2
Reference: CONFIRM:http://www.sun.com/service/support/software/iplanet/alerts/transferencodingalert-23july2002.html
Reference: XF:iplanet-chunked-encoding-bo(9799)
Reference: URL:http://www.iss.net/security_center/static/9799.php

---

Name: CVE-2002-0846

Description:

The decoder for Macromedia Shockwave Flash allows remote attackers to execute arbitrary code via a malformed SWF header that contains more data than the specified length.

Status:Entry
Reference: BID:5430
Reference: URL:http://www.securityfocus.com/bid/5430
Reference: BUGTRAQ:20020808 EEYE: Macromedia Shockwave Flash Malformed Header Overflow
Reference: BUGTRAQ:20020830 RE: Macromedia Shockwave Flash Malformed Header Overflow
Reference: URL:http://marc.info/?l=bugtraq&m=103072708329280&w=2
Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=23293
Reference: REDHAT:RHSA-2003:026
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-026.html
Reference: REDHAT:RHSA-2003:027
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-027.html
Reference: XF:flash-swf-header-bo(9798)
Reference: URL:http://www.iss.net/security_center/static/9798.php

---

Name: CVE-2002-0847

Description:

tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers to execute arbitrary code via memory that is freed twice (double-free).

Status:Entry
Reference: BID:4731
Reference: URL:http://www.securityfocus.com/bid/4731
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=88790
Reference: DEBIAN:DSA-145
Reference: URL:https://www.debian.org/security/2002/dsa-145
Reference: XF:tinyproxy-memory-corruption(9079)
Reference: URL:http://www.iss.net/security_center/static/9079.php

---

Name: CVE-2002-0848

Description:

Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, and 5.2.23.0003 and earlier, when using RADIUS with a challenge type of Password Authentication Protocol (PAP) or Challenge, sends the user password in cleartext in a validation retry request, which could allow remote attackers to steal passwords via sniffing.

Status:Entry
Reference: BID:5417
Reference: URL:http://www.securityfocus.com/bid/5417
Reference: CISCO:20020807 Cisco VPN 5000 Series Concentrator RADIUS PAP Authentication Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/vpn5k-radius-pap-vuln-pub.shtml
Reference: XF:cisco-vpn5000-plaintext-password(9781)
Reference: URL:http://www.iss.net/security_center/static/9781.php

---

Name: CVE-2002-0850

Description:

Buffer overflow in PGP Corporate Desktop 7.1.1 allows remote attackers to execute arbitrary code via an encrypted document that has a long filename when it is decrypted.

Status:Entry
Reference: BID:5656
Reference: URL:http://www.securityfocus.com/bid/5656
Reference: BUGTRAQ:20020906 Foundstone Labs Advisory - Remotely Exploitable Buffer Overflow in PGP
Reference: URL:http://marc.info/?l=bugtraq&m=103133995920090&w=2
Reference: CONFIRM:http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1.1/pgphotfix_outlookplugin711/ReadMe.txt
Reference: VULNWATCH:20020905 Foundstone Labs Advisory - Remotely Exploitable Buffer Overflow in PGP
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0106.html
Reference: XF:pgp-long-filename-bo(10043)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10043

---

Name: CVE-2002-0851

Description:

Format string vulnerability in ISDN Point to Point Protocol (PPP) daemon (ipppd) in the ISDN4Linux (i4l) package allows local users to gain root privileges via format strings in the device name command line argument, which is not properly handled in a call to syslog.

Status:Entry
Reference: BID:5437
Reference: URL:http://www.securityfocus.com/bid/5437
Reference: SUSE:SuSE-SA:2002:030
Reference: VULNWATCH:20020809 Local Root Exploit
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0068.html
Reference: XF:isdn4linux-ipppd-format-string(9811)
Reference: URL:http://www.iss.net/security_center/static/9811.php

---

Name: CVE-2002-0853

Description:

Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload.

Status:Entry
Reference: BID:5440
Reference: URL:http://www.securityfocus.com/bid/5440
Reference: CERT-VN:VU#287771
Reference: URL:http://www.kb.cert.org/vuls/id/287771
Reference: CISCO:20020812 Cisco VPN Client Multiple Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple-vuln-pub.shtml
Reference: XF:cisco-vpn-zerolength-dos(9821)
Reference: URL:http://www.iss.net/security_center/static/9821.php

---

Name: CVE-2002-0856

Description:

SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature.

Status:Entry
Reference: BID:5457
Reference: URL:http://www.securityfocus.com/bid/5457
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2002alert38rev1.pdf
Reference: ISS:20020813 Remote Denial of Service Vulnerability in Oracle9i SQL*NET
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=20941
Reference: VULNWATCH:20020813 ISS Security Brief: Remote Denial of Service Vulnerability in Oracle9i SQL*NET
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0072.html
Reference: XF:oracle-listener-debug-dos(9237)
Reference: URL:http://www.iss.net/security_center/static/9237.php

---

Name: CVE-2002-0859

Description:

Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code.

Status:Entry
Reference: BID:5057
Reference: URL:http://www.securityfocus.com/bid/5057
Reference: BUGTRAQ:20020619 Microsoft SQL Server 2000 OpenDataSource Buffer Overflow (#NISR19062002)
Reference: URL:http://marc.info/?l=bugtraq&m=102450188620081&w=2
Reference: MISC:http://www.nextgenss.com/advisories/mssql-ods.txt
Reference: MSKB:Q282010
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q282010
Reference: XF:mssql-jet-ods-bo(9375)
Reference: URL:http://www.iss.net/security_center/static/9375.php

---

Name: CVE-2002-0860

Description:

The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file.

Status:Entry
Reference: BID:4453
Reference: URL:http://www.securityfocus.com/bid/4453
Reference: BUGTRAQ:20020408 Reading local files with OWC in IE (GM#006-IE)
Reference: URL:http://marc.info/?l=bugtraq&m=101829911018463&w=2
Reference: MS:MS02-044
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-044
Reference: OSVDB:3007
Reference: URL:http://www.osvdb.org/3007
Reference: XF:owc-spreadsheet-loadtext-read-files (8778)
Reference: URL:http://www.iss.net/security_center/static/8778.php

---

Name: CVE-2002-0864

Description:

The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP allows remote attackers to cause a denial of service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command, aka "Denial of Service in Remote Desktop."

Status:Entry
Reference: BID:5713
Reference: URL:http://www.securityfocus.com/bid/5713
Reference: BUGTRAQ:20020916 Microsoft Windows XP Remote Desktop denial of service vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=103235745116592&w=2
Reference: BUGTRAQ:20020918 Microsoft Windows Terminal Services vulnerabilities
Reference: URL:http://marc.info/?l=bugtraq&m=103236181522253&w=2
Reference: MS:MS02-051
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-051
Reference: XF:winxp-remote-desktop-dos(10120)
Reference: URL:http://www.iss.net/security_center/static/10120.php

---

Name: CVE-2002-0865

Description:

A certain class that supports XML (Extensible Markup Language) in Microsoft Virtual Machine (VM) 5.0.3805 and earlier, probably com.ms.osp.ospmrshl, exposes certain unsafe methods, which allows remote attackers to execute unsafe code via a Java applet, aka "Inappropriate Methods Exposed in XML Support Classes."

Status:Entry
Reference: BID:5752
Reference: URL:http://www.securityfocus.com/bid/5752
Reference: CERT-VN:VU#140898
Reference: URL:http://www.kb.cert.org/vuls/id/140898
Reference: MS:MS02-052
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-052
Reference: XF:msvm-xml-methods-access(10135)
Reference: URL:http://www.iss.net/security_center/static/10135.php

---

Name: CVE-2002-0866

Description:

Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine (VM) up to and including 5.0.3805 allow remote attackers to load and execute DLLs (dynamic link libraries) via a Java applet that calls the constructor for com.ms.jdbc.odbc.JdbcOdbc with the desired DLL terminated by a null string, aka "DLL Execution via JDBC Classes."

Status:Entry
Reference: BID:5751
Reference: URL:http://www.securityfocus.com/bid/5751
Reference: BUGTRAQ:20020923 Technical information about the vulnerabilities fixed by MS-02-52
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0271.html
Reference: CERT-VN:VU#307306
Reference: URL:http://www.kb.cert.org/vuls/id/307306
Reference: MS:MS02-052
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-052
Reference: XF:msvm-jdbc-dll-execution(10133)
Reference: URL:http://www.iss.net/security_center/static/10133.php

---

Name: CVE-2002-0867

Description:

Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to cause a denial of service (crash) in Internet Explorer via invalid handle data in a Java applet, aka "Handle Validation Flaw."

Status:Entry
Reference: BID:5750
Reference: URL:http://www.securityfocus.com/bid/5750
Reference: CERT-VN:VU#792881
Reference: URL:http://www.kb.cert.org/vuls/id/792881
Reference: MS:MS02-052
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-052
Reference: XF:msvm-jdbc-ie-dos(10134)
Reference: URL:http://www.iss.net/security_center/static/10134.php

---

Name: CVE-2002-0871

Description:

xinetd 2.3.4 leaks file descriptors for the signal pipe to services that are launched by xinetd, which could allow those services to cause a denial of service via the pipe.

Status:Entry
Reference: BID:5458
Reference: URL:http://www.securityfocus.com/bid/5458
Reference: BUGTRAQ:20020814 GLSA: xinetd
Reference: URL:http://marc.info/?l=bugtraq&m=102935383506155&w=2
Reference: DEBIAN:DSA-151
Reference: URL:https://www.debian.org/security/2002/dsa-151
Reference: MANDRAKE:MDKSA-2002:053
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-053.php
Reference: REDHAT:RHSA-2002:196
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-196.html
Reference: REDHAT:RHSA-2003:228
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-228.html
Reference: XF:xinetd-signal-leak-dos(9844)
Reference: URL:http://www.iss.net/security_center/static/9844.php

---

Name: CVE-2002-0872

Description:

l2tpd 0.67 does not initialize the random number generator, which allows remote attackers to hijack sessions.

Status:Entry
Reference: BID:5451
Reference: URL:http://www.securityfocus.com/bid/5451
Reference: BUGTRAQ:20020813 New l2tpd release 0.68
Reference: DEBIAN:DSA-152
Reference: URL:http://www.debian.org/security/2002/dsa-152
Reference: XF:l2tpd-rand-number-predictable(9845)
Reference: URL:http://www.iss.net/security_center/static/9845.php

---

Name: CVE-2002-0873

Description:

Vulnerability in l2tpd 0.67 allows remote attackers to overwrite the vendor field via a long value in an attribute/value pair, possibly via a buffer overflow.

Status:Entry
Reference: BUGTRAQ:20020813 New l2tpd release 0.68
Reference: DEBIAN:DSA-152
Reference: URL:http://www.debian.org/security/2002/dsa-152
Reference: XF:l2tpd-vendor-field-bo(10460)
Reference: URL:http://www.iss.net/security_center/static/10460.php

---

Name: CVE-2002-0875

Description:

Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group.

Status:Entry
Reference: BID:5487
Reference: URL:http://www.securityfocus.com/bid/5487
Reference: DEBIAN:DSA-154
Reference: URL:http://www.debian.org/security/2002/dsa-154
Reference: FREEBSD:FreeBSD-SN-02:05
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:05.asc
Reference: REDHAT:RHSA-2005:005
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-005.html
Reference: SGI:20000301-03-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20000301-03-I
Reference: XF:sgi-fam-insecure-permissions(9880)
Reference: URL:http://www.iss.net/security_center/static/9880.php

---

Name: CVE-2002-0887

Description:

scoadmin for Caldera/SCO OpenServer 5.0.5 and 5.0.6 allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using log files.

Status:Entry
Reference: BID:4875
Reference: URL:http://www.securityfocus.com/bid/4875
Reference: BUGTRAQ:20010522 [SRT2001-10] - scoadmin /tmp issues
Reference: URL:http://marc.info/?l=bugtraq&m=99057164129869&w=2
Reference: CALDERA:CSSA-2002-SCO.22
Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.22/CSSA-2002-SCO.22.txt
Reference: XF:openserver-scoadmin-symlink(9210)
Reference: URL:http://www.iss.net/security_center/static/9210.php

---

Name: CVE-2002-0889

Description:

Buffer overflow in Qpopper (popper) 4.0.4 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a long bulldir argument in the user's .qpopper-options configuration file.

Status:Entry
Reference: BID:4614
Reference: URL:http://www.securityfocus.com/bid/4614
Reference: BUGTRAQ:20020428 QPopper 4.0.4 buffer overflow
Reference: URL:http://online.securityfocus.com/archive/1/269969
Reference: CALDERA:CSSA-2002-SCO.20
Reference: VULN-DEV:20020428 QPopper 4.0.4 buffer overflow
Reference: URL:http://marc.info/?l=vuln-dev&m=102003707432457&w=2
Reference: XF:qpopper-bulldir-bo(8949)
Reference: URL:http://www.iss.net/security_center/static/8949.php

---

Name: CVE-2002-0891

Description:

The web interface (WebUI) of NetScreen ScreenOS before 2.6.1r8, and certain 2.8.x and 3.0.x versions before 3.0.3r1, allows remote attackers to cause a denial of service (crash) via a long user name.

Status:Entry
Reference: BID:4842
Reference: URL:http://www.securityfocus.com/bid/4842
Reference: BUGTRAQ:20020527 Netscreen 25 unauthorised reboot issue
Reference: URL:http://online.securityfocus.com/archive/1/274240
Reference: CONFIRM:http://www.netscreen.com/support/ns25_reboot.html
Reference: XF:netscreen-screenos-username-dos(9186)
Reference: URL:http://www.iss.net/security_center/static/9186.php

---

Name: CVE-2002-0892

Description:

The default configuration of NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to determine the path of the web root via a direct request to com.newatlanta.servletexec.JSP10Servlet without a filename, which leaks the pathname in an error message.

Status:Entry
Reference: BID:4793
Reference: URL:http://www.securityfocus.com/bid/4793
Reference: BUGTRAQ:20020522 Multiple vulnerabilities in NewAtlanta ServletExec ISAPI 4.1
Reference: URL:http://online.securityfocus.com/archive/1/273615
Reference: CONFIRM:http://www.newatlanta.com/do/findFaq?faq_id=151
Reference: VULNWATCH:20020522 [VulnWatch] Multiple vulnerabilities in NewAtlanta ServletExec ISAPI 4.1
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0077.html
Reference: XF:servletexec-jsp10servlet-path-disclosure(9139)
Reference: URL:http://www.iss.net/security_center/static/9139.php

---

Name: CVE-2002-0895

Description:

Buffer overflow in MatuFtpServer 1.1.3.0 (1.1.3) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PASS (password) command.

Status:Entry
Reference: BID:4792
Reference: URL:http://www.securityfocus.com/bid/4792
Reference: BUGTRAQ:20020522 MatuFtpServer Remote Buffer Overflow and Possible DoS
Reference: URL:http://online.securityfocus.com/archive/1/273581
Reference: XF:matuftpserver-pass-bo(9138)
Reference: URL:http://www.iss.net/security_center/static/9138.php

---

Name: CVE-2002-0897

Description:

LocalWEB2000 2.1.0 web server allows remote attackers to bypass access restrictions for restricted files via a URL that contains the "/./" directory.

Status:Entry
Reference: BID:4820
Reference: URL:http://www.securityfocus.com/bid/4820
Reference: BUGTRAQ:20020524 [SecurityOffice] LocalWeb2000 Web Server Protected File Access Vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/274020
Reference: VULNWATCH:20020524 [SecurityOffice] LocalWeb2000 Web Server Protected File Access Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0079.html
Reference: XF:localweb2k-protection-bypass(9165)
Reference: URL:http://www.iss.net/security_center/static/9165.php

---

Name: CVE-2002-0898

Description:

Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary files from the client system, without prompting the client, via an input type=file tag whose value contains a newline.

Status:Entry
Reference: BID:4834
Reference: URL:http://www.securityfocus.com/bid/4834
Reference: BUGTRAQ:20020527 Reading ANY local file in Opera (GM#001-OP)
Reference: URL:http://online.securityfocus.com/archive/1/274202
Reference: CONFIRM:http://www.opera.com/windows/changelog/log603.html
Reference: NTBUGTRAQ:20020527 Reading ANY local file in Opera (GM#001-OP)
Reference: URL:http://marc.info/?l=ntbugtraq&m=102256058220402&w=2
Reference: XF:opera-browser-file-retrieval(9188)
Reference: URL:http://www.iss.net/security_center/static/9188.php

---

Name: CVE-2002-0900

Description:

Buffer overflow in pks PGP public key web server before 0.9.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long search argument to the lookup capability.

Status:Entry
Reference: BID:4828
Reference: URL:http://www.securityfocus.com/bid/4828
Reference: BUGTRAQ:20020524 pks public key server DOS and remote execution
Reference: URL:http://online.securityfocus.com/archive/1/274107
Reference: CONFIRM:http://www.rubin.ch/pgp/src/patch_buffoverflow20020525
Reference: XF:pgp-pks-search-bo(9171)
Reference: URL:http://www.iss.net/security_center/static/9171.php

---

Name: CVE-2002-0904

Description:

SayText function in Kismet 2.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters (backtick or pipe) in the essid argument.

Status:Entry
Reference: BID:4883
Reference: URL:http://www.securityfocus.com/bid/4883
Reference: BUGTRAQ:20020528 New Kismet Packages available - SayText() and suid kismet_server issues
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-05/0259.html
Reference: CONFIRM:http://www.kismetwireless.net/CHANGELOG
Reference: VULN-DEV:20020529 New Kismet Packages available - SayText() and suid kismet_server issues
Reference: URL:http://marc.info/?l=vuln-dev&m=102269718506080&w=2
Reference: XF:kismet-saytext-command-execution(9213)
Reference: URL:http://www.iss.net/security_center/static/9213.php

---

Name: CVE-2002-0906

Description:

Buffer overflow in Sendmail before 8.12.5, when configured to use a custom DNS map to query TXT records, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malicious DNS server.

Status:Entry
Reference: BID:5122
Reference: URL:http://www.securityfocus.com/bid/5122
Reference: CERT-VN:VU#814627
Reference: URL:http://www.kb.cert.org/vuls/id/814627
Reference: CONFIRM:http://www.sendmail.org/8.12.5.html
Reference: OVAL:oval:org.mitre.oval:def:2183
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2183
Reference: XF:sendmail-dns-txt-bo(9443)
Reference: URL:http://www.iss.net/security_center/static/9443.php

---

Name: CVE-2002-0911

Description:

Caldera Volution Manager 1.1 stores the Directory Administrator password in cleartext in the slapd.conf file, which could allow local users to gain privileges.

Status:Entry
Reference: BID:4923
Reference: URL:http://www.securityfocus.com/bid/4923
Reference: CALDERA:CSSA-2002-024.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-024.0.txt
Reference: XF:volution-manager-plaintext-password(9240)
Reference: URL:http://www.iss.net/security_center/static/9240.php

---

Name: CVE-2002-0914

Description:

Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop.

Status:Entry
Reference: BID:4908
Reference: URL:http://www.securityfocus.com/bid/4908
Reference: BUGTRAQ:20020601 SECURITY.NNOV: Courier CPU exhaustion + bonus on imap-uw
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=93065
Reference: OSVDB:5052
Reference: URL:http://www.osvdb.org/5052
Reference: XF:courier-mta-year-dos(9228)
Reference: URL:http://www.iss.net/security_center/static/9228.php

---

Name: CVE-2002-0916

Description:

Format string vulnerability in the allowuser code for the Stellar-X msntauth authentication module, as distributed in Squid 2.4.STABLE6 and earlier, allows remote attackers to execute arbitrary code via format strings in the user name, which are not properly handled in a syslog call.

Status:Entry
Reference: BID:4929
Reference: URL:http://www.securityfocus.com/bid/4929
Reference: BUGTRAQ:20020604 [DER #11] - Remotey exploitable fmt string bug in squid
Reference: URL:http://online.securityfocus.com/archive/1/275347
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.4/diff-2.4.STABLE6-2.4.STABLE7.gz
Reference: VULNWATCH:20020603 [VulnWatch] [DER #11] - Remotey exploitable fmt string bug in squid
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0087.html
Reference: XF:msntauth-squid-format-string(9248)
Reference: URL:http://www.iss.net/security_center/static/9248.php

---

Name: CVE-2002-0935

Description:

Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.

Status:Entry
Reference: BID:5067
Reference: URL:http://www.securityfocus.com/bid/5067
Reference: BUGTRAQ:20020620 KPMG-2002025: Apache Tomcat Denial of Service
Reference: URL:http://online.securityfocus.com/archive/1/277940
Reference: MLIST:[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
Reference: URL:https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
Reference: MLIST:[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
Reference: URL:https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
Reference: MLIST:[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/
Reference: URL:https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
Reference: OSVDB:5051
Reference: URL:http://www.osvdb.org/5051
Reference: VULNWATCH:20020620 [VulnWatch] KPMG-2002025: Apache Tomcat Denial of Service
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0120.html
Reference: XF:tomcat-null-thread-dos(9396)
Reference: URL:http://www.iss.net/security_center/static/9396.php

---

Name: CVE-2002-0938

Description:

Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe.

Status:Entry
Reference: BID:5026
Reference: URL:http://www.securityfocus.com/bid/5026
Reference: BUGTRAQ:20020614 XSS in CiscoSecure ACS v3.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0156.html
Reference: BUGTRAQ:20020621 Re: XSS in CiscoSecure ACS v3.0
Reference: URL:http://online.securityfocus.com/archive/1/278222
Reference: XF:ciscosecure-web-css(9353)
Reference: URL:http://www.iss.net/security_center/static/9353.php

---

Name: CVE-2002-0941

Description:

The ConsoleCallBack class for nCipher running under JRE 1.4.0 and 1.4.0_01, as used by the TrustedCodeTool and possibly other applications, may leak a passphrase when the user aborts an application that is prompting for the passphrase, which could allow attackers to gain privileges.

Status:Entry
Reference: BID:5024
Reference: URL:http://www.securityfocus.com/bid/5024
Reference: BUGTRAQ:20020617 nCipher Advisory #4: Console Java apps can leak passphrases on Windows
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0172.html
Reference: XF:ncipher-consolecallback-passphrase-leak(9354)
Reference: URL:http://www.iss.net/security_center/static/9354.php

---

Name: CVE-2002-0945

Description:

Buffer overflow in SeaNox Devwex allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.

Status:Entry
Reference: BID:4979
Reference: URL:http://www.securityfocus.com/bid/4979
Reference: BUGTRAQ:20020608 SeaNox Devwex - Denial of Service and Directory traversal
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0056.html
Reference: CONFIRM:http://www.seanox.de/projects.devwex.php
Reference: OSVDB:5047
Reference: URL:http://www.osvdb.org/5047
Reference: XF:devwex-get-bo(9298)
Reference: URL:http://www.iss.net/security_center/static/9298.php

---

Name: CVE-2002-0946

Description:

Directory traversal vulnerability in SeaNox Devwex before 1.2002.0601 allows remote attackers to read arbitrary files via ..\ (dot dot) sequences in an HTTP request.

Status:Entry
Reference: BID:4978
Reference: URL:http://www.securityfocus.com/bid/4978
Reference: BUGTRAQ:20020608 SeaNox Devwex - Denial of Service and Directory traversal
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0056.html
Reference: CONFIRM:http://www.seanox.de/projects.devwex.php
Reference: OSVDB:5048
Reference: URL:http://www.osvdb.org/5048
Reference: XF:devwex-dotdot-directory-traversal(9299)
Reference: URL:http://www.iss.net/security_center/static/9299.php

---

Name: CVE-2002-0947

Description:

Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter.

Status:Entry
Reference: BID:4848
Reference: URL:http://www.securityfocus.com/bid/4848
Reference: BUGTRAQ:20020612 Oracle Reports Server Buffer Overflow (#NISR12062002B)
Reference: URL:http://online.securityfocus.com/archive/1/276524
Reference: CERT-VN:VU#997403
Reference: URL:http://www.kb.cert.org/vuls/id/997403
Reference: CONFIRM:http://technet.oracle.com/deploy/security/pdf/reports6i_alert.pdf
Reference: MISC:http://www.nextgenss.com/vna/ora-reports.txt
Reference: VULNWATCH:20020612 [VulnWatch] Oracle Reports Server Buffer Overflow (#NISR12062002B)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0097.html
Reference: XF:oracle-reports-server-bo(9289)
Reference: URL:http://www.iss.net/security_center/static/9289.php

---

Name: CVE-2002-0952

Description:

Cisco ONS15454 optical transport platform running ONS 3.1.0 to 3.2.0 allows remote attackers to cause a denial of service (reset) by sending IP packets with non-zero Type of Service (TOS) bits to the Timing Control Card (TCC) LAN interface.

Status:Entry
Reference: BID:5058
Reference: URL:http://www.securityfocus.com/bid/5058
Reference: CISCO:20020619 Cisco ONS15454 IP TOS Bit Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/ons-tos-vuln-pub.shtml
Reference: XF:cisco-ons-tcc-dos(9377)
Reference: URL:http://www.iss.net/security_center/static/9377.php

---

Name: CVE-2002-0953

Description:

globals.php in PHP Address before 0.2f, with the PHP allow_url_fopen and register_globals variables enabled, allows remote attackers to execute arbitrary PHP code via a URL to the code in the LangCookie parameter.

Status:Entry
Reference: BID:5039
Reference: URL:http://www.securityfocus.com/bid/5039
Reference: BUGTRAQ:20020617 PHP source injection in PHPAddress
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0182.html
Reference: BUGTRAQ:20020619 Source Injection into PHPAddress
Reference: URL:http://online.securityfocus.com/archive/1/277987
Reference: XF:phpaddress-include-remote-files(9379)
Reference: URL:http://www.iss.net/security_center/static/9379.php

---

Name: CVE-2002-0958

Description:

Cross-site scripting vulnerability in browse.php for PHP(Reactor) 1.2.7 allows remote attackers to execute script as other users via the go parameter in the comments section.

Status:Entry
Reference: BID:4952
Reference: URL:http://www.securityfocus.com/bid/4952
Reference: BUGTRAQ:20020606 [ARL02-A12] PHP(Reactor) Cross Site Scripting Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0034.html
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=91877
Reference: XF:phpreactor-browse-xss(9280)
Reference: URL:http://www.iss.net/security_center/static/9280.php

---

Name: CVE-2002-0964

Description:

Half-Life Server 1.1.1.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via multiple responses to the initial challenge with different cd_key values, which reaches the player limit and prevents other players from connecting until the original responses have timed out.

Status:Entry
Reference: BID:5076
Reference: URL:http://www.securityfocus.com/bid/5076
Reference: BUGTRAQ:20020620 Half-life fake players bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0248.html
Reference: XF:halflife-mulitple-player-dos(9412)
Reference: URL:http://www.iss.net/security_center/static/9412.php

---

Name: CVE-2002-0965

Description:

Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file.

Status:Entry
Reference: BID:4845
Reference: URL:http://www.securityfocus.com/bid/4845
Reference: BUGTRAQ:20020612 Oracle TNS Listener Buffer Overflow (#NISR12062002A)
Reference: URL:http://online.securityfocus.com/archive/1/276526
Reference: CERT-VN:VU#630091
Reference: URL:http://www.kb.cert.org/vuls/id/630091
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/net9_dos_alert.pdf
Reference: VULNWATCH:20020612 [VulnWatch] Oracle TNS Listener Buffer Overflow (#NISR12062002A)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0096.html
Reference: XF:oracle-listener-servicename-bo(9288)
Reference: URL:http://www.iss.net/security_center/static/9288.php

---

Name: CVE-2002-0967

Description:

Buffer overflow in eDonkey 2000 35.16.60 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long "ed2k:" URL.

Status:Entry
Reference: BID:4951
Reference: URL:http://www.securityfocus.com/bid/4951
Reference: BUGTRAQ:20020606 eDonkey 2000 ed2k: URL Buffer Overflow
Reference: URL:http://online.securityfocus.com/archive/1/275708
Reference: CONFIRM:http://www.edonkey2000.com/
Reference: OSVDB:5042
Reference: URL:http://www.osvdb.org/5042
Reference: XF:edonkey2000-ed2k-filename-bo(9278)
Reference: URL:http://www.iss.net/security_center/static/9278.php

---

Name: CVE-2002-0968

Description:

Buffer overflow in AnalogX SimpleServer:WWW 1.16 and earlier allows remote attackers to cause a denial of service (crash) and execute code via a long HTTP request method name.

Status:Entry
Reference: BID:5006
Reference: URL:http://www.securityfocus.com/bid/5006
Reference: BUGTRAQ:20020613 Remote DoS in AnalogX SimpleServer:www 1.16
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0106.html
Reference: BUGTRAQ:20020702 Re: Remote DoS in AnlaogX SimpleServer:www 1.16
Reference: URL:http://marc.info/?l=bugtraq&m=102563702928443&w=2
Reference: CONFIRM:http://www.analogx.com/contents/download/network/sswww.htm
Reference: OSVDB:3780
Reference: URL:http://www.osvdb.org/3780
Reference: XF:analogx-simpleserver-at-dos(9338)
Reference: URL:http://www.iss.net/security_center/static/9338.php

---

Name: CVE-2002-0969

Description:

Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group.

Status:Entry
Reference: BID:5853
Reference: URL:http://www.securityfocus.com/bid/5853
Reference: BUGTRAQ:20021002 wp-02-0003: MySQL Locally Exploitable Buffer Overflow
Reference: URL:http://marc.info/?l=bugtraq&m=103358628011935&w=2
Reference: CONFIRM:http://www.mysql.com/documentation/mysql/bychapter/manual_News.html#News-3.23.x
Reference: MISC:http://www.westpoint.ltd.uk/advisories/wp-02-0003.txt
Reference: VULNWATCH:20021002 wp-02-0003: MySQL Locally Exploitable Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0004.html
Reference: XF:mysql-myini-datadir-bo(10243)
Reference: URL:http://www.iss.net/security_center/static/10243.php

---

Name: CVE-2002-0970

Description:

The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.

Status:Entry
Reference: BID:5410
Reference: URL:http://www.securityfocus.com/bid/5410
Reference: BUGTRAQ:20020812 Re: IE SSL Vulnerability (Konqueror affected too)
Reference: URL:http://marc.info/?l=bugtraq&m=102918241005893&w=2
Reference: BUGTRAQ:20020818 KDE Security Advisory: Konqueror SSL vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0170.html
Reference: CALDERA:CSSA-2002-047.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-047.0.txt
Reference: CONECTIVA:CLA-2002:519
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000519
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20020818-1.txt
Reference: DEBIAN:DSA-155
Reference: URL:http://www.debian.org/security/2002/dsa-155
Reference: MANDRAKE:MDKSA-2002:058
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:058
Reference: REDHAT:RHSA-2002:220
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-220.html
Reference: REDHAT:RHSA-2002:221
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-221.html
Reference: XF:ssl-ca-certificate-spoofing(9776)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/9776

---

Name: CVE-2002-0974

Description:

Help and Support Center for Windows XP allows remote attackers to delete arbitrary files via a link to the hcp: protocol that accesses uplddrvinfo.htm.

Status:Entry
Reference: BID:5478
Reference: URL:http://www.securityfocus.com/bid/5478
Reference: BUGTRAQ:20020815 Delete arbitrary files using Help and Support Center [MSRC 1198dg]
Reference: URL:http://marc.info/?l=bugtraq&m=102942549832077&w=2
Reference: MS:MS02-060
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-060
Reference: MSKB:Q328940
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q328940
Reference: OSVDB:3001
Reference: URL:http://www.osvdb.org/3001
Reference: XF:winxp-helpctr-delete-files(9878)
Reference: URL:http://www.iss.net/security_center/static/9878.php

---

Name: CVE-2002-0981

Description:

Buffer overflow in ndcfg command for UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to execute arbitrary code via a long command line.

Status:Entry
Reference: BID:5551
Reference: URL:http://www.securityfocus.com/bid/5551
Reference: CALDERA:CSSA-2002-SCO.36
Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenUNIX/CSSA-2002-SCO.36/CSSA-2002-SCO.36.txt
Reference: XF:openunix-unixware-ndcfg-bo(9945)
Reference: URL:http://www.iss.net/security_center/static/9945.php

---

Name: CVE-2002-0984

Description:

The IRC script included in Light 2.7.x before 2.7.30p5, and 2.8.x before 2.8pre10, running EPIC allows remote attackers to execute arbitrary code if the user joins a channel whose topic includes EPIC4 code.

Status:Entry
Reference: BID:5555
Reference: URL:http://www.securityfocus.com/bid/5555
Reference: BUGTRAQ:20020822 Light Security Advisory: Remotely-exploitable code execution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0231.html
Reference: DEBIAN:DSA-156
Reference: URL:http://www.debian.org/security/2002/dsa-156
Reference: XF:light-channel-execute-script(9943)
Reference: URL:http://www.iss.net/security_center/static/9943.php

---

Name: CVE-2002-0985

Description:

Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.

Status:Entry
Reference: BUGTRAQ:20020823 PHP: Bypass safe_mode and inject ASCII control chars with mail()
Reference: URL:http://marc.info/?l=bugtraq&m=103011916928204&w=2
Reference: BUGTRAQ:20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php)
Reference: URL:http://marc.info/?l=bugtraq&m=105760591228031&w=2
Reference: CALDERA:CSSA-2003-008.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt
Reference: CONECTIVA:CLA-2002:545
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545
Reference: DEBIAN:DSA-168
Reference: URL:http://www.debian.org/security/2002/dsa-168
Reference: MANDRAKE:MDKSA-2003:082
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082
Reference: OSVDB:2111
Reference: URL:http://www.osvdb.org/2111
Reference: REDHAT:RHSA-2002:213
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-213.html
Reference: REDHAT:RHSA-2002:214
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-214.html
Reference: REDHAT:RHSA-2002:243
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-243.html
Reference: REDHAT:RHSA-2002:244
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-244.html
Reference: REDHAT:RHSA-2002:248
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-248.html
Reference: REDHAT:RHSA-2003:159
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-159.html
Reference: SUSE:SuSE-SA:2002:036
Reference: URL:http://www.novell.com/linux/security/advisories/2002_036_modphp4.html
Reference: XF:php-mail-safemode-bypass(9966)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/9966

---

Name: CVE-2002-0986

Description:

The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."

Status:Entry
Reference: BID:5562
Reference: URL:http://www.securityfocus.com/bid/5562
Reference: BUGTRAQ:20020823 PHP: Bypass safe_mode and inject ASCII control chars with mail()
Reference: URL:http://marc.info/?l=bugtraq&m=103011916928204&w=2
Reference: BUGTRAQ:20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php)
Reference: URL:http://marc.info/?l=bugtraq&m=105760591228031&w=2
Reference: CALDERA:CSSA-2003-008.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-008.0.txt
Reference: CERT-VN:VU#410609
Reference: URL:http://www.kb.cert.org/vuls/id/410609
Reference: CONECTIVA:CLA-2002:545
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000545
Reference: DEBIAN:DSA-168
Reference: URL:http://www.debian.org/security/2002/dsa-168
Reference: MANDRAKE:MDKSA-2003:082
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:082
Reference: OSVDB:2160
Reference: URL:http://www.osvdb.org/2160
Reference: REDHAT:RHSA-2002:213
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-213.html
Reference: REDHAT:RHSA-2002:214
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-214.html
Reference: REDHAT:RHSA-2002:243
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-243.html
Reference: REDHAT:RHSA-2002:244
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-244.html
Reference: REDHAT:RHSA-2002:248
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-248.html
Reference: REDHAT:RHSA-2003:159
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-159.html
Reference: SUSE:SuSE-SA:2002:036
Reference: URL:http://www.novell.com/linux/security/advisories/2002_036_modphp4.html
Reference: XF:php-mail-ascii-injection(9959)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/9959

---

Name: CVE-2002-0987

Description:

X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1 does not drop privileges before calling programs such as xkbcomp using popen, which could allow local users to gain privileges.

Status:Entry
Reference: BID:5575
Reference: URL:http://www.securityfocus.com/bid/5575
Reference: CALDERA:CSSA-2002-SCO.38
Reference: URL:ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2002-SCO.38
Reference: OSVDB:5044
Reference: URL:http://www.osvdb.org/5044
Reference: XF:openunix-unixware-xsco-privileges(9976)
Reference: URL:http://www.iss.net/security_center/static/9976.php

---

Name: CVE-2002-0988

Description:

Buffer overflow in X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1, possibly related to XBM/xkbcomp capabilities.

Status:Entry
Reference: BID:5577
Reference: URL:http://www.securityfocus.com/bid/5577
Reference: CALDERA:CSSA-2002-SCO.38
Reference: URL:ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2002-SCO.38
Reference: XF:openunix-unixware-xsco-bo(9977)
Reference: URL:http://www.iss.net/security_center/static/9977.php

---

Name: CVE-2002-0989

Description:

The URL handler in the manual browser option for Gaim before 0.59.1 allows remote attackers to execute arbitrary script via shell metacharacters in a link.

Status:Entry
Reference: BID:5574
Reference: URL:http://www.securityfocus.com/bid/5574
Reference: BUGTRAQ:20020827 GLSA: gaim
Reference: URL:http://marc.info/?l=bugtraq&m=103046442403404&w=2
Reference: CONECTIVA:CLA-2002:521
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000521
Reference: CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=72728
Reference: CONFIRM:http://gaim.sourceforge.net/ChangeLog
Reference: DEBIAN:DSA-158
Reference: URL:http://www.debian.org/security/2002/dsa-158
Reference: FREEBSD:FreeBSD-SN-02:06
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SN-02:06.asc
Reference: HP:HPSBTL0209-067
Reference: URL:http://online.securityfocus.com/advisories/4471
Reference: MANDRAKE:MDKSA-2002:054
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2002:054
Reference: OSVDB:5033
Reference: URL:http://www.osvdb.org/5033
Reference: REDHAT:RHSA-2002:189
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-189.html
Reference: REDHAT:RHSA-2002:190
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-190.html
Reference: REDHAT:RHSA-2002:191
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-191.html
Reference: REDHAT:RHSA-2003:156
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-156.html
Reference: XF:gaim-url-handler-command-execution(9978)
Reference: URL:http://www.iss.net/security_center/static/9978.php

---

Name: CVE-2002-0990

Description:

The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 through 7.0, Raptor Firewall 6.5 and 6.5.3, VelociRaptor, and Symantec Gateway Security allow remote attackers to cause a denial of service (connection resource exhaustion) via multiple connection requests to domains whose DNS server is unresponsive or does not exist, which generates a long timeout.

Status:Entry
Reference: BID:5958
Reference: URL:http://www.securityfocus.com/bid/5958
Reference: BUGTRAQ:20021014 Multiple Symantec Firewall Secure Webserver timeout DoS
Reference: URL:http://marc.info/?l=bugtraq&m=103463869503124&w=2
Reference: CONFIRM:http://securityresponse.symantec.com/avcenter/security/Content/2002.10.11.html
Reference: XF:simple-webserver-url-dos(10364)
Reference: URL:http://www.iss.net/security_center/static/10364.php

---

Name: CVE-2002-0995

Description:

login.php for PHPAuction allows remote attackers to gain privileges via a direct call to login.php with the action parameter set to "insert," which adds the provided username to the adminUsers table.

Status:Entry
Reference: BID:5141
Reference: URL:http://www.securityfocus.com/bid/5141
Reference: BUGTRAQ:20020702 PHPAuction bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0014.html
Reference: CONFIRM:http://www.phpauction.org/viewnew.php?id=5
Reference: XF:phpauction-admin-account-creation(9462)
Reference: URL:http://www.iss.net/security_center/static/9462.php

---

Name: CVE-2002-1000

Description:

Buffer overflow in AnalogX SimpleServer:Shout 1.0 allows remote attackers to cause a denial of service and execute arbitrary code via a long request to TCP port 8001.

Status:Entry
Reference: BID:5104
Reference: URL:http://www.securityfocus.com/bid/5104
Reference: BUGTRAQ:20020626 Foundstone Advisory - Buffer Overflow in AnalogX SimpleServer:Shout (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0338.html
Reference: CONFIRM:http://www.analogx.com/contents/download/network/ssshout.htm
Reference: OSVDB:3782
Reference: URL:http://www.osvdb.org/3782
Reference: XF:analogx-simpleserver-shout-bo(9427)
Reference: URL:http://www.iss.net/security_center/static/9427.php

---

Name: CVE-2002-1002

Description:

Buffer overflow in Novell iManager (eMFrame 1.2.1) allows remote attackers to cause a denial of service (crash) via a long user name.

Status:Entry
Reference: BID:5117
Reference: URL:http://www.securityfocus.com/bid/5117
Reference: BUGTRAQ:20020627 Cluestick Advisory #001
Reference: URL:http://online.securityfocus.com/archive/1/279683
Reference: BUGTRAQ:20020812 NOVL-2002-2963081 - Novell iManager (eMFrame 1.2.1) DoS Attack
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0093.html
Reference: XF:netware-imanage-username-dos(9444)
Reference: URL:http://www.iss.net/security_center/static/9444.php

---

Name: CVE-2002-1004

Description:

Directory traversal vulnerability in webmail feature of ArGoSoft Mail Server Plus or Pro 1.8.1.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in a URL.

Status:Entry
Reference: BID:5144
Reference: URL:http://www.securityfocus.com/bid/5144
Reference: BUGTRAQ:20020703 Argosoft Mail Server Plus/Pro Webmail Reverse Directory Traversal
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0029.html
Reference: CONFIRM:http://www.argosoft.com/applications/mailserver/changelist.asp
Reference: XF:argosoft-dotdot-directory-traversal(9477)
Reference: URL:http://www.iss.net/security_center/static/9477.php

---

Name: CVE-2002-1006

Description:

Cross-site scripting (XSS) vulnerability in BBC Education Text to Speech Internet Enhancer (Betsie) 1.5.11 and earlier allows remote attackers to execute arbitrary web script via parserl.pl.

Status:Entry
Reference: BID:5135
Reference: URL:http://www.securityfocus.com/bid/5135
Reference: BUGTRAQ:20020701 PTL-2002-03 Betsie XSS Vuln
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0002.html
Reference: CONFIRM:http://www.bbc.co.uk/education/betsie/parser.pl.txt
Reference: XF:betsie-parserl-xss(9468)
Reference: URL:http://www.iss.net/security_center/static/9468.php

---

Name: CVE-2002-1013

Description:

Buffer overflow in traffic_manager for Inktomi Traffic Server 4.0.18 through 5.2.2, Traffic Edge 1.1.2 and 1.5.0, and Media-IXT 3.0.4 allows local users to gain root privileges via a long -path argument.

Status:Entry
Reference: BID:5098
Reference: URL:http://www.securityfocus.com/bid/5098
Reference: BUGTRAQ:20020702 CORE-20020620: Inktomi Traffic Server Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0023.html
Reference: CONFIRM:http://support.inktomi.com/kb/070202-003.html
Reference: XF:inktomi-trafficserver-manager-bo(9465)
Reference: URL:http://www.iss.net/security_center/static/9465.php

---

Name: CVE-2002-1014

Description:

Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary code via an RFS skin file whose skin.ini contains a long value in a CONTROLnImage argument, such as CONTROL1Image.

Status:Entry
Reference: BID:5217
Reference: URL:http://www.securityfocus.com/bid/5217
Reference: BUGTRAQ:20020712 [SPSadvisory#48]RealONE Player Gold / RealJukebox2 Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0127.html
Reference: CERT-VN:VU#843667
Reference: URL:http://www.kb.cert.org/vuls/id/843667
Reference: CONFIRM:http://service.real.com/help/faq/security/bufferoverrun07092002.html
Reference: XF:realplayer-rjs-controlnimage-bo(9538)
Reference: URL:http://www.iss.net/security_center/static/9538.php

---

Name: CVE-2002-1015

Description:

RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers.

Status:Entry
Reference: BID:5210
Reference: URL:http://www.securityfocus.com/bid/5210
Reference: BUGTRAQ:20020712 [SPSadvisory#47]RealONE Player Gold / RealJukebox2 skin file download vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0130.html
Reference: CERT-VN:VU#888547
Reference: URL:http://www.kb.cert.org/vuls/id/888547
Reference: CONFIRM:http://service.real.com/help/faq/security/bufferoverrun07092002.html
Reference: XF:realplayer-rjs-file-download(9539)
Reference: URL:http://www.iss.net/security_center/static/9539.php

---

Name: CVE-2002-1024

Description:

Cisco IOS 12.0 through 12.2, when supporting SSH, allows remote attackers to cause a denial of service (CPU consumption) via a large packet that was designed to exploit the SSH CRC32 attack detection overflow (CVE-2001-0144).

Status:Entry
Reference: BID:5114
Reference: URL:http://www.securityfocus.com/bid/5114
Reference: CERT-VN:VU#290140
Reference: URL:http://www.kb.cert.org/vuls/id/290140
Reference: CISCO:20020627 Scanning for SSH Can Cause a Crash
Reference: URL:http://www.cisco.com/warp/public/707/SSH-scanning.shtml
Reference: XF:cisco-ssh-scan-dos(9437)
Reference: URL:http://www.iss.net/security_center/static/9437.php

---

Name: CVE-2002-1025

Description:

JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed.

Status:Entry
Reference: BID:5134
Reference: URL:http://www.securityfocus.com/bid/5134
Reference: BUGTRAQ:20020701 KPMG-2002026: Jrun sourcecode Disclosure
Reference: URL:http://online.securityfocus.com/archive/1/280062
Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=23164
Reference: OSVDB:5028
Reference: URL:http://www.osvdb.org/5028
Reference: VULNWATCH:20020701 [VulnWatch] KPMG-2002026: Jrun sourcecode Disclosure
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q2/0138.html
Reference: XF:jrun-null-view-source(9459)
Reference: URL:http://www.iss.net/security_center/static/9459.php

---

Name: CVE-2002-1030

Description:

Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections.

Status:Entry
Reference: BID:5159
Reference: URL:http://www.securityfocus.com/bid/5159
Reference: BUGTRAQ:20020708 KPMG-2002029: Bea Weblogic Performance Pack Denial of Service
Reference: URL:http://online.securityfocus.com/archive/1/281046
Reference: CONFIRM:http://dev2dev.bea.com/resourcelibrary/advisoriesdetail.jsp?highlight=advisoriesnotifications&path=components%2Fdev2dev%2Fresourcelibrary%2Fadvisoriesnotifications%2Fadvisory_BEA02-19.htm
Reference: VULNWATCH:20020708 [VulnWatch] KPMG-2002029: Bea Weblogic Performance Pack Denial of Service
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0008.html
Reference: XF:weblogic-race-condition-dos(9486)
Reference: URL:http://www.iss.net/security_center/static/9486.php

---

Name: CVE-2002-1031

Description:

KeyFocus (KF) web server 1.0.2 allows remote attackers to list directories and read restricted files via an HTTP request containing a %00 (null) character.

Status:Entry
Reference: BID:5177
Reference: URL:http://www.securityfocus.com/bid/5177
Reference: BUGTRAQ:20020707 KF Web Server version 1.0.2 shows file and directory content
Reference: URL:http://online.securityfocus.com/archive/1/281102
Reference: CONFIRM:http://www.keyfocus.net/kfws/support/
Reference: VULNWATCH:20020707 [VulnWatch] KF Web Server version 1.0.2 shows file and directory content
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0007.html
Reference: XF:kfwebserver-null-view-dir(9500)
Reference: URL:http://www.iss.net/security_center/static/9500.php

---

Name: CVE-2002-1035

Description:

Omnicron OmniHTTPd 2.09 allows remote attackers to cause a denial of service (crash) via an HTTP request with a long, malformed HTTP 1version number.

Status:Entry
Reference: BID:5136
Reference: URL:http://www.securityfocus.com/bid/5136
Reference: BUGTRAQ:20020701 BufferOverflow in OmniHTTPd 2.09
Reference: URL:http://online.securityfocus.com/archive/1/280132
Reference: OSVDB:5000
Reference: URL:http://www.osvdb.org/5000
Reference: XF:omnihttpd-http-version-bo(9457)
Reference: URL:http://www.iss.net/security_center/static/9457.php

---

Name: CVE-2002-1039

Description:

Directory traversal vulnerability in Double Choco Latte (DCL) before 20020706 allows remote attackers to read arbitrary files via .. (dot dot) sequences when downloading files from the Projects: Attachments feature.

Status:Entry
Reference: BUGTRAQ:20020714 Double Choco Latte multiple vulnerabilities
Reference: URL:http://marc.info/?l=bugtraq&m=102668783632589&w=2
Reference: CONFIRM:http://dcl.sourceforge.net/index.php
Reference: VULNWATCH:20020714 [VulnWatch] Double Choco Latte multiple vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0022.html
Reference: XF:dcl-dotdot-directory-traversal(9743)
Reference: URL:http://www.iss.net/security_center/static/9743.php

---

Name: CVE-2002-1046

Description:

Dynamic VPN Configuration Protocol service (DVCP) in Watchguard Firebox firmware 5.x.x allows remote attackers to cause a denial of service (crash) via a malformed packet containing tab characters to TCP port 4110.

Status:Entry
Reference: BID:5186
Reference: URL:http://www.securityfocus.com/bid/5186
Reference: VULNWATCH:20020709 KPMG-2002030: Watchguard Firebox Dynamic VPN Configuration Protocol DoS
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0012.html
Reference: XF:firebox-dvcp-dos(9509)
Reference: URL:http://www.iss.net/security_center/static/9509.php

---

Name: CVE-2002-1049

Description:

Format string vulnerability in HylaFAX faxgetty before 4.1.3 allows remote attackers to cause a denial of service (crash) via the TSI data element.

Status:Entry
Reference: BID:5348
Reference: URL:http://www.securityfocus.com/bid/5348
Reference: BUGTRAQ:20020729 HylaFAX - Various Vulnerabilities Fixed
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0358.html
Reference: CONFIRM:http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=300
Reference: DEBIAN:DSA-148
Reference: URL:http://www.debian.org/security/2002/dsa-148
Reference: MANDRAKE:MDKSA-2002:055
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:055
Reference: OSVDB:5002
Reference: URL:http://www.osvdb.org/5002
Reference: SUSE:SuSE-SA:2002:035
Reference: URL:http://www.novell.com/linux/security/advisories/2002_035_hylafax.html
Reference: XF:hylafax-faxgetty-tsi-dos(9728)
Reference: URL:http://www.iss.net/security_center/static/9728.php

---

Name: CVE-2002-1050

Description:

Buffer overflow in HylaFAX faxgetty before 4.1.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long line of image data.

Status:Entry
Reference: BID:5349
Reference: URL:http://www.securityfocus.com/bid/5349
Reference: BUGTRAQ:20020729 HylaFAX - Various Vulnerabilities Fixed
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0358.html
Reference: CONFIRM:http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=312
Reference: DEBIAN:DSA-148
Reference: URL:http://www.debian.org/security/2002/dsa-148
Reference: MANDRAKE:MDKSA-2002:055
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:055
Reference: SUSE:SuSE-SA:2002:035
Reference: URL:http://www.novell.com/linux/security/advisories/2002_035_hylafax.html
Reference: XF:hylafax-faxgetty-image-bo(9729)
Reference: URL:http://www.iss.net/security_center/static/9729.php

---

Name: CVE-2002-1051

Description:

Format string vulnerability in TrACESroute 6.0 GOLD (aka NANOG traceroute) allows local users to execute arbitrary code via the -T (terminator) command line argument.

Status:Entry
Reference: BID:4956
Reference: URL:http://www.securityfocus.com/bid/4956
Reference: BUGTRAQ:20020606 Format String bug in TrACESroute 6.0 GOLD
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0040.html
Reference: BUGTRAQ:20020721 Nanog traceroute format string exploit.
Reference: URL:http://marc.info/?l=bugtraq&m=102737546927749&w=2
Reference: BUGTRAQ:20020723 Re: Nanog traceroute format string exploit.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0254.html
Reference: BUGTRAQ:20020724 Re: Nanog traceroute format string exploit.
Reference: URL:http://marc.info/?l=bugtraq&m=102753136231920&w=2
Reference: SUSE:SuSE-SA:2000:041
Reference: URL:http://www.novell.com/linux/security/advisories/2000_041_traceroute_txt.html
Reference: XF:tracesroute-t-format-string(9291)
Reference: URL:http://www.iss.net/security_center/static/9291.php

---

Name: CVE-2002-1053

Description:

Cross-site scripting (XSS) vulnerability in W3C Jigsaw Proxy Server before 2.2.1 allows remote attackers to execute arbitrary script via a URL that contains a reference to a nonexistent host followed by the script, which is included in the resulting error message.

Status:Entry
Reference: BID:5506
Reference: URL:http://www.securityfocus.com/bid/5506
Reference: BUGTRAQ:20020817 W3C Jigsaw Proxy Server: Cross-Site Scripting Vulnerability (REPOST)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0190.html
Reference: CONFIRM:http://www.w3.org/Jigsaw/RelNotes.html#2.2.1
Reference: OSVDB:4015
Reference: URL:http://www.osvdb.org/4015
Reference: XF:jigsaw-http-proxy-xss(9914)
Reference: URL:http://www.iss.net/security_center/static/9914.php

---

Name: CVE-2002-1054

Description:

Directory traversal vulnerability in Pablo FTP server 1.0 build 9 and earlier allows remote authenticated users to list arbitrary directories via "..\" (dot-dot backslash) sequences in a LIST command.

Status:Entry
Reference: BID:5283
Reference: URL:http://www.securityfocus.com/bid/5283
Reference: BUGTRAQ:20020722 Pablo Sofware Solutions FTP server Directory Traversal Vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/283665
Reference: CONFIRM:http://www.pablovandermeer.nl/ftpserversrc.zip
Reference: OSVDB:4995
Reference: URL:http://www.osvdb.org/4995
Reference: VULNWATCH:20020722 [VulnWatch] Pablo Sofware Solutions FTP server Directory Traversal Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0035.html
Reference: XF:pablo-ftp-directory-traversal(9647)
Reference: URL:http://www.iss.net/security_center/static/9647.php

---

Name: CVE-2002-1056

Description:

Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.

Status:Entry
Reference: BID:4397
Reference: URL:http://www.securityfocus.com/bid/4397
Reference: BUGTRAQ:20020331 More Office XP Problems
Reference: URL:http://marc.info/?l=bugtraq&m=101760380418890&w=2
Reference: BUGTRAQ:20020403 More Office XP problems (Version 2.0)
Reference: URL:http://online.securityfocus.com/archive/1/265621
Reference: MS:MS02-021
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-021
Reference: OVAL:oval:org.mitre.oval:def:205
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A205
Reference: OVAL:oval:org.mitre.oval:def:429
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A429
Reference: XF:outlook-object-execute-script(8708)
Reference: URL:http://www.iss.net/security_center/static/8708.php

---

Name: CVE-2002-1057

Description:

Buffer overflow in SmartMax MailMax POP3 daemon (popmax) 4.8 allows remote attackers to execute arbitrary code via a long USER command.

Status:Entry
Reference: BID:5285
Reference: URL:http://www.securityfocus.com/bid/5285
Reference: BUGTRAQ:20020723 MailMax security advisory/exploit/patch
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0245.html
Reference: XF:mailmax-pop3max-user-bo(9651)
Reference: URL:http://www.iss.net/security_center/static/9651.php

---

Name: CVE-2002-1059

Description:

Buffer overflow in Van Dyke SecureCRT SSH client before 3.4.6, and 4.x before 4.0 beta 3, allows an SSH server to execute arbitrary code via a long SSH1 protocol version string.

Status:Entry
Reference: BID:5287
Reference: URL:http://www.securityfocus.com/bid/5287
Reference: BUGTRAQ:20020723 Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta
Reference: URL:http://marc.info/?l=bugtraq&m=102744150718462&w=2
Reference: BUGTRAQ:20020723 Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT
Reference: URL:http://marc.info/?l=bugtraq&m=102746007908689&w=2
Reference: CONFIRM:http://www.vandyke.com/products/securecrt/security07-25-02.html
Reference: OSVDB:4991
Reference: URL:http://www.osvdb.org/4991
Reference: XF:securecrt-ssh1-identifier-bo(9650)
Reference: URL:http://www.iss.net/security_center/static/9650.php

---

Name: CVE-2002-1060

Description:

Cross-site scripting (XSS) vulnerability in Blue Coat Systems (formerly CacheFlow) CacheOS on Client Accelerator 4.1.06, Security Gateway 2.1.02, and Server Accelerator 4.1.06 allows remote attackers to inject arbitrary web script or HTML via a URL to a nonexistent hostname that includes the HTML, which is inserted into the resulting error page.

Status:Entry
Reference: BID:5305
Reference: URL:http://www.securityfocus.com/bid/5305
Reference: BID:5608
Reference: URL:http://www.securityfocus.com/bid/5608
Reference: BUGTRAQ:20020724 CacheFlow CacheOS Cross-site Scripting Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0283.html
Reference: BUGTRAQ:20020903 Re: CacheFlow CacheOS Cross-site Scripting Vulnerability
Reference: CONFIRM:http://download.cacheflow.com/release/CA/4.1.00-docs/CACacheOS41fixes.htm
Reference: XF:cacheos-unresolved-error-xss(9674)
Reference: URL:http://www.iss.net/security_center/static/9674.php

---

Name: CVE-2002-1076

Description:

Buffer overflow in the Web Messaging daemon for Ipswitch IMail before 7.12 allows remote attackers to execute arbitrary code via a long HTTP GET request for HTTP/1.0.

Status:Entry
Reference: BID:5323
Reference: URL:http://www.securityfocus.com/bid/5323
Reference: BUGTRAQ:20020725 IPSwitch IMail ADVISORY/EXPLOIT/PATCH
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0326.html
Reference: BUGTRAQ:20020729 Hoax Exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0363.html
Reference: BUGTRAQ:20020729 Re: Hoax Exploit (2c79cbe14ac7d0b8472d3f129fa1df55 RETURNS)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0368.html
Reference: CONFIRM:http://support.ipswitch.com/kb/IM-20020729-DM01.htm
Reference: CONFIRM:http://support.ipswitch.com/kb/IM-20020731-DM02.htm
Reference: XF:imail-web-messaging-bo(9679)
Reference: URL:http://www.iss.net/security_center/static/9679.php

---

Name: CVE-2002-1079

Description:

Directory traversal vulnerability in Abyss Web Server 1.0.3 allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in an HTTP GET request.

Status:Entry
Reference: BID:5547
Reference: URL:http://www.securityfocus.com/bid/5547
Reference: BUGTRAQ:20020822 Abyss 1.0.3 directory traversal and administration bugs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0229.html
Reference: CONFIRM:http://www.aprelium.com/news/patch1033.html
Reference: OSVDB:3285
Reference: URL:http://www.osvdb.org/3285
Reference: XF:abyss-get-directory-traversal(9941)
Reference: URL:http://www.iss.net/security_center/static/9941.php
Reference: XF:abyss-http-directory-traversal(9940)
Reference: URL:http://www.iss.net/security_center/static/9940.php

---

Name: CVE-2002-1081

Description:

The Administration console for Abyss Web Server 1.0.3 allows remote attackers to read files without providing login credentials via an HTTP request to a target file that ends in a "+" character.

Status:Entry
Reference: BID:5549
Reference: URL:http://www.securityfocus.com/bid/5549
Reference: BUGTRAQ:20020822 Abyss 1.0.3 directory traversal and administration bugs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0229.html
Reference: CONFIRM:http://www.aprelium.com/news/patch1033.html
Reference: OSVDB:3286
Reference: URL:http://www.osvdb.org/3286
Reference: XF:abyss-plus-file-disclosure(9956)
Reference: URL:http://www.iss.net/security_center/static/9956.php

---

Name: CVE-2002-1088

Description:

Buffer overflow in Novell GroupWise 6.0.1 Support Pack 1 allows remote attackers to execute arbitrary code via a long RCPT TO command.

Status:Entry
Reference: BID:5313
Reference: URL:http://www.securityfocus.com/bid/5313
Reference: BUGTRAQ:20020725 Novell GroupWise 6.0.1 Support Pack 1 Bufferoverflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0296.html
Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963273
Reference: XF:groupwise-rcpt-bo(9671)
Reference: URL:http://www.iss.net/security_center/static/9671.php

---

Name: CVE-2002-1091

Description:

Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.

Status:Entry
Reference: BID:5665
Reference: URL:http://www.securityfocus.com/bid/5665
Reference: BUGTRAQ:20020906 zero-width gif: exploit PoC for NS6.2.3 (fixed in 7.0) [Was: GIFs
Reference: URL:http://marc.info/?l=bugtraq&m=103134051120770&w=2
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=157989
Reference: MANDRAKE:MDKSA-2002:075
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075
Reference: MISC:http://crash.ihug.co.nz/~Sneuro/zerogif/
Reference: REDHAT:RHSA-2002:192
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-192.html
Reference: REDHAT:RHSA-2003:046
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-046.html
Reference: XF:netscape-zero-gif-bo(10058)
Reference: URL:http://www.iss.net/security_center/static/10058.php

---

Name: CVE-2002-1092

Description:

Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when configured to use internal authentication with group accounts and without any user accounts, allows remote VPN clients to log in using PPTP or IPSEC user authentication.

Status:Entry
Reference: BID:5613
Reference: URL:http://www.securityfocus.com/bid/5613
Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
Reference: XF:cisco-vpn-bypass-authentication(10017)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10017

---

Name: CVE-2002-1093

Description:

HTML interface for Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.0.3(B) allows remote attackers to cause a denial of service (CPU consumption) via a long URL request.

Status:Entry
Reference: BID:5615
Reference: URL:http://www.securityfocus.com/bid/5615
Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
Reference: XF:cisco-vpn-html-parser-dos(10018)
Reference: URL:http://www.iss.net/security_center/static/10018.php

---

Name: CVE-2002-1095

Description:

Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled, allows remote attackers to cause a denial of service (reload) via a Windows-based PPTP client with the "No Encryption" option set.

Status:Entry
Reference: BID:5625
Reference: URL:http://www.securityfocus.com/bid/5625
Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
Reference: XF:cisco-vpn-pptp-dos(10021)
Reference: URL:http://www.iss.net/security_center/static/10021.php

---

Name: CVE-2002-1096

Description:

Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.1, allows restricted administrators to obtain user passwords that are stored in plaintext in HTML source code.

Status:Entry
Reference: BID:5611
Reference: URL:http://www.securityfocus.com/bid/5611
Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
Reference: XF:cisco-vpn-user-passwords(10019)
Reference: URL:http://www.iss.net/security_center/static/10019.php

---

Name: CVE-2002-1097

Description:

Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.2, allows restricted administrators to obtain certificate passwords that are stored in plaintext in the HTML source code for Certificate Management pages.

Status:Entry
Reference: BID:5612
Reference: URL:http://www.securityfocus.com/bid/5612
Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
Reference: XF:cisco-vpn-certificate-passwords(10022)
Reference: URL:http://www.iss.net/security_center/static/10022.php

---

Name: CVE-2002-1098

Description:

Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTPS on Public Inbound (XML-Auto)(forward/in)" rule but sets the protocol to "ANY" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator.

Status:Entry
Reference: BID:5614
Reference: URL:http://www.securityfocus.com/bid/5614
Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
Reference: XF:cisco-vpn-xml-filter(10023)
Reference: URL:http://www.iss.net/security_center/static/10023.php

---

Name: CVE-2002-1099

Description:

Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to obtain potentially sensitive information without authentication by directly accessing certain HTML pages.

Status:Entry
Reference: BID:5616
Reference: URL:http://www.securityfocus.com/bid/5616
Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
Reference: XF:cisco-vpn-web-access(10024)
Reference: URL:http://www.iss.net/security_center/static/10024.php

---

Name: CVE-2002-1102

Description:

The LAN-to-LAN IPSEC capability for Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.4, allows remote attackers to cause a denial of service via an incoming LAN-to-LAN connection with an existing security association with another device on the remote network, which causes the concentrator to remove the previous connection.

Status:Entry
Reference: BID:5622
Reference: URL:http://www.securityfocus.com/bid/5622
Reference: CISCO:20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml
Reference: XF:cisco-vpn-lan-connection-dos(10027)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10027

---

Name: CVE-2002-1104

Description:

Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x before 3.0.5 allows remote attackers to cause a denial of service (crash) via TCP packets with source and destination ports of 137 (NETBIOS).

Status:Entry
Reference: BID:5649
Reference: URL:http://www.securityfocus.com/bid/5649
Reference: CISCO:20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set
Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml
Reference: XF:cisco-vpn-tcp-dos(10042)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10042

---

Name: CVE-2002-1105

Description:

Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, allows local users to use a utility program to obtain the group password.

Status:Entry
Reference: BID:5650
Reference: URL:http://www.securityfocus.com/bid/5650
Reference: CISCO:20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set
Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml
Reference: XF:cisco-vpn-obtain-password(10044)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10044

---

Name: CVE-2002-1106

Description:

Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks.

Status:Entry
Reference: BID:5652
Reference: URL:http://www.securityfocus.com/bid/5652
Reference: CISCO:20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set
Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml
Reference: XF:cisco-vpn-certificate-mitm(10045)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10045

---

Name: CVE-2002-1107

Description:

Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.2B, does not generate sufficiently random numbers, which may make it vulnerable to certain attacks such as spoofing.

Status:Entry
Reference: BID:5653
Reference: URL:http://www.securityfocus.com/bid/5653
Reference: CISCO:20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set
Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml
Reference: XF:cisco-vpn-random-numbers(10046)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10046

---

Name: CVE-2002-1108

Description:

Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.6(Rel), when configured with all tunnel mode, can be forced into acknowledging a TCP packet from outside the tunnel.

Status:Entry
Reference: BID:5651
Reference: URL:http://www.securityfocus.com/bid/5651
Reference: CISCO:20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set
Reference: URL:http://www.cisco.com/warp/public/707/vpnclient-multiple2-vuln-pub.shtml
Reference: XF:cisco-vpn-tcp-filter(10047)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10047

---

Name: CVE-2002-1109

Description:

securetar, as used in AMaViS shell script 0.2.1 and earlier, allows users to cause a denial of service (CPU consumption) via a malformed TAR file, possibly via an incorrect file size parameter.

Status:Entry
Reference: BUGTRAQ:20020905 GLSA: amavis
Reference: URL:http://marc.info/?l=bugtraq&m=103124270321404&w=2
Reference: CONFIRM:http://marc.info/?l=amavis-announce&m=103121272122242&w=2
Reference: XF:amavis-securetar-tar-dos(10056)
Reference: URL:http://www.iss.net/security_center/static/10056.php

---

Name: CVE-2002-1111

Description:

print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify the limit_reporters option, which allows remote attackers to view bug summaries for bugs that would otherwise be restricted.

Status:Entry
Reference: BID:5515
Reference: URL:http://www.securityfocus.com/bid/5515
Reference: BUGTRAQ:20020819 [Mantis Advisory/2002-02] Limiting output to reporters can be bypassed
Reference: URL:http://marc.info/?l=bugtraq&m=102978873620491&w=2
Reference: CONFIRM:http://mantisbt.sourceforge.net/advisories/2002/2002-02.txt
Reference: DEBIAN:DSA-153
Reference: URL:http://www.debian.org/security/2002/dsa-153
Reference: XF:mantis-limit-reporters-bypass(9898)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/9898

---

Name: CVE-2002-1112

Description:

Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by the "View Bugs" page.

Status:Entry
Reference: BID:5514
Reference: URL:http://www.securityfocus.com/bid/5514
Reference: BUGTRAQ:20020819 [Mantis Advisory/2002-03] Bug listings of private projects can be viewed through cookie manipulation
Reference: URL:http://marc.info/?l=bugtraq&m=102978673018271&w=2
Reference: CONFIRM:http://mantisbt.sourceforge.net/advisories/2002/2002-03.txt
Reference: DEBIAN:DSA-153
Reference: URL:http://www.debian.org/security/2002/dsa-153
Reference: XF:mantis-private-project-bug-listing(9899)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/9899

---

Name: CVE-2002-1113

Description:

summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the g_jpgraph_path parameter to reference the location of the PHP code.

Status:Entry
Reference: BID:5504
Reference: URL:http://www.securityfocus.com/bid/5504
Reference: BUGTRAQ:20020813 mantisbt security flaw
Reference: URL:http://marc.info/?l=bugtraq&m=102927873301965&w=2
Reference: BUGTRAQ:20020819 [Mantis Advisory/2002-04] Arbitrary code execution
Reference: URL:http://marc.info/?l=bugtraq&m=102978924821040&w=2
Reference: DEBIAN:DSA-153
Reference: URL:http://www.debian.org/security/2002/dsa-153
Reference: OSVDB:4858
Reference: URL:http://www.osvdb.org/4858
Reference: XF:mantis-include-remote-files(9829)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/9829

---

Name: CVE-2002-1116

Description:

The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and earlier includes summaries of private bugs for users that do not have access to any projects.

Status:Entry
Reference: BID:5565
Reference: URL:http://www.securityfocus.com/bid/5565
Reference: BUGTRAQ:20020823 [Mantis Advisory/2002-07] Bugs in private projects listed on 'View Bugs'
Reference: URL:http://marc.info/?l=bugtraq&m=103014152320112&w=2
Reference: DEBIAN:DSA-161
Reference: URL:http://www.debian.org/security/2002/dsa-161
Reference: XF:mantis-viewbugs-bug-listing(9955)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/9955

---

Name: CVE-2002-1117

Description:

Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.

Status:Entry
Reference: BUGTRAQ:20020906 UPDATE: (Was Veritas Backup Exec opens networks for NetBIOS based attacks?)
Reference: URL:http://marc.info/?l=bugtraq&m=103134930629683&w=2
Reference: BUGTRAQ:20020906 Veritas Backup Exec opens networks for NetBIOS based attacks?
Reference: URL:http://marc.info/?l=bugtraq&m=103134395124579&w=2
Reference: CONFIRM:http://seer.support.veritas.com/docs/238618.htm
Reference: OSVDB:8230
Reference: URL:http://www.osvdb.org/8230
Reference: OVAL:oval:org.mitre.oval:def:1036
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1036
Reference: XF:veritas-backupexec-restrictanonymous-zero(10093)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10093

---

Name: CVE-2002-1118

Description:

TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command.

Status:Entry
Reference: BID:5678
Reference: URL:http://www.securityfocus.com/bid/5678
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf
Reference: VULNWATCH:20021009 R7-0006: Oracle 8i/9i Listener SERVICE_CURLOAD Denial of Service
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0017.html
Reference: XF:oracle-net-services-dos(10283)
Reference: URL:http://www.iss.net/security_center/static/10283.php

---

Name: CVE-2002-1119

Description:

os._execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack.

Status:Entry
Reference: BID:5581
Reference: URL:http://www.securityfocus.com/bid/5581
Reference: BUGTRAQ:20030123 [OpenPKG-SA-2003.006] OpenPKG Security Advisory (python)
Reference: URL:http://marc.info/?l=bugtraq&m=104333092200589&w=2
Reference: CALDERA:CSSA-2002-045.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-045.0.txt
Reference: CONECTIVA:CLA-2002:527
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000527
Reference: DEBIAN:DSA-159
Reference: URL:http://www.debian.org/security/2002/dsa-159
Reference: MANDRAKE:MDKSA-2002:082
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-082.php
Reference: MISC:http://mail.python.org/pipermail/python-dev/2002-August/027229.html
Reference: REDHAT:RHSA-2002:202
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-202.html
Reference: REDHAT:RHSA-2003:048
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-048.html
Reference: XF:python-execvpe-tmpfile-symlink(10009)
Reference: URL:http://www.iss.net/security_center/static/10009.php

---

Name: CVE-2002-1122

Description:

Buffer overflow in the parsing mechanism for ISS Internet Scanner 6.2.1, when using the license banner HTTP check, allows remote attackers to execute arbitrary code via a long web server response.

Status:Entry
Reference: BID:5738
Reference: URL:http://www.securityfocus.com/bid/5738
Reference: ISS:20020918 Flaw in Internet Scanner Parsing Mechanism
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21165
Reference: OSVDB:3150
Reference: URL:http://www.osvdb.org/3150
Reference: VULNWATCH:20020918 Foundstone Research Labs Advisory - Remotely Exploitable Buffer Overflow in ISS Scanner
Reference: XF:is-http-response-bo(10130)
Reference: URL:http://www.iss.net/security_center/static/10130.php

---

Name: CVE-2002-1123

Description:

Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow.

Status:Entry
Reference: BID:5411
Reference: URL:http://www.securityfocus.com/bid/5411
Reference: BUGTRAQ:20020806 SPIKE 2.5 and associated vulns
Reference: URL:http://online.securityfocus.com/archive/1/286220
Reference: BUGTRAQ:20020807 MS SQL Server Hello Overflow NASL script
Reference: URL:http://marc.info/?l=bugtraq&m=102873609025020&w=2
Reference: CIAC:N-003
Reference: URL:http://www.ciac.org/ciac/bulletins/n-003.shtml
Reference: CISCO:Microsoft SQL Server 2000 Vulnerabilities in Cisco Products - MS02-061
Reference: MS:MS02-056
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056
Reference: XF:mssql-preauth-bo(9788)
Reference: URL:http://www.iss.net/security_center/static/9788.php

---

Name: CVE-2002-1126

Description:

Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler.

Status:Entry
Reference: BID:5694
Reference: URL:http://www.securityfocus.com/bid/5694
Reference: BUGTRAQ:20020911 Privacy leak in mozilla
Reference: URL:http://marc.info/?l=bugtraq&m=103176760004720&w=2
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=145579
Reference: MANDRAKE:MDKSA-2002:075
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:075
Reference: REDHAT:RHSA-2002:192
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-192.html
Reference: REDHAT:RHSA-2003:046
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-046.html
Reference: XF:mozilla-onunload-url-leak(10084)
Reference: URL:http://www.iss.net/security_center/static/10084.php

---

Name: CVE-2002-1132

Description:

SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script.

Status:Entry
Reference: BID:5949
Reference: URL:http://www.securityfocus.com/bid/5949
Reference: BUGTRAQ:20020919 Squirrel Mail 1.2.7 XSS Exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0246.html
Reference: DEBIAN:DSA-191
Reference: URL:http://www.debian.org/security/2002/dsa-191
Reference: REDHAT:RHSA-2002:204
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-204.html
Reference: XF:squirrelmail-options-path-disclosure(10345)
Reference: URL:http://www.iss.net/security_center/static/10345.php

---

Name: CVE-2002-1135

Description:

modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier, allows remote attackers to execute arbitrary PHP source code via an inc_prefix parameter that points to the malicious code.

Status:Entry
Reference: BID:5779
Reference: URL:http://www.securityfocus.com/bid/5779
Reference: BUGTRAQ:20020922 PHP source injection in phpWebSite
Reference: URL:http://marc.info/?l=bugtraq&m=103279980906880&w=2
Reference: CONFIRM:http://phpwebsite.appstate.edu/article.php?sid=400
Reference: OSVDB:3848
Reference: URL:http://www.osvdb.org/3848
Reference: XF:phpwebsite-modsecurity-file-include(10164)
Reference: URL:http://www.iss.net/security_center/static/10164.php

---

Name: CVE-2002-1137

Description:

Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.

Status:Entry
Reference: BID:5877
Reference: URL:http://www.securityfocus.com/bid/5877
Reference: CIAC:N-003
Reference: URL:http://www.ciac.org/ciac/bulletins/n-003.shtml
Reference: CISCO:20030203 Microsoft SQL Server 2000 Vulnerabilities in Cisco Products - MS02-061
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20030126-ms02-061.shtml
Reference: MISC:http://www.scan-associates.net/papers/foxpro.txt
Reference: MS:MS02-056
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056
Reference: XF:mssql-dbcc-bo-variant(10255)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10255

---

Name: CVE-2002-1138

Description:

Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."

Status:Entry
Reference: CIAC:N-003
Reference: URL:http://www.ciac.org/ciac/bulletins/n-003.shtml
Reference: MS:MS02-056
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-056
Reference: XF:mssql-agent-create-files(10257)
Reference: URL:http://www.iss.net/security_center/static/10257.php

---

Name: CVE-2002-1139

Description:

The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka "Incorrect Target Path for Zipped File Decompression."

Status:Entry
Reference: BID:5876
Reference: URL:http://www.securityfocus.com/bid/5876
Reference: MS:MS02-054
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-054
Reference: XF:win-zip-incorrect-path(10252)
Reference: URL:http://www.iss.net/security_center/static/10252.php

---

Name: CVE-2002-1140

Description:

The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service."

Status:Entry
Reference: BID:5879
Reference: URL:http://www.securityfocus.com/bid/5879
Reference: MS:MS02-057
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-057
Reference: XF:sfu-rpc-parameter-bo(10258)
Reference: URL:http://www.iss.net/security_center/static/10258.php

---

Name: CVE-2002-1141

Description:

An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request."

Status:Entry
Reference: BID:5880
Reference: URL:http://www.securityfocus.com/bid/5880
Reference: MS:MS02-057
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-057
Reference: XF:sfu-invalid-rpc-dos(10259)
Reference: URL:http://www.iss.net/security_center/static/10259.php

---

Name: CVE-2002-1142

Description:

Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.

Status:Entry
Reference: BID:6214
Reference: URL:http://www.securityfocus.com/bid/6214
Reference: CERT:CA-2002-33
Reference: URL:http://www.cert.org/advisories/CA-2002-33.html
Reference: CERT-VN:VU#542081
Reference: URL:http://www.kb.cert.org/vuls/id/542081
Reference: MISC:http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337
Reference: MS:MS02-065
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-065
Reference: OVAL:oval:org.mitre.oval:def:2730
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2730
Reference: OVAL:oval:org.mitre.oval:def:294
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A294
Reference: OVAL:oval:org.mitre.oval:def:3573
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3573
Reference: VULNWATCH:20021120 Foundstone Advisory
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0082.html
Reference: XF:mdac-rds-client-bo(10669)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10669
Reference: XF:mdac-rds-server-bo(10659)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10659

---

Name: CVE-2002-1146

Description:

The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash).

Status:Entry
Reference: CERT-VN:VU#738331
Reference: URL:http://www.kb.cert.org/vuls/id/738331
Reference: CONECTIVA:CLA-2002:535
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000535
Reference: FREEBSD:FreeBSD-SA-02:42
Reference: MANDRAKE:MDKSA-2004:009
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:009
Reference: NETBSD:NetBSD-SA2002-015
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-015.txt.asc
Reference: REDHAT:RHSA-2002:197
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-197.html
Reference: REDHAT:RHSA-2002:258
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-258.html
Reference: REDHAT:RHSA-2003:022
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-022.html
Reference: REDHAT:RHSA-2003:212
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-212.html
Reference: XF:dns-resolver-lib-read-bo(10295)
Reference: URL:http://www.iss.net/security_center/static/10295.php

---

Name: CVE-2002-1147

Description:

The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, which allows remote attackers to cause a denial of service via a direct request to the device_reset CGI program.

Status:Entry
Reference: BID:5784
Reference: URL:http://www.securityfocus.com/bid/5784
Reference: BUGTRAQ:20020924 HP Procurve 4000M Stacked Switch HTTP Reset Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=103287951910420&w=2
Reference: HP:HPSBUX0209-219
Reference: URL:http://online.securityfocus.com/advisories/4501
Reference: MISC:http://www.tech-serve.com/research/advisories/2002/a092302-1.txt
Reference: XF:hp-procurve-http-reset-dos(10172)
Reference: URL:http://www.iss.net/security_center/static/10172.php

---

Name: CVE-2002-1148

Description:

The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.

Status:Entry
Reference: BID:5786
Reference: URL:http://www.securityfocus.com/bid/5786
Reference: BUGTRAQ:20020924 JSP source code exposure in Tomcat 4.x
Reference: URL:http://marc.info/?l=bugtraq&m=103288242014253&w=2
Reference: DEBIAN:DSA-170
Reference: URL:http://www.debian.org/security/2002/dsa-170
Reference: HP:HPSBUX0212-229
Reference: URL:http://online.securityfocus.com/advisories/4758
Reference: MLIST:[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
Reference: URL:https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
Reference: MLIST:[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
Reference: URL:https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
Reference: MLIST:[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/
Reference: URL:https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
Reference: REDHAT:RHSA-2002:217
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-217.html
Reference: REDHAT:RHSA-2002:218
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-218.html
Reference: XF:tomcat-servlet-source-code(10175)
Reference: URL:http://www.iss.net/security_center/static/10175.php

---

Name: CVE-2002-1151

Description:

The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains.

Status:Entry
Reference: BID:5689
Reference: URL:http://www.securityfocus.com/bid/5689
Reference: BUGTRAQ:20020910 KDE Security Advisory: Konqueror Cross Site Scripting Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=103175850925395&w=2
Reference: CALDERA:CSSA-2002-047.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-047.0.txt
Reference: CONECTIVA:CLA-2002:525
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000525
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20020908-2.txt
Reference: DEBIAN:DSA-167
Reference: URL:http://www.debian.org/security/2002/dsa-167
Reference: MANDRAKE:MDKSA-2002:064
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-064.php
Reference: OSVDB:7867
Reference: URL:http://www.osvdb.org/7867
Reference: REDHAT:RHSA-2002:220
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-220.html
Reference: REDHAT:RHSA-2002:221
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-221.html
Reference: XF:ie-sameoriginpolicy-bypass(10039)
Reference: URL:http://www.iss.net/security_center/static/10039.php

---

Name: CVE-2002-1152

Description:

Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing.

Status:Entry
Reference: BID:5691
Reference: URL:http://www.securityfocus.com/bid/5691
Reference: BUGTRAQ:20020910 KDE Security Advisory: Secure Cookie Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=103175827225044&w=2
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20020908-1.txt
Reference: REDHAT:RHSA-2002:220
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-220.html
Reference: XF:kde-konqueror-cookie-hijacking(10083)
Reference: URL:http://www.iss.net/security_center/static/10083.php

---

Name: CVE-2002-1153

Description:

IBM Websphere 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with long HTTP headers, such as "Host".

Status:Entry
Reference: BID:5749
Reference: URL:http://www.securityfocus.com/bid/5749
Reference: BUGTRAQ:20020919 KPMG-2002035: IBM Websphere Large Header DoS
Reference: URL:http://marc.info/?l=bugtraq&m=103244572803950&w=2
Reference: CONFIRM:ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/pq62144/readme.txt
Reference: OSVDB:2092
Reference: URL:http://www.osvdb.org/2092
Reference: XF:websphere-host-header-bo(10140)
Reference: URL:http://www.iss.net/security_center/static/10140.php

---

Name: CVE-2002-1154

Description:

anlgform.pl in Analog before 5.23 does not restrict access to the PROGRESSFREQ progress update command, which allows remote attackers to cause a denial of service (disk consumption) by using the command to report updates more frequently and fill the web server error log.

Status:Entry
Reference: CONFIRM:http://www.analog.cx/security5.html
Reference: OSVDB:3779
Reference: URL:http://www.osvdb.org/3779
Reference: REDHAT:RHSA-2002:059
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-059.html
Reference: XF:analog-anlgform-dos(10344)
Reference: URL:http://www.iss.net/security_center/static/10344.php

---

Name: CVE-2002-1156

Description:

Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.

Status:Entry
Reference: BID:6065
Reference: URL:http://www.securityfocus.com/bid/6065
Reference: CERT-VN:VU#910713
Reference: URL:http://www.kb.cert.org/vuls/id/910713
Reference: CONFIRM:http://www.apache.org/dist/httpd/CHANGES_2.0
Reference: CONFIRM:http://www.apacheweek.com/issues/02-10-04
Reference: HP:HPSBUX0210-224
Reference: URL:http://online.securityfocus.com/advisories/4617
Reference: MLIST:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
Reference: URL:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
Reference: URL:https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
Reference: URL:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
Reference: URL:https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
Reference: XF:apache-webdav-cgi-source(10499)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10499

---

Name: CVE-2002-1157

Description:

Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.

Status:Entry
Reference: BID:6029
Reference: URL:http://www.securityfocus.com/bid/6029
Reference: BUGTRAQ:20021023 [OpenPKG-SA-2002.010] OpenPKG Security Advisory (apache)
Reference: URL:http://online.securityfocus.com/archive/1/296753
Reference: BUGTRAQ:20021026 GLSA: mod_ssl
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0374.html
Reference: CONECTIVA:CLA-2002:541
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000541
Reference: DEBIAN:DSA-181
Reference: URL:http://www.debian.org/security/2002/dsa-181
Reference: ENGARDE:ESA-20021029-027
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2512.html
Reference: MANDRAKE:MDKSA-2002:072
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-072.php
Reference: OSVDB:2107
Reference: URL:http://www.osvdb.org/2107
Reference: REDHAT:RHSA-2002:222
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-222.html
Reference: REDHAT:RHSA-2002:243
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-243.html
Reference: REDHAT:RHSA-2002:244
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-244.html
Reference: REDHAT:RHSA-2002:248
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-248.html
Reference: REDHAT:RHSA-2002:251
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-251.html
Reference: REDHAT:RHSA-2003:106
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-106.html
Reference: XF:apache-modssl-host-xss(10457)
Reference: URL:http://www.iss.net/security_center/static/10457.php

---

Name: CVE-2002-1158

Description:

Buffer overflow in the irw_through function for Canna 3.5b2 and earlier allows local users to execute arbitrary code as the bin user.

Status:Entry
Reference: BID:6351
Reference: URL:http://www.securityfocus.com/bid/6351
Reference: BUGTRAQ:20021220 GLSA: canna
Reference: URL:http://marc.info/?l=bugtraq&m=104041812206344&w=2
Reference: CONFIRM:http://canna.sourceforge.jp/sec/Canna-2002-01.txt
Reference: DEBIAN:DSA-224
Reference: URL:http://www.debian.org/security/2003/dsa-224
Reference: REDHAT:RHSA-2002:246
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-246.html
Reference: REDHAT:RHSA-2002:261
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-261.html
Reference: REDHAT:RHSA-2003:115
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-115.html
Reference: SCO:CSSA-2003-005.0
Reference: XF:canna-irwthrough-bo(10831)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10831

---

Name: CVE-2002-1159

Description:

Canna 3.6 and earlier does not properly validate requests, which allows remote attackers to cause a denial of service or information leak.

Status:Entry
Reference: BID:6354
Reference: URL:http://www.securityfocus.com/bid/6354
Reference: CONFIRM:http://canna.sourceforge.jp/sec/Canna-2002-01.txt
Reference: DEBIAN:DSA-224
Reference: URL:http://www.debian.org/security/2003/dsa-224
Reference: REDHAT:RHSA-2002:246
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-246.html
Reference: REDHAT:RHSA-2002:261
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-261.html
Reference: REDHAT:RHSA-2003:115
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-115.html
Reference: SCO:CSSA-2003-005.0
Reference: XF:canna-improper-request-validation(10832)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10832

---

Name: CVE-2002-1160

Description:

The default configuration of the pam_xauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original user's credentials after root uses su.

Status:Entry
Reference: BID:6753
Reference: URL:http://www.securityfocus.com/bid/6753
Reference: BUGTRAQ:20021214 BDT_AV200212140001: Insecure default: Using pam_xauth for su from sh-utils package
Reference: URL:http://marc.info/?l=bugtraq&m=104431622818954&w=2
Reference: CERT-VN:VU#911505
Reference: URL:http://www.kb.cert.org/vuls/id/911505
Reference: CONECTIVA:CLA-2003:693
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000693
Reference: MANDRAKE:MDKSA-2003:017
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:017
Reference: REDHAT:RHSA-2003:028
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-028.html
Reference: REDHAT:RHSA-2003:035
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-035.html
Reference: SUNALERT:55760
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55760
Reference: XF:linux-pamxauth-gain-privileges(11254)
Reference: URL:http://www.iss.net/security_center/static/11254.php

---

Name: CVE-2002-1169

Description:

IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash.

Status:Entry
Reference: AIXAPAR:IY35970
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY35970&apar=only
Reference: BID:6002
Reference: URL:http://www.securityfocus.com/bid/6002
Reference: MISC:http://www.rapid7.com/advisories/R7-0007.txt
Reference: OSVDB:2090
Reference: URL:http://www.osvdb.org/2090
Reference: VULNWATCH:20021023 R7-0007: IBM WebSphere Edge Server Caching Proxy Denial of Service
Reference: XF:ibm-wte-helpout-dos(10452)
Reference: URL:http://www.iss.net/security_center/static/10452.php

---

Name: CVE-2002-1170

Description:

The handle_var_requests function in snmp_agent.c for the SNMP daemon in the Net-SNMP (formerly ucd-snmp) package 5.0.1 through 5.0.5 allows remote attackers to cause a denial of service (crash) via a NULL dereference.

Status:Entry
Reference: BID:5862
Reference: URL:http://www.securityfocus.com/bid/5862
Reference: BUGTRAQ:20021002 iDEFENSE Security Advisory 10.02.2002: Net-SNMP DoS Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=103359362020365&w=2
Reference: BUGTRAQ:20021014 GLSA: net-snmp
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=216532
Reference: MISC:http://www.idefense.com/advisory/10.02.02.txt
Reference: REDHAT:RHSA-2002:228
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-228.html
Reference: XF:netsnmp-handlevarrequests-dos(10250)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10250

---

Name: CVE-2002-1178

Description:

Directory traversal vulnerability in the CGIServlet for Jetty HTTP server before 4.1.0 allows remote attackers to execute arbitrary commands via ..\ (dot-dot backslash) sequences in an HTTP request to the cgi-bin directory.

Status:Entry
Reference: BID:5852
Reference: URL:http://www.securityfocus.com/bid/5852
Reference: BUGTRAQ:20021002 wp-02-0011: Jetty CGIServlet Arbitrary Command Execution
Reference: URL:http://marc.info/?l=bugtraq&m=103358725813039&w=2
Reference: CONFIRM:http://groups.yahoo.com/group/jetty-announce/message/45
Reference: MISC:http://www.westpoint.ltd.uk/advisories/wp-02-0011.txt
Reference: VULNWATCH:20021002 wp-02-0011: Jetty CGIServlet Arbitrary Command Execution
Reference: XF:jetty-cgiservlet-directory-traversal(10246)
Reference: URL:http://www.iss.net/security_center/static/10246.php

---

Name: CVE-2002-1179

Description:

Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long "From" address, which triggers the overflow when the user views or previews the message.

Status:Entry
Reference: BID:5944
Reference: URL:http://www.securityfocus.com/bid/5944
Reference: BUGTRAQ:20021010 Outlook Express Remote Code Execution in Preview Pane (S/MIME)
Reference: URL:http://marc.info/?l=bugtraq&m=103435413105661&w=2
Reference: MS:MS02-058
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-058
Reference: NTBUGTRAQ:20021010 Outlook Express Remote Code Execution in Preview Pane (S/MIME)
Reference: URL:http://marc.info/?l=ntbugtraq&m=103429637822920&w=2
Reference: NTBUGTRAQ:20021010 Re: Problems applying MS02-058
Reference: URL:http://marc.info/?l=ntbugtraq&m=103429681123297&w=2
Reference: XF:outlook-smime-bo(10338)
Reference: URL:http://www.iss.net/security_center/static/10338.php

---

Name: CVE-2002-1180

Description:

A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability."

Status:Entry
Reference: BID:6068
Reference: URL:http://www.securityfocus.com/bid/6068
Reference: BID:6071
Reference: URL:http://www.securityfocus.com/bid/6071
Reference: CIAC:N-011
Reference: URL:http://www.ciac.org/ciac/bulletins/n-011.shtml
Reference: MS:MS02-062
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062
Reference: OVAL:oval:org.mitre.oval:def:931
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A931
Reference: XF:iis-script-source-access-bypass(10504)
Reference: URL:http://www.iss.net/security_center/static/10504.php

---

Name: CVE-2002-1182

Description:

IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned.

Status:Entry
Reference: BID:4846
Reference: URL:http://www.securityfocus.com/bid/4846
Reference: BID:6068
Reference: URL:http://www.securityfocus.com/bid/6068
Reference: BID:6070
Reference: URL:http://www.securityfocus.com/bid/6070
Reference: CIAC:N-011
Reference: URL:http://www.ciac.org/ciac/bulletins/n-011.shtml
Reference: MISC:http://www.nextgenss.com/advisories/ms-iisdos.txt
Reference: MISC:http://www.nextgenss.com/vna/ms-iisdos.txt
Reference: MS:MS02-062
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-062
Reference: OVAL:oval:org.mitre.oval:def:1009
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1009
Reference: OVAL:oval:org.mitre.oval:def:1011
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1011
Reference: VULNWATCH:20021031 Microsoft Internet Information Server 5/5.1 Denial of Service (#NISR31102002)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0048.html
Reference: XF:iis-resource-utilization-dos(10184)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10184
Reference: XF:iis-webdav-memory-allocation-dos(10503)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10503

---

Name: CVE-2002-1183

Description:

Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862).

Status:Entry
Reference: BID:5410
Reference: URL:http://www.securityfocus.com/bid/5410
Reference: MS:MS02-050
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-050
Reference: OVAL:oval:org.mitre.oval:def:1059
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1059
Reference: OVAL:oval:org.mitre.oval:def:1455
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1455
Reference: OVAL:oval:org.mitre.oval:def:2108
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2108
Reference: XF:ssl-ca-certificate-spoofing(9776)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/9776

---

Name: CVE-2002-1184

Description:

The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs.

Status:Entry
Reference: BID:5415
Reference: URL:http://www.securityfocus.com/bid/5415
Reference: MS:MS02-064
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-064
Reference: XF:win2k-partition-weak-permissions(9779)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/9779

---

Name: CVE-2002-1185

Description:

Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure."

Status:Entry
Reference: BID:6216
Reference: URL:http://www.securityfocus.com/bid/6216
Reference: BUGTRAQ:20021212 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=103970996205091&w=2
Reference: EEYE:AD20021211
Reference: URL:http://www.eeye.com/html/Research/Advisories/AD20021211.html
Reference: MS:MS02-066
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066
Reference: OVAL:oval:org.mitre.oval:def:393
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A393
Reference: OVAL:oval:org.mitre.oval:def:542
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A542
Reference: VULNWATCH:20021211 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0105.html
Reference: XF:ie-png-bo(10662)
Reference: URL:http://www.iss.net/security_center/static/10662.php

---

Name: CVE-2002-1186

Description:

Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure."

Status:Entry
Reference: BID:5610
Reference: URL:http://www.securityfocus.com/bid/5610
Reference: BUGTRAQ:20020903 MSIEv6 % encoding causes a problem again
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0018.html
Reference: BUGTRAQ:20020904 Re: MSIEv6 % encoding causes a problem again
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0030.html
Reference: MS:MS02-066
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066
Reference: OSVDB:7845
Reference: URL:http://www.osvdb.org/7845
Reference: OVAL:oval:org.mitre.oval:def:143
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A143
Reference: OVAL:oval:org.mitre.oval:def:471
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A471
Reference: OVAL:oval:org.mitre.oval:def:495
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A495
Reference: XF:ie-sameoriginpolicy-bypass(10039)
Reference: URL:http://www.iss.net/security_center/static/10039.php

---

Name: CVE-2002-1187

Description:

Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource.

Status:Entry
Reference: BID:5672
Reference: URL:http://www.securityfocus.com/bid/5672
Reference: BUGTRAQ:20020909 Who framed Internet Explorer (GM#010-IE)
Reference: URL:http://marc.info/?l=bugtraq&m=103158601431054&w=2
Reference: MS:MS02-066
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066
Reference: OSVDB:2998
Reference: URL:http://www.osvdb.org/2998
Reference: OVAL:oval:org.mitre.oval:def:203
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A203
Reference: OVAL:oval:org.mitre.oval:def:225
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A225
Reference: XF:ie-frame-script-execution (10066)
Reference: URL:http://www.iss.net/security_center/static/10066.php

---

Name: CVE-2002-1188

Description:

Internet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security checks, aka "Temporary Internet Files folders Name Reading."

Status:Entry
Reference: BID:6217
Reference: URL:http://www.securityfocus.com/bid/6217
Reference: BUGTRAQ:20020912 LEVERAGING CROSS-PROTOCOL SCRIPTING IN MSIE
Reference: URL:http://marc.info/?l=bugtraq&m=103184415307193&w=2
Reference: CIAC:N-018
Reference: URL:http://www.ciac.org/ciac/bulletins/n-018.shtml
Reference: MS:MS02-066
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-066
Reference: OVAL:oval:org.mitre.oval:def:444
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A444
Reference: OVAL:oval:org.mitre.oval:def:690
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A690
Reference: XF:ie-object-read-tif(10665)
Reference: URL:http://www.iss.net/security_center/static/10665.php

---

Name: CVE-2002-1189

Description:

The default configuration of Cisco Unity 2.x and 3.x does not block international operator calls in the predefined restriction tables, which could allow authenticated users to place international calls using call forwarding.

Status:Entry
Reference: BID:5896
Reference: URL:http://www.securityfocus.com/bid/5896
Reference: CISCO:20021004 Predefined Restriction Tables Allow Calls to International Operator
Reference: URL:http://www.cisco.com/warp/public/707/toll-fraud-pub.shtml
Reference: XF:cisco-unity-insecure-configuration(10282)
Reference: URL:http://www.iss.net/security_center/static/10282.php

---

Name: CVE-2002-1193

Description:

tkmail before 4.0beta9-8.1 allows local users to create or overwrite files as users via a symlink attack on temporary files.

Status:Entry
Reference: BID:5911
Reference: URL:http://www.securityfocus.com/bid/5911
Reference: DEBIAN:DSA-172
Reference: URL:http://www.debian.org/security/2002/dsa-172
Reference: XF:tkmail-tmp-file-symlink(10307)
Reference: URL:http://www.iss.net/security_center/static/10307.php

---

Name: CVE-2002-1195

Description:

Cross-site scripting vulnerability (XSS) in the PHP interface for ht://Check 1.1 allows remote web servers to insert arbitrary HTML, including script, via a web page.

Status:Entry
Reference: BID:5699
Reference: URL:http://www.securityfocus.com/bid/5699
Reference: BUGTRAQ:20020912 ht://Check XSS
Reference: URL:http://marc.info/?l=bugtraq&m=103184269605160&w=2
Reference: DEBIAN:DSA-169
Reference: URL:http://www.debian.org/security/2002/dsa-169
Reference: XF:htcheck-server-header-xss(10089)
Reference: URL:http://www.iss.net/security_center/static/10089.php

---

Name: CVE-2002-1196

Description:

editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits.

Status:Entry
Reference: BID:5843
Reference: URL:http://www.securityfocus.com/bid/5843
Reference: BUGTRAQ:20021001 [BUGZILLA] Security Advisory
Reference: URL:http://marc.info/?l=bugtraq&m=103349804226566&w=2
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=167485#c12
Reference: DEBIAN:DSA-173
Reference: URL:http://www.debian.org/security/2002/dsa-173
Reference: XF:bugzilla-usebuggroups-permissions-leak(10233)
Reference: URL:http://www.iss.net/security_center/static/10233.php

---

Name: CVE-2002-1197

Description:

bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, allows remote attackers to execute arbitrary code via shell metacharacters in a system call to processmail.

Status:Entry
Reference: BID:5844
Reference: URL:http://www.securityfocus.com/bid/5844
Reference: BUGTRAQ:20021001 [BUGZILLA] Security Advisory
Reference: URL:http://marc.info/?l=bugtraq&m=103349804226566&w=2
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=163024
Reference: XF:bugzilla-emailappend-command-injection(10234)
Reference: URL:http://www.iss.net/security_center/static/10234.php

---

Name: CVE-2002-1198

Description:

Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes from an email address during account creation, which allows remote attackers to execute arbitrary SQL via a SQL injection attack.

Status:Entry
Reference: BID:5842
Reference: URL:http://www.securityfocus.com/bid/5842
Reference: BUGTRAQ:20021001 [BUGZILLA] Security Advisory
Reference: URL:http://marc.info/?l=bugtraq&m=103349804226566&w=2
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=165221
Reference: XF:bugzilla-email-sql-injection(10235)
Reference: URL:http://www.iss.net/security_center/static/10235.php

---

Name: CVE-2002-1199

Description:

The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments.

Status:Entry
Reference: BID:5937
Reference: URL:http://www.securityfocus.com/bid/5937
Reference: BUGTRAQ:20021010 Multiple vendor ypxfrd map handling vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=103426842025029&w=2
Reference: CALDERA:CSSA-2002-SCO.40
Reference: URL:ftp://ftp.caldera.com/pub/updates/OpenServer/CSSA-2002-SCO.40
Reference: CERT-VN:VU#538033
Reference: URL:http://www.kb.cert.org/vuls/id/538033
Reference: COMPAQ:SSRT2339
Reference: OVAL:oval:org.mitre.oval:def:2423
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2423
Reference: SUNALERT:47903
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/47903
Reference: XF:ypxfrd-file-disclosure(10329)
Reference: URL:http://www.iss.net/security_center/static/10329.php

---

Name: CVE-2002-1200

Description:

Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.

Status:Entry
Reference: BID:5934
Reference: URL:http://www.securityfocus.com/bid/5934
Reference: BUGTRAQ:20021010 syslog-ng buffer overflow
Reference: URL:http://marc.info/?l=bugtraq&m=103426595021928&w=2
Reference: CONECTIVA:CLA-2002:547
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000547
Reference: CONFIRM:http://www.balabit.hu/static/zsa/ZSA-2002-014-en.txt
Reference: DEBIAN:DSA-175
Reference: URL:http://www.debian.org/security/2002/dsa-175
Reference: ENGARDE:ESA-20021016-025
Reference: ENGARDE:ESA-20021029-028
Reference: URL:http://www.linuxsecurity.com/advisories/other_advisory-2513.html
Reference: SUSE:SuSE-SA:2002:039
Reference: URL:http://www.novell.com/linux/security/advisories/2002_039_syslog_ng.html
Reference: XF:syslogng-macro-expansion-bo(10339)
Reference: URL:http://www.iss.net/security_center/static/10339.php

---

Name: CVE-2002-1211

Description:

Prometheus 6.0 and earlier allows remote attackers to execute arbitrary PHP code via a modified PROMETHEUS_LIBRARY_BASE that points to code stored on a remote server, which is then used in (1) index.php, (2) install.php, or (3) various test_*.php scripts.

Status:Entry
Reference: BID:6087
Reference: URL:http://www.securityfocus.com/bid/6087
Reference: BUGTRAQ:20021101 iDEFENSE Security Advisory 10.31.02b: Prometheus Application Framework Code Injection
Reference: URL:http://marc.info/?l=bugtraq&m=103616306403031&w=2
Reference: MISC:http://www.idefense.com/advisory/10.31.02b.txt
Reference: VULNWATCH:20021101 iDEFENSE Security Advisory 10.31.02b: Prometheus Application Framework Code Injection
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0050.html
Reference: XF:prometheus-php-file-include(10515)
Reference: URL:http://www.iss.net/security_center/static/10515.php

---

Name: CVE-2002-1214

Description:

Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.

Status:Entry
Reference: BID:5807
Reference: URL:http://www.securityfocus.com/bid/5807
Reference: BUGTRAQ:20020926 Microsoft PPTP Server and Client remote vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/293146
Reference: MS:MS02-063
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-063
Reference: XF:win-pptp-packet-bo (10199)
Reference: URL:http://www.iss.net/security_center/static/10199.php

---

Name: CVE-2002-1219

Description:

Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR).

Status:Entry
Reference: APPLE:2002-11-21
Reference: URL:http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html
Reference: BID:6160
Reference: URL:http://www.securityfocus.com/bid/6160
Reference: BUGTRAQ:20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8]
Reference: URL:http://marc.info/?l=bugtraq&m=103713117612842&w=2
Reference: BUGTRAQ:20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)
Reference: URL:http://online.securityfocus.com/archive/1/300019
Reference: BUGTRAQ:20021118 TSLSA-2002-0076 - bind
Reference: URL:http://marc.info/?l=bugtraq&m=103763574715133&w=2
Reference: CALDERA:CSSA-2003-SCO.2
Reference: CERT:CA-2002-31
Reference: URL:http://www.cert.org/advisories/CA-2002-31.html
Reference: CERT-VN:VU#852283
Reference: URL:http://www.kb.cert.org/vuls/id/852283
Reference: CIAC:N-013
Reference: URL:http://www.ciac.org/ciac/bulletins/n-013.shtml
Reference: COMPAQ:SSRT2408
Reference: URL:http://online.securityfocus.com/advisories/4999
Reference: CONECTIVA:CLA-2002:546
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000546
Reference: CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F48818
Reference: CONFIRM:http://www.isc.org/products/BIND/bind-security.html
Reference: DEBIAN:DSA-196
Reference: URL:http://www.debian.org/security/2002/dsa-196
Reference: ENGARDE:ESA-20021114-029
Reference: FREEBSD:FreeBSD-SA-02:43
Reference: ISS:20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469
Reference: MANDRAKE:MDKSA-2002:077
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php
Reference: OVAL:oval:org.mitre.oval:def:2539
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2539
Reference: SGI:20021201-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021201-01-P
Reference: SUSE:SuSE-SA:2002:044
Reference: XF:bind-sig-rr-bo(10304)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10304

---

Name: CVE-2002-1220

Description:

BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size.

Status:Entry
Reference: APPLE:2002-11-21
Reference: URL:http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html
Reference: BID:6161
Reference: URL:http://www.securityfocus.com/bid/6161
Reference: BUGTRAQ:20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8]
Reference: URL:http://marc.info/?l=bugtraq&m=103713117612842&w=2
Reference: BUGTRAQ:20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)
Reference: URL:http://online.securityfocus.com/archive/1/300019
Reference: BUGTRAQ:20021118 TSLSA-2002-0076 - bind
Reference: URL:http://marc.info/?l=bugtraq&m=103763574715133&w=2
Reference: CALDERA:CSSA-2003-SCO.2
Reference: CERT:CA-2002-31
Reference: URL:http://www.cert.org/advisories/CA-2002-31.html
Reference: CERT-VN:VU#229595
Reference: URL:http://www.kb.cert.org/vuls/id/229595
Reference: CIAC:N-013
Reference: URL:http://www.ciac.org/ciac/bulletins/n-013.shtml
Reference: COMPAQ:SSRT2408
Reference: URL:http://online.securityfocus.com/advisories/4999
Reference: CONFIRM:http://www.isc.org/products/BIND/bind-security.html
Reference: DEBIAN:DSA-196
Reference: URL:http://www.debian.org/security/2002/dsa-196
Reference: ENGARDE:ESA-20021114-029
Reference: FREEBSD:FreeBSD-SA-02:43
Reference: ISS:20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469
Reference: MANDRAKE:MDKSA-2002:077
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php
Reference: OVAL:oval:org.mitre.oval:def:449
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A449
Reference: SUSE:SuSE-SA:2002:044
Reference: XF:bind-opt-rr-dos(10332)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10332

---

Name: CVE-2002-1221

Description:

BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference.

Status:Entry
Reference: APPLE:2002-11-21
Reference: URL:http://lists.apple.com/archives/Security-announce/2002/Nov/msg00000.html
Reference: BID:6159
Reference: URL:http://www.securityfocus.com/bid/6159
Reference: BUGTRAQ:20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8]
Reference: URL:http://marc.info/?l=bugtraq&m=103713117612842&w=2
Reference: BUGTRAQ:20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)
Reference: URL:http://online.securityfocus.com/archive/1/300019
Reference: BUGTRAQ:20021118 TSLSA-2002-0076 - bind
Reference: URL:http://marc.info/?l=bugtraq&m=103763574715133&w=2
Reference: CALDERA:CSSA-2003-SCO.2
Reference: CERT:CA-2002-31
Reference: URL:http://www.cert.org/advisories/CA-2002-31.html
Reference: CERT-VN:VU#581682
Reference: URL:http://www.kb.cert.org/vuls/id/581682
Reference: CIAC:N-013
Reference: URL:http://www.ciac.org/ciac/bulletins/n-013.shtml
Reference: COMPAQ:SSRT2408
Reference: URL:http://online.securityfocus.com/advisories/4999
Reference: CONECTIVA:CLA-2002:546
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000546
Reference: CONFIRM:http://www.isc.org/products/BIND/bind-security.html
Reference: DEBIAN:DSA-196
Reference: URL:http://www.debian.org/security/2002/dsa-196
Reference: ENGARDE:ESA-20021114-029
Reference: FREEBSD:FreeBSD-SA-02:43
Reference: ISS:20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21469
Reference: MANDRAKE:MDKSA-2002:077
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-077.php
Reference: OVAL:oval:org.mitre.oval:def:2094
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2094
Reference: SUSE:SuSE-SA:2002:044
Reference: XF:bind-null-dereference-dos(10333)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10333

---

Name: CVE-2002-1222

Description:

Buffer overflow in the embedded HTTP server for Cisco Catalyst switches running CatOS 5.4 through 7.3 allows remote attackers to cause a denial of service (reset) via a long HTTP request.

Status:Entry
Reference: BID:5976
Reference: URL:http://www.securityfocus.com/bid/5976
Reference: CISCO:20021016 Cisco CatOS Embedded HTTP Server Buffer Overflow
Reference: URL:http://www.cisco.com/warp/public/707/catos-http-overflow-vuln.shtml
Reference: XF:cisco-catalyst-ciscoview-bo(10382)
Reference: URL:http://www.iss.net/security_center/static/10382.php

---

Name: CVE-2002-1223

Description:

Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScript) input file.

Status:Entry
Reference: BUGTRAQ:20021009 KDE Security Advisory: KGhostview Arbitary Code Execution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0163.html
Reference: CIAC:N-155
Reference: URL:http://www.ciac.org/ciac/bulletins/n-155.shtml
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20021008-1.txt
Reference: MANDRAKE:MDKSA-2002:071
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:071
Reference: REDHAT:RHSA-2002:220
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-220.html
Reference: SUNALERT:101426
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101426-1
Reference: XF:gsview-dsc-ps-bo(11319)
Reference: URL:http://www.iss.net/security_center/static/11319.php

---

Name: CVE-2002-1224

Description:

Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE 3.0.3a allows remote attackers to read arbitrary files as the kpf user via a URL with a modified icon parameter.

Status:Entry
Reference: BID:5951
Reference: URL:http://www.securityfocus.com/bid/5951
Reference: BUGTRAQ:20021009 KDE Security Advisory: kpf Directory traversal
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0164.html
Reference: BUGTRAQ:20021011 Security hole in kpf - KDE personal fileserver.
Reference: URL:http://online.securityfocus.com/archive/1/294991
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20021008-2.txt
Reference: REDHAT:RHSA-2002:220
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-220.html
Reference: XF:kpf-icon-view-files(10347)
Reference: URL:http://www.iss.net/security_center/static/10347.php

---

Name: CVE-2002-1227

Description:

PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as disabled users.

Status:Entry
Reference: BID:5994
Reference: URL:http://www.securityfocus.com/bid/5994
Reference: DEBIAN:DSA-177
Reference: URL:http://www.debian.org/security/2002/dsa-177
Reference: XF:pam-disabled-bypass-authentication(10405)
Reference: URL:http://www.iss.net/security_center/static/10405.php

---

Name: CVE-2002-1230

Description:

NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation."

Status:Entry
Reference: BID:5927
Reference: URL:http://www.securityfocus.com/bid/5927
Reference: CIAC:N-027
Reference: URL:http://www.ciac.org/ciac/bulletins/n-027.shtml
Reference: MISC:http://getad.chat.ru/
Reference: MISC:http://www.packetstormsecurity.nl/filedesc/GetAd.c.html
Reference: MS:MS02-071
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-071
Reference: OVAL:oval:org.mitre.oval:def:681
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A681
Reference: XF:win-netdde-gain-privileges(10343)
Reference: URL:http://www.iss.net/security_center/static/10343.php

---

Name: CVE-2002-1231

Description:

SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a denial of service via an rcp call on /proc.

Status:Entry
Reference: BID:6025
Reference: URL:http://www.securityfocus.com/bid/6025
Reference: CALDERA:CSSA-2002-SCO.41
Reference: URL:ftp://ftp.sco.com/pub/updates/OpenUNIX/CSSA-2002-SCO.41
Reference: XF:openunix-unixware-rcp-dos(10425)
Reference: URL:http://www.iss.net/security_center/static/10425.php

---

Name: CVE-2002-1232

Description:

Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.

Status:Entry
Reference: BID:6016
Reference: URL:http://www.securityfocus.com/bid/6016
Reference: BUGTRAQ:20021028 GLSA: ypserv
Reference: URL:http://marc.info/?l=bugtraq&m=103582692228894&w=2
Reference: CALDERA:CSSA-2002-054.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-054.0.txt
Reference: CONECTIVA:CLA-2002:539
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000539
Reference: DEBIAN:DSA-180
Reference: URL:http://www.debian.org/security/2002/dsa-180
Reference: HP:HPSBTL0210-074
Reference: URL:http://online.securityfocus.com/advisories/4605
Reference: MANDRAKE:MDKSA-2002:078
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-078.php
Reference: REDHAT:RHSA-2002:223
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-223.html
Reference: REDHAT:RHSA-2002:224
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-224.html
Reference: REDHAT:RHSA-2003:229
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-229.html
Reference: XF:ypserv-map-memory-leak(10423)
Reference: URL:http://www.iss.net/security_center/static/10423.php

---

Name: CVE-2002-1236

Description:

The remote management web server for Linksys BEFSR41 EtherFast Cable/DSL Router before firmware 1.42.7 allows remote attackers to cause a denial of service (crash) via an HTTP request to Gozila.cgi without any arguments.

Status:Entry
Reference: BID:6086
Reference: URL:http://www.securityfocus.com/bid/6086
Reference: BUGTRAQ:20021101 iDEFENSE Security Advisory 10.31.02a: Denial of Service Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router
Reference: URL:http://marc.info/?l=bugtraq&m=103616324103171&w=2
Reference: MISC:http://www.idefense.com/advisory/10.31.02a.txt
Reference: VULNWATCH:20021101 iDEFENSE Security Advisory 10.31.02a: Denial of Service Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0049.html
Reference: XF:linksys-etherfast-gozila-dos(10514)
Reference: URL:http://www.iss.net/security_center/static/10514.php

---

Name: CVE-2002-1239

Description:

QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and execute the cp program while operating at raised privileges, which allows local users to gain privileges by modifying the PATH to point to a malicious cp program.

Status:Entry
Reference: BID:6146
Reference: URL:http://www.securityfocus.com/bid/6146
Reference: BUGTRAQ:20021108 iDEFENSE Security Advisory 11.08.02b: Non-Explicit Path Vulnerability in QNX Neutrino RTOS
Reference: URL:http://marc.info/?l=bugtraq&m=103679043232178&w=2
Reference: MISC:http://www.idefense.com/advisory/11.08.02b.txt
Reference: VULNWATCH:20021108 iDEFENSE Security Advisory 11.08.02b: Non-Explicit Path Vulnerability in QNX Neutrino RTOS
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0066.html
Reference: XF:qnx-rtos-gain-privileges(10564)
Reference: URL:http://www.iss.net/security_center/static/10564.php

---

Name: CVE-2002-1242

Description:

SQL injection vulnerability in PHP-Nuke before 6.0 allows remote authenticated users to modify the database and gain privileges via the "bio" argument to modules.php.

Status:Entry
Reference: BID:6088
Reference: URL:http://www.securityfocus.com/bid/6088
Reference: BUGTRAQ:20021101 iDEFENSE Security Advisory 10.31.02c: PHP-Nuke SQL Injection Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=103616324103171&w=2
Reference: MISC:http://www.idefense.com/advisory/10.31.02c.txt
Reference: OSVDB:6244
Reference: URL:http://www.osvdb.org/6244
Reference: VULNWATCH:20021101 iDEFENSE Security Advisory 10.31.02c: PHP-Nuke SQL Injection Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0051.html
Reference: XF:phpnuke-accountmanager-sql-injection(10516)
Reference: URL:http://www.iss.net/security_center/static/10516.php

---

Name: CVE-2002-1244

Description:

Format string vulnerability in Pablo FTP Server 1.5, 1.3, and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format strings in the USER command.

Status:Entry
Reference: BID:6099
Reference: URL:http://www.securityfocus.com/bid/6099
Reference: BUGTRAQ:20021104 iDEFENSE Security Advisory 11.04.02a: Pablo FTP Server DoS Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=103642642802889&w=2
Reference: CONFIRM:http://www.pablovandermeer.nl/ftpserver.zip
Reference: OSVDB:4996
Reference: URL:http://www.osvdb.org/4996
Reference: VULNWATCH:20021104 iDEFENSE Security Advisory 11.04.02a: Pablo FTP Server DoS Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0057.html
Reference: XF:pablo-ftp-username-dos(10532)
Reference: URL:http://www.iss.net/security_center/static/10532.php

---

Name: CVE-2002-1245

Description:

Maped in LuxMan 0.41 uses the user-provided search path to find and execute the gzip program, which allows local users to modify /dev/mem and gain privileges via a modified PATH environment variable that points to a Trojan horse gzip program.

Status:Entry
Reference: BID:6113
Reference: URL:http://www.securityfocus.com/bid/6113
Reference: BUGTRAQ:20021106 iDEFENSE Security Advisory 11.06.02: Non-Explicit Path Vulnerability in LuxMan
Reference: URL:http://marc.info/?l=bugtraq&m=103660334009855&w=2
Reference: DEBIAN:DSA-189
Reference: URL:http://www.debian.org/security/2002/dsa-189
Reference: MISC:http://www.idefense.com/advisory/11.06.02.txt
Reference: VULNWATCH:20021106 iDEFENSE Security Advisory 11.06.02: Non-Explicit Path Vulnerability in LuxMan
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0062.html
Reference: XF:luxman-maped-read-memory(10549)
Reference: URL:http://www.iss.net/security_center/static/10549.php

---

Name: CVE-2002-1248

Description:

Northern Solutions Xeneo Web Server 2.1.0.0, 2.0.759.6, and other versions before 2.1.5 allows remote attackers to cause a denial of service (crash) via a GET request for a "%" URI.

Status:Entry
Reference: BID:6098
Reference: URL:http://www.securityfocus.com/bid/6098
Reference: BUGTRAQ:20021104 iDEFENSE Security Advisory 11.04.02b: Denial of Service Vulnerability in Xeneo Web Server
Reference: URL:http://marc.info/?l=bugtraq&m=103642597302308&w=2
Reference: MISC:http://www.idefense.com/advisory/11.04.02b.txt
Reference: XF:xeneo-php-dos(10534)
Reference: URL:http://www.iss.net/security_center/static/10534.php

---

Name: CVE-2002-1250

Description:

Buffer overflow in Abuse 2.00 and earlier allows local users to gain root privileges via a long -net command line argument.

Status:Entry
Reference: BID:6094
Reference: URL:http://www.securityfocus.com/bid/6094
Reference: MISC:http://www.idefense.com/advisory/11.01.02.txt
Reference: VULNWATCH:20021101 iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0055.html
Reference: XF:abuse-net-command-bo(10519)
Reference: URL:http://www.iss.net/security_center/static/10519.php

---

Name: CVE-2002-1251

Description:

Buffer overflow in log2mail before 0.2.5.1 allows remote attackers to execute arbitrary code via a long log message.

Status:Entry
Reference: BID:6089
Reference: URL:http://www.securityfocus.com/bid/6089
Reference: DEBIAN:DSA-186
Reference: URL:http://www.debian.org/security/2002/dsa-186
Reference: XF:log2mail-log-file-bo(10527)
Reference: URL:http://www.iss.net/security_center/static/10527.php

---

Name: CVE-2002-1252

Description:

The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities (XXE) fields in an HTTP POST request that is processed by the SimpleFileHandler handler.

Status:Entry
Reference: BID:6647
Reference: URL:http://www.securityfocus.com/bid/6647
Reference: ISS:20030120 PeopleSoft XML External Entities Vulnerability
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21811
Reference: XF:peoplesoft-xxe-read-files(10520)
Reference: URL:http://www.iss.net/security_center/static/10520.php

---

Name: CVE-2002-1253

Description:

Abuse 2.00 and earlier allows local users to gain privileges via command line arguments that specify alternate Lisp scripts that run at escalated privileges, which can contain functions that execute commands or modify files.

Status:Entry
Reference: MISC:http://www.idefense.com/advisory/11.01.02.txt
Reference: VULNWATCH:20021101 iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0055.html
Reference: XF:abuse-lisp-gain-privileges(11300)
Reference: URL:http://www.iss.net/security_center/static/11300.php

---

Name: CVE-2002-1255

Description:

Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail."

Status:Entry
Reference: BID:6319
Reference: URL:http://www.securityfocus.com/bid/6319
Reference: MS:MS02-067
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-067
Reference: XF:outlook-email-header-dos(10763)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10763

---

Name: CVE-2002-1256

Description:

The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller.

Status:Entry
Reference: BID:6367
Reference: URL:http://www.securityfocus.com/bid/6367
Reference: MS:MS02-070
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-070
Reference: OVAL:oval:org.mitre.oval:def:277
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A277
Reference: XF:win-smb-policy-modification(10843)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10843

---

Name: CVE-2002-1257

Description:

Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM (Component Object Model) objects in a web site or an HTML mail.

Status:Entry
Reference: BID:6371
Reference: URL:http://www.securityfocus.com/bid/6371
Reference: MS:MS02-069
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-069

---

Name: CVE-2002-1260

Description:

The Java Database Connectivity (JDBC) APIs in Microsoft Virtual Machine (VM) 5.0.3805 and earlier allow remote attackers to bypass security checks and access database contents via an untrusted Java applet.

Status:Entry
Reference: BID:6379
Reference: URL:http://www.securityfocus.com/bid/6379
Reference: CIAC:N-026
Reference: URL:http://www.ciac.org/ciac/bulletins/n-026.shtml
Reference: MS:MS02-069
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-069
Reference: XF:msvm-jdbc-gain-access(10833)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10833

---

Name: CVE-2002-1264

Description:

Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a long USERID parameter in the isqlplus URL.

Status:Entry
Reference: BID:6085
Reference: URL:http://www.securityfocus.com/bid/6085
Reference: BUGTRAQ:20021104 Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002)
Reference: URL:http://marc.info/?l=bugtraq&m=103643298712284&w=2
Reference: CONFIRM:http://technet.oracle.com/deploy/security/pdf/2002alert46rev1.pdf
Reference: OSVDB:4013
Reference: URL:http://www.osvdb.org/4013
Reference: VULNWATCH:20021104 Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0060.html
Reference: XF:oracle-isqlplus-userid-bo(10524)
Reference: URL:http://www.iss.net/security_center/static/10524.php

---

Name: CVE-2002-1265

Description:

The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang).

Status:Entry
Reference: BID:6103
Reference: URL:http://www.securityfocus.com/bid/6103
Reference: CERT-VN:VU#266817
Reference: URL:http://www.kb.cert.org/vuls/id/266817
Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html
Reference: HP:HPSBUX01020
Reference: URL:http://www-1.ibm.com/services/continuity/recover1.nsf/mss/MSS-OAR-E01-2004.0800.1
Reference: OVAL:oval:org.mitre.oval:def:2248
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2248
Reference: SGI:20021103-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021103-01-P
Reference: SUNALERT:51082
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/51082
Reference: XF:sun-rpc-libc-dos(10539)
Reference: URL:http://www.iss.net/security_center/static/10539.php

---

Name: CVE-2002-1266

Description:

Mac OS X 10.2.2 allows local users to gain privileges by mounting a disk image file that was created on another system, aka "Local User Privilege Elevation via Disk Image File."

Status:Entry
Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html
Reference: OSVDB:7057
Reference: URL:http://www.osvdb.org/7057
Reference: XF:macos-disk-image-privileges(10818)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10818

---

Name: CVE-2002-1267

Description:

Mac OS X 10.2.2 allows remote attackers to cause a denial of service by accessing the CUPS Printing Web Administration utility, aka "CUPS Printing Web Administration is Remotely Accessible."

Status:Entry
Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html
Reference: OSVDB:7058
Reference: URL:http://www.osvdb.org/7058
Reference: XF:macos-cups-dos(10824)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10824

---

Name: CVE-2002-1268

Description:

Mac OS X 10.2.2 allows local users to gain privileges via a mounted ISO 9600 CD, aka "User Privilege Elevation via Mounting an ISO 9600 CD."

Status:Entry
Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html
Reference: OSVDB:7059
Reference: URL:http://www.osvdb.org/7059
Reference: XF:macos-iso9600-gain-privileges(10828)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10828

---

Name: CVE-2002-1270

Description:

Mac OS X 10.2.2 allows local users to read files that only allow write access via the map_fd() Mach system call.

Status:Entry
Reference: CONFIRM:http://www.info.apple.com/usen/security/security_updates.html
Reference: OSVDB:7060
Reference: URL:http://www.osvdb.org/7060
Reference: XF:macos-mach-read-files(10829)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10829

---

Name: CVE-2002-1271

Description:

The Mail::Mailer Perl module in the perl-MailTools package 1.47 and earlier uses mailx as the default mailer, which allows remote attackers to execute arbitrary commands by inserting them into the mail body, which is then processed by mailx.

Status:Entry
Reference: BID:6104
Reference: URL:http://www.securityfocus.com/bid/6104
Reference: BUGTRAQ:20021106 GLSA: MailTools
Reference: URL:http://marc.info/?l=bugtraq&m=103659723101369&w=2
Reference: BUGTRAQ:20021108 [Security Announce] Re: MDKSA-2002:076 - perl-MailTools update
Reference: URL:http://marc.info/?l=bugtraq&m=103679569705086&w=2
Reference: DEBIAN:DSA-386
Reference: URL:http://www.debian.org/security/2003/dsa-386
Reference: MANDRAKE:MDKSA-2002:076
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-076.php
Reference: SUSE:SuSE-SA:2002:041
Reference: URL:http://www.novell.com/linux/security/advisories/2002_041_perl_mailtools.html
Reference: XF:mail-mailer-command-execution(10548)
Reference: URL:http://www.iss.net/security_center/static/10548.php

---

Name: CVE-2002-1272

Description:

Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges.

Status:Entry
Reference: BID:6220
Reference: URL:http://www.securityfocus.com/bid/6220
Reference: CERT:CA-2002-32
Reference: URL:http://www.cert.org/advisories/CA-2002-32.html
Reference: CERT-VN:VU#181721
Reference: URL:http://www.kb.cert.org/vuls/id/181721
Reference: XF:alcatel-omniswitch-backdoor(10664)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10664

---

Name: CVE-2002-1277

Description:

Buffer overflow in Window Maker (wmaker) 0.80.0 and earlier may allow remote attackers to execute arbitrary code via a certain image file that is not properly handled when Window Maker uses width and height information to allocate a buffer.

Status:Entry
Reference: BID:6119
Reference: URL:http://www.securityfocus.com/bid/6119
Reference: CONECTIVA:CLA-2002:548
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000548
Reference: DEBIAN:DSA-190
Reference: URL:http://www.debian.org/security/2002/dsa-190
Reference: MANDRAKE:MDKSA-2002:085
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-085.php
Reference: REDHAT:RHSA-2003:009
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-009.html
Reference: REDHAT:RHSA-2003:043
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-043.html
Reference: XF:window-maker-image-bo(10560)
Reference: URL:http://www.iss.net/security_center/static/10560.php

---

Name: CVE-2002-1278

Description:

The mailconf module in Linuxconf 1.24, and other versions before 1.28, on Conectiva Linux 6.0 through 8, and possibly other distributions, generates the Sendmail configuration file (sendmail.cf) in a way that configures Sendmail to run as an open mail relay, which allows remote attackers to send Spam email.

Status:Entry
Reference: BID:6118
Reference: URL:http://www.securityfocus.com/bid/6118
Reference: CONECTIVA:CLA-2002:544
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000544
Reference: OSVDB:6066
Reference: URL:http://www.osvdb.org/6066
Reference: XF:linuxconf-sendmail-mail-relay(10554)
Reference: URL:http://www.iss.net/security_center/static/10554.php

---

Name: CVE-2002-1284

Description:

The wizard in KGPG 0.6 through 0.8.2 does not properly provide the passphrase to gpg when creating new keys, which causes secret keys to be created with an empty passphrase and allows local attackers to steal the keys if they can be read.

Status:Entry
Reference: BID:6152
Reference: URL:http://www.securityfocus.com/bid/6152
Reference: BUGTRAQ:20021110 GLSA: kgpg
Reference: URL:http://marc.info/?l=bugtraq&m=103702926611286&w=2
Reference: CONFIRM:http://devel-home.kde.org/~kgpg/bug.html
Reference: XF:kgpg-wizard-empty-password(10629)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10629

---

Name: CVE-2002-1296

Description:

Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via ".." sequences in the pc_clname field of a pcinfo_t structure, which cause priocntl to load a malicious kernel module.

Status:Entry
Reference: BID:6262
Reference: URL:http://www.securityfocus.com/bid/6262
Reference: BUGTRAQ:20021127 Solaris priocntl exploit
Reference: URL:http://marc.info/?l=bugtraq&m=103842619803173&w=2
Reference: CERT-VN:VU#683673
Reference: URL:http://www.kb.cert.org/vuls/id/683673
Reference: CONFIRM:http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert/49131
Reference: OVAL:oval:org.mitre.oval:def:3637
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3637
Reference: XF:solaris-priocntl-pcclname-modules(10717)
Reference: URL:http://www.iss.net/security_center/static/10717.php

---

Name: CVE-2002-1307

Description:

Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier allows remote attackers to insert script or HTML via an email message with the script in a MIME header name.

Status:Entry
Reference: BID:6204
Reference: URL:http://www.securityfocus.com/bid/6204
Reference: CONFIRM:http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users&i=200210211713.g9LHDXE02256@mcguire.earlhood.com
Reference: DEBIAN:DSA-199
Reference: URL:http://www.debian.org/security/2002/dsa-199
Reference: OSVDB:7353
Reference: URL:http://www.osvdb.org/7353
Reference: XF:mhonarc-mime-header-xss(10666)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10666

---

Name: CVE-2002-1308

Description:

Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.

Status:Entry
Reference: BID:6185
Reference: URL:http://www.securityfocus.com/bid/6185
Reference: BUGTRAQ:20021114 Netscape/Mozilla: Exploitable heap corruption via jar: URI handler.
Reference: URL:http://marc.info/?l=bugtraq&m=103730181813075&w=2
Reference: MISC:http://bugzilla.mozilla.org/show_bug.cgi?id=157646
Reference: REDHAT:RHSA-2003:162
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-162.html
Reference: REDHAT:RHSA-2003:163
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-163.html
Reference: XF:mozilla-netscape-jar-bo(10636)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10636

---

Name: CVE-2002-1311

Description:

Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.

Status:Entry
Reference: BID:6189
Reference: URL:http://www.securityfocus.com/bid/6189
Reference: BUGTRAQ:20021119 GLSA: courier
Reference: URL:http://marc.info/?l=bugtraq&m=103794021013436&w=2
Reference: DEBIAN:DSA-197
Reference: URL:http://www.debian.org/security/2002/dsa-197
Reference: XF:courier-mta-insecure-permissions(10643)
Reference: URL:http://www.iss.net/security_center/static/10643.php

---

Name: CVE-2002-1313

Description:

nullmailer 1.00RC5 and earlier allows local users to cause a denial of service via an email to a local user that does not exist, which generates an error that causes nullmailer to stop sending mail to all users.

Status:Entry
Reference: BID:6193
Reference: URL:http://www.securityfocus.com/bid/6193
Reference: DEBIAN:DSA-198
Reference: URL:http://www.debian.org/security/2002/dsa-198
Reference: XF:nullmailer-nonexistent-user-dos(10649)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10649

---

Name: CVE-2002-1317

Description:

Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.

Status:Entry
Reference: BID:6241
Reference: URL:http://www.securityfocus.com/bid/6241
Reference: BUGTRAQ:20021125 ISS Security Brief: Solaris fs.auto Remote Compromise Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=103825150527843&w=2
Reference: CERT:CA-2002-34
Reference: URL:http://www.cert.org/advisories/CA-2002-34.html
Reference: CERT-VN:VU#312313
Reference: URL:http://www.kb.cert.org/vuls/id/312313
Reference: CIAC:N-024
Reference: URL:http://www.ciac.org/ciac/bulletins/n-024.shtml
Reference: CONFIRM:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879
Reference: HP:HPSBUX0212-228
Reference: URL:http://www.securityfocus.com/advisories/4988
Reference: ISS:20021125 Solaris fs.auto Remote Compromise Vulnerability
Reference: URL:http://bvlive01.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21541
Reference: OVAL:oval:org.mitre.oval:def:149
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A149
Reference: OVAL:oval:org.mitre.oval:def:152
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A152
Reference: OVAL:oval:org.mitre.oval:def:2816
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2816
Reference: SGI:20021202-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021202-01-I
Reference: XF:solaris-fsauto-execute-code(10375)
Reference: URL:http://www.iss.net/security_center/static/10375.php

---

Name: CVE-2002-1318

Description:

Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string.

Status:Entry
Reference: BID:6210
Reference: URL:http://www.securityfocus.com/bid/6210
Reference: BUGTRAQ:20021121 GLSA: samba
Reference: URL:http://marc.info/?l=bugtraq&m=103801986818076&w=2
Reference: BUGTRAQ:20021129 [OpenPKG-SA-2002.012] OpenPKG Security Advisory (samba)
Reference: URL:http://marc.info/?l=bugtraq&m=103859045302448&w=2
Reference: CERT-VN:VU#958321
Reference: URL:http://www.kb.cert.org/vuls/id/958321
Reference: CIAC:N-019
Reference: URL:http://www.ciac.org/ciac/bulletins/n-019.shtml
Reference: CIAC:N-023
Reference: URL:http://www.ciac.org/ciac/bulletins/n-023.shtml
Reference: CONECTIVA:CLA-2002:550
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000550
Reference: CONFIRM:http://us1.samba.org/samba/whatsnew/samba-2.2.7.html
Reference: DEBIAN:DSA-200
Reference: URL:http://www.debian.org/security/2002/dsa-200
Reference: HP:HPSBUX0212-230
Reference: URL:http://www.ciac.org/ciac/bulletins/n-023.shtml
Reference: MANDRAKE:MDKSA-2002:081
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-081.php
Reference: OVAL:oval:org.mitre.oval:def:1467
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1467
Reference: REDHAT:RHSA-2002:266
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-266.html
Reference: SGI:20021204-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021204-01-I
Reference: SUNALERT:53580
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/53580
Reference: SUSE:SuSE-SA:2002:045
Reference: URL:http://www.novell.com/linux/security/advisories/2002_045_samba.html
Reference: TRUSTIX:TSLSA-2002-0080
Reference: XF:samba-password-change-bo(10683)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10683

---

Name: CVE-2002-1319

Description:

The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 systems, allows local users to cause a denial of service (hang) via the emulation mode, which does not properly clear TF and NT EFLAGs.

Status:Entry
Reference: BID:6115
Reference: URL:http://www.securityfocus.com/bid/6115
Reference: BUGTRAQ:20021111 i386 Linux kernel DoS
Reference: URL:http://marc.info/?l=bugtraq&m=103714004623587&w=2
Reference: BUGTRAQ:20021114 Re: i386 Linux kernel DoS
Reference: URL:http://marc.info/?l=bugtraq&m=103737292709297&w=2
Reference: CONECTIVA:CLA-2002:553
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000553
Reference: REDHAT:RHSA-2002:262
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-262.html
Reference: REDHAT:RHSA-2002:263
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-263.html
Reference: REDHAT:RHSA-2002:264
Reference: URL:http://rhn.redhat.com/errata/RHSA-2002-264.html
Reference: XF:linux-kernel-tf-dos(10576)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10576

---

Name: CVE-2002-1320

Description:

Pine 4.44 and earlier allows remote attackers to cause a denial of service (core dump and failed restart) via an email message with a From header that contains a large number of quotation marks (").

Status:Entry
Reference: BID:6120
Reference: URL:http://www.securityfocus.com/bid/6120
Reference: BUGTRAQ:20021107 Remote pine Denial of Service
Reference: URL:http://marc.info/?l=bugtraq&m=103668430620531&w=2
Reference: BUGTRAQ:20021202 GLSA: pine
Reference: URL:http://marc.info/?l=bugtraq&m=103884988306241&w=2
Reference: CONECTIVA:CLA-2002:551
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000551
Reference: ENGARDE:ESA-20021127-032
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2614.html
Reference: MANDRAKE:MDKSA-2002:084
Reference: URL:http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-084.php
Reference: REDHAT:RHSA-2002:270
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-270.html
Reference: REDHAT:RHSA-2002:271
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-271.html
Reference: SUSE:SuSE-SA:2002:046
Reference: URL:http://www.novell.com/linux/security/advisories/2002_046_pine.html
Reference: XF:pine-from-header-dos(10555)
Reference: URL:http://www.iss.net/security_center/static/10555.php

---

Name: CVE-2002-1323

Description:

Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.

Status:Entry
Reference: BID:6111
Reference: URL:http://www.securityfocus.com/bid/6111
Reference: BUGTRAQ:20021216 [OpenPKG-SA-2002.014] OpenPKG Security Advisory (perl)
Reference: URL:http://marc.info/?l=bugtraq&m=104005919814869&w=2
Reference: BUGTRAQ:20021219 TSLSA-2002-0087 - perl
Reference: URL:http://marc.info/?l=bugtraq&m=104033126305252&w=2
Reference: BUGTRAQ:20021220 GLSA: perl
Reference: URL:http://marc.info/?l=bugtraq&m=104040175522502&w=2
Reference: CALDERA:CSSA-2004-007.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-007.0.txt
Reference: CONFIRM:http://bugs6.perl.org/rt2/Ticket/Display.html?id=17744
Reference: CONFIRM:http://use.perl.org/articles/02/10/06/1118222.shtml?tid=5
Reference: DEBIAN:DSA-208
Reference: URL:http://www.debian.org/security/2002/dsa-208
Reference: OSVDB:2183
Reference: URL:http://www.osvdb.org/2183
Reference: OSVDB:3814
Reference: URL:http://www.osvdb.org/3814
Reference: OVAL:oval:org.mitre.oval:def:1160
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1160
Reference: REDHAT:RHSA-2003:256
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-256.html
Reference: REDHAT:RHSA-2003:257
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-257.html
Reference: SCO:SCOSA-2004.1
Reference: URL:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2004.1/SCOSA-2004.1.txt
Reference: SGI:20030606-01-A
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20030606-01-A
Reference: VULNWATCH:20021105 Perl Safe.pm compartment reuse vuln
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0061.html
Reference: XF:safe-pm-bypass-restrictions(10574)
Reference: URL:http://www.iss.net/security_center/static/10574.php

---

Name: CVE-2002-1325

Description:

Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remote attackers to determine a local user's username via a Java applet that accesses the user.dir system property, aka "User.dir Exposure Vulnerability."

Status:Entry
Reference: BID:6380
Reference: URL:http://www.securityfocus.com/bid/6380
Reference: MS:MS02-069
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-069

---

Name: CVE-2002-1327

Description:

Buffer overflow in the Windows Shell function in Microsoft Windows XP allows remote attackers to execute arbitrary code via an .MP3 or .WMA audio file with a corrupt custom attribute, aka "Unchecked Buffer in Windows Shell Could Enable System Compromise."

Status:Entry
Reference: BID:6427
Reference: URL:http://www.securityfocus.com/bid/6427
Reference: BUGTRAQ:20021219 Foundstone Research Labs Advisory - Exploitable Windows XP Media Files
Reference: URL:http://marc.info/?l=bugtraq&m=104025849109384&w=2
Reference: CERT:CA-2002-37
Reference: URL:http://www.cert.org/advisories/CA-2002-37.html
Reference: CERT-VN:VU#591890
Reference: URL:http://www.kb.cert.org/vuls/id/591890
Reference: MS:MS02-072
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2002/ms02-072
Reference: XF:winxp-windows-shell-bo(10892)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10892

---

Name: CVE-2002-1336

Description:

TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.

Status:Entry
Reference: BID:5296
Reference: URL:http://www.securityfocus.com/bid/5296
Reference: BUGTRAQ:20020724 VNC authentication weakness
Reference: URL:http://marc.info/?l=bugtraq&m=102753170201524&w=2
Reference: BUGTRAQ:20020726 RE: VNC authentication weakness
Reference: URL:http://marc.info/?l=bugtraq&m=102769183913594&w=2
Reference: CONECTIVA:CLA-2003:640
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640
Reference: CONFIRM:http://www.tightvnc.com/WhatsNew.txt
Reference: MANDRAKE:MDKSA-2003:022
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022
Reference: REDHAT:RHSA-2002:287
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-287.html
Reference: REDHAT:RHSA-2003:041
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-041.html
Reference: XF:vnc-weak-authentication(5992)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/5992

---

Name: CVE-2002-1337

Description:

Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.

Status:Entry
Reference: AIXAPAR:IY40500
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY40500&apar=only
Reference: AIXAPAR:IY40501
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY40501&apar=only
Reference: AIXAPAR:IY40502
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY40502&apar=only
Reference: BID:6991
Reference: URL:http://www.securityfocus.com/bid/6991
Reference: BUGTRAQ:20030303 Fwd: APPLE-SA-2003-03-03 sendmail
Reference: URL:http://marc.info/?l=bugtraq&m=104678862109841&w=2
Reference: BUGTRAQ:20030303 sendmail 8.12.8 available
Reference: URL:http://marc.info/?l=bugtraq&m=104673778105192&w=2
Reference: BUGTRAQ:20030304 GLSA: sendmail (200303-4)
Reference: URL:http://marc.info/?l=bugtraq&m=104678862409849&w=2
Reference: BUGTRAQ:20030304 [LSD] Technical analysis of the remote sendmail vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=104678739608479&w=2
Reference: CALDERA:CSSA-2003-SCO.5
Reference: URL:ftp://ftp.sco.com/pub/updates/UnixWare/CSSA-2003-SCO.5
Reference: CALDERA:CSSA-2003-SCO.6
Reference: URL:ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.6
Reference: CERT:CA-2003-07
Reference: URL:http://www.cert.org/advisories/CA-2003-07.html
Reference: CERT-VN:VU#398025
Reference: URL:http://www.kb.cert.org/vuls/id/398025
Reference: CONECTIVA:CLA-2003:571
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000571
Reference: CONFIRM:http://www.sendmail.org/8.12.8.html
Reference: DEBIAN:DSA-257
Reference: URL:http://www.debian.org/security/2003/dsa-257
Reference: FREEBSD:FreeBSD-SA-03:04
Reference: HP:HPSBUX0302-246
Reference: URL:http://marc.info/?l=bugtraq&m=104679411316818&w=2
Reference: ISS:20030303 Remote Sendmail Header Processing Vulnerability
Reference: URL:http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21950
Reference: MANDRAKE:MDKSA-2003:028
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:028
Reference: NETBSD:NetBSD-SA2003-002
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-002.txt.asc
Reference: OVAL:oval:org.mitre.oval:def:2222
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2222
Reference: REDHAT:RHSA-2003:073
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-073.html
Reference: REDHAT:RHSA-2003:074
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-074.html
Reference: REDHAT:RHSA-2003:227
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-227.html
Reference: SGI:20030301-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20030301-01-P
Reference: SUSE:SuSE-SA:2003:013
Reference: XF:sendmail-header-processing-bo(10748)
Reference: URL:http://www.iss.net/security_center/static/10748.php

---

Name: CVE-2002-1348

Description:

w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies.

Status:Entry
Reference: BID:6794
Reference: URL:http://www.securityfocus.com/bid/6794
Reference: BUGTRAQ:20030217 GLSA: w3m
Reference: URL:http://marc.info/?l=bugtraq&m=104552193927323&w=2
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=126233
Reference: DEBIAN:DSA-249
Reference: URL:http://www.debian.org/security/2003/dsa-249
Reference: DEBIAN:DSA-250
Reference: URL:http://www.debian.org/security/2003/dsa-250
Reference: DEBIAN:DSA-251
Reference: URL:http://www.debian.org/security/2003/dsa-251
Reference: REDHAT:RHSA-2003:044
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-044.html
Reference: REDHAT:RHSA-2003:045
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-045.html
Reference: XF:w3m-img-alt-xss(11266)
Reference: URL:http://www.iss.net/security_center/static/11266.php

---

Name: CVE-2002-1349

Description:

Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 allows local users to execute arbitrary code via a long input string to TCP port 110 (POP3).

Status:Entry
Reference: BID:6350
Reference: URL:http://www.securityfocus.com/bid/6350
Reference: BUGTRAQ:20021210 Unchecked buffer in PC-cillin
Reference: URL:http://marc.info/?l=bugtraq&m=103953822705917&w=2
Reference: CERT-VN:VU#157961
Reference: URL:http://www.kb.cert.org/vuls/id/157961
Reference: CONFIRM:http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=12982
Reference: MISC:http://www.texonet.com/advisories/TEXONET-20021210.txt
Reference: XF:pccillin-pop3trap-bo(10814)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10814

---

Name: CVE-2002-1350

Description:

The BGP decoding routines in tcpdump 3.6.x before 3.7 do not properly copy data, which allows remote attackers to cause a denial of service (application crash).

Status:Entry
Reference: BID:6213
Reference: URL:http://www.securityfocus.com/bid/6213
Reference: BUGTRAQ:20021219 TSLSA-2002-0084 - tcpdump
Reference: URL:http://marc.info/?l=bugtraq&m=104032975103398&w=2
Reference: CALDERA:CSSA-2002-050.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-050.0.txt
Reference: DEBIAN:DSA-206
Reference: URL:http://www.debian.org/security/2002/dsa-206
Reference: MANDRAKE:MDKSA-2003:027
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027
Reference: MLIST:[tcpdump-workers] 20011015 Bug in print-bgp.c?
Reference: URL:http://www.tcpdump.org/lists/workers/2001/10/msg00101.html
Reference: REDHAT:RHSA-2003:032
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-032.html
Reference: REDHAT:RHSA-2003:033
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-033.html
Reference: REDHAT:RHSA-2003:214
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-214.html
Reference: TRUSTIX:TSL-2002-0084
Reference: XF:tcpdump-sizeof-memory-corruption(10695)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10695

---

Name: CVE-2002-1361

Description:

overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security Hardening Patch) installed allows remote attackers to execute arbitrary code via a POST request with shell metacharacters in the email parameter.

Status:Entry
Reference: BID:6326
Reference: URL:http://www.securityfocus.com/bid/6326
Reference: BUGTRAQ:20021205 Cobalt RaQ4 Remote root exploit
Reference: URL:http://marc.info/?l=bugtraq&m=103912513522807&w=2
Reference: CERT:CA-2002-35
Reference: URL:http://www.cert.org/advisories/CA-2002-35.html
Reference: CERT-VN:VU#810921
Reference: URL:http://www.kb.cert.org/vuls/id/810921
Reference: CIAC:N-025
Reference: URL:http://www.ciac.org/ciac/bulletins/n-025.shtml
Reference: SUNALERT:49377
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/49377
Reference: XF:cobalt-shp-overflow-privileges(10776)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10776

---

Name: CVE-2002-1362

Description:

mICQ 0.4.9 and earlier allows remote attackers to cause a denial of service (crash) via malformed ICQ message types without a 0xFE separator character.

Status:Entry
Reference: BID:6392
Reference: URL:http://www.securityfocus.com/bid/6392
Reference: DEBIAN:DSA-211
Reference: URL:http://www.debian.org/security/2002/dsa-211
Reference: REDHAT:RHSA-2003:118
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-118.html
Reference: XF:micq-0xfe-dos(10872)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10872

---

Name: CVE-2002-1363

Description:

Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a buffer overflow attack on the row buffers.

Status:Entry
Reference: BID:6431
Reference: URL:http://www.securityfocus.com/bid/6431
Reference: DEBIAN:DSA-213
Reference: URL:http://www.debian.org/security/2002/dsa-213
Reference: FEDORA:FLSA:1943
Reference: URL:https://bugzilla.fedora.us/show_bug.cgi?id=1943
Reference: MANDRAKE:MDKSA-2003:008
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:008
Reference: MANDRAKE:MDKSA-2004:063
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:063
Reference: OVAL:oval:org.mitre.oval:def:3657
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A3657
Reference: REDHAT:RHSA-2003:006
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-006.html
Reference: REDHAT:RHSA-2003:007
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-007.html
Reference: REDHAT:RHSA-2003:119
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-119.html
Reference: REDHAT:RHSA-2003:157
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-157.html
Reference: REDHAT:RHSA-2004:249
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-249.html
Reference: REDHAT:RHSA-2004:402
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-402.html
Reference: SUSE:SUSE-SA:2003:0004
Reference: URL:http://www.novell.com/linux/security/advisories/2003_004_libpng.html
Reference: XF:libpng-file-offset-bo(10925)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10925

---

Name: CVE-2002-1364

Description:

Buffer overflow in the get_origin function in traceroute-nanog allows attackers to execute arbitrary code via long WHOIS responses.

Status:Entry
Reference: BID:6166
Reference: URL:http://www.securityfocus.com/bid/6166
Reference: BUGTRAQ:20021129 Exploit for traceroute-nanog overflow
Reference: URL:http://marc.info/?l=bugtraq&m=103858895600963&w=2
Reference: DEBIAN:DSA-254
Reference: URL:http://www.debian.org/security/2003/dsa-254
Reference: SUSE:SuSE-SA:2002:043
Reference: URL:http://www.novell.com/linux/security/advisories/2002_043_traceroute_nanog_nkitb.html
Reference: XF:traceroute-nanog-getorigin-bo(10778)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10778

---

Name: CVE-2002-1365

Description:

Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not account for the "@" character when determining buffer lengths for local addresses, which allows remote attackers to execute arbitrary code via a header with a large number of local addresses.

Status:Entry
Reference: BID:6390
Reference: URL:http://www.securityfocus.com/bid/6390
Reference: BUGTRAQ:20021213 Advisory 05/2002: Another Fetchmail Remote Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=103979751818638&w=2
Reference: BUGTRAQ:20021215 GLSA: fetchmail
Reference: URL:http://marc.info/?l=bugtraq&m=104004858802000&w=2
Reference: CALDERA:CSSA-2003-001.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-001.0.txt
Reference: CONECTIVA:CLA-2002:554
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000554
Reference: DEBIAN:DSA-216
Reference: URL:http://www.debian.org/security/2002/dsa-216
Reference: ENGARDE:ESA-20030127-002
Reference: IMMUNIX:IMNX-2003-7+-023-01
Reference: MANDRAKE:MDKSA-2003:011
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:011
Reference: MISC:http://security.e-matters.de/advisories/052002.html
Reference: REDHAT:RHSA-2002:293
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-293.html
Reference: REDHAT:RHSA-2002:294
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-294.html
Reference: REDHAT:RHSA-2003:155
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-155.html
Reference: SUSE:SuSE-SA:2003:001
Reference: XF:fetchmail-address-header-bo(10839)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10839

---

Name: CVE-2002-1366

Description:

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local users with lp privileges to create or overwrite arbitrary files via file race conditions, as demonstrated by ice-cream.

Status:Entry
Reference: BID:6435
Reference: URL:http://www.securityfocus.com/bid/6435
Reference: BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
Reference: URL:http://marc.info/?l=bugtraq&m=104032149026670&w=2
Reference: DEBIAN:DSA-232
Reference: URL:http://www.debian.org/security/2003/dsa-232
Reference: MANDRAKE:MDKSA-2003:001
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001
Reference: MISC:http://www.idefense.com/advisory/12.19.02.txt
Reference: REDHAT:RHSA-2002:295
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html
Reference: SUSE:SuSE-SA:2003:002
Reference: URL:http://www.novell.com/linux/security/advisories/2003_002_cups.html
Reference: VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html
Reference: XF:cups-certs-race-condition(10907)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10907

---

Name: CVE-2002-1367

Description:

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to add printers without authentication via a certain UDP packet, which can then be used to perform unauthorized activities such as stealing the local root certificate for the administration server via a "need authorization" page, as demonstrated by new-coke.

Status:Entry
Reference: BID:6436
Reference: URL:http://www.securityfocus.com/bid/6436
Reference: BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
Reference: URL:http://marc.info/?l=bugtraq&m=104032149026670&w=2
Reference: CONECTIVA:CLSA-2003:702
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702
Reference: DEBIAN:DSA-232
Reference: URL:http://www.debian.org/security/2003/dsa-232
Reference: MANDRAKE:MDKSA-2003:001
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001
Reference: MISC:http://www.idefense.com/advisory/12.19.02.txt
Reference: REDHAT:RHSA-2002:295
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html
Reference: SUSE:SuSE-SA:2003:002
Reference: URL:http://www.novell.com/linux/security/advisories/2003_002_cups.html
Reference: VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html
Reference: XF:cups-udp-add-printers(10908)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10908

---

Name: CVE-2002-1369

Description:

jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly use the strncat function call when processing the options string, which allows remote attackers to execute arbitrary code via a buffer overflow attack.

Status:Entry
Reference: BID:6438
Reference: URL:http://www.securityfocus.com/bid/6438
Reference: BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
Reference: URL:http://marc.info/?l=bugtraq&m=104032149026670&w=2
Reference: CONECTIVA:CLSA-2003:702
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702
Reference: DEBIAN:DSA-232
Reference: URL:http://www.debian.org/security/2003/dsa-232
Reference: MANDRAKE:MDKSA-2003:001
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001
Reference: MISC:http://www.idefense.com/advisory/12.19.02.txt
Reference: REDHAT:RHSA-2002:295
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html
Reference: SUSE:SuSE-SA:2003:002
Reference: URL:http://www.novell.com/linux/security/advisories/2003_002_cups.html
Reference: VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html
Reference: XF:cups-strncat-options-bo(10910)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10910

---

Name: CVE-2002-1371

Description:

filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check for zero-length GIF images, which allows remote attackers to execute arbitrary code via modified chunk headers, as demonstrated by nogif.

Status:Entry
Reference: BID:6439
Reference: URL:http://www.securityfocus.com/bid/6439
Reference: BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
Reference: URL:http://marc.info/?l=bugtraq&m=104032149026670&w=2
Reference: CONECTIVA:CLSA-2003:702
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702
Reference: DEBIAN:DSA-232
Reference: URL:http://www.debian.org/security/2003/dsa-232
Reference: MANDRAKE:MDKSA-2003:001
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001
Reference: MISC:http://www.idefense.com/advisory/12.19.02.txt
Reference: REDHAT:RHSA-2002:295
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html
Reference: SUSE:SuSE-SA:2003:002
Reference: URL:http://www.novell.com/linux/security/advisories/2003_002_cups.html
Reference: VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html
Reference: XF:cups-zero-width-images(10911)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10911

---

Name: CVE-2002-1372

Description:

Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not released, as demonstrated by fanta.

Status:Entry
Reference: BID:6440
Reference: URL:http://www.securityfocus.com/bid/6440
Reference: BUGTRAQ:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
Reference: URL:http://marc.info/?l=bugtraq&m=104032149026670&w=2
Reference: CONECTIVA:CLSA-2003:702
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000702
Reference: DEBIAN:DSA-232
Reference: URL:http://www.debian.org/security/2003/dsa-232
Reference: MANDRAKE:MDKSA-2003:001
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001
Reference: MISC:http://www.idefense.com/advisory/12.19.02.txt
Reference: REDHAT:RHSA-2002:295
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html
Reference: SUSE:SuSE-SA:2003:002
Reference: URL:http://www.novell.com/linux/security/advisories/2003_002_cups.html
Reference: VULNWATCH:20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0117.html
Reference: XF:cups-file-descriptor-dos(10912)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10912

---

Name: CVE-2002-1373

Description:

Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call.

Status:Entry
Reference: BID:6368
Reference: URL:http://www.securityfocus.com/bid/6368
Reference: BUGTRAQ:20021212 Advisory 04/2002: Multiple MySQL vulnerabilities
Reference: URL:http://marc.info/?l=bugtraq&m=103971644013961&w=2
Reference: CONECTIVA:CLSA-2002:555
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000555
Reference: DEBIAN:DSA-212
Reference: URL:http://www.debian.org/security/2002/dsa-212
Reference: ENGARDE:ESA-20030127-001
Reference: GENTOO:200212-2
Reference: URL:http://marc.info/?l=bugtraq&m=104004857201968&w=2
Reference: IMMUNIX:IMNX-2003-7+-008-01
Reference: URL:http://www.securityfocus.com/advisories/5269
Reference: MANDRAKE:MDKSA-2002:087
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:087
Reference: MISC:http://security.e-matters.de/advisories/042002.html
Reference: REDHAT:RHSA-2002:288
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-288.html
Reference: REDHAT:RHSA-2002:289
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-289.html
Reference: REDHAT:RHSA-2003:166
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-166.html
Reference: SUSE:SUSE-SA:2003:003
Reference: URL:http://www.novell.com/linux/security/advisories/2003_003_mysql.html
Reference: TRUSTIX:2002-0086
Reference: URL:http://www.trustix.net/errata/misc/2002/TSL-2002-0086-mysql.asc.txt
Reference: XF:mysql-comtabledump-dos(10846)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10846

---

Name: CVE-2002-1374

Description:

The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.

Status:Entry
Reference: BID:6373
Reference: URL:http://www.securityfocus.com/bid/6373
Reference: BUGTRAQ:20021212 Advisory 04/2002: Multiple MySQL vulnerabilities
Reference: URL:http://marc.info/?l=bugtraq&m=103971644013961&w=2
Reference: BUGTRAQ:20021216 [OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql)
Reference: URL:http://marc.info/?l=bugtraq&m=104005886114500&w=2
Reference: CONECTIVA:CLSA-2002:555
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000555
Reference: DEBIAN:DSA-212
Reference: URL:http://www.debian.org/security/2002/dsa-212
Reference: ENGARDE:ESA-20021213-033
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2660.html
Reference: GENTOO:GLSA-200212-2
Reference: URL:http://marc.info/?l=bugtraq&m=104004857201968&w=2
Reference: IMMUNIX:IMNX-2003-7+-008-01
Reference: URL:http://www.securityfocus.com/advisories/5269
Reference: MANDRAKE:MDKSA-2002:087
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:087
Reference: MISC:http://security.e-matters.de/advisories/042002.html
Reference: REDHAT:RHSA-2002:288
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-288.html
Reference: REDHAT:RHSA-2002:289
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-289.html
Reference: REDHAT:RHSA-2003:166
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-166.html
Reference: SUSE:SUSE-SA:2003:003
Reference: URL:http://www.novell.com/linux/security/advisories/2003_003_mysql.html
Reference: TRUSTIX:2002-0086
Reference: URL:http://www.trustix.net/errata/misc/2002/TSL-2002-0086-mysql.asc.txt
Reference: XF:mysql-comchangeuser-password-bypass(10847)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10847

---

Name: CVE-2002-1375

Description:

The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response.

Status:Entry
Reference: BID:6375
Reference: URL:http://www.securityfocus.com/bid/6375
Reference: BUGTRAQ:20021212 Advisory 04/2002: Multiple MySQL vulnerabilities
Reference: URL:http://marc.info/?l=bugtraq&m=103971644013961&w=2
Reference: BUGTRAQ:20021216 [OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql)
Reference: URL:http://marc.info/?l=bugtraq&m=104005886114500&w=2
Reference: CONECTIVA:CLSA-2002:555
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000555
Reference: DEBIAN:DSA-212
Reference: URL:http://www.debian.org/security/2002/dsa-212
Reference: ENGARDE:ESA-20021213-033
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2660.html
Reference: GENTOO:GLSA-200212-2
Reference: URL:http://marc.info/?l=bugtraq&m=104004857201968&w=2
Reference: IMMUNIX:IMNX-2003-7+-008-01
Reference: URL:http://www.securityfocus.com/advisories/5269
Reference: MANDRAKE:MDKSA-2002:087
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2002:087
Reference: MISC:http://security.e-matters.de/advisories/042002.html
Reference: REDHAT:RHSA-2002:288
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-288.html
Reference: REDHAT:RHSA-2002:289
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-289.html
Reference: REDHAT:RHSA-2003:166
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-166.html
Reference: SUSE:SUSE-SA:2003:003
Reference: URL:http://www.novell.com/linux/security/advisories/2003_003_mysql.html
Reference: TRUSTIX:2002-0086
Reference: URL:http://www.trustix.net/errata/misc/2002/TSL-2002-0086-mysql.asc.txt
Reference: XF:mysql-comchangeuser-password-bo(10848)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10848

---

Name: CVE-2002-1377

Description:

vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt.

Status:Entry
Reference: BID:6384
Reference: URL:http://www.securityfocus.com/bid/6384
Reference: BUGTRAQ:20040331 OpenLinux: vim arbitrary commands execution through modelines
Reference: URL:http://marc.info/?l=bugtraq&m=108077992208690&w=2
Reference: CONECTIVA:CLA-2004:812
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000812
Reference: FULLDISC:20021213 Some vim problems, yet still vim much better than windows
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2002-December/002948.html
Reference: MANDRAKE:MDKSA-2003:012
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:012
Reference: MISC:http://www.guninski.com/vim1.html
Reference: REDHAT:RHSA-2002:297
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-297.html
Reference: REDHAT:RHSA-2002:302
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-302.html
Reference: SUNALERT:55700
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55700
Reference: XF:vim-modeline-command-execution(10835)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10835

---

Name: CVE-2002-1380

Description:

Linux kernel 2.2.x allows local users to cause a denial of service (crash) by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface.

Status:Entry
Reference: BID:6420
Reference: URL:http://www.securityfocus.com/bid/6420
Reference: DEBIAN:DSA-336
Reference: URL:http://www.debian.org/security/2003/dsa-336
Reference: ENGARDE:ESA-20030318-009
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2976.html
Reference: MANDRAKE:MDKSA-2003:039
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:039
Reference: REDHAT:RHSA-2003:088
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-088.html
Reference: TRUSTIX:2002-0083
Reference: URL:http://www.trustix.net/errata/misc/2002/TSL-2002-0083-kernel.asc.txt
Reference: VULNWATCH:20021217 RAZOR advisory: Linux 2.2.xx /proc/<pid>/mem mmap() vulnerability
Reference: XF:linux-protread-mmap-dos(10884)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10884

---

Name: CVE-2002-1381

Description:

Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.

Status:Entry
Reference: BID:6314
Reference: URL:http://www.securityfocus.com/bid/6314
Reference: BUGTRAQ:20021204 Local root vulnerability found in exim 4.x (and 3.x)
Reference: URL:http://marc.info/?l=bugtraq&m=103903403527788&w=2
Reference: CONFIRM:http://groups.yahoo.com/group/exim-users/message/42358
Reference: GENTOO:GLSA-200212-5
Reference: URL:http://marc.info/?l=bugtraq&m=104006219018664&w=2
Reference: MLIST:[Exim] 20021204 Minor security problem in both Exim 3 and 4
Reference: URL:http://www.exim.org/pipermail/exim-users/Week-of-Mon-20021202/046978.html
Reference: XF:exim-daemonc-format-string(10761)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10761

---

Name: CVE-2002-1382

Description:

Macromedia Flash Player before 6.0.65.0 allows remote attackers to execute arbitrary code via certain malformed data headers in Shockwave Flash file format (SWF) files, a different issue than CAN-2002-0846.

Status:Entry
Reference: BID:6383
Reference: URL:http://www.securityfocus.com/bid/6383
Reference: BUGTRAQ:20021217 Macromedia Shockwave Flash Malformed Header Overflow #2
Reference: URL:http://marc.info/?l=bugtraq&m=104014220727109&w=2
Reference: CONFIRM:http://www.macromedia.com/v1/handlers/index.cfm?ID=23569
Reference: VULNWATCH:20021217 Macromedia Shockwave Flash Malformed Header Overflow #2
Reference: URL:http://marc.info/?l=vulnwatch&m=104013370116670
Reference: XF:flash-swf-bo(10861)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10861

---

Name: CVE-2002-1384

Description:

Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf.

Status:Entry
Reference: BID:6475
Reference: URL:http://www.securityfocus.com/bid/6475
Reference: DEBIAN:DSA-222
Reference: URL:http://www.debian.org/security/2003/dsa-222
Reference: DEBIAN:DSA-226
Reference: URL:http://www.debian.org/security/2003/dsa-226
Reference: DEBIAN:DSA-232
Reference: URL:http://www.debian.org/security/2003/dsa-232
Reference: GENTOO:GLSA-200301-1
Reference: URL:http://marc.info/?l=bugtraq&m=104152282309980&w=2
Reference: MANDRAKE:MDKSA-2003:001
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:001
Reference: MANDRAKE:MDKSA-2003:002
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:002
Reference: MISC:http://www.idefense.com/advisory/12.23.02.txt
Reference: REDHAT:RHSA-2002:295
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-295.html
Reference: REDHAT:RHSA-2002:307
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-307.html
Reference: REDHAT:RHSA-2003:037
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-037.html
Reference: REDHAT:RHSA-2003:216
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-216.html
Reference: SUSE:SUSE-SA:2003:002
Reference: URL:http://www.novell.com/linux/security/advisories/2003_002_cups.html
Reference: VULNWATCH:20021223 iDEFENSE Security Advisory 12.23.02: Integer Overflow in pdftops
Reference: XF:pdftops-integer-overflow(10937)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10937

---

Name: CVE-2002-1385

Description:

openwebmail_init in Open WebMail 1.81 and earlier allows local users to execute arbitrary code via .. (dot dot) sequences in a login name, such as the name provided in the sessionid parameter for openwebmail-abook.pl, which is used to find a configuration file that specifies additional code to be executed.

Status:Entry
Reference: BID:6425
Reference: URL:http://www.securityfocus.com/bid/6425
Reference: BUGTRAQ:20021218 Openwebmail 1.71 remote root compromise
Reference: URL:http://marc.info/?l=bugtraq&m=104031696120743&w=2
Reference: BUGTRAQ:20021219 [Fix] Openwebmail 1.71 remote root compromise
Reference: URL:http://marc.info/?l=bugtraq&m=104032263328026&w=2
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?thread_id=782605&forum_id=108435
Reference: XF:open-webmail-command-execution(10904)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10904

---

Name: CVE-2002-1388

Description:

Cross-site scripting (XSS) vulnerability in MHonArc before 2.5.14 allows remote attackers to inject arbitrary HTML into web archive pages via HTML mail messages.

Status:Entry
Reference: BID:6479
Reference: URL:http://www.securityfocus.com/bid/6479
Reference: CONFIRM:http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users&i=200212220120.gBM1K8502180@mcguire.earlhood.com
Reference: DEBIAN:DSA-221
Reference: URL:http://www.debian.org/security/2002/dsa-221
Reference: XF:mhonarc-m2htexthtml-filter-xss(10950)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10950

---

Name: CVE-2002-1389

Description:

Buffer overflow in typespeed 0.4.2 and earlier allows local users to gain privileges via long input.

Status:Entry
Reference: BID:6485
Reference: URL:http://www.securityfocus.com/bid/6485
Reference: DEBIAN:DSA-217
Reference: URL:http://www.debian.org/security/2002/dsa-217
Reference: XF:typespeed-command-line-bo(10936)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10936

---

Name: CVE-2002-1390

Description:

The daemon for GeneWeb before 4.09 does not properly handle requested paths, which allows remote attackers to read arbitrary files via a crafted URL.

Status:Entry
Reference: BID:6549
Reference: URL:http://www.securityfocus.com/bid/6549
Reference: CONFIRM:http://cristal.inria.fr/~ddr/GeneWeb/en/version/4.09.html
Reference: DEBIAN:DSA-223
Reference: URL:http://www.debian.org/security/2003/dsa-223
Reference: XF:geneweb-absolute-information-disclosure(11021)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/11021

---

Name: CVE-2002-1391

Description:

Buffer overflow in cnd-program for mgetty before 1.1.29 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Caller ID string with a long CallerName argument.

Status:Entry
Reference: BID:7303
Reference: URL:http://www.securityfocus.com/bid/7303
Reference: CALDERA:CSSA-2003-021.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-021.0.txt
Reference: CONFIRM:http://search.alphanet.ch/cgi-bin/search.cgi?msgid=20021125142338.E12094%40greenie.muc.de&max_results=1&type=long&domain=ml-mgetty
Reference: GENTOO:GLSA-200304-09
Reference: URL:http://marc.info/?l=bugtraq&m=105154413326136&w=2
Reference: REDHAT:RHSA-2003:008
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-008.html
Reference: REDHAT:RHSA-2003:036
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-036.html
Reference: XF:mgetty-cndprogram-callername-bo(11072)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/11072

---

Name: CVE-2002-1392

Description:

faxspool in mgetty before 1.1.29 uses a world-writable spool directory for outgoing faxes, which allows local users to modify fax transmission privileges.

Status:Entry
Reference: BID:7302
Reference: URL:http://www.securityfocus.com/bid/7302
Reference: CALDERA:CSSA-2003-021.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-021.0.txt
Reference: CONFIRM:http://search.alphanet.ch/cgi-bin/search.cgi?msgid=20021125142338.E12094%40greenie.muc.de&max_results=1&type=long&domain=ml-mgetty
Reference: GENTOO:GLSA-200304-09
Reference: URL:http://marc.info/?l=bugtraq&m=105154413326136&w=2
Reference: REDHAT:RHSA-2003:008
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-008.html
Reference: REDHAT:RHSA-2003:036
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-036.html
Reference: XF:mgetty-faxspool-worldwritable-directory(11070)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/11070

---

Name: CVE-2002-1394

Description:

Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.

Status:Entry
Reference: BID:6562
Reference: URL:http://www.securityfocus.com/bid/6562
Reference: CONFIRM:http://issues.apache.org/bugzilla/show_bug.cgi?id=13365
Reference: CONFIRM:http://marc.info/?l=tomcat-dev&m=103417249325526&w=2
Reference: DEBIAN:DSA-225
Reference: URL:http://www.debian.org/security/2003/dsa-225
Reference: GENTOO:GLSA-200210-001
Reference: URL:http://marc.info/?l=bugtraq&m=103470282514938&w=2
Reference: MLIST:[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/
Reference: URL:https://lists.apache.org/thread.html/29dc6c2b625789e70a9c4756b5a327e6547273ff8bde7e0327af48c5@%3Cdev.tomcat.apache.org%3E
Reference: MLIST:[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/
Reference: URL:https://lists.apache.org/thread.html/c62b0e3a7bf23342352a5810c640a94b6db69957c5c19db507004d74@%3Cdev.tomcat.apache.org%3E
Reference: MLIST:[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/
Reference: URL:https://lists.apache.org/thread.html/rb71997f506c6cc8b530dd845c084995a9878098846c7b4eacfae8db3@%3Cdev.tomcat.apache.org%3E
Reference: REDHAT:RHSA-2003:075
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-075.html
Reference: REDHAT:RHSA-2003:082
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-082.html
Reference: XF:tomcat-invoker-source-code(10376)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10376

---

Name: CVE-2002-1396

Description:

Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code.

Status:Entry
Reference: BID:6488
Reference: URL:http://www.securityfocus.com/bid/6488
Reference: BUGTRAQ:20021227 Buffer overflow in PHP "wordwrap" function
Reference: URL:http://marc.info/?l=bugtraq&m=104102689503192&w=2
Reference: CONFIRM:http://bugs.php.net/bug.php?id=20927
Reference: ENGARDE:ESA-20030219-003
Reference: URL:http://archives.neohapsis.com/archives/linux/engarde/2003-q1/0003.html
Reference: GENTOO:200301-8
Reference: URL:http://www.securityfocus.com/advisories/4862
Reference: MANDRAKE:MDKSA-2003:019
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:019
Reference: REDHAT:RHSA-2003:017
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-017.html
Reference: SCO:CSSA-2003-SCO.28
Reference: SUSE:SuSE-SA:2003:0009
Reference: URL:http://www.novell.com/linux/security/advisories/2003_009_mod_php4.html
Reference: XF:php-wordwrap-bo(10944)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10944

---

Name: CVE-2002-1403

Description:

dhcpcd DHCP client daemon 1.3.22 and earlier allows local users to execute arbitrary code via shell metacharacters that are fed from a dhcpd .info script into a .exe script.

Status:Entry
Reference: BID:6200
Reference: URL:http://www.securityfocus.com/bid/6200
Reference: CONECTIVA:CLA-2002:549
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000549
Reference: DEBIAN:DSA-219
Reference: URL:http://www.debian.org/security/2002/dsa-219
Reference: GENTOO:GLSA-200301-3
Reference: URL:http://marc.info/?l=bugtraq&m=104189546709447&w=2
Reference: MANDRAKE:MDKSA-2003:003
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:003
Reference: XF:dhcpcd-info-execute-commands(10663)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10663

---

Name: CVE-2002-1405

Description:

CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.

Status:Entry
Reference: BID:5499
Reference: URL:http://www.securityfocus.com/bid/5499
Reference: BUGTRAQ:20020819 Lynx CRLF Injection
Reference: URL:http://marc.info/?l=bugtraq&m=102978118411977&w=2
Reference: BUGTRAQ:20020822 Lynx CRLF Injection, part two
Reference: URL:http://marc.info/?l=bugtraq&m=103003793418021&w=2
Reference: CALDERA:CSSA-2002-049.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2002-049.0.txt
Reference: DEBIAN:DSA-210
Reference: URL:http://www.debian.org/security/2002/dsa-210
Reference: MANDRAKE:MDKSA-2003:023
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:023
Reference: REDHAT:RHSA-2003:029
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-029.html
Reference: REDHAT:RHSA-2003:030
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-030.html
Reference: TRUSTIX:2002-0085
Reference: URL:http://www.trustix.net/errata/misc/2002/TSL-2002-0085-lynx-ssl.asc.txt
Reference: XF:lynx-crlf-injection(9887)
Reference: URL:http://www.iss.net/security_center/static/9887.php

---

Name: CVE-2002-1407

Description:

TinySSL 1.02 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.

Status:Entry
Reference: BID:5410
Reference: URL:http://www.securityfocus.com/bid/5410
Reference: BUGTRAQ:20020805 IE SSL Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=102866120821995&w=2
Reference: BUGTRAQ:20020810 TinySSL Vendor Statement: Basic Constraints Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0096.html
Reference: XF:ssl-ca-certificate-spoofing(9776)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/9776

---

Name: CVE-2002-1412

Description:

Gallery photo album package before 1.3.1 allows local and possibly remote attackers to execute arbitrary code via a modified GALLERY_BASEDIR variable that points to a directory or URL that contains a Trojan horse init.php script.

Status:Entry
Reference: BID:5375
Reference: URL:http://www.securityfocus.com/bid/5375
Reference: BUGTRAQ:20020801 code injection in gallery
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0471.html
Reference: CONFIRM:http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=50&mode=thread&order=0&thold=0
Reference: DEBIAN:DSA-138
Reference: URL:http://www.debian.org/security/2002/dsa-138
Reference: XF:gallery-basedir-execute-commands(9737)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/9737

---

Name: CVE-2002-1413

Description:

RCONAG6 for Novell Netware SP2, while running RconJ in secure mode, allows remote attackers to bypass authentication using the RconJ "Secure IP" (SSL) option during a connection.

Status:Entry
Reference: BID:5541
Reference: URL:http://www.securityfocus.com/bid/5541
Reference: BUGTRAQ:20020821 NOVL-2002-2963349 - Rconag6 Secure IP Login Vulnerability - NW6SP2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0216.html
Reference: CERT-VN:VU#746251
Reference: URL:http://www.kb.cert.org/vuls/id/746251
Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963349
Reference: XF:netware-rconj-no-password(9928)
Reference: URL:http://www.iss.net/security_center/static/9928.php

---

Name: CVE-2002-1414

Description:

Buffer overflow in qmailadmin allows local users to gain privileges via a long QMAILADMIN_TEMPLATEDIR environment variable.

Status:Entry
Reference: BID:5404
Reference: URL:http://www.securityfocus.com/bid/5404
Reference: BUGTRAQ:20020724 Re: qmailadmin SUID buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0016.html
Reference: CONFIRM:http://www.inter7.com/qmailadmin/ChangeLog
Reference: VULN-DEV:20020806 qmailadmin SUID buffer overflow
Reference: URL:http://marc.info/?l=vuln-dev&m=102859603029424&w=2
Reference: XF:qmailadmin-templatedir-bo(9786)
Reference: URL:http://www.iss.net/security_center/static/9786.php

---

Name: CVE-2002-1417

Description:

Directory traversal vulnerability in Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to read arbitrary files via a URL containing a "..%5c" sequence (modified dot-dot), which is mapped to the directory separator.

Status:Entry
Reference: BID:5523
Reference: URL:http://www.securityfocus.com/bid/5523
Reference: BUGTRAQ:20020820 NOVL-2002-2963297 - NetBasic Buffer Overflow + Scripting Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0199.html
Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963297
Reference: XF:novell-netbasic-directory-traversal(9910)
Reference: URL:http://www.iss.net/security_center/static/9910.php

---

Name: CVE-2002-1418

Description:

Buffer overflow in the interpreter for Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to cause a denial of service (ABEND) via a long module name.

Status:Entry
Reference: BID:5524
Reference: URL:http://www.securityfocus.com/bid/5524
Reference: BUGTRAQ:20020820 NOVL-2002-2963297 - NetBasic Buffer Overflow + Scripting Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0199.html
Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963297
Reference: XF:novell-netbasic-interpreter-bo(9911)
Reference: URL:http://www.iss.net/security_center/static/9911.php

---

Name: CVE-2002-1419

Description:

The upgrade of IRIX on Origin 3000 to 6.5.13 through 6.5.16 changes the MAC address of the system, which could modify intended access restrictions that are based on a MAC address.

Status:Entry
Reference: BID:5467
Reference: URL:http://www.securityfocus.com/bid/5467
Reference: SGI:20020805-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020805-01-I
Reference: XF:irix-origin-bypass-filtering(9868)
Reference: URL:http://www.iss.net/security_center/static/9868.php

---

Name: CVE-2002-1420

Description:

Integer signedness error in select() on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check as a signed integer, but is later used as an unsigned integer during a data copying operation.

Status:Entry
Reference: BID:5442
Reference: URL:http://www.securityfocus.com/bid/5442
Reference: BUGTRAQ:20020812 OpenBSD Security Advisory: Select Boundary Condition (fwd)
Reference: URL:http://marc.info/?l=bugtraq&m=102918817012863&w=2
Reference: CERT-VN:VU#259787
Reference: URL:http://www.kb.cert.org/vuls/id/259787
Reference: OSVDB:7554
Reference: URL:http://www.osvdb.org/7554
Reference: XF:openbsd-select-bo(9809)
Reference: URL:http://www.iss.net/security_center/static/9809.php

---

Name: CVE-2002-1424

Description:

Buffer overflow in munpack in mpack 1.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.

Status:Entry
Reference: BID:5385
Reference: URL:http://www.securityfocus.com/bid/5385
Reference: DEBIAN:DSA-141
Reference: URL:http://www.debian.org/security/2002/dsa-141
Reference: XF:munpack-mime-bo(9747)
Reference: URL:http://www.iss.net/security_center/static/9747.php

---

Name: CVE-2002-1425

Description:

Directory traversal vulnerability in munpack in mpack 1.5 and earlier allows remote attackers to create new files in the parent directory via a ../ (dot-dot) sequence in the filename to be extracted.

Status:Entry
Reference: BID:5386
Reference: URL:http://www.securityfocus.com/bid/5386
Reference: DEBIAN:DSA-141
Reference: URL:http://www.debian.org/security/2002/dsa-141
Reference: XF:munpack-dotdot-directory-traversal(9748)
Reference: URL:http://www.iss.net/security_center/static/9748.php

---

Name: CVE-2002-1430

Description:

Unknown vulnerability in Sympoll 1.2 allows remote attackers to read arbitrary files when register_globals is enabled, possibly by modifying certain PHP variables through URL parameters.

Status:Entry
Reference: BID:5360
Reference: URL:http://www.securityfocus.com/bid/5360
Reference: BUGTRAQ:20020730 [ADVISORY]: Arbitrary file disclosure vulnerability in Sympoll 1.2
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0401.html
Reference: CONFIRM:http://www.ralusp.net/downloads/sympoll/changelog.txt
Reference: XF:sympoll-php-view-files(9723)
Reference: URL:http://www.iss.net/security_center/static/9723.php

---

Name: CVE-2002-1435

Description:

class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the 'allow_url_fopen' setting is enabled via a URL in the config_atkroot parameter that points to the code.

Status:Entry
Reference: BID:5552
Reference: URL:http://www.securityfocus.com/bid/5552
Reference: BUGTRAQ:20020822 Arbitrary code execution problem in Achievo
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0235.html
Reference: CONFIRM:http://www.achievo.org/lists/2002/Aug/msg00092.html
Reference: XF:achievo-php-execute-code(9947)
Reference: URL:http://www.iss.net/security_center/static/9947.php

---

Name: CVE-2002-1436

Description:

The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary Perl code via an HTTP POST request.

Status:Entry
Reference: BID:5520
Reference: URL:http://www.securityfocus.com/bid/5520
Reference: BUGTRAQ:20020820 NOVL-2002-2963307 - PERL Handler Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0202.html
Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963307
Reference: XF:netware-perl-code-execution(9916)
Reference: URL:http://www.iss.net/security_center/static/9916.php

---

Name: CVE-2002-1437

Description:

Directory traversal vulnerability in the web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to read arbitrary files via an HTTP request containing "..%5c" (URL-encoded dot-dot backslash) sequences.

Status:Entry
Reference: BID:5522
Reference: URL:http://www.securityfocus.com/bid/5522
Reference: BUGTRAQ:20020820 NOVL-2002-2963307 - PERL Handler Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0202.html
Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963307
Reference: XF:netware-perl-directory-traversal(9915)
Reference: URL:http://www.iss.net/security_center/static/9915.php

---

Name: CVE-2002-1438

Description:

The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to obtain Perl version information via the -v option.

Status:Entry
Reference: BID:5521
Reference: URL:http://www.securityfocus.com/bid/5521
Reference: BUGTRAQ:20020820 NOVL-2002-2963307 - PERL Handler Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0202.html
Reference: CONFIRM:http://support.novell.com/servlet/tidfinder/2963307
Reference: XF:netware-perl-information-disclosure(9917)
Reference: URL:http://www.iss.net/security_center/static/9917.php

---

Name: CVE-2002-1443

Description:

The Google toolbar 1.1.58 and earlier allows remote web sites to monitor a user's input into the toolbar via an "onkeydown" event handler.

Status:Entry
Reference: BID:5426
Reference: URL:http://www.securityfocus.com/bid/5426
Reference: BUGTRAQ:20020808 Exploiting the Google toolbar (GM#001-MC)
Reference: URL:http://online.securityfocus.com/archive/1/286527
Reference: CONFIRM:http://toolbar.google.com/whatsnew.php3
Reference: MISC:http://sec.greymagic.com/adv/gm001-mc/
Reference: NTBUGTRAQ:20020808 Exploiting the Google toolbar (GM#001-MC)
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0066.html
Reference: XF:google-toolbar-keypress-monitoring(10054)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10054

---

Name: CVE-2002-1446

Description:

The error checking routine used for the C_Verify call on a symmetric verification key in the nCipher PKCS#11 library 1.2.0 and later returns the CKR_OK status even when it detects an invalid signature, which could allow remote attackers to modify or forge messages.

Status:Entry
Reference: BID:5498
Reference: URL:http://www.securityfocus.com/bid/5498
Reference: BUGTRAQ:20020819 nCipher Advisory #5: C_Verify validates incorrect symmetric signatures
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0172.html
Reference: CONFIRM:http://www.ncipher.com/support/advisories/advisory5_c_verify.html
Reference: XF:ncipher-cverify-improper-verification(9895)
Reference: URL:http://www.iss.net/security_center/static/9895.php

---

Name: CVE-2002-1447

Description:

Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument.

Status:Entry
Reference: BID:5056
Reference: URL:http://www.securityfocus.com/bid/5056
Reference: BUGTRAQ:20020619 [AP] Cisco vpnclient buffer overflow
Reference: URL:http://online.securityfocus.com/archive/1/277653
Reference: CISCO:20020619 Buffer Overflow in UNIX VPN Client
Reference: URL:http://www.cisco.com/warp/public/707/cisco-unix-vpnclient-buffer-overflow-pub.shtml
Reference: MISC:http://sec.angrypacket.com/advisories/0002_AP.vpnclient.txt
Reference: XF:ciscovpn-profile-name-bo(9376)
Reference: URL:http://www.iss.net/security_center/static/9376.php

---

Name: CVE-2002-1448

Description:

An undocumented SNMP read/write community string ('NoGaH$@!') in Avaya P330, P130, and M770-ATM Cajun products allows remote attackers to gain administrative privileges.

Status:Entry
Reference: BID:5396
Reference: URL:http://www.securityfocus.com/bid/5396
Reference: BUGTRAQ:20020805 SNMP vulnerability in AVAYA Cajun firmware
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0519.html
Reference: CONFIRM:http://support.avaya.com/security/Unauthorized_SNMP/index.jhtml
Reference: XF:avaya-cajun-default-snmp(9769)
Reference: URL:http://www.iss.net/security_center/static/9769.php

---

Name: CVE-2002-1463

Description:

Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor Models 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 generate easily predictable initial sequence numbers (ISN), which allows remote attackers to spoof connections.

Status:Entry
Reference: BID:5387
Reference: URL:http://www.securityfocus.com/bid/5387
Reference: BUGTRAQ:20020802 Security Advisory: Raptor Firewall Weak ISN Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0492.html
Reference: CONFIRM:http://www.symantec.com/techsupp/bulletin/archive/firewall/082002firewall.html
Reference: OSVDB:855
Reference: URL:http://www.osvdb.org/855
Reference: XF:symantec-tcp-seq-predict(12836)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/12836

---

Name: CVE-2002-1468

Description:

Buffer overflow in errpt in AIX 4.3.3 allows local users to execute arbitrary code as root.

Status:Entry
Reference: AIXAPAR:IY31997
Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q3/0007.html
Reference: BID:5885
Reference: URL:http://www.securityfocus.com/bid/5885

---

Name: CVE-2002-1469

Description:

scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs.

Status:Entry
Reference: BID:5526
Reference: URL:http://www.securityfocus.com/bid/5526
Reference: BUGTRAQ:20020820 vulnerabilities in scponly
Reference: URL:http://online.securityfocus.com/archive/1/288245
Reference: CONFIRM:http://www.sublimation.org/scponly/
Reference: XF:scponly-ssh-env-upload(9913)
Reference: URL:http://www.iss.net/security_center/static/9913.php

---

Name: CVE-2002-1471

Description:

The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote attackers to monitor or modify sessions via a man-in-the-middle attack.

Status:Entry
Reference: BID:5875
Reference: URL:http://www.securityfocus.com/bid/5875
Reference: BUGTRAQ:20021003 SSL certificate validation problems in Ximian Evolution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0045.html
Reference: XF:evolution-camel-certificate-mitm(10292)
Reference: URL:http://www.iss.net/security_center/static/10292.php

---

Name: CVE-2002-1472

Description:

Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module.

Status:Entry
Reference: BID:5735
Reference: URL:http://www.securityfocus.com/bid/5735
Reference: CONECTIVA:CLA-2002:529
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000529
Reference: OSVDB:11922
Reference: URL:http://www.osvdb.org/11922
Reference: REDHAT:RHSA-2003:066
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-066.html
Reference: REDHAT:RHSA-2003:067
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-067.html
Reference: SUSE:SuSE-SA:2002:032
Reference: URL:http://archives.neohapsis.com/archives/linux/suse/2002-q3/1116.html
Reference: XF:xfree86-x11-program-execution(10137)
Reference: URL:http://www.iss.net/security_center/static/10137.php

---

Name: CVE-2002-1476

Description:

Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and possibly other operating systems, when called with the LC_ALL category, allows local attackers to execute arbitrary code via a user-controlled locale string that has more than 6 elements, which exceeds the boundaries of the new_categories category array, as exploitable through programs such as xterm and zsh.

Status:Entry
Reference: BID:5724
Reference: URL:http://www.securityfocus.com/bid/5724
Reference: NETBSD:NetBSD-SA2002-012
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-012.txt.asc
Reference: OSVDB:7565
Reference: URL:http://www.osvdb.org/7565
Reference: XF:netbsd-libc-setlocale-bo(10159)
Reference: URL:http://www.iss.net/security_center/static/10159.php

---

Name: CVE-2002-1477

Description:

graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti administrators to execute arbitrary commands via shell metacharacters in the title during edit mode.

Status:Entry
Reference: BID:5627
Reference: URL:http://www.securityfocus.com/bid/5627
Reference: BUGTRAQ:20020903 Cacti security issues
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0028.html
Reference: DEBIAN:DSA-164
Reference: URL:http://www.debian.org/security/2002/dsa-164
Reference: MISC:http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt
Reference: XF:cacti-graph-label-commands(10048)
Reference: URL:http://www.iss.net/security_center/static/10048.php

---

Name: CVE-2002-1478

Description:

Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode.

Status:Entry
Reference: BID:5630
Reference: URL:http://www.securityfocus.com/bid/5630
Reference: BUGTRAQ:20020903 Cacti security issues
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0028.html
Reference: DEBIAN:DSA-164
Reference: URL:http://www.debian.org/security/2002/dsa-164
Reference: MISC:http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt
Reference: XF:cacti-console-mode-commands(10050)
Reference: URL:http://www.iss.net/security_center/static/10050.php

---

Name: CVE-2002-1479

Description:

Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges.

Status:Entry
Reference: BID:5628
Reference: URL:http://www.securityfocus.com/bid/5628
Reference: BUGTRAQ:20020903 Cacti security issues
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0028.html
Reference: MISC:http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt
Reference: XF:cacti-config-world-readable(10049)
Reference: URL:http://www.iss.net/security_center/static/10049.php

---

Name: CVE-2002-1490

Description:

NetBSD 1.4 through 1.6 beta allows local users to cause a denial of service (kernel panic) via a series of calls to the TIOCSCTTY ioctl, which causes an integer overflow in a structure counter and sets the counter to zero, which frees memory that is still in use by other processes.

Status:Entry
Reference: BID:5722
Reference: URL:http://www.securityfocus.com/bid/5722
Reference: NETBSD:NetBSD-SA2002-007
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-007.txt.asc
Reference: OSVDB:7566
Reference: URL:http://www.osvdb.org/7566
Reference: XF:netbsd-tiocsctty-ioctl-bo(10115)
Reference: URL:http://www.iss.net/security_center/static/10115.php

---

Name: CVE-2002-1491

Description:

The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most recently used login password in plaintext when saving "Default Connection" settings, which could allow local users to gain privileges.

Status:Entry
Reference: BID:5736
Reference: URL:http://www.securityfocus.com/bid/5736
Reference: CISCO:20020918 Cisco VPN 5000 Client Multiple Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/vpn5k-client-multiple-vuln-pub.shtml
Reference: OSVDB:7041
Reference: URL:http://www.osvdb.org/7041
Reference: XF:cisco-vpn5000-defaultconnection-password(10129)
Reference: URL:http://www.iss.net/security_center/static/10129.php

---

Name: CVE-2002-1493

Description:

Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook allows remote attackers to inject arbitrary script via (1) STYLE attributes or (2) SRC attributes in an IMG tag.

Status:Entry
Reference: BID:5728
Reference: URL:http://www.securityfocus.com/bid/5728
Reference: BUGTRAQ:20020914 Lycos HTMLGear Guestbook Script Injection Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0198.html
Reference: VULNWATCH:20020926 [VulnWatch] BugTraq ID: 5728
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0132.html
Reference: XF:guestgear-img-xss(12235)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/12235

---

Name: CVE-2002-1494

Description:

Cross-site scripting (XSS) vulnerabilities in Aestiva HTML/OS allows remote attackers to insert arbitrary HTML or script by inserting the script after a trailing / character, which inserts the script into the resulting error message.

Status:Entry
Reference: BID:5618
Reference: URL:http://www.securityfocus.com/bid/5618
Reference: BUGTRAQ:20020903 Cross-Site Scripting in Aestiva's HTML/OS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0026.html
Reference: XF:aestiva-htmlos-cgi-xss(10029)
Reference: URL:http://www.iss.net/security_center/static/10029.php

---

Name: CVE-2002-1496

Description:

Heap-based buffer overflow in Null HTTP Server 0.5.0 and earlier allows remote attackers to execute arbitrary code via a negative value in the Content-Length HTTP header.

Status:Entry
Reference: BID:5774
Reference: URL:http://www.securityfocus.com/bid/5774
Reference: BUGTRAQ:20020922 remote exploitable heap overflow in Null HTTPd 0.5.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0284.html
Reference: CONFIRM:http://freshmeat.net/releases/97910/
Reference: XF:null-httpd-contentlength-bo(10160)
Reference: URL:http://www.iss.net/security_center/static/10160.php

---

Name: CVE-2002-1497

Description:

Cross-site scripting (XSS) vulnerability in Null HTTP Server 0.5.0 and earlier allows remote attackers to insert arbitrary HTML into a "404 Not Found" response.

Status:Entry
Reference: BID:5603
Reference: URL:http://www.securityfocus.com/bid/5603
Reference: BUGTRAQ:20020902 XSS in Null HTTPd
Reference: CONFIRM:http://freshmeat.net/releases/97910/
Reference: XF:null-httpd-xss(10004)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10004

---

Name: CVE-2002-1501

Description:

The MPS functionality in Enterasys SSR8000 (Smart Switch Router) before firmware 8.3.0.10 allows remote attackers to cause a denial of service (crash) via multiple port scans to ports 15077 and 15078.

Status:Entry
Reference: BID:5703
Reference: URL:http://www.securityfocus.com/bid/5703
Reference: BUGTRAQ:20020913 Scan against Enterasys SSR8000 crash the system
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0141.html
Reference: MISC:http://www.enterasys.com/support/techtips/tk0659-9.html
Reference: XF:smartswitch-portscan-dos(10096)
Reference: URL:http://www.iss.net/security_center/static/10096.php

---

Name: CVE-2002-1502

Description:

Symbolic link vulnerability in xbreaky before 0.5.5 allows local users to overwrite arbitrary files via a symlink from the user's .breakyhighscores file to the target file.

Status:Entry
Reference: BID:5700
Reference: URL:http://www.securityfocus.com/bid/5700
Reference: BUGTRAQ:20020912 xbreaky symlink vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0131.html
Reference: CONFIRM:http://xbreaky.sourceforge.net/
Reference: XF:xbreaky-breakyhighscores-symlink(10078)
Reference: URL:http://www.iss.net/security_center/static/10078.php

---

Name: CVE-2002-1505

Description:

SQL injection vulnerability in board.php for WoltLab Burning Board (wBB) 2.0 RC 1 and earlier allows remote attackers to modify the database and possibly gain privileges via the boardid parameter.

Status:Entry
Reference: BID:5675
Reference: URL:http://www.securityfocus.com/bid/5675
Reference: BUGTRAQ:20020908 sql injection vulnerability in WBB 2.0 RC1 and below
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0083.html
Reference: XF:wbb-board-sql-injection(10069)
Reference: URL:http://www.iss.net/security_center/static/10069.php

---

Name: CVE-2002-1509

Description:

A patch for shadow-utils 20000902 causes the useradd command to create a mail spool files with read/write privileges of the new user's group (mode 660), which allows other users in the same group to read or modify the new user's incoming email.

Status:Entry
Reference: CONFIRM:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=75418
Reference: MANDRAKE:MDKSA-2003:026
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:026
Reference: REDHAT:RHSA-2003:057
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-057.html
Reference: REDHAT:RHSA-2003:058
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-058.html

---

Name: CVE-2002-1510

Description:

xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist.

Status:Entry
Reference: CONECTIVA:CLA-2002:533
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000533
Reference: MISC:http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG
Reference: REDHAT:RHSA-2003:064
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-064.html
Reference: REDHAT:RHSA-2003:065
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-065.html
Reference: SUNALERT:55602
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/55602
Reference: XF:xfree86-xdm-unauth-access(11389)
Reference: URL:http://www.iss.net/security_center/static/11389.php

---

Name: CVE-2002-1511

Description:

The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies.

Status:Entry
Reference: BID:6905
Reference: URL:http://www.securityfocus.com/bid/6905
Reference: CONECTIVA:CLSA-2003:640
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640
Reference: CONFIRM:http://changelogs.credativ.org/debian/pool/main/v/vnc/vnc_3.3.6-3/changelog
Reference: GENTOO:200302-15
Reference: URL:http://security.gentoo.org/glsa/glsa-200302-15.xml
Reference: MANDRAKE:MDKSA-2003:022
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:022
Reference: REDHAT:RHSA-2003:041
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-041.html
Reference: REDHAT:RHSA-2003:068
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-068.html
Reference: SUNALERT:56161
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/56161
Reference: XF:vnc-rand-weak-cookie(11384)
Reference: URL:http://www.iss.net/security_center/static/11384.php

---

Name: CVE-2002-1513

Description:

The UCX POP server in HP TCP/IP services for OpenVMS 4.2 through 5.3 allows local users to truncate arbitrary files via the -logfile command line option, which overrides file system permissions because the server runs with the SYSPRV and BYPASS privileges.

Status:Entry
Reference: BID:5790
Reference: URL:http://www.securityfocus.com/bid/5790
Reference: BUGTRAQ:20020927 OpenVMS POP server local vulnerability
Reference: URL:http://online.securityfocus.com/archive/1/293070
Reference: BUGTRAQ:20021001 [security bulletin] SSRT2371 HP OpenVMS Potential POP server local vulnerability (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0010.html
Reference: COMPAQ:SSRT2371
Reference: URL:http://archives.neohapsis.com/archives/compaq/2002-q4/0000.html
Reference: XF:openvms-pop-gain-privileges(10236)
Reference: URL:http://www.iss.net/security_center/static/10236.php

---

Name: CVE-2002-1514

Description:

gds_lock_mgr in Borland InterBase allows local users to overwrite files and gain privileges via a symlink attack on a "isc_init1.X" temporary file, as demonstrated by modifying the xinetdbd file.

Status:Entry
Reference: BID:5805
Reference: URL:http://www.securityfocus.com/bid/5805
Reference: BUGTRAQ:20020925 Borland Interbase local root exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0311.html
Reference: XF:interbase-gdslockmgr-bo(10196)
Reference: URL:http://www.iss.net/security_center/static/10196.php

---

Name: CVE-2002-1516

Description:

rpcbind in SGI IRIX, when using the -w command line switch, allows local users to overwrite arbitrary files via a symlink attack.

Status:Entry
Reference: BID:5889
Reference: URL:http://www.securityfocus.com/bid/5889
Reference: CIAC:N-004
Reference: URL:http://www.ciac.org/ciac/bulletins/n-004.shtml
Reference: SGI:20020903-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020903-01-P
Reference: XF:irix-rpcbind-w-symlink(10272)
Reference: URL:http://www.iss.net/security_center/static/10272.php

---

Name: CVE-2002-1517

Description:

fsr_efs in IRIX 6.5 allows local users to conduct unauthorized file activities via a symlink attack, possibly via the .fsrlast file.

Status:Entry
Reference: BID:5897
Reference: URL:http://www.securityfocus.com/bid/5897
Reference: CIAC:N-004
Reference: URL:http://www.ciac.org/ciac/bulletins/n-004.shtml
Reference: OSVDB:8579
Reference: URL:http://www.osvdb.org/8579
Reference: SGI:20020903-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020903-01-P
Reference: SGI:20020903-02-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020903-02-P
Reference: SGI:20021103-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021103-01-P
Reference: SGI:20021103-02-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20021103-02-P
Reference: XF:irix-fsr-efs-symlink(10275)
Reference: URL:http://www.iss.net/security_center/static/10275.php

---

Name: CVE-2002-1518

Description:

mv in IRIX 6.5 creates a directory with world-writable permissions while moving a directory, which could allow local users to modify files and directories.

Status:Entry
Reference: BID:5893
Reference: URL:http://www.securityfocus.com/bid/5893
Reference: CIAC:N-004
Reference: URL:http://www.ciac.org/ciac/bulletins/n-004.shtml
Reference: OSVDB:8580
Reference: URL:http://www.osvdb.org/8580
Reference: SGI:20020903-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20020903-01-P
Reference: XF:irix-mv-directory-insecure(10276)
Reference: URL:http://www.iss.net/security_center/static/10276.php

---

Name: CVE-2002-1519

Description:

Format string vulnerability in the CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the password parameter.

Status:Entry
Reference: BID:5814
Reference: URL:http://www.securityfocus.com/bid/5814
Reference: BUGTRAQ:20020926 Watchguard firewall appliances security issues
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0325.html
Reference: BUGTRAQ:20020927 Software Update Available for Legacy RapidStream Appliances and WatchGuard Firebox Vclass appliances
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0335.html
Reference: OSVDB:4924
Reference: URL:http://www.osvdb.org/4924
Reference: XF:firebox-vclass-cli-format-string(10217)
Reference: URL:http://www.iss.net/security_center/static/10217.php

---

Name: CVE-2002-1520

Description:

The CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, does not properly close the SSH connection when a -N option is provided during authentication, which allows remote attackers to access CLI with administrator privileges.

Status:Entry
Reference: BID:5815
Reference: URL:http://www.securityfocus.com/bid/5815
Reference: BUGTRAQ:20020926 Watchguard firewall appliances security issues
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0325.html
Reference: BUGTRAQ:20020927 Software Update Available for Legacy RapidStream Appliances and WatchGuard Firebox Vclass appliances
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0335.html
Reference: OSVDB:4831
Reference: URL:http://www.osvdb.org/4831
Reference: XF:firebox-vclass-cli-admin-privileges(10218)
Reference: URL:http://www.iss.net/security_center/static/10218.php

---

Name: CVE-2002-1521

Description:

Web Server 4D (WS4D) 3.6 stores passwords in plaintext in the Ws4d.4DD file, which allows attackers to gain privileges.

Status:Entry
Reference: BID:5803
Reference: URL:http://www.securityfocus.com/bid/5803
Reference: VULNWATCH:20020925 [SecurityOffice] Webserver 4D v3.6 Weak Password Preservation Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0128.html
Reference: XF:webserver-4d-plaintext-passwords(10198)
Reference: URL:http://www.iss.net/security_center/static/10198.php

---

Name: CVE-2002-1524

Description:

Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execute arbitrary code via a skin file (.wal) with a long include file tag.

Status:Entry
Reference: BID:5832
Reference: URL:http://www.securityfocus.com/bid/5832
Reference: BUGTRAQ:20020929 IIL Advisory: Winamp 3 (1.0.0.488) XML parser buffer overflow vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-09/0346.html
Reference: XF:winamp-xml-parser-bo(10228)
Reference: URL:http://www.iss.net/security_center/static/10228.php

---

Name: CVE-2002-1528

Description:

MsmMask.exe in MondoSearch 4.4 allows remote attackers to obtain the source code of scripts via the mask parameter.

Status:Entry
Reference: BID:5941
Reference: URL:http://www.securityfocus.com/bid/5941
Reference: BUGTRAQ:20021010 MondoSearch show the source of all files
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0147.html
Reference: XF:mondosearch-url-souce-disclosure(10350)
Reference: URL:http://www.iss.net/security_center/static/10350.php

---

Name: CVE-2002-1529

Description:

Cross-site scripting (XSS) vulnerability in msgError.asp for the administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows remote attackers to insert arbitrary script or HTML via the Reason parameter.

Status:Entry
Reference: BID:5928
Reference: URL:http://www.securityfocus.com/bid/5928
Reference: BUGTRAQ:20021008 Four Vulnerabilities in SurfControl's SuperScout Email Filter Administrative Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0137.html
Reference: XF:superscout-emailfilter-error-xss(10319)
Reference: URL:http://www.iss.net/security_center/static/10319.php

---

Name: CVE-2002-1530

Description:

The administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows users to obtain usernames and plaintext passwords via a request to the userlist.asp program, which includes the passwords in a user editing form.

Status:Entry
Reference: BID:5929
Reference: URL:http://www.securityfocus.com/bid/5929
Reference: BUGTRAQ:20021008 Four Vulnerabilities in SurfControl's SuperScout Email Filter Administrative Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0137.html
Reference: XF:superscout-emailfilter-plaintext-passwords(10320)
Reference: URL:http://www.iss.net/security_center/static/10320.php

---

Name: CVE-2002-1531

Description:

The administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows remote attackers to cause a denial of service (crash) via an HTTP request without a Content-Length parameter.

Status:Entry
Reference: BID:5930
Reference: URL:http://www.securityfocus.com/bid/5930
Reference: BUGTRAQ:20021008 Four Vulnerabilities in SurfControl's SuperScout Email Filter Administrative Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0137.html
Reference: XF:superscout-emailfilter-content-dos(10321)
Reference: URL:http://www.iss.net/security_center/static/10321.php

---

Name: CVE-2002-1532

Description:

The administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows remote attackers to cause a denial of service (resource exhaustion) via a GET request without the terminating /r/n/r/n (CRLF) sequence, which causes the interface to wait for the sequence and blocks other users from accessing it.

Status:Entry
Reference: BID:5931
Reference: URL:http://www.securityfocus.com/bid/5931
Reference: BUGTRAQ:20021008 Four Vulnerabilities in SurfControl's SuperScout Email Filter Administrative Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0137.html
Reference: XF:superscout-emailfilter-get-dos(10322)
Reference: URL:http://www.iss.net/security_center/static/10322.php

---

Name: CVE-2002-1534

Description:

Macromedia Flash Player allows remote attackers to read arbitrary files via XML script in a .swf file that is hosted on a remote SMB share.

Status:Entry
Reference: BID:5904
Reference: URL:http://www.securityfocus.com/bid/5904
Reference: BUGTRAQ:20021006 Flash player can read local files
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0083.html
Reference: XF:flash-xml-read-files(10297)
Reference: URL:http://www.iss.net/security_center/static/10297.php

---

Name: CVE-2002-1537

Description:

admin_ug_auth.php in phpBB 2.0.0 allows local users to gain administrator privileges by directly calling admin_ug_auth.php with modifed form fields such as "u".

Status:Entry
Reference: BID:6056
Reference: URL:http://www.securityfocus.com/bid/6056
Reference: BUGTRAQ:20021027 Privilege Escalation Vulnerability In phpBB 2.0.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0385.html
Reference: OSVDB:4284
Reference: URL:http://www.osvdb.org/4284
Reference: XF:phpbb-adminugauth-admin-privileges(10489)
Reference: URL:http://www.iss.net/security_center/static/10489.php

---

Name: CVE-2002-1538

Description:

Acuma Acusend 4, and possibly earlier versions, allows remote authenticated users to read the reports of other users by inferring the full URL, whose name is easily predictable.

Status:Entry
Reference: BID:6048
Reference: URL:http://www.securityfocus.com/bid/6048
Reference: BUGTRAQ:20021025 Sec-Tec advisory 24.10.02 Unauthorised file acces in Acuma
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0366.html
Reference: XF:acusend-unauthorized-file-access(10473)
Reference: URL:http://www.iss.net/security_center/static/10473.php

---

Name: CVE-2002-1540

Description:

The client for Symantec Norton AntiVirus Corporate Edition 7.5.x before 7.5.1 Build 62 and 7.6.x before 7.6.1 Build 35a runs winhlp32 with raised privileges, which allows local users to gain privileges by using certain features of winhlp32.

Status:Entry
Reference: BUGTRAQ:20021024 DH team: Norton Antivirus Corporate Edition Privilege Escalation
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0346.html
Reference: BUGTRAQ:20021025 RE: DH team: Norton Antivirus Corporate Edition Privilege Escalation, http://online.securityfocus.com/archive/1/296979/2002-10-22/2002-10-28/0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0369.html
Reference: OSVDB:6258
Reference: URL:http://www.osvdb.org/6258
Reference: XF:nav-winhlp32-gain-privileges(10475)
Reference: URL:http://www.iss.net/security_center/static/10475.php

---

Name: CVE-2002-1541

Description:

BadBlue 1.7 allows remote attackers to bypass password protections for directories and files via an HTTP request containing an extra / (slash).

Status:Entry
Reference: BID:6044
Reference: URL:http://www.securityfocus.com/bid/6044
Reference: VULNWATCH:20021024 [SecurityOffice] BadBlue Web Server v1.7 Protected File Access Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0041.html
Reference: XF:badblue-protected-file-access(10466)
Reference: URL:http://www.iss.net/security_center/static/10466.php

---

Name: CVE-2002-1543

Description:

Buffer overflow in trek on NetBSD 1.5 through 1.5.3 allows local users to gain privileges via long keyboard input.

Status:Entry
Reference: BID:6036
Reference: URL:http://www.securityfocus.com/bid/6036
Reference: NETBSD:NetBSD-SA2002-025
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2002-025.txt.asc
Reference: OSVDB:7570
Reference: URL:http://www.osvdb.org/7570
Reference: XF:trek-keyboard-input-bo(10458)
Reference: URL:http://www.iss.net/security_center/static/10458.php

---

Name: CVE-2002-1547

Description:

Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers to cause a denial of service via a malformed SSH packet to the Secure Command Shell (SCS) management interface, as demonstrated via certain CRC32 exploits, a different vulnerability than CVE-2001-0144.

Status:Entry
Reference: BUGTRAQ:20021101 (Correction) Netscreen SSH1 CRC32 Compensation Denial of service
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0446.html
Reference: BUGTRAQ:20021101 Netscreen SSH1 CRC32 Compensation Denial of service
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0443.html
Reference: CERT-VN:VU#930161
Reference: URL:http://www.kb.cert.org/vuls/id/930161
Reference: CONFIRM:http://www.netscreen.com/support/alerts/11_06_02.html
Reference: OSVDB:4376
Reference: URL:http://www.osvdb.org/4376
Reference: VULNWATCH:20021101 (Correction) Netscreen SSH1 CRC32 Compensation Denial of service
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0054.html
Reference: VULNWATCH:20021101 Netscreen SSH1 CRC32 Compensation Denial of service
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q4/0053.html
Reference: XF:netscreen-ssh-dos(10528)
Reference: URL:http://www.iss.net/security_center/static/10528.php

---

Name: CVE-2002-1548

Description:

Unknown vulnerability in autofs on AIX 4.3.0, when using executable maps, allows attackers to execute arbitrary commands as root, possibly related to "string handling around how the executable map is called."

Status:Entry
Reference: AIXAPAR:IY31934
Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q4/0002.html

---

Name: CVE-2002-1549

Description:

Buffer overflow in Light HTTPd (lhttpd) 0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request.

Status:Entry
Reference: BID:6162
Reference: URL:http://www.securityfocus.com/bid/6162
Reference: BUGTRAQ:20021112 Remote Buffer Overflow vulnerability in Light HTTPd
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-11/0138.html
Reference: XF:light-httpd-bo(10607)
Reference: URL:http://www.iss.net/security_center/static/10607.php

---

Name: CVE-2002-1550

Description:

dump_smutil.sh in IBM AIX allows local users to overwrite arbitrary files via a symlink attack on temporary files.

Status:Entry
Reference: AIXAPAR:IY34617
Reference: URL:http://archives.neohapsis.com/archives/aix/2002-q4/0002.html
Reference: BID:8802
Reference: URL:http://www.securityfocus.com/bid/8802

---

Name: CVE-2002-1552

Description:

Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows users with expired passwords to gain inappropriate permissions when logging in from Remote Manager.

Status:Entry
Reference: BID:6163
Reference: URL:http://www.securityfocus.com/bid/6163
Reference: BUGTRAQ:20021112 NOVL-2002-2963767 - Remote Manager Security Issue - eDir 8.6.2
Reference: URL:http://marc.info/?l=bugtraq&m=103712498905027&w=2
Reference: BUGTRAQ:20021112 NOVL-2002-2963827 - Remote Manager Security Issue - NW5.1
Reference: URL:http://marc.info/?l=bugtraq&m=103712790808781&w=2
Reference: XF:novell-edirectory-expired-accounts(10604)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10604

---

Name: CVE-2002-1560

Description:

index.php in gBook 1.4 allows remote attackers to bypass authentication and gain administrative privileges by setting the login parameter to true.

Status:Entry
Reference: BID:6033
Reference: URL:http://www.securityfocus.com/bid/6033
Reference: BUGTRAQ:20021022 gBook
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-10/0328.html
Reference: XF:gbook-mysql-admin-access(10455)
Reference: URL:http://www.iss.net/security_center/static/10455.php

---

Name: CVE-2002-1574

Description:

Buffer overflow in the ixj telephony card driver in Linux before 2.4.20 has unknown impact and attack vectors.

Status:Entry
Reference: BID:5985
Reference: URL:http://www.securityfocus.com/bid/5985
Reference: CIAC:N-096
Reference: URL:http://www.ciac.org/ciac/bulletins/n-096.shtml
Reference: REDHAT:RHSA-2002:205
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-205.html
Reference: REDHAT:RHSA-2002:206
Reference: URL:http://www.redhat.com/support/errata/RHSA-2002-206.html
Reference: REDHAT:RHSA-2004:044
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-044.html
Reference: REDHAT:RHSA-2004:106
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-106.html
Reference: XF:linux-ixj-root-privileges(10417)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10417

---

Name: CVE-2003-0002

Description:

Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter.

Status:Entry
Reference: BID:5922
Reference: URL:http://www.securityfocus.com/bid/5922
Reference: BUGTRAQ:20021007 CSS on Microsoft Content Management Server
Reference: URL:http://marc.info/?l=bugtraq&m=103417794800719&w=2
Reference: MS:MS03-002
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-002
Reference: XF:mcms-manuallogin-reasontxt-xss (10318)
Reference: URL:http://www.iss.net/security_center/static/10318.php

---

Name: CVE-2003-0003

Description:

Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.

Status:Entry
Reference: BID:6666
Reference: URL:http://www.securityfocus.com/bid/6666
Reference: BUGTRAQ:20030130 Microsoft RPC Locator Buffer Overflow Vulnerability (#NISR29012003)
Reference: URL:http://marc.info/?l=bugtraq&m=104394414713415&w=2
Reference: CERT:CA-2003-03
Reference: URL:http://www.cert.org/advisories/CA-2003-03.html
Reference: CERT-VN:VU#610986
Reference: URL:http://www.kb.cert.org/vuls/id/610986
Reference: MS:MS03-001
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-001
Reference: NTBUGTRAQ:20030130 Microsoft RPC Locator Buffer Overflow Vulnerability (#NISR29012003)
Reference: URL:http://marc.info/?l=ntbugtraq&m=104393588232166&w=2
Reference: OVAL:oval:org.mitre.oval:def:103
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A103
Reference: XF:win-locator-bo(11132)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/11132

---

Name: CVE-2003-0004

Description:

Buffer overflow in the Windows Redirector function in Microsoft Windows XP allows local users to execute arbitrary code via a long parameter.

Status:Entry
Reference: BID:6778
Reference: URL:http://www.securityfocus.com/bid/6778
Reference: BUGTRAQ:20030327 NSFOCUS SA2003-01: Microsoft Windows XP Redirector Local Buffer Overflow Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=104878038418534&w=2
Reference: MS:MS03-005
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-005
Reference: VULNWATCH:20030327 NSFOCUS SA2003-01: Microsoft Windows XP Redirector Local Buffer Overflow Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0154.html
Reference: XF:winxp-windows-redirector-bo(11260)
Reference: URL:http://www.iss.net/security_center/static/11260.php

---

Name: CVE-2003-0007

Description:

Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure."

Status:Entry
Reference: BID:6667
Reference: URL:http://www.securityfocus.com/bid/6667
Reference: MS:MS03-003
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-003
Reference: XF:outlook-v1-certificate-plaintext(11133)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/11133

---

Name: CVE-2003-0009

Description:

Cross-site scripting (XSS) vulnerability in Help and Support Center for Microsoft Windows Me allows remote attackers to execute arbitrary script in the Local Computer security context via an hcp:// URL with the malicious script in the topic parameter.

Status:Entry
Reference: BID:6966
Reference: URL:http://www.securityfocus.com/bid/6966
Reference: BUGTRAQ:20030227 MS-Windows ME IE/Outlook/HelpCenter critical vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=104636383018686&w=2
Reference: CERT-VN:VU#489721
Reference: URL:http://www.kb.cert.org/vuls/id/489721
Reference: CIAC:N-047
Reference: URL:http://www.ciac.org/ciac/bulletins/n-047.shtml
Reference: MS:MS03-006
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-006
Reference: OSVDB:6074
Reference: URL:http://www.osvdb.org/6074
Reference: XF:winme-hsc-hcp-bo(11425)
Reference: URL:http://www.iss.net/security_center/static/11425.php

---

Name: CVE-2003-0012

Description:

The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 sets world-writable permissions for the data/mining directory when it runs, which allows local users to modify or delete the data.

Status:Entry
Reference: BID:6502
Reference: URL:http://www.securityfocus.com/bid/6502
Reference: BUGTRAQ:20030102 [BUGZILLA] Security Advisory - remote database password disclosure
Reference: URL:http://marc.info/?l=bugtraq&m=104154319200399&w=2
Reference: DEBIAN:DSA-230
Reference: URL:http://www.debian.org/security/2003/dsa-230
Reference: REDHAT:RHSA-2003:012
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-012.html
Reference: XF:bugzilla-mining-world-writable(10971)
Reference: URL:http://www.iss.net/security_center/static/10971.php

---

Name: CVE-2003-0013

Description:

The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by directly accessing the backup file.

Status:Entry
Reference: BID:6501
Reference: URL:http://www.securityfocus.com/bid/6501
Reference: BUGTRAQ:20030102 [BUGZILLA] Security Advisory - remote database password disclosure
Reference: URL:http://marc.info/?l=bugtraq&m=104154319200399&w=2
Reference: DEBIAN:DSA-230
Reference: URL:http://www.debian.org/security/2003/dsa-230
Reference: OSVDB:6351
Reference: URL:http://www.osvdb.org/6351
Reference: XF:bugzilla-htaccess-database-password(10970)
Reference: URL:http://www.iss.net/security_center/static/10970.php

---

Name: CVE-2003-0015

Description:

Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.

Status:Entry
Reference: BID:6650
Reference: URL:http://www.securityfocus.com/bid/6650
Reference: BUGTRAQ:20030122 [security@slackware.com: [slackware-security] New CVS packages available]
Reference: URL:http://marc.info/?l=bugtraq&m=104333092200589&w=2
Reference: BUGTRAQ:20030124 Test program for CVS double-free.
Reference: URL:http://marc.info/?l=bugtraq&m=104342550612736&w=2
Reference: BUGTRAQ:20030202 Exploit for CVS double free() for Linux pserver
Reference: URL:http://marc.info/?l=bugtraq&m=104428571204468&w=2
Reference: CALDERA:CSSA-2003-006
Reference: CERT:CA-2003-02
Reference: URL:http://www.cert.org/advisories/CA-2003-02.html
Reference: CERT-VN:VU#650937
Reference: URL:http://www.kb.cert.org/vuls/id/650937
Reference: CIAC:N-032
Reference: URL:http://www.ciac.org/ciac/bulletins/n-032.shtml
Reference: CONFIRM:http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14
Reference: DEBIAN:DSA-233
Reference: URL:http://www.debian.org/security/2003/dsa-233
Reference: FREEBSD:FreeBSD-SA-03:01
Reference: URL:http://marc.info/?l=bugtraq&m=104438807203491&w=2
Reference: FULLDISC:20030120 Advisory 01/2003: CVS remote vulnerability
Reference: MANDRAKE:MDKSA-2003:009
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:009
Reference: MISC:http://security.e-matters.de/advisories/012003.html
Reference: REDHAT:RHSA-2003:012
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-012.html
Reference: REDHAT:RHSA-2003:013
Reference: URL:http://rhn.redhat.com/errata/RHSA-2003-013.html
Reference: SUSE:SuSE-SA:2003:0007
Reference: VULNWATCH:20030120 Advisory 01/2003: CVS remote vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0028.html
Reference: XF:cvs-doublefree-memory-corruption(11108)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/11108

---

Name: CVE-2003-0016

Description:

Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.

Status:Entry
Reference: BID:6659
Reference: URL:http://www.securityfocus.com/bid/6659
Reference: CERT-VN:VU#825177
Reference: URL:http://www.kb.cert.org/vuls/id/825177
Reference: CERT-VN:VU#979793
Reference: URL:http://www.kb.cert.org/vuls/id/979793
Reference: CONFIRM:http://www.apacheweek.com/issues/03-01-24#security
Reference: MLIST:[apache-httpd-announce] 20030120 [ANNOUNCE] Apache 2.0.44 Released
Reference: URL:http://marc.info/?l=apache-httpd-announce&m=104313442901017&w=2
Reference: MLIST:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
Reference: URL:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
Reference: URL:https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
Reference: URL:https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
Reference: URL:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
Reference: URL:https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/
Reference: URL:https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
Reference: XF:apache-device-code-execution(11125)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/11125
Reference: XF:apache-device-name-dos(11124)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/11124

---

Name: CVE-2003-0017

Description:

Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.

Status:Entry
Reference: CONFIRM:http://marc.info/?l=apache-httpd-announce&m=104313442901017&w=2
Reference: MLIST:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
Reference: URL:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
Reference: URL:https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
Reference: URL:https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
Reference: URL:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
Reference: URL:https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/
Reference: URL:https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E

---

Name: CVE-2003-0018

Description:

Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption.

Status:Entry
Reference: BID:6763
Reference: URL:http://www.securityfocus.com/bid/6763
Reference: CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@3e2f193drGJDBg9SG6JwaDQwCBnAMQ
Reference: DEBIAN:DSA-358
Reference: URL:http://www.debian.org/security/2003/dsa-358
Reference: DEBIAN:DSA-423
Reference: URL:http://www.debian.org/security/2004/dsa-423
Reference: MANDRAKE:MDKSA-2003:014
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:014
Reference: REDHAT:RHSA-2003:025
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-025.html
Reference: XF:linux-odirect-information-leak(11249)
Reference: URL:http://www.iss.net/security_center/static/11249.php

---

Name: CVE-2003-0019

Description:

uml_net in the kernel-utils package for Red Hat Linux 8.0 has incorrect setuid root privileges, which allows local users to modify network interfaces, e.g. by modifying ARP entries or placing interfaces into promiscuous mode.

Status:Entry
Reference: BID:6801
Reference: URL:http://www.securityfocus.com/bid/6801
Reference: CERT-VN:VU#134025
Reference: URL:http://www.kb.cert.org/vuls/id/134025
Reference: CIAC:N-044
Reference: URL:http://www.ciac.org/ciac/bulletins/n-044.shtml
Reference: REDHAT:RHSA-2003:056
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-056.html
Reference: XF:linux-umlnet-gain-privileges(11276)
Reference: URL:http://www.iss.net/security_center/static/11276.php

---

Name: CVE-2003-0020

Description:

Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.

Status:Entry
Reference: APPLE:APPLE-SA-2004-05-03
Reference: URL:http://marc.info/?l=bugtraq&m=108369640424244&w=2
Reference: BID:9930
Reference: URL:http://www.securityfocus.com/bid/9930
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.info/?l=bugtraq&m=104612710031920&w=2
Reference: BUGTRAQ:20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)
Reference: URL:http://marc.info/?l=bugtraq&m=108437852004207&w=2
Reference: GENTOO:GLSA-200405-22
Reference: URL:http://security.gentoo.org/glsa/glsa-200405-22.xml
Reference: HP:SSRT4717
Reference: URL:http://marc.info/?l=bugtraq&m=108731648532365&w=2
Reference: MANDRAKE:MDKSA-2003:050
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:050
Reference: MANDRAKE:MDKSA-2004:046
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046
Reference: MLIST:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
Reference: URL:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
Reference: URL:https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
Reference: URL:https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
Reference: URL:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
Reference: URL:https://lists.apache.org/thread.html/rd00b45b93fda4a5bd013b28587207d0e00f99f6e3308dbb6025f3b01@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/
Reference: URL:https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
Reference: OVAL:oval:org.mitre.oval:def:100109
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100109
Reference: OVAL:oval:org.mitre.oval:def:150
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A150
Reference: OVAL:oval:org.mitre.oval:def:4114
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4114
Reference: REDHAT:RHSA-2003:082
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-082.html
Reference: REDHAT:RHSA-2003:083
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-083.html
Reference: REDHAT:RHSA-2003:104
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-104.html
Reference: REDHAT:RHSA-2003:139
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-139.html
Reference: REDHAT:RHSA-2003:243
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-243.html
Reference: REDHAT:RHSA-2003:244
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-244.html
Reference: SLACKWARE:SSA:2004-133
Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643
Reference: SUNALERT:101555
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1
Reference: SUNALERT:57628
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1
Reference: TRUSTIX:2004-0017
Reference: URL:http://www.trustix.org/errata/2004/0017
Reference: TRUSTIX:2004-0027
Reference: URL:http://www.trustix.org/errata/2004/0027
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: XF:apache-esc-seq-injection(11412)
Reference: URL:http://www.iss.net/security_center/static/11412.php

---

Name: CVE-2003-0021

Description:

The "screen dump" feature in Eterm 0.9.1 and earlier allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence.

Status:Entry
Reference: BID:6936
Reference: URL:http://www.securityfocus.com/bid/6936
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.info/?l=bugtraq&m=104612710031920&w=2
Reference: GENTOO:GLSA-200303-1
Reference: MANDRAKE:MDKSA-2003:040
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:040
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: XF:terminal-emulator-screen-dump(11413)
Reference: URL:http://www.iss.net/security_center/static/11413.php

---

Name: CVE-2003-0022

Description:

The "screen dump" feature in rxvt 2.7.8 allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence.

Status:Entry
Reference: BID:6938
Reference: URL:http://www.securityfocus.com/bid/6938
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.info/?l=bugtraq&m=104612710031920&w=2
Reference: MANDRAKE:MDKSA-2003:034
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:034
Reference: REDHAT:RHSA-2003:054
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-054.html
Reference: REDHAT:RHSA-2003:055
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-055.html
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: XF:terminal-emulator-screen-dump(11413)
Reference: URL:http://www.iss.net/security_center/static/11413.php

---

Name: CVE-2003-0023

Description:

The menuBar feature in rxvt 2.7.8 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu.

Status:Entry
Reference: BID:6947
Reference: URL:http://www.securityfocus.com/bid/6947
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.info/?l=bugtraq&m=104612710031920&w=2
Reference: MANDRAKE:MDKSA-2003:034
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:034
Reference: REDHAT:RHSA-2003:054
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-054.html
Reference: REDHAT:RHSA-2003:055
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-055.html
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: XF:terminal-emulator-menu-modification(11416)
Reference: URL:http://www.iss.net/security_center/static/11416.php

---

Name: CVE-2003-0024

Description:

The menuBar feature in aterm 0.42 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu.

Status:Entry
Reference: BID:6949
Reference: URL:http://www.securityfocus.com/bid/6949
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.info/?l=bugtraq&m=104612710031920&w=2
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: XF:terminal-emulator-menu-modification(11416)
Reference: URL:http://www.iss.net/security_center/static/11416.php

---

Name: CVE-2003-0027

Description:

Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.

Status:Entry
Reference: BID:6665
Reference: URL:http://www.securityfocus.com/bid/6665
Reference: BUGTRAQ:20030122 Entercept Ricochet Advisory: Sun Solaris KCMS Library Service Daemon Arbitrary File Retrieval Vulner
Reference: URL:http://marc.info/?l=bugtraq&m=104326556329850&w=2
Reference: CERT-VN:VU#850785
Reference: URL:http://www.kb.cert.org/vuls/id/850785
Reference: MISC:http://www.entercept.com/news/uspr/01-22-03.asp
Reference: OVAL:oval:org.mitre.oval:def:120
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A120
Reference: OVAL:oval:org.mitre.oval:def:195
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A195
Reference: OVAL:oval:org.mitre.oval:def:2592
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A2592
Reference: SUNALERT:50104
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/50104
Reference: XF:solaris-kcms-directory-traversal(11129)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/11129

---

Name: CVE-2003-0032

Description:

Memory leak in libmcrypt before 2.5.5 allows attackers to cause a denial of service (memory exhaustion) via a large number of requests to the application, which causes libmcrypt to dynamically load algorithms via libtool.

Status:Entry
Reference: BID:6512
Reference: URL:http://www.securityfocus.com/bid/6512
Reference: BUGTRAQ:20030103 Multiple libmcrypt vulnerabilities
Reference: URL:http://marc.info/?l=bugtraq&m=104162752401212&w=2
Reference: BUGTRAQ:20030105 GLSA: libmcrypt
Reference: URL:http://marc.info/?l=bugtraq&m=104188513728573&w=2
Reference: CONECTIVA:CLA-2003:567
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000567
Reference: DEBIAN:DSA-228
Reference: URL:http://www.debian.org/security/2003/dsa-228
Reference: SUSE:SuSE-SA:2003:0010
Reference: XF:libmcrypt-libtool-memory-leak(10988)
Reference: URL:http://www.iss.net/security_center/static/10988.php

---

Name: CVE-2003-0033

Description:

Buffer overflow in the RPC preprocessor for Snort 1.8 and 1.9.x before 1.9.1 allows remote attackers to execute arbitrary code via fragmented RPC packets.

Status:Entry
Reference: BID:6963
Reference: URL:http://www.securityfocus.com/bid/6963
Reference: BUGTRAQ:20030303 Snort RPC Vulnerability (fwd)
Reference: URL:http://marc.info/?l=bugtraq&m=104673386226064&w=2
Reference: CERT:CA-2003-13
Reference: URL:http://www.cert.org/advisories/CA-2003-13.html
Reference: CERT-VN:VU#916785
Reference: URL:http://www.kb.cert.org/vuls/id/916785
Reference: DEBIAN:DSA-297
Reference: URL:http://www.debian.org/security/2003/dsa-297
Reference: ENGARDE:ESA-20030307-007
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2944.html
Reference: GENTOO:GLSA-200303-6.1
Reference: URL:http://marc.info/?l=bugtraq&m=104716001503409&w=2
Reference: GENTOO:GLSA-200304-06
Reference: URL:http://marc.info/?l=bugtraq&m=105154530427824&w=2
Reference: ISS:20030303 Snort RPC Preprocessing Vulnerability
Reference: URL:http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21951
Reference: MANDRAKE:MDKSA-2003:029
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:029
Reference: OSVDB:4418
Reference: URL:http://www.osvdb.org/4418
Reference: XF:snort-rpc-fragment-bo(10956)
Reference: URL:http://www.iss.net/security_center/static/10956.php

---

Name: CVE-2003-0039

Description:

ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (packet storm) via a certain BOOTP packet that is forwarded to a broadcast MAC address, causing an infinite loop that is not restricted by a hop count.

Status:Entry
Reference: BID:6628
Reference: URL:http://www.securityfocus.com/bid/6628
Reference: BUGTRAQ:20030115 DoS against DHCP infrastructure with isc dhcrelay
Reference: URL:http://marc.info/?l=bugtraq&m=104310927813830&w=2
Reference: BUGTRAQ:20030219 [OpenPKG-SA-2003.012] OpenPKG Security Advisory (dhcpd)
Reference: URL:http://www.openpkg.org/security/OpenPKG-SA-2003.012-dhcpd.html
Reference: CERT-VN:VU#149953
Reference: URL:http://www.kb.cert.org/vuls/id/149953
Reference: CONECTIVA:CLSA-2003:616
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000616
Reference: DEBIAN:DSA-245
Reference: URL:http://www.debian.org/security/2003/dsa-245
Reference: REDHAT:RHSA-2003:034
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-034.html
Reference: TURBO:TLSA-2003-26
Reference: URL:http://cc.turbolinux.com/security/TLSA-2003-26.txt
Reference: XF:dhcp-dhcrelay-dos(11187)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/11187

---

Name: CVE-2003-0040

Description:

SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.

Status:Entry
Reference: BID:6738
Reference: URL:http://www.securityfocus.com/bid/6738
Reference: DEBIAN:DSA-247
Reference: URL:http://www.debian.org/security/2003/dsa-247
Reference: XF:courierimap-authmysqllib-sql-injection(11213)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/11213

---

Name: CVE-2003-0043

Description:

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file.

Status:Entry
Reference: BID:6722
Reference: URL:http://www.securityfocus.com/bid/6722
Reference: CIAC:N-060
Reference: URL:http://www.ciac.org/ciac/bulletins/n-060.shtml
Reference: CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/
Reference: CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
Reference: DEBIAN:DSA-246
Reference: URL:http://www.debian.org/security/2003/dsa-246
Reference: HP:HPSBUX0303-249
Reference: URL:http://www.securityfocus.com/advisories/5111
Reference: XF:tomcat-webxml-read-files(11195)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/11195

---

Name: CVE-2003-0045

Description:

Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp.

Status:Entry
Reference: CONFIRM:http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt
Reference: XF:jakarta-tomcat-msdos-dos(12102)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/12102

---

Name: CVE-2003-0050

Description:

parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters.

Status:Entry
Reference: ATSTAKE:A032403-1
Reference: BID:6954
Reference: URL:http://www.securityfocus.com/bid/6954
Reference: BUGTRAQ:20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
Reference: URL:http://marc.info/?l=bugtraq&m=104618904330226&w=2
Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
Reference: XF:quicktime-darwin-command-execution(11401)
Reference: URL:http://www.iss.net/security_center/static/11401.php

---

Name: CVE-2003-0051

Description:

parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to obtain the physical path of the server's installation path via a NULL file parameter.

Status:Entry
Reference: ATSTAKE:A032403-1
Reference: BID:6956
Reference: URL:http://www.securityfocus.com/bid/6956
Reference: BUGTRAQ:20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
Reference: URL:http://marc.info/?l=bugtraq&m=104618904330226&w=2
Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
Reference: XF:quicktime-darwin-path-disclosure(11402)
Reference: URL:http://www.iss.net/security_center/static/11402.php

---

Name: CVE-2003-0052

Description:

parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to list arbitrary directories.

Status:Entry
Reference: ATSTAKE:A032403-1
Reference: BID:6955
Reference: URL:http://www.securityfocus.com/bid/6955
Reference: BUGTRAQ:20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
Reference: URL:http://marc.info/?l=bugtraq&m=104618904330226&w=2
Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
Reference: XF:quicktime-darwin-directory-disclosure(11403)
Reference: URL:http://www.iss.net/security_center/static/11403.php

---

Name: CVE-2003-0053

Description:

Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message.

Status:Entry
Reference: ATSTAKE:A032403-1
Reference: BID:6958
Reference: URL:http://www.securityfocus.com/bid/6958
Reference: BUGTRAQ:20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
Reference: URL:http://marc.info/?l=bugtraq&m=104618904330226&w=2
Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
Reference: XF:quicktime-darwin-parsexml-xss(11404)
Reference: URL:http://www.iss.net/security_center/static/11404.php

---

Name: CVE-2003-0054

Description:

Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute certain code via a request to port 7070 with the script in an argument to the rtsp DESCRIBE method, which is inserted into a log file and executed when the log is viewed using a browser.

Status:Entry
Reference: ATSTAKE:A032403-1
Reference: BID:6960
Reference: URL:http://www.securityfocus.com/bid/6960
Reference: BUGTRAQ:20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
Reference: URL:http://marc.info/?l=bugtraq&m=104618904330226&w=2
Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
Reference: XF:quicktime-darwin-describe-xss(11405)
Reference: URL:http://www.iss.net/security_center/static/11405.php

---

Name: CVE-2003-0055

Description:

Buffer overflow in the MP3 broadcasting module of Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via a long filename.

Status:Entry
Reference: ATSTAKE:A032403-1
Reference: BID:6957
Reference: URL:http://www.securityfocus.com/bid/6957
Reference: BUGTRAQ:20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities
Reference: URL:http://marc.info/?l=bugtraq&m=104618904330226&w=2
Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
Reference: XF:quicktime-darwin-mp3-bo(11406)
Reference: URL:http://www.iss.net/security_center/static/11406.php

---

Name: CVE-2003-0058

Description:

MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference.

Status:Entry
Reference: BID:6683
Reference: URL:http://www.securityfocus.com/bid/6683
Reference: CERT-VN:VU#661243
Reference: URL:http://www.kb.cert.org/vuls/id/661243
Reference: CONECTIVA:CLSA-2003:639
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt
Reference: MANDRAKE:MDKSA-2003:043
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:043
Reference: OVAL:oval:org.mitre.oval:def:1110
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1110
Reference: REDHAT:RHSA-2003:051
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-051.html
Reference: REDHAT:RHSA-2003:052
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-052.html
Reference: REDHAT:RHSA-2003:168
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-168.html
Reference: SUNALERT:50142
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/50142
Reference: XF:kerberos-kdc-null-pointer-dos(10099)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/10099

---

Name: CVE-2003-0059

Description:

Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys.

Status:Entry
Reference: BID:6714
Reference: URL:http://www.securityfocus.com/bid/6714
Reference: CERT-VN:VU#684563
Reference: URL:http://www.kb.cert.org/vuls/id/684563
Reference: CONECTIVA:CLSA-2003:639
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000639
Reference: CONFIRM:http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt
Reference: MANDRAKE:MDKSA-2003:043
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:043
Reference: REDHAT:RHSA-2003:051
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-051.html
Reference: REDHAT:RHSA-2003:052
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-052.html
Reference: REDHAT:RHSA-2003:168
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-168.html
Reference: XF:kerberos-kdc-user-spoofing(11188)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/11188

---

Name: CVE-2003-0062

Description:

Buffer overflow in Eset Software NOD32 for UNIX before 1.013 allows local users to execute arbitrary code via a long path name.

Status:Entry
Reference: BID:6803
Reference: URL:http://www.securityfocus.com/bid/6803
Reference: BUGTRAQ:20030210 iDEFENSE Security Advisory 02.10.03: Buffer Overflow In NOD32 Antivirus Software for Unix
Reference: URL:http://marc.info/?l=bugtraq&m=104490777824360&w=2
Reference: MISC:http://www.idefense.com/advisory/02.10.03.txt
Reference: XF:nod32-pathname-bo(11282)
Reference: URL:http://www.iss.net/security_center/static/11282.php

---

Name: CVE-2003-0063

Description:

The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

Status:Entry
Reference: BID:6940
Reference: URL:http://www.securityfocus.com/bid/6940
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.info/?l=bugtraq&m=104612710031920&w=2
Reference: DEBIAN:DSA-380
Reference: URL:http://www.debian.org/security/2003/dsa-380
Reference: REDHAT:RHSA-2003:064
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-064.html
Reference: REDHAT:RHSA-2003:065
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-065.html
Reference: REDHAT:RHSA-2003:066
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-066.html
Reference: REDHAT:RHSA-2003:067
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-067.html
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: XF:terminal-emulator-window-title(11414)
Reference: URL:http://www.iss.net/security_center/static/11414.php

---

Name: CVE-2003-0064

Description:

The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

Status:Entry
Reference: BID:6942
Reference: URL:http://www.securityfocus.com/bid/6942
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.info/?l=bugtraq&m=104612710031920&w=2
Reference: HP:HPSBUX0401-309
Reference: URL:http://www.securityfocus.com/advisories/6236
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: XF:terminal-emulator-window-title(11414)
Reference: URL:http://www.iss.net/security_center/static/11414.php

---

Name: CVE-2003-0065

Description:

The uxterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

Status:Entry
Reference: BID:6945
Reference: URL:http://www.securityfocus.com/bid/6945
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.info/?l=bugtraq&m=104612710031920&w=2
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: XF:terminal-emulator-window-title(11414)
Reference: URL:http://www.iss.net/security_center/static/11414.php

---

Name: CVE-2003-0066

Description:

The rxvt terminal emulator 2.7.8 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

Status:Entry
Reference: BID:6953
Reference: URL:http://www.securityfocus.com/bid/6953
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.info/?l=bugtraq&m=104612710031920&w=2
Reference: GENTOO:200303-16
Reference: URL:http://www.securityfocus.com/advisories/5137
Reference: MANDRAKE:MDKSA-2003:003
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:003
Reference: REDHAT:RHSA-2003:054
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-054.html
Reference: REDHAT:RHSA-2003:055
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-055.html
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: XF:terminal-emulator-window-title(11414)
Reference: URL:http://www.iss.net/security_center/static/11414.php

---

Name: CVE-2003-0067

Description:

The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

Status:Entry
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.info/?l=bugtraq&m=104612710031920&w=2
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: XF:terminal-emulator-window-title(11414)
Reference: URL:http://www.iss.net/security_center/static/11414.php

---

Name: CVE-2003-0068

Description:

The Eterm terminal emulator 0.9.1 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

Status:Entry
Reference: BID:10237
Reference: URL:http://www.securityfocus.com/bid/10237
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.info/?l=bugtraq&m=104612710031920&w=2
Reference: DEBIAN:DSA-496
Reference: URL:http://www.debian.org/security/2004/dsa-496
Reference: GENTOO:GLSA-200303-1
Reference: MANDRAKE:MDKSA-2003:040
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:040
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: XF:terminal-emulator-window-title(11414)
Reference: URL:http://www.iss.net/security_center/static/11414.php

---

Name: CVE-2003-0069

Description:

The PuTTY terminal emulator 0.53 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

Status:Entry
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.info/?l=bugtraq&m=104612710031920&w=2
Reference: OSVDB:8347
Reference: URL:http://www.osvdb.org/8347
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: XF:terminal-emulator-window-title(11414)
Reference: URL:http://www.iss.net/security_center/static/11414.php

---

Name: CVE-2003-0070

Description:

VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

Status:Entry
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.info/?l=bugtraq&m=104612710031920&w=2
Reference: GENTOO:GLSA-200303-2
Reference: URL:http://seclists.org/lists/bugtraq/2003/Mar/0010.html
Reference: REDHAT:RHSA-2003:053
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-053.html
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: XF:terminal-emulator-window-title(11414)
Reference: URL:http://www.iss.net/security_center/static/11414.php

---

Name: CVE-2003-0071

Description:

The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.

Status:Entry
Reference: BID:6950
Reference: URL:http://www.securityfocus.com/bid/6950
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.info/?l=bugtraq&m=104612710031920&w=2
Reference: DEBIAN:DSA-380
Reference: URL:http://www.debian.org/security/2003/dsa-380
Reference: REDHAT:RHSA-2003:064
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-064.html
Reference: REDHAT:RHSA-2003:065
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-065.html
Reference: REDHAT:RHSA-2003:066
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-066.html
Reference: REDHAT:RHSA-2003:067
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-067.html
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: XF:terminal-emulator-dec-udk(11415)
Reference: URL:http://www.iss.net/security_center/static/11415.php

---

Name: CVE-2003-0073

Description:

Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user.

Status:Entry
Reference: BID:6718
Reference: URL:http://www.securityfocus.com/bid/6718
Reference: BUGTRAQ:20030129 [OpenPKG-SA-2003.008] OpenPKG Security Advisory (mysql)
Reference: URL:http://marc.info/?l=bugtraq&m=104385719107879&w=2
Reference: CONECTIVA:CLA-2003:743
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000743
Reference: CONFIRM:http://www.mysql.com/doc/en/News-3.23.55.html
Reference: DEBIAN:DSA-303
Reference: URL:http://www.debian.org/security/2003/dsa-303
Reference: ENGARDE:ESA-20030220-004
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2873.html
Reference: MANDRAKE:MDKSA-2003:013
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:013
Reference: OVAL:oval:org.mitre.oval:def:436
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A436
Reference: REDHAT:RHSA-2003:093
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-093.html
Reference: REDHAT:RHSA-2003:094
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-094.html
Reference: REDHAT:RHSA-2003:166
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-166.html
Reference: XF:mysql-mysqlchangeuser-doublefree-dos(11199)
Reference: URL:http://www.iss.net/security_center/static/11199.php

---

Name: CVE-2003-0075

Description:

Integer signedness error in the myFseek function of samplein.c for Blade encoder (BladeEnc) 0.94.2 and earlier allows remote attackers to execute arbitrary code via a negative offset value following a "fmt" wave chunk.

Status:Entry
Reference: BID:6745
Reference: URL:http://www.securityfocus.com/bid/6745
Reference: BUGTRAQ:20030202 Bladeenc 0.94.2 code execution
Reference: URL:http://marc.info/?l=bugtraq&m=104428700106672&w=2
Reference: GENTOO:GLSA-200302-04
Reference: URL:http://marc.info/?l=bugtraq&m=104446346127432&w=2
Reference: MISC:http://www.pivx.com/luigi/adv/blade942-adv.txt
Reference: XF:bladeenc-myfseek-code-execution(11227)
Reference: URL:http://www.iss.net/security_center/static/11227.php

---

Name: CVE-2003-0077

Description:

The hanterm (hanterm-xf) terminal emulator 2.0.5 and earlier, and possibly later versions, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.

Status:Entry
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.info/?l=bugtraq&m=104612710031920&w=2
Reference: OSVDB:4917
Reference: URL:http://www.osvdb.org/4917
Reference: REDHAT:RHSA-2003:070
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-070.html
Reference: REDHAT:RHSA-2003:071
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-071.html
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: XF:terminal-emulator-window-title(11414)
Reference: URL:http://www.iss.net/security_center/static/11414.php

---

Name: CVE-2003-0078

Description:

ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack."

Status:Entry
Reference: BID:6884
Reference: URL:http://www.securityfocus.com/bid/6884
Reference: BUGTRAQ:20030219 OpenSSL 0.9.7a and 0.9.6i released
Reference: URL:http://marc.info/?l=bugtraq&m=104567627211904&w=2
Reference: BUGTRAQ:20030219 [OpenPKG-SA-2003.013] OpenPKG Security Advisory (openssl)
Reference: URL:http://marc.info/?l=bugtraq&m=104568426824439&w=2
Reference: CIAC:N-051
Reference: URL:http://www.ciac.org/ciac/bulletins/n-051.shtml
Reference: CONECTIVA:CLSA-2003:570
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000570
Reference: CONFIRM:http://www.openssl.org/news/secadv_20030219.txt
Reference: DEBIAN:DSA-253
Reference: URL:http://www.debian.org/security/2003/dsa-253
Reference: ENGARDE:ESA-20030220-005
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-2874.html
Reference: FREEBSD:FreeBSD-SA-03:02
Reference: GENTOO:GLSA-200302-10
Reference: URL:http://marc.info/?l=bugtraq&m=104577183206905&w=2
Reference: MANDRAKE:MDKSA-2003:020
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:020
Reference: NETBSD:NetBSD-SA2003-001
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-001.txt.asc
Reference: OSVDB:3945
Reference: URL:http://www.osvdb.org/3945
Reference: REDHAT:RHSA-2003:062
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-062.html
Reference: REDHAT:RHSA-2003:063
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-063.html
Reference: REDHAT:RHSA-2003:082
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-082.html
Reference: REDHAT:RHSA-2003:104
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-104.html
Reference: REDHAT:RHSA-2003:205
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-205.html
Reference: SGI:20030501-01-I
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I
Reference: SUSE:SuSE-SA:2003:011
Reference: TRUSTIX:2003-0005
Reference: URL:http://www.trustix.org/errata/2003/0005
Reference: XF:ssl-cbc-information-leak(11369)
Reference: URL:http://www.iss.net/security_center/static/11369.php

---

Name: CVE-2003-0079

Description:

The DEC UDK processing feature in the hanterm (hanterm-xf) terminal emulator before 2.0.5 allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.

Status:Entry
Reference: BID:6944
Reference: URL:http://www.securityfocus.com/bid/6944
Reference: BUGTRAQ:20030224 Terminal Emulator Security Issues
Reference: URL:http://marc.info/?l=bugtraq&m=104612710031920&w=2
Reference: OSVDB:4918
Reference: URL:http://www.osvdb.org/4918
Reference: REDHAT:RHSA-2003:070
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-070.html
Reference: REDHAT:RHSA-2003:071
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-071.html
Reference: VULNWATCH:20030224 Terminal Emulator Security Issues
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0093.html
Reference: XF:terminal-emulator-dec-udk(11415)
Reference: URL:http://www.iss.net/security_center/static/11415.php

---

Name: CVE-2003-0081

Description:

Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers.

Status:Entry
Reference: BID:7049
Reference: URL:http://www.securityfocus.com/bid/7049
Reference: CONECTIVA:CLSA-2003:627
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000627
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00008.html
Reference: DEBIAN:DSA-258
Reference: URL:http://www.debian.org/security/2003/dsa-258
Reference: FULLDISC:20030308 Ethereal format string bug, yet still ethereal much better than windows
Reference: URL:http://seclists.org/lists/fulldisclosure/2003/Mar/0080.html
Reference: GENTOO:GLSA-200303-10
Reference: URL:http://www.linuxsecurity.com/advisories/gentoo_advisory-2949.html
Reference: MANDRAKE:MDKSA-2003:051
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2003:051
Reference: MISC:http://www.guninski.com/etherre.html
Reference: OVAL:oval:org.mitre.oval:def:54
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A54
Reference: REDHAT:RHSA-2003:076
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-076.html
Reference: REDHAT:RHSA-2003:077
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-077.html
Reference: SUSE:SuSE-SA:2003:019
Reference: URL:http://www.novell.com/linux/security/advisories/2003_019_ethereal.html
Reference: XF:ethereal-socks-format-string(11497)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/11497

---

Name: CVE-2003-0087

Description:

Buffer overflow in libIM library (libIM.a) for National Language Support (NLS) on AIX 4.3 through 5.2 allows local users to gain privileges via several possible attack vectors, including a long -im argument to aixterm.

Status:Entry
Reference: AIXAPAR:IY40307
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY40307&apar=only
Reference: AIXAPAR:IY40317
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY40317&apar=only
Reference: AIXAPAR:IY40320
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY40320&apar=only
Reference: BID:6840
Reference: URL:http://www.securityfocus.com/bid/6840
Reference: BUGTRAQ:20030212 iDEFENSE Security Advisory 02.12.03: Buffer Overflow in AIX libIM.a
Reference: URL:http://marc.info/?l=bugtraq&m=104508375107938&w=2
Reference: BUGTRAQ:20030212 libIM.a buffer overflow vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=104508833214691&w=2
Reference: MISC:http://www.idefense.com/advisory/02.12.03.txt
Reference: OSVDB:7996
Reference: URL:http://www.osvdb.org/7996
Reference: VULNWATCH:20030212 iDEFENSE Security Advisory 02.12.03: Buffer Overflow in AIX libIM.a
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0066.html
Reference: XF:aix-aixterm-libim-bo(11309)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/11309

---

Name: CVE-2003-0088

Description:

TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to overwrite or create arbitrary files and gain root privileges by setting a certain environment variable that is used to write debugging information.

Status:Entry
Reference: ATSTAKE:A021403-1
Reference: URL:http://www.atstake.com/research/advisories/2003/a021403-1.txt
Reference: BID:6859
Reference: URL:http://www.securityfocus.com/bid/6859
Reference: CONFIRM:http://docs.info.apple.com/article.html?artnum=61798
Reference: CONFIRM:http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt
Reference: XF:macos-trublueenvironment-gain-privileges(11332)
Reference: URL:http://www.iss.net/security_center/static/11332.php

---

Name: CVE-2003-0093

Description:

The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service (crash) via an invalid RADIUS packet with a header length field of 0, which causes tcpdump to generate data within an infinite loop.

Status:Entry
Reference: DEBIAN:DSA-261
Reference: URL:http://www.debian.org/security/2003/dsa-261
Reference: MANDRAKE:MDKSA-2003:027
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027
Reference: MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=81585
Reference: REDHAT:RHSA-2003:032
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-032.html
Reference: REDHAT:RHSA-2003:033
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-033.html
Reference: REDHAT:RHSA-2003:214
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-214.html
Reference: XF:tcpdump-radius-decoder-dos(11324)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/11324

---

Name: CVE-2003-0094

Description:

A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed.

Status:Entry
Reference: BID:6855
Reference: URL:http://www.securityfocus.com/bid/6855
Reference: MANDRAKE:MDKSA-2003:016
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:016
Reference: XF:utillinux-mcookie-cookie-predictable(11318)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/11318

---

Name: CVE-2003-0095

Description:

Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP.

Status:Entry
Reference: BID:6849
Reference: URL:http://www.securityfocus.com/bid/6849
Reference: BUGTRAQ:20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)
Reference: URL:http://marc.info/?l=bugtraq&m=104549693426042&w=2
Reference: CERT:CA-2003-05
Reference: URL:http://www.cert.org/advisories/CA-2003-05.html
Reference: CERT-VN:VU#953746
Reference: URL:http://www.kb.cert.org/vuls/id/953746
Reference: CIAC:N-046
Reference: URL:http://www.ciac.org/ciac/bulletins/n-046.shtml
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/2003alert51.pdf
Reference: OSVDB:6319
Reference: URL:http://www.osvdb.org/6319
Reference: VULNWATCH:20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)
Reference: XF:oracle-username-bo(11328)
Reference: URL:http://www.iss.net/security_center/static/11328.php

---

Name: CVE-2003-0097

Description:

Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings (cgi.force_redirect or --enable-force-cgi-redirect).

Status:Entry
Reference: BID:6875
Reference: URL:http://www.securityfocus.com/bid/6875
Reference: BUGTRAQ:20030217 PHP Security Advisory: CGI vulnerability in PHP version 4.3.0
Reference: URL:http://marc.info/?l=bugtraq&m=104550977011668&w=2
Reference: CONFIRM:http://www.slackware.com/changelog/current.php?cpu=i386
Reference: GENTOO:GLSA-200302-09
Reference: URL:http://marc.info/?l=bugtraq&m=104567042700840&w=2
Reference: GENTOO:GLSA-200302-09.1
Reference: URL:http://marc.info/?l=bugtraq&m=104567137502557&w=2
Reference: VULNWATCH:20030217 PHP Security Advisory: CGI vulnerability in PHP version 4.3.0
Reference: XF:php-cgi-sapi-access(11343)
Reference: URL:http://www.iss.net/security_center/static/11343.php

---

Name: CVE-2003-0100

Description:

Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service and possibly execute commands via a large number of OSPF neighbor announcements.

Status:Entry
Reference: BID:6895
Reference: URL:http://www.securityfocus.com/bid/6895
Reference: BUGTRAQ:20030220 Cisco IOS OSPF exploit
Reference: URL:http://marc.info/?l=bugtraq&m=104576100719090&w=2
Reference: BUGTRAQ:20030221 Re: Cisco IOS OSPF exploit
Reference: URL:http://marc.info/?l=bugtraq&m=104587206702715&w=2
Reference: XF:cisco-ios-ospf-bo(11373)
Reference: URL:http://www.iss.net/security_center/static/11373.php

---

Name: CVE-2003-0102

Description:

Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).

Status:Entry
Reference: BID:7008
Reference: URL:http://www.securityfocus.com/bid/7008
Reference: BUGTRAQ:20030304 [OpenPKG-SA-2003.017] OpenPKG Security Advisory (file)
Reference: BUGTRAQ:20030304 iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1)
Reference: URL:http://marc.info/?l=bugtraq&m=104680706201721&w=2
Reference: CERT-VN:VU#611865
Reference: URL:http://www.kb.cert.org/vuls/id/611865
Reference: DEBIAN:DSA-260
Reference: URL:http://www.debian.org/security/2003/dsa-260
Reference: IMMUNIX:IMNX-2003-7+-012-01
Reference: URL:http://lwn.net/Alerts/34908/
Reference: MANDRAKE:MDKSA-2003:030
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:030
Reference: MISC:http://www.idefense.com/advisory/03.04.03.txt
Reference: NETBSD:NetBSD-SA2003-003
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-003.txt.asc
Reference: REDHAT:RHSA-2003:086
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-086.html
Reference: REDHAT:RHSA-2003:087
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-087.html
Reference: SUSE:SuSE-SA:2003:017
Reference: URL:http://www.novell.com/linux/security/advisories/2003_017_file.html
Reference: XF:file-afctr-read-bo(11469)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/11469

---

Name: CVE-2003-0103

Description:

Format string vulnerability in Nokia 6210 handset allows remote attackers to cause a denial of service (crash, lockup, or restart) via a Multi-Part vCard with fields containing a large number of format string specifiers.

Status:Entry
Reference: ATSTAKE:A022503-1
Reference: BID:6952
Reference: URL:http://www.securityfocus.com/bid/6952
Reference: XF:nokia-6210-vcard-dos(11421)
Reference: URL:http://www.iss.net/security_center/static/11421.php

---

Name: CVE-2003-0104

Description:

Directory traversal vulnerability in PeopleTools 8.10 through 8.18, 8.40, and 8.41 allows remote attackers to overwrite arbitrary files via the SchedulerTransfer servlet.

Status:Entry
Reference: BID:7053
Reference: URL:http://www.securityfocus.com/bid/7053
Reference: ISS:20030310 PeopleSoft PeopleTools Remote Command Execution Vulnerability
Reference: URL:http://www.iss.net/issEn/delivery/xforce/alertdetail.jsp?oid=21999
Reference: XF:peoplesoft-schedulertransfer-create-files(10962)
Reference: URL:http://www.iss.net/security_center/static/10962.php

---

Name: CVE-2003-0107

Description:

Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.

Status:Entry
Reference: BID:6913
Reference: URL:http://www.securityfocus.com/bid/6913
Reference: BUGTRAQ:20030222 buffer overrun in zlib 1.1.4
Reference: URL:http://online.securityfocus.com/archive/1/312869
Reference: BUGTRAQ:20030223 poc zlib sploit just for fun :)
Reference: URL:http://marc.info/?l=bugtraq&m=104610337726297&w=2
Reference: BUGTRAQ:20030224 Re: buffer overrun in zlib 1.1.4
Reference: URL:http://marc.info/?l=bugtraq&m=104610536129508&w=2
Reference: BUGTRAQ:20030225 [sorcerer-spells] ZLIB-SORCERER2003-02-25
Reference: URL:http://marc.info/?l=bugtraq&m=104620610427210&w=2
Reference: CALDERA:CSSA-2003-011.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2003-011.0.txt
Reference: CERT-VN:VU#142121
Reference: URL:http://www.kb.cert.org/vuls/id/142121
Reference: CONECTIVA:CLSA-2003:619
Reference: URL:http://distro.conectiva.com/atualizacoes/?id=a&anuncio=000619
Reference: CONFIRM:http://lists.apple.com/mhonarc/security-announce/msg00038.html
Reference: GENTOO:GLSA-200303-25
Reference: URL:http://marc.info/?l=bugtraq&m=104887247624907&w=2
Reference: JVN:JVN#78689801
Reference: URL:http://jvn.jp/en/jp/JVN78689801/index.html
Reference: JVNDB:JVNDB-2015-000066
Reference: URL:http://jvndb.jvn.jp/en/contents/2015/JVNDB-2015-000066.html
Reference: MANDRAKE:MDKSA-2003:033
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:033
Reference: NETBSD:NetBSD-SA2003-004
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-004.txt.asc
Reference: OSVDB:6599
Reference: URL:http://www.osvdb.org/6599
Reference: REDHAT:RHSA-2003:079
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-079.html
Reference: REDHAT:RHSA-2003:081
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-081.html
Reference: SUNALERT:57405
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F57405
Reference: XF:zlib-gzprintf-bo(11381)
Reference: URL:http://www.iss.net/security_center/static/11381.php

---

Name: CVE-2003-0108

Description:

isakmp_sub_print in tcpdump 3.6 through 3.7.1 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed ISAKMP packet to UDP port 500, which causes tcpdump to enter an infinite loop.

Status:Entry
Reference: BID:6974
Reference: URL:http://www.securityfocus.com/bid/6974
Reference: BUGTRAQ:20030227 iDEFENSE Security Advisory 02.27.03: TCPDUMP Denial of Service Vulnerability in ISAKMP Packet Parsin
Reference: URL:http://marc.info/?l=bugtraq&m=104637420104189&w=2
Reference: BUGTRAQ:20030304 [OpenPKG-SA-2003.014] OpenPKG Security Advisory (tcpdump)
Reference: URL:http://marc.info/?l=bugtraq&m=104678787109030&w=2
Reference: CONECTIVA:CLA-2003:629
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000629
Reference: DEBIAN:DSA-255
Reference: URL:http://www.debian.org/security/2003/dsa-255
Reference: MANDRAKE:MDKSA-2003:027
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027
Reference: MISC:http://www.idefense.com/advisory/02.27.03.txt
Reference: REDHAT:RHSA-2003:032
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-032.html
Reference: REDHAT:RHSA-2003:085
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-085.html
Reference: REDHAT:RHSA-2003:214
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-214.html
Reference: SUSE:SuSE-SA:2003:0015
Reference: URL:http://www.novell.com/linux/security/advisories/2003_015_tcpdump.html
Reference: XF:tcpdump-isakmp-dos(11434)
Reference: URL:http://www.iss.net/security_center/static/11434.php

---

Name: CVE-2003-0120

Description:

adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local users to overwrite arbitrary files via a symlink attack on a default temporary directory with a predictable name.

Status:Entry
Reference: BID:6978
Reference: URL:http://www.securityfocus.com/bid/6978
Reference: DEBIAN:DSA-256
Reference: URL:http://www.debian.org/security/2003/dsa-256
Reference: XF:mhc-adb2mhc-insecure-tmp(11439)
Reference: URL:http://www.iss.net/security_center/static/11439.php

---

Name: CVE-2003-0122

Description:

Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.11, and early R6 allows remote attackers to execute arbitrary code via a long distinguished name (DN) during NotesRPC authentication and an outer field length that is less than that of the DN field.

Status:Entry
Reference: BID:7037
Reference: URL:http://www.securityfocus.com/bid/7037
Reference: BUGTRAQ:20030313 R7-0010: Buffer Overflow in Lotus Notes Protocol Authentication
Reference: URL:http://marc.info/?l=bugtraq&m=104757319829443&w=2
Reference: CERT:CA-2003-11
Reference: URL:http://www.cert.org/advisories/CA-2003-11.html
Reference: CERT-VN:VU#433489
Reference: URL:http://www.kb.cert.org/vuls/id/433489
Reference: CIAC:N-065
Reference: URL:http://www.ciac.org/ciac/bulletins/n-065.shtml
Reference: CONFIRM:http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105101
Reference: MISC:http://www.rapid7.com/advisories/R7-0010.html
Reference: VULNWATCH:20030313 R7-0010: Buffer Overflow in Lotus Notes Protocol Authentication
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2003-q1/0125.html
Reference: XF:lotus-nrpc-bo(11526)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/11526

---

Name: CVE-2003-0123

Description:

Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicious web servers to cause a denial of service (crash) via a long HTTP status line.

Status:Entry
Reference: BID:7038
Reference: URL:http://www.securityfocus.com/bid/7038
Reference: BUGTRAQ:20030313 R7-0011: Lotus Notes/Domino Web Retriever HTTP Status Buffer Overflow
Reference: URL:http://marc.info/?l=bugtraq&m=104757545500368&w=2
Reference: CERT:CA-2003-11
Reference: URL:http://www.cert.org/advisories/CA-2003-11.html
Reference: CERT-VN:VU#411489
Reference: URL:http://www.kb.cert.org/vuls/id/411489
Reference: CIAC:N-065
Reference: URL:http://www.ciac.org/ciac/bulletins/n-065.shtml
Reference: CONFIRM:http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105060
Reference: MISC:http://www.rapid7.com/advisories/R7-0011.html
Reference: XF:lotus-web-retriever-bo(11525)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/11525

---

Name: CVE-2003-0124

Description:

man before 1.5l allows attackers to execute arbitrary code via a malformed man file with improper quotes, which causes the my_xsprintf function to return a string with the value "unsafe," which is then executed as a program via a system call if it is in the search path of the user who runs man.

Status:Entry
Reference: BID:7066
Reference: URL:http://www.securityfocus.com/bid/7066
Reference: BUGTRAQ:20030311 Vulnerability in man < 1.5l
Reference: URL:http://marc.info/?l=bugtraq&m=104740927915154&w=2
Reference: CONECTIVA:CLSA-2003:620
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000620
Reference: GENTOO:GLSA-200303-13
Reference: URL:http://marc.info/?l=bugtraq&m=104802285112752&w=2
Reference: REDHAT:RHSA-2003:133
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-133.html
Reference: REDHAT:RHSA-2003:134
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-134.html
Reference: XF:man-myxsprintf-code-execution(11512)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/11512

---

Name: CVE-2003-0125

Description:

Buffer overflow in the web interface for SOHO Routefinder 550 before firmware 4.63 allows remote attackers to cause a denial of service (reboot) and execute arbitrary code via a long GET /OPTIONS value.

Status:Entry
Reference: BID:7067
Reference: URL:http://www.securityfocus.com/bid/7067
Reference: CONFIRM:ftp://ftp.multitech.com/Routers/RF550VPN.TXT
Reference: MISC:http://www.krusesecurity.dk/advisories/routefind550bof.txt
Reference: VULNWATCH:20030311 SOHO Routefinder 550 VPN, DoS and Buffer Overflow
Reference: XF:routefinder-vpn-options-bo(11514)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/11514

---

Name: CVE-2003-0143

Description:

The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null terminate a message buffer after a call to Qvsnprintf, which could allow authenticated users to execute arbitrary code via a buffer overflow in a mdef command with a long macro name.

Status:Entry
Reference: BID:7058
Reference: URL:http://www.securityfocus.com/bid/7058
Reference: BUGTRAQ:20030310 QPopper 4.0.x buffer overflow vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=104739841223916&w=2
Reference: BUGTRAQ:20030312 Re: QPopper 4.0.x buffer overflow vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=104748775900481&w=2
Reference: BUGTRAQ:20030314 [OpenPKG-SA-2003.018] OpenPKG Security Advisory (qpopper)
Reference: URL:http://marc.info/?l=bugtraq&m=104768137314397&w=2
Reference: DEBIAN:DSA-259
Reference: URL:http://www.debian.org/security/2003/dsa-259
Reference: GENTOO:GLSA-200303-12
Reference: URL:http://marc.info/?l=bugtraq&m=104792541215354&w=2
Reference: SUSE:SuSE-SA:2003:018
Reference: URL:http://www.novell.com/linux/security/advisories/2003_018_qpopper.html
Reference: XF:qpopper-popmsg-macroname-bo(11516)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/11516

---

Name: CVE-2003-0145

Description:

Unknown vulnerability in tcpdump before 3.7.2 related to an inability to "Handle unknown RADIUS attributes properly," allows remote attackers to cause a denial of service (infinite loop), a different vulnerability than CAN-2003-0093.

Status:Entry
Reference: CONFIRM:http://www.tcpdump.org/tcpdump-changes.txt
Reference: DEBIAN:DSA-261
Reference: URL:http://www.debian.org/security/2003/dsa-261
Reference: MANDRAKE:MDKSA-2003:027
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:027
Reference: REDHAT:RHSA-2003:032
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-032.html
Reference: REDHAT:RHSA-2003:151
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-151.html
Reference: REDHAT:RHSA-2003:214
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-214.html
Reference: XF:tcpdump-radius-attribute-dos(11857)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/11857

---

Name: CVE-2003-0825

Description:

The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.

Status:Entry
Reference: BID:9624
Reference: URL:http://www.securityfocus.com/bid/9624
Reference: CERT-VN:VU#445214
Reference: URL:http://www.kb.cert.org/vuls/id/445214
Reference: CIAC:O-077
Reference: URL:http://www.ciac.org/ciac/bulletins/o-077.shtml
Reference: MS:MS04-006
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-006
Reference: OSVDB:3903
Reference: URL:http://www.osvdb.org/3903
Reference: OVAL:oval:org.mitre.oval:def:704
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A704
Reference: OVAL:oval:org.mitre.oval:def:800
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A800
Reference: OVAL:oval:org.mitre.oval:def:801
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A801
Reference: OVAL:oval:org.mitre.oval:def:802
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A802
Reference: XF:win-wins-gsflag-dos(15037)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15037

---

Name: CVE-2003-0903

Description:

Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.

Status:Entry
Reference: BID:9407
Reference: URL:http://www.securityfocus.com/bid/9407
Reference: CERT-VN:VU#139150
Reference: URL:http://www.kb.cert.org/vuls/id/139150
Reference: MS:MS04-003
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-003
Reference: OSVDB:3457
Reference: URL:http://www.osvdb.org/3457
Reference: OVAL:oval:org.mitre.oval:def:525
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A525
Reference: OVAL:oval:org.mitre.oval:def:553
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A553
Reference: OVAL:oval:org.mitre.oval:def:751
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A751
Reference: OVAL:oval:org.mitre.oval:def:775
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A775
Reference: XF:mdac-broadcastrequest-bo(14187)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14187

---

Name: CVE-2003-0905

Description:

Unknown vulnerability in Windows Media Station Service and Windows Media Monitor Service components of Windows Media Services 4.1 allows remote attackers to cause a denial of service (disallowing new connections) via a certain sequence of TCP/IP packets.

Status:Entry
Reference: BID:9825
Reference: URL:http://www.securityfocus.com/bid/9825
Reference: CERT-VN:VU#982630
Reference: URL:http://www.kb.cert.org/vuls/id/982630
Reference: MS:MS04-008
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-008
Reference: OVAL:oval:org.mitre.oval:def:842
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A842
Reference: XF:win-media-services-dos(15038)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15038

---

Name: CVE-2003-0924

Description:

netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.

Status:Entry
Reference: BID:9442
Reference: URL:http://www.securityfocus.com/bid/9442
Reference: CERT-VN:VU#487102
Reference: URL:http://www.kb.cert.org/vuls/id/487102
Reference: DEBIAN:DSA-426
Reference: URL:http://www.debian.org/security/2004/dsa-426
Reference: GENTOO:GLSA-200410-02
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200410-02.xml
Reference: MANDRAKE:MDKSA-2004:011
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:011
Reference: OVAL:oval:org.mitre.oval:def:804
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A804
Reference: OVAL:oval:org.mitre.oval:def:810
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A810
Reference: REDHAT:RHSA-2004:030
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-030.html
Reference: REDHAT:RHSA-2004:031
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-031.html
Reference: SGI:20040201-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc
Reference: XF:netpbm-temp-insecure-file(14874)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14874

---

Name: CVE-2003-0966

Description:

Buffer overflow in the frm command in elm 2.5.6 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code via a long Subject line.

Status:Entry
Reference: BID:9430
Reference: URL:http://www.securityfocus.com/bid/9430
Reference: MISC:http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=112078
Reference: REDHAT:RHSA-2004:009
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-009.html
Reference: SGI:20040103-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040103-01-U.asc
Reference: XF:elm-frm-subject-bo(14840)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14840

---

Name: CVE-2003-0969

Description:

mpg321 0.2.10 allows remote attackers to overwrite memory and possibly execute arbitrary code via an mp3 file that passes certain strings to the printf function, possibly triggering a format string vulnerability.

Status:Entry
Reference: BID:9364
Reference: URL:http://www.securityfocus.com/bid/9364
Reference: DEBIAN:DSA-411
Reference: URL:http://www.debian.org/security/2004/dsa-411
Reference: OSVDB:3331
Reference: URL:http://www.osvdb.org/3331
Reference: SUSE:SuSE-SA:2004:002
Reference: URL:http://www.novell.com/linux/security/advisories/2004_02_tcpdump.html
Reference: XF:mpg321-mp3-format-string(14148)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14148

---

Name: CVE-2003-0985

Description:

The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21, and possibly other versions before 2.4.24, does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA, a different vulnerability than CAN-2004-0077.

Status:Entry
Reference: BID:9356
Reference: URL:http://www.securityfocus.com/bid/9356
Reference: BUGTRAQ:20040105 Linux kernel do_mremap() proof-of-concept exploit code
Reference: URL:http://marc.info/?l=bugtraq&m=107340358402129&w=2
Reference: BUGTRAQ:20040105 Linux kernel mremap vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=107332782121916&w=2
Reference: BUGTRAQ:20040106 Linux mremap bug correction
Reference: URL:http://marc.info/?l=bugtraq&m=107340814409017&w=2
Reference: BUGTRAQ:20040107 [slackware-security] Kernel security update (SSA:2004-006-01)
Reference: URL:http://marc.info/?l=bugtraq&m=107350348418373&w=2
Reference: BUGTRAQ:20040108 [slackware-security] Slackware 8.1 kernel security update (SSA:2004-008-01)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2004-01/0070.html
Reference: BUGTRAQ:20040112 SmoothWall Project Security Advisory SWP-2004:001
Reference: URL:http://marc.info/?l=bugtraq&m=107394143105081&w=2
Reference: CERT-VN:VU#490620
Reference: URL:http://www.kb.cert.org/vuls/id/490620
Reference: CIAC:O-045
Reference: URL:http://www.ciac.org/ciac/bulletins/o-045.shtml
Reference: CONECTIVA:CLA-2004:799
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000799
Reference: CONFIRM:http://klecker.debian.org/~joey/security/kernel/patches/patch.CAN-2005-0528.mremap
Reference: CONFIRM:http://svn.debian.org/wsvn/kernel/patch-tracking/CVE-2005-0528?op=file&rev=0&sc=0
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.24
Reference: DEBIAN:DSA-1067
Reference: URL:http://www.debian.org/security/2006/dsa-1067
Reference: DEBIAN:DSA-1069
Reference: URL:http://www.debian.org/security/2006/dsa-1069
Reference: DEBIAN:DSA-1070
Reference: URL:http://www.debian.org/security/2006/dsa-1070
Reference: DEBIAN:DSA-1082
Reference: URL:http://www.debian.org/security/2006/dsa-1082
Reference: DEBIAN:DSA-413
Reference: URL:http://www.debian.org/security/2004/dsa-413
Reference: DEBIAN:DSA-417
Reference: URL:http://www.debian.org/security/2004/dsa-417
Reference: DEBIAN:DSA-423
Reference: URL:http://www.debian.org/security/2004/dsa-423
Reference: DEBIAN:DSA-427
Reference: URL:http://www.debian.org/security/2004/dsa-427
Reference: DEBIAN:DSA-439
Reference: URL:http://www.debian.org/security/2004/dsa-439
Reference: DEBIAN:DSA-440
Reference: URL:http://www.debian.org/security/2004/dsa-440
Reference: DEBIAN:DSA-442
Reference: URL:http://www.debian.org/security/2004/dsa-442
Reference: DEBIAN:DSA-450
Reference: URL:http://www.debian.org/security/2004/dsa-450
Reference: DEBIAN:DSA-470
Reference: URL:http://www.debian.org/security/2004/dsa-470
Reference: DEBIAN:DSA-475
Reference: URL:http://www.debian.org/security/2004/dsa-475
Reference: ENGARDE:ESA-20040105-001
Reference: URL:http://www.linuxsecurity.com/advisories/engarde_advisory-3904.html
Reference: IMMUNIX:IMNX-2004-73-001-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.3/updates/IMNX-2004-73-001-01
Reference: MANDRAKE:MDKSA-2004:001
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:001
Reference: MISC:http://isec.pl/vulnerabilities/isec-0013-mremap.txt
Reference: MLIST:[linux-kernel] 20040105 linux-2.4.24 released
Reference: OSVDB:3315
Reference: URL:http://www.osvdb.org/3315
Reference: OVAL:oval:org.mitre.oval:def:860
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A860
Reference: OVAL:oval:org.mitre.oval:def:867
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A867
Reference: REDHAT:RHSA-2003:416
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-416.html
Reference: REDHAT:RHSA-2003:417
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-417.html
Reference: REDHAT:RHSA-2003:418
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-418.html
Reference: REDHAT:RHSA-2003:419
Reference: URL:http://www.redhat.com/support/errata/RHSA-2003-419.html
Reference: SECUNIA:10532
Reference: URL:http://secunia.com/advisories/10532
Reference: SECUNIA:20163
Reference: URL:http://secunia.com/advisories/20163
Reference: SECUNIA:20202
Reference: URL:http://secunia.com/advisories/20202
Reference: SECUNIA:20338
Reference: URL:http://secunia.com/advisories/20338
Reference: SGI:20040102-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040102-01-U
Reference: SUSE:SuSE-SA:2004:001
Reference: SUSE:SuSE-SA:2004:003
Reference: URL:http://www.novell.com/linux/security/advisories/2004_03_linux_kernel.html
Reference: TRUSTIX:2004-0001
Reference: URL:http://marc.info/?l=bugtraq&m=107332754521495&w=2
Reference: XF:linux-domremap-gain-privileges(14135)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14135

---

Name: CVE-2003-0988

Description:

Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file.

Status:Entry
Reference: BID:9419
Reference: URL:http://www.securityfocus.com/bid/9419
Reference: BUGTRAQ:20040114 KDE Security Advisory: VCF file information reader vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=107412130407906&w=2
Reference: CERT-VN:VU#820798
Reference: URL:http://www.kb.cert.org/vuls/id/820798
Reference: CONECTIVA:CLA-2004:810
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000810
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20040114-1.txt
Reference: GENTOO:GLSA-200404-02
Reference: URL:http://security.gentoo.org/glsa/glsa-200404-02.xml
Reference: MANDRAKE:MDKSA-2004:003
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:003
Reference: OVAL:oval:org.mitre.oval:def:858
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A858
Reference: OVAL:oval:org.mitre.oval:def:865
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A865
Reference: REDHAT:RHSA-2004:005
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-005.html
Reference: REDHAT:RHSA-2004:006
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-006.html
Reference: XF:kde-kdepim-bo(14833)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14833

---

Name: CVE-2003-0991

Description:

Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands.

Status:Entry
Reference: BID:9620
Reference: URL:http://www.securityfocus.com/bid/9620
Reference: CONECTIVA:CLA-2004:842
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842
Reference: DEBIAN:DSA-436
Reference: URL:http://www.debian.org/security/2004/dsa-436
Reference: MANDRAKE:MDKSA-2004:013
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:013
Reference: MLIST:[Mailman-Announce] 20040208 RELEASED: Mailman 2.0.14 patch-only release
Reference: URL:http://mail.python.org/pipermail/mailman-announce/2004-February/000067.html
Reference: REDHAT:RHSA-2004:019
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-019.html
Reference: SGI:20040201-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc
Reference: XF:mailman-command-handler-dos(15106)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15106

---

Name: CVE-2003-0993

Description:

mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.

Status:Entry
Reference: BID:9829
Reference: URL:http://www.securityfocus.com/bid/9829
Reference: BUGTRAQ:20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)
Reference: URL:http://marc.info/?l=bugtraq&m=108437852004207&w=2
Reference: CONFIRM:http://issues.apache.org/bugzilla/show_bug.cgi?id=23850
Reference: CONFIRM:http://www.apacheweek.com/features/security-13
Reference: GENTOO:GLSA-200405-22
Reference: URL:http://security.gentoo.org/glsa/glsa-200405-22.xml
Reference: MANDRAKE:MDKSA-2004:046
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:046
Reference: MLIST:[apache-cvs] 20040307 cvs commit: apache-1.3/src/modules/standard mod_access.c
Reference: URL:http://marc.info/?l=apache-cvs&m=107869603013722
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
Reference: URL:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
Reference: URL:https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
Reference: URL:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
Reference: URL:https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/
Reference: URL:https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e@%3Ccvs.httpd.apache.org%3E
Reference: OVAL:oval:org.mitre.oval:def:100111
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A100111
Reference: OVAL:oval:org.mitre.oval:def:4670
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A4670
Reference: SLACKWARE:SSA:2004-133
Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.529643
Reference: SUNALERT:101555
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101555-1
Reference: SUNALERT:101841
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101841-1
Reference: SUNALERT:57628
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-57628-1
Reference: TRUSTIX:2004-0027
Reference: URL:http://www.trustix.org/errata/2004/0027
Reference: XF:apache-modaccess-obtain-information(15422)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15422

---

Name: CVE-2003-0994

Description:

The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges.

Status:Entry
Reference: BUGTRAQ:20040112 Re: SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM
Reference: URL:http://marc.info/?l=bugtraq&m=107393473928245&w=2
Reference: BUGTRAQ:20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html
Reference: FULLDISC:20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2004-January/015510.html
Reference: MISC:http://www.secnetops.biz/research/SRT2004-01-09-1022.txt
Reference: OSVDB:3428
Reference: URL:http://www.osvdb.org/3428

---

Name: CVE-2003-1022

Description:

Directory traversal vulnerability in fsp before 2.81.b18 allows remote users to access files outside the FSP root directory.

Status:Entry
Reference: BID:9377
Reference: URL:http://www.securityfocus.com/bid/9377
Reference: CIAC:O-048
Reference: URL:http://www.ciac.org/ciac/bulletins/o-048.shtml
Reference: DEBIAN:DSA-416
Reference: URL:http://www.debian.org/security/2004/dsa-416
Reference: OSVDB:3346
Reference: URL:http://www.osvdb.org/3346
Reference: XF:fspsuite-dot-directory-traversal(14154)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14154

---

Name: CVE-2003-1326

Description:

Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."

Status:Entry
Reference: BID:6779
Reference: URL:http://www.securityfocus.com/bid/6779
Reference: CIAC:N-038
Reference: URL:http://www.ciac.org/ciac/bulletins/n-038.shtml
Reference: MS:MS03-004
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004
Reference: OVAL:oval:org.mitre.oval:def:126
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A126
Reference: OVAL:oval:org.mitre.oval:def:178
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A178
Reference: OVAL:oval:org.mitre.oval:def:49
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A49
Reference: XF:ie-dialog-zone-bypass(11258)
Reference: URL:http://www.iss.net/security_center/static/11258.php

---

Name: CVE-2003-1328

Description:

The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality."

Status:Entry
Reference: BID:6780
Reference: URL:http://www.securityfocus.com/bid/6780
Reference: BUGTRAQ:20030206 showHelp("file:") disables security in IE - Sandblad advisory #11
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2003-02/0083.html
Reference: CERT-VN:VU#400577
Reference: URL:http://www.kb.cert.org/vuls/id/400577
Reference: CIAC:N-038
Reference: URL:http://www.ciac.org/ciac/bulletins/n-038.shtml
Reference: MS:MS03-004
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2003/ms03-004
Reference: OVAL:oval:org.mitre.oval:def:57
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A57
Reference: XF:ie-showhelp-zone-bypass(11259)
Reference: URL:http://www.iss.net/security_center/static/11259.php

---

Name: CVE-2004-0001

Description:

Unknown vulnerability in the eflags checking in the 32-bit ptrace emulation for the Linux kernel on AMD64 systems allows local users to gain privileges.

Status:Entry
Reference: BID:9429
Reference: URL:http://www.securityfocus.com/bid/9429
Reference: CERT-VN:VU#337238
Reference: URL:http://www.kb.cert.org/vuls/id/337238
Reference: GENTOO:GLSA-200402-06
Reference: URL:http://security.gentoo.org/glsa/glsa-200402-06.xml
Reference: OVAL:oval:org.mitre.oval:def:868
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A868
Reference: REDHAT:RHSA-2004:017
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-017.html
Reference: XF:linux-ptrace-gain-privilege(14888)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14888

---

Name: CVE-2004-0004

Description:

The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6 and earlier only compares the serial of the signer's certificate and the one in the database, which can cause OpenCA to incorrectly accept a signature if the certificate's chain is trusted by OpenCA's chain directory, allowing remote attackers to spoof requests from other users.

Status:Entry
Reference: BID:9435
Reference: URL:http://www.securityfocus.com/bid/9435
Reference: BUGTRAQ:20040116 [OpenCA Advisory] Vulnerability in signature verification
Reference: URL:http://marc.info/?l=bugtraq&m=107427313700554&w=2
Reference: CERT-VN:VU#336446
Reference: URL:http://www.kb.cert.org/vuls/id/336446
Reference: CONFIRM:http://www.openca.org/news/CAN-2004-0004.txt
Reference: OSVDB:3615
Reference: URL:http://www.osvdb.org/3615
Reference: XF:openca-improper-signature-verification(14847)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14847

---

Name: CVE-2004-0009

Description:

Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.

Status:Entry
Reference: BID:9590
Reference: URL:http://www.securityfocus.com/bid/9590
Reference: BUGTRAQ:20040206 Apache-SSL security advisory - apache_1.3.28+ssl_1.52 and prior
Reference: URL:http://marc.info/?l=bugtraq&m=107619127531765&w=2
Reference: CONFIRM:http://www.apache-ssl.org/advisory-20040206.txt
Reference: FULLDISC:20040206 [apache-ssl] Apache-SSL security advisory - apache_1.3.28+ssl_1.52 and prior
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016870.html
Reference: OSVDB:3877
Reference: URL:http://www.osvdb.org/3877
Reference: XF:apachessl-default-password(15065)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15065

---

Name: CVE-2004-0011

Description:

Buffer overflow in fsp before 2.81.b18 allows remote users to execute arbitrary code.

Status:Entry
Reference: BID:9377
Reference: URL:http://www.securityfocus.com/bid/9377
Reference: CIAC:O-048
Reference: URL:http://www.ciac.org/ciac/bulletins/o-048.shtml
Reference: DEBIAN:DSA-416
Reference: URL:http://www.debian.org/security/2004/dsa-416
Reference: XF:fsp-boundry-error-bo(14155)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14155

---

Name: CVE-2004-0013

Description:

jabber 1.4.2, 1.4.2a, and possibly earlier versions, does not properly handle SSL connections, which allows remote attackers to cause a denial of service (crash).

Status:Entry
Reference: BID:9376
Reference: URL:http://www.securityfocus.com/bid/9376
Reference: DEBIAN:DSA-414
Reference: URL:http://www.debian.org/security/2004/dsa-414
Reference: MANDRAKE:MDKSA-2004:005
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:005
Reference: OSVDB:3345
Reference: URL:http://www.osvdb.org/3345
Reference: SECUNIA:10559
Reference: URL:http://secunia.com/advisories/10559
Reference: XF:jabber-ssl-connections-dos(14158)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14158

---

Name: CVE-2004-0015

Description:

vbox3 0.1.8 and earlier does not properly drop privileges before executing a user-provided TCL script, which allows local users to gain privileges.

Status:Entry
Reference: BID:9381
Reference: URL:http://www.securityfocus.com/bid/9381
Reference: DEBIAN:DSA-418
Reference: URL:http://www.debian.org/security/2004/dsa-418
Reference: XF:vbox3-gain-privileges(14170)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14170

---

Name: CVE-2004-0016

Description:

The calendar module for phpgroupware 0.9.14 does not enforce the "save extension" feature for holiday files, which allows remote attackers to create and execute PHP files.

Status:Entry
Reference: BID:9387
Reference: URL:http://www.securityfocus.com/bid/9387
Reference: DEBIAN:DSA-419
Reference: URL:http://www.debian.org/security/2004/dsa-419
Reference: OSVDB:6860
Reference: URL:http://www.osvdb.org/6860
Reference: XF:phpgroupware-calendar-file-include(13489)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/13489

---

Name: CVE-2004-0028

Description:

jitterbug 1.6.2 does not properly sanitize inputs, which allows remote authenticated users to execute arbitrary commands.

Status:Entry
Reference: BID:9397
Reference: URL:http://www.securityfocus.com/bid/9397
Reference: DEBIAN:DSA-420
Reference: URL:http://www.debian.org/security/2004/dsa-420
Reference: XF:jitterbug-execute-code(14207)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14207

---

Name: CVE-2004-0031

Description:

PHPGEDVIEW 2.61 allows remote attackers to reinstall the software and change the administrator password via a direct HTTP request to editconfig.php.

Status:Entry
Reference: BUGTRAQ:20040106 Vuln in PHPGEDVIEW 2.61 Multi-Problem
Reference: URL:http://marc.info/?l=bugtraq&m=107340840209453&w=2
Reference: OSVDB:3403
Reference: URL:http://www.osvdb.org/3403
Reference: SECUNIA:10565
Reference: URL:http://secunia.com/advisories/10565
Reference: XF:phpgedview-modify-admin-password(14161)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14161

---

Name: CVE-2004-0032

Description:

Cross-site scripting (XSS) vulnerability in search.php in PHPGEDVIEW 2.61 allows remote attackers to inject arbitrary HTML and web script via the firstname parameter.

Status:Entry
Reference: BID:9369
Reference: URL:http://www.securityfocus.com/bid/9369
Reference: BUGTRAQ:20040106 Vuln in PHPGEDVIEW 2.61 Multi-Problem
Reference: URL:http://marc.info/?l=bugtraq&m=107340840209453&w=2
Reference: OSVDB:3402
Reference: URL:http://www.osvdb.org/3402
Reference: SECUNIA:10565
Reference: URL:http://secunia.com/advisories/10565
Reference: XF:phpgedview-search-xss(14160)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14160

---

Name: CVE-2004-0033

Description:

admin.php in PHPGEDVIEW 2.61 allows remote attackers to obtain sensitive information via an action parameter with a phpinfo command.

Status:Entry
Reference: BID:9371
Reference: URL:http://www.securityfocus.com/bid/9371
Reference: BUGTRAQ:20040106 Vuln in PHPGEDVIEW 2.61 Multi-Problem
Reference: URL:http://marc.info/?l=bugtraq&m=107340840209453&w=2
Reference: OSVDB:3404
Reference: URL:http://www.osvdb.org/3404
Reference: SECUNIA:10565
Reference: URL:http://secunia.com/advisories/10565
Reference: XF:phpgedview-admin-info-disclosure(14162)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14162

---

Name: CVE-2004-0035

Description:

SQL injection vulnerability in register.php for Phorum 3.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the hide_email parameter.

Status:Entry
Reference: BID:9363
Reference: URL:http://www.securityfocus.com/bid/9363
Reference: BUGTRAQ:20040105 Multiple Vulnerabilities in Phorum 3.4.5
Reference: URL:http://marc.info/?l=bugtraq&m=107340481804110&w=2
Reference: OSVDB:3508
Reference: URL:http://www.osvdb.org/3508
Reference: SECUNIA:10567
Reference: URL:http://secunia.com/advisories/10567
Reference: XF:phorum-register-sql-injection(14146)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14146

---

Name: CVE-2004-0036

Description:

SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x before 2.3.4 allows remote attackers to steal sensitive information via the eventid parameter.

Status:Entry
Reference: BID:9360
Reference: URL:http://www.securityfocus.com/bid/9360
Reference: BUGTRAQ:20040105 vBulletin Forum 2.3.xx calendar.php SQL Injection
Reference: URL:http://marc.info/?l=bugtraq&m=107340358202123&w=2
Reference: CONFIRM:http://www.vbulletin.com/forum/showthread.php?postid=588825
Reference: OSVDB:3344
Reference: URL:http://www.osvdb.org/3344
Reference: XF:vbulletin-calendar-sql-injection(14144)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14144

---

Name: CVE-2004-0040

Description:

Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build 4200 allows remote attackers to execute arbitrary code via an ISAKMP packet with a large Certificate Request packet.

Status:Entry
Reference: BID:9582
Reference: URL:http://www.securityfocus.com/bid/9582
Reference: BUGTRAQ:20040205 Two checkpoint fw-1/vpn-1 vulns
Reference: URL:http://marc.info/?l=bugtraq&m=107604682227031&w=2
Reference: CERT-VN:VU#873334
Reference: URL:http://www.kb.cert.org/vuls/id/873334
Reference: CIAC:O-073
Reference: URL:http://www.ciac.org/ciac/bulletins/o-073.shtml
Reference: ISS:20040204 Checkpoint VPN-1/SecureClient ISAKMP Buffer Overflow
Reference: URL:http://xforce.iss.net/xforce/alerts/id/163
Reference: OSVDB:3821
Reference: URL:http://www.osvdb.org/3821
Reference: OSVDB:4432
Reference: URL:http://www.osvdb.org/4432
Reference: XF:vpn1-ike-bo(14150)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14150

---

Name: CVE-2004-0044

Description:

Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentication when "Allow Only Cisco CallManager Users" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username.

Status:Entry
Reference: BID:9384
Reference: URL:http://www.securityfocus.com/bid/9384
Reference: CISCO:20040108 Cisco Personal Assistant User Password Bypass Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20040108-pa.shtml
Reference: OSVDB:3430
Reference: URL:http://www.osvdb.org/3430
Reference: XF:ciscopersonalassistant-config-file-access(14172)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14172

---

Name: CVE-2004-0045

Description:

Buffer overflow in the ARTpost function in art.c in the control message handling code for INN 2.4.0 may allow remote attackers to execute arbitrary code.

Status:Entry
Reference: BID:9382
Reference: URL:http://www.securityfocus.com/bid/9382
Reference: BUGTRAQ:20040107 [SECURITY] INN: Buffer overflow in control message handling
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2004-01/0063.html
Reference: BUGTRAQ:20040108 [OpenPKG-SA-2004.001] OpenPKG Security Advisory (inn)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2004-01/0064.html
Reference: CERT-VN:VU#759020
Reference: URL:http://www.kb.cert.org/vuls/id/759020
Reference: SECUNIA:10578
Reference: URL:http://secunia.com/advisories/10578
Reference: SLACKWARE:SSA:2004-014-02
Reference: URL:http://www.slackware.org/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.365791
Reference: XF:inn-artpost-control-message-bo(14190)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14190

---

Name: CVE-2004-0049

Description:

Helix Universal Server/Proxy 9 and Mobile Server 10 allow remote attackers to cause a denial of service via certain HTTP POST messages to the Administration System port.

Status:Entry
Reference: BID:9421
Reference: URL:http://www.securityfocus.com/bid/9421
Reference: BUGTRAQ:20040318 ptl-2004-02: RealNetworks Helix Server 9 Administration Server Buffer Overflow
Reference: URL:http://www.securityfocus.com/archive/1/357834
Reference: CONFIRM:http://service.real.com/help/faq/security/040112_dos/
Reference: CONFIRM:http://service.real.com/help/faq/security/security022604.html
Reference: VULNWATCH:20040318 ptl-2004-02: RealNetworks Helix Server 9 Administration Server Buffer Overflow
Reference: URL:http://seclists.org/lists/vulnwatch/2004/Jan-Mar/0057.html

---

Name: CVE-2004-0063

Description:

The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. by accepting an invalid PIN number.

Status:Entry
Reference: BID:9422
Reference: URL:http://www.securityfocus.com/bid/9422
Reference: BUGTRAQ:20040114 nCipher Advisory #8: payShield library may verify bad requests
Reference: URL:http://marc.info/?l=bugtraq&m=107411819503569&w=2
Reference: CONFIRM:http://www.ncipher.com/support/advisories/advisory8_payshield.html
Reference: OSVDB:3537
Reference: URL:http://www.osvdb.org/3537
Reference: XF:payshield-incorrect-request-verification(14832)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14832

---

Name: CVE-2004-0068

Description:

PHP remote file inclusion vulnerability in config.php for PhpDig 1.6.5 and earlier allows remote attackers to execute arbitrary PHP code by modifying the $relative_script_path parameter to reference a URL on a remote web server that contains the code.

Status:Entry
Reference: BID:9424
Reference: URL:http://www.securityfocus.com/bid/9424
Reference: BUGTRAQ:20040114 PhpDig 1.6.x: remote command execution
Reference: URL:http://marc.info/?l=bugtraq&m=107412194008671&w=2
Reference: CONFIRM:http://www.phpdig.net/showthread.php?s=58bcc71c822830ec3bbdaae6d56846e0&threadid=393
Reference: XF:phpdig-config-file-include(14826)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14826

---

Name: CVE-2004-0070

Description:

PHP remote file inclusion vulnerability in module.php for ezContents allows remote attackers to execute arbitrary PHP code by modifying the link parameter to reference a URL on a remote web server that contains the code.

Status:Entry
Reference: BID:9396
Reference: URL:http://www.securityfocus.com/bid/9396
Reference: BUGTRAQ:20040110 Remote Code Execution in ezContents
Reference: URL:http://marc.info/?l=bugtraq&m=107392588915627&w=2
Reference: CONFIRM:http://www.ezcontents.org/forum/viewtopic.php?t=361
Reference: OSVDB:6878
Reference: URL:http://www.osvdb.org/6878
Reference: XF:ezcontents-php-file-include(14199)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14199

---

Name: CVE-2004-0075

Description:

The Vicam USB driver in Linux before 2.4.25 does not use the copy_from_user function when copying data from userspace to kernel space, which crosses security boundaries and allows local users to cause a denial of service.

Status:Entry
Reference: BID:9690
Reference: URL:http://www.securityfocus.com/bid/9690
Reference: CIAC:O-082
Reference: URL:http://www.ciac.org/ciac/bulletins/o-082.shtml
Reference: CONECTIVA:CLA-2004:846
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000846
Reference: MANDRAKE:MDKSA-2004:015
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:015
Reference: OVAL:oval:org.mitre.oval:def:836
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A836
Reference: REDHAT:RHSA-2004:065
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-065.html
Reference: REDHAT:RHSA-2005:293
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-293.html
Reference: SUSE:SuSE-SA:2004:005
Reference: URL:http://www.novell.com/linux/security/advisories/2004_05_linux_kernel.html
Reference: XF:linux-vicam-dos(15246)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15246

---

Name: CVE-2004-0077

Description:

The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985.

Status:Entry
Reference: BID:9686
Reference: URL:http://www.securityfocus.com/bid/9686
Reference: BUGTRAQ:20040218 Second critical mremap() bug found in all Linux kernels
Reference: URL:http://marc.info/?l=bugtraq&m=107711762014175&w=2
Reference: CERT-VN:VU#981222
Reference: URL:http://www.kb.cert.org/vuls/id/981222
Reference: CIAC:O-082
Reference: URL:http://www.ciac.org/ciac/bulletins/o-082.shtml
Reference: CONECTIVA:CLA-2004:820
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000820
Reference: DEBIAN:DSA-438
Reference: URL:http://www.debian.org/security/2004/dsa-438
Reference: DEBIAN:DSA-439
Reference: URL:http://www.debian.org/security/2004/dsa-439
Reference: DEBIAN:DSA-440
Reference: URL:http://www.debian.org/security/2004/dsa-440
Reference: DEBIAN:DSA-441
Reference: URL:http://www.debian.org/security/2004/dsa-441
Reference: DEBIAN:DSA-442
Reference: URL:http://www.debian.org/security/2004/dsa-442
Reference: DEBIAN:DSA-444
Reference: URL:http://www.debian.org/security/2004/dsa-444
Reference: DEBIAN:DSA-450
Reference: URL:http://www.debian.org/security/2004/dsa-450
Reference: DEBIAN:DSA-453
Reference: URL:http://www.debian.org/security/2004/dsa-453
Reference: DEBIAN:DSA-454
Reference: URL:http://www.debian.org/security/2004/dsa-454
Reference: DEBIAN:DSA-456
Reference: URL:http://www.debian.org/security/2004/dsa-456
Reference: DEBIAN:DSA-466
Reference: URL:http://www.debian.org/security/2004/dsa-466
Reference: DEBIAN:DSA-470
Reference: URL:http://www.debian.org/security/2004/dsa-470
Reference: DEBIAN:DSA-475
Reference: URL:http://www.debian.org/security/2004/dsa-475
Reference: DEBIAN:DSA-514
Reference: URL:http://www.debian.org/security/2004/dsa-514
Reference: FEDORA:FEDORA-2004-079
Reference: URL:http://fedoranews.org/updates/FEDORA-2004-079.shtml
Reference: FULLDISC:20040218 Second critical mremap() bug found in all Linux kernels
Reference: GENTOO:GLSA-200403-02
Reference: URL:http://security.gentoo.org/glsa/glsa-200403-02.xml
Reference: MANDRAKE:MDKSA-2004:015
Reference: URL:http://frontal2.mandriva.com/security/advisories?name=MDKSA-2004:015
Reference: MISC:http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt
Reference: OSVDB:3986
Reference: URL:http://www.osvdb.org/3986
Reference: OVAL:oval:org.mitre.oval:def:825
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A825
Reference: OVAL:oval:org.mitre.oval:def:837
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A837
Reference: REDHAT:RHSA-2004:065
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-065.html
Reference: REDHAT:RHSA-2004:066
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-066.html
Reference: REDHAT:RHSA-2004:069
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-069.html
Reference: REDHAT:RHSA-2004:106
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-106.html
Reference: SLACKWARE:SSA:2004-049
Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.404734
Reference: SUSE:SuSE-SA:2004:005
Reference: URL:http://www.novell.com/linux/security/advisories/2004_05_linux_kernel.html
Reference: TRUSTIX:2004-0007
Reference: URL:http://marc.info/?l=bugtraq&m=107712137732553&w=2
Reference: TRUSTIX:2004-0008
Reference: URL:http://marc.info/?l=bugtraq&m=107755871932680&w=2
Reference: TURBO:TLSA-2004-7
Reference: VULNWATCH:20040218 Second critical mremap() bug found in all Linux kernels
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2004-q1/0040.html
Reference: XF:linux-mremap-gain-privileges(15244)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15244

---

Name: CVE-2004-0078

Description:

Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages.

Status:Entry
Reference: BID:9641
Reference: URL:http://www.securityfocus.com/bid/9641
Reference: BUGTRAQ:20040211 Mutt-1.4.2 fixes buffer overflow.
Reference: URL:http://marc.info/?l=bugtraq&m=107651677817933&w=2
Reference: BUGTRAQ:20040215 LNSA-#2004-0001: mutt remote crash
Reference: URL:http://marc.info/?l=bugtraq&m=107696262905039&w=2
Reference: BUGTRAQ:20040309 [OpenPKG-SA-2004.005] OpenPKG Security Advisory (mutt)
Reference: URL:http://marc.info/?l=bugtraq&m=107884956930903&w=2
Reference: CALDERA:CSSA-2004-013.0
Reference: URL:ftp://ftp.caldera.com/pub/security/OpenLinux/CSSA-2004-013.0.txt
Reference: CONFIRM:http://bugs.debian.org/126336
Reference: MANDRAKE:MDKSA-2004:010
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:010
Reference: OSVDB:3918
Reference: URL:http://www.osvdb.org/3918
Reference: OVAL:oval:org.mitre.oval:def:811
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A811
Reference: OVAL:oval:org.mitre.oval:def:838
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A838
Reference: REDHAT:RHSA-2004:050
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-050.html
Reference: REDHAT:RHSA-2004:051
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-051.html
Reference: SLACKWARE:SSA:2004-043
Reference: URL:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.405053
Reference: XF:mutt-index-menu-bo(15134)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15134

---

Name: CVE-2004-0080

Description:

The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data.

Status:Entry
Reference: BID:9558
Reference: URL:http://www.securityfocus.com/bid/9558
Reference: BUGTRAQ:20040331 OpenLinux: util-linux could leak sensitive data
Reference: URL:http://marc.info/?l=bugtraq&m=108077689801698&w=2
Reference: BUGTRAQ:20040408 LNSA-#2004-0010: login may leak sensitive data
Reference: URL:http://marc.info/?l=bugtraq&m=108144719532385&w=2
Reference: CERT-VN:VU#801526
Reference: URL:http://www.kb.cert.org/vuls/id/801526
Reference: GENTOO:GLSA-200404-06
Reference: URL:http://security.gentoo.org/glsa/glsa-200404-06.xml
Reference: OSVDB:3796
Reference: URL:http://www.osvdb.org/3796
Reference: REDHAT:RHSA-2004:056
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-056.html
Reference: SECUNIA:10773
Reference: URL:http://secunia.com/advisories/10773
Reference: SGI:20040201-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040201-01-U.asc
Reference: SGI:20040406-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U
Reference: XF:utillinux-information-leak(15016)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15016

---

Name: CVE-2004-0082

Description:

The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password.

Status:Entry
Reference: BID:9637
Reference: URL:http://www.securityfocus.com/bid/9637
Reference: CIAC:O-078
Reference: URL:http://www.ciac.org/ciac/bulletins/o-078.shtml
Reference: CONFIRM:http://us1.samba.org/samba/ftp/WHATSNEW-3.0.2a.txt
Reference: CONFIRM:http://www.vuxml.org/freebsd/3388eff9-5d6e-11d8-80e3-0020ed76ef5a.html
Reference: OSVDB:3919
Reference: URL:http://www.osvdb.org/3919
Reference: OVAL:oval:org.mitre.oval:def:827
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A827
Reference: REDHAT:RHSA-2004:064
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-064.html
Reference: XF:samba-mksmbpasswd-gain-access(15132)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15132

---

Name: CVE-2004-0089

Description:

Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x allows local users to gain privileges via a long environment variable.

Status:Entry
Reference: APPLE:APPLE-SA-2004-01-26
Reference: URL:http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html
Reference: ATSTAKE:A012704-1
Reference: URL:http://www.atstake.com/research/advisories/2004/a012704-1.txt
Reference: BID:9509
Reference: URL:http://www.securityfocus.com/bid/9509
Reference: CERT-VN:VU#902374
Reference: URL:http://www.kb.cert.org/vuls/id/902374
Reference: OSVDB:6821
Reference: URL:http://www.osvdb.org/6821
Reference: XF:macosx-trublue-environmentvariable-bo(14968)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14968

---

Name: CVE-2004-0093

Description:

XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI).

Status:Entry
Reference: BID:9701
Reference: URL:http://www.securityfocus.com/bid/9701
Reference: CONECTIVA:CLSA-2004:824
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000824
Reference: DEBIAN:DSA-443
Reference: URL:http://www.debian.org/security/2004/dsa-443
Reference: REDHAT:RHSA-2004:152
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-152.html
Reference: SGI:20040406-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U
Reference: XF:xfree86-glx-array-dos(15272)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15272

---

Name: CVE-2004-0094

Description:

Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI).

Status:Entry
Reference: BID:9701
Reference: URL:http://www.securityfocus.com/bid/9701
Reference: CONECTIVA:CLSA-2004:824
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000824
Reference: DEBIAN:DSA-443
Reference: URL:http://www.debian.org/security/2004/dsa-443
Reference: REDHAT:RHSA-2004:152
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-152.html
Reference: SGI:20040406-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040406-01-U
Reference: XF:xfree86-glx-integer-dos(15273)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15273

---

Name: CVE-2004-0095

Description:

McAfee ePolicy Orchestrator agent allows remote attackers to cause a denial of service (memory consumption and crash) and possibly execute arbitrary code via an HTTP POST request with an invalid Content-Length value, possibly triggering a buffer overflow.

Status:Entry
Reference: BID:9476
Reference: URL:http://www.securityfocus.com/bid/9476
Reference: CONFIRM:http://download.nai.com/products/patches/ePO/v3.1.0/EPO3013.zip
Reference: OSVDB:3744
Reference: URL:http://www.osvdb.org/3744
Reference: XF:epolicy-contentlength-post-dos(14989)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14989

---

Name: CVE-2004-0096

Description:

Unknown vulnerability in mod_python 2.7.9 allows remote attackers to cause a denial of service (httpd crash) via a certain query string, a variant of CAN-2003-0973.

Status:Entry
Reference: GENTOO:GLSA-200401-03
Reference: URL:http://security.gentoo.org/glsa/glsa-200401-03.xml
Reference: MLIST:[mod_python] 20040122 [ANNOUNCE] Mod_python 2.7.10
Reference: URL:http://www.modpython.org/pipermail/mod_python/2004-January/014879.html
Reference: REDHAT:RHSA-2004:058
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-058.html
Reference: REDHAT:RHSA-2004:063
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-063.html

---

Name: CVE-2004-0099

Description:

mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when creating a snapshot for a file system, which causes default values for other flags to be used, possibly disabling security-critical settings and allowing a local user to bypass intended access restrictions.

Status:Entry
Reference: BID:9533
Reference: URL:http://www.securityfocus.com/bid/9533
Reference: FREEBSD:FreeBSD-SA-04:01
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:01.mksnap_ffs.asc
Reference: OSVDB:3790
Reference: URL:http://www.osvdb.org/3790
Reference: XF:freebsd-mksnapffs-bypass-security(15005)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15005

---

Name: CVE-2004-0108

Description:

The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107.

Status:Entry
Reference: BID:9844
Reference: URL:http://www.securityfocus.com/bid/9844
Reference: DEBIAN:DSA-460
Reference: URL:http://www.debian.org/security/2004/dsa-460
Reference: REDHAT:RHSA-2004:053
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-053.html
Reference: SGI:20040302-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040302-01-U.asc
Reference: XF:sysstat-isag-symlink(15437)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15437

---

Name: CVE-2004-0111

Description:

gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.

Status:Entry
Reference: BID:9842
Reference: URL:http://www.securityfocus.com/bid/9842
Reference: DEBIAN:DSA-464
Reference: URL:http://www.debian.org/security/2004/dsa-464
Reference: FEDORA:FLSA:2005
Reference: URL:https://bugzilla.fedora.us/show_bug.cgi?id=2005
Reference: MANDRAKE:MDKSA-2004:020
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:020
Reference: OVAL:oval:org.mitre.oval:def:845
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A845
Reference: OVAL:oval:org.mitre.oval:def:846
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A846
Reference: REDHAT:RHSA-2004:102
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-102.html
Reference: REDHAT:RHSA-2004:103
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-103.html
Reference: XF:gdk-pixbuf-bitmap-dos(15426)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15426

---

Name: CVE-2004-0113

Description:

Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.

Status:Entry
Reference: APPLE:APPLE-SA-2004-05-03
Reference: URL:http://marc.info/?l=bugtraq&m=108369640424244&w=2
Reference: BID:9826
Reference: URL:http://www.securityfocus.com/bid/9826
Reference: BUGTRAQ:20040325 LNSA-#2004-0006: bug workaround for Apache 2.0.48
Reference: URL:http://marc.info/?l=bugtraq&m=108034113406858&w=2
Reference: CONECTIVA:CLSA-2004:839
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000839
Reference: CONFIRM:http://www.apacheweek.com/features/security-20
Reference: GENTOO:GLSA-200403-04
Reference: URL:http://security.gentoo.org/glsa/glsa-200403-04.xml
Reference: HP:SSRT4717
Reference: URL:http://marc.info/?l=bugtraq&m=108731648532365&w=2
Reference: MANDRAKE:MDKSA-2004:043
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:043
Reference: MISC:http://issues.apache.org/bugzilla/show_bug.cgi?id=27106
Reference: MLIST:[apache-cvs] 20040307 cvs commit: httpd-2.0/modules/ssl ssl_engine_io.c
Reference: URL:http://marc.info/?l=apache-cvs&m=107869699329638
Reference: MLIST:[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
Reference: URL:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/
Reference: URL:https://lists.apache.org/thread.html/re028d61fe612b0908595d658b9b39e74bca56f2a1ed3c5f06b5ab571@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/
Reference: URL:https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
Reference: URL:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/
Reference: URL:https://lists.apache.org/thread.html/raa117ef183f0da9b3f46efbeaa66f7622bd68868a450cae4fd8ed594@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/
Reference: URL:https://lists.apache.org/thread.html/r7035b7c9091c4b665a3b7205364775410646f12125d48e74e395f2ce@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4@%3Ccvs.httpd.apache.org%3E
Reference: MLIST:[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html
Reference: URL:https://lists.apache.org/thread.html/r5001ecf3d6b2bdd0b732e527654248abb264f08390045d30709a92f6@%3Ccvs.httpd.apache.org%3E
Reference: OSVDB:4182
Reference: URL:http://www.osvdb.org/4182
Reference: OVAL:oval:org.mitre.oval:def:876
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A876
Reference: REDHAT:RHSA-2004:084
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-084.html
Reference: REDHAT:RHSA-2004:182
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-182.html
Reference: TRUSTIX:2004-0017
Reference: URL:http://www.trustix.org/errata/2004/0017
Reference: XF:apache-modssl-plain-dos(15419)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15419

---

Name: CVE-2004-0114

Description:

The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vm_map_find function fails, which could allow local users to gain read or write access to a portion of kernel memory and gain privileges.

Status:Entry
Reference: BID:9586
Reference: URL:http://www.securityfocus.com/bid/9586
Reference: BUGTRAQ:20040205 [PINE-CERT-20040201] reference count overflow in shmat()
Reference: URL:http://marc.info/?l=bugtraq&m=107608375207601&w=2
Reference: CONFIRM:http://www.openbsd.org/errata33.html#sysvshm
Reference: FREEBSD:FreeBSD-SA-04:02
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:02.shmat.asc
Reference: MISC:http://www.pine.nl/press/pine-cert-20040201.txt
Reference: NETBSD:NetBSD-SA2004-004
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-004.txt.asc
Reference: OSVDB:3836
Reference: URL:http://www.osvdb.org/3836
Reference: XF:bsd-shmat-gain-privileges(15061)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15061

---

Name: CVE-2004-0115

Description:

VirtualPC_Services in Microsoft Virtual PC for Mac 6.0 through 6.1 allows local attackers to truncate and overwrite arbitrary files, and execute arbitrary code, via a symlink attack on the VPCServices_Log temporary file.

Status:Entry
Reference: ATSTAKE:A021004-1
Reference: URL:http://www.atstake.com/research/advisories/2004/a021004-1.txt
Reference: BID:9632
Reference: URL:http://www.securityfocus.com/bid/9632
Reference: CIAC:O-076
Reference: URL:http://www.ciac.org/ciac/bulletins/o-076.shtml
Reference: MS:MS04-005
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-005
Reference: OSVDB:3893
Reference: URL:http://www.osvdb.org/3893
Reference: XF:virtual-pc-gain-privileges(15113)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15113

---

Name: CVE-2004-0121

Description:

Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.

Status:Entry
Reference: BID:9827
Reference: URL:http://www.securityfocus.com/bid/9827
Reference: BUGTRAQ:20040310 Outlook mailto: URL argument injection vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=107893704602842&w=2
Reference: CERT:TA04-070A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA04-070A.html
Reference: CERT-VN:VU#305206
Reference: URL:http://www.kb.cert.org/vuls/id/305206
Reference: CIAC:O-096
Reference: URL:http://www.ciac.org/ciac/bulletins/o-096.shtml
Reference: IDEFENSE:20040309 Microsoft Outlook "mailto:" Parameter Passing Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=79&type=vulnerabilities
Reference: MS:MS04-009
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-009
Reference: OVAL:oval:org.mitre.oval:def:843
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A843
Reference: XF:outlook-mailtourl-execute-code(15414)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15414
Reference: XF:outlook-ms04009-patch(15429)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15429

---

Name: CVE-2004-0122

Description:

Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain requests, which allows remote attackers to read arbitrary files.

Status:Entry
Reference: BID:9828
Reference: URL:http://www.securityfocus.com/bid/9828
Reference: CERT-VN:VU#688094
Reference: URL:http://www.kb.cert.org/vuls/id/688094
Reference: MS:MS04-010
Reference: URL:https://docs.microsoft.com/en-us/security-updates/securitybulletins/2004/ms04-010
Reference: OVAL:oval:org.mitre.oval:def:844
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A844
Reference: XF:msn-ms04010-patch(15427)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15427
Reference: XF:msn-request-view-files(15415)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15415

---

Name: CVE-2004-0126

Description:

The jail_attach system call in FreeBSD 5.1 and 5.2 changes the directory of a calling process even if the process doesn't have permission to change directory, which allows local users to gain read/write privileges to files and directories within another jail.

Status:Entry
Reference: BID:9762
Reference: URL:http://www.securityfocus.com/bid/9762
Reference: FREEBSD:FreeBSD-SA-04:03
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:03.jail.asc
Reference: OSVDB:4101
Reference: URL:http://www.osvdb.org/4101
Reference: XF:freebsd-jailattach-gain-privileges(15344)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15344

---

Name: CVE-2004-0128

Description:

PHP remote file inclusion vulnerability in the GEDCOM configuration script for phpGedView 2.65.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains a malicious theme.php script.

Status:Entry
Reference: BID:9531
Reference: URL:http://www.securityfocus.com/bid/9531
Reference: BUGTRAQ:20040129 PHP Code Injection Vulnerabilities in phpGedView 2.65.1 and prior
Reference: URL:http://www.securityfocus.com/archive/1/352355
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=141517
Reference: OSVDB:3769
Reference: URL:http://www.osvdb.org/3769
Reference: SECUNIA:10753
Reference: URL:http://secunia.com/advisories/10753/
Reference: XF:phpgedview-gedfilconf-file-include(14987)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14987

---

Name: CVE-2004-0129

Description:

Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in the what parameter.

Status:Entry
Reference: BID:9564
Reference: URL:http://www.securityfocus.com/bid/9564
Reference: BUGTRAQ:20040203 Arbitrary File Disclosure Vulnerability in phpMyAdmin 2.5.5-pl1 and prior
Reference: URL:http://marc.info/?l=bugtraq&m=107582619125932&w=2
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=350228
Reference: CONFIRM:http://www.phpmyadmin.net/home_page/relnotes.php?rel=0
Reference: GENTOO:GLSA-200402-05
Reference: URL:http://security.gentoo.org/glsa/glsa-200402-05.xml
Reference: OSVDB:3800
Reference: URL:http://www.osvdb.org/3800
Reference: SECUNIA:10769
Reference: URL:http://secunia.com/advisories/10769
Reference: XF:phpmyadmin-dotdot-directory-traversal(15021)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15021

---

Name: CVE-2004-0131

Description:

The rad_print_request function in logger.c for GNU Radius daemon (radiusd) before 1.2 allows remote attackers to cause a denial of service (crash) via a UDP packet with an Acct-Status-Type attribute without a value and no Acct-Session-Id attribute, which causes a null dereference.

Status:Entry
Reference: BID:9578
Reference: URL:http://www.securityfocus.com/bid/9578
Reference: CERT-VN:VU#277396
Reference: URL:http://www.kb.cert.org/vuls/id/277396
Reference: CONFIRM:http://ftp.gnu.org/gnu/radius/radius-1.2.tar.gz
Reference: IDEFENSE:20040204 GNU Radius Remote Denial of Service Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=71&type=vulnerabilities&flashstatus=true
Reference: OSVDB:3824
Reference: URL:http://www.osvdb.org/3824
Reference: SECUNIA:10799
Reference: URL:http://secunia.com/advisories/10799
Reference: XF:radius-radprintrequest-dos(15046)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15046

---

Name: CVE-2004-0148

Description:

wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.

Status:Entry
Reference: BID:9832
Reference: URL:http://www.securityfocus.com/bid/9832
Reference: DEBIAN:DSA-457
Reference: URL:http://www.debian.org/security/2004/dsa-457
Reference: FRSIRT:ADV-2006-1867
Reference: URL:http://www.frsirt.com/english/advisories/2006/1867
Reference: HP:SSRT4704
Reference: URL:http://marc.info/?l=bugtraq&m=108999466902690&w=2
Reference: OVAL:oval:org.mitre.oval:def:1147
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1147
Reference: OVAL:oval:org.mitre.oval:def:1636
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1636
Reference: OVAL:oval:org.mitre.oval:def:1637
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1637
Reference: OVAL:oval:org.mitre.oval:def:648
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A648
Reference: REDHAT:RHSA-2004:096
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-096.html
Reference: SCO:SCOSA-2005.6
Reference: SECUNIA:11055
Reference: URL:http://secunia.com/advisories/11055
Reference: SECUNIA:20168
Reference: URL:http://secunia.com/advisories/20168
Reference: SUNALERT:102356
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-102356-1
Reference: XF:wuftpd-restrictedgid-gain-access(15423)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15423

---

Name: CVE-2004-0150

Description:

Buffer overflow in the getaddrinfo function in Python 2.2 before 2.2.2, when IPv6 support is disabled, allows remote attackers to execute arbitrary code via an IPv6 address that is obtained using DNS.

Status:Entry
Reference: BID:9836
Reference: URL:http://www.securityfocus.com/bid/9836
Reference: DEBIAN:DSA-458
Reference: URL:http://www.debian.org/security/2004/dsa-458
Reference: GENTOO:GLSA-200409-03
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200409-03.xml
Reference: MANDRAKE:MDKSA-2004:019
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:019
Reference: OSVDB:4172
Reference: URL:http://www.osvdb.org/4172
Reference: XF:python-getaddrinfo-bo(15409)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15409

---

Name: CVE-2004-0159

Description:

Format string vulnerability in hsftp 1.11 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via file names containing format string characters that are not properly handled when executing an "ls" command.

Status:Entry
Reference: BID:9715
Reference: URL:http://www.securityfocus.com/bid/9715
Reference: DEBIAN:DSA-447
Reference: URL:https://www.debian.org/security/2004/dsa-447
Reference: FULLDISC:20040223 Re: [SECURITY] [DSA 447-1] New hsftp packages fix format string vulnerability
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/017737.html
Reference: OSVDB:4029
Reference: URL:http://www.osvdb.org/4029
Reference: XF:hsftp-format-string(15276)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15276

---

Name: CVE-2004-0160

Description:

Synaesthesia 2.2 and earlier allows local users to execute arbitrary code via a symlink attack on the configuration file.

Status:Entry
Reference: BID:9713
Reference: URL:http://www.securityfocus.com/bid/9713
Reference: DEBIAN:DSA-446
Reference: URL:http://www.debian.org/security/2004/dsa-446
Reference: XF:synaesthesia-configuration-symlink-attack(15279)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15279

---

Name: CVE-2004-0165

Description:

Format string vulnerability in Point-to-Point Protocol (PPP) daemon (pppd) 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers to read arbitrary pppd process data, including PAP or CHAP authentication credentials, to gain privileges.

Status:Entry
Reference: APPLE:APPLE-SA-2004-02-23
Reference: URL:http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html
Reference: ATSTAKE:A022304-1
Reference: URL:http://www.atstake.com/research/advisories/2004/a022304-1.txt
Reference: BID:9730
Reference: URL:http://www.securityfocus.com/bid/9730
Reference: CERT-VN:VU#841742
Reference: URL:http://www.kb.cert.org/vuls/id/841742
Reference: OSVDB:6822
Reference: URL:http://www.osvdb.org/6822
Reference: XF:macos-pppd-format-string(15297)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15297

---

Name: CVE-2004-0167

Description:

DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly initialize writeable removable media.

Status:Entry
Reference: APPLE:APPLE-SA-2004-02-23
Reference: URL:http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html
Reference: BID:9731
Reference: URL:http://www.securityfocus.com/bid/9731
Reference: CERT-VN:VU#578886
Reference: URL:http://www.kb.cert.org/vuls/id/578886
Reference: OSVDB:6824
Reference: URL:http://www.osvdb.org/6824
Reference: SECUNIA:10959
Reference: URL:http://secunia.com/advisories/10959
Reference: XF:macos-diskarbitration-unknown(15300)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15300

---

Name: CVE-2004-0169

Description:

QuickTime Streaming Server in MacOS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (crash) via DESCRIBE requests with long User-Agent fields, which causes an Assert error to be triggered in the BufferIsFull function.

Status:Entry
Reference: APPLE:APPLE-SA-2004-02-23
Reference: URL:http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html
Reference: BID:9735
Reference: URL:http://www.securityfocus.com/bid/9735
Reference: CERT-VN:VU#460350
Reference: URL:http://www.kb.cert.org/vuls/id/460350
Reference: IDEFENSE:20040223 Darwin Streaming Server Remote Denial of Service Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=75&type=vulnerabilities
Reference: OSVDB:6826
Reference: URL:http://www.osvdb.org/6826
Reference: OSVDB:6837
Reference: URL:http://www.osvdb.org/6837
Reference: XF:darwin-describe-request-dos(15291)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15291

---

Name: CVE-2004-0171

Description:

FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote attackers to cause a denial of service (resource exhaustion of memory buffers and system crash) via a large number of out-of-sequence TCP packets, which prevents the operating system from creating new connections.

Status:Entry
Reference: APPLE:APPLE-SA-2004-05-28
Reference: URL:http://lists.seifried.org/pipermail/security/2004-May/003743.html
Reference: BID:9792
Reference: URL:http://www.securityfocus.com/bid/9792
Reference: CERT-VN:VU#395670
Reference: URL:http://www.kb.cert.org/vuls/id/395670
Reference: FREEBSD:FreeBSD-SA-04:04
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-04:04.tcp.asc
Reference: IDEFENSE:20040302 FreeBSD Memory Buffer Exhaustion Denial of Service Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=78&type=vulnerabilities
Reference: OSVDB:4124
Reference: URL:http://www.osvdb.org/4124
Reference: XF:freebsd-mbuf-dos(15369)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15369

---

Name: CVE-2004-0173

Description:

Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.

Status:Entry
Reference: BID:9733
Reference: URL:http://www.securityfocus.com/bid/9733
Reference: BUGTRAQ:20040224 STG Security Advisory: [SSA-20040217-06] Apache for cygwin
Reference: URL:http://marc.info/?l=bugtraq&m=107765545431387&w=2
Reference: CONFIRM:http://issues.apache.org/bugzilla/show_bug.cgi?id=26152
Reference: CONFIRM:http://www.apacheweek.com/issues/04-03-12
Reference: FULLDISC:20040224 STG Security Advisory: [SSA-20040217-06] Apache for cygwin directory traversal vulnerability
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/017740.html
Reference: SECUNIA:10962
Reference: URL:http://secunia.com/advisories/10962
Reference: XF:apache-cygwin-directory-traversal(15293)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15293

---

Name: CVE-2004-0185

Description:

Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name.

Status:Entry
Reference: BID:8893
Reference: URL:http://www.securityfocus.com/bid/8893
Reference: CONFIRM:ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/skeychallenge.patch
Reference: DEBIAN:DSA-457
Reference: URL:http://www.debian.org/security/2004/dsa-457
Reference: MISC:http://unixpunx.org/txt/exploits_archive/packetstorm/0310-advisories/wuftpd-skey.txt
Reference: MISC:http://www.securiteam.com/unixfocus/6X00Q1P8KC.html
Reference: REDHAT:RHSA-2004:096
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-096.html
Reference: XF:wuftpd-skey-bo(13518)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/13518

---

Name: CVE-2004-0186

Description:

smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted.

Status:Entry
Reference: BID:9619
Reference: URL:http://www.securityfocus.com/bid/9619
Reference: BUGTRAQ:20040209 Samba 3.x + kernel 2.6.x local root vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=107636290906296&w=2
Reference: BUGTRAQ:20040211 Re: Samba 3.x + kernel 2.6.x local root vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=107657505718743&w=2
Reference: DEBIAN:DSA-463
Reference: URL:http://www.debian.org/security/2004/dsa-463
Reference: OSVDB:3916
Reference: URL:http://www.osvdb.org/3916
Reference: XF:samba-smbmnt-gain-privileges(15131)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15131

---

Name: CVE-2004-0188

Description:

Heap-based buffer overflow in Calife 2.8.5 and earlier may allow local users to execute arbitrary code via a long password.

Status:Entry
Reference: BID:9756
Reference: URL:http://www.securityfocus.com/bid/9756
Reference: BID:9776
Reference: URL:http://www.securityfocus.com/bid/9776
Reference: BUGTRAQ:20040227 Calife heap corrupt / potential local root exploit
Reference: URL:http://marc.info/?l=bugtraq&m=107789737832092&w=2
Reference: BUGTRAQ:20040227 Re: Calife heap corrupt / potential local root exploit
Reference: DEBIAN:DSA-461
Reference: URL:http://www.debian.org/security/2004/dsa-461
Reference: XF:calife-long-password-bo(15335)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15335

---

Name: CVE-2004-0189

Description:

The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.

Status:Entry
Reference: BID:9778
Reference: URL:http://www.securityfocus.com/bid/9778
Reference: BUGTRAQ:20040401 [OpenPKG-SA-2004.008] OpenPKG Security Advisory (squid)
Reference: URL:http://marc.info/?l=bugtraq&m=108084935904110&w=2
Reference: CONECTIVA:CLA-2004:838
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000838
Reference: CONFIRM:http://www.squid-cache.org/Advisories/SQUID-2004_1.txt
Reference: DEBIAN:DSA-474
Reference: URL:http://www.debian.org/security/2004/dsa-474
Reference: GENTOO:GLSA-200403-11
Reference: URL:http://security.gentoo.org/glsa/glsa-200403-11.xml
Reference: MANDRAKE:MDKSA-2004:025
Reference: URL:http://www.mandrakesoft.com/security/advisories?name=MDKSA-2004:025
Reference: OSVDB:5916
Reference: URL:http://www.osvdb.org/5916
Reference: OVAL:oval:org.mitre.oval:def:877
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A877
Reference: OVAL:oval:org.mitre.oval:def:941
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A941
Reference: REDHAT:RHSA-2004:133
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-133.html
Reference: REDHAT:RHSA-2004:134
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-134.html
Reference: SCO:SCOSA-2005.16
Reference: URL:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.16/SCOSA-2005.16.txt
Reference: SGI:20040404-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20040404-01-U.asc
Reference: XF:squid-urlregex-acl-bypass(15366)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15366

---

Name: CVE-2004-0190

Description:

Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges.

Status:Entry
Reference: BID:9784
Reference: URL:http://www.securityfocus.com/bid/9784
Reference: BUGTRAQ:20040216 Symantec FireWall/VPN Appliance model 200 leak of security
Reference: URL:http://marc.info/?l=bugtraq&m=107694794031839&w=2
Reference: FULLDISC:20040216 Symantec FireWall/VPN Appliance model 200 leak of security
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/017414.html
Reference: OSVDB:4117
Reference: URL:http://www.osvdb.org/4117
Reference: XF:symantec-firewallvpn-password-plaintext(15212)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15212

---

Name: CVE-2004-0191

Description:

Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events.

Status:Entry
Reference: BID:9747
Reference: URL:http://www.securityfocus.com/bid/9747
Reference: BUGTRAQ:20040225 Sandblad #13: Cross-domain exploit on zombie document with event handlers
Reference: URL:http://marc.info/?l=bugtraq&m=107774710729469&w=2
Reference: CONFIRM:http://bugzilla.mozilla.org/show_bug.cgi?id=227417
Reference: HP:SSRT4722
Reference: URL:http://marc.info/?l=bugtraq&m=108448379429944&w=2
Reference: OSVDB:4062
Reference: URL:http://www.osvdb.org/4062
Reference: OVAL:oval:org.mitre.oval:def:874
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A874
Reference: OVAL:oval:org.mitre.oval:def:937
Reference: URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A937
Reference: REDHAT:RHSA-2004:110
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-110.html
Reference: REDHAT:RHSA-2004:112
Reference: URL:http://www.redhat.com/support/errata/RHSA-2004-112.html
Reference: XF:mozilla-event-handler-xss(15322)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15322

---

Name: CVE-2004-0193

Description:

Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username.

Status:Entry
Reference: BID:9752
Reference: URL:http://www.securityfocus.com/bid/9752
Reference: BUGTRAQ:20040227 EEYE: RealSecure/BlackICE Server Message Block (SMB) Processing Overflow
Reference: URL:http://marc.info/?l=bugtraq&m=107789851117176&w=2
Reference: CERT-VN:VU#150326
Reference: URL:http://www.kb.cert.org/vuls/id/150326
Reference: EEYE:AD20040226
Reference: URL:http://www.eeye.com/html/Research/Advisories/AD20040226.html
Reference: ISS:20040226 Vulnerability in SMB Parsing in ISS Products
Reference: URL:http://xforce.iss.net/xforce/alerts/id/165
Reference: MISC:http://www.eeye.com/html/Research/Upcoming/20040213.html
Reference: OSVDB:4072
Reference: URL:http://www.osvdb.org/4072
Reference: SECUNIA:10988
Reference: URL:http://secunia.com/advisories/10988
Reference: XF:pam-smb-protocol-bo(15207)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15207

---

Name: CVE-2004-0194

Description:

Stack-based buffer overflow in the OutputDebugString function for Adobe Acrobat Reader 5.1 allows remote attackers to execute arbitrary code via a PDF document with XML Forms Data Format (XFDF) data.

Status:Entry
Reference: BID:9802
Reference: URL:http://www.securityfocus.com/bid/9802
Reference: BUGTRAQ:20040303 Abobe Reader 5.1 XFDF Buffer Overflow Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=107842545022724&w=2
Reference: FULLDISC:20040303 Adobe Acrobat Reader XML Forms Data Format Buffer Overflow
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018227.html
Reference: MISC:http://www.nextgenss.com/advisories/adobexfdf.txt
Reference: OSVDB:4135
Reference: URL:http://www.osvdb.org/4135
Reference: XF:acrobatreader-xfdf-bo(15384)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15384

---

Name: CVE-2004-0256

Description:

GNU libtool before 1.5.2, during compile time, allows local users to overwrite arbitrary files via a symlink attack on libtool directories in /tmp.

Status:Entry
Reference: BID:9530
Reference: URL:http://www.securityfocus.com/bid/9530
Reference: BUGTRAQ:20040130 Symlink Vulnerability in GNU libtool <1.5.2
Reference: URL:http://www.securityfocus.com/archive/1/352333
Reference: BUGTRAQ:20040203 Re: Symlink Vulnerability in GNU libtool <1.5.2
Reference: CONECTIVA:CLA-2004:811
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000811
Reference: MISC:http://www.geocrawler.com/mail/msg.php3?msg_id=3438808&list=405
Reference: OSVDB:3795
Reference: URL:http://www.osvdb.org/3795
Reference: SECUNIA:10777
Reference: URL:http://secunia.com/advisories/10777
Reference: XF:libtool-insecure-temp-directory(15017)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15017

---

Name: CVE-2004-0257

Description:

OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a denial of service (crash) by sending an IPv6 packet with a small MTU to a listening port and then issuing a TCP connect to that port.

Status:Entry
Reference: BID:9577
Reference: URL:http://www.securityfocus.com/bid/9577
Reference: BUGTRAQ:20040205 OpenBSD IPv6 remote kernel crash
Reference: URL:http://marc.info/?l=bugtraq&m=107604603226564&w=2
Reference: CONFIRM:http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet6/ip6_output.c
Reference: FULLDISC:20040204 Remote openbsd crash with ip6, yet still openbsd much better than windows
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2004-February/016704.html
Reference: MISC:http://www.guninski.com/obsdmtu.html
Reference: NETBSD:NetBSD-SA2004-002
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2004-002.txt.asc
Reference: OSVDB:3825
Reference: URL:http://www.osvdb.org/3825
Reference: XF:openbsd-ipv6-dos(15044)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15044

---

Name: CVE-2004-0261

Description:

oj.cgi in OpenJournal 2.0 through 2.0.5 allows remote attackers to bypass authentication and access the control panel via a 0 in the uid parameter.

Status:Entry
Reference: BID:9598
Reference: URL:http://www.securityfocus.com/bid/9598
Reference: BUGTRAQ:20040206 Open Journal Blog Authenticaion Bypassing Vulnerability
Reference: URL:http://marc.info/?l=bugtraq&m=107619136600713&w=2
Reference: CONFIRM:http://www.grohol.com/downloads/oj/latest/changelog.txt
Reference: FULLDISC:20040206 Open Journal Blog Authenticaion Bypassing Vulnerability
Reference: OSVDB:3872
Reference: URL:http://www.osvdb.org/3872
Reference: XF:openjournal-uid-admin-access(15069)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15069

---

Name: CVE-2004-0263

Description:

PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.

Status:Entry
Reference: BID:9599
Reference: URL:http://www.securityfocus.com/bid/9599
Reference: GENTOO:GLSA-200402-01
Reference: URL:http://security.gentoo.org/glsa/glsa-200402-01.xml
Reference: OSVDB:3878
Reference: URL:http://www.osvdb.org/3878
Reference: XF:php-virtualhost-info-disclosure(15072)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15072

---

Name: CVE-2004-0270

Description:

libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service (crash) via a uuencoded e-mail message with an invalid line length (e.g., a lowercase character), which causes an assert error in clamd that terminates the calling program.

Status:Entry
Reference: BID:9610
Reference: URL:http://www.securityfocus.com/bid/9610
Reference: BUGTRAQ:20040209 clamav 0.65 remote DOS exploit
Reference: URL:http://marc.info/?l=bugtraq&m=107634700823822&w=2
Reference: CONFIRM:http://www.freebsd.org/cgi/query-pr.cgi?pr=62586
Reference: GENTOO:GLSA-200402-07
Reference: URL:http://security.gentoo.org/glsa/glsa-200402-07.xml
Reference: OSVDB:3894
Reference: URL:http://www.osvdb.org/3894
Reference: XF:clam-antivirus-uuencoded-dos(15077)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15077

---

Name: CVE-2004-0273

Description:

Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file.

Status:Entry
Reference: BID:9580
Reference: URL:http://www.securityfocus.com/bid/9580
Reference: BUGTRAQ:20040210 Directory traversal in RealPlayer allows code execution
Reference: URL:http://marc.info/?l=bugtraq&m=107642978524321&w=2
Reference: CERT-VN:VU#514734
Reference: URL:http://www.kb.cert.org/vuls/id/514734
Reference: CONFIRM:http://service.real.com/help/faq/security/040123_player/EN/
Reference: XF:realoneplayer-rmp-directory-traversal(15123)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15123

---

Name: CVE-2004-0274

Description:

Share.mod in Eggheads Eggdrop IRC bot 1.6.10 through 1.6.15 can mistakenly assign STAT_OFFERED status to a bot that is not a sharebot, which allows remote attackers to use STAT_OFFERED to promote a bot to a sharebot and conduct unauthorized activities.

Status:Entry
Reference: BID:9606
Reference: URL:http://www.securityfocus.com/bid/9606
Reference: BUGTRAQ:20040208 Eggrop bug
Reference: URL:http://marc.info/?l=bugtraq&m=107634593827102&w=2
Reference: BUGTRAQ:20040210 Re: Eggrop bug
Reference: URL:http://marc.info/?l=bugtraq&m=107643315623958&w=2
Reference: CONFIRM:http://www.eggheads.org/news/2004/04/10/26
Reference: MISC:http://mogan.nonsoloirc.com/egg_advisory.txt
Reference: OSVDB:3928
Reference: URL:http://www.osvdb.org/3928
Reference: XF:eggdrop-sharemod-gain-access(15084)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15084

---

Name: CVE-2004-0276

Description:

The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request with a sequence of "%" characters and a missing Host field.

Status:Entry
Reference: BID:9642
Reference: URL:http://www.securityfocus.com/bid/9642
Reference: BUGTRAQ:20040211 Denial of Service in Monkey httpd <= 0.8.1
Reference: URL:http://marc.info/?l=bugtraq&m=107652610506968&w=2
Reference: CONFIRM:http://monkeyd.sourceforge.net/
Reference: MISC:http://aluigi.altervista.org/poc/monkeydos.zip
Reference: OSVDB:3921
Reference: URL:http://www.osvdb.org/3921
Reference: XF:monkey-getrealstring-dos(15187)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15187

---

Name: CVE-2004-0297

Description:

Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via an LDAP message with a large tag length.

Status:Entry
Reference: BID:9682
Reference: URL:http://www.securityfocus.com/bid/9682
Reference: CERT-VN:VU#972334
Reference: URL:http://www.kb.cert.org/vuls/id/972334
Reference: CONFIRM:http://www.ipswitch.com/support/imail/releases/imail_professional/im805HF2.html
Reference: IDEFENSE:20040217 Ipswitch IMail LDAP Daemon Remote Buffer Overflow
Reference: URL:http://www.idefense.com/application/poi/display?id=74
Reference: OSVDB:3984
Reference: URL:http://www.osvdb.org/3984
Reference: XF:imail-ldap-tag-bo(15243)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15243

---

Name: CVE-2004-0306

Description:

Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS 15600 before 1.3(0) enable TFTP service on UDP port 69 by default, which allows remote attackers to GET or PUT ONS system files on the current active TCC in the /flash0 or /flash1 directories.

Status:Entry
Reference: BID:9699
Reference: URL:http://www.securityfocus.com/bid/9699
Reference: CISCO:20040219 Cisco ONS 15327, ONS 15454, ONS 15454 SDH, and ONS 15600 Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20040219-ONS.shtml
Reference: XF:cisco-ons-file-upload(15264)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15264

---

Name: CVE-2004-0307

Description:

Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), and ONS 15454 SD before 4.1(3) allows remote attackers to cause a denial of service (reset) by not sending the ACK portion of the TCP three-way handshake and sending an invalid response instead.

Status:Entry
Reference: BID:9699
Reference: URL:http://www.securityfocus.com/bid/9699
Reference: CISCO:20040219 Cisco ONS 15327, ONS 15454, ONS 15454 SDH, and ONS 15600 Vulnerabilities
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20040219-ONS.shtml
Reference: OSVDB:4009
Reference: URL:http://www.osvdb.org/4009
Reference: XF:cisco-ons-ack-dos(15265)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15265

---

Name: CVE-2004-0309

Description:

Stack-based buffer overflow in the SMTP service support in vsmon.exe in Zone Labs ZoneAlarm before 4.5.538.001, ZoneLabs Integrity client 4.0 before 4.0.146.046, and 4.5 before 4.5.085, allows remote attackers to execute arbitrary code via a long RCPT TO argument.

Status:Entry
Reference: BID:9696
Reference: URL:http://www.securityfocus.com/bid/9696
Reference: BUGTRAQ:20040219 EEYE: ZoneLabs SMTP Processing Buffer Overflow
Reference: URL:http://marc.info/?l=bugtraq&m=107722656827427&w=2
Reference: CERT-VN:VU#619982
Reference: URL:http://www.kb.cert.org/vuls/id/619982
Reference: CIAC:O-084
Reference: URL:http://www.ciac.org/ciac/bulletins/o-084.shtml
Reference: CONFIRM:http://download.zonelabs.com/bin/free/securityAlert/8.html
Reference: OSVDB:3991
Reference: URL:http://www.osvdb.org/3991
Reference: XF:zonelabs-multiple-products-bo(14991)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/14991

---

Name: CVE-2004-0320

Description:

Unknown vulnerability in nCipher Hardware Security Modules (HSM) 1.67.x through 1.99.x allows local users to access secrets stored in the module's run-time memory via certain sequences of commands.

Status:Entry
Reference: BID:9717
Reference: URL:http://www.securityfocus.com/bid/9717
Reference: BUGTRAQ:20040223 nCipher Advisory #9: Host-side attackers can access secret data
Reference: URL:http://marc.info/?l=bugtraq&m=107755899018249&w=2
Reference: OSVDB:4055
Reference: URL:http://www.osvdb.org/4055
Reference: XF:ncipher-hsm-obtain-info(15281)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15281

---

Name: CVE-2004-0336

Description:

LAN SUITE Web Mail 602Pro allows remote attackers to gain sensitive information via the mail login form, which contains the path to the mail directory.

Status:Entry
Reference: BID:9781
Reference: URL:http://www.securityfocus.com/bid/9781
Reference: BUGTRAQ:20040228 LAN SUITE Web Mail 602Pro Multiple Vulnerabilities
Reference: URL:http://marc.info/?l=bugtraq&m=107799540630302&w=2
Reference: BUGTRAQ:20040310 Re: LAN SUITE Web Mail 602Pro Multiple Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2004-03/0096.html
Reference: XF:602pro-path-disclosure(15350)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15350

---

Name: CVE-2004-0347

Description:

Cross-site scripting (XSS) vulnerability in delhomepage.cgi in NetScreen-SA 5000 Series running firmware 3.3 Patch 1 (build 4797) allows remote authenticated users to execute arbitrary script as other users via the row parameter.

Status:Entry
Reference: BID:9791
Reference: URL:http://www.securityfocus.com/bid/9791
Reference: BUGTRAQ:20040302 03-02-04 XSS Bug in NetScreen-SA 5000 Series of SSL VPN appliance
Reference: URL:http://marc.info/?l=bugtraq&m=107826362024112&w=2
Reference: BUGTRAQ:20040304 NetScreen Advisory 58412: XSS Bug in NetScreen-SA SSL VPN
Reference: URL:http://marc.info/?l=bugtraq&m=107850564102190&w=2
Reference: CERT-VN:VU#114070
Reference: URL:http://www.kb.cert.org/vuls/id/114070
Reference: FULLDISC:20040302 03-02-04 XSS Bug in NetScreen-SA 5000 Series of SSL VPN appliance
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2004-March/018120.html
Reference: XF:netscreen-delhomepagecgi-xss(15368)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15368

---

Name: CVE-2004-0356

Description:

Stack-based buffer overflow in Supervisor Report Center in SL Mail Pro 2.0.9 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a long HTTP sub-version.

Status:Entry
Reference: BID:9809
Reference: URL:http://www.securityfocus.com/bid/9809
Reference: BUGTRAQ:20040305 SLMail Pro Supervisor Report Center Buffer Overflow (#NISR05022004a)
Reference: URL:http://marc.info/?l=bugtraq&m=107850488326232&w=2
Reference: CONFIRM:http://216.26.170.92/Download/webfiles/Patches/SLMPPatch-2.0.14.pdf
Reference: MISC:http://www.nextgenss.com/advisories/slmailsrc.txt
Reference: XF:slmail-src-stack-bo(15398)
Reference: URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/15398