-
Entry
Buffer overflow in NFS mountd gives root access to remote attackers, mostly in Linux systems.
[121]
[CA-98.12.mountd]
[J-006]
[19981006-01-I]
[linux-mountd-bo]
-
Entry
Execute commands as root via buffer overflow in Tooltalk database server (rpc.ttdbserverd).
[122]
[CA-98.11.tooltalk]
[NAI-29]
[19981101-01-A]
[19981101-01-PX]
[aix-ttdbserver]
[tooltalk]
-
Entry
Arbitrary command execution via IMAP buffer overflow in authenticate command.
[130]
[CA-98.09.imapd]
[00177]
[imap-authenticate-bo]
-
Entry
Buffer overflow in POP servers based on BSD/Qualcomm's qpopper allows remote attackers to gain root access using a long PASS command.
[AA-98.01]
[133]
[CA-98.08.qpopper_vul]
[19980801-01-I]
[qpopper-pass-overflow]
-
Entry
Information from SSL-encrypted sessions via PKCS #1.
[CA-98.07.PKCS]
[MS98-002]
[nt-ssl-fix]
-
Entry
Buffer overflow in NIS+, in Sun's rpc.nisd program.
[CA-98.06.nisd]
[June10,1998]
[00170]
[nisd-bo-check]
-
Entry
Inverse query buffer overflow in BIND 4.9 and BIND 8 Releases.
[134]
[CA-98.05.bind_problems]
[HPSBUX9808-083]
[19980603-01-PX]
[00180]
[bind-bo]
-
Entry
Denial of Service vulnerability in BIND 8 Releases via maliciously formatted DNS messages.
[CA-98.05.bind_problems]
[HPSBUX9808-083]
[19980603-01-PX]
[bind-dos]
-
Entry
Denial of Service vulnerabilities in BIND 4.9 and BIND 8 Releases via CNAME record and zone transfer.
[CA-98.05.bind_problems]
[HPSBUX9808-083]
[19980603-01-PX]
[00180]
[bind-axfr-dos]
-
Entry
Some web servers under Microsoft Windows allow remote attackers to bypass access restrictions for files with long file names.
[CA-98.04.Win32.WebServers]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0012]
[nt-web8.3]
-
Entry
Stolen credentials from SSH clients via ssh-agent program, allowing other local users to access remote accounts belonging to the ssh-agent user.
[CA-98.03.ssh-agent]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0013]
[NAI-24]
[ssh-agent]
-
Entry
Unauthorized privileged access or denial of service via dtappgather program in CDE.
[CA-98.02.CDE]
[HPSBUX9801-075]
[00185]
-
Entry
Land IP denial of service.
[CA-97.28.Teardrop_Land]
[http://www.cisco.com/warp/public/770/land-pub.shtml]
[FreeBSD-SA-98:01]
[HPSBUX9801-076]
[95-verv-tcp]
[cisco-land]
[land]
[land-patch]
[ver-tcpip-sys]
-
Entry
FTP servers can allow an attacker to connect to arbitrary ports on machines other than the FTP client, aka FTP bounce.
[CA-97.27.FTP_bounce]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0017]
[ftp-bounce]
[ftp-privileged-port]
-
Entry
Buffer overflow in statd allows root privileges.
[AA-97.29]
[127]
[CA-97.26.statd]
[statd]
-
Entry
Delete or create a file via rpc.statd, due to invalid information.
[CA-96.09.rpc.statd]
[00135]
[rpc-stat]
-
Entry
Arbitrary command execution via buffer overflow in Count.cgi (wwwcount) cgi-bin program.
[128]
[19971010 Security flaw in Count.cgi (wwwcount)]
[CA-97.24.Count_cgi]
[http-cgi-count]
-
Entry
Local user gains root privileges via buffer overflow in rdist, via expstr() function.
[CA-97.23.rdist]
[00179]
[rdist-bo3]
[rdist-sept97]
-
Entry
Local user gains root privileges via buffer overflow in rdist, via lookup() function.
[CA-96.14.rdist_vul]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0023]
[rdist-bo]
[rdist-bo2]
-
Entry
DNS cache poisoning via BIND, by predictable query IDs.
[CA-97.22.bind]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0024]
[NAI-11]
[bind]
-
Entry
root privileges via buffer overflow in df command on SGI IRIX systems.
[AA-97.19.IRIX.df.buffer.overflow.vul]
[346]
[CA-1997-21]
[VU#20851]
[SGI:19970505-01-A]
[SGI:19970505-02-PX]
[df-bo(440)]
-
Entry
root privileges via buffer overflow in pset command on SGI IRIX systems.
[AA-97.20.IRIX.pset.buffer.overflow.vul]
[CA-97.21.sgi_buffer_overflow]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0026]
[pset-bo]
-
Entry
root privileges via buffer overflow in eject command on SGI IRIX systems.
[AA-97.21.IRIX.eject.buffer.overflow.vul]
[CA-97.21.sgi_buffer_overflow]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0027]
[eject-bo]
-
Entry
root privileges via buffer overflow in login/scheme command on SGI IRIX systems.
[AA-97.22.IRIX.login.scheme.buffer.overflow.vul]
[CA-97.21.sgi_buffer_overflow]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0028]
[sgi-schemebo]
-
Entry
root privileges via buffer overflow in ordist command on SGI IRIX systems.
[AA-97.23-IRIX.ordist.buffer.overflow.vul]
[CA-97.21.sgi_buffer_overflow]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0029]
[ordist-bo]
-
Entry
JavaScript in Internet Explorer 3.x and 4.x, and Netscape 2.x, 3.x and 4.x, allows remote attackers to monitor a user's web activities, aka the Bell Labs vulnerability.
[CA-97.20.javascript]
[HPSBUX9707-065]
-
Entry
Buffer overflow in lpr, as used in BSD-based systems including Linux, allows local users to execute arbitrary code as root via a long -C (classification) command line option.
[AA-96.12]
[707]
[19960813 Possible bufferoverflow condition in lpr, xterm and xload]
[19961025 Linux & BSD's lpr exploit]
[CA-97.19.bsdlp]
[H-08]
[I-042]
[[freebsd-security] 19961025 Vadim Kolontsov: BoS: Linux & BSD's lpr exploit]
[[linux-security] 19961122 LSF Update#14: Vulnerability of the lpr program.]
[19980402-01-PX]
[bsd-lprbo]
[bsd-lprbo2]
[lpr-bo]
-
Entry
Buffer overflow in suidperl (sperl), Perl 4.x and 5.x.
[CA-97.17.sperl]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0034]
[perl-suid]
-
Entry
Race condition in signal handling routine in ftpd, allowing read/write arbitrary files.
[AA-97.03]
[CA-97.16.ftpd]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0035]
[ftp-ftpd]
-
Entry
IRIX login program with a nonzero LOCKOUT parameter allows creation or damage to files.
[AA-97.12]
[CA-97.15.sgi_login]
[H-106]
[990]
[19970508-02-PX]
[sgi-lockout(557)]
-
Entry
Arbitrary command execution via metamail package using message headers, when user processes attacker's message using metamail.
[CA-97.14.metamail]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0037]
[metamail-header-commands]
-
Entry
Buffer overflow in xlock program allows local users to execute commands as root.
[CA-97.13.xlock]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0038]
[xlock-bo]
-
Entry
webdist CGI program (webdist.cgi) in SGI IRIX allows remote attackers to execute arbitrary commands via shell metacharacters in the distloc parameter.
[AA-97.14]
[374]
[19970507 Re: SGI Advisory: webdist.cgi]
[19970507 Re: SGI Security Advisory 19970501-01-A - Vulnerability in]
[CA-1997-12]
[235]
[19970501-02-PX]
[http-sgi-webdist(333)]
-
Entry
Buffer overflow in Xt library of X Windowing System allows local users to execute commands with root privileges.
[CA-97.11.libXt]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0040]
[libXt-bo]
-
Entry
Buffer overflow in NLS (Natural Language Service).
[CA-97.10.nls]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0041]
[nls-bo]
-
Entry
Buffer overflow in University of Washington's implementation of IMAP and POP servers.
[CA-97.09.imap_pop]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0042]
[NAI-21]
[popimap-bo]
-
Entry
Command execution via shell metachars in INN daemon (innd) 1.5 using "newgroup" and "rmgroup" control messages, and others.
[CA-97.08.innd]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0043]
[inn-controlmsg]
-
Entry
fsdump command in IRIX allows local users to obtain root access by modifying sensitive files.
[19970301-01-P]
[sgi-fsdump]
-
Entry
List of arbitrary files on Web host via nph-test-cgi script.
[CA-97.07.nph-test-cgi_script]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0045]
[http-cgi-nph]
-
Entry
Buffer overflow of rlogin program using TERM environmental variable.
[CA-97.06.rlogin-term]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0046]
[rlogin-termbo]
-
Entry
MIME conversion buffer overflow in sendmail versions 8.8.3 and 8.8.4.
[685]
[CA-97.05.sendmail]
[sendmail-mime-bo2]
-
Entry
Talkd, when given corrupt DNS information, can be used to execute arbitrary commands with root privileges.
[AA-97.01]
[CA-97.04.talkd]
[FreeBSD-SA-96:21]
[00147]
[netkit-talkd]
[talkd-bo]
-
Entry
Csetup under IRIX allows arbitrary file creation or overwriting.
[CA-97.03.csetup]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0049]
[sgi-csetup]
-
Entry
Buffer overflow in HP-UX newgrp program.
[AA-96.16.HP-UX.newgrp.Buffer.Overrun.Vulnerability]
[CA-97.02.hp_newgrp]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0050]
[hp-newgrpbo]
-
Entry
Arbitrary file creation and program execution using FLEXlm LicenseManager, from versions 4.0 to 5.0, in IRIX.
[AA-96.03]
[CA-97.01.flex_lm]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0051]
[sgi-licensemanager]
-
Entry
IP fragmentation denial of service in FreeBSD allows a remote attacker to cause a crash.
[FreeBSD-SA-98:08]
[908]
[freebsd-ip-frag-dos(1389)]
-
Entry
TCP RST denial of service in FreeBSD.
[FreeBSD-SA-98:07]
[6094]
-
Entry
Sun's ftpd daemon can be subjected to a denial of service.
[00171]
[sun-ftpd]
-
Entry
Buffer overflows in Sun libnsl allow root access.
[IX80543]
[RSI.0005.05-14-98.SUN.LIBNSL]
[00172]
[sun-libnsl]
-
Entry
Buffer overflow in Sun's ping program can give root access to local users.
[00174]
[sun-ping]
-
Entry
Vacation program allows command execution by remote users through a sendmail command.
[HPSBUX9811-087]
[NAI-19]
[vacation]
-
Entry
Buffer overflow in PHP cgi program, php.cgi allows shell access.
[712]
[NAI-12]
[http-cgi-phpbo]
-
Entry
IRIX fam service allows an attacker to obtain a list of all files on the server.
[353]
[NAI-16]
[164]
[irix-fam(325)]
-
Entry
Attackers can cause a denial of service in Ascend MAX and Pipeline routers with a malformed packet to the discard port, which is used by the Java Configurator tool.
[http://www.ascend.com/2695.html]
[http://www.ascend.com/2695.html]
[NAI-26]
[ascend-config-kill]
-
Entry
The chpass command in OpenBSD allows a local user to gain root access through file descriptor leakage.
[NAI-28]
[7559]
[openbsd-chpass]
-
Entry
Cisco IOS 12.0 and other versions can be crashed by malicious UDP packets to the syslog port.
[ESB-98.197]
[http://www.cisco.com/warp/public/770/iossyslog-pub.shtml]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0063]
[cisco-syslog-crash]
-
Entry
Buffer overflow in AIX lquerylv program gives root access to local users.
[May28,1997]
[https://marc.info/?l=bugtraq&m=87602167418428&w=2]
[lquerylv-bo]
-
Entry
Multiple buffer overflows in how dtmail handles attachments allows a remote attacker to execute commands.
[00181]
[hp-dtmail]
-
Entry
AnyForm CGI remote execution.
[719]
[19950731 SECURITY HOLE: "AnyForm" CGI]
[http-cgi-anyform]
-
Entry
phf CGI program allows remote command execution through shell metacharacters.
[AA-96.01]
[629]
[19960923 PHF Attacks - Fun and games for the whole family]
[CA-1996-06]
[136]
[http-cgi-phf]
-
Entry
CGI PHP mylog script allows an attacker to read any file on the target server.
[713]
[19971019 Vulnerability in PHP Example Logging Scripts]
[3396]
[http-cgi-php-mylog]
-
Entry
Solaris ufsrestore buffer overflow.
[8158]
[00169]
[sun-ufsrestore]
-
Entry
test-cgi program allows an attacker to list files on the server.
[[httpd-users] 20200814 [users@httpd] CVE NIST discrepancies]
[http-cgi-test]
-
Entry
Apache httpd cookie buffer overflow for versions 1.1.1 and earlier.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0071]
[NAI-2]
[http-apache-cookie]
-
Entry
Buffer overflow in AIX xdat gives root access to local users.
[ERS-SVA-E01-1997:004.1]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0072]
[ibm-xdat]
-
Entry
Telnet allows a remote client to specify environment variables including LD_LIBRARY_PATH, allowing an attacker to bypass the normal system libraries and gain root access.
[CA-95:14.Telnetd_Environment_Vulnerability]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0073]
[linkerbug]
-
Entry
Listening TCP ports are sequentially allocated, allowing spoofing attacks.
[https://www.cve.org/CVERecord?id=CVE-1999-0074]
[seqport]
-
Entry
PASV core dump in wu-ftpd daemon when attacker uses a QUOTE PASV command after specifying a username and password.
[19961016 Re: ftpd bug? Was: bin/1805: Bug in ftpd]
[5742]
[ftp-pasvcore]
-
Entry
Predictable TCP sequence numbers allow spoofing.
[tcp-seq-predict(139)]
-
Entry
Remote attackers can cause a denial of service in FTP by issuing multiple PASV commands, causing the server to run out of available ports.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0079]
[ftp-pasv-dos]
[ftp-pasvdos]
-
Entry
Certain configurations of wu-ftp FTP server 2.4 use a _PATH_EXECPATH setting to a directory with dangerous commands, such as /bin, which allows remote authenticated users to gain root access via the "site exec" command.
[19950531 SECURITY: problem with some wu-ftpd-2.4 binaries (fwd)]
[CA-95:16.wu-ftpd.vul]
[https://archive.nanog.org/mailinglist/mailarchives/old_archive/1995-11/msg00385.html]
[ftp-execdotdot]
-
Entry
wu-ftp allows files to be overwritten via the rnfr command.
[https://www.cve.org/CVERecord?id=CVE-1999-0081]
[ftp-rnfr]
-
Entry
CWD ~root command in ftpd allows root access.
[Improving the Security of Your Site by Breaking Into it]
[ftp-cwd]
-
Entry
getcwd() file descriptor leak in FTP.
[https://www.cve.org/CVERecord?id=CVE-1999-0083]
[cwdleak]
-
Entry
Certain NFS servers allow users to use mknod to gain privileges by creating a writable kmem device and setting the UID to 0.
[nfs-mknod(78)]
-
Entry
Buffer overflow in rwhod on AIX and other operating systems allows remote attackers to execute arbitrary code via a UDP packet with a long hostname.
[19960821 rwhod buffer overflow]
[rwhod(119)]
[rwhod-vuln(118)]
-
Entry
Denial of service in AIX telnet can freeze a system and prevent users from accessing the server.
[ERS-SVA-E01-1998:003.1]
[7992]
[ibm-telnetdos]
-
Entry
Buffer overflow in AIX rcp command allows local users to obtain root access.
[ERS-SVA-E01-1997:005.1]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0090]
[ibm-rcp]
-
Entry
Buffer overflow in AIX writesrv command allows local users to obtain root access.
[ERS-SVA-E01-1997:005.1]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0091]
[ibm-writesrv]
-
Entry
AIX nslookup command allows local users to obtain root access by not dropping privileges correctly.
[ERS-SVA-E01-1997:008.1]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0093]
[ibm-nslookup]
-
Entry
AIX piodmgrsu command allows local users to gain additional group privileges.
[ERS-SVA-E01-1997:007.1]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0094]
[ibm-piodmgrsu]
-
Entry
The debug command in Sendmail is enabled, allowing attackers to execute commands as root.
[1]
[CA-88.01]
[CA-93.14]
[20190611 The Return of the WIZard: RCE in Exim (CVE-2019-10149)]
[[oss-security] 20190605 Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit]
[[oss-security] 20190606 Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit]
[195]
[smtp-debug]
-
Entry
Sendmail decode alias can be used to overwrite sensitive files.
[CA-93.16]
[CA-95.05]
[A-13]
[A-14]
[00122]
[smtp-dcod]
-
Entry
The AIX FTP client can be forced to execute commands from a malicious server through shell metacharacters (e.g. a pipe character).
[ERS-SVA-E01-1997:009.1]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0097]
[ibm-ftp]
-
Entry
Buffer overflow in syslog utility allows local or remote attackers to gain root privileges.
[CA-95.13.syslog.vul]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0099]
[smtp-syslog]
-
Entry
Remote access in AIX innd 1.5.1, using control messages.
[ERS-SVA-E01-1997:002.1]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0100]
[inn-controlmsg]
-
Entry
Buffer overflow in AIX and Solaris "gethostbyname" library call allows root access through corrupt DNS host names.
[H-13]
[ERS-SVA-E01-1996:007.1]
[ERS-SVA-E01-1997:001.1]
[NAI-1]
[00137a]
[ghbn-bo]
-
Entry
Buffer overflow in SLmail 3.x allows attackers to execute commands using a large FROM line.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0102]
[slmail-fromheader-overflow]
-
Entry
Echo and chargen, or other combinations of UDP services, can be used in tandem to flood the server, a.k.a. UDP bomb or UDP packet storm.
[CA-96.01.UDP_service_denial]
[https://ics-cert.us-cert.gov/advisories/ICSMA-18-233-01]
[chargen]
[chargen-patch]
[echo]
-
Entry
The printers program in IRIX has a buffer overflow that gives root access to local users.
[19970527 another day, another buffer overflow....]
[printers-bo]
-
Entry
Buffer overflow in ffbconfig in Solaris 2.5.1.
[AA-97.06]
[00140]
[ffbconfig-bo]
-
Entry
RIP v1 is susceptible to spoofing.
[https://www.cve.org/CVERecord?id=CVE-1999-0111]
[rip]
-
Entry
Buffer overflow in AIX dtterm program for the CDE.
[19970520 AIX 4.2 dtterm exploit]
[dtterm-bo(878)]
-
Entry
Some implementations of rlogin allow root access if given a -froot parameter.
[458]
[19940729 -froot??? (AIX rlogin bug)]
[CA-94.09.bin.login.vulnerability]
[E-26]
[rlogin-froot]
-
Entry
AIX bugfiler program allows local users to gain root access.
[1800]
[19970909 AIX bugfiler]
[ibm-bugfiler]
-
Entry
Denial of service when an attacker sends many SYN packets to create multiple connections without ever sending an ACK to complete the connection, aka SYN flood.
[CA-96.21.tcp_syn.flooding]
[19961202-01-PX]
[00136]
-
Entry
AIX passwd allows local users to gain root access.
[CA-92:07.AIX.passwd.vulnerability]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0117]
[ibm-passwd]
-
Entry
AIX infod allows local users to gain root access through an X display.
[19981119 RSI.0011.11-09-98.AIX.INFOD]
[aix-infod]
-
Entry
Sun/Solaris utmp file allows local users to gain root access if it is writable by users other than root.
[CA-94.06.utmp.vulnerability]
[00126]
[utmp-write]
-
Entry
Buffer overflow in AIX lchangelv gives root access.
[Jul21,1999]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0122]
[lchangelv-bo]
-
Entry
Vulnerabilities in UMN gopher and gopher+ versions 1.12 and 2.0x allow an intruder to read any files that can be accessed by the gopher daemon.
[CA-93:11.UMN.UNIX.gopher.vulnerability]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0124]
[gopher-vuln]
-
Entry
Buffer overflow in SGI IRIX mailx program.
[19980605-01-PX]
[sgi-mailx-bo]
-
Entry
SGI IRIX buffer overflow in xterm and Xaw allows root access.
[VB-98.04.xterm.Xaw]
[J-010]
[xfree86-xaw]
[xfree86-xterm-xaw]
-
Entry
Oversized ICMP ping packets can result in a denial of service, aka Ping o' Death.
[CA-96.26.ping]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0128]
[ping-death]
-
Entry
Sendmail allows local users to write to a file and gain group permissions via a .forward or :include: file.
[CA-96.25.sendmail_groups]
[http://www.cert.org/advisories/CA-1996-25.html]
-
Entry
Local users can start Sendmail in daemon mode and gain root privileges.
[716]
[CA-96.24.sendmail.daemon.mode]
[sendmail-daemon-mode]
-
Entry
Buffer overflow and denial of service in Sendmail 8.7.5 and earlier through GECOS field gives root access to local users.
[717]
[CA-96.20.sendmail_vul]
[smtp-875bo]
-
Entry
Expreserve, as used in vi and ex, allows local users to overwrite arbitrary files and gain root access.
[CA-1996-19]
[11723]
[expreserve(401)]
-
Entry
fm_fls license server for Adobe Framemaker allows local users to overwrite arbitrary files and gain root access.
[CA-96.18.fm_fls]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0133]
[fmaker-logfile]
-
Entry
vold in Solaris 2.x allows local users to gain root access.
[AL-96.04]
[CA-96.17.Solaris_vold_vul]
[8159]
[sol-voldtmp]
-
Entry
admintool in Solaris allows a local user to write to arbitrary files and gain root access.
[AL-96.03]
[CA-96.16.Solaris_admintool_vul]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0135]
[sun-admintool]
-
Entry
Kodak Color Management System (KCMS) on Solaris allows a local user to write to arbitrary files and gain root access.
[AL-96.02]
[CA-96.15.Solaris_KCMS_vul]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0136]
[sol-KCMSvuln]
-
Entry
The dip program on many Linux systems allows local users to gain root access via a buffer overflow.
[CA-96.13.dip_vul]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0137]
[dip-bo]
[linux-dipbo]
-
Entry
The suidperl and sperl program do not give up root privileges when changing UIDs back to the original users, allowing root access.
[CA-96.12.suidperl_vul]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0138]
[sperl-suid]
-
Entry
Buffer overflow in Solaris x86 mkcookie allows local users to obtain root access.
[8205]
[RSI.0012.12-03-98.SOLARIS.MKCOOKIE]
[sol-mkcookie]
-
Entry
Java Bytecode Verifier allows malicious applets to execute arbitrary commands as the user of the applet.
[CA-96.07.java_bytecode_verifier]
[00134]
[http-java-applet]
-
Entry
The Java Applet Security Manager implementation in Netscape Navigator 2.0 and Java Developer's Kit 1.0 allows an applet to connect to arbitrary hosts.
[CA-96.05.java_applet_security_mgr]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0142]
[http-java-appletsecmgr]
-
Entry
Kerberos 4 key servers allow a user to masquerade as another by breaking and generating session keys.
[CA-96.03.kerberos_4_key_server]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0143]
[kerberos-bf]
-
Entry
Sendmail WIZ command enabled, allowing root access.
[19950206 sendmail wizard thing...]
[CA-1990-11]
[CA-1993-14]
[Improving the Security of Your Site by Breaking Into it]
[20190611 The Return of the WIZard: RCE in Exim (CVE-2019-10149)]
[[oss-security] 20190605 Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit]
[[oss-security] 20190606 Re: CVE-2019-10149: Exim 4.87 to 4.91: possible remote exploit]
-
Entry
The campas CGI program provided with some NCSA web servers allows an attacker to execute arbitrary commands via encoded carriage return characters in the query string, as demonstrated by reading the password file.
[1975]
[19970715 Bug CGI campas]
[http-cgi-campas(298)]
-
Entry
The aglimpse CGI program of the Glimpse package allows remote execution of arbitrary commands.
[AA-97.28]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0147]
[http-cgi-glimpse]
-
Entry
The handler CGI program in IRIX allows arbitrary command execution.
[380]
[19970501-02-PX]
[http-sgi-handler]
-
Entry
The wrap CGI program in IRIX allows remote attackers to view arbitrary directory listings via a .. (dot dot) attack.
[373]
[19970420 IRIX 6.x /cgi-bin/wrap bug]
[247]
[19970501-02-PX]
[http-sgi-wrap(290)]
-
Entry
The Perl fingerd program allows arbitrary command execution from remote users.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0150]
[perl-fingerd]
-
Entry
The SATAN session key may be disclosed if the user points the web browser to other sites, possibly allowing root access.
[CA-95.06.satan.vul]
[CA-95.07a.REVISED.satan.vul]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0151]
-
Entry
The DG/UX finger daemon allows remote command execution through shell metacharacters.
[19970811 dgux in.fingerd vulnerability]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0152]
[dgux-fingerd]
-
Entry
Windows 95/NT out of band (OOB) data denial of service through NETBIOS port, aka WinNuke.
[1666]
[win-oob]
-
Entry
The ghostscript command with the -dSAFER option allows remote attackers to execute commands.
[CA-95.10.ghostscript]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0155]
[gscript-dsafer]
-
Entry
Cisco PIX firewall and CBAC IP fragmentation attack results in a denial of service.
[http://www.cisco.com/warp/public/770/nifrag.shtml]
[1097]
[cisco-fragmented-attacks]
-
Entry
Cisco PIX firewall manager (PFM) on Windows NT allows attackers to connect to port 8080 on the PFM server and retrieve any file whose name and location is known.
[20010913 Cisco PIX Firewall Manager File Exposure]
[685]
[cisco-pix-file-exposure]
-
Entry
Attackers can crash a Cisco IOS router or device, provided they can get to an interactive prompt (such as a login). This applies to some IOS 9.x, 10.x, and 11.x releases.
[http://www.cisco.com/warp/public/770/ioslogin-pub.shtml]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0159]
[cisco-ios-crash]
-
Entry
Some classic Cisco IOS devices have a vulnerability in the PPP CHAP authentication to establish unauthorized PPP connections.
[I-002A]
[19971001 Vulnerabilities in Cisco CHAP Authentication]
[1099]
[cisco-chap]
-
Entry
In Cisco IOS 10.3, with the tacacs-ds or tacacs keyword, an extended IP access control list could bypass filtering.
[http://www.cisco.com/warp/public/707/1.html]
[797]
[cisco-acl-tacacs]
-
Entry
The "established" keyword in some Cisco IOS software allowed an attacker to bypass filtering.
[19950601 "Established" Keyword May Allow Packets to Bypass Filter]
[https://www.cve.org/CVERecord?id=CVE-1999-0162]
[cisco-acl-established]
-
Entry
A race condition in the Solaris ps command allows an attacker to overwrite critical files.
[AA-95.07]
[CA-95.09.Solaris.ps.vul]
[8346]
[sol-pstmprace]
-
Entry
NFS allows users to use a "cd .." command to access other directories besides the exported file system.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0166]
[nfs-cd]
-
Entry
In SunOS, NFS file handles could be guessed, giving unauthorized access to the exported file system.
[CA-91.21.SunOS.NFS.Jumbo.and.fsirand]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0167]
[nfs-guess]
-
Entry
The portmapper may act as a proxy and redirect service requests from an attacker, making the request appear to come from the local host, possibly bypassing authentication that would otherwise have taken place. For example, NFS file systems could be mounted through the portmapper despite export restrictions.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0168]
[nfs-portmap]
-
Entry
Remote attackers can mount an NFS file system in Ultrix or OSF, even if it is denied on the access list.
[https://www.cve.org/CVERecord?id=CVE-1999-0170]
[nfs-ultrix]
-
Entry
FormMail CGI program allows remote execution of commands.
[Aug02,1995]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0172]
[http-cgi-formmail-exe]
-
Entry
FormMail CGI program can be used by web servers other than the host server that the program resides on.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0173]
[http-cgi-formmail-use]
-
Entry
The view-source CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack.
[19970208 view-source]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0174]
[http-cgi-viewsrc]
-
Entry
The convert.bas program in the Novell web server allows a remote attackers to read any file on the system that is internally accessible by the web server.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0175]
[http-nov-convert]
-
Entry
The Webgais program allows a remote user to execute arbitrary commands.
[Jul10,1997]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0176]
[http-webgais-query]
-
Entry
The uploader program in the WebSite web server allows a remote attacker to execute arbitrary programs.
[19970904 [Alert] Website's uploader.exe (from demo) vulnerable]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0177]
[19970904 [Alert] Website's uploader.exe (from demo) vulnerable]
[19970905 Re: FW: [Alert] Website's uploader.exe (from demo) vulnerable]
[http-website-uploader]
-
Entry
Buffer overflow in the win-c-sample program (win-c-sample.exe) in the WebSite web server 1.1e allows remote attackers to execute arbitrary code via a long query string.
[2078]
[19970106 Re: signal handling]
[8]
[http-website-winsample(295)]
-
Entry
Windows NT crashes or locks up when a Samba client executes a "cd .." command on a file share.
[Q140818]
[nt-35]
[nt-351]
[nt-samba-dotdot]
-
Entry
in.rshd allows users to login with a NULL username and execute commands.
[https://www.cve.org/CVERecord?id=CVE-1999-0180]
[rsh-null]
-
Entry
The wall daemon can be used for denial of service, social engineering attacks, or to execute remote commands.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0181]
[walld]
-
Entry
Samba has a buffer overflow which allows a remote attacker to obtain root access by specifying a long password.
[VB-97.10.samba]
[H-110]
[nt-samba-bo]
-
Entry
Linux implementations of TFTP would allow access to files outside the restricted directory.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0183]
[linux-tftp]
-
Entry
When compiled with the -DALLOW_UPDATES option, bind allows dynamic updates to the DNS server, allowing for malicious modification of DNS records.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0184]
[dns-updates]
-
Entry
In SunOS or Solaris, a remote user could connect from an FTP server's data port to an rlogin server on a host that trusts the FTP server, allowing remote command execution.
[00156]
[sun-ftpd/logind]
-
Entry
The passwd command in Solaris can be subjected to a denial of service.
[00182]
[sun-passwd-dos]
-
Entry
Solaris rpcbind listens on a high numbered UDP port, which may not be filtered since the standard port number is 111.
[NAI-15]
[00142]
[rpc-32771]
-
Entry
Solaris rpcbind can be exploited to overwrite arbitrary files and gain root access.
[00167]
[sun-rpcbind]
-
Entry
IIS newdsn.exe CGI script allows remote users to overwrite files.
[275]
[http-cgi-newdsn]
-
Entry
Buffer overflow in telnet daemon tgetent routing allows remote attackers to gain root access via the TERMCAP environmental variable.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0192]
[SNI-20]
[bsd-tel-tgetent]
-
Entry
Denial of service in in.comsat allows attackers to generate messages.
[https://www.cve.org/CVERecord?id=CVE-1999-0194]
[comsat]
-
Entry
websendmail in Webgais 1.0 allows a remote user to access arbitrary files and execute arbitrary code via the receiver parameter ($VAR_receiver variable).
[2077]
[19970704 Vulnerability in websendmail]
[237]
[http-webgais-smail]
-
Entry
A quote cwd command on FTP servers can reveal the full path of the home directory of the "ftp" user.
[https://www.cve.org/CVERecord?id=CVE-1999-0201]
[ftp-home]
-
Entry
The GNU tar command, when used in FTP sessions, may allow an attacker to execute arbitrary commands.
[https://www.cve.org/CVERecord?id=CVE-1999-0202]
[ftp-exectar]
-
Entry
In Sendmail, attackers can gain root privileges via SMTP by specifying an improper "mail from" address and an invalid "rcpt to" address that would cause the mail to bounce to a program.
[CA-95.08]
[E-03]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0203]
[smtp-sendmail-version5]
-
Entry
Sendmail 8.6.9 allows remote attackers to execute root commands, using ident.
[F-13]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0204]
[ident-bo]
-
Entry
MIME buffer overflow in Sendmail 8.8.0 and 8.8.1 gives root access.
[AA-96.06a]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0206]
[sendmail-mime-bo]
-
Entry
Remote attacker can execute commands through Majordomo using the Reply-To field and a "lists" command.
[CA-94.11.majordomo.vulnerabilities]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0207]
[majordomo-exe]
-
Entry
rpc.ypupdated (NIS) allows remote users to execute arbitrary commands.
[CA-95.17.rpc.ypupdated.vul]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0208]
[rpc-update]
-
Entry
The SunView (SunTools) selection_svc facility allows remote users to read files.
[8]
[CA-90.05.sunselection.vulnerability]
[selsvc]
-
Entry
Automount daemon automountd allows local or remote users to gain privileges via shell metacharacters.
[235]
[19971126 Solaris 2.5.1 automountd exploit (fwd)]
[19990103 SUN almost has a clue! (automountd)]
[CA-99-05]
[HPSBUX9910-104]
-
Entry
Extra long export lists over 256 characters in some mount daemons allows NFS directories to be mounted by anyone.
[24]
[CA-94.02.REVISED.SunOS.rpc.mountd.vulnerability]
[https://vuls.cert.org/confluence/pages/viewpage.action?pageId=96665790]
[https://vuls.cert.org/confluence/pages/viewpage.action?pageId=97124517]
[https://vuls.cert.org/confluence/pages/viewpage.action?pageId=97124527]
-
Entry
Solaris rpc.mountd generates error messages that allow a remote attacker to determine what files are on the server.
[I-048]
[00168]
[sun-mountd]
-
Entry
Denial of service by sending forged ICMP unreachable packets.
[https://www.cve.org/CVERecord?id=CVE-1999-0214]
[icmp-unreachable]
-
Entry
Routed allows attackers to append data to files.
[J-012]
[19981004-01-PX]
[ripapp]
-
Entry
Malicious option settings in UDP packets could force a reboot in SunOS 4.1.3 systems.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0217]
[udp-bomb]
-
Entry
Livingston portmaster machines could be rebooted via a series of commands.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0218]
[portmaster-reboot]
-
Entry
Buffer overflow in FTP Serv-U 2.5 allows remote authenticated users to cause a denial of service (crash) via a long (1) CWD or (2) LS (list) command.
[269]
[19990909 Exploit: Serv-U Ver2.5 FTPd Win9x/NT]
[19990503 Buffer overflows in FTP Serv-U 2.5]
[19990504 Re: Buffer overflows in FTP Serv-U 2.5]
[ftp-servu(205)]
-
Entry
Denial of service of Ascend routers through port 150 (remote administration).
[https://www.cve.org/CVERecord?id=CVE-1999-0221]
[ascend-150-kill]
-
Entry
Solaris syslogd crashes when receiving a message from a host that doesn't have an inverse DNS entry.
[1878]
[19961109 Syslogd and Solaris 2.4]
[http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?patchid=103291&collection=fpatches]
[1249320]
[sol-syslogd-crash]
-
Entry
Denial of service in Windows NT messenger service through a long username.
[https://www.cve.org/CVERecord?id=CVE-1999-0224]
[nt-messenger]
-
Entry
Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed SMB logon request in which the actual data size does not match the specified size.
[Q180963]
[19980214 Windows NT Logon Denial of Service]
[nt-logondos]
-
Entry
Access violation in LSASS.EXE (LSA/LSARPC) program in Windows NT allows a denial of service.
[Q154087]
[nt-lsass-crash]
-
Entry
Denial of service in RPCSS.EXE program (RPC Locator) in Windows NT.
[Q162567]
[nt-rpc-ver]
-
Entry
Buffer overflow in Cisco 7xx routers through the telnet service.
[http://www.cisco.com/warp/public/770/pwbuf-pub.shtml]
[1102]
-
Entry
IIS 1.0 allows users to execute arbitrary commands using .bat or .cmd files.
[Q148188]
[Q155056]
[http-iis-cmd]
-
Entry
Bash treats any character with a value of 255 as a command separator.
[CA-96.22.bash_vuls]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0234]
[bash-cmd]
-
Entry
ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0236]
[http-scriptalias]
-
Entry
Remote execution of arbitrary commands through Guestbook CGI program.
[VB-97.02]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0237]
[http-cgi-guestbook]
-
Entry
Netscape FastTrack Web server lists files when a lowercase "get" command is used instead of an uppercase GET.
[122]
[fastrack-get-directory-list]
-
Entry
Livingston RADIUS code has a buffer overflow which can allow remote execution of commands as root.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0244]
[NAI-23]
[radius-accounting-overflow]
-
Entry
Some configurations of NIS+ in Linux allowed attackers to log in as the user "+".
[19950907 Linux NIS security problem hole and fix]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0245]
[linux-plus]
-
Entry
Buffer overflow in nnrpd program in INN up to version 1.6 allows remote users to execute arbitrary commands.
[1443]
[19970721 INN news server vulnerabilities]
[inn-bo]
-
Entry
A race condition in the authentication agent mechanism of sshd 1.2.17 allows an attacker to steal another user's credentials.
[http://www.uni-karlsruhe.de/~ig25/ssh-faq/ssh-faq-6.html#ss6.1]
[http://oliver.efri.hr/~crv/security/bugs/mUNIXes/ssh2.html]
-
Entry
Denial of service in talk program allows remote attackers to disrupt a user's display.
[https://www.cve.org/CVERecord?id=CVE-1999-0251]
[talkd-flash]
-
Entry
Buffer overflow in listserv allows arbitrary command execution.
[https://www.cve.org/CVERecord?id=CVE-1999-0252]
[smtp-listserv]
-
Entry
Buffer overflow in War FTP allows remote execution of commands.
[875]
[war-ftpd]
-
Entry
cfingerd lists all users on a system via search.**@target.
[19970523 cfingerd vulnerability]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0259]
[cfinger-user-enumeration]
-
Entry
The jj CGI program allows command execution via shell metacharacters.
[19961224 jj cgi]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0260]
[http-cgi-jj]
-
Entry
Hylafax faxsurvey CGI script on Linux allows remote attackers to execute arbitrary commands via shell metacharacters in the query string.
[2056]
[19980804 PATCH: faxsurvey]
[19980804 remote exploit in faxsurvey cgi-script]
[http-cgi-faxsurvey(1532)]
-
Entry
Solaris SUNWadmap can be exploited to obtain root access.
[00173]
[sun-sunwadmap]
-
Entry
htmlscript CGI program allows remote read access to files.
[Jan27,1998]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0264]
[http-htmlscript-file-access]
-
Entry
ICMP redirect messages may crash or lock up a host.
[ICMP Redirects Against Embedded Controllers]
[Q154174]
[icmp-redirect]
-
Entry
The info2www CGI script allows remote file access or remote command execution.
[1995]
[19980303 Vulnerabilites in some versions of info2www CGI]
[http-cgi-info2www]
-
Entry
Buffer overflow in NCSA HTTP daemon v1.3 allows remote command execution.
[CA-95.04.NCSA.http.daemon.for.unix.vulnerability]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0267]
[http-port]
-
Entry
MetaInfo MetaWeb web server allows users to upload, execute, and read scripts.
[19980630 Security vulnerabilities in MetaInfo products]
[19980703 Followup to MetaInfo vulnerabilities]
[110]
[3969]
[metaweb-server-dot-attack]
-
Entry
Netscape Enterprise servers may list files through the PageServices query.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0269]
[netscape-server-pageservices]
-
Entry
Directory traversal vulnerability in pfdispaly.cgi program (sometimes referred to as "pfdisplay") for SGI's Performer API Search Tool (performer_tools) allows remote attackers to read arbitrary files.
[64]
[19980317 IRIX performer_tools bug]
[I-041]
[134]
[19980401-01-P]
[sgi-pfdispaly(810)]
-
Entry
Denial of service in Slmail v2.5 through the POP3 port.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0272]
[slmail-username-bo]
-
Entry
Denial of service through Solaris 2.5.1 telnet by sending ^D characters.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0273]
[sun-telnet-kill]
-
Entry
Denial of service in Windows NT DNS servers through malicious packet which contains a response to a query that wasn't made.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0274]
[NAI-5]
[nt-dns-dos]
-
Entry
Denial of service in Windows NT DNS servers by flooding port 53 with too many characters.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0275]
[Q169461]
[nt-dnscrash]
[nt-dnsver]
-
Entry
mSQL v2.0.1 and below allows remote execution through a buffer overflow.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0276]
[sekure.01-99.msql]
[msql-debug-bo]
-
Entry
The WorkMan program can be used to overwrite any file to get root access.
[CA-96.23.workman_vul]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0277]
[workman]
-
Entry
In IIS, remote attackers can obtain source code for ASP files by appending "::$DATA" to the URL.
[MS98-003]
[oval:org.mitre.oval:def:913]
[iis-asp-data-check]
-
Entry
Excite for Web Servers (EWS) allows remote command execution via shell metacharacters.
[19971217 CGI security hole in EWS (Excite for Web Servers)]
[19980115 Excite announcement]
[VB-98.01.excite]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0279]
[excite-cgi-search-vuln]
-
Entry
Remote command execution in Microsoft Internet Explorer using .lnk and .url files.
[H-38]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0280]
[19970317 Internet Explorer Bug #4]
[http-ie-lnkurl]
-
Entry
Denial of service in IIS using long URLs.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0281]
[http-iis-longurl]
-
Entry
The WINS server in Microsoft Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service (process termination) via invalid UDP frames to port 137 (NETBIOS Name Service), as demonstrated via a flood of random packets.
[19970801 WINS flooding]
[19970815 Re: WINS flooding]
[http://safenetworks.com/Windows/wins.html]
[155701]
[19970801 WINS flooding]
[nt-winsupd-fix(1233)]
-
Entry
The Apache web server for Win32 may provide access to restricted files when a . (dot) is appended to a requested URL.
[https://www.cve.org/CVERecord?id=CVE-1999-0289]
-
Entry
The WinGate telnet proxy allows remote attackers to cause a denial of service via a large number of connections to localhost.
[19980221 WinGate DoS]
[19980326 WinGate Intermediary Fix/Update]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0290]
[wingate-dos]
-
Entry
The WinGate proxy is installed without a password, which allows remote attackers to redirect connections without authentication.
[https://www.cve.org/CVERecord?id=CVE-1999-0291]
[wingate-unpassworded]
-
Entry
Denial of service through Winpopup using large user names.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0292]
[nt-winpopup]
-
Entry
AAA authentication on Cisco systems allows attackers to execute commands without authorization.
[http://www.cisco.com/warp/public/770/aaapair-pub.shtml]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0293]
[cisco-ios-aaa-auth]
-
Entry
All records in a WINS database can be deleted through SNMP for a denial of service.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0294]
[nt-wins-snmp2]
-
Entry
Solaris sysdef command allows local users to read kernel memory, potentially leading to root privileges.
[00157]
[sun-sysdef]
-
Entry
Solaris volrmmount program allows attackers to read any file.
[00162]
[sun-volrmmount]
-
Entry
Buffer overflow in Vixie Cron library up to version 3.0 allows local users to obtain root access via a long environmental variable.
[AA-96.21]
[H-17]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0297]
[NAI-3]
[vixie-cron]
-
Entry
Buffer overflow in FreeBSD lpd through long DNS hostnames.
[NAI-9]
[6093]
-
Entry
nis_cachemgr for Solaris NIS+ allows attackers to add malicious NIS+ servers.
[00155]
[sun-niscache]
-
Entry
Buffer overflow in SunOS/Solaris ps command.
[AUSCERT-97.17]
[00149]
[sun-ps2bo]
-
Entry
SunOS/Solaris FTP clients can be forced to execute arbitrary commands from a malicious FTP server.
[00176]
[sun-ftp-server]
-
Entry
Buffer overflow in BNU UUCP daemon (uucpd) through long hostnames.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0303]
[RSI.0002.05-18-98.BNU.UUCPD]
[bnu-uucpd-bo]
-
Entry
mmap function in BSD allows local attackers in the kmem group to modify memory through devices.
[FreeBSD-SA-98:02]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0304]
[bsd-mmap]
-
Entry
The system configuration control (sysctl) facility in BSD based operating systems OpenBSD 2.2 and earlier, and FreeBSD 2.2.5 and earlier, does not properly restrict source routed packets even when the (1) dosourceroute or (2) forwarding variables are set, which allows remote attackers to spoof TCP connections.
[http://www.openbsd.org/advisories/sourceroute.txt]
[Feb15,1998 "IP Source Routing Problem"]
[11502]
[bsd-sourceroute(736)]
-
Entry
HP-UX gwind program allows users to modify arbitrary files.
[H-03: HP-UX suid Vulnerabilities]
[HPSBUX9410-018]
[hpux-gwind-overwrite]
-
Entry
HP-UX vgdisplay program gives root access to local users.
[H-27: HP-UX vgdisplay Buffer Overrun Vulnerability]
[HPSBUX9702-056]
[hpux-vgdisplay]
-
Entry
SSH 1.2.25 on HP-UX allows access to new user accounts.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0310]
[ssh-1225]
-
Entry
fpkg2swpk in HP-UX allows local users to gain root access.
[HPSBUX9612-042]
[hpux-fpkg2swpk]
-
Entry
HP ypbind allows attackers with root privileges to modify NIS data.
[CA-93:01.REVISED.HP.NIS.ypbind.vulnerability]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0312]
[nis-ypbind]
-
Entry
disk_bandwidth on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames.
[214]
[http://www.securityfocus.com/bid/213/exploit]
[936]
[19980701-01-P]
[sgi-disk-bandwidth(1441)]
-
Entry
ioconfig on SGI IRIX 6.4 S2MP for Origin/Onyx2 allows local users to gain root access using relative pathnames.
[213]
[http://www.securityfocus.com/bid/213/exploit]
[6788]
[19980701-01-P]
[sgi-ioconfig(1199)]
-
Entry
Buffer overflow in Solaris fdformat command gives root access to local users.
[00138]
[fdformat-bo]
-
Entry
Buffer overflow in Linux splitvt command gives root access to local users.
[G-08]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0316]
[linux-splitvt]
-
Entry
Buffer overflow in xmcd 2.0p12 allows local users to gain access through an environmental variable.
[19961125 Security Problems in XMCD]
[19961125 XMCD v2.1 released (was: Security Problems in XMCD)]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0318]
[xmcd-envbo]
-
Entry
SunOS rpc.cmsd allows attackers to obtain root access by overwriting arbitrary files.
[00166]
[sun-rpc.cmsd]
-
Entry
Buffer overflow in Solaris kcms_configure command allows local users to gain root access.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0321]
[sun-kcms-configure-bo]
-
Entry
The open() function in FreeBSD allows local attackers to write to arbitrary files.
[FreeBSD-SA-97:05]
[6092]
[freebsd-open]
-
Entry
FreeBSD mmap function allows users to modify append-only or immutable files.
[FreeBSD-SA-98:04]
[1998-003]
[bsd-mmap]
-
Entry
ppl program in HP-UX allows local users to create root files through symlinks.
[H-31]
[HPSBUX9702-053]
[hp-ppllog]
-
Entry
vhe_u_mnt program in HP-UX allows local users to create root files through symlinks.
[HPSBUX9406-013]
[hp-vhe]
-
Entry
Vulnerability in HP-UX mediainit program.
[HPSBUX9710-071]
[hp-mediainit]
-
Entry
SGI syserr program allows local users to corrupt files.
[19971103-01-PX]
[sgi-syserr]
-
Entry
SGI permissions program allows local users to gain root privileges.
[19971103-01-PX]
[sgi-permtool]
-
Entry
SGI mediad program allows local users to gain root access.
[19980602-01-PX]
[sgi-mediad]
-
Entry
Buffer overflow in NetMeeting allows denial of service and remote command execution.
[Q184346]
[nt-netmeeting]
-
Entry
In Solaris 2.2 and 2.3, when fsck fails on startup, it allows a local user with physical access to obtain root access.
[CA-93.19.Solaris.Startup.vulnerability]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0334]
[sol-startup]
-
Entry
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-1999-0032. Reason: This candidate is a duplicate of CVE-1999-0032. Notes: All CVE users should reference CVE-1999-0032 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
-
Entry
AIX batch queue (bsh) allows local and remote users to gain additional privileges when network printing is enabled.
[CA-94.10.IBM.AIX.bsh.vulnerability.html]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0337]
[ibm-bsh]
-
Entry
AIX Licensed Program Product performance tools allow local users to gain root access.
[CA-94.03.AIX.performance.tools]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0338]
[ibm-perf-tools]
-
Entry
Buffer overflow in the libauth library in Solaris allows local users to gain additional privileges, possibly root access.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0339]
[RSI.0007.05-26-98]
[sol-sun-libauth]
-
Entry
Buffer overflow in Linux Slackware crond program allows local users to gain root access.
[005]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0340]
[linux-crond]
-
Entry
Buffer overflow in the Linux mail program "deliver" allows local users to gain root access.
[006]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0341]
[linux-deliver]
-
Entry
Linux PAM modules allow local users to gain root access using temporary files.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0342]
[http://www.redhat.com/corp/support/errata/rh42-errata-general.html#pam]
[linux-pam-passwd-tmprace]
-
Entry
A malicious Palace server can force a client to execute arbitrary programs.
[19981002 Announcements from The Palace (fwd)]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0343]
[palace-malicious-servers-vuln]
-
Entry
NT users can gain debug-level access on a system process using the Sechole exploit.
[MS98-009]
[Q190288]
[nt-priv-fix]
-
Entry
CGI PHP mlog script allows an attacker to read any file on the target server.
[713]
[19971019 Vulnerability in PHP Example Logging Scripts]
[3397]
[http-cgi-php-mlog]
-
Entry
IIS ASP caching problem releases sensitive information when two virtual servers share the same physical directory.
[Q197003]
[Jan27,1999]
[930]
-
Entry
A buffer overflow in the FTP list (ls) command in IIS allows remote attackers to conduct a denial of service and, in some cases, execute arbitrary commands.
[Jan27,1999]
[IIS Remote FTP Exploit/DoS Attack]
[MS99-003]
[Q188348]
[iis-remote-ftp]
-
Entry
Race condition in the db_loader program in ClearCase gives local users root access by setting SUID bits.
[Feb8,1999]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0350]
[clearcase-temp-race]
-
Entry
FTP PASV "Pizza Thief" denial of service and unauthorized data access. Attackers can steal data by connecting to a port that was intended for use by a client.
[01]
[http://attrition.org/security/advisory/misc/infowar/iw_sec_01.txt]
[pasv-pizza-thief-dos(3389)]
-
Entry
rpc.pcnfsd in HP gives remote root access by changing the permissions on the main printer spool directory.
[J-026]
[HPSBUX9902-091]
[pcnfsd-world-write]
-
Entry
Local or remote users can force ControlIT 4.5 to reboot or force a user to log out, resulting in a denial of service.
[Multiple vulnerabilities in ControlIT(tm) (formerly Remotely Possible/32) enterprise management software]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0355]
[controlit-reboot]
-
Entry
Windows 98 and other operating systems allows remote attackers to cause a denial of service via crafted "oshare" packets, possibly involving invalid fragmentation offsets.
[19990125 Win98 crash?]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0357]
[win98-oshare-dos]
-
Entry
Digital Unix 4.0 has a buffer overflow in the inc program of the mh package.
[19990125 Digital Unix 4.0 exploitable buffer overflows]
[J-027]
[SSRT0583U]
[du-inc]
-
Entry
WS_FTP server remote denial of service through cwd command.
[217]
[AD02021999]
[wsftp-remote-dos]
-
Entry
SuSE 5.2 PLP lpc program has a buffer overflow that leads to root compromise.
[328]
[Feb02,1999]
[plp-lpc-bo]
-
Entry
The metamail package allows remote command execution using shell metacharacters that are not quoted in a mailcap entry.
[Feb04,1999]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0365]
[metamail-header-commands]
-
Entry
In some cases, Service Pack 4 for Windows NT 4.0 can allow access to network shares using a blank password, through a problem with a null NT hash value.
[MS99-004]
[Q214840]
[nt-sp4-auth-error]
-
Entry
NetBSD netstat command allows local users to access kernel memory.
[1999-002]
[7571]
-
Entry
Buffer overflows in wuarchive ftpd (wu-ftpd) and ProFTPD lead to remote root access, a.k.a. palmetto.
[CA-99.03]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0368]
[palmetto.ftpd]
[palmetto-ftpd-bo]
-
Entry
The Sun sdtcm_convert calendar utility for OpenWindows has a buffer overflow which can gain root access.
[00183]
[sun-sdtcm-convert-bo]
-
Entry
Lynx allows a local user to overwrite sensitive files through /tmp symlinks.
[19990211 Lynx /tmp problem]
[VB-97.05.lynx]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0371]
[lynx-temp-files-race]
-
Entry
The installer for BackOffice Server includes account names and passwords in a setup file (reboot.ini) which is not deleted.
[MS99-005]
[Q217004]
[nt-backoffice-setup]
-
Entry
Buffer overflow in the "Super" utility in Debian GNU/Linux, and other operating systems, allows local users to execute commands as root.
[Buffer Overflow in "Super" package in Debian Linux]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0373]
[linux-super-bo]
[linux-super-logging-bo]
-
Entry
Debian GNU/Linux cfengine package is susceptible to a symlink attack.
[Feb16,1999]
[19990215]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0374]
[linux-cfengine-symlinks]
-
Entry
Buffer overflow in webd in Network Flight Recorder (NFR) 2.0.2-Research allows remote attackers to execute commands.
[Feb16,1999]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0375]
[February 16, 1999]
[nfr-webd-overflow]
-
Entry
Local users in Windows NT can obtain administrator privileges by changing the KnownDLLs list to reference malicious programs.
[Feb20,1999]
[Feb18,1999]
[MS99-006]
[nt-knowndlls-list]
-
Entry
Process table attack in Unix systems allows a remote attacker to perform a denial of service by filling a machine's process tables through multiple connections to network services.
[Feb22,1999]
[1033881]
-
Entry
InterScan VirusWall for Solaris doesn't scan files for viruses when a single HTTP request includes two GET commands.
[19990222 BlackHats Advisory -- InterScan VirusWall]
[19990225 Patch for InterScan VirusWall for Unix now available]
[6167]
[viruswall-http-request]
-
Entry
Microsoft Taskpads allows remote web sites to execute commands on the visiting user's machine via certain methods that are marked as Safe for Scripting.
[498]
[19990223 Microsoft Security Bulletin (MS99-007)]
[MS99-007]
[1019]
[win-resourcekit-taskpads]
-
Entry
SLMail 3.1 and 3.2 allows local users to access any file in the NTFS file system when the Remote Administration Service (RAS) is enabled by setting a user's Finger File to point to the target file, then running finger on the user.
[497]
[19990225 ALERT: SLMail 3.2 (and 3.1) with the Remote Administration Service]
[199902225 ALERT: SLMail 3.2 (and 3.1) with the Remote Administration Service]
[SLmail 3.2 Build 3113 (Web Administration Security Fix)]
[slmail-ras-ntfs-bypass(5392)]
-
Entry
The screen saver in Windows NT does not verify that its security context has been changed properly, allowing attackers to run programs with elevated privileges.
[MS99-008]
[nt-screen-saver]
-
Entry
ACC Tigris allows public access without a login.
[183]
[19990103 Tigris vulnerability]
[267]
[acc-tigris-login]
-
Entry
The Forms 2.0 ActiveX control (included with Visual Basic for Applications 5.0) can be used to read text from a user's clipboard when the user accesses documents with ActiveX content.
[MS99-001]
[forms-vuln-patch]
-
Entry
The LDAP bind function in Exchange 5.5 has a buffer overflow that allows a remote attacker to conduct a denial of service or execute commands.
[LDAP Buffer overflow against Microsoft Directory Services]
[MS99-009]
[ldap-exchange-overflow]
[ldap-mds-dos]
-
Entry
Microsoft Personal Web Server and FrontPage Personal Web Server in some Windows systems allows a remote attacker to read files on the server by using a nonstandard URL.
[MS99-010]
[111]
[pws-file-access]
-
Entry
A legacy credential caching mechanism used in Windows 95 and Windows 98 systems allows attackers to read plaintext network passwords.
[829]
[MS99-052]
[Q168115]
[9x-plaintext-pwd]
-
Entry
DataLynx suGuard trusts the PATH environment variable to execute the ps command, allowing local users to execute commands as root.
[Jan3,1999]
[3186]
[datalynx-suguard-relative-paths]
-
Entry
Buffer overflow in Dosemu Slang library in Linux.
[187]
[19990104 Dosemu/S-Lang Overflow + sploit]
[CSSA-1999-006.1]
-
Entry
The cryptographic challenge of SMB authentication in Windows 95 and Windows 98 can be reused, allowing an attacker to replay the response and impersonate a user.
[Jan. 5, 1999]
[https://marc.info/?l=bugtraq&m=91552769809542&w=2]
-
Entry
Buffer overflow in Thomas Boutell's cgic library version up to 1.05.
[Jan10,1999]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0392]
[http-cgic-library-bo]
-
Entry
Remote attackers can cause a denial of service in Sendmail 8.8.x and 8.9.2 by sending messages with a large number of headers.
[19981212 ** Sendmail 8.9.2 DoS - exploit ** get what you want!]
[19990121 Sendmail 8.8.x/8.9.x bugware]
[sendmail-parsing-redirection]
-
Entry
A race condition in the BackWeb Polite Agent Protocol allows an attacker to spoof a BackWeb server.
[19990118 Vulnerability in the BackWeb Polite Agent Protocol]
[backweb-polite-agent-protocol]
-
Entry
A race condition between the select() and accept() calls in NetBSD TCP servers allows remote attackers to cause a denial of service.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0396]
[1999-001]
[Feb17,1999]
[netbsd-tcp-race]
-
Entry
wget 1.5.3 follows symlinks to change permissions of the target file instead of the symlink itself.
[Feb2,1999]
[19990220]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0402]
[wget-permissions]
-
Entry
A bug in Cyrix CPUs on Linux allows local users to perform a denial of service.
[19990204 Cyrix bug: freeze in hell, badboy]
[cyrix-hang]
-
Entry
Buffer overflow in the Mail-Max SMTP server for Windows systems allows remote command execution.
[Feb14,1999]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0404]
[mailmax-bo]
-
Entry
A buffer overflow in lsof allows local users to obtain root privilege.
[Feb18,1999]
[19990220a]
[002]
[3163]
[lsof-bo]
-
Entry
By default, IIS 4.0 has a virtual directory /IISADMPWD which contains files that can be used as proxies for brute force password attacks, or to identify valid users on the system.
[19990209 ALERT: IIS4 allows proxied password attacks over NetBIOS]
[19990209 Re: IIS4 allows proxied password attacks over NetBIOS]
[iis-iisadmpwd]
-
Entry
Files created from interactive shell sessions in Cobalt RaQ microservers (e.g. .bash_history) are world readable, and thus are accessible from the web server.
[337]
[19990225 Cobalt root exploit]
[cobalt-raq-history-exposure]
-
Entry
Buffer overflow in gnuplot in Linux version 3.5 allows local users to obtain root access.
[319]
[19990304 Linux /usr/bin/gnuplot overflow]
[gnuplot-home-overflow]
-
Entry
The cancel command in Solaris 2.6 (i386) has a buffer overflow that allows local users to obtain root access.
[293]
[Mar5,1999]
[sol-cancel]
-
Entry
In IIS and other web servers, an attacker can attack commands as SYSTEM if the server is running as SYSTEM and loading an ISAPI extension.
[501]
[Feb19,1999]
[iis-isapi-execute]
-
Entry
A buffer overflow in the SGI X server allows local users to gain root access through the X server font path.
[19990301-01-PX]
[irix-font-path-overflow]
-
Entry
In Linux before version 2.0.36, remote attackers can spoof a TCP connection and pass data to the application layer before fully establishing the connection.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0414]
[Linux Blind TCP Spoofing]
[linux-blind-spoof]
-
Entry
The HTTP server in Cisco 7xx series routers 3.2 through 4.2 is enabled by default, which allows remote attackers to change the router's configuration.
[J-034]
[19990311 Cisco 7xx TCP and HTTP Vulnerabilities]
[19990311 Remote Reconfiguration and Denial of Service Vulnerabilities in Cisco 700 ISDN Routers]
[cisco-router-commands]
[cisco-web-config]
-
Entry
Vulnerability in Cisco 7xx series routers allows a remote attacker to cause a system reload via a TCP connection to the router's TELNET port.
[J-034]
[19990311 Cisco 7xx TCP and HTTP Vulnerabilities]
[19990311 Remote Reconfiguration and Denial of Service Vulnerabilities in Cisco 700 ISDN Routers]
[cisco-web-crash]
-
Entry
64 bit Solaris 7 procfs allows local users to perform a denial of service.
[448]
[Mar9,1999]
[1001]
[solaris-psinfo-crash]
-
Entry
umapfs allows local users to gain root privileges by changing their uid through a malicious mount_umap program.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0420]
[1999-006]
-
Entry
During a reboot after an installation of Linux Slackware 3.6, a remote attacker can obtain root access by logging in to the root account without a password.
[338]
[Short-Term High-Risk Vulnerability During Slackware 3.6 Network Installations]
[981]
[linux-slackware-install]
-
Entry
In some cases, NetBSD 1.3.3 mount allows local users to execute programs in some file systems that have the "noexec" flag set.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0422]
[1999-007]
-
Entry
Vulnerability in hpterm on HP-UX 10.20 allows local users to gain additional privileges.
[HPSBUX9903-093]
[hp-hpterm-files]
-
Entry
talkback in Netscape 4.5 allows a local user to overwrite arbitrary files of another user whose Netscape crashes.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0424]
[Mar18,1999]
[netscape-talkback-overwrite]
-
Entry
talkback in Netscape 4.5 allows a local user to kill an arbitrary process of another user whose Netscape crashes.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0425]
[Mar18,1999]
[netscape-talkback-kill]
-
Entry
OpenSSL and SSLeay allow remote attackers to reuse SSL sessions and bypass access controls.
[19990322 OpenSSL/SSLeay Security Alert]
[3936]
[ssl-session-reuse]
-
Entry
The Lotus Notes 4.5 client may send a copy of encrypted mail in the clear across the network if the user does not set the "Encrypt Saved Mail" preference.
[19990323]
[19990324 Re: LNotes encryption]
[19990326 Lotus Notes Encryption Bug]
[19990326 Re: Lotus Notes security advisory]
[lotus-client-encryption]
-
Entry
Cisco Catalyst LAN switches running Catalyst 5000 supervisor software allows remote attackers to perform a denial of service by forcing the supervisor module to reload.
[Cisco Catalyst Supervisor Remote Reload]
[Remote Denial of Service Vulnerability in Cisco Catalyst Series Ethernet Switches]
[1103]
[cisco-catalyst-crash]
-
Entry
ftp on HP-UX 11.00 allows local users to gain privileges.
[HPSBUX9903-094]
[hp-ftp]
-
Entry
XFree86 startx command is vulnerable to a symlink attack, allowing local users to create files in restricted directories, possibly allowing them to gain privileges or cause a denial of service.
[19990321 X11R6 NetBSD Security Problem]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0433]
[Mar28,1999]
[xfree86-temp-directories]
-
Entry
Domain Enterprise Server Management System (DESMS) in HP-UX allows local users to gain privileges.
[HPSBUX9903-095]
[hp-desms-servers]
-
Entry
Remote attackers can perform a denial of service in WebRamp systems by sending a malicious string to the HTTP port.
[WebRamp Denial of Service Attacks]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0437]
[webramp-device-crash]
-
Entry
Remote attackers can perform a denial of service in WebRamp systems by sending a malicious UDP packet to port 5353, changing its IP address.
[WebRamp Denial of Service Attacks]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0438]
[webramp-ipchange]
-
Entry
Buffer overflow in procmail before version 3.12 allows remote or local attackers to execute commands via expansions in the procmailrc configuration file.
[19990405 Re: [SECURITY] new version of procmail with security fixes]
[CSSA-1999:007]
[19990422]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0439]
[procmail-overflow]
-
Entry
The byte code verifier component of the Java Virtual Machine (JVM) allows remote execution through malicious web pages.
[1939]
[19990405 Security Hole in Java 2 (and JDK 1.1.x)]
[http://java.sun.com/pr/1999/03/pr990329-01.html]
[java-unverified-code]
-
Entry
Remote attackers can perform a denial of service in WinGate machines using a buffer overflow in the Winsock Redirector Service.
[509]
[AD02221999]
[wingate-redirector-dos]
-
Entry
Solaris ff.core allows local users to modify files.
[327]
[19990107 really silly ff.core exploit for Solaris]
[19990108 ff.core exploit on Solaris (2.)7]
[19990408 Solaris7 and ff.core]
-
Entry
In Cisco routers under some versions of IOS 12.0 running NAT, some packets may not be filtered by input access list filters.
[Cisco IOS(R) Software Input Access List Leakage with NAT]
[1104]
[cisco-natacl-leakage]
-
Entry
Local users can perform a denial of service in NetBSD 1.3.3 and earlier versions by creating an unusual symbolic link with the ln command, triggering a bug in VFS.
[1999-008]
[7051]
[netbsd-vfslocking-panic]
-
Entry
Local users can gain privileges using the debug utility in the MPE/iX operating system.
[HPSBMP9904-006]
[mpeix-debug]
-
Entry
IIS 4.0 and Apache log HTTP request methods, regardless of how long they are, allowing a remote attacker to hide the URL they really request.
[19990121 IIS 4 Request Logging Security Advisory]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0448]
[iis-http-request-logging]
-
Entry
The ExAir sample site in IIS 4 allows remote attackers to cause a denial of service (CPU consumption) via a direct request to the (1) advsearch.asp, (2) query.asp, or (3) search.asp scripts.
[193]
[19990125 Re: [NTSEC] IIS 4 Advisory - ExAir sample site DoS]
[19990126 IIS 4 Advisory - ExAir sample site DoS]
[19990126 IIS 4 Advisory - ExAir sample site DoS]
[2]
[3]
[4]
[iis-exair-dos]
-
Entry
Linux ftpwatch program allows local users to gain root privileges.
[317]
[Jan17,1999]
[19990117]
[ftpwatch-vuln]
-
Entry
L0phtcrack 2.5 used temporary files in the system TEMP directory which could contain password information.
[Jan6,1999]
[915]
[l0phtcrack-temp-files]
-
Entry
Remote attackers can perform a denial of service using IRIX fcagent.
[19981201-01-PX]
[sgi-fcagent-dos]
-
Entry
Local users can perform a denial of service in Tripwire 1.2 and earlier using long filenames.
[19990104 Tripwire mess..]
[http://marc.info/?l=bugtraq&m=91592136122066&w=2]
[6609]
-
Entry
The SVR4 /dev/wabi special device file in NetBSD 1.3.3 and earlier allows a local user to read or write arbitrary files on the disk associated with that device.
[1999-009]
[905]
-
Entry
Internet Explorer 5.0 allows a remote server to read arbitrary files on the client's file system using the Microsoft Scriptlet Component.
[Apr9,1999]
[MS99-012]
[ie-scriplet-fileread]
-
Entry
A weak encryption algorithm is used for passwords in Novell Remote.NLM, allowing them to be easily decrypted.
[482]
[19990409 New Novell Remote.NLM Password Decryption Algorithm with Exploit]
[netware-remotenlm-passwords]
-
Entry
The remote proxy server in Winroute allows a remote attacker to reconfigure the proxy without authentication through the "cancel" button.
[Apr9,1999]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0471]
[winroute-config]
-
Entry
The SNMP default community name "public" is not properly removed in NetApps C630 Netcache, even if the administrator tries to disable it.
[Apr7,1999]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0472]
[netcache-snmp]
-
Entry
The rsync command before rsync 2.3.1 may inadvertently change the permissions of the client's working directory to the permissions of the directory being transferred.
[145]
[19990407 rsync 2.3.1 release - security fix]
[CSSA-1999:010.0]
[19990823]
[rsync-permissions]
-
Entry
The ICQ Webserver allows remote attackers to use .. to access arbitrary files outside of the user's personal directory.
[Apr5,1999]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0474]
[icq-webserver-read]
-
Entry
A race condition in how procmail handles .procmailrc files allows a local user to read arbitrary files available to the user who is running procmail.
[Apr5,1999]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0475]
[procmail-race]
-
Entry
Denial of service in HP-UX sendmail 8.8.6 related to accepting connections.
[HPSBUX9904-097]
[sendmail-headers-dos]
-
Entry
Denial of service Netscape Enterprise Server with VirtualVault on HP-UX VVOS systems.
[HPSBUX9903-092]
[netscape-server-dos]
-
Entry
Denial of service in "poll" in OpenBSD.
[Mar22,1999]
[7556]
-
Entry
OpenBSD kernel crash through TSS handling, as caused by the crashme program.
[Mar21,1999]
[7557]
-
Entry
OpenBSD crash using nlink value in FFS and EXT2FS filesystems.
[Feb25,1999]
[6129]
-
Entry
Buffer overflow in OpenBSD ping.
[Feb23,1999]
[6130]
-
Entry
Remote attackers can cause a system crash through ipintr() in ipq in OpenBSD.
[Feb19,1999]
[7558]
[openbsd-ipintr-race]
-
Entry
The DHTML Edit ActiveX control in Internet Explorer allows remote attackers to read arbitrary files.
[MS99-011]
[ie-dhtml-control]
-
Entry
The prompt parsing in bash allows a local user to execute commands as another user by creating a directory with the name of the command to execute.
[119]
[19990420 Bash Bug]
[CSSA-1999-008.0]
-
Entry
rpc.statd allows remote attackers to forward RPC calls to the local operating system via the SM_MON and SM_NOTIFY commands, which in turn could be used to remotely exploit other bugs such as in automountd.
[450]
[19990103 SUN almost has a clue! (automountd)]
[CA-99-05]
[J-045]
[00186]
-
Entry
Denial of service in WinGate proxy through a buffer overflow in POP3.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0494]
[wingate-pop3-user-bo]
-
Entry
A Windows NT 4.0 user can gain administrative rights by forcing NtOpenProcessToken to succeed regardless of the user's permissions, aka GetAdmin.
[Q146965]
[nt-getadmin]
[nt-getadmin-present]
-
Entry
ICMP messages to broadcast addresses are allowed, allowing for a Smurf attack that can cause a denial of service.
[CA-98.01.smurf]
[FreeBSD-SA-98:06]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0513]
[smurf]
-
Entry
UDP messages to broadcast addresses are allowed, allowing for a Fraggle attack that can cause a denial of service by flooding the target.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0514]
[fraggle]
-
Entry
An X server's access control is disabled (e.g. through an "xhost +" command) and allows anyone to connect to the server.
[VU#704969]
[xcheck-keystroke]
-
Entry
HP OpenMail can be misconfigured to allow users to run arbitrary commands using malicious print requests.
[HPSBUX9804-078]
[hp-openmail]
-
Entry
An attacker can write to syslog files from any location, causing a denial of service by filling up the logs, and hiding activities.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0566]
[ibm-syslogd]
[syslog-flood]
-
Entry
An incorrect configuration of the PDG Shopping Cart CGI program "shopper.cgi" could disclose private information.
[19990420 Shopping Carts exposing CC data]
[http://www.pdgsoft.com/Security/security.html.]
[pdgsoftcart-misconfig(3857)]
-
Entry
A version of finger is running that exposes valid user information to any entity on the network.
[https://www.cve.org/CVERecord?id=CVE-1999-0612]
[finger-out]
[finger-running]
-
Entry
A version of rusers is running that exposes valid user information to any entity on the network.
[https://www.cve.org/CVERecord?id=CVE-1999-0626]
[ruser]
[rusersd]
-
Entry
The rexd service is running, which uses weak authentication that can allow an attacker to execute commands.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0627]
[rexd]
-
Entry
The rwho/rwhod service is running, which exposes machine status and user information.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0628]
[rwhod]
-
Entry
The scriptlet.typelib ActiveX control is marked as "safe for scripting" for Internet Explorer, which allows a remote attacker to execute arbitrary commands as demonstrated by Bubbleboy.
[598]
[19990821 IE 5.0 allows executing programs]
[J-064]
[MS99-032]
[Q240308]
[ms-scriptlet-eyedog-unsafe]
-
Entry
Buffer overflow in ToxSoft NextFTP client through CWD command.
[572]
[toxsoft-nextftp-cwd-bo]
-
Entry
Buffer overflow in Fujitsu Chocoa IRC client via IRC channel topics.
[573]
[fujitsu-topic-bo]
-
Entry
The BSD profil system call allows a local user to modify the internal data space of a program via profiling and execve.
[570]
[19990809 profil(2) bug, a simple test program]
[J-067]
[FreeBSD-SA-99:02]
[1999-011]
[Aug 9,1999]
[netbsd-profil]
-
Entry
Check Point FireWall-1 can be subjected to a denial of service via UDP packets that are sent through VPN-1 to port 0 of a host.
[576]
[19990809 FW1 UDP Port 0 DoS]
[1038]
[checkpoint-port]
-
Entry
sdtcm_convert in Solaris 2.6 allows a local user to overwrite sensitive files via a symlink attack.
[575]
[19990808 sdtcm_convert]
[sun-sdtcm-convert]
-
Entry
A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.
[318]
[19990405 An issue with Apache on Debian]
[apache-debian-usrdoc]
-
Entry
Buffer overflow in hybrid-6 IRC server commonly used on EFnet allows remote attackers to execute commands via m_invite invite option.
[581]
[19990813 w00w00's efnet ircd advisory (exploit included)]
[http://www.efnet.org/archive/servers/hybrid/ChangeLog]
[hybrid-ircd-minvite-bo]
-
Entry
Windows NT Terminal Server performs extra work when a client opens a new connection but before it is authenticated, allowing for a denial of service.
[571]
[J-057]
[MS99-028]
[Q238600]
[nt-terminal-dos]
-
Entry
Buffer overflow in Microsoft FrontPage Server Extensions (PWS) 3.0.2.926 on Windows 95, and possibly other versions, allows remote attackers to cause a denial of service via a long URL.
[568]
[19990807 Crash FrontPage Remotely...]
[frontpage-pws-dos(3117)]
-
Entry
Microsoft Exchange 5.5 allows a remote attacker to relay email (i.e. spam) using encapsulated SMTP addresses, even if the anti-relaying features are enabled.
[567]
[J-056]
[MS99-027]
[Q237927]
[exchange-relay]
-
Entry
Denial of service in Gauntlet Firewall via a malformed ICMP packet.
[556]
[19990729 Remotely Lock Up Gauntlet 5.0]
[1029]
[gauntlet-dos]
-
Entry
Buffer overflow in Netscape Communicator via EMBED tags in the pluginspage option.
[618]
[19991209 Netscape communicator 4.06J, 4.5J-4.6J, 4.61e Buffer Overflow]
-
Entry
Denial of service in Netscape Enterprise Server (NES) in HP Virtual Vault (VVOS) via a long URL.
[19990514 TGAD DoS]
[19990610 Re: VVOS/Netscape Bug]
[J-046]
[HPSBUX9906-098]
[hp-tgad-dos]
-
Entry
The ToolTalk ttsession daemon uses weak RPC authentication, which allows a remote attacker to execute commands.
[637]
[19990913 Vulnerability in ttsession]
[CA-99-11]
[K-001]
[SSRT0617U_TTSESSION]
[HPSBUX9909-103]
[00192]
[cde-ttsession-rpc-auth]
-
Entry
Buffer overflows in HP Software Distributor (SD) for HPUX 10.x and 11.x.
[545]
[HPSBUX9907-101]
[hp-sd-bo]
-
Entry
The CDE dtspcd daemon allows local users to execute arbitrary commands via a symlink attack.
[636]
[19990913 Vulnerability in dtspcd]
[CA-99-11]
[HPSBUX9909-103]
[oval:org.mitre.oval:def:1880]
[00192]
[cde-dtspcd-file-auth]
-
Entry
HP CDE program includes the current directory in root's PATH variable.
[J-053]
[HPSBUX9907-100]
[hp-cde-directory]
-
Entry
Buffer overflow in the AddSuLog function of the CDE dtaction utility allows local users to gain root privileges via a long user name.
[635]
[19990913 Vulnerability in dtaction]
[CA-99-11]
[SSRTO615U_DTACTION]
[HPSBUX9909-103]
[oval:org.mitre.oval:def:3078]
[00192]
[cde-dtaction-username-bo]
-
Entry
The default configuration of the Array Services daemon (arrayd) disables authentication, allowing remote users to gain root privileges.
[CA-99-09]
[J-052]
[19990701-01-P]
[sgi-arrayd]
-
Entry
Buffer overflow in TT_SESSION environment variable in ToolTalk shared library allows local users to gain root privileges.
[641]
[CA-99-11]
[HPSBUX9909-103]
[oval:org.mitre.oval:def:4374]
[00192]
[cde-dtsession-env-bo]
-
Entry
Denial of service in AIX ptrace system call allows local users to crash the system.
[J-055]
[ERS-SVA-E01-1999:002.1]
[aix-ptrace-halt]
-
Entry
The Sybase PowerDynamo personal web server allows attackers to read arbitrary files through a .. (dot dot) attack.
[620]
[19990904 [Sybase] software vendors do not think about old bugs]
[1064]
[http-powerdynamo-dotdotslash]
-
Entry
Buffer overflow in CDE Calendar Manager Service Daemon (rpc.cmsd).
[19990709 Exploit of rpc.cmsd]
[CA-99-08]
[J-051]
[SSRT0614U_RPC_CMSD]
[HPSBUX9908-102]
[SB-99.12]
[00188]
[4230754]
[sun-cmsd-bo]
-
Entry
SCO Doctor allows local users to gain root privileges through a Tools option.
[621]
[19990908 SCO 5.0.5 /bin/doctor nightmare]
[sco-doctor-execute]
-
Entry
The Bluestone Sapphire web server allows session hijacking via easily guessable session IDs.
[623]
[19990908 [Security] Spoofed Id in Bluestone Sapphire/Web]
-
Entry
Buffer overflow in Microsoft Phone Dialer (dialer.exe), via a malformed dialer entry in the dialer.ini file.
[MS99-026]
[Q237185]
[nt-malformed-dialer]
-
Entry
After an unattended installation of Windows NT 4.0, an installation file could include sensitive information such as the local Administrator password.
[626]
[MS99-036]
[Q173039]
[nt-install-unattend-file]
-
Entry
Internet Explorer 5.0 and 5.01 allows remote attackers to modify or execute files via the Import/Export Favorites feature, aka the "ImportExportFavorites" vulnerability.
[627]
[19990909 IE 5.0 security vulnerabilities - ImportExportFavorites - at least creating and overwriting files, probably executing programs]
[MS99-037]
[Q241361]
[ie5-import-export-favorites]
-
Entry
OpenBSD, BSDI, and other Unix operating systems allow users to set chflags and fchflags on character and block devices.
[19990805 4.4 BSD issue -- chflags]
[J-066]
[FreeBSD-SA-99:01]
[Jul30,1999]
[openbsd-chflags-fchflags-permitted]
-
Entry
Buffer overflow in Berkeley automounter daemon (amd) logging facility provided in the Linux am-utils package and others.
[614]
[CSSA-1999:024.0]
[CA-99-12]
[19991018]
[SA-99:06]
[RHSA-1999:032-01]
[amd-bo]
-
Entry
Buffer overflow in INN inews program.
[616]
[CSSA-1999-026]
[19990907]
[RHSA1999033_01]
[19990831 Security hole in INN]
[inn-inews-bo]
-
Entry
Linux xmonisdn package allows local users to gain root privileges by modifying the IFS or PATH environmental variables.
[583]
[19990807]
[19990817 Security hole in i4l (xmonisdn)]
-
Entry
The default FTP configuration in HP Visualize Conference allows conference users to send a file to other participants without authorization.
[493]
[J-050]
[HPSBUX9906-099]
[hp-visualize-conference-ftp]
-
Entry
Buffer overflow in cfingerd allows local users to gain root privileges via a long GECOS field.
[651]
[19990921 BP9909-00: cfingerd local buffer overflow]
-
Entry
The Squid package in Red Hat Linux 5.2 and 6.0, and other distributions, installs cachemgr.cgi in a public web directory, which allows remote attackers to use it as an intermediary to connect to other systems.
[2059]
[19990725 Redhat 6.0 cachemgr.cgi lameness]
[http://www.redhat.com/support/errata/archives/rh52-errata-general.html#squid]
[DSA-576]
[FEDORA-2005-373]
[FLSA-2006:152809]
[RHSA-1999:025]
[RHSA-2005:489]
[http-cgi-cachemgr(2385)]
-
Entry
The oratclsh interpreter in Oracle 8.x Intelligent Agent for Unix allows local users to execute Tcl commands as root.
[19990430 *Huge* security hole in Oracle 8.0.5 with Intellegent agent installed]
[19990506 Oracle Security Followup, patch and FAQ: setuid on oratclsh]
[oracle-oratclsh]
-
Entry
The dtlogin program in Compaq Tru64 UNIX allows local users to gain root privileges.
[19990404 Digital Unix 4.0E /var permission]
[J-044]
[SSRT0600U]
[cde-dtlogin]
-
Entry
Vulnerability in Compaq Tru64 UNIX edauth command.
[SSRT0588U]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0714]
[du-edauth]
-
Entry
Buffer overflow in Remote Access Service (RAS) client allows an attacker to execute commands or cause a denial of service via a malformed phonebook entry.
[19990519 Buffer Overruns in RAS allows execution of arbitary code as system]
[MS99-016]
[Q230677]
[nt-ras-bo]
-
Entry
Buffer overflow in Windows NT 4.0 help file utility via a malformed help file.
[MS99-015]
[Q231605]
[nt-helpfile-bo]
-
Entry
A remote attacker can disable the virus warning mechanism in Microsoft Excel 97.
[MS99-014]
[Q231304]
[excel-virus-warning]
-
Entry
IBM GINA, when used for OS/2 domain authentication of Windows NT users, allows local users to gain administrator privileges by changing the GroupMapping registry key.
[608]
[19990823 IBM Gina security warning]
[ibm-gina-group-add(3166)]
-
Entry
The Guile plugin for the Gnumeric spreadsheet package allows attackers to execute arbitrary code.
[563]
[19990802 Gnumeric potential security hole.]
[RHSA-1999:023-01]
[gnu-guile-plugin-export]
-
Entry
The pt_chown command in Linux allows local users to modify TTY terminal devices that belong to other users.
[597]
[19990823 [Linux] glibc 2.1.x / wu-ftpd <=2.5 / BeroFTPD / lynx / vlock / mc / glibc 2.0.x]
[linux-pt-chown]
-
Entry
Denial of service in Windows NT Local Security Authority (LSA) through a malformed LSA request.
[Phantom Technical Advisory]
[J-049]
[MS99-020]
[Q231457]
[msrpc-lsa-lookupnames-dos]
-
Entry
The default configuration of Cobalt RaQ2 servers allows remote users to install arbitrary software packages.
[558]
[CA-99-10]
[cobalt-raq2-default-config]
-
Entry
The Windows NT Client Server Runtime Subsystem (CSRSS) can be subjected to a denial of service when all worker threads are waiting for user input.
[478]
[J-049]
[MS99-021]
[Q233323]
[19990411 Death by MessageBox]
[nt-csrss-dos]
-
Entry
Buffer overflow in OpenBSD procfs and fdescfs file systems via uio_offset in the readdir() function.
[Aug12,1999]
[6128]
[openbsd-uio_offset-bo]
-
Entry
When IIS is run with a default language of Chinese, Korean, or Japanese, it allows a remote attacker to view the source code of certain files, a.k.a. "Double Byte Code Page".
[477]
[MS99-022]
[Q233335]
[iis-double-byte-code-page(2302)]
-
Entry
An attacker can conduct a denial of service in Windows NT by executing a program with a malformed file image header.
[499]
[MS99-023]
[Q234557]
[nt-malformed-image-header]
-
Entry
A kernel leak in the OpenBSD kernel allows IPsec packets to be sent unencrypted.
[19990608 Packets that should have been handled by IPsec may be transmitted as cleartext]
[6127]
[openbsd-ipsec-cleartext]
-
Entry
A Windows NT user can disable the keyboard or mouse by directly calling the IOCTLs which control them.
[MS99-024]
[Q236359]
[nt-ioctl-dos]
-
Entry
Buffer overflow in Lotus Notes LDAP (NLDAP) allows an attacker to conduct a denial of service through the ldap_search request.
[601]
[J-061]
[19990823 Denial of Service Attack against Lotus Notes Domino Server 4.6]
[1057]
[lotus-ldap-bo]
-
Entry
The zsoelim program in the Debian man-db package allows local users to overwrite files via a symlink attack.
[19990612]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0730]
-
Entry
The KDE klock program allows local users to unlock a session using malformed input.
[489]
[19990623 Security flaw in klock]
[CSSA-1999:017]
[https://github.com/KDE/kde1-kdebase/commit/04906bd5de2f220bf100b605dad37b4a1d9a91a6]
[19990629 Security hole in Klock]
-
Entry
The logging facility of the Debian smtp-refuser package allows local users to delete arbitrary files using symbolic links.
[19990823b]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0732]
[smtp-refuser-tmp]
-
Entry
Buffer overflow in VMWare 1.0.1 for Linux via a long HOME environmental variable.
[490]
[19990626 VMWare Advisory - buffer overflows]
[19990626 VMware Security Alert]
[19990705 Re: VMWare Advisory.. - exploit]
[vmware-bo]
-
Entry
A default configuration of CiscoSecure Access Control Server (ACS) allows remote users to modify the server database without authentication.
[19990819 CiscoSecure Access Control Server for UNIX Remote Administration Vulnerability]
[ciscosecure-read-write(3133)]
-
Entry
KDE K-Mail allows local users to gain privileges via a symlink attack in temporary user directories.
[300]
[CSSA-1999:016]
[KDE K-Mail File Creation Vulnerability]
[RHSA-1999:015-01]
-
Entry
Remote attackers can cause a denial of service on Linux in.telnetd telnet daemon through a malformed TERM environmental variable.
[594]
[CSSA-1999:022]
[RHSA1999029_01]
[linux-telnetd-term]
-
Entry
The Debian mailman package uses weak authentication, which allows attackers to gain privileges.
[480]
[19990623]
-
Entry
Trn allows local users to overwrite other users' files via symlinks.
[19990819 Insecure use of file in /tmp by trn]
[19990823c]
[19990824 Security hole in trn]
[trn-symlinks(3144)]
-
Entry
Buffer overflow in Netscape Enterprise Server and FastTrask Server allows remote attackers to gain privileges via a long HTTP GET request.
[603]
[Buffer Overflow in Netscape Enterprise and FastTrack Web Servers]
-
Entry
Buffer overflow in Source Code Browser Program Database Name Server Daemon (pdnsd) for the IBM AIX C Set ++ compiler.
[590]
[J-059]
[ERS-SVA-E01-1999:003.1]
[aix-pdnsd-bo]
-
Entry
A default configuration of in.identd in SuSE Linux waits 120 seconds between requests, allowing a remote attacker to conduct a denial of service.
[587]
[19990814 DOS against SuSE's identd]
[19990824 Security hole in netcfg]
[suse-identd-dos]
-
Entry
Denial of service in BSDi Symmetric Multiprocessing (SMP) when an fstat call is made when the system has a high CPU load.
[589]
[19990816 Symmetric Multiprocessing (SMP) Vulnerbility in BSDi 4.0.1]
[bsdi-smp-dos]
-
Entry
Buffer overflow in Microsoft Telnet client in Windows 95 and Windows 98 via a malformed Telnet argument.
[586]
[19990815 telnet.exe heap overflow - remotely exploitable]
[MS99-033]
[win-ie5-telnet-heap-overflow]
-
Entry
Buffer overflow in Accept command in Netscape Enterprise Server 3.6 with the SSL Handshake Patch.
[631]
[19990913 Accept overflow on Netscape Enterprise Server 3.6 SP2]
[netscape-accept-bo(3256)]
-
Entry
Denial of service in Netscape Enterprise Server via a buffer overflow in the SSL handshake.
[19990706 Netscape Enterprise Server SSL Handshake Bug]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0752]
-
Entry
The w3-msql CGI script provided with Mini SQL allows remote attackers to view restricted directories.
[591]
[19990817 Stupid bug in W3-msql]
[mini-sql-w3-msql-cgi]
-
Entry
The INN inndstart program allows local users to gain privileges by specifying an alternate configuration file using the INNCONF environmental variable.
[255]
[19990511 INN 2.0 and higher. Root compromise potential]
[CSSA-1999-011.0]
[http://www.redhat.com/corp/support/errata/inn99_05_22.html]
[19990518 Security hole in INN]
[inn-innconf-env]
-
Entry
Windows NT RRAS and RAS clients cache a user's password even if the user has not selected the "Save password" option.
[MS99-017]
[Q230681]
[nt-ras-pwcache]
-
Entry
ColdFusion Administrator with Advanced Security enabled allows remote users to stop the ColdFusion server via the Start/Stop utility.
[ASB99-07]
[coldfusion-admin-dos(2207)]
-
Entry
Netscape Enterprise 3.5.1 and FastTrack 3.01 servers allow a remote attacker to view source code to scripts by appending a %20 to the script's URL.
[ASB99-06]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0758]
[netscape-space-view]
-
Entry
Buffer overflow in FuseMAIL POP service via long USER and PASS commands.
[634]
[19990913 Many kind of POP3/SMTP server softwares for Windows have buffer overflow bug]
[http://www.crosswinds.net/~fuseware/faq.html#8]
[fuseware-popmail-bo]
-
Entry
Undocumented ColdFusion Markup Language (CFML) tags and functions in the ColdFusion Administrator allow users to gain additional privileges.
[ASB99-10]
[550]
[coldfusion-server-cfml-tags(3288)]
-
Entry
Buffer overflow in FreeBSD fts library routines allows local user to modify arbitrary files via the periodic program.
[644]
[FreeBSD-SA-99:05]
[1074]
[freebsd-fts-lib-bo]
-
Entry
When Javascript is embedded within the TITLE tag, Netscape Communicator allows a remote attacker to use the "about" protocol to gain access to browser information.
[19990524 Netscape Communicator JavaScript in <TITLE> security vulnerability]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0762]
[netscape-title]
-
Entry
NetBSD on a multi-homed host allows ARP packets on one network to modify ARP entries on another connected network.
[1999-010]
[6540]
[netbsd-arp]
-
Entry
NetBSD allows ARP packets to overwrite static ARP entries.
[1999-010]
[6539]
[netbsd-arp]
-
Entry
SGI IRIX midikeys program allows local users to modify arbitrary files via a text editor.
[262]
[19990619 IRIX midikeys root exploit.]
[19990501-01-A]
[irix-midikeys]
-
Entry
The Microsoft Java Virtual Machine allows a malicious Java applet to execute arbitrary commands outside of the sandbox environment.
[600]
[MS99-031]
[Q240346]
[msvm-verifier-java]
-
Entry
Buffer overflow in Vixie Cron on Red Hat systems via the MAILTO environmental variable.
[602]
[RHSA-1999:030-02]
[19990829 Security hole in cron]
-
Entry
Vixie Cron on Linux systems allows local users to set parameters of sendmail commands via the MAILTO environmental variable.
[611]
[CSSA-1999:023.0]
[19990830 cron]
[RHSA-1999:030-02]
[19990829 Security hole in cron]
-
Entry
Firewall-1 sets a long timeout for connections that begin with ACK or other packets except SYN, allowing an attacker to conduct a denial of service via a large number of connection attempts to unresponsive systems.
[549]
[19990729 Simple DOS attack on FW-1]
[ACK DOS ATTACK]
[1027]
-
Entry
The web components of Compaq Management Agents and the Compaq Survey Utility allow a remote attacker to read arbitrary files via a .. (dot dot) attack.
[19990526 Infosec.19990526.compaq-im.a]
[SSRT0612U]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0771]
[management-agent-file-read]
-
Entry
Denial of service in Compaq Management Agents and the Compaq Survey Utility via a long string sent to port 2301.
[19990527 Re: Infosec.19990526.compaq-im.a (New DoS and correction to my previous post)]
[SSRT0612U]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0772]
[management-agent-dos]
-
Entry
Buffer overflow in Solaris lpset program allows local users to gain root access.
[19990511 Solaris2.6 and 2.7 lpset overflow]
[sol-lpset-bo]
-
Entry
Buffer overflows in Mars NetWare Emulation (NWE, mars_nwe) package via long directory names.
[617]
[19990830 Babcia Padlina Ltd. security advisory: mars_nwe buffer overf]
[RHSA1999037_01]
[19990916 Security hole in mars nwe]
-
Entry
Cisco Gigabit Switch routers running IOS allow remote attackers to forward unauthorized packets due to improper handling of the "established" keyword in an access list.
[19990610 Cisco IOS Software established Access List Keyword Error]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0775]
[cisco-gigaswitch]
-
Entry
IIS FTP servers may allow a remote attacker to read or delete files on the server, even if they have "No Access" permissions.
[658]
[MS99-039]
[Q241407]
[Q242559]
[iis-ftp-no-access-files]
-
Entry
Buffer overflow in Xi Graphics Accelerated-X server allows local users to gain root access via a long display or query parameter.
[488]
[19990626 KSR[T] #011: Accelerated-X]
[011]
[accelx-display-bo]
-
Entry
Denial of service in HP-UX SharedX recserv program.
[HPSBUX9810-086]
[hp-sharedx]
-
Entry
KDE klock allows local users to kill arbitrary processes by specifying an arbitrary PID in the .kss.pid file.
[19981118 Multiple KDE security vulnerabilities (root compromise)]
[kde-klock-process-kill]
-
Entry
KDE allows local users to execute arbitrary commands by setting the KDEDIR environmental variable to modify the search path that KDE uses to locate its executables.
[19981118 Multiple KDE security vulnerabilities (root compromise)]
[kde-klock-bindir-trojans]
-
Entry
KDE kppp allows local users to create a directory in an arbitrary location via the HOME environmental variable.
[19981118 Multiple KDE security vulnerabilities (root compromise)]
[kde-kppp-directory-create]
-
Entry
FreeBSD allows local users to conduct a denial of service by creating a hard link from a device special file to a file on an NFS file system.
[I-057]
[FreeBSD-SA-98:05]
[6090]
[freebsd-nfs-link-dos]
-
Entry
The INN inndstart program allows local users to gain root privileges via the "pathrun" parameter in the inn.conf file.
[254]
[19990511 INN 2.0 and higher. Root compromise potential]
[19990518 Security hole in INN]
[inn-pathrun]
-
Entry
The dynamic linker in Solaris allows a local user to create arbitrary files via the LD_PROFILE environmental variable and a symlink attack.
[659]
[19990922 LD_PROFILE local root exploit for solaris 2.6]
-
Entry
The SSH authentication agent follows symlinks via a UNIX domain socket.
[660]
[19990917 A few bugs...]
[19990924 [Fwd: Truth about ssh 1.2.27 vulnerability]]
[ssh-socket-auth-symlink-dos]
-
Entry
Arkiea nlservd allows remote attackers to conduct a denial of service.
[662]
[19990924 Multiple vendor Knox Arkiea local root/remote DoS]
[arkiea-backup-nlserverd-remote-dos]
-
Entry
Buffer overflow in AIX ftpd in the libc library.
[679]
[19990928 Remote bufferoverflow exploit for ftpd from AIX 4.3.2 running on an RS6000]
[J-072]
[ERS-SVA-E01-1999:004.1]
[aix-ftpd-bo]
-
Entry
A remote attacker can read information from a Netscape user's cache via JavaScript.
[http://home.netscape.com/security/notes/jscachebrowsing.html]
[netscape-javascript]
-
Entry
Hybrid Network cable modems do not include an authentication mechanism for administration, allowing remote attackers to compromise the system through the HSMP protocol.
[695]
[19991006 KSR[T] Advisories #012: Hybrid Network's Cable Modems]
[012]
[hybrid-anon-cable-modem-reconfig]
-
Entry
Internet Explorer allows remote attackers to read files by redirecting data to a Javascript applet.
[MS99-043]
[ie-java-redirect]
-
Entry
Microsoft Excel does not warn a user when a macro is present in a Symbolic Link (SYLK) format file.
[MS99-044]
[Q241900]
[Q241901]
[Q241902]
[excel-sylk]
-
Entry
FreeBSD T/TCP Extensions for Transactions can be subjected to spoofing attacks.
[SA-98.03]
[6089]
[freebsd-ttcp-spoof]
-
Entry
NIS finger allows an attacker to conduct a denial of service via a large number of finger requests, resulting in a large number of NIS queries.
[I-070]
[19980629 Distributed DoS attack against NIS/NIS+ based networks.]
[sun-nis-nisplus]
-
Entry
Buffer overflow in bootpd 2.4.3 and earlier via a long boot file location.
[19970725 Exploitable buffer overflow in bootpd (most unices)]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0799]
[bootpd-bo]
-
Entry
The GetFile.cfm file in Allaire Forums allows remote attackers to read files through a parameter to GetFile.cfm.
[ASB99-05]
[19990211 ACFUG List: Alert: Allaire Forums GetFile bug]
[944]
[allaire-forums-file-read(1748)]
-
Entry
BMC Patrol allows remote attackers to gain access to an agent by spoofing frames.
[19990409 Patrol security bugs]
[bmc-patrol-frames(2075)]
-
Entry
Buffer overflow in Internet Explorer 5 allows remote attackers to execute commands via a malformed Favorites icon.
[19990503 MSIE 5 FAVICON BUG]
[MS99-018]
[Q231450]
[ie-favicon]
-
Entry
The fwluser script in AIX eNetwork Firewall allows local users to write to arbitrary files via a symlink attack.
[19990525 IBM eNetwork Firewall for AIX]
[962]
[ibm-enfirewall-tmpfiles]
-
Entry
Denial of service in Linux 2.2.x kernels via malformed ICMP packets containing unusual types, codes, and IP header lengths.
[302]
[19990601 Linux kernel 2.2.x vulnerability/exploit]
[CSSA-1999:013]
[19990607]
[19990603 Kernel Update]
[19990602 Denial of Service on the 2.2 kernel]
-
Entry
Buffer overflow in Solaris dtprintinfo program.
[19990510 Solaris2.6,2.7 dtprintinfo exploits]
[6552]
[cde-dtprintinfo]
-
Entry
The Netscape Directory Server installation procedure leaves sensitive information in a file that is accessible to local users.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0807]
[netscape-dirsvc-password]
-
Entry
Netscape Communicator 4.x with Javascript enabled does not warn a user of cookie settings, even if they have selected the option to "Only accept cookies originating from the same server as the page being viewed".
[19990709 Communicator 4.[56]x, JavaScript used to bypass cookie settings]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0809]
-
Entry
Denial of service in Samba NETBIOS name service daemon (nmbd).
[19990721 Samba 2.0.5 security fixes]
[CSSA-1999:018.0]
[19990731]
[19990804]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0810]
[RHSA-1999:022-02]
[19990816 Security hole in Samba]
-
Entry
Buffer overflow in Samba smbd program via a malformed message command.
[536]
[19990721 Samba 2.0.5 security fixes]
[CSSA-1999:018.0]
[19990731 Samba]
[RHSA-1999:022-02]
[19990816 Security hole in Samba]
[samba-message-bo]
-
Entry
Race condition in Samba smbmnt allows local users to mount file systems in arbitrary locations.
[19990721 Samba 2.0.5 security fixes]
[CSSA-1999:018.0]
[19990731]
[19990804]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0812]
[RHSA-1999:022-02]
[19990816 Security hole in Samba]
-
Entry
Cfingerd with ALLOW_EXECUTION enabled does not properly drop privileges when it executes a program on behalf of the user, allowing local users to gain root privileges.
[19980724 CFINGERD root security hole]
[19990810 Severe bug in cfingerd before 1.4.0]
[19990814]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0813]
[cfingerd-privileges]
-
Entry
Red Hat pump DHCP client allows remote attackers to gain root access in some configurations.
[RHSA-1999:027]
-
Entry
Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries.
[Q196270]
[oval:org.mitre.oval:def:952]
[nt-snmpagent-leak(1974)]
-
Entry
Lynx WWW client allows a remote attacker to specify command-line parameters which Lynx uses when calling external programs to handle certain protocols, e.g. telnet.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0817]
[19990915 Security hole in lynx]
-
Entry
NTMail does not disable the VRFY command, even if the administrator has explicitly disabled it.
[19991130 NTmail and VRFY]
[19991130 NTmail and VRFY]
[nt-mail-vrfy]
-
Entry
FreeBSD seyon allows users to gain privileges via a modified PATH variable for finding the xterm and seyon-emu commands.
[838]
[19991130 Several FreeBSD-3.3 vulnerabilities]
[5996]
[freebsd-seyon-dir-add]
-
Entry
Buffer overflow in FreeBSD xmindpath allows local users to gain privileges via -f argument.
[839]
[19991130 Several FreeBSD-3.3 vulnerabilities]
[1150]
[freebsd-xmindpath]
-
Entry
A Windows NT user can use SUBST to map a drive letter to a folder, which is not unmapped after the user logs off, potentially allowing that user to modify the location of folders accessed by later users.
[833]
[19991130 Subst.exe carelessness (fwd)]
[19991130 SUBST problem]
-
Entry
Buffer overflow in FreeBSD angband allows local users to gain privileges.
[840]
[19991130 Several FreeBSD-3.3 vulnerabilities]
[1151]
[angband-bo]
-
Entry
Denial of service in Linux syslogd via a large number of connections.
[809]
[19991130 [david@slackware.com: New Patches for Slackware 4.0 Available]]
[CSSA-1999-035.0]
[RHSA1999055-01]
[19991118 syslogd-1.3.33 (a1)]
[slackware-syslogd-dos]
-
Entry
Buffer overflow in NFS server on Linux allows attackers to execute commands via a long pathname.
[782]
[19991109 undocumented bugs - nfsd]
[19991130 [david@slackware.com: New Patches for Slackware 4.0 Available]]
[CSSA-1999-033.0]
[19991111 buffer overflow in nfs server]
[RHSA-1999:053-01]
[19991110 Security hole in nfs-server < 2.2beta47 within nkita]
[linux-nfs-maxpath-bo]
-
Entry
Buffer overflow in BIND 8.2 via NXT records.
[788]
[CSSA-1999-034.1]
[CA-99-14]
[19991116 Denial of service vulnerabilities in bind]
[RHSA-1999:054-01]
[19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL]
[bind-nxt-bo]
-
Entry
Buffer overflow in RSAREF2 via the encryption and decryption functions in the RSAREF library.
[843]
[19991201 Security Advisory: Buffer overflow in RSAREF2]
[19991202 OpenBSD sslUSA26 advisory (Re: CORE-SDI: Buffer overflow in RSAREF2)]
[CA-99-15]
[rsaref-bo]
-
Entry
Denial of service in BIND named via malformed SIG records.
[788]
[CSSA-1999-034.1]
[CA-99-14]
[19991116 Denial of service vulnerabilities in bind]
[RHSA-1999:054-01]
[19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL]
[bind-sigrecord-dos]
-
Entry
UnixWare uidadmin allows local users to modify arbitrary files via a symlink attack.
[842]
[19991202 UnixWare 7 uidadmin exploit + discussion]
[SB-99.22a]
[unixware-uid-admin]
-
Entry
Denial of service in BIND by improperly closing TCP sessions via so_linger.
[788]
[CSSA-1999-034.1]
[CA-99-14]
[19991116 Denial of service vulnerabilities in bind]
[RHSA-1999:054-01]
[00194]
[19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL]
[bind-solinger-dos]
-
Entry
Buffer overflow in Serv-U FTP 2.5 allows remote users to conduct a denial of service via the SITE command.
[859]
[19991202 Remote DoS Attack in Serv-U FTP-Server v2.5a Vulnerability]
[servu-ftp-site-bo]
-
Entry
Windows NT Task Scheduler installed with Internet Explorer 5 allows a user to gain privileges by modifying the job after it has been scheduled.
[828]
[MS99-051]
[Q246972]
[19991130 Windows NT Task Scheduler vulnerability allows user to administrator elevation]
[ie-task-scheduler-privs]
-
Entry
Symantec Mail-Gear 1.0 web interface server allows remote users to read arbitrary files via a .. (dot dot) attack.
[827]
[19991129 Symantec Mail-Gear 1.0 Web interface Server Directory Traversal Vulnerability]
[19991129 Symantec Mail-Gear 1.0 Web interface Server Directory Traversal Vulnerability]
[1144]
[symantec-mail-dir-traversal]
-
Entry
Buffer overflow in free internet chess server (FICS) program, xboard.
[19991129 FICS buffer overflow]
[https://marc.info/?l=bugtraq&m=94407791819019&w=2]
[fics-board-bo]
-
Entry
Denial of service in BIND named via consuming more than "fdmax" file descriptors.
[788]
[CSSA-1999-034.1]
[CA-99-14]
[19991116 Denial of service vulnerabilities in bind]
[RHSA-1999:054-01]
[00194]
[19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL]
[bind-fdmax-dos]
-
Entry
Denial of service in BIND named via maxdname.
[788]
[CSSA-1999-034.1]
[CA-99-14]
[19991116 Denial of service vulnerabilities in bind]
[RHSA-1999:054-01]
[00194]
[19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL]
[bind-maxdname-bo]
-
Entry
Denial of service in BIND named via naptr.
[788]
[CSSA-1999-034.1]
[CA-99-14]
[19991116 Denial of service vulnerabilities in bind]
[RHSA-1999:054-01]
[00194]
[19991111 Security hole in bind8 < 8.2.2p2 and bind4 < 4.9.7-REL]
[bind-naptr-dos]
-
Entry
Buffer overflow in Netscape Enterprise Server and Netscape FastTrack Server allows remote attackers to gain privileges via the HTTP Basic Authentication procedure.
[847]
[19991201 Buffer Overflow in Netscape Enterprise and FastTrack Authentication Procedure]
[netscape-fasttrack-auth-bo]
-
Entry
Ultimate Bulletin Board stores data files in the cgi-bin directory, allowing remote attackers to view the data if an error occurs when the HTTP server attempts to execute the file.
[19991130 Ultimate Bulletin Board v5.3x? Bug]
[20000225 FW: Important UBB News For Licensed Users]
[http://www.ultimatebb.com/home/versions.shtml]
[http-ultimate-bbs]
-
Entry
login in Slackware 7.0 allows remote attackers to identify valid users on the system by reporting an encryption error when an account is locked or does not exist.
[19991202 Slackware 7.0 - login bug]
[https://marc.info/?l=bugtraq&m=94416739411280&w=2]
[slackware-remote-login]
-
Entry
Internet Explorer 5 allows a remote attacker to modify the IE client's proxy configuration via a malicious Web Proxy Auto-Discovery (WPAD) server.
[846]
[MS99-054]
[Q247333]
[ie-wpad-proxy-settings]
-
Entry
Solaris arp allows local users to read files via the -f parameter, which lists lines in the file that do not parse properly.
[837]
[19991130 Solaris 2.x chkperm/arp vulnerabilities]
[6994]
[4296166]
[sol-arp-parse]
-
Entry
Race condition in the SSL ISAPI filter in IIS and other servers may leak information in plaintext.
[MS99-053]
[Q244613]
[iis-ssl-isapi-filter]
-
Entry
UnixWare programs that dump core allow a local user to modify files via a symlink attack on the ./core.pid file.
[851]
[19991202 UnixWare coredumps follow symlinks]
[19991215 Recent postings about SCO UnixWare 7]
[19991220 SCO OpenServer Security Status]
[19991223 FYI, SCO Security patches available.]
[sco-coredump-symlink]
-
Entry
Buffer overflow in CommuniGatePro via a long string to the HTTP configuration port.
[860]
[19991203 CommuniGatePro 3.1 for NT DoS]
[19991203 CommuniGatePro 3.1 for NT Buffer Overflow]
[communigate-pro-bo]
-
Entry
Buffer overflow in UnixWare xauto program allows local users to gain root privilege.
[848]
[19991203 UnixWare gain root with non-su/gid binaries]
[19991215 Recent postings about SCO UnixWare 7]
[19991220 SCO OpenServer Security Status]
[19991223 FYI, SCO Security patches available.]
[SB-99.24a]
[sco-xauto-bo]
-
Entry
Denial of service in IIS 4.0 via a flood of HTTP requests with malformed headers.
[579]
[J-058]
[MS99-029]
[Q238349]
[http-iis-malformed-header]
-
Entry
ucbmail allows remote attackers to execute commands via shell metacharacters that are passed to it from INN.
[CA-97.08]
[https://www.cs.ait.ac.th/joomla3/index.php/security-advisories?CERT/CA97/msg00027.shtml]
[inn-ucbmail-shell-meta]
-
Entry
Internet Explorer 3.x to 4.01 allows a remote attacker to insert malicious content into a frame of another web site, aka frame spoofing.
[MS98-020]
[167614]
[http-frame-spoof]
-
Entry
Internet Explorer 4.01 allows remote attackers to read arbitrary files by pasting a file name into the file upload control, aka untrusted scripted paste.
[MS98-015]
[169245]
[ie-usp-cuartango]
-
Entry
Internet Explorer 4.0 and 4.01 allow a remote attacker to read files via IE's cross frame security, aka the "Cross Frame Navigate" vulnerability.
[MS98-013]
[7837]
[ie-crossframe-file-read(3668)]
-
Entry
Buffer overflow in Skyfull mail server via MAIL FROM command.
[759]
[skyfull-mail-from-bo]
-
Entry
Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions.
[CA-99-07]
[J-048]
[AD06081999]
[MS99-019]
[Q234905]
[oval:org.mitre.oval:def:915]
[iis-htr-overflow]
-
Entry
DHCP clients with ICMP Router Discovery Protocol (IRDP) enabled allow remote attackers to modify their default routes.
[578]
[19990811]
[Q216141]
[irdp-gateway-spoof]
-
Entry
Buffer overflow in Internet Explorer 4.0 via EMBED tag.
[Q176697]
[Q185959]
-
Entry
Internet Explorer 5 allows remote attackers to read files via an ExecCommand method called on an IFRAME.
[MS99-042]
[Q243638]
[ie-iframe-exec]
-
Entry
Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via MAPPING_CHDIR.
[AA-1999.01]
[599]
[CA-99-13]
[SSRT0622]
[RHSA1999031_01]
[wu-ftpd-dir-name]
-
Entry
Buffer overflow in WU-FTPD and related FTP servers allows remote attackers to gain root privileges via macro variables in a message file.
[CA-99-13]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0879]
[wuftp-message-file-root]
-
Entry
Denial of service in WU-FTPD via the SITE NEWER command, which does not free memory properly.
[CA-99-13]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0880]
[wuftp-site-newer-dos]
-
Entry
Falcon web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.
[743]
[Falcon Web Server]
[19991025 Falcon Web Server]
[1127]
[falcon-path-parsing]
-
Entry
Zeus web server allows remote attackers to read arbitrary files by specifying the file name in an option to the search engine.
[742]
[19991024 RFP9905: Zeus webserver remote root compromise]
[1126]
[zeus-remote-root(3380)]
-
Entry
The Zeus web server administrative interface uses weak encryption for its passwords.
[742]
[19991024 RFP9905: Zeus webserver remote root compromise]
[8186]
[zeus-weak-password(3833)]
-
Entry
The security descriptor for RASMAN allows users to point to an alternate location via the Windows NT Service Control Manager.
[645]
[MS99-041]
[Q242294]
[nt-rasman-pathname]
-
Entry
FTGate web interface server allows remote attackers to read files via a .. (dot dot) attack.
[19991104 FTGate Version 2.1 Web interface Server Directory Traversal Vulnerability]
[AD05261999]
[1137]
-
Entry
dbsnmp in Oracle Intelligent Agent allows local users to gain privileges by setting the ORACLE_HOME environmental variable, which dbsnmp uses to find the nmiconf.tcl script.
[585]
[19990817 Security Bug in Oracle]
[oracle-dbsnmp]
-
Entry
Cisco 675 routers running CBOS allow remote attackers to establish telnet sessions if an exec or superuser password has not been set.
[19990810 Cisco 675 password nonsense]
[39]
[cisco-cbos-telnet]
-
Entry
iHTML Merchant allows remote attackers to obtain sensitive information or execute commands via a code parsing error.
[694]
[19990928 Team Asylum: iHTML Merchant Vulnerabilities]
[http://www.ihtmlmerchant.com/support_patches_feedback.htm]
[ihtml-merchant-file-access]
-
Entry
The "download behavior" in Internet Explorer 5 allows remote attackers to read arbitrary files via a server-side redirect.
[674]
[VU#37828]
[K-002]
[MS99-040]
[Q242542]
[11274]
[ie-download-behavior]
-
Entry
Buffer overflow in Netscape Communicator before 4.7 via a dynamic font whose length field is less than the size of the font.
[19991018 Netscape 4.x buffer overflow]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0892]
-
Entry
userOsa in SCO OpenServer allows local users to corrupt files via a symlink attack.
[19991011 SCO OpenServer 5.0.5 overwrite /etc/shadow]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0893]
[sco-openserver-userosa-script]
-
Entry
Red Hat Linux screen program does not use Unix98 ptys, allowing local users to write to other terminals.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0894]
[RHSA1999042-01]
-
Entry
Firewall-1 does not properly restrict access to LDAP attributes.
[725]
[19991020 Checkpoint FireWall-1 V4.0: possible bug in LDAP authentication]
[1117]
[checkpoint-ldap-auth]
-
Entry
Buffer overflow in RealNetworks RealServer administration utility allows remote attackers to execute arbitrary commands via a long username and password.
[767]
[19991109 RealNetworks RealServer G2 buffer overflow.]
[http://service.real.com/help/faq/servg260.html]
[realserver-g2-pw-bo]
-
Entry
iChat ROOMS Webserver allows remote attackers to read arbitrary files via a .. (dot dot) attack.
[19980908 bug in iChat 3.0 (maybe others)]
[ichat-file-read-vuln]
-
Entry
Buffer overflows in Windows NT 4.0 print spooler allow remote attackers to gain privileges or cause a denial of service via a malformed spooler request.
[768]
[MS99-047]
[Q243649]
[nt-printer-spooler-bo]
-
Entry
The Windows NT 4.0 print spooler allows a local user to execute arbitrary commands due to inappropriate permissions that allow the user to specify an alternate print provider.
[769]
[MS99-047]
[Q243649]
[nt-printer-spooler-bo]
-
Entry
Buffer overflow in rpc.yppasswdd allows a local user to gain privileges via MD5 hash generation.
[19991027 nis]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0900]
[RHSA1999046-01]
[19991023 Security hole in ypserv < 1.3.9]
-
Entry
ypserv allows a local user to modify the GECOS and login shells of other users.
[19991027 nis]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0901]
[RHSA1999046-01]
[19991023 Security hole in ypserv < 1.3.9]
-
Entry
ypserv allows local administrators to modify password tables.
[19991027 nis]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0902]
[RHSA1999046-01]
[19991023 Security hole in ypserv < 1.3.9]
-
Entry
genfilt in the AIX Packet Filtering Module does not properly filter traffic to destination ports greater than 32767.
[19991025 IBM AIX Packet Filter module]
[19991027 Re: IBM AIX Packet Filter module (followup)]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0903]
[aix-genfilt-filtering]
-
Entry
Buffer overflow in BFTelnet allows remote attackers to cause a denial of service via a long username.
[771]
[19991103 Remote DoS Attack in BFTelnet Server v1.1 for Windows NT]
[bftelnet-username-dos]
-
Entry
Denial of service in Axent Raptor firewall via malformed zero-length IP options.
[736]
[19991020 Remote DoS in Axent's Raptor 6.0]
[1121]
[raptor-ipoptions-dos]
-
Entry
Buffer overflow in sccw allows local users to gain root access via the HOME environmental variable.
[656]
[19990923 SuSE 6.2 sccw overflow exploit]
[19990926 Security hole in sccw (Part II)]
[linux-sccw-bo]
-
Entry
sccw allows local users to read arbitrary files.
[19990916 SuSE 6.2 /usr/bin/sccw read any file]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0907]
[19990921 Security Hole in sccw-1.1 and earlier]
-
Entry
Denial of service in Solaris TCP streams driver via a malicious connection that causes the server to panic as a result of recursive calls to mutex_enter.
[655]
[19990921 solaris DoS]
[sun-tcp-mutex-enter-dos]
-
Entry
Multihomed Windows systems allow a remote attacker to bypass IP source routing restrictions via a malformed packet with IP options, aka the "Spoofed Route Pointer" vulnerability.
[646]
[MS99-038]
[Q238453]
[Windows IP Source Routing Vulnerability]
[nt-ip-source-route]
-
Entry
FreeBSD VFS cache (vfs_cache) allows local users to cause a denial of service by opening a large number of files.
[653]
[19990921 FreeBSD-specific denial of service]
[1079]
[freebsd-vfscache-dos]
-
Entry
Buffer overflow in the FTP client in the Debian GNU/Linux netstd package.
[324]
[19990103 [SECURITY] New versions of netstd fixes buffer overflows]
[19990104]
-
Entry
URL Live! web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.
[746]
[19991028 URL Live! 1.0 WebServer]
[1129]
-
Entry
WebTrends software stores account names and passwords in a file which does not have restricted access permissions.
[19990629 Bad Permissions on Passwords Stored by WebTrends Software]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0916]
-
Entry
The Preloader ActiveX control used by Internet Explorer allows remote attackers to read arbitrary files.
[MS99-018]
[Q231452]
[legacy-activex-local-drive]
-
Entry
Denial of service in various Windows systems via malformed, fragmented IGMP packets.
[514]
[19990703 IGMP fragmentation bug in Windows 98/2000]
[MS99-034]
[Q238329]
[igmp-dos]
-
Entry
Buffer overflow in the pop-2d POP daemon in the IMAP package allows remote attackers to gain privileges via the FOLD command.
[283]
[19990526 Remote vulnerability in pop2d]
[19990607a]
[pop2-fold-bo]
-
Entry
BMC Patrol allows any remote attacker to flood its UDP port, causing a denial of service.
[1879]
[19990409 Patrol security bugs]
[bmc-patrol-udp-dos(4291)]
-
Entry
An example application in ColdFusion Server 4.0 allows remote attackers to view source code via the sourcewindow.cfm file.
[ASB99-02]
[coldfusion-sourcewindow]
-
Entry
The Syntax Checker in ColdFusion Server 4.0 allows remote attackers to conduct a denial of service.
[ASB99-02]
[3236]
[coldfusion-syntax-checker(1742)]
-
Entry
NTMail allows remote attackers to read arbitrary files via a .. (dot dot) attack.
[279]
[AD05261999]
[ntmail-fileread]
-
Entry
Buffer overflow in SmartDesk WebSuite allows remote attackers to cause a denial of service via a long URL.
[278]
[19990525 Buffer overflow in SmartDesk WebSuite v2.1]
[websuite-dos]
-
Entry
wwwboard allows a remote attacker to delete message board articles via a malformed argument.
[1795]
[19980903 wwwboard.pl vulnerability]
[http://www.worldwidemart.com/scripts/faq/wwwboard/q5.shtml]
[http-cgi-wwwboard(2344)]
-
Entry
Buffer overflow in Mediahouse Statistics Server allows remote attackers to execute commands.
[734]
[19990930 Security flaw in Mediahouse Statistics Server v4.28 & 5.01]
[mediahouse-stats-login-bo]
-
Entry
Mediahouse Statistics Server allows remote attackers to read the administrator password, which is stored in cleartext in the ss.cfg file.
[735]
[19990930 Security flaw in Mediahouse Statistics Server v4.28 & 5.01]
[mediahouse-stats-adminpw-cleartext]
-
Entry
TeamTrack web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.
[689]
[19991001 RFP9904: TeamTrack webserver vulnerability]
[1096]
-
Entry
classifieds.cgi allows remote attackers to read arbitrary files via shell metacharacters.
[2020]
[19991215 Classifieds (classifieds.cgi)]
[http-cgi-classifieds-read(3102)]
-
Entry
classifieds.cgi allows remote attackers to execute arbitrary commands by specifying them in a hidden variable in a CGI form.
[19991215 Classifieds (classifieds.cgi)]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0935]
-
Entry
BNBSurvey survey.cgi program allows remote attackers to execute commands via shell metacharacters.
[19981203 BNBSurvey (survey.cgi)]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0936]
-
Entry
BNBForm allows remote attackers to read arbitrary files via the automessage hidden form variable.
[19981203 BNBForm (bnbform.cgi)]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0937]
-
Entry
MBone SDR Package allows remote attackers to execute commands via shell metacharacters in Session Initiation Protocol (SIP) messages.
[VN-99-03]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0938]
[sdr-execute]
-
Entry
Denial of service in Debian IRC Epic/epic4 client via a long string.
[605]
[19990826 [SECURITY] New versions of epic4 fixes possible DoS vulnerability]
[19990826]
-
Entry
Buffer overflow in mutt mail client allows remote attackers to execute commands via malformed MIME messages.
[CSSA-1999-031]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0940]
[19990927 Security hole in mutt]
-
Entry
UnixWare dos7utils allows a local user to gain root privileges by using the STATICMERGE environmental variable to find a script which it executes.
[19991005 SCO UnixWare 7.1 local root exploit]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0942]
[sco-unixware-dos7utils-root-privs]
-
Entry
Buffer overflow in OpenLink 3.2 allows remote attackers to gain privileges via a long GET request to the web configurator.
[720]
[19991015 OpenLink 3.2 Advisory]
-
Entry
Buffer overflow in Internet Mail Service (IMS) for Microsoft Exchange 5.5 and 5.0 allows remote attackers to conduct a denial of service via AUTH or AUTHINFO commands.
[I-080]
[19980724 Denial of Service attacks against Microsoft Exchange 5.0 to 5.5]
[Q169174]
[exchange-dos(1223)]
-
Entry
Buffer overflow in Yamaha MidiPlug via a Text variable in an EMBED tag.
[760]
[19991102 Some holes for Win/UNIX softwares]
[yamaha-midiplug-embed]
-
Entry
AN-HTTPd provides example CGI scripts test.bat, input.bat, input2.bat, and envout.bat, which allow remote attackers to execute commands via shell metacharacters.
[762]
[19991102 Some holes for Win/UNIX softwares]
-
Entry
Buffer overflow in WFTPD FTP server allows remote attackers to gain root access via a series of MKD and CWD commands that create nested directories.
[747]
[19991027 WFTPD v2.40 FTPServer remotely exploitable buffer overflow vulnerability]
[wftpd-mkd-bo]
-
Entry
Buffer overflow in OmniHTTPd CGI program imagemap.exe allows remote attackers to execute commands.
[739]
[19991022 Imagemap CGI overflow exploit]
[3380]
[http-cgi-imagemap-bo]
-
Entry
WWWBoard stores encrypted passwords in a password file that is under the web root and thus accessible by remote attackers.
[19980903 wwwboard.pl vulnerability]
[19990916 More fun with WWWBoard]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0953]
-
Entry
WWWBoard has a default username and default password.
[649]
[19990916 More fun with WWWBoard]
-
Entry
Race condition in wu-ftpd and BSDI ftpd allows remote attackers to gain root access via the SITE EXEC command.
[CA-94.08]
[E-17]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0955]
[ftp-exec]
-
Entry
The NeXT NetInfo _writers property allows local users to gain root privileges or conduct a denial of service.
[CA-93.02a]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0956]
[next-netinfo]
-
Entry
MajorCool mj_key_cache program allows local users to modify files via a symlink attack.
[19970618 Security hole in MajorCool 1.0.3]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0957]
[majorcool-file-overwrite-vuln]
-
Entry
sudo 1.5.x allows local users to execute arbitrary commands via a .. (dot dot) attack.
[19980112 Re: hole in sudo for MP-RAS.]
[sudo-dot-dot-attack]
-
Entry
IRIX startmidi program allows local users to modify arbitrary files via a symlink attack.
[AA-97-05]
[469]
[19970209 IRIX: Bug in startmidi]
[8447]
[19980301-01-PX]
[irix-startmidi-file-creation(1634)]
-
Entry
IRIX cdplayer allows local users to create directories in arbitrary locations via a command line option.
[AA-96.11]
[19980301-01-PX]
[irix-cdplayer-directory-create]
-
Entry
HPUX sysdiag allows local users to gain root privileges via a symlink attack during log file creation.
[19960921 Vunerability in HP sysdiag ?]
[H-03]
[hp-sysdiag-symlink]
-
Entry
Buffer overflow in HPUX passwd command allows local users to gain root privileges via a command line option.
[AA-96.13]
[HPSBUX9701-045]
[6415]
[hp-password-cmd-bo]
-
Entry
FreeBSD mount_union command allows local users to gain root privileges via a symlink attack.
[19960517 BoS: SECURITY BUG in FreeBSD]
[VB-96.06]
[6088]
[freebsd-mount-union-root]
-
Entry
Buffer overflow in FreeBSD setlocale in the libc module allows attackers to execute arbitrary code via a long PATH_LOCALE environment variable.
[FreeBSD-SA-97:01]
[6086]
[freebsd-setlocale-bo]
-
Entry
Race condition in xterm allows local users to modify arbitrary files via the logging option.
[CA-93.17]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0965]
[xterm]
-
Entry
Buffer overflow in Solaris getopt in libc allows local users to gain root privileges via a long argv[0].
[19970127 Solaris libc - getopt(3)]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0966]
-
Entry
Buffer overflow in the HTML library used by Internet Explorer, Outlook Express, and Windows Explorer via the res: local resource protocol.
[19971101 Microsoft Internet Explorer 4.0 Suite]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0967]
-
Entry
Buffer overflow in BNC IRC proxy allows remote attackers to gain privileges.
[1927]
[19981226 bnc exploit]
[bnc-proxy-bo(1546)]
-
Entry
The Windows NT RPC service allows remote attackers to conduct a denial of service using spoofed malformed RPC packets which generate an error message that is sent to the spoofed host, potentially setting up a loop, aka Snork.
[19980929 "Snork" Denial of Service Attack Against Windows NT RPC Service]
[MS98-014]
[Q193233]
[19980929 ISS Security Advisory: Snork]
[snork-dos]
-
Entry
Buffer overflow in Exim allows local users to gain root privileges via a long :include: option in a .forward file.
[19970722 Security hole in exim 1.62: local root exploit]
[exim-include-overflow]
-
Entry
Buffer overflow in Xshipwars xsw program.
[863]
[19991209 xsw 1.24 remote buffer overflow]
-
Entry
Buffer overflow in Solaris snoop program allows remote attackers to gain root privileges via a long domain name when snoop is running in verbose mode.
[858]
[19991206 [w00giving #8] Solaris 2.7's snoop]
[19991209 Clarification needed on the snoop vuln(s) (fwd)]
-
Entry
Buffer overflow in Solaris snoop allows remote attackers to gain root privileges via GETQUOTA requests to the rpc.rquotad service.
[864]
[19991209 Clarification needed on the snoop vuln(s) (fwd)]
[19991209 Buffer Overflow in Solaris Snoop]
[00190]
-
Entry
The Windows help system can allow a local user to execute commands as another user by editing a table of contents metafile with a .CNT extension and modifying the topic action to include the commands to be executed when the .hlp file is accessed.
[868]
[19991207 Local user can fool another to run executable. .CNT/.GID/.HLP M$WINNT]
-
Entry
Sendmail allows local users to reinitialize the aliases database via the newaliases command, then cause a denial of service by interrupting Sendmail.
[857]
[19991207 [Debian] New version of sendmail released]
[19991204]
[sendmail-bi-alias]
-
Entry
Buffer overflow in Solaris sadmind allows remote attackers to gain root privileges using a NETMGT_PROC_SERVICE request.
[2354]
[866]
[19991210 Re: Solaris sadmind Buffer Overflow Vulnerability]
[19991210 Solaris sadmind Buffer Overflow Vulnerability]
[CA-99-16]
[2558]
[19991209 sadmind]
[00191]
[sol-sadmind-amslverify-bo]
-
Entry
htdig allows remote attackers to execute commands via filenames with shell metacharacters.
[867]
[19991209]
-
Entry
The SCO UnixWare privileged process system allows local users to gain root privileges by using a debugger such as gdb to insert traps into _init before the privileged process is executed.
[869]
[19991209 Fundamental flaw in UnixWare 7 security]
[19991215 Recent postings about SCO UnixWare 7]
-
Entry
Windows NT Service Control Manager (SCM) allows remote attackers to cause a denial of service via a malformed argument in a resource enumeration request.
[MS99-055]
[Q246045]
-
Entry
Internet Explorer 5.01 and earlier allows a remote attacker to create a reference to a client window and use a server-side redirect to access local files via that window, aka "Server-side Page Reference Redirect."
[MS99-050]
[Q246094]
-
Entry
The Sun Web-Based Enterprise Management (WBEM) installation script stores a password in plaintext in a world readable file.
[19991206 Solaris WBEM 1.0: plaintext password stored in world readable file]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0982]
-
Entry
The ping command in Linux 2.0.3x allows local users to cause a denial of service by sending large packets with the -R (record route) option.
[870]
[19991209 Big problem on 2.0.x?]
-
Entry
Windows NT does not properly download a system policy if the domain user logs into the domain with a space at the end of the domain name.
[Q237923]
[19991118 NT System Policy for Win95 Not downloaded when adding a space after domain name]
-
Entry
Buffer overflow in Internet Explorer 5 directshow filter (MSDXM.OCX) allows remote attackers to execute commands via the vnd.ms.radio protocol.
[861]
[19991205 new IE5 remote exploit]
[19991205 new IE5 remote exploit]
-
Entry
Buffer overflow in GoodTech Telnet Server NT allows remote users to cause a denial of service via a long login name.
[862]
[19991206 Remote DoS Attack in GoodTech Telnet Server NT v2.2.1 Vulnerability]
[19991206 Remote DoS Attack in GoodTech Telnet Server NT v2.2.1 Vulnerability]
-
Entry
HP VirtualVault with the PHSS_17692 patch allows unprivileged processes to bypass access restrictions via the Trusted Gateway Proxy (TGP).
[HPSBUX9912-107]
-
Entry
Windows NT with SYSKEY reuses the keystream that is used for encrypting SAM password hashes, allowing an attacker to crack passwords.
[873]
[19991216 Windows NT's SYSKEY feature]
[MS99-056]
[Q248183]
-
Entry
Windows NT Local Security Authority (LSA) allows remote attackers to cause a denial of service via malformed arguments to the LsaLookupSids function which looks up the SID, aka "Malformed Security Identifier Request."
[875]
[MS99-057]
[Q248185]
[19991216 Windows NT LSA Remote Denial of Service]
-
Entry
Buffer overflow in Infoseek Ultraseek search engine allows remote attackers to execute commands via a long GET request.
[19991216 Infoseek Ultraseek Remote Buffer Overflow]
[AD19991215]
[19991216 Infoseek Ultraseek Remote Buffer Overflow]
[6490]
[infoseek-ultraseek-bo]
-
Entry
wu-ftp with FTP conversion enabled allows an attacker to execute commands via a malformed file name that is interpreted as an argument to the program that does the conversion, e.g. tar or uncompress.
[19991220 Security vulnerability in certain wu-ftpd (and derivitives) configurations (fwd)]
[DSA-377]
[wuftp-ftp-conversion]
-
Entry
Cisco Cache Engine allows an attacker to replace content in the cache.
[19991216 Cisco Security Advisory: Cisco Cache Engine Authentication Vulnerabilities]
[19991216 Cisco Cache Engine Authentication Vulnerabilities]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0998]
[cisco-cache-engine-replace]
-
Entry
Microsoft SQL 7.0 server allows a remote attacker to cause a denial of service via a malformed TDS packet.
[817]
[MS99-059]
[Q248749]
-
Entry
The web administration interface for Cisco Cache Engine allows remote attackers to view performance statistics.
[19991216 Cisco Security Advisory: Cisco Cache Engine Authentication Vulnerabilities]
[19991216 Cisco Cache Engine Authentication Vulnerabilities]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-1000]
[cisco-cache-engine-performance]
-
Entry
Cisco Cache Engine allows a remote attacker to gain access via a null username and password.
[19991216 Cisco Security Advisory: Cisco Cache Engine Authentication Vulnerabilities]
[19991216 Cisco Cache Engine Authentication Vulnerabilities]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-1001]
-
Entry
Buffer overflow in the POP server POProxy for the Norton Anti-Virus protection NAV2000 program via a large USER command.
[19991217 NAV2000 Email Protection DoS]
[19991220 Norton Email Protection Remote Overflow (Addendum)]
[http://service1.symantec.com/SUPPORT/nav.nsf/df0a595864594c86852567ac0063608c/6206f660a1f2516a882568660082c930?OpenDocument&Highlight=0,poproxy]
[6267]
-
Entry
Groupwise web server GWWEB.EXE allows remote attackers to read arbitrary files with .htm extensions via a .. (dot dot) attack using the HELP parameter.
[879]
[19991219 Groupewise Web Interface]
[3413]
[groupwise-web-read-files]
-
Entry
Buffer overflow in VDO Live Player allows remote attackers to execute commands on the VDO client via a malformed .vdo file.
[872]
[19991213 VDO Live Player 3.02 Buffer Overflow]
[vdolive-bo-execute]
-
Entry
xsoldier program allows local users to gain root access via a long argument.
[871]
[19991215 FreeBSD 3.3 xsoldier root exploit]
[http://marc.info/?l=freebsd-security&m=94531826621620&w=2]
[unix-xsoldier-overflow]
-
Entry
An SSH 1.2.27 server allows a client to use the "none" cipher, even if it is not allowed by the server policy.
[19991214 sshd1 allows unencrypted sessions regardless of server policy]
[ssh-policy-bypass]
-
Entry
The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands.
[529]
[J-054]
[19990809 Vulnerabilities in Microsoft Remote Data Service]
[MS98-004]
[MS99-025]
[272]
[nt-iis-rds]
-
Entry
Buffer overflow in mail command in Solaris 2.7 and 2.7 allows local users to gain privileges via a long -m argument.
[672]
[19990913 Solaris 2.7 /usr/bin/mail]
[19990927 Working Solaris x86 /usr/bin/mail exploit]
[4276509]
[sun-usrbinmail-local-bo(3297)]
-
Entry
SpectroSERVER in Cabletron Spectrum Enterprise Manager 5.0 installs a directory tree with insecure permissions, which allows local users to replace a privileged executable (processd) with a Trojan horse, facilitating a root or Administrator compromise.
[495]
[19990623 Cabletron Spectrum security vulnerability]
[19990624 Re: Cabletron Spectrum security vulnerability]
-
Entry
NFS on SunOS 4.1 through 4.1.2 ignores the high order 16 bits in a 32 bit UID, which allows a local user to gain root access if the lower 16 bits are set to 0, as fixed by the NFS jumbo patch upgrade.
[47]
[CA-1992-15]
[00117]
[nfs-uid(82)]
-
Entry
Solaris 2.6 HW3/98 installs admintool with world-writable permissions, which allows local users to gain privileges by replacing it with a Trojan horse program.
[290]
[19980507 admintool mode 0777 in Solaris 2.6 HW3/98]
[4178998]
[solaris-admintool-world-writable(7296)]
-
Entry
Symantec pcAnywhere 8.0 allows remote attackers to cause a denial of service (CPU utilization) via a large amount of data to port 5631.
[288]
[19990528 DoS against PC Anywhere]
[pcanywhere-dos(2256)]
-
Entry
Vulnerability in LAT/Telnet Gateway (lattelnet) on Ultrix 4.1 and 4.2 allows attackers to gain root privileges.
[26]
[CA-1991-11]
[B-36]
[ultrix-telnet(584)]
-
Entry
Vulnerability in login in AT&T System V Release 4 allows local users to gain privileges.
[23]
[CA-1991-08]
[B-28]
[sysv-login(583)]
-
Entry
IIS 3.0 and 4.0 on x86 and Alpha allows remote attackers to cause a denial of service (hang) via a malformed GET request, aka the IIS "GET" vulnerability.
[MS98-019]
[Q192296]
[iis-get-dos(1823)]
-
Entry
rex.satan in SATAN 1.1.1 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/rex.$$ file.
[19980626 vulnerability in satan, cops & tiger]
[19980627 Re: vulnerability in satan, cops & tiger]
[3147]
[satan-rexsatan-symlink(7167)]
-
Entry
Vulnerability in Advanced File System Utility (advfs) in Digital UNIX 4.0 through 4.0d allows local users to gain privileges.
[I-050]
[SSRT0495U]
[dgux-advfs-softlinks(7431)]
-
Entry
pnserver in RealServer 5.0 and earlier allows remote attackers to cause a denial of service by sending a short, malformed request.
[19980115 [rootshell] Security Bulletin #7]
[19980115 pnserver exploit..]
[19980817 Re: Real Audio Server Version 5 bug?]
[http://service.real.com/help/faq/serv501.html]
[6979]
[realserver-pnserver-remote-dos(7297)]
-
Entry
When BSDI patches for Gauntlet 5.0 BSDI are installed in a particular order, Gauntlet allows remote attackers to bypass firewall access restrictions, and does not log the activities.
[19991018 Gauntlet 5.0 BSDI warning]
[19991019 Re: Gauntlet 5.0 BSDI warning]
[gauntlet-bsdi-bypass(3397)]
-
Entry
Buffer overflow in bash 2.0.0, 1.4.17, and other versions allows local attackers to gain privileges by creating an extremely large directory name, which is inserted into the password prompt via the \w option in the PS1 environmental variable when another user changes into that directory.
[19970821 Buffer overflow in /bin/bash]
[19980905 BASH buffer overflow, LiNUX x86 exploit]
[19980909 problem with very long pathnames]
[8345]
[linux-bash-bo(3414)]
-
Entry
Microsoft Excel 97 does not warn the user before executing worksheet functions, which could allow attackers to execute arbitrary commands by using the CALL function to execute a malicious DLL, aka the Excel "CALL Vulnerability."
[179]
[MS98-018]
[excel-call(1737)]
-
Entry
VMS 4.0 through 5.3 allows local users to gain privileges via the ANALYZE/PROCESS_DUMP dcl command.
[12]
[CA-1990-07]
[B-04]
[vms-analyze-processdump-privileges(7137)]
-
Entry
Vulnerability in rexec daemon (rexecd) in AT&T TCP/IP 4.0 for various SVR4 systems allows remote attackers to execute arbitrary commands.
[36]
[CA-1992-04]
[att-rexecd(3159)]
-
Entry
Webmin before 0.5 does not restrict the number of invalid passwords that are entered for a valid username, which could allow remote attackers to gain privileges via brute force password cracking.
[98]
[19980501 Warning! Webmin Security Advisory]
[http://www.webmin.com/webmin/changes.html]
-
Entry
rmmount in SunOS 5.7 may mount file systems without the nosuid flag set, contrary to the documentation and its use in previous versions of SunOS, which could allow local users with physical access to gain root privileges by mounting a floppy or CD-ROM that contains a setuid program and running volcheck, when the file systems do not have the nosuid option specified in rmmount.conf.
[250]
[19990510 SunOS 5.7 rmmount, no nosuid.]
[19991011]
[4205437]
[solaris-rmmount-gain-root(8350)]
-
Entry
SSH 1.2.25, 1.2.23, and other versions, when used in in CBC (Cipher Block Chaining) or CFB (Cipher Feedback 64 bits) modes, allows remote attackers to insert arbitrary data into an existing stream between an SSH client and server by using a known plaintext attack and computing a valid CRC-32 checksum for the packet, aka the "SSH insertion attack."
[19980612 CORE-SDI-04: SSH insertion attack]
[19980703 UPDATE: SSH insertion attack]
[VU#13877]
[20010627 Multiple SSH Vulnerabilities]
[ssh-insert(1126)]
-
Entry
Internet Explorer 4 treats a 32-bit number ("dotless IP address") in the a URL as the hostname instead of an IP address, which causes IE to apply Local Intranet Zone settings to the resulting web page, allowing remote malicious web servers to conduct unauthorized activities by using URLs that contain the dotless IP address for their server.
[http://www.microsoft.com/Windows/Ie/security/dotless.asp]
[MS98-016]
[Q168617]
[7828]
[ie-dotless(2209)]
-
Entry
The default configuration of NCSA Telnet package for Macintosh and PC enables FTP, even though it does not include an "ftp=yes" line, which allows remote attackers to read and modify arbitrary files.
[CA-1991-15]
[ftp-ncsa(1844)]
-
Entry
Buffer overflow in the Window.External function in the JScript Scripting Engine in Internet Explorer 4.01 SP1 and earlier allows remote attackers to execute arbitrary commands via a malicious web page.
[MS98-011]
[Q191200]
[java-script-patch(1276)]
-
Entry
Buffer overflow in Internet Explorer 4.01 and earlier allows remote attackers to execute arbitrary commands via a long URL with the "mk:" protocol, aka the "MK Overrun security issue."
[19980114 L0pht Advisory MSIE4.0(1)]
[Q176697]
[iemk-bug(917)]
-
Entry
Vulnerability in BSD Telnet client with encryption and Kerberos 4 authentication allows remote attackers to decrypt the session via sniffing.
[CA-1995-03]
[F-12]
[4881]
[bsd-telnet(516)]
-
Entry
Kerberos 4 allows remote attackers to obtain sensitive information via a malformed UDP packet that generates an error string that inadvertently includes the realm name and the last user.
[19961122 L0pht Kerberos Advisory]
[kerberos-user-grab(65)]
-
Entry
Cisco PIX Private Link 4.1.6 and earlier does not properly process certain commands in the configuration file, which reduces the effective key length of the DES key to 48 bits instead of 56 bits, which makes it easier for an attacker to find the proper key via a brute force attack.
[I-056]
[19980616 PIX Private Link Key Processing and Cryptography Issues]
[cisco-pix-parse-error(1579)]
-
Entry
lpr on SunOS 4.1.1, BSD 4.3, A/UX 2.0.1, and other BSD-based operating systems allows local users to create or overwrite arbitrary files via a symlink attack that is triggered after invoking lpr 1000 times.
[19940307 8lgm Advisory Releases]
[E-25a]
[http://www.phreak.org/archives/security/8lgm/8lgm.lpr]
-
Entry
dxconsole in DEC OSF/1 3.2C and earlier allows local users to read arbitrary files by specifying the file with the -file parameter.
[VB-96.05]
[G-18]
[http://www.tao.ca/fire/bos/0209.html]
[osf-dxconsole-gain-privileges(7138)]
-
Entry
Windows 95 uses weak encryption for the password list (.pwl) file used when password caching is enabled, which allows local users to gain privileges by decrypting the passwords.
[19951205 Cracked: WINDOWS.PWL]
[19980120 How to recover private keys for various Microsoft products]
[Q140557]
[19980121 How to recover private keys for various Microsoft products]
[win95-nbsmbpwl(71)]
-
Entry
Windows 95, when Remote Administration and File Sharing for NetWare Networks is enabled, creates a share (C$) when an administrator logs in remotely, which allows remote attackers to read arbitrary files by mapping the network drive.
[http://www.zdnet.com/eweek/reviews/1016/tr42bug.html]
[http://www.net-security.sk/bugs/NT/netware1.html]
[win95-netware-hidden-share(7231)]
-
Entry
Sendmail before 8.10.0 allows remote attackers to cause a denial of service by sending a series of ETRN commands then disconnecting from the server, while Sendmail continues to process the commands after the connection has been terminated.
[904]
[19991222 Re: procmail / Sendmail - five bugs]
[20000113 Re: procmail / Sendmail - five bugs]
[sendmail-etrn-dos(7760)]
-
Entry
Vulnerability in StackGuard before 1.21 allows remote attackers to bypass the Random and Terminator Canary security mechanisms by using a non-linear attack which directly modifies a pointer to a return address instead of using a buffer overflow to reach the return address entry itself.
[786]
[19911109 ImmuniX OS Security Alert: StackGuard 1.21 Released]
[immunix-stackguard-bo(3524)]
-
Entry
Buffer overflow in Korn Shell (ksh) suid_exec program on IRIX 6.x and earlier, and possibly other operating systems, allows local users to gain root privileges.
[AA-96.17]
[467]
[H-15A]
[19980405-01-I]
[ksh-suid_exec(2100)]
-
Entry
Vulnerability in the /etc/suid_exec program in HP Apollo Domain/OS sr10.2 and sr10.3 beta, related to the Korn Shell (ksh).
[7]
[CA-1990-04]
[A-30]
[apollo-suidexec-unauthorized-access(6721)]
-
Entry
Vulnerability in runpriv in Indigo Magic System Administration subsystem of SGI IRIX 6.3 and 6.4 allows local users to gain root privileges.
[462]
[1009]
[19970503-01-PX]
[sgi-runpriv(2108)]
-
Entry
lquerypv in AIX 4.1 and 4.2 allows local users to read arbitrary files by specifying the file in the -h command line parameter.
[455]
[19961124]
[19961125 AIX lquerypv]
[19961125 lquerypv fix]
[H-13]
[ibm-lquerypv(1752)]
-
Entry
ndd in Solaris 2.6 allows local users to cause a denial of service by modifying certain TCP/IP parameters.
[433]
[00165]
[sun-ndd(817)]
-
Entry
FTP installation script anon.ftp in AIX insecurely configures anonymous FTP, which allows remote attackers to execute arbitrary commands.
[41]
[CA-1992-09]
[aix-anon-ftp(3154)]
-
Entry
netprint in SGI IRIX 6.4 and earlier trusts the PATH environmental variable for finding and executing the disable program, which allows local users to gain privileges.
[395]
[19970104 Irix: netprint story]
[993]
[19961203-01-PX]
[19961203-02-PX]
[sgi-netprint(2107)]
-
Entry
The default configuration for UUCP in AIX before 3.2 allows local users to gain root privileges.
[38]
[CA-1992-06]
[891]
[ibm-uucp(554)]
-
Entry
Vulnerability in restore in SunOS 4.0.3 and earlier allows local users to gain privileges.
[3]
[CA-1989-02]
[CIAC-08]
[1019265]
[sun-restore-gain-privileges(6695)]
-
Entry
Windows NT 4.0 does not properly shut down invalid named pipe RPC connections, which allows remote attackers to cause a denial of service (resource exhaustion) via a series of connections containing malformed data, aka the "Named Pipes Over RPC" vulnerability.
[MS98-017]
[Q195733]
[nt-spoolss(523)]
-
Entry
Buffer overflow in OSF Distributed Computing Environment (DCE) security demon (secd) in IRIX 6.4 and earlier allows attackers to cause a denial of service via a long principal, group, or organization.
[VB-97.12]
[I-060]
[19980601-01-PX]
[sgi-osf-dce-dos(1123)]
-
Entry
Windows NT 4.0 allows remote attackers to cause a denial of service (crash) via extra source routing data such as (1) a Routing Information Field (RIF) field with a hop count greater than 7, or (2) a list containing duplicate Token Ring IDs.
[19981005 NMRC Advisory - Lame NT Token Ring DoS]
[Q179157]
[19981002 NMRC Advisory - Lame NT Token Ring DoS]
[token-ring-dos(1399)]
-
Entry
Vulnerability in Predictive on HP-UX 11.0 and earlier, and MPE/iX 5.5 and earlier, allows attackers to compromise data transfer for Predictive messages (using e-mail or modem) between customer and Response Center Predictive systems.
[19980729 HP-UX Predictive & Netscape SSL Vulnerabilities]
[I-081]
[HPSBMP9807-005]
[HPSBUX9807-081]
[mpeix-predictive(1413)]
-
Entry
The permissions for the /dev/audio device on Solaris 2.2 and earlier, and SunOS 4.1.x, allow any local user to read from the device, which could be used by an attacker to monitor conversations happening near a machine that has a microphone.
[E-01]
[6436]
[00122]
[sun-audio(549)]
-
Entry
SCO UNIX System V/386 Release 3.2, and other SCO products, installs the home directories (1) /tmp for the dos user, and (2) /usr/tmp for the asg user, which allows other users to gain access to those accounts since /tmp and /usr/tmp are world-writable.
[CA-1993-13]
[sco-homedir(546)]
-
Entry
Character-Terminal User Environment (CUE) in HP-UX 11.0 and earlier allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the IOERROR.mytty file.
[19970901 HP UX Bug :)]
[19980121 HP-UX CUE, CUD and LAND vulnerabilities]
[I-027B]
[HPSBUX9801-074]
[hp-cue(2007)]
-
Entry
Buffer overflow in CrackLib 2.5 may allow local users to gain root privileges via a long GECOS field.
[19971214 buffer overflows in cracklib?!]
[VB-97.16]
[cracklib-bo(1539)]
-
Entry
SunOS 4.1.2 and earlier allows local users to gain privileges via "LD_*" environmental variables to certain dynamically linked setuid or setgid programs such as (1) login, (2) su, or (3) sendmail, that change the real and effective user ids to the same user.
[CA-1992-11]
[00116]
[sun-env(3152)]
-
Entry
Vulnerability in runtime linker program rld in SGI IRIX 6.x and earlier allows local users to gain privileges via setuid and setgid programs.
[H-065]
[19970504-01-PX]
[sgi-rld(2109)]
-
Entry
Certain files in MPower in HP-UX 10.x are installed with insecure permissions, which allows local users to gain privileges.
[HPSBUX9701-051]
[hp-mpower(2056)]
-
Entry
Vulnerability in Glance programs in GlancePlus for HP-UX 10.20 and earlier allows local users to access arbitrary files and gain privileges.
[H-21]
[HPSBUX9701-044]
[hp-glanceplus(2059)]
-
Entry
Vulnerability in Glance and gpm programs in GlancePlus for HP-UX 9.x and earlier allows local users to access arbitrary files and gain privileges.
[HPSBUX9405-011]
[hp-glanceplus-gpm(2060)]
-
Entry
Buffer overflow in Platinum Policy Compliance Manager (PCM) 7.0 allows remote attackers to execute arbitrary commands via a long string to the Agent port (1827), which is handled by smaxagent.exe.
[19981204 [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0]
[19981207 Re: [SAFER-981204.DOS.1.3] Buffer Overflow in Platinum PCM 7.0]
[3164]
[pcm-dos-execute(1430)]
-
Entry
FTP service in IIS 4.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via many passive (PASV) connections at the same time.
[MS98-006]
[Q189262]
[iis-passive-ftp(1215)]
-
Entry
BisonWare FTP Server 4.1 and earlier allows remote attackers to cause a denial of service via a malformed PORT command that contains a non-numeric character and a large number of carriage returns.
[19990517 Vulnerabilities in BisonWare FTP Server 3.5]
[bisonware-port-crash(2254)]
-
Entry
Tcpip.sys in Windows NT 4.0 before SP4 allows remote attackers to cause a denial of service via an ICMP Subnet Mask Address Request packet, when certain multiple IP addresses are bound to the same network interface.
[Q192774]
[tcpipsys-icmp-dos(3894)]
-
Entry
SSH 2.0.11 and earlier allows local users to request remote forwarding from privileged ports without being root.
[19981229 ssh2 security problem (and patch) (fwd)]
[ssh-privileged-port-forward(1471)]
-
Entry
Vulnerability in ftpd/kftpd in HP-UX 10.x and 9.x allows local and possibly remote users to gain root privileges.
[H-33]
[HPSBUX9702-055]
[hp-ftpd-kftpd(7437)]
-
Entry
Vulnerability in ppl in HP-UX 10.x and earlier allows local users to gain root privileges by forcing ppl to core dump.
[AA-97.07]
[19961103 Re: Untitled]
[19961104 ppl bugs]
[H-32]
[HPSBUX9704-057]
[hp-ppl(7438)]
-
Entry
Vulnerability in passwd in SCO UNIX 4.0 and earlier allows attackers to cause a denial of service by preventing users from being able to log into the system.
[CA-1993-08]
[sco-passwd-deny(542)]
-
Entry
Vulnerability in HP Series 800 S/X/V Class servers allows remote attackers to gain access to the S/X/V Class console via the Service Support Processor (SSP) Teststation.
[HPSBUX9911-105]
[hp-ssp(7439)]
-
Entry
Cross-site scripting vulnerability in Third Voice Web annotation utility allows remote users to read sensitive data and generate fake web pages for other Third Voice users by injecting malicious Javascript into an annotation.
[http://www.wired.com/news/technology/0,1282,20677,00.html]
[http://www.wired.com/news/technology/0,1282,20636,00.html]
[thirdvoice-cross-site-scripting(7252)]
-
Entry
Web Cache Control Protocol (WCCP) in Cisco Cache Engine for Cisco IOS 11.2 and earlier does not use authentication, which allows remote attackers to redirect HTTP traffic to arbitrary hosts via WCCP packets to UDP port 2048.
[I-054]
[19980513 Cisco Web Cache Control Protocol Router Vulnerability]
[cisco-wccp-vuln(1577)]
-
Entry
Directory traversal vulnerability in nph-publish before 1.2 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the pathname for an upload operation.
[http://www-genome.wi.mit.edu/WWW/tools/CGI_scripts/server_publish/nph-publish]
[http://www.w3.org/Security/Faq/wwwsf4.html]
[http-cgi-nphpublish(2055)]
-
Entry
Vulnerability in On-Line Customer Registration software for IRIX 6.2 through 6.4 allows local users to gain root privileges.
[J-003]
[19980901-01-PX]
[irix-register(7441)]
-
Entry
mysqld in MySQL 3.21 creates log files with world-readable permissions, which allows local users to obtain passwords for users who are added to the user database.
[19981227 mysql: mysqld creates world readable logs..]
[mysql-readable-log-files(1568)]
-
Entry
Buffer overflow in Netscape Navigator/Communicator 4.7 for Windows 95 and Windows 98 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument after the ? character in a URL that references an .asp, .cgi, .html, or .pl file.
[822]
[19991124 Netscape Communicator 4.7 - Navigator Overflows]
[19991127 Netscape Communicator 4.7 - Navigator Overflows]
[netscape-long-argument-bo(7884)]
-
Entry
Buffer overflow in chkey in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument.
[AA-97.18]
[207]
[19970519 Re: Finally, most of an exploit for Solaris 2.5.1's ps.]
[00144]
[solaris-chkey-bo(7442)]
-
Entry
Buffer overflow in eeprom in Solaris 2.5.1 and earlier allows local users to gain root privileges via a long command line argument.
[206]
[00143]
[solaris-eeprom-bo(7444)]
-
Entry
The "me" user in NeXT NeXTstep 2.1 and earlier has wheel group privileges, which could allow the me user to use the su command to become root.
[20]
[CA-1991-06]
[next-me(581)]
-
Entry
chroot in Digital Ultrix 4.1 and 4.0 is insecurely installed, which allows local users to gain privileges.
[17]
[CA-1991-05]
[dec-chroot(577)]
-
Entry
TIOCCONS in SunOS 4.1.1 does not properly check the permissions of a user who tries to redirect console output and input, which could allow a local user to gain privileges.
[14]
[CA-1990-12]
[sunos-tioccons-console-redirection(7140)]
-
Entry
BuildDisk program on NeXT systems before 2.0 does not prompt users for the root password, which allows local users to gain root privileges.
[11]
[CA-1990-06]
[B-01]
[nextstep-builddisk-root-access(7141)]
-
Entry
Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the "sioux" vulnerability.
[19980807 YA Apache DoS attack]
[19980808 Debian Apache Security Update]
[19980810 Apache DoS Attack]
[19980811 Apache 'sioux' DOS fix for TurboLinux]
[http://www.redhat.com/support/errata/rh51-errata-general.html#apache]
[[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/]
[[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/]
[[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
-
Entry
Windows 95 and Windows 98 systems, when configured with multiple TCP/IP stacks bound to the same MAC address, allow remote attackers to cause a denial of service (traffic amplification) via a certain ICMP echo (ping) packet, which causes all stacks to send a ping response, aka TCP Chorusing.
[225]
[19990206 New Windows 9x Bug: TCP Chorusing]
[win-multiple-ip-dos(7542)]
-
Entry
Multilink PPP for ISDN dialup users in Ascend before 4.6 allows remote attackers to cause a denial of service via a spoofed endpoint identifier.
[19990210 Security problems in ISDN equipment authentication]
[19990212 PPP/ISDN multilink security issue - summary]
[ascend-ppp-isdn-dos(7498)]
-
Entry
Check Point Firewall-1 does not properly handle certain restricted keywords (e.g., Mail, auth, time) in user-defined objects, which could produce a rule with a default "ANY" address and result in access to more systems than intended by the administrator.
[19980511 Firewall-1 Reserved Keywords Vulnerability]
[http://www.checkpoint.com/techsupport/config/keywords.html]
[4416]
[fw1-user-defined-keywords-access(7293)]
-
Entry
nettune in HP-UX 10.01 and 10.00 is installed setuid root, which allows local users to cause a denial of service by modifying critical networking configuration information.
[19960607 HP-UX B.10.01 vulnerability]
[G-34]
[HPSBUX9607-035]
[hp-nettune(414)]
-
Entry
Buffer overflow in ping in AIX 4.2 and earlier allows local users to gain root privileges via a long command line argument.
[19970721 AIX ping (Exploit)]
[19970721 AIX ping, lchangelv, xlock fixes]
[ping-bo(803)]
-
Entry
Vulnerability in scoterm in SCO OpenServer 5.0 and SCO Open Desktop/Open Server 3.0 allows local users to gain root privileges.
[19971204 scoterm exploit]
[VB-97.14]
[sco-scoterm(690)]
-
Entry
The asynchronous I/O facility in 4.4 BSD kernel does not check user credentials when setting the recipient of I/O notification, which allows local users to cause a denial of service by using certain ioctl and fcntl calls to cause the signal to be sent to an arbitrary process ID.
[http://www.openbsd.com/advisories/signals.txt]
[19970915 Vulnerability in I/O Signal Handling]
[11062]
[openbsd-iosig(556)]
-
Entry
LOGIN.EXE program in Novell Netware 4.0 and 4.01 temporarily writes user name and password information to disk, which could allow local users to gain privileges.
[CA-1993-12]
[D-21]
[novell-login(545)]
-
Entry
The PATH in Windows NT includes the current working directory (.), which could allow local users to gain privileges by placing Trojan horse programs with the same name as commonly used system programs into certain directories.
[19970723 NT security - why bother?]
[19970725 Re: NT security - why bother?]
[nt-path(526)]
-
Entry
Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to cause a denial of service (crash) by returning 0.0.0.0 as the IP address for a DNS host name lookup.
[Q188571]
[dns-netbtsys-dos(3893)]
-
Entry
IIS 3.0 allows remote attackers to cause a denial of service via a request to an ASP page in which the URL contains a large number of / (forward slash) characters.
[Q187503]
[url-asp-av(3892)]
-
Entry
Netscape Communicator 4.7 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long certificate key.
[http://www.securiteam.com/exploits/Netscape_4_7_and_earlier_vulnerable_to__Huge_Key__DoS.html]
[netscape-huge-key-dos(3436)]
-
Entry
IIS 4.0 does not properly restrict access for the initial session request from a user's IP address if the address does not resolve to a DNS domain, aka the "Domain Resolution" vulnerability.
[657]
[MS99-039]
[241562]
[iis-unresolved-domain-access(3306)]
-
Entry
SGI Desktop Permissions Tool in IRIX 6.0.1 and earlier allows local users to modify permissions for arbitrary files and gain privileges.
[F-16]
[19950301-01-P373]
[sgi-permissions(2113)]
-
Entry
Direct Mailer feature in Microsoft Site Server 3.0 saves user domain names and passwords in plaintext in the TMLBQueue network share, which has insecure default permissions, allowing remote attackers to read the passwords and gain privileges.
[Q229972]
[siteserver-directmail-passwords(2068)]
-
Entry
movemail in HP-UX 10.20 has insecure permissions, which allows local users to gain privileges.
[HPSBUX9701-047]
[8099]
[hp-movemail(2057)]
-
Entry
rpc.pwdauthd in SunOS 4.1.1 and earlier does not properly prevent remote access to the daemon, which allows remote attackers to obtain sensitive system information.
[00102]
[sun-pwdauthd(1782)]
-
Entry
Microsoft Office 98, Macintosh Edition, does not properly initialize the disk space used by Office 98 files and effectively inserts data from previously deleted files into the Office file, which could allow attackers to obtain sensitive information.
[Q189529]
[office-extraneous-data(1780)]
-
Entry
Java in Netscape 4.5 does not properly restrict applets from connecting to other hosts besides the one from which the applet was loaded, which violates the Java security model and could allow remote attackers to conduct unauthorized activities.
[19990202 Unsecured server in applets under Netscape]
[java-socket-open(1727)]
-
Entry
Metamail before 2.7-7.2 allows remote attackers to overwrite arbitrary files via an e-mail message containing a uuencoded attachment that specifies the full pathname for the file to be modified, which is processed by uuencode in Metamail scripts such as sun-audio-file.
[19971024 Vulnerability in metamail]
[metamail-file-creation(1677)]
-
Entry
fte-console in the fte package before 0.46b-4.1 does not drop root privileges, which allows local users to gain root access via the virtual console device.
[19981207 fte-console: does not drop its root priviliges]
[fte-console-privileges(1609)]
-
Entry
An interaction between the AS/400 shared folders feature and Microsoft SNA Server 3.0 and earlier allows users to view each other's folders when the users share the same Local APPC LU.
[Q138001]
[snaserver-shared-folders(1548)]
-
Entry
NukeNabber allows remote attackers to cause a denial of service by connecting to the NukeNabber port (1080) without sending any data, which causes the CPU usage to rise to 100% from the report.exe program that is executed upon the connection.
[19981105 various *lame* DoS attacks]
[19981107 Re: various *lame* DoS attacks]
[http://www.dynamsol.com/puppet/text/new.txt]
[nukenabber-timeout-dos(1540)]
-
Entry
Samba 1.9.18 inadvertently includes a prototype application, wsmbconf, which is installed with incorrect permissions including the setgid bit, which allows local users to read and write files and possibly gain privileges via bugs in the program.
[19981119 Vulnerability in Samba on RedHat, Caldera and PHT TurboLinux]
[SA-1998.35]
[samba-wsmbconf(1406)]
-
Entry
Buffer overflow in nftp FTP client version 1.40 allows remote malicious FTP servers to cause a denial of service, and possibly execute arbitrary commands, via a long response string.
[19981117 nftp vulnerability (fwd)]
[http://www.ayukov.com/nftp/history.html]
[nftp-bo(1397)]
-
Entry
Office Shortcut Bar (OSB) in Windows 3.51 enables backup and restore permissions, which are inherited by programs such as File Manager that are started from the Shortcut Bar, which could allow local users to read folders for which they do not have permission.
[Q146604]
[nt-filemgr(562)]
-
Entry
cmdtool in OpenWindows 3.0 and XView 3.0 in SunOS 4.1.4 and earlier allows attackers with physical access to the system to display unechoed characters (such as those from password prompts) via the L2/AGAIN key.
[1077164]
[sun-cmdtool-echo(7482)]
-
Entry
Sysinstall in FreeBSD 2.2.1 and earlier, when configuring anonymous FTP, creates the ftp user without a password and with /bin/date as the shell, which could allow attackers to gain access to certain system resources.
[FreeBSD-SA-97:03]
[6087]
[freebsd-sysinstall-ftp-password(7537)]
-
Entry
A design flaw in the Z-Modem protocol allows the remote sender of a file to execute arbitrary programs on the client, as implemented in rz in the rzsz module of FreeBSD before 2.1.5, and possibly other programs.
[G-31]
[FreeBSD-SA-96:17]
[rzsz-command-execution(7540)]
-
Entry
Sendmail before 8.6.7 allows local users to gain root access via a large value in the debug (-d) command line option.
[19940314 sendmail -d problem (OLD yet still here)]
[19940315 Security problem in sendmail versions 8.x.x]
[19940315 anyone know details?]
[19940315 so...]
[19940327 sendmail exploit script - resend]
[CA-1994-12]
[sendmail-debug-gain-root(7155)]
-
Entry
Passfilt.dll in Windows NT SP2 allows users to create a password that contains the user's name, which could make it easier for an attacker to guess.
[Q247975]
[passfilt-fullname(7391)]
-
Entry
Windows NT 4.0 SP4 and earlier allows local users to gain privileges by modifying the symbolic link table in the \?? object folder using a different case letter (upper or lower) to point to a different device.
[Q222159]
[19990312 [ ALERT ] Case Sensitivity and Symbolic Links]
[19990314 AW: [ ALERT ] Case Sensitivity and Symbolic Links]
[nt-symlink-case(7398)]
-
Entry
/usr/5bin/su in SunOS 4.1.3 and earlier uses a search path that includes the current working directory (.), which allows local users to gain privileges via Trojan horse programs.
[1121935]
[sun-su-path(7480)]
-
Entry
Vulnerability in Novell NetWare 3.x and earlier allows local users to gain privileges via packet spoofing.
[D-01]
[netware-packet-spoofing-privileges(7213)]
-
Entry
Buffer overflow in ssh 1.2.26 client with Kerberos V enabled could allow remote attackers to cause a denial of service or execute arbitrary commands via a long DNS hostname that is not properly handled during TGT ticket passing.
[19981105 security patch for ssh-1.2.26 kerberos code]
[4883]
-
Entry
VAXstations running Open VMS 5.3 through 5.5-2 with VMS DECwindows or MOTIF do not properly disable access to user accounts that exceed the break-in limit threshold for failed login attempts, which makes it easier for attackers to conduct brute force password guessing.
[D-06]
[openvms-sysgen-enabled(7225)]
-
Entry
SAS System 5.18 on VAX/VMS is installed with insecure permissions for its directories and startup file, which allows local users to gain privileges.
[C-19]
[vaxvms-sas-gain-privileges(7261)]
-
Entry
wu-ftpd 2.4 FTP server does not properly drop privileges when an ABOR (abort file transfer) command is executed during a file transfer, which causes a signal to be handled incorrectly and allows local and possibly remote attackers to read arbitrary files.
[19970104 serious security bug in wu-ftpd v2.4]
[19970105 BoS: serious security bug in wu-ftpd v2.4 -- PATCH]
[wuftpd-abor-gain-privileges(7169)]
-
Entry
Buffer overflow in linuxconf 1.11r11-rh2 on Red Hat Linux 5.1 allows local users to gain root privileges via a long LANG environmental variable.
[19980601 Re: SECURITY: Red Hat Linux 5.1 linuxconf bug (fwd)]
[http://www.redhat.com/support/errata/rh51-errata-general.html#linuxconf]
[6065]
[linuxconf-lang-bo(7239)]
-
Entry
linuxconf before 1.11.r11-rh3 on Red Hat Linux 5.1 allows local users to overwrite arbitrary files and gain root access via a symlink attack.
[19980823 Security concerns in linuxconf shipped w/RedHat 5.1]
[19980826 [djb@redhat.com: Unidentified subject!]]
[http://www.redhat.com/support/errata/rh51-errata-general.html#linuxconf]
[6068]
[linuxconf-symlink-gain-privileges(7232)]
-
Entry
Buffer overflow in SysVInit in Red Hat Linux 5.1 and earlier allows local users to gain privileges.
[http://www.redhat.com/support/errata/rh50-errata-general.html#SysVinit]
[sysvinit-root-bo(7250)]
-
Entry
The snprintf function in the db library 1.85.4 ignores the size parameter, which could allow attackers to exploit buffer overflows that would be prevented by a properly implemented snprintf.
[19970709 [linux-security] so-called snprintf() in db-1.85.4 (fwd)]
[http://lists.openresources.com/Debian/debian-bugs-closed/msg00581.html]
[http://www.redhat.com/support/errata/rh42-errata-general.html#db]
[linux-libdb-snprintf-bo(7244)]
-
Entry
netcfg 2.16-1 in Red Hat Linux 4.2 allows the Ethernet interface to be controlled by users on reboot when an option is set, which allows local users to cause a denial of service by shutting down the interface.
[http://www.redhat.com/support/errata/rh42-errata-general.html#netcfg]
[netcfg-ethernet-dos(7245)]
-
Entry
gzexe in the gzip package on Red Hat Linux 5.0 and earlier allows local users to overwrite files of other users via a symlink attack on a temporary file.
[7845]
[19980128 GZEXE - the big problem]
[http://www.redhat.com/support/errata/rh50-errata-general.html#gzip]
[DSA-308]
[3812]
[gzip-gzexe-tmp-symlink(7241)]
-
Entry
automatic download option in ncftp 2.4.2 FTP client in Red Hat Linux 5.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the names of files that are to be downloaded.
[19980319 ncftp 2.4.2 MkDirs bug]
[http://www.redhat.com/support/errata/rh50-errata-general.html#ncftp]
[6111]
[ncftp-autodownload-command-execution(7240)]
-
Entry
snmpd server in cmu-snmp SNMP package before 3.3-1 in Red Hat Linux 4.0 is configured to allow remote attackers to read and write sensitive information.
[http://www.redhat.com/support/errata/rh40-errata-general.html#cmu-snmp]
[cmusnmp-read-write(7251)]
-
Entry
3Com HiPer Access Router Card (HiperARC) 4.0 through 4.2.29 allows remote attackers to cause a denial of service (reboot) via a flood of IAC packets to the telnet port.
[19990812 3com hiperarch flaw [hiperbomb.c]]
[19990816 Re: 3com hiperarch flaw [hiperbomb.c]]
[6057]
-
Entry
FTP client in Midnight Commander (mc) before 4.5.11 stores usernames and passwords for visited sites in plaintext in the world-readable history file, which allows other local users to gain privileges.
[19990801 midnight commander vulnerability(?) (fwd)]
[5921]
[midnight-commander-data-disclosure(9873)]
-
Entry
Vulnerability when Network Address Translation (NAT) is enabled in Linux 2.2.10 and earlier with ipchains, or FreeBSD 3.2 with ipfw, allows remote attackers to cause a denial of service (kernel panic) via a ping -R (record route) command.
[19990722 Linux +ipchains+ ping -R]
[19990722 Re: ping -R causes kernel panic on a forwarding machine ( 2.2.5 a nd 2 .2.10)]
[http://www.kernel.org/pub/linux/kernel/v2.2/patch-2.2.11.gz]
[6105]
[ipchains-ping-route-dos(7257)]
-
Entry
Linux kernel before 2.3.18 or 2.2.13pre15, with SLIP and PPP options, allows local unprivileged users to forge IP packets via the TIOCSETD option on tty devices.
[19991022 Local user can send forged packets]
[linux-tiocsetd-forge-packets(7858)]
-
Entry
Directory traversal vulnerability in KVIrc IRC client 0.9.0 with the "Listen to !nick <soundname> requests" option enabled allows remote attackers to read arbitrary files via a .. (dot dot) in a DCC GET request.
[19990924 Kvirc bug]
[kvirc-dot-directory-traversal(7761)]
-
Entry
Compaq Integration Maintenance Utility as used in Compaq Insight Manager agent before SmartStart 4.50 modifies the legal notice caption (LegalNoticeCaption) and text (LegalNoticeText) in Windows NT, which could produce a legal notice that is in violation of the security policy.
[19990902 Compaq CIM UG Overwrites Legal Notice]
[19990902 Compaq CIM UG Overwrites Legal Notice]
[19990917 Re: Compaq CIM UG Overwrites Legal Notice]
[compaq-smartstart-legal-notice(7763)]
-
Entry
When an administrator in Windows NT or Windows 2000 changes a user policy, the policy is not properly updated if the local ntconfig.pol is not writable by the user, which could allow local users to bypass restrictions that would otherwise be enforced by the policy, possibly by changing the policy file to be read-only.
[Q157673]
[nt-user-policy-update(7400)]
-
Entry
When the Ntconfig.pol file is used on a server whose name is longer than 13 characters, Windows NT does not properly enforce policies for global groups, which could allow users to bypass restrictions that were intended by those policies.
[Q163875]
[nt-group-policy-longname(7401)]
-
Entry
Windows NT 4.0 allows local users to cause a denial of service via a user mode application that closes a handle that was opened in kernel mode, which causes a crash when the kernel attempts to close the handle.
[Q160650]
[nt-kernel-handle-dos(7402)]
-
Entry
Win32k.sys in Windows NT 4.0 before SP2 allows local users to cause a denial of service (crash) by calling certain WIN32K functions with incorrect parameters.
[Q160601]
[nt-win32k-dos(7403)]
-
Entry
Windows NT 3.51 and 4.0 allow local users to cause a denial of service (crash) by running a program that creates a large number of locks on a file, which exhausts the NonPagedPool.
[Q163143]
[nt-nonpagedpool-dos(7405)]
-
Entry
Windows NT searches a user's home directory (%systemroot% by default) before other directories to find critical programs such as NDDEAGNT.EXE, EXPLORER.EXE, USERINIT.EXE or TASKMGR.EXE, which could allow local users to bypass access restrictions or gain privileges by placing a Trojan horse program into the root directory, which is writable by default.
[515]
[19990628 NT runs Explorer.exe, Taskmgr.exe etc. from wrong location]
[19990630 Update: NT runs explorer.exe, etc...]
[nt-login-default-folder(2336)]
-
Entry
DNS allows remote attackers to use DNS name servers as traffic amplifiers via a UDP DNS query with a spoofed source address, which produces more traffic to the victim than was sent by the attacker.
[AL-1999.004]
[19990730 Possible Denial Of Service using DNS]
[19990810 Possible Denial Of Service using DNS]
[J-063]
[dns-udp-query-dos(7238)]
-
Entry
Symantec Norton Utilities 2.0 for Windows 95 marks the TUNEOCX.OCX ActiveX control as safe for scripting, which allows remote attackers to execute arbitrary commands via the run option through malicious web pages that are accessed by browsers such as Internet Explorer 3.0.
[http://mlarchive.ima.com/win95/1997/May/0342.html]
[http://news.zdnet.co.uk/story/0,,s2065518,00.html]
[http://www.net-security.sk/bugs/NT/nu20.html]
[nu-tuneocx-activex-control(7188)]
-
Entry
NetWare NFS mode 1 and 2 implements the "Read Only" flag in Unix by changing the ownership of a file to root, which allows local users to gain root privileges by creating a setuid program and setting it to "Read Only," which NetWare-NFS changes to a setuid root program.
[19980108 NetWare NFS]
[19980812 Re: Netware NFS (fwd)]
[http://support.novell.com/cgi-bin/search/tidfinder.cgi?2940551]
[netware-nfs-file-ownership(7246)]
-
Entry
Indigo Magic System Tour in the SGI system tour package (systour) for IRIX 5.x through 6.3 allows local users to gain root privileges via a Trojan horse .exitops program, which is called by the inst command that is executed by the RemoveSystemTour program.
[AA-96.08]
[470]
[19961030 (Another) vulnerability in new SGIs]
[19961101-01-I]
[irix-systour(7456)]
-
Entry
Buffer overflow in ppp program in FreeBSD 2.1 and earlier allows local users to gain privileges via a long HOME environment variable.
[19961219 Exploit for ppp bug (FreeBSD 2.1.0).]
[FreeBSD-SA-96:20]
[6085]
[ppp-bo(7465)]
-
Entry
Perl 5.004_04 and earlier follows symbolic links when running with the -e option, which allows local users to overwrite arbitrary files via a symlink attack on the /tmp/perl-eaXXXXX file.
[19980308 another /tmp race: `perl -e' opens temp file not safely]
[http://www.redhat.com/support/errata/rh50-errata-general.html#perl]
[perl-e-tmp-symlink(7243)]
-
Entry
Index Server 2.0 on IIS 4.0 stores physical path information in the ContentIndex\Catalogs subkey of the AllowedPaths registry key, whose permissions allows local and remote users to obtain the physical paths of directories that are being indexed.
[476]
[19990323 Index Server 2.0 and the Registry]
[19990323 Index Server 2.0 and the Registry]
[iis-indexserver-reveal-path(7559)]
-
Entry
The access permissions for a UNIX domain socket are ignored in Solaris 2.x and SunOS 4.x, and other BSD-based operating systems before 4.4, which could allow local users to connect to the socket and possibly disrupt or control the operations of the program using that socket.
[456]
[19970517 UNIX domain socket (Solarisx86 2.5)]
[19971003 Solaris 2.6 and sockets]
[sun-domain-socket-permissions(7172)]
-
Entry
ifdhcpc-done script for configuring DHCP on Red Hat Linux 5 allows local users to append text to arbitrary files via a symlink attack on the dhcplog file.
[368]
[19980309 *sigh* another RH5 /tmp problem]
[http://www.redhat.com/support/errata/rh50-errata-general.html#initscripts]
[initscripts-ifdhcpdone-dhcplog-symlink(7294)]
-
Entry
The at program in IRIX 6.2 and NetBSD 1.3.2 and earlier allows local users to read portions of arbitrary files by submitting the file to at with the -f argument, which generates error messages that at sends to the user via e-mail.
[331]
[19980703 more about 'at']
[19980805 irix-6.2 "at -f" vulnerability]
[NetBSD-SA1998-004]
[at-f-read-files(7577)]
-
Entry
The installation of the fsp package 2.71-10 in Debian GNU/Linux 2.0 adds the anonymous FTP user without notifying the administrator, which could automatically enable anonymous FTP on some servers such as wu-ftp.
[316]
[19981128 Debian: Security flaw in FSP]
[19981130 Debian: Security flaw in FSP]
[19990217 Debian GNU/Linux 2.0r5 released (fwd)]
[19981126 new version of fsp fixes security flaw]
[fsp-anon-ftp-access(7574)]
-
Entry
IBM Netfinity Remote Control allows local users to gain administrator privileges by starting programs from the process manager, which runs with system level privileges.
[284]
[19990525 Security Leak with IBM Netfinity Remote Control Software]
[19990609 IBM's response to "Security Leak with IBM Netfinity Remote Control Software]
-
Entry
Buffer overflow in nss_nisplus.so.1 library in NIS+ in Solaris 2.3 and 2.4 allows local users to gain root privileges.
[219]
[00148]
[sun-nisplus-bo(7535)]
-
Entry
ping in Solaris 2.3 through 2.6 allows local users to cause a denial of service (crash) via a ping request to a multicast address through the loopback interface, e.g. via ping -i.
[209]
[19970626 Solaris Ping bug (DoS)]
[19970627 SUMMARY: Solaris Ping bug (DoS)]
[19970627 Solaris Ping bug(inetsvc)]
[19971005 Solaris Ping Bug and other [bc] oddities]
[00146]
[ping-multicast-loopback-dos(7492)]
-
Entry
Power management (Powermanagement) on Solaris 2.4 through 2.6 does not start the xlock process until after the sys-suspend has completed, which allows an attacker with physical access to input characters to the last active application from the keyboard for a short period after the system is restoring, which could lead to increased privileges.
[160]
[19980716 Security risk with powermanagemnet on Solaris 2.6]
[4024179]
-
Entry
HP JetAdmin D.01.09 on Solaris allows local users to change the permissions of arbitrary files via a symlink attack on the /tmp/jetadmin.log file.
[157]
[19980715 JetAdmin software]
[19980722 Re: JetAdmin software]
-
Entry
ePerl 2.2.12 allows remote attackers to read arbitrary files and possibly execute certain commands by specifying a full pathname of the target file as an argument to bar.phtml.
[151]
[19980707 ePerl: bad handling of ISINDEX queries]
[19980710 ePerl Security Update Available]
-
Entry
GINA in Windows NT 4.0 allows attackers with physical access to display a portion of the clipboard of the user who has locked the workstation by pasting (CTRL-V) the contents into the username prompt.
[198]
[19990129 ole objects in a "secured" environment?]
[Q214802]
[19990129 ole objects in a "secured" environment?]
[19990205 Alert: MS releases GINA-fix for SP3, SP4, and TS]
[nt-gina-clipboard(1975)]
-
Entry
RSH service utility RSHSVC in Windows NT 3.5 through 4.0 does not properly restrict access as specified in the .Rhosts file when a user comes from an authorized host, which could allow unauthorized users to access the service by logging in from an authorized host.
[Q158320]
[nt-rshsvc-ale-bypass(7422)]
-
Entry
thttpd HTTP server 2.03 and earlier allows remote attackers to read arbitrary files via a GET request with more than one leading / (slash) character in the filename.
[19980819 thttpd 2.04 released (fwd)]
[http://www.acme.com/software/thttpd/thttpd.html#releasenotes]
[thttpd-file-read(1809)]
-
Entry
rdist in various UNIX systems uses popen to execute sendmail, which allows local users to gain root privileges by modifying the IFS (Internal Field Separator) variable.
[31]
[CA-91.20]
[http://www.alw.nih.gov/Security/8lgm/8lgm-Advisory-01.html]
[8106]
[rdist-popen-gain-privileges(7160)]
-
Entry
Internet Explorer 4.0 allows remote attackers to read arbitrary text and HTML files on the user's machine via a small IFRAME that uses Dynamic HTML (DHTML) to send the data to the attacker, aka the Freiburg text-viewing issue.
[19971017 Security Hole in Explorer 4.0]
[http://www.microsoft.com/Windows/ie/security/freiburg.asp]
[http://www.insecure.org/sploits/Internet_explorer_4.0.hack.html]
[Q176697]
[Q176794]
[7819]
[http-ie-spy(587)]
-
Entry
When a Web site redirects the browser to another site, Internet Explorer 3.02 and 4.0 automatically resends authentication information to the second site, aka the "Page Redirect Issue."
[Q176697]
[7818]
[ie-page-redirect(7426)]
-
Entry
A bug in Intel Pentium processor (MMX and Overdrive) allows local users to cause a denial of service (hang) in Intel-based operating systems such as Windows NT and Windows 95, via an invalid instruction, aka the "Invalid Operand with Locked CMPXCHG8B Instruction" problem.
[Q163852]
[pentium-crash(704)]
-
Entry
The Sun HotSpot Performance Engine VM allows a remote attacker to cause a denial of service on any server running HotSpot via a URL that includes the [ character.
[522]
[19990706 Bug in SUN's Hotspot VM]
[19990716 FW: (Review ID: 85125) Hotspot crashes bringing down webserver]
[sun-hotspot-vm(2348)]
-
Entry
Squid 2.2.STABLE5 and below, when using external authentication, allows attackers to bypass access controls via a newline in the user/password pair.
[741]
[19991025 [squid] exploit for external authentication problem]
[19991103 [squid]exploit for external authentication problem]
[http://www.squid-cache.org/Versions/v2/2.2/bugs/]
[squid-proxy-auth-access(3433)]
-
Entry
sadc in IBM AIX 4.1 through 4.3, when called from programs such as timex that are setgid adm, allows local users to overwrite arbitrary files via a symlink attack.
[IX75554]
[IX76330]
[IX76853]
[408]
[http://techsupport.services.ibm.com/aix/fixes/v4/os/bos.acct.4.3.1.0.info]
[aix-sadc-timex(7675)]
-
Entry
sdrd daemon in IBM SP2 System Data Repository (SDR) allows remote attackers to read files without authentication.
[371]
[I-079A]
[ibm-sdr-read-files(7217)]
-
Entry
xosview 1.5.1 in Red Hat 5.1 allows local users to gain root access via a long HOME environmental variable.
[362]
[19980528 ALERT: Tiresome security hole in "xosview", RedHat5.1?]
[19980529 Re: Tiresome security hole in "xosview" (xosexp.c)]
[linux-xosview-bo(8787)]
-
Entry
colorview in Silicon Graphics IRIX 5.1, 5.2, and 6.0 allows local attackers to read arbitrary files via the -text argument.
[336]
[19940809 Re: IRIX 5.2 Security Advisory]
[19950307 sigh. another Irix 5.2 hole.]
[19950209-00-P]
[sgi-colorview(2112)]
-
Entry
Sun SunOS 4.1 through 4.1.3 allows local attackers to gain root access via insecure permissions on files and directories such as crash.
[59]
[CA-1993-03]
[sun-dir(521)]
-
Entry
The AMaViS virus scanner 0.2.0-pre4 and earlier allows remote attackers to execute arbitrary commands as root via an infected mail message with shell metacharacters in the reply-to field.
[527]
[19990716 AMaViS virus scanner for Linux - root exploit]
[http://www.amavis.org/ChangeLog.txt]
[amavis-command-execute(2349)]
-
Entry
A configuration problem in the Ad Server Sample directory (AdSamples) in Microsoft Site Server 3.0 allows an attacker to obtain the SITE.CSC file, which exposes sensitive SQL database information.
[256]
[19990511 [ALERT] Site Server 3.0 May Expose SQL IDs and PSWs]
[siteserver-site-csc(2270)]
-
Entry
cgiwrap as used on Cobalt RaQ 2.0 and RaQ 3i does not properly identify the user for running certain scripts, which allows a malicious site administrator to view or modify data located at another virtual site on the same system.
[777]
[19991108 Security flaw in Cobalt RaQ2 cgiwrap]
[19991109 [Cobalt] Security Advisory - cgiwrap]
[35]
[cobalt-cgiwrap-incorrect-permissions(7764)]
-
Entry
Buffer overflow in IBM HomePagePrint 1.0.7 for Windows98J allows a malicious Web site to execute arbitrary code on a viewer's system via a long IMG_SRC HTML tag.
[763]
[19991102 Some holes for Win/UNIX softwares]
[ibm-homepageprint-bo(7767)]
-
Entry
Buffer overflow in AspUpload.dll in Persits Software AspUpload before 1.4.0.2 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long argument in the HTTP request.
[592]
[19990720 Buffer overflow in AspUpload 1.4]
[19990818 AspUpload Buffer Overflow Fixed]
[http-aspupload-bo(3291)]
-
Entry
IIS 3.x and 4.x does not distinguish between pages requiring encryption and those that do not, which allows remote attackers to cause a denial of service (resource exhaustion) via SSL requests to the HTTPS port for normally unencrypted files, which will cause IIS to perform extra work to send the files over SSL.
[521]
[19990707 SSL and IIS.]
[ssl-iis-dos(2352)]
-
Entry
RPMMail before 1.4 allows remote attackers to execute commands via an e-mail message with shell metacharacters in the "MAIL FROM" command.
[19991004 RH6.0 local/remote command execution]
[19991006 Fwd: [Re: RH6.0 local/remote command execution]]
[linux-rh-rpmmail(3353)]
-
Entry
bigconf.conf in F5 BIG/ip 2.1.2 and earlier allows remote attackers to read arbitrary files by specifying the target file in the "file" parameter.
[778]
[19991108 BigIP - bigconf.cgi holes]
[19991109]
[19991109 Re: BigIP - bigconf.cgi holes]
[bigip-bigconf-view-files(7771)]
-
Entry
Microsoft SQL Server 6.5 uses weak encryption for the password for the SQLExecutiveCmdExec account and stores it in an accessible portion of the registry, which could allow local users to gain privileges by reading and decrypting the CmdExecAccount value.
[109]
[19980629 MS SQL Server 6.5 stores password in unprotected registry keys]
[mssql-sqlexecutivecmdexec-password(7354)]
-
Entry
Man2html 2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
[19990820 [SECURITY] New versions of man2html fixes postinst glitch]
[6291]
-
Entry
Off-by-one error in NcFTPd FTP server before 2.4.1 allows a remote attacker to cause a denial of service (crash) via a long PORT command.
[19990223 Comments on NcFTPd "theoretical root compromise"]
[19990223 NcFTPd remote buffer overflow]
[ncftpd-port-bo(1833)]
-
Entry
RealMedia server allows remote attackers to cause a denial of service via a long ramgen request.
[888]
[19991222 RealMedia Server 5.0 Crasher (rmscrash.c)]
[realserver-ramgen-dos]
-
Entry
Buffer overflow in ZBServer Pro 1.50 allows remote attackers to execute commands via a long GET request.
[889]
[19991223 Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT]
[20000128 ZBServer 1.50-r1x exploit (WinNT)]
[19991223 Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT]
[20020114 ZBServer Pro DoS Vulnerability]
[zbserver-get-bo]
-
Entry
Buffer overflow in UnixWare rtpm program allows local users to gain privileges via a long environmental variable.
[19991230 UnixWare rtpm exploit + discussion]
[20000127 New SCO patches...]
-
Entry
ZBServer Pro allows remote attackers to read source code for executable files by inserting a . (dot) into the URL.
[19991223 Re: Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT]
[19991223 Local / Remote GET Buffer Overflow Vulnerability in ZBServer 1.5 Pro Edition for Win98/NT]
[zbserver-url-dot]
-
Entry
strace allows local users to read arbitrary files via memory mapped file names.
[19991225 strace can lie]
[linux-strace(4554)]
-
Entry
Trend Micro PC-Cillin does not restrict access to its internal proxy port, allowing remote attackers to conduct a denial of service.
[1740]
[19991230 PC-Cillin 6.x DoS Attack]
[pccillin-proxy-remote-dos(4491)]
-
Entry
The bna_pass program in Optivity NETarchitect uses the PATH environmental variable for finding the "rm" program, which allows local users to execute arbitrary commands.
[907]
[19991230 bna,sh]
[netarchitect-path-vulnerability]
-
Entry
WebWho+ whois.cgi program allows remote attackers to execute commands via shell metacharacters in the TLD parameter.
[19991226 WebWho+ ADVISORY]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0010]
[http-cgi-webwhoplus]
-
Entry
Buffer overflow in AnalogX SimpleServer:WWW HTTP server allows remote attackers to execute commands via a long GET request.
[906]
[19991231 Local / Remote GET Buffer Overflow Vulnerability in AnalogX SimpleServer:WWW HTTP Server v1.1]
[http://www.analogx.com/contents/download/network/sswww.htm]
[1184]
[simpleserver-get-bo]
-
Entry
Buffer overflow in w3-msql CGI program in miniSQL package allows remote attackers to execute commands.
[898]
[19991227 remote buffer overflow in miniSQL]
[w3-msql-scanf-bo]
-
Entry
IRIX soundplayer program allows local users to gain privileges by including shell metacharacters in a .wav file, which is executed via the midikeys program.
[909]
[19991231 irix-soundplayer.sh]
[irix-soundplayer-symlink]
-
Entry
Denial of service in Savant web server via a null character in the requested URL.
[897]
[19991228 Local / Remote D.o.S Attack in Savant Web Server V2.0 WIN9X / NT / 2K]
[savant-server-null-dos]
-
Entry
CascadeView TFTP server allows local users to gain privileges via a symlink attack.
[910]
[19991231 tftpserv.sh]
[cascadeview-tftp-symlink]
-
Entry
wmmon in FreeBSD allows local users to gain privileges via the .wmmonrc configuration file.
[885]
[19991221 Wmmon under FreeBSD]
[1169]
[freebsd-wmmon-root-exploit]
-
Entry
DNS PRO allows remote attackers to conduct a denial of service via a large number of connections.
[19991221 Remote D.o.S Attack in DNS PRO v5.7 WinNT From FBLI Software Vulnerability]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0020]
[19991221 Remote D.o.S Attack in DNS PRO v5.7 WinNT From FBLI Software Vulnerability]
[dnspro-flood-dos]
-
Entry
Lotus Domino HTTP server does not properly disable anonymous access for the cgi-bin directory.
[881]
[19991221 serious Lotus Domino HTTP denial of service]
[19991227 Re: Lotus Domino HTTP denial of service attack]
-
Entry
Buffer overflow in Lotus Domino HTTP server allows remote attackers to cause a denial of service via a long URL.
[881]
[19991221 serious Lotus Domino HTTP denial of service]
[19991222 Lotus Notes HTTP cgi-bin vulnerability: possible workaround]
[19991227 Re: Lotus Domino HTTP denial of service attack]
[51]
-
Entry
IIS does not properly canonicalize URLs, potentially allowing remote attackers to bypass access restrictions in third-party software via escape characters, aka the "Escape Character Parsing" vulnerability.
[19991228 Third Party Software Affected by IIS "Escape Character Parsing" Vulnerability]
[19991229 More info on MS99-061 (IIS escape character vulnerability)]
[http://www.acrossecurity.com/aspr/ASPR-1999-11-10-1-PUB.txt]
[MS99-061]
[Q246401]
[iis-badescapes]
-
Entry
IIS 4.0 and Site Server 3.0 allow remote attackers to read source code for ASP files if the file is in a virtual directory whose name includes extensions such as .com, .exe, .sh, .cgi, or .dll, aka the "Virtual Directory Naming" vulnerability.
[MS99-058]
[Q238606]
[8098]
-
Entry
Buffer overflow in UnixWare i2odialogd daemon allows remote attackers to gain root access via a long username/password authorization string.
[876]
[19991222 UnixWare i2odialogd remote root exploit]
[19991223 FYI, SCO Security patches available.]
[6310]
-
Entry
IBM Network Station Manager NetStation allows local users to gain privileges via a symlink attack.
[900]
[19991227 IBM NetStation/UnixWare local root exploit]
[ibm-netstat-race-condition(5381)]
-
Entry
UnixWare pis and mkpis commands allow local users to gain privileges via a symlink attack.
[901]
[19991227 UnixWare local pis exploit]
[20000113 Info on some security holes reported against SCO Unixware.]
-
Entry
Solaris dmispd dmi_cmd allows local users to fill up restricted disk space by adding files to the /var/dmi/db database.
[878]
[19991222 Solaris 2.7 dmispd local/remote problems]
[sol-dmispd-fill-disk]
-
Entry
The initscripts package in Red Hat Linux allows local users to gain privileges via a symlink attack.
[19991227 initscripts-4.48-1 RedHat Linux 6.1]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0031]
[RHSA-1999:052-04]
-
Entry
Solaris dmi_cmd allows local users to crash the dmispd daemon by adding a malformed file to the /var/dmi/db database.
[878]
[19991222 Solaris 2.7 dmispd local/remote problems]
[7582]
[sol-dmispd-dos]
-
Entry
InterScan VirusWall SMTP scanner does not properly scan messages with malformed attachments.
[899]
[19991227 Trend Micro InterScan VirusWall SMTP bug]
[interscan-viruswall-bypass]
-
Entry
Netscape 4.7 records user passwords in the preferences.js file during an IMAP or POP session, even if the user has not enabled "remember passwords."
[19991222 More Netscape Passwords Available.]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0034]
[netscape-password-preferences]
-
Entry
Outlook Express 5 for Macintosh downloads attachments to HTML mail without prompting the user, aka the "HTML Mail Attachment" vulnerability.
[MS99-060]
[Q249082]
-
Entry
Majordomo wrapper allows local users to gain privileges by specifying an alternate configuration file.
[903]
[19991228 majordomo local exploit]
[20000113 Info on some security holes reported against SCO Unixware.]
[20000124 majordomo 1.94.5 does not fix all vulnerabilities]
[RHSA-2000:005]
-
Entry
AltaVista search engine allows remote attackers to read files above the document root via a .. (dot dot) in the query.cgi CGI program.
[896]
[19991229 AltaVista]
[19991229 AltaVista followup and monitor script]
[19991230 Follow UP AltaVista]
[20000103 FW: Patch issued for AltaVista Search Engine Directory TraversalVulnerability]
[20000109 Altavista followup]
[15]
-
Entry
glFtpD allows local users to gain privileges via metacharacters in the SITE ZIPCHK command.
[19991223 Multiple vulnerabilites in glFtpD (current versions)]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0040]
-
Entry
Macintosh systems generate large ICMP datagrams in response to malformed datagrams, allowing them to be used as amplifiers in a flood attack.
[890]
[19991229 The "Mac DoS Attack," a Scheme for Blocking Internet Connections]
-
Entry
Buffer overflow in CSM mail server allows remote attackers to cause a denial of service or execute commands via a long HELO command.
[895]
[19991229 Local / Remote D.o.S Attack in CSM Mail Server for Windows 95/NT v.2000.08.A]
[csm-server-bo]
-
Entry
Buffer overflow in CamShot WebCam HTTP server allows remote attackers to execute commands via a long GET request.
[905]
[19991230 Local / Remote GET Buffer Overflow Vulnerability in CamShot WebCam HTTP Server v2.5 for Win9x/NT]
[camshot-http-get-overflow]
-
Entry
Macros in War FTP 1.70 and 1.67b2 allow local or remote attackers to read arbitrary files or execute commands.
[919]
[20000105 SECURITY ALERT - WAR FTP DAEMON ALL VERSIONS]
[warftp-macro-access-files]
-
Entry
MySQL allows local users to modify passwords for arbitrary MySQL users via the GRANT privilege.
[926]
[20000111 Serious bug in MySQL password handling.]
[20000113 New MySQL Available]
[mysql-pwd-grant]
-
Entry
get_it program in Corel Linux Update allows local users to gain root access by specifying an alternate PATH for the cp program.
[928]
[20000112 Serious Bug in Corel Linux.(Local root exploit)]
[http://linux.corel.com/support/clos_patch1.htm]
[linux-corel-update]
-
Entry
The Allaire Spectra Webtop allows authenticated users to access other Webtop sections by specifying explicit URLs.
[ASB00-01]
[915]
[allaire-webtop-access]
-
Entry
The Allaire Spectra Configuration Wizard allows remote attackers to cause a denial of service by repeatedly resubmitting data collections for indexing via a URL.
[ASB00-02]
[916]
[allaire-spectra-config-dos]
-
Entry
Red Hat userhelper program in the usermode package allows local users to gain root access via PAM and a .. (dot dot) attack.
[913]
[20000104 PamSlam]
[RHSA-2000:001]
[linux-pam-userhelper]
-
Entry
Microsoft Commercial Internet System (MCIS) IMAP server allows remote attackers to cause a denial of service via a malformed IMAP request.
[912]
[MS00-001]
[Q246731]
[mcis-malformed-imap]
-
Entry
IMail IMONITOR status.cgi CGI script allows remote attackers to cause a denial of service with many calls to status.cgi.
[914]
[20000105 Local / Remote D.o.S Attack in IMail IMONITOR Server for WinNT Version 5.08]
[imail-imonitor-status-dos]
-
Entry
Cold Fusion CFCACHE tag places temporary cache files within the web document root, allowing remote attackers to obtain sensitive system information.
[ASB00-03]
[917]
[coldfusion-cfcache]
-
Entry
Buffer overflow in aVirt Rover POP3 server 1.1 allows remote attackers to cause a denial of service via a long user name.
[894]
[19991227 Local / Remote Remote DoS Attack in Rover POP3 Server V1.1 NT From aVirt]
[19991227 Local / Remote Remote DoS Attack in Rover POP3 Server V1.1 NT From aVirt]
[avirt-rover-pop3-dos(3765)]
-
Entry
The DTML implementation in the Z Object Publishing Environment (Zope) allows remote attackers to conduct unauthorized activities.
[922]
[20000104 [petrilli@digicool.com: [Zope] SECURITY ALERT]]
[zope-dtml]
-
Entry
cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to read arbitrary files by specifying the filename in a parameter to the script.
[938]
[20000118 Nortel Contivity Vulnerability]
[http-cgi-cgiproc-file-read]
-
Entry
cgiproc CGI script in Nortel Contivity HTTP server allows remote attackers to cause a denial of service via a malformed URL that includes shell metacharacters.
[938]
[20000118 Nortel Contivity Vulnerability]
[7583]
[http-cgi-cgiproc-dos]
-
Entry
Buffer overflow in InetServ 3.0 allows remote attackers to execute commands via a long GET request.
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0065]
[20000117 Remote Buffer Exploit - InetServ 3.0]
[inetserv-get-bo]
-
Entry
NtImpersonateClientOfPort local procedure call in Windows NT 4.0 allows local users to gain privileges, aka "Spoofed LPC Port Request."
[934]
[20000113 Local Promotion Vulnerability in Windows NT 4]
[MS00-003]
[Q247869]
[nt-spoofed-lpc-port]
-
Entry
Visual Casel (Vcasel) does not properly prevent users from executing files, which allows local users to use a relative pathname to specify an alternate file which has an approved name and possibly gain privileges.
[937]
[20000118 Warning: VCasel security hole.]
[vcasel-filename-trusting(3867)]
-
Entry
Buffer overflow in Microsoft Rich Text Format (RTF) reader allows attackers to cause a denial of service via a malformed control word.
[MS00-005]
[Q249973]
[win-malformed-rtf-control-word]
-
Entry
Super Mail Transfer Package (SMTP), later called MsgCore, has a memory leak which allows remote attackers to cause a denial of service by repeating multiple HELO, MAIL FROM, RCPT TO, and DATA commands in the same session.
[930]
[20000113 Local / Remote D.o.S Attack in Super Mail Transfer Package (SMTP) Server for WinNT Version 1.9x]
[20000113 Local / Remote D.o.S Attack in Super Mail Transfer Package (SMTP) Server for WinNT Version 1.9x]
[supermail-memleak-dos]
-
Entry
nviboot boot script in the Debian nvi package allows local users to delete files via malformed entries in vi.recover.
[1439]
[19991230 vibackup.sh]
[20000108]
[nvi-delete-files]
-
Entry
AIX techlibss allows local users to overwrite files via a symlink attack.
[931]
[20000110 2nd attempt: AIX techlibss follows links]
[aix-techlibss-symbolic-link]
-
Entry
HP asecure creates the Audio Security File audio.sec with insecure permissions, which allows local users to cause a denial of service or gain additional privileges.
[HPSBUX0001-109]
[hp-audio-security-perms]
-
Entry
Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames and passwords in plaintext.
[20000113 Misleading sense of security in Netscape]
[netscape-mail-notify-plaintext(4385)]
-
Entry
Buffer overflow in the conversion utilities for Japanese, Korean and Chinese Word 5 documents allows an attacker to execute commands, aka the "Malformed Conversion Data" vulnerability.
[946]
[MS00-002]
[office-malformed-convert]
-
Entry
The rdisk utility in Microsoft Terminal Server Edition and Windows NT 4.0 stores registry hive information in a temporary file with permissions that allow local users to read it, aka the "RDISK Registry Enumeration File" vulnerability.
[947]
[20000122 RDISK registry enumeration file vulnerability in Windows NT 4.0 Terminal Server Edition]
[MS00-004]
[Q249108]
[20000121 RDISK registry enumeration file vulnerability in Windows NT 4.0 Terminal Server Edition]
[nt-rdisk-enum-file]
-
Entry
VMWare 1.1.2 allows local users to cause a denial of service via a symlink attack.
[943]
[20000124 VMware 1.1.2 Symlink Vulnerability]
[1205]
[linux-vmware-symlink]
-
Entry
Buffer overflow in vchkpw/vpopmail POP authentication package allows remote attackers to gain root privileges via a long username or password.
[942]
[20000122 remote root qmail-pop with vpopmail advisory and exploit with patch]
[20000123 Re: vpopmail/vchkpw remote root exploit]
[http://www.inter7.com/vpopmail/]
[http://www.inter7.com/vpopmail/ChangeLog]
-
Entry
The BSD make program allows local users to modify files via a symlink attack when the -j option is being used.
[939]
[FreeBSD-SA-00:01]
[gnu-makefile-tmp-root]
-
Entry
procfs in BSD systems allows local users to gain root privileges by modifying the /proc/pid/mem interface via a modified file descriptor for stderr.
[940]
[20000121 *BSD procfs vulnerability]
[FreeBSD-SA-00:02]
[NetBSD-SA2000-001]
[20000120 [2.6] 018: SECURITY FIX: Jan 20, 2000]
[20760]
[netbsd-procfs(3995)]
-
Entry
The PMTU discovery procedure used by HP-UX 10.30 and 11.00 for determining the optimum MTU generates large amounts of traffic in response to small packets, allowing remote attackers to cause the system to be used as a packet amplifier.
[944]
[HPSBUX0001-110]
-
Entry
The WebHits ISAPI filter in Microsoft Index Server allows remote attackers to read arbitrary files, aka the "Malformed Hit-Highlighting Argument" vulnerability.
[950]
[MS00-006]
[20000127 Alert: MS IIS 4 / IS 2 (Cerberus Security Advisory CISADV000126)]
[1210]
[http-indexserver-dirtrans]
-
Entry
Microsoft Index Server allows remote attackers to determine the real path for a web directory via a request to an Internet Data Query file that does not exist.
[MS00-006]
-
Entry
Buffer overflow in UnixWare ppptalk command allows local users to gain privileges via a long prompt argument.
[20000119 Unixware ppptalk]
-
Entry
The SMS Remote Control program is installed with insecure permissions, which allows local users to gain privileges by modifying or replacing the program.
[MS00-012]
[20000115 Security Vulnerability with SMS 2.0 Remote Control]
-
Entry
Linux apcd program allows local attackers to modify arbitrary files via a symlink attack.
[958]
[20000201]
-
Entry
The RightFax web client uses predictable session numbers, which allows remote attackers to hijack user sessions.
[953]
[20000129 [LoWNOISE] Rightfax web client 5.2]
[avt-rightfax-predict-session]
-
Entry
The default installation of Debian GNU/Linux uses an insecure Master Boot Record (MBR) which allows a local user to boot from a floppy disk during the installation.
[960]
[20000202 vulnerability in Linux Debian default boot configuration]
[debian-mbr-bypass-security]
-
Entry
The SyGate Remote Management program does not properly restrict access to its administration service, which allows remote attackers to cause a denial of service, or access network traffic statistics.
[952]
[20000128 SyGate 3.11 Port 7323 / Remote Admin hole]
[20000202 SV: SyGate 3.11 Port 7323 / Remote Admin hole]
[20000203 UPDATE: Sygate 3.11 Port 7323 Telnet Hole]
[http://www.sybergen.com/support/fix.htm]
-
Entry
Firewall-1 does not properly filter script tags, which allows remote attackers to bypass the "Strip Script Tags" restriction by including an extra < in front of the SCRIPT tag.
[954]
[20000129 "Strip Script Tags" in FW-1 can be circumvented]
[20000129 "Strip Script Tags" in FW-1 can be circumvented]
[1212]
[http-script-bypass]
-
Entry
The siteUserMod.cgi program in Cobalt RaQ2 servers allows any Site Administrator to modify passwords for other users, site administrators, and possibly admin (root).
[951]
[20000127 Cobalt RaQ2 - a user of mine changed my admin password..]
[20000131 [ Cobalt ] Security Advisory -- 01.31.2000]
[http-cgi-cobalt-passwords]
-
Entry
The Remote Access Service invoke.cfm template in Allaire Spectra 1.0 allows users to bypass authentication via the bAuthenticated parameter.
[ASB00-04]
[955]
[allaire-spectra-ras-access(4025)]
-
Entry
The Recycle Bin utility in Windows NT and Windows 2000 allows local users to read or modify files by creating a subdirectory with the victim's SID in the recycler directory, aka the "Recycle Bin Creation" vulnerability.
[963]
[MS00-007]
[Q248399]
[20000201 "Recycle Bin Creation" Vulnerability in Windows NT / Windows 2000]
-
Entry
The Webspeed configuration program does not properly disable access to the WSMadmin utility, which allows remote attackers to gain privileges via wsisa.dll.
[969]
[20000203 Webspeed security issue]
[http://www.progress.com/services/support/cgi-bin/techweb-kbase.cgi/webkb.html?kbid=19412&keywords=security%20Webspeed]
[webspeed-adminutil-auth]
-
Entry
The Finger Server 0.82 allows remote attackers to execute commands via shell metacharacters.
[20000204 "The Finger Server"]
[http://www.glazed.org/finger/changelog.txt]
[7610]
[finger-server-input]
-
Entry
Buffer overflow in SCO scohelp program allows remote attackers to execute commands.
[20000127 New SCO patches...]
[SB-00.02a]
[sco-help-bo]
-
Entry
Buffer overflow in War FTPd 1.6x allows users to cause a denial of service via long MKD and CWD commands.
[966]
[20000201 war-ftpd 1.6x DoS]
[4677]
-
Entry
Internet Anywhere POP3 Mail Server allows local users to cause a denial of service via a malformed RETR command.
[982]
[20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3]
-
Entry
Internet Anywhere POP3 Mail Server allows remote attackers to cause a denial of service via a large number of connections.
[980]
[20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3]
[20000210 remote DoS on Internet Anywhere Mail Server Ver.3.1.3]
-
Entry
Infopop Ultimate Bulletin Board (UBB) allows remote attackers to execute commands via shell metacharacters in the topic hidden field.
[991]
[20000211 perl-cgi hole in UltimateBB by Infopop Corp.]
[20000225 FW: Important UBB News For Licensed Users]
[http://www.ultimatebb.com/home/versions.shtml]
[http-cgi-ultimatebb]
-
Entry
Axis 700 Network Scanner does not properly restrict access to administrator URLs, which allows users to bypass the password protection via a .. (dot dot) attack.
[971]
[20000207 Infosec.20000207.axis700.a]
-
Entry
The libguile.so library file used by gnucash in Debian GNU/Linux is installed with world-writable permissions.
[20000205 Debian (frozen): Perms on /usr/lib/libguile.so.6.0.0]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0145]
-
Entry
The Java Server in the Novell GroupWise Web Access Enhancement Pack allows remote attackers to cause a denial of service via a long URL to the servlet.
[972]
[20000207 Novell GroupWise 5.5 Enhancement Pack Web Access Denial of Service]
[novell-groupwise-url-dos]
-
Entry
MySQL 3.22 allows remote attackers to bypass password authentication and access a database via a short check string.
[975]
[20000208 Remote access vulnerability in all MySQL server versions]
[20000214 MySQL 3.22.32 released]
-
Entry
Zeus web server allows remote attackers to view the source code for CGI programs via a null character (%00) at the end of a URL.
[977]
[20000208 Zeus Web Server: Null Terminated Strings]
[20000209 [SAFER 000209.EXP.1.2] Zeus Web Server - obtaining source of CGI scripts]
[254]
[zeus-server-null-string(3982)]
-
Entry
Check Point Firewall-1 allows remote attackers to bypass port access restrictions on an FTP server by forcing it to send malicious packets that Firewall-1 misinterprets as a valid 227 response to a client's PASV attempt.
[979]
[20000209 FireWall-1 FTP Server Vulnerability]
[20000210 Multiple firewalls: FTP Application Level Gateway "PASV" Vulnerability]
[20000212 Re: FireWall-1 FTP Server Vulnerability]
[VU#328867]
[4417]
-
Entry
Remote attackers can cause a denial of service in Novell BorderManager 3.5 by pressing the enter key in a telnet connection to port 2000.
[976]
[20000209 Novell BorderManager 3.5 Remote Slow Death]
[20000211 BorderManager csatpxy.nlm fix avalable.]
[7468]
-
Entry
Internet Explorer 4.x and 5.x allows remote web servers to access files on the client that are outside of its security domain, aka the "Image Source Redirect" vulnerability.
[MS00-009]
[7827]
[ie-image-source-redirect(3996)]
-
Entry
NetBSD ptrace call on VAX allows local users to gain privileges by modifying the PSL contents in the debugging process.
[992]
[1999-012]
[netbsd-ptrace]
-
Entry
HP Ignite-UX does not save /etc/passwd when it creates an image of a trusted system, which can set the password field to a blank and allow an attacker to gain privileges.
[HPSBUX0002-111]
-
Entry
Sample web sites on Microsoft Site Server 3.0 Commerce Edition do not validate an identification number, which allows remote attackers to execute SQL commands.
[994]
[MS00-010]
-
Entry
The Microsoft virtual machine (VM) in Internet Explorer 4.x and 5.x allows a remote attacker to read files via a malicious Java applet that escapes the Java sandbox, aka the "VM File Reading" vulnerability.
[MS00-011]
-
Entry
The installation of Sun Internet Mail Server (SIMS) creates a world-readable file that allows local users to obtain passwords.
[1004]
[20000220 Sun Internet Mail Server]
[4316521]
[sims-temp-world-readable]
-
Entry
The Delegate application proxy has several buffer overflows which allow a remote attacker to execute commands.
[20000210 Re: application proxies?]
[K-023]
[FreeBSD-SA-00:04]
[delegate-proxy-bo(4105)]
-
Entry
Buffer overflow in the InterAccess telnet server TelnetD allows remote attackers to execute commands via a long login name.
[995]
[20000221 Local / Remote Exploiteable Buffer Overflow Vulnerability in InterAccess TelnetD Server 4.0 for Windows NT]
[20000223 Pragma Systems response to USSRLabs report]
[interaccess-telnet-login-bo]
-
Entry
Microsoft Windows 9x operating systems allow an attacker to cause a denial of service via a pathname that includes file device names, aka the "DOS Device in Path Name" vulnerability.
[1043]
[20000306 con\con is a old thing (anyway is cool)]
[MS00-017]
[win-dos-devicename-dos]
-
Entry
Batch files in the Oracle web listener ows-bin directory allow remote attackers to execute commands via a malformed URL that includes '?&'.
[1053]
[20000314 Oracle Web Listener 4.0.x]
[oracle-weblistener-remote-attack]
-
Entry
Buffer overflow in the man program in Linux allows local users to gain privileges via the MANPAGER environmental variable.
[1011]
[20000226 man bugs might lead to root compromise (RH 6.1 and other boxes)]
-
Entry
atsadc in the atsar package for Linux does not properly check the permissions of an output file, which allows local users to gain root privileges.
[1048]
[20000311 TESO advisory -- atsadc]
[atsar-root-access]
-
Entry
The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges.
[1038]
[20000303 Potential security problem with mtr]
[20000308 [TL-Security-Announce] mtr-0.41 and earlier TLSA2000003-1 (fwd)]
[20000309 mtr]
[FreeBSD-SA-00:09]
-
Entry
StarOffice StarScheduler web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.
[1040]
[20000308 [SAFER 000309.EXP.1.4] StarScheduler (StarOffice) vulnerabilities]
[staroffice-scheduler-fileread]
-
Entry
Buffer overflow in StarOffice StarScheduler web server allows remote attackers to gain root access via a long GET command.
[1039]
[20000308 [SAFER 000309.EXP.1.4] StarScheduler (StarOffice) vulnerabilities]
[staroffice-scheduler-bo]
-
Entry
ServerIron switches by Foundry Networks have predictable TCP/IP sequence numbers, which allows remote attackers to spoof or hijack sessions.
[1017]
[20000227 Advisory: Foundry Networks ServerIron TCP/IP sequence predictability]
[http://www.foundrynet.com/bugTraq.html]
-
Entry
HP OpenView OmniBack 2.55 allows remote attackers to cause a denial of service via a large number of connections to port 5555.
[1015]
[20000228 HP Omniback remote DoS]
[HPSBUX0006-115]
[omniback-connection-dos]
-
Entry
Sojourn search engine allows remote attackers to read arbitrary files via a .. (dot dot) attack.
[1052]
[20000313 SOJOURN Search engine exposes files]
[sojourn-file-read(4197)]
-
Entry
Firewall-1 3.0 and 4.0 leaks packets with private IP address information, which could allow remote attackers to determine the real IP address of the host that is making the connection.
[1054]
[20000311 Our old friend Firewall-1]
[1256]
-
Entry
iPlanet Web Server 4.1 allows remote attackers to cause a denial of service via a large number of GET commands, which consumes memory and causes a kernel panic.
[20000223 DoS for the iPlanet Web Server, Enterprise Edition 4.1]
[https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-2000-0182]
-
Entry
Buffer overflow in ircII 4.4 IRC client allows remote attackers to execute commands via the DCC chat capability.
[1046]
[20000310 Fwd: ircii-4.4 buffer overflow]
[FreeBSD-SA-00:11]
[RHSA-2000:008]
-
Entry
Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords.
[1037]
[20000309]
-
Entry
RealMedia RealServer reveals the real IP address of a Real Server, even if the address is supposed to be private.
[1049]
[20000308 RealServer exposes internal IP addresses]
-
Entry
Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument.
[1020]
[20000228 [ Hackerslab bug_paper ] Linux dump buffer overflow]
[RHSA-2000:100]
[TLSA200007-1]
-
Entry
ColdFusion Server 4.x allows remote attackers to determine the real pathname of the server via an HTTP request to the application.cfm or onrequestend.cfm files.
[1021]
[20000305 ColdFusion Bug: Application.cfm shows full path]
[20000301 ColdFusions application.cfm shows full path]
-
Entry
Axis StorPoint CD allows remote attackers to access administrator URLs without authentication via a .. (dot dot) attack.
[1025]
[20000229 Infosec.20000229.axisstorpointcd.a]
[19]
[axis-storpoint-auth]
-
Entry
The default installation of Caldera OpenLinux 2.3 includes the CGI program rpm_query, which allows remote attackers to determine what packages are installed on the system.
[1036]
[20000304 OpenLinux 2.3: rpm_query]
-
Entry
The default configuration of Dosemu in Corel Linux 1.0 allows local users to execute the system.com program and gain privileges.
[1030]
[20000302 Corel Linux 1.0 dosemu default configuration: Local root vuln]
[linux-dosemu-config]
-
Entry
buildxconf in Corel Linux allows local users to modify or create arbitrary files via the -x or -f parameters.
[1007]
[20000224 Corel Linux 1.0 local root compromise]
-
Entry
setxconf in Corel Linux allows local users to gain root access via the -T parameter, which executes the user's .xserverrc file.
[1008]
[20000224 Corel Linux 1.0 local root compromise]
[corel-linux-setxconf-root]
-
Entry
Buffer overflow in mhshow in the Linux nmh package allows remote attackers to execute commands via malformed MIME headers in an email message.
[1018]
[20000229]
[RHSA-2000:006]
-
Entry
Buffer overflow in Microsoft Clip Art Gallery allows remote attackers to cause a denial of service or execute commands via a malformed CIL (clip art library) file, aka the "Clip Art Buffer Overrun" vulnerability.
[1034]
[MS00-015]
-
Entry
The window.showHelp() method in Internet Explorer 5.x does not restrict HTML help files (.chm) to be executed from the local host, which allows remote attackers to execute arbitrary commands via Microsoft Networking.
[1033]
[20000301 IE 5.x allows executing arbitrary programs using .chm files]
-
Entry
Microsoft SQL Server 7.0 and Microsoft Data Engine (MSDE) 1.0 allow remote attackers to gain privileges via a malformed Select statement in an SQL query.
[1041]
[MS00-014]
-
Entry
The installation of Oracle 8.1.5.x on Linux follows symlinks and creates the orainstRoot.sh file with world-writeable permissions, which allows local users to gain privileges.
[1035]
[20000305 Oracle installer problem]
-
Entry
SGI InfoSearch CGI program infosrch.cgi allows remote attackers to execute commands via shell metacharacters.
[1031]
[20000301 infosrch.cgi vulnerability (IRIX 6.5)]
[20000501-01-P]
[irix-infosrch-fname]
-
Entry
The htdig (ht://Dig) CGI program htsearch allows remote attackers to read arbitrary files by enclosing the file name with backticks (`) in parameters to htsearch.
[1026]
[20000228 ht://Dig remote information exposure]
[20000227]
[FreeBSD-SA-00:06]
[TLSA200005-1]
-
Entry
Buffer overflow in Lynx 2.x allows remote attackers to crash Lynx and possibly execute commands via a long URL in a malicious web page.
[1012]
[20000227 lynx - someone is deaf and blind ;)]
[FreeBSD-SA-00:08]
-
Entry
The lit program in Sun Flex License Manager (FlexLM) follows symlinks, which allows local users to modify arbitrary files.
[998]
[20000221 flex license manager tempfile predictable name...]
-
Entry
The Windows Media server allows remote attackers to cause a denial of service via a series of client handshake packets that are sent in an improper sequence, aka the "Misordered Windows Media Services Handshake" vulnerability.
[1000]
[MS00-013]
[win-media-dos]
-
Entry
InterAccess TelnetD Server 4.0 allows remote attackers to conduct a denial of service via malformed terminal client configuration information.
[1001]
[20000224 Local / Remote D.o.S Attack in InterAccess TelnetD Server Release 4.0 *ALL BUILDS* for WinNT Vulnerability]
[interaccess-telnet-dos(4033)]
-
Entry
Vulnerability in SCO cu program in UnixWare 7.x allows local users to gain privileges.
[1019]
[SB-00.05]
-
Entry
The default configuration of SSH allows X forwarding, which could allow a remote attacker to control a client's X sessions via a malicious xauth program.
[1006]
[20000224 SSH & xauth]
-
Entry
Buffer overflow in Linux mount and umount allows local users to gain root privileges via a long relative pathname.
[CSSA-2000-002.0]
[6980]
[7004]
[20000210 util < 2.10f]
-
Entry
The Nautica Marlin bridge allows remote attackers to cause a denial of service via a zero length UDP packet to the SNMP port.
[1009]
[20000225 Scorpion Marlin]
-
Entry
The installation for Windows 2000 does not activate the Administrator password until the system has rebooted, which allows remote attackers to connect to the ADMIN$ share without a password until the reboot occurs.
[990]
[20000215 Windows 2000 installation process weakness]
-
Entry
Buffer overflow in the wmcdplay CD player program for the WindowMaker desktop allows local users to gain root privileges via a long parameter.
[1047]
[20000311 TESO advisory -- wmcdplay]
-
Entry
ARCserve agent in SCO UnixWare 7.x allows local attackers to gain root privileges via a symlink attack.
[20000215 ARCserve symlink vulnerability]
[SSE063]
[sco-openserver-arc-symlink]
-
Entry
The Pocsag POC32 program does not properly prevent remote users from accessing its server port, even if the option has been disabled.
[1032]
[20000303 Pocsag remote access to client can't be disabled.]
[259]
[telnet-pocsag]
-
Entry
IIS 4.0 allows attackers to cause a denial of service by requesting a large buffer in a POST or PUT command which consumes memory, aka the "Chunked Transfer Encoding Buffer Overflow Vulnerability."
[1066]
[MS00-018]
[iis-chunked-encoding-dos]
-
Entry
Microsoft Windows Media License Manager allows remote attackers to cause a denial of service by sending a malformed request that causes the manager to halt, aka the "Malformed Media License Request" Vulnerability.
[1058]
[MS00-016]
[mwmt-malformed-media-license]
-
Entry
gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root.
[1069]
[20000322 gpm-root]
[RHSA-2000:009]
[RHSA-2000:045]
[20000405 Security hole in gpm < 1.18.1]
[linux-gpm-root]
-
Entry
Buffer overflow in imwheel allows local users to gain root privileges via the imwheel-solo script and a long HOME environmental variable.
[1060]
[20000316 TESO & C-Skills development advisory -- imwheel]
[RHSA-2000:016]
[linux-imwheel-bo]
-
Entry
Linux kreatecd trusts a user-supplied path that is used to find the cdrecord program, allowing local users to gain root privileges.
[1061]
[20000316 "TESO & C-Skills development advisory -- kreatecd" at:]
[20000405 Security hole in kreatecd < 0.3.8b]
[linux-kreatecd-path]
-
Entry
Microsoft TCP/IP Printing Services, aka Print Services for Unix, allows an attacker to cause a denial of service via a malformed TCP/IP print request.
[1082]
[20000330 Remote DoS Attack in Windows 2000/NT 4.0 TCP/IP Print Request Server Vulnerability]
[MS00-021]
[win-tcpip-printing-dos]
-
Entry
SuSE Linux IMAP server allows remote attackers to bypass IMAP authentication and gain privileges.
[20000327 Security hole in SuSE Linux IMAP Server]
[linux-imap-remote-unauthorized-access]
-
Entry
The default configuration of Cobalt RaQ2 and RaQ3 as specified in access.conf allows remote attackers to view sensitive contents of a .htaccess file.
[1083]
[20000330 Cobalt apache configuration exposes .htaccess]
[http://www.securityfocus.com/templates/advisory.html?id=2150]
[cobalt-raq-remote-access]
-
Entry
Buffer overflow in the huh program in the orville-write package allows local users to gain root privileges.
[1070]
[FreeBSD-SA-00:10]
[1263]
[freebsd-orvillewrite-bo]
-
Entry
Netscape Enterprise Server with Directory Indexing enabled allows remote attackers to list server directories via web publishing tags such as ?wp-ver-info and ?wp-cs-dump.
[1063]
[20000317 [SAFER 000317.EXP.1.5] Netscape Enterprise Server and '?wp' tags]
[netscape-server-directory-indexing]
-
Entry
Netscape Enterprise Server with Web Publishing enabled allows remote attackers to list arbitrary directories via a GET request for the /publisher directory, which provides a Java applet that allows the attacker to browse the directories.
[1075]
[http://zsh.stupidphat.com/advisory.cgi?000311-1]
[netscape-webpublisher-invalid-access]
-
Entry
Buffer overflow in the web server for Norton AntiVirus for Internet Email Gateways allows remote attackers to cause a denial of service via a long URL.
[1064]
[20000317 DoS with NAVIEG]
[nav-email-gateway-dos]
-
Entry
vqSoft vqServer program allows remote attackers to read arbitrary files via a /........../ in the URL, a variation of a .. (dot dot) attack.
[1067]
[20000321 vqserver /........../]
[http://www.vqsoft.com/vq/server/faqs/dotdotbug.html]
[270]
[vqserver-dir-traverse]
-
Entry
AnalogX SimpleServer:WWW HTTP server 1.03 allows remote attackers to cause a denial of service via a short GET request to cgi-bin.
[1076]
[20000324 AnalogX SimpleServer 1.03 Remote Crash" at:]
[http://www.analogx.com/contents/download/network/sswww.htm]
[1265]
[simpleserver-exception-dos(4189)]
-
Entry
Vulnerability in SGI IRIX objectserver daemon allows remote attackers to create user accounts.
[1079]
[20000328 Objectserver vulnerability]
[K-030]
[1267]
[20000303-01-PX]
[irix-objectserver-create-accounts(4206)]
-
Entry
IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other files, aka the "Virtualized UNC Share" vulnerability.
[1081]
[MS00-019]
[Q249599]
[iis-virtual-unc-share]
-
Entry
Unknown vulnerability in Generic-NQS (GNQS) allows local users to gain root privileges.
[1842]
[20000322 Local root compromise in GNQS 3.50.6 and 3.50.7]
[FreeBSD-SA-00:13]
[http://ftp.gnqs.org/pub/gnqs/source/by-version-number/v3.50/Generic-NQS-3.50.8-ChangeLog.txt]
[generic-nqs-local-root(4306)]
-
Entry
The AIX Fast Response Cache Accelerator (FRCA) allows local users to modify arbitrary files via the configuration capability in the frcactrl program.
[1152]
[ERS-OAR-E01-2000:075.1]
[20000426 Insecure file handling in IBM AIX frcactrl program]
[aix-frcactrl]
-
Entry
HP-UX 11.04 VirtualVault (VVOS) sends data to unprivileged processes via an interface that has multiple aliased IP addresses.
[1090]
[HPSBUX0004-112]
[hp-virtual-vault]
-
Entry
The dansie shopping cart application cart.pl allows remote attackers to execute commands via a shell metacharacters in a form variable.
[1115]
[20000411 Back Door in Commercial Shopping Cart]
[dansie-shell-metacharacters(4975)]
-
Entry
The dansie shopping cart application cart.pl allows remote attackers to modify sensitive purchase information via hidden form fields.
[1115]
[20000411 Re: Back Door in Commercial Shopping Cart]
[shopping-cart-form-tampering(4621)]
-
Entry
The dansie shopping cart application cart.pl allows remote attackers to obtain the shopping cart database and configuration information via a URL that references either the env, db, or vars form variables.
[1115]
[20000411 Re: Back Door in Commercial Shopping Cart]
[dansie-form-variables(4954)]
-
Entry
The Nbase-Xyplex EdgeBlaster router allows remote attackers to cause a denial of service via a scan for the FormMail CGI program.
[1091]
[20000405 SilverBack Security Advisory: Nbase-Xyplex DoS]
[nbase-xyplex-router]
-
Entry
Buffer overflow in the NetWare remote web administration utility allows remote attackers to cause a denial of service or execute commands via a long URL.
[1118]
[20000418 Novell Netware 5.1 (server 5.00h, Dec 11, 1999)...]
[netware-remote-admin-overflow]
-
Entry
IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability.
[1101]
[MS00-023]
-
Entry
Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability.
[1109]
[MS00-025]
[282]
-
Entry
The AVM KEN! web server allows remote attackers to read arbitrary files via a .. (dot dot) attack.
[1103]
[20000415 (no subject)]
[20000418 AVM's Statement]
[1282]
[ken-download-files]
-
Entry
The AVM KEN! ISDN Proxy server allows remote attackers to cause a denial of service via a malformed request.
[1103]
[20000415 (no subject)]
[20000418 AVM's Statement]
[ken-dos]
-
Entry
The X font server xfs in Red Hat Linux 6.x allows an attacker to cause a denial of service via a malformed request.
[1111]
[20000416 xfs]
[redhat-fontserver-dos]
-
Entry
Panda Security 3.0 with registry editing disabled allows users to edit the registry and gain privileges by directly executing a .reg file or using other methods.
[1119]
[20000417 bugs in Panda Security 3.0]
[http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip]
[panda-admin-privileges]
-
Entry
Panda Security 3.0 allows users to uninstall the Panda software via its Add/Remove Programs applet.
[1119]
[20000417 bugs in Panda Security 3.0]
[http://updates.pandasoftware.com/docs/us/Avoidvulnerability.zip]
[panda-uninstall-program]
-
Entry
Cisco Catalyst 5.4.x allows a user to gain access to the "enable" mode without a password.
[1122]
[20000419 Cisco Catalyst Enable Password Bypass Vulnerability]
[1288]
[cisco-catalyst-password-bypass]
-
Entry
Cisco IOS 11.x and 12.x allows remote attackers to cause a denial of service by sending the ENVIRON option to the Telnet daemon before it is ready to accept it, which causes the system to reboot.
[1123]
[20000420 Cisco IOS Software TELNET Option Handling Vulnerability]
[1289]
[cisco-ios-option-handling]
-
Entry
RealNetworks RealServer allows remote attackers to cause a denial of service by sending malformed input to the server at port 7070.
[1128]
[20000420 Remote DoS attack in Real Networks Real Server Vulnerability]
[http://service.real.com/help/faq/servg270.html]
[realserver-remote-dos]
-
Entry
PCAnywhere allows remote attackers to cause a denial of service by terminating the connection before PCAnywhere provides a login prompt.
[1095]
[20000409 A funny way to DOS pcANYWHERE8.0 and 9.0]
[pcanywhere-login-dos]
-
Entry
The Linux trustees kernel patch allows attackers to cause a denial of service by accessing a file or directory with a long name.
[1096]
[20000410 linux trustees 1.5 long path name vulnerability]
[http://www.braysystems.com/linux/trustees.html]
[linux-trustees-patch-dos]
-
Entry
BeOS 4.5 and 5.0 allow local users to cause a denial of service via malformed direct system calls using interrupt 37.
[1098]
[20000410 BeOS syscall bug]
[beos-syscall-dos]
-
Entry
Microsoft Excel 97 and 2000 does not warn the user when executing Excel Macro Language (XLM) macros in external text files, which could allow an attacker to execute a macro virus, aka the "XLM Text Macro" vulnerability.
[1087]
[MS00-022]
[1272]
-
Entry
The SalesLogix Eviewer allows remote attackers to cause a denial of service by accessing the URL for the slxweb.dll administration program, which does not authenticate the user.
[1089]
[20000331 SalesLogix Eviewer Web App Bug: URL request crashes eviewer web application]
[eviewer-admin-request-dos]
-
Entry
BeOS allows remote attackers to cause a denial of service via malformed packets whose length field is less than the length of the headers.
[1100]
[20000407 BeOS Networking DOS]
[http://bebugs.be.com/devbugs/detail.php3?oid=2505312]
[beos-networking-dos]
-
Entry
TalentSoft webpsvr daemon in the Web+ shopping cart application allows remote attackers to read arbitrary files via a .. (dot dot) attack on the webplus CGI program.
[1102]
[20000412 TalentSoft Web+ Input Validation Bug Vulnerability]
[ftp://ftp.talentsoft.com/Download/Webplus/Unix/Patches/Webplus46p%20Read%20me.html]
[talentsoft-web-input]
-
Entry
The default installation of IRIX Performance Copilot allows remote attackers to access sensitive system information via the pmcd daemon.
[1106]
[20000412 Performance Copilot for IRIX 6.5]
[irix-pmcd-info]
-
Entry
Buffer overflow in XFree86 3.3.x allows local users to execute arbitrary commands via a long -xkbmap parameter.
[1306]
[20000416 XFree86 server overflow]
[xfree86-xkbmap-parameter-bo]
-
Entry
The BizDB CGI script bizdb-search.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the dbname parameter.
[1104]
[20000412 BizDB Search Script Enables Shell Command Execution at the Server]
[http-cgi-bizdb]
-
Entry
IP masquerading in Linux 2.2.x allows remote attackers to route UDP packets through the internal interface by modifying the external source IP address and port number to match those of an established connection.
[1078]
[20000327 Security Problems with Linux 2.2.x IP Masquerading]
[20000520 Security hole in kernel < 2.2.15]
[linux-masquerading-dos]
-
Entry
Buffer overflow in Webstar HTTP server allows remote attackers to cause a denial of service via a long GET request.
[1822]
[20000331 Webstar 4.0 Buffer overflow vulnerability]
[macos-webstar-get-bo(4792)]
-
Entry
The Adtran MX2800 M13 Multiplexer allows remote attackers to cause a denial of service via a ping flood to the Ethernet interface, which causes the device to crash.
[1129]
[20000418 Adtran DoS]
[adtran-ping-dos]
-
Entry
Buffer overflow in healthd for FreeBSD allows local users to gain root privileges.
[1107]
[FreeBSD-SA-00:12]
[606]
[freebsd-healthd]
-
Entry
fcheck allows local users to gain privileges by embedding shell metacharacters into file names that are processed by fcheck.
[1086]
[20000331 fcheck v.2.7.45 and insecure use of Perl's system()]
[fcheck-shell]
-
Entry
Allaire Forums 2.0.5 allows remote attackers to bypass access restrictions to secure conferences via the rightAccessAllForums or rightModerateAllForums variables.
[ASB00-06]
[1085]
[1270]
[allaire-forums-allaccess]
-
Entry
The unattended installation of Windows 2000 with the OEMPreinstall option sets insecure permissions for the All Users and Default Users directories.
[1758]
[20000407 All Users startup folder left open if unattended install and OEMP reinstall=1]
[win2k-unattended-install(4278)]
-
Entry
Ipswitch IMAIL server 6.02 and earlier allows remote attackers to cause a denial of service via the AUTH CRAM-MD5 command.
[1094]
[20000405 Re: IMAIL (Ipswitch) DoS with Eudora (Qualcomm)]
[http://support.ipswitch.com/kb/IM-20000208-DM02.htm]
[ipswitch-imail-dos]
-
Entry
Microsoft Index Server allows remote attackers to view the source code of ASP files by appending a %20 to the filename in the CiWebHitsFile argument to the null.htw URL.
[1084]
[20000331 Alert: MS Index Server (CISADV000330)]
[MS00-006]
[271]
[http-indexserver-asp-source]
-
Entry
Quake3 Arena allows malicious server operators to read or modify files on a client via a dot dot (..) attack.
[1169]
[http://www.quake3arena.com/news/index.html]
[20000503 Vulnerability in Quake3Arena Auto-Download Feature]
[7531]
[quake3-auto-download]
-
Entry
Microsoft IIS 4.0 and 5.0 with the IISADMPWD virtual directory installed allows a remote attacker to cause a denial of service via a malformed request to the inetinfo.exe program, aka the "Undelimited .HTR Request" vulnerability.
[1191]
[20000511 Microsoft IIS Remote Denial of Service Attack]
[MS00-031]
[iis-authchangeurl-dos]
-
Entry
Windows 95, Windows 98, Windows 2000, Windows NT 4.0, and Terminal Server systems allow a remote attacker to cause a denial of service by sending a large number of identical fragmented IP packets, aka jolt2 or the "IP Fragment Reassembly" vulnerability.
[1236]
[20000519 jolt2 - Remote DoS against NT, W2K, 9x]
[MS00-029]
[ip-fragment-reassembly-dos]
-
Entry
Buffer overflow in calserver in SCO OpenServer allows remote attackers to gain root access via a long message.
[19981229 Local/remote exploit for SCO UNIX.]
[SB-99.02]
-
Entry
Vulnerability in xserver in SCO UnixWare 2.1.x and OpenServer 5.05 and earlier allows an attacker to cause a denial of service which prevents access to reserved port numbers below 1024.
[SB-99.07]
-
Entry
Insecure file permissions for Netscape FastTrack Server 2.x, Enterprise Server 2.0, and Proxy Server 2.5 in SCO UnixWare 7.0.x and 2.1.3 allow an attacker to gain root privileges.
[SB-99.08]
-
Entry
The i386 trace-trap handling in OpenBSD 2.4 with DDB enabled allows a local user to cause a denial of service.
[19990212 i386 trace-trap handling when DDB was configured could cause a system crash.]
[6126]
-
Entry
IP fragment assembly in OpenBSD 2.4 allows a remote attacker to cause a denial of service by sending a large number of fragmented packets.
[19990217 IP fragment assembly can bog the machine excessively and cause problems.]
[7539]
-
Entry
The Windows 2000 domain controller allows a malicious user to modify Active Directory information by modifying an unprotected attribute, aka the "Mixed Object Access" vulnerability.
[1145]
[MS00-026]
[ms-mixed-object]
-
Entry
Vulnerability in OpenBSD 2.6 allows a local user to change interface media configurations.
[19991109 Any user can change interface media configurations.]
[7540]
-
Entry
traceroute in NetBSD 1.3.3 and Linux systems allows local users to flood other systems by providing traceroute with a large waittime (-w) option, which is not parsed properly and sets the time delay for sending packets to zero.
[19990213 traceroute as a flooder]
[NetBSD-SA1999-004]
[7574]
-
Entry
traceroute in NetBSD 1.3.3 and Linux systems allows local unprivileged users to modify the source address of the packets, which could be used in spoofing attacks.
[19990213 traceroute as a flooder]
[NetBSD-SA1999-004]
[7575]
-
Entry
Buffer overflow in Solaris 7 lp allows local users to gain root privileges via a long -d option.
[1143]
[20000424 Solaris 7 x86 lp exploit]
[4314312]
[solaris-lp-bo]
-
Entry
Atrium Mercur Mail Server 3.2 allows local attackers to read other user's email and create arbitrary files via a dot dot (..) attack.
[1144]
[20000413 Security problems with Atrium Mercur Mailserver 3.20]
[mercur-remote-dot-attack]
-
Entry
mail.local in Sendmail 8.10.x does not properly identify the .\n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 2047 characters long and ends in .\n.
[1146]
[20000424 unsafe fgets() in sendmail's mail.local]
[sendmail-maillocal-dos]
-
Entry
Qpopper 2.53 and 3.0 does not properly identify the \n string which identifies the end of message text, which allows a remote attacker to cause a denial of service or corrupt mailboxes via a message line that is 1023 characters long and ends in \n.
[1133]
[20000421 unsafe fgets() in qpopper]
[qpopper-fgets-spoofing]
-
Entry
The passwd.php3 CGI script in the Red Hat Piranha Virtual Server Package allows local users to execute arbitrary commands via shell metacharacters.
[1149]
[20000424 piranha default password/exploit]
[RHSA-2000:014]
[piranha-passwd-execute]
-
Entry
The Microsoft Jet database engine allows an attacker to modify text files via a database query, aka the "Text I-ISAM" vulnerability.
[595]
[19990728 Alert : MS Office 97 Vulnerability]
[MS99-030]
[jet-text-isam]
-
Entry
pcAnywhere 8.x and 9.0 allows remote attackers to cause a denial of service via a TCP SYN scan, e.g. by nmap.
[1150]
[20000425 Denial of Service Against pcAnywhere.]
[20010211 Symantec pcAnywhere 9.0 DoS / Buffer Overflow]
[20010212 Re: Symantec pcAnywhere 9.0 DoS / Buffer Overflow]
[1301]
[pcanywhere-tcpsyn-dos(4347)]
-
Entry
Microsoft Virtual Machine (VM) allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, aka the "Virtual Machine Verifier" vulnerability.
[19991014 Another Microsoft Java Flaw Disovered]
[MS99-045]
[msvm-verifier-java]
-
Entry
Windows NT 4.0 generates predictable random TCP initial sequence numbers (ISN), which allows remote attackers to perform spoofing and session hijacking.
[604]
[19990824 NT Predictable Initial TCP Sequence numbers - changes observed with SP4]
[MS99-046]
[nt-sequence-prediction-sp4]
[tcp-seq-predict]
-
Entry
A Microsoft ActiveX control allows a remote attacker to execute a malicious cabinet file via an attachment and an embedded script in an HTML mail, aka the "Active Setup Control" vulnerability.
[MS99-048]
[ie-active-setup-control]
-
Entry
The networking software in Windows 95 and Windows 98 allows remote attackers to execute commands via a long file name string, aka the "File Access URL" vulnerability.
[MS99-049]
[win-fileurl-overflow]
-
Entry
Buffer overflow in Microsoft command processor (CMD.EXE) for Windows NT and Windows 2000 allows a local user to cause a denial of service via a long environment variable, aka the "Malformed Environment Variable" vulnerability.
[1135]
[20000421 CMD.EXE overflow (CISADV000420)]
[MS00-027]
[nt-cmd-overflow]
-
Entry
UltraBoard.pl or UltraBoard.cgi CGI scripts in UltraBoard 1.6 allows remote attackers to read arbitrary files via a pathname string that includes a dot dot (..) and ends with a null byte.
[1164]
[20000502 Fun with UltraBoard V1.6X]
[1309]
[4065]
[ultraboard-printabletopic-fileread]
-
Entry
The Allaire Spectra container editor preview tool does not properly enforce object security, which allows an attacker to conduct unauthorized activities via an object-method that is added to the container object with a publishing rule.
[ASB00-10]
[1181]
[allaire-spectra-container-editor-preview]
-
Entry
The resolver in glibc 2.1.3 uses predictable IDs, which allows a local attacker to spoof DNS query results.
[1166]
[20000502 glibc resolver weakness]
[glibc-resolver-id-predictable]
-
Entry
Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack.
[1232]
[CSSA-2000-009.0]
[RHSA-2000:012]
[TLSA2000010-1]
[openldap-symlink-attack]
-
Entry
Buffer overflow in Xsun X server in Solaris 7 allows local users to gain root privileges via a long -dev parameter.
[1140]
[20000424 Solaris x86 Xsun overflow.]
[4335411]
[solaris-xsun-bo]
-
Entry
Concurrent Versions Software (CVS) uses predictable temporary file names for locking, which allows local users to cause a denial of service by creating the lock directory before it is created for use by a legitimate CVS user.
[1136]
[20000423 CVS DoS]
[cvs-tempfile-dos]
-
Entry
ZoneAlarm 2.1.10 and earlier does not filter UDP packets with a source port of 67, which allows remote attackers to bypass the firewall rules.
[1137]
[20000420 ZoneAlarm]
[1294]
[zonealarm-portscan]
-
Entry
Buffer overflow in Gnomelib in SuSE Linux 6.3 allows local users to execute arbitrary commands via the DISPLAY environmental variable.
[1155]
[20000428 SuSE 6.3 Gnomelib buffer overflow]
[http://www.suse.com/us/support/download/updates/axp_63.html]
[linux-gnomelib-bo]
-
Entry
ATRIUM Cassandra NNTP Server 1.10 allows remote attackers to cause a denial of service via a long login name.
[1156]
[20000501 Remote DoS attack in CASSANDRA NNTPServer v1.10 from ATRIUM]
[nntpserver-cassandra-bo]
-
Entry
Eudora 4.x allows remote attackers to bypass the user warning for executable attachments such as .exe, .com, and .bat by using a .lnk file that refers to the attachment, aka "Stealth Attachment."
[1157]
[http://news.cnet.com/news/0-1005-200-1773077.html?tag=st.ne.fd.lthd.1005-200-1773077]
[http://www.peacefire.org/security/stealthattach/explanation.html]
[eudora-warning-message]
-
Entry
The knfsd NFS server in Linux kernel 2.2.x allows remote attackers to cause a denial of service via a negative size value.
[1160]
[20000501 Linux knfsd DoS issue]
[linux-knfsd-dos]
-
Entry
AppleShare IP 6.1 and later allows a remote attacker to read potentially sensitive information via an invalid range request to the web server.
[1162]
[20000502 INFO:AppleShare IP 6.3.2 squashes security bug]
[http://asu.info.apple.com/swupdates.nsf/artnum/n11670]
[macos-appleshare-invalid-range]
-
Entry
Windows 95 and Windows 98 allow a remote attacker to cause a denial of service via a NetBIOS session request packet with a NULL source name.
[1163]
[20000501 el8.org advisory - Win 95/98 DoS (RFParalyze.c)]
[win-netbios-source-null]
-
Entry
A vulnerability in the Sendmail configuration file sendmail.cf as installed in SCO UnixWare 7.1.0 and earlier allows an attacker to gain root privileges.
[SB-99.10]
-
Entry
Vulnerability in the passthru driver in SCO UnixWare 7.1.0 allows an attacker to cause a denial of service.
[SB-99.13]
-
Entry
A debugging feature in NetworkICE ICEcap 2.0.23 and earlier is enabled, which allows a remote attacker to bypass the weak authentication and post unencrypted events.
[1216]
[http://advice.networkice.com/advice/Support/KB/q000166/]
[http://www.securityfocus.com/templates/advisory.html?id=2220]
[312]
[netice-icecap-alert-execute]
[netice-icecap-default]
-
Entry
Some packaging commands in SCO UnixWare 7.1.0 have insecure privileges, which allows local users to add or remove software packages.
[SB-99.09]
-
Entry
Pine before version 4.21 does not properly filter shell metacharacters from URLs, which allows remote attackers to execute arbitrary commands via a malformed URL.
[810]
[19991117 Pine: expanding env vars in URLs (seems to be fixed as of 4.21)]
[CSSA-1999-036.0]
[19991227 Security hole in Pine < 4.21]
[pine-remote-exe]
-
Entry
Pine 4.x allows a remote attacker to execute arbitrary commands via an index.html file which executes lynx and obtains a uudecoded file from a malicious web server, which is then executed by Pine.
[1247]
[http://www.securiteam.com/unixfocus/HHP-Pine_remote_exploit.html]
[19990628 Execution of commands in Pine 4.x]
[19990911 Update for Pine (fixed IMAP support)]
[pine-lynx-execute-commands]
-
Entry
mirror 2.8.x in Linux systems allows remote attackers to create files one level above the local target directory.
[681]
[19990928 mirror 2.9 hole]
[19991018 Incorrect directory name handling in mirror]
[19991001 Security hole in mirror]
[mirror-perl-remote-file-creation]
-
Entry
Pluggable Authentication Modules (PAM) in Red Hat Linux 6.1 does not properly lock access to disabled NIS accounts.
[697]
[RHSA-1999:040]
[linux-pam-nis-login]
-
Entry
Buffer overflow in Trivial HTTP (THTTPd) allows remote attackers to cause a denial of service or execute arbitrary commands via a long If-Modified-Since header.
[1248]
[19991113 thttpd 2.04 stack overflow (VD#6)]
[19991116 Security hole in thttpd 1.90a - 2.04]
[thttpd-ifmodifiedsince-header-dos]
-
Entry
Buffer overflow in INN 2.2.1 and earlier allows remote attackers to cause a denial of service via a maliciously formatted article.
[1249]
[CSSA-1999-038.0]
[19991124 Security hole in inn <= 2.2.1]
[inn-remote-dos]
-
Entry
The PPP wvdial.lxdialog script in wvdial 1.4 and earlier creates a .config file with world readable permissions, which allows a local attacker in the dialout group to access login and password information.
[19991214 Security hole in wvdial <= 1.4]
[wvdial-gain-dialup-info]
-
Entry
Buffer overflows in Linux cdwtools 093 and earlier allows local users to gain root privileges.
[738]
[19991019 Security hole in cdwtools < 093]
[linux-cdda2cdr]
-
Entry
Linux cdwtools 093 and earlier allows local users to gain root privileges via the /tmp directory.
[738]
[19991019 Security hole in cdwtools < 093]
[linux-cdda2cdr]
-
Entry
dump in Debian GNU/Linux 2.1 does not properly restore symlinks, which allows a local user to modify the ownership of arbitrary files.
[1442]
[19991202 problem restoring symlinks]
[debian-dump-modify-ownership]
-
Entry
Vulnerability in eterm 0.8.8 in Debian GNU/Linux allows an attacker to gain root privileges.
[19990218 Root exploit in eterm]
[linux-eterm]
-
Entry
Classic Cisco IOS 9.1 and later allows attackers with access to the login prompt to obtain portions of the command history of previous users, which may allow the attacker to access sensitive data.
[J-009]
[19981014 Cisco IOS Command History Release at Login Prompt]
-
Entry
The IDENT server in Caldera Linux 2.3 creates multiple threads for each IDENT request, which allows remote attackers to cause a denial of service.
[1266]
[CSSA-1999-029.1]
[caldera-ident-server-dos]
-
Entry
The debug option in Caldera Linux smail allows remote attackers to execute commands via shell metacharacters in the -D option for the rmail command.
[1268]
[CSSA-1999-001.0]
[caldera-smail-rmail-command]
-
Entry
The libmediatool library used for the KDE mediatool allows local users to create arbitrary files via a symlink attack.
[1269]
[CSSA-1999-005.0]
[kde-mediatool]
-
Entry
Vulnerability in Caldera rmt command in the dump package 0.4b4 allows a local user to gain root privileges.
[CSSA-1999-014.0]
[7940]
[linux-rmt(2268)]
-
Entry
Vulnerabilities in the KDE kvt terminal program allow local users to gain root privileges.
[CSSA-1999-015.0]
[RHSA-1999:015-01]
[kde-kvt(2266)]
-
Entry
The default configuration of kdm in Caldera and Mandrake Linux, and possibly other distributions, allows XDMCP connections from any host, which allows remote attackers to obtain sensitive information or bypass additional access restrictions.
[1446]
[CSSA-1999-021.0]
[MDKSA-2002:025]
[xdmcp-kdm-default-configuration(4856)]
-
Entry
The kernel in FreeBSD 3.2 follows symbolic links when it creates core dump files, which allows local attackers to modify arbitrary files.
[FreeBSD-SA-99:04]
[6084]
-
Entry
Buffer overflow in the HTTP proxy server for the i-drive Filo software allows remote attackers to execute arbitrary commands via a long HTTP GET request.
[1324]
[20000607 Buffer Overflow in i-drive Filo (tm) software]
[idrive-filo-bo]
-
Entry
The Remote Registry server in Windows NT 4.0 allows local authenticated users to cause a denial of service via a malformed request, which causes the winlogon process to fail, aka the "Remote Registry Access Authentication" vulnerability.
[1331]
[MS00-040]
[Q264684]
[oval:org.mitre.oval:def:1021]
[nt-registry-request-dos]
-
Entry
The pam_console PAM module in Linux systems performs a chown on various devices upon a user login, but an open file descriptor for those devices can be maintained after the user logs out, which allows that user to sniff activity on these devices when subsequent users log in.
[1176]
[20000502 pam_console bug]
[linux-pam-sniff-activities]
-
Entry
The Netopia R9100 router does not prevent authenticated users from modifying SNMP tables, even if the administrator has configured it to do so.
[1177]
[20000507 Advisory: Netopia R9100 router vulnerability]
[http://www.netopia.com/equipment/purchase/fmw_update.html]
[netopia-snmp-comm-strings]
-
Entry
The IOS HTTP service in Cisco routers and switches running IOS 11.1 through 12.1 allows remote attackers to cause a denial of service by requesting a URL that contains a %% string.
[1154]
[20000426 Cisco HTTP possible bug:]
[20000514 Cisco IOS HTTP Server Vulnerability]
[1302]
[cisco-ios-http-dos]
-
Entry
The Gossamer Threads DBMan db.cgi CGI script allows remote attackers to view environmental variables and setup information by referencing a non-existing database in the db parameter.
[1178]
[20000505 Black Watch Labs Vulnerability Alert]
[http://www.perfectotech.com/blackwatchlabs/vul5_05.html]
[http-cgi-dbman-db]
-
Entry
ColdFusion ClusterCATS appends stale query string arguments to a URL during HTML redirection, which may provide sensitive information to the redirected site.
[ASB00-12]
[1179]
[allaire-clustercats-url-redirect]
-
Entry
The makelev program in the golddig game from the FreeBSD ports collection allows local users to overwrite arbitrary files.
[1184]
[FreeBSD-SA-00:16]
[golddig-overwrite-files]
-
Entry
Buffer overflow in FreeBSD libmytinfo library allows local users to execute commands via a long TERMCAP environmental variable.
[1185]
[FreeBSD-SA-00:17]
[libmytinfo-bo]
-
Entry
Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges.
[1220]
[20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS]
[CA-2000-06]
[FreeBSD-SA-00:20]
[RHSA-2000:025]
[kerberos-krb-rd-req-bo]
-
Entry
Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges.
[1220]
[20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS]
[CA-2000-06]
[FreeBSD-SA-00:20]
[4884]
[RHSA-2000:025]
[kerberos-krb425-conv-principal-bo]
-
Entry
Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges.
[1220]
[20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS]
[CA-2000-06]
[FreeBSD-SA-00:20]
[4876]
[RHSA-2000:025]
[kerberos-krshd-bo]
-
Entry
Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges.
[1220]
[20000516 BUFFER OVERRUN VULNERABILITIES IN KERBEROS]
[CA-2000-06]
[FreeBSD-SA-00:20]
[RHSA-2000:025]
[kerberos-ksu-bo]
-
Entry
The KDE kscd program does not drop privileges when executing a program specified in a user's SHELL environmental variable, which allows the user to gain privileges by specifying an alternate program to execute.
[1206]
[20000516 kscd vulnerability]
[20000529 kmulti <= 1.1.2]
[kscd-shell-env-variable]
-
Entry
NetProwler 3.0 allows remote attackers to cause a denial of service by sending malformed IP packets that trigger NetProwler's Man-in-the-Middle signature.
[1225]
[20000519 RFP2K05: NetProwler vs. RFProwler]
[20000522 RFP2K05 - NetProwler "Fragmentation" Issue]
[axent-netprowler-ipfrag-dos]
-
Entry
Buffer overflow in CProxy 3.3 allows remote users to cause a denial of service via a long HTTP request.
[1213]
[20000516 CProxy v3.3 SP 2 DoS]
[cproxy-http-dos]
-
Entry
The add.exe program in the Carello shopping cart software allows remote attackers to duplicate files on the server, which could allow the attacker to read source code for web scripts such as .ASP files.
[1245]
[20000524 Alert: Carello File Creation flaw]
[carello-file-duplication]
-
Entry
The EMURL web-based email account software encodes predictable identifiers in user session URLs, which allows a remote attacker to access a user's email account.
[1203]
[20000515 Vulnerability in EMURL-based e-mail providers]
[emurl-account-access]
-
Entry
Buffer overflow in wconsole.dll in Rockliffe MailSite Management Agent allows remote attackers to execute arbitrary commands via a long query_string parameter in the HTTP GET request.
[1244]
[20000524 Alert: Buffer overflow in Rockliffe's MailSite]
[mailsite-get-overflow]
-
Entry
Buffer overflow in MDaemon POP server allows remote attackers to cause a denial of service via a long user name.
[1250]
[20000524 Deerfield Communications MDaemon Mail Server DoS]
[deerfield-mdaemon-dos]
-
Entry
The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service Pack Password" vulnerability.
[1281]
[MS00-035]
[Q263968]
[mssql-agent-stored-pw]
[mssql-sa-pw-in-sqlsplog]
-
Entry
The CIFS Computer Browser service on Windows NT 4.0 allows a remote attacker to cause a denial of service by sending a large number of host announcement requests to the master browse tables, aka the "HostAnnouncement Flooding" or "HostAnnouncement Frame" vulnerability.
[1261]
[MS00-036]
[Q263307]
[win-browser-hostannouncement]
-
Entry
The CIFS Computer Browser service allows remote attackers to cause a denial of service by sending a ResetBrowser frame to the Master Browser, aka the "ResetBrowser Frame" vulnerability.
[1262]
[MS00-036]
[Q262694]
[win-browser-reset-frame]
-
Entry
Buffer overflow in L0pht AntiSniff allows remote attackers to execute arbitrary commands via a malformed DNS response packet.
[1207]
[20000515 AntiSniff version 1.01 and Researchers version 1 DNS overflow]
[3179]
[antisniff-dns-overflow]
-
Entry
Netscape Communicator before version 4.73 and Navigator 4.07 do not properly validate SSL certificates, which allows remote attackers to steal information by redirecting traffic from a legitimate web server to their own malicious server, aka the "Acros-Suencksen SSL" vulnerability.
[1188]
[CA-2000-05]
[http://www.acrossecurity.com/aspr/ASPR-2000-04-06-1-PUB.txt]
[RHSA-2000:028]
[netscape-invalid-ssl-sessions]
-
Entry
Buffer overflow in Solaris netpr program allows local users to execute arbitrary commands via a long -p option.
[1200]
[20000512 New Solaris root exploit for /usr/lib/lp/bin/netpr]
[sol-netpr-bo]
-
Entry
IIS 4.05 and 5.0 allow remote attackers to cause a denial of service via a long, complex URL that appears to contain a large number of file extensions, aka the "Malformed Extension Data in URL" vulnerability.
[1190]
[http://www.ussrback.com/labs40.html]
[MS00-030]
[Q260205]
[iis-url-extension-data-dos]
-
Entry
Netscape 4.73 and earlier follows symlinks when it imports a new certificate, which allows local users to overwrite files of the user importing the certificate.
[1201]
[20000510 Possible symlink problems with Netscape 4.73]
[netscape-import-certificate-symlink]
-
Entry
ColdFusion Server 4.5.1 allows remote attackers to cause a denial of service by making repeated requests to a CFCACHE tagged cache file that is not stored in memory.
[1192]
[20000510 Cold Fusion Server 4.5.1 DoS Vulnerability.]
[coldfusion-cfcache-dos]
-
Entry
Matt Wright's FormMail CGI script allows remote attackers to obtain environmental variables via the env_report parameter.
[1187]
[20000510 Black Watch Labs Vulnerability Alert]
[http://www.perfectotech.com/blackwatchlabs/vul5_10.html]
[http-cgi-formmail-environment]
-
Entry
Vulnerability in shutdown command for HP-UX 11.X and 10.X allows allows local users to gain privileges via malformed input variables.
[1214]
[HPSBUX0005-113]
[hp-shutdown-privileges]
-
Entry
NTMail 5.x allows network users to bypass the NTMail proxy restrictions by redirecting their requests to NTMail's web configuration server.
[1196]
[20000511 NTMail Proxy Exploit]
[http://www.gordano.com/support/archives/ntmail/2000-05/00001114.htm]
[ntmail-bypass-proxy]
-
Entry
The HTTP administration interface to the Cayman 3220-H DSL router allows remote attackers to cause a denial of service via a long username or password.
[1219]
[20000505 Cayman 3220-H DSL Router DOS]
[20000523 Cayman 3220H DSL Router Software Update and New Bonus Attack]
[cayman-router-dos]
-
Entry
The Cayman 3220-H DSL router allows remote attackers to cause a denial of service via oversized ICMP echo (ping) requests.
[1240]
[20000523 Cayman 3220H DSL Router Software Update and New Bonus Attack]
[cayman-dsl-dos]
-
Entry
The Office 2000 UA ActiveX Control is marked as "safe for scripting," which allows remote attackers to conduct unauthorized activities via the "Show Me" function in Office Help, aka the "Office 2000 UA Control" vulnerability.
[1197]
[CA-2000-07]
[MS00-034]
[Q262767]
[office-ua-control]
-
Entry
The process_bug.cgi script in Bugzilla allows remote attackers to execute arbitrary commands via shell metacharacters.
[1199]
[20000510 Advisory: Unchecked system(blaat $var blaat) call in Bugzilla 2.8]
[bugzilla-unchecked-system-call]
-
Entry
The CGI counter 4.0.7 by George Burgyan allows remote attackers to execute arbitrary commands via shell metacharacters.
[1202]
[20000514 Vulnerability in CGI counter 4.0.7 by George Burgyan]
[http-cgi-burgyan-counter]
-
Entry
Buffer overflow in the Web Archives component of L-Soft LISTSERV 1.8 allows remote attackers to execute arbitrary commands.
[1167]
[20000505 Alert: Listserv Web Archives (wa) buffer overflow]
[http://www.lsoft.com/news/default.asp?item=Advisory0]
[http-cgi-listserv-wa-bo]
-
Entry
UltraBoard 1.6 and other versions allow remote attackers to cause a denial of service by referencing UltraBoard in the Session parameter, which causes UltraBoard to fork copies of itself.
[1175]
[20000505 Re: Fun with UltraBoard V1.6X]
[ultraboard-cgi-dos]
-
Entry
The Aladdin Knowledge Systems eToken device allows attackers with physical access to the device to obtain sensitive information without knowing the PIN of the owner by resetting the PIN in the EEPROM.
[1170]
[20000504 eToken Private Information Extraction and Physical Attack]
[3266]
[aladdin-etoken-pin-reset]
-
Entry
Buffer overflow in the SMTP gateway for InterScan Virus Wall 3.32 and earlier allows a remote attacker to execute arbitrary commands via a long filename for a uuencoded attachment.
[1168]
[20000503 Trend Micro InterScan VirusWall Remote Overflow]
[interscan-viruswall-bo]
-
Entry
Cart32 allows remote attackers to access sensitive debugging information by appending /expdate to the URL request.
[1358]
[20000503 Another interesting Cart32 command]
[cart32-expdate]
-
Entry
Cobalt RaQ2 and RaQ3 does not properly set the access permissions and ownership for files that are uploaded via FrontPage, which allows attackers to bypass cgiwrap and modify files.
[1238]
[20000522 Problem with FrontPage on Cobalt RaQ2/RaQ3]
[20000525 Cobalt Networks - Security Advisory - Frontpage]
[http://archives.neohapsis.com/archives/bugtraq/2000-05/0305.html]
[1346]
[cobalt-cgiwrap-bypass]
-
Entry
The calender.pl and the calendar_admin.pl calendar scripts by Matt Kruse allow remote attackers to execute arbitrary commands via shell metacharacters.
[1215]
[20000516 Vuln in calender.pl (Matt Kruse calender script)]
[http-cgi-calendar-execute]
-
Entry
The allmanageup.pl file upload CGI script in the Allmanage Website administration software 2.6 can be called directly by remote attackers, which allows them to modify user accounts or web pages.
[1217]
[20000516 Allmanage.pl Vulnerabilities]
[1337]
[http-cgi-allmanage-account-access]
-
Entry
MetaProducts Offline Explorer 1.2 and earlier allows remote attackers to access arbitrary files via a .. (dot dot) attack.
[1231]
[20000522 MetaProducts Offline Explorer Directory Traversal Vulnerability]
[http://www.metaproducts.com/mpOE-HY.html]
[offline-explorer-directory-traversal]
-
Entry
Buffer overflow in the CyberPatrol daemon "cyberdaemon" used in gauntlet and WebShield allows remote attackers to cause a denial of service or execute arbitrary commands.
[1234]
[20000522 Gauntlet CyberPatrol Buffer Overflow]
[http://www.pgp.com/jump/gauntlet_advisory.asp]
[http://www.tis.com/support/cyberadvisory.html]
[322]
[gauntlet-cyberdaemon-bo]
-
Entry
Buffer overflow in fdmount on Linux systems allows local users in the "floppy" group to execute arbitrary commands via a long mountpoint parameter.
[1239]
[20000522 fdmount buffer overflow]
[linux-fdmount-bo]
-
Entry
Internet Explorer 4.0 and 5.0 allows a malicious web site to obtain client cookies from another domain by including that domain name and escaped characters in a URL, aka the "Unauthorized Cookie Access" vulnerability.
[1194]
[20000510 IE Domain Confusion Vulnerability]
[20000511 IE Domain Confusion Vulnerability is an Email problem also]
[MS00-033]
[1326]
[ie-cookie-disclosure(4447)]
-
Entry
NetBSD 1.4.2 and earlier allows remote attackers to cause a denial of service by sending a packet with an unaligned IP timestamp option.
[1173]
[20000506 [NHC20000504a.0: NetBSD Panics when sent unaligned IP options]]
[FreeBSD-SA-00:23]
[NetBSD-SA2000-002]
[netbsd-unaligned-ip-options]
-
Entry
Vulnerability in AIX 3.2.x and 4.x allows local users to gain write access to files on locally or remotely mounted AIX filesystems.
[1241]
[ERS-OAR-E01-2000:087.1]
[aix-local-filesystem]
-
Entry
Qpopper 2.53 and earlier allows local users to gain privileges via a formatting string in the From: header, which is processed by the euidl command.
[1242]
[20000523 Qpopper 2.53 remote problem, user can gain gid=mail]
[20000608 pop <= 2000.3.4]
[qualcomm-qpopper-euidl]
-
Entry
The web interface server in HP Web JetAdmin 5.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
[1243]
[20000524 HP Web JetAdmin Version 5.6 Web interface Server Directory Traversal Vulnerability]
[1350]
[hp-jetadmin-directory-traversal]
-
Entry
The pgpk command in PGP 5.x on Unix systems uses an insufficiently random data source for non-interactive key pair generation, which may produce predictable keys.
[1251]
[20000523 Key Generation Security Flaw in PGP 5.0]
[CA-2000-09]
[1355]
[pgp-key-predictable]
-
Entry
Buffer overflow in MDBMS database server allows remote attackers to execute arbitrary commands via a long string.
[1252]
[20000524 Remote xploit for MDBMS]
[mdbms-bo]
-
Entry
Buffer overflow in WebShield SMTP 4.5.44 allows remote attackers to execute arbitrary commands via a long configuration parameter to the WebShield remote management service.
[1254]
[20000525 DST2K0003 : Buffer Overrun in NAI WebShield SMTP v4.5.44 Managem ent Tool]
[327]
[nai-webshield-bo]
-
Entry
The WebShield SMTP Management Tool version 4.5.44 does not properly restrict access to the management port when an IP address does not resolve to a hostname, which allows remote attackers to access the configuration via the GET_CONFIG command.
[1253]
[20000525 DST2K0003 : Buffer Overrun in NAI WebShield SMTP v4.5.44 Managem ent Tool]
[326]
[nai-webshield-getconfig]
-
Entry
The Intel express 8100 ISDN router allows remote attackers to cause a denial of service via oversized or fragmented ICMP packets.
[1228]
[20000518 Remote Dos attack against Intel express 8100 router]
[intel-8100-remote-dos]
-
Entry
Buffer overflow in the ESMTP service of Lotus Domino Server 5.0.1 allows remote attackers to cause a denial of service via a long MAIL FROM command.
[1229]
[20000518 Lotus ESMTP Service (Lotus Domino Release 5.0.1 (Intl))]
[321]
[lotus-domino-esmtp-bo]
-
Entry
XFree86 3.3.x and 4.0 allows a user to cause a denial of service via a negative counter value in a malformed TCP packet that is sent to port 6000.
[1235]
[20000518 Nasty XFree Xserver DoS]
[CSSA-2000-012.0]
-
Entry
Buffer overflow in Linux cdrecord allows local users to gain privileges via the dev parameter.
[1265]
[20000527 Mandrake 7.0: /usr/bin/cdrecord gid=80 (strike #2)]
[20000603 [Gael Duval ] [Security Announce] cdrecord]
[20000607 Conectiva Linux Security Announcement - cdrecord]
[linux-cdrecord-execute]
-
Entry
Buffer overflow in xlockmore xlock program version 4.16 and earlier allows local users to read sensitive data from memory via a long -mode option.
[1267]
[20000529 Initialized Data Overflow in Xlock]
[NetBSD-SA2000-003]
[TLSA2000012-1]
[xlock-bo-read-passwd]
-
Entry
NetBSD 1.4.2 and earlier allows local users to cause a denial of service by repeatedly running certain system calls in the kernel which do not yield the CPU, aka "cpu-hog".
[1272]
[NetBSD-SA2000-005]
[1365]
[bsd-syscall-cpu-dos]
-
Entry
ISM.DLL in IIS 4.0 and 5.0 allows remote attackers to read file contents by requesting the file and appending a large number of encoded spaces (%20) and terminated with a .htr extension, aka the ".HTR File Fragment Reading" or "File Fragment Reading via .HTR" vulnerability.
[1193]
[20000511 Alert: IIS ism.dll exposes file contents]
[MS00-031]
[iis-ism-file-access(4448)]
-
Entry
The MSWordView application in IMP creates world-readable files in the /tmp directory, which allows other local users to read potentially sensitive information.
[1360]
[20000424 Two Problems in IMP 2]
[imp-tmpfile-view]
-
Entry
IMP does not remove files properly if the MSWordView application quits, which allows local users to cause a denial of service by filling up the disk space by requesting a large number of documents and prematurely stopping the request.
[1361]
[20000424 Two Problems in IMP 2]
[imp-wordfile-dos]
-
Entry
Buffer overflow in KDE kdesud on Linux allows local uses to gain privileges via a long DISPLAY environmental variable.
[1274]
[20000526 KDE: /usr/bin/kdesud, gid = 0 exploit]
[kde-display-environment-overflow]
-
Entry
The undocumented semconfig system call in BSD freezes the state of semaphores, which allows local users to cause a denial of service of the semaphore system by using the semconfig call.
[1270]
[FreeBSD-SA-00:19]
[NetBSD-SA2000-004]
[20000526]
[bsd-semaphore-dos]
-
Entry
ftpd in NetBSD 1.4.2 does not properly parse entries in /etc/ftpchroot and does not chroot the specified users, which allows those users to access other files outside of their home directory.
[1273]
[NetBSD-SA2000-006]
[1366]
[netbsd-ftpchroot-parsing]
-
Entry
BeOS 5.0 allows remote attackers to cause a denial of service via fragmented TCP packets.
[1222]
[20000517 AUX Security Advisory on Be/OS 5.0 (DoS)]
[beos-tcp-frag-dos]
-
Entry
Internet Explorer 4.x and 5.x allows remote attackers to execute arbitrary commands via a buffer overflow in the ActiveX parameter parsing capability, aka the "Malformed Component Attribute" vulnerability.
[1223]
[MS00-033]
[Q261257]
[ie-malformed-component-attribute]
-
Entry
Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files via the frame, aka the "Frame Domain Verification" vulnerability.
[1224]
[MS00-033]
[Q251108]
[Q255676]
[ie-frame-domain-verification]
-
Entry
AIX cdmount allows local users to gain root privileges via shell metacharacters.
[1384]
[20000620 Insecure call of external program in AIX cdmount]
[aix-cdmount-insecure-call]
-
Entry
Buffer overflow in Linux splitvt 1.6.3 and earlier allows local users to gain root privileges via a long password in the screen locking function.
[1346]
[20000614 Splitvt exploit]
[20000605a]
[splitvt-screen-lock-bo]
-
Entry
man in HP-UX 10.20 and 11 allows local attackers to overwrite files via a symlink attack.
[1302]
[20000601 HP Security vulnerability in the man command]
[hp-man-file-overwrite]
-
Entry
Selena Sol WebBanner 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
[1347]
[20000613 CGI: Selena Sol's WebBanner ( Random Banner Generator ) Vulnerability]
[20000620 Re: CGI: Selena Sol's WebBanner ( Random Banner Generator ) Vulnerability]
[webbanner-input-validation-exe]
-
Entry
Allegro RomPager HTTP server allows remote attackers to cause a denial of service via a malformed authentication request.
[1290]
[20000601 Hardware Exploit - Gets network Down]
[rompager-malformed-dos(4588)]
-
Entry
Buffer overflow in ufsrestore in Solaris 8 and earlier allows local users to gain root privileges via a long pathname.
[1348]
[20000614 Vulnerability in Solaris ufsrestore]
[VU#36866]
[1398]
[00210]
[4339366]
[sol-ufsrestore-bo(4711)]
-
Entry
Buffer overflow in innd 2.2.2 allows remote attackers to execute arbitrary commands via a cancel request containing a long message ID.
[1316]
[20000106 innd 2.2.2 remote buffer overflow]
[20000707 inn update]
[20000721 [ANNOUNCE] INN 2.2.3 available]
[20000722 MDKSA-2000:023 inn update]
[CSSA-2000-016.0]
[innd-cancel-overflow(4615)]
-
Entry
Real Networks RealServer 7.x allows remote attackers to cause a denial of service via a malformed request for a page in the viewsource directory.
[1288]
[20000601 Remote DoS attack in Real Networks Real Server (Strike #2) Vulnerability]
[20000601 Remote DoS attack in RealServer: USSR-2000043]
[realserver-malformed-remote-dos(4587)]
-
Entry
Windows 2000 allows a local user process to access another user's desktop within the same windows station, aka the "Desktop Separation" vulnerability.
[1350]
[MS00-020]
[win2k-desktop-separation(4714)]
-
Entry
Buffer overflow in Norton Antivirus for Exchange (NavExchange) allows remote attackers to cause a denial of service via a .zip file that contains long file names.
[1351]
[20000614 Vulnerabilities in Norton Antivirus for Exchange]
[antivirus-nav-zip-bo(4710)]
-
Entry
In some cases, Norton Antivirus for Exchange (NavExchange) enters a "fail-open" state which allows viruses to pass through the server.
[1351]
[20000614 Vulnerabilities in Norton Antivirus for Exchange]
[6266]
[antivirus-nav-fail-open(4709)]
-
Entry
Buffer overflow in KDE Kmail allows a remote attacker to cause a denial of service via an attachment with a long file name.
[1380]
[20000601 Kmail heap overflow]
[kde-kmail-attachment-dos(4993)]
-
Entry
Check Point Firewall-1 allows remote attackers to cause a denial of service by sending a large number of malformed fragmented IP packets.
[1312]
[20000605 FW-1 IP Fragmentation Vulnerability]
[http://www.checkpoint.com/techsupport/alerts/list_vun.html#IP_Fragmentation]
[1379]
[fw1-packet-fragment-dos(4609)]
-
Entry
The DocumentTemplate package in Zope 2.2 and earlier allows a remote attacker to modify DTMLDocuments or DTMLMethods without authorization.
[1354]
[20000615 [Brian@digicool.com: [Zope] Zope security alert and 2.1.7 update [*important*]]]
[20000728 MDKSA-2000:026 Zope update]
[2000615 Conectiva Linux Security Announcement - ZOPE]
[http://www.zope.org/Products/Zope/Hotfix_06_16_2000/security_alert]
[FreeBSD-SA-00:38]
[RHSA-2000:038]
[zope-dtml-remote-modify(4716)]
-
Entry
Small HTTP Server ver 3.06 contains a memory corruption bug causing a memory overflow. The overflowed buffer crashes into a Structured Exception Handler resulting in a Denial of Service.
[1355]
[20000616 Remote DoS Attack in Small HTTP Server ver. 1.212 Vulnerability]
[https://gist.github.com/0xHop/66609ec1e243b913361e1acfa5253806]
[20000616 Remote DoS Attack in Small HTTP Server ver. 1.212 Vulnerability]
[small-http-get-overflow-dos(4692)]
-
Entry
Microsoft SQL Server allows local users to obtain database passwords via the Data Transformation Service (DTS) package Properties dialog, aka the "DTS Password" vulnerability.
[1292]
[20000530 Fw: Steal Passwords Using SQL Server EM]
[MS00-041]
[mssql-dts-reveal-passwords(4582)]
-
Entry
Buffer overflow in Cisco TACACS+ tac_plus server allows remote attackers to cause a denial of service via a malformed packet with a long length field.
[1293]
[20000530 An Analysis of the TACACS+ Protocol and its Implementations]
[http://archives.neohapsis.com/archives/bugtraq/2000-05/0370.html]
[tacacsplus-packet-length-dos(4985)]
-
Entry
Buffer overflow in ITHouse mail server 1.04 allows remote attackers to execute arbitrary commands via a long RCPT TO mail command.
[1285]
[20000601 DST2K0007: Buffer Overrun in ITHouse Mail Server v1.04]
[ithouse-rcpt-overflow(4580)]
-
Entry
FreeBSD, NetBSD, and OpenBSD allow an attacker to cause a denial of service by creating a large number of socket pairs using the socketpair function, setting a large buffer size via setsockopt, then writing large buffers.
[622]
[19990826 Local DoS in FreeBSD]
[20000601 Local FreeBSD, Openbsd, NetBSD, DoS Vulnerability - Mac OS X affected]
[bsd-setsockopt-dos(3298)]
-
Entry
Buffer overflow in the NetWin DSMTP 2.7q in the NetWin dmail package allows remote attackers to execute arbitrary commands via a long ETRN request.
[1297]
[20000601 Netwin's Dmail package]
[http://netwinsite.com/dmail/security.htm]
[dmail-etrn-dos(4579)]
-
Entry
Buffer overflow in Simple Network Time Sync (SMTS) daemon allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long string.
[1289]
[20000601 Vulnerability in SNTS]
[timesync-bo-execute(4602)]
-
Entry
Veritas Volume Manager creates a world writable .server_pids file, which allows local users to add arbitrary commands into the file, which is then executed by the vmsa_server script.
[1356]
[20000616 Veritas Volume Manager 3.0.x hole]
[http://seer.support.veritas.com/tnotes/volumeman/230053.htm]
[veritas-volume-manager]
-
Entry
Microsoft Windows Media Encoder allows remote attackers to cause a denial of service via a malformed request, aka the "Malformed Windows Media Encoder Request" vulnerability.
[1282]
[MS00-038]
[ms-malformed-media-dos(4585)]
-
Entry
IBM WebSphere server 3.0.2 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.
[1328]
[http://www-4.ibm.com/software/webservers/appserv/efix.html]
[20000612 IBM WebSphere JSP showcode vulnerability]
[websphere-jsp-source-read]
-
Entry
Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.
[1328]
[20000608 Potential vulnerability in Unify eWave ServletExec]
[ewave-servletexec-jsp-source-read(4649)]
-
Entry
The default configuration of BEA WebLogic 3.1.8 through 4.5.1 allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case.
[1328]
[http://developer.bea.com/alerts/security_000612.html]
[20000612 BEA WebLogic JSP showcode vulnerability]
[weblogic-jsp-source-read(4694)]
-
Entry
The default configuration of BEA WebLogic 5.1.0 allows a remote attacker to view source code of programs by requesting a URL beginning with /file/, which causes the default servlet to display the file without further processing.
[1378]
[20000621 BEA WebLogic /file/ showcode vulnerability]
[http://www.weblogic.com/docs51/admindocs/http.html#file]
[weblogic-file-source-read(4775)]
-
Entry
Race condition in MDaemon 2.8.5.0 POP server allows local users to cause a denial of service by entering a UIDL command and quickly exiting the server.
[1366]
[20000616 mdaemon 2.8.5.0 WinNT and Win9x remote DoS]
[mdaemon-pass-dos(4745)]
-
Entry
Mcafee VirusScan 4.03 does not properly restrict access to the alert text file before it is sent to the Central Alert Server, which allows local users to modify alerts in an arbitrary fashion.
[1326]
[20000607 Mcafee Alerting DOS vulnerability]
[6287]
[mcafee-alerting-dos(4641)]
-
Entry
libICE in XFree86 allows remote attackers to cause a denial of service by specifying a large value which is not properly checked by the SKIP_STRING macro.
[1369]
[20000619 XFree86: libICE DoS]
[http://www.xfree86.org/security/]
[linux-libice-dos]
-
Entry
The Apache 1.3.x HTTP server for Windows platforms allows remote attackers to list directory contents by requesting a URL containing a large number of / characters.
[1284]
[20000603 Re: IBM HTTP SERVER / APACHE]
[[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/]
[[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/]
[[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[ibm-http-file-retrieve(4575)]
-
Entry
The "capabilities" feature in Linux before 2.2.16 allows local users to cause a denial of service or gain privileges by setting the capabilities to prevent a setuid program from dropping privileges, aka the "Linux kernel setuid/setcap vulnerability."
[1322]
[20000608 CONECTIVA LINUX SECURITY ANNOUNCEMENT - kernel]
[20000609 Sendmail & procmail local root exploits on Linux kernel up to 2.2.16pre5]
[20000609 Trustix Security Advisory]
[RHSA-2000:037]
[20000802-01-P]
[TLSA2000013-1]
[linux-kernel-capabilities]
-
Entry
Imate Webmail Server 2.5 allows remote attackers to cause a denial of service via a long HELO command.
[1286]
[20000601 DST2K0006: Denial of Service Possibility in Imate WebMail Server]
[nt-webmail-dos(4586)]
-
Entry
rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to cause a denial of service via a malformed request.
[1372]
[20000608 Remote DOS in linux rpc.lockd]
[linux-lockd-remote-dos(5050)]
-
Entry
CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a malformed IPP request.
[1373]
[20000620 CUPS DoS Bugs]
[ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch]
[debian-cups-malformed-ipp(4846)]
-
Entry
CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service via a CGI POST request.
[1373]
[20000620 CUPS DoS Bugs]
[ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch]
[debian-cups-posts(4846)]
-
Entry
CUPS (Common Unix Printing System) 1.04 and earlier does not properly delete request files, which allows a remote attacker to cause a denial of service.
[1373]
[20000620 CUPS DoS Bugs]
[ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch]
[debian-cups-posts(4846)]
-
Entry
CUPS (Common Unix Printing System) 1.04 and earlier allows remote attackers to cause a denial of service by authenticating with a user name that does not exist or does not have a shadow password.
[1373]
[20000620 CUPS DoS Bugs]
[ftp://ftp.easysw.com/pub/cups/1.0.5/cups-DoS.patch]
[debian-cups-posts(4846)]
-
Entry
GSSFTP FTP daemon in Kerberos 5 1.1.x does not properly restrict access to some FTP commands, which allows remote attackers to cause a denial of service, and local users to gain root privileges.
[1374]
[20000614 Security Advisory: REMOTE ROOT VULNERABILITY IN GSSFTP DAEMON]
[http://web.mit.edu/kerberos/www/advisories/ftp.txt]
[4885]
[kerberos-gssftpd-dos(4734)]
-
Entry
The snmpd.conf configuration file for the SNMP daemon (snmpd) in HP-UX 11.0 is world writable, which allows local users to modify SNMP configuration or gain privileges.
[1327]
[20000607 [ Hackerslab bug_paper ] HP-UX SNMP daemon vulnerability]
[20000608 Re: HP-UX SNMP daemon vulnerability]
[hpux-snmp-daemon(4643)]
-
Entry
When configured to store configuration information in an LDAP directory, Shiva Access Manager 5.0.0 stores the root DN (Distinguished Name) name and password in cleartext in a file that is world readable, which allows local users to compromise the LDAP server.
[1329]
[20000606 Shiva Access Manager 5.0.0 Plaintext LDAP root password.]
[shiva-plaintext-ldap-password(4612)]
-
Entry
Netscape 4.73 and earlier does not properly warn users about a potentially invalid certificate if the user has previously accepted the certificate for a different web site, which could allow remote attackers to spoof a legitimate web site by compromising that site's DNS information.
[1260]
[CA-2000-08]
[netscape-ssl-certificate(4550)]
-
Entry
Internet Explorer 4.x and 5.x does not properly verify all contents of an SSL certificate if a connection is made to the server via an image or a frame, aka one of two different "SSL Certificate Validation" vulnerabilities.
[1309]
[CA-2000-10]
[http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt]
[MS00-039]
[ie-invalid-frame-image-certificate(4624)]
-
Entry
Internet Explorer 4.x and 5.x does not properly re-validate an SSL certificate if the user establishes a new SSL session with the same server during the same Internet Explorer session, aka one of two different "SSL Certificate Validation" vulnerabilities.
[1309]
[CA-2000-10]
[http://www.acrossecurity.com/aspr/ASPR-1999-12-15-1-PUB.txt]
[MS00-039]
[ie-revalidate-certificate(4627)]
-
Entry
Savant web server allows remote attackers to read source code of CGI scripts via a GET request that does not include the HTTP version number.
[1313]
[20000605 MDMA Advisory #5: Reading of CGI Scripts under Savant Webserver]
[savant-source-read(4616)]
-
Entry
RSA ACE/Server allows remote attackers to cause a denial of service by flooding the server's authentication request port with UDP packets, which causes the server to crash.
[1332]
[20000608 Potential DoS Attack on RSA's ACE/Server]
[20000714 Re: RSA Aceserver UDP Flood Vulnerability]
[ftp://ftp.securid.com/support/outgoing/dos/readme.txt]
[aceserver-udp-packet-dos(5053)]
-
Entry
Buffer overflow in the logging feature of EServ 2.9.2 and earlier allows an attacker to execute arbitrary commands via a long MKD command.
[1315]
[20000606 MDMA Advisory #6: EServ Logging Heap Overflow Vulnerability]
[eserv-logging-overflow(4614)]
-
Entry
OpenSSH does not properly drop privileges when the UseLogin option is enabled, which allows local users to execute arbitrary commands by providing the command to the ssh daemon.
[1334]
[20000609 OpenSSH's UseLogin option allows remote access with root privilege.]
[20000606 The non-default UseLogin feature in /etc/sshd_config is broken and should not be used.]
[341]
[openssh-uselogin-remote-exec(4646)]
-
Entry
Net Tools PKI Server does not properly restrict access to remote attackers when the XUDA template files do not contain absolute pathnames for other files.
[1364]
[20000619 Net Tools PKI server exploits]
[ftp://ftp.tis.com/gauntlet/hide/pki/hotfix.txt]
[4353]
[nettools-pki-unauthenticated-access(4743)]
-
Entry
Net Tools PKI Server allows remote attackers to cause a denial of service via a long HTTP request.
[1363]
[20000619 Net Tools PKI server exploits]
[ftp://ftp.tis.com/gauntlet/hide/pki/hotfix.txt]
[4352]
[nettools-pki-http-bo(4744)]
-
Entry
The KApplication class in the KDE 1.1.2 configuration file management capability allows local users to overwrite arbitrary files.
[1291]
[20000531 KDE::KApplication feature?]
[CSSA-2000-015.0]
[RHSA-2000:032]
[kde-configuration-file-creation(4583)]
-
Entry
A FreeBSD patch for SSH on 2000-01-14 configures ssh to listen on port 722 as well as port 22, which might allow remote attackers to access SSH through port 722 even if port 22 is otherwise filtered.
[1323]
[FreeBSD-SA-00:21]
[1387]
[freebsd-ssh-ports(4638)]
-
Entry
Vulnerability in cvconnect in SGI IRIX WorkShop allows local users to overwrite arbitrary files.
[1379]
[20000601-01-P]
[irix-workshop-cvconnect-overwrite(4725)]
-
Entry
The apsfilter software in the FreeBSD ports package does not properly read user filter configurations, which allows local users to execute commands as the lpd user.
[1325]
[FreeBSD-SA-00:22]
[1389]
[apsfilter-elevate-privileges(4617)]
-
Entry
xinetd 2.1.8.x does not properly restrict connections if hostnames are used for access control and the connecting host does not have a reverse DNS entry.
[1381]
[http://www.synack.net/xinetd/]
[20000619 xinetd: bug in access control mechanism]
[xinetd-improper-restrictions(4986)]
-
Entry
BRU backup software allows local users to append data to arbitrary files by specifying an alternate configuration file with the BRUEXECLOG environmental variable.
[1321]
[20000606 BRU Vulnerability]
[CSSA-2000-018.0]
[bru-execlog-env-variable(4644)]
-
Entry
ColdFusion Administrator for ColdFusion 4.5.1 and earlier allows remote attackers to cause a denial of service via a long login password.
[ASB00-14]
[1314]
[20000607 New Allaire ColdFusion DoS]
[3399]
[coldfusion-parse-dos(4611)]
-
Entry
Servlet examples in Allaire JRun 2.3.x allow remote attackers to obtain sensitive information, e.g. listing HttpSession ID's via the SessionServlet servlet.
[ASB00-015]
[1386]
[818]
[jrun-read-sample-files(4774)]
-
Entry
JSP sample files in Allaire JRun 2.3.x allow remote attackers to access arbitrary files (e.g. via viewsource.jsp) or obtain configuration information.
[ASB00-015]
[1386]
[2713]
[jrun-read-sample-files(4774)]
-
Entry
The Panda Antivirus console on port 2001 allows local users to execute arbitrary commands without authentication via the CMD command.
[1359]
[20000617 Infosec.20000617.panda.a]
[panda-antivirus-remote-admin(4707)]
-
Entry
Tigris remote access server before 11.5.4.22 does not properly record Radius accounting information when a user fails the initial login authentication but subsequently succeeds.
[1345]
[20000612 ACC/Ericsson Tigris Accounting Failure]
[tigris-radius-login-failure(4705)]
-
Entry
Buffer overflow in Kerberos 4 KDC program allows remote attackers to cause a denial of service via the e_msg variable in the kerb_err_reply function.
[20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC]
[CA-2000-11]
[K-051]
[http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt]
[4875]
[RHSA-2000:031]
[kerberos-emsg-bo]
-
Entry
Kerberos 4 KDC program does not properly check for null termination of AUTH_MSG_KDC_REQUEST requests, which allows remote attackers to cause a denial of service via a malformed request.
[20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC]
[CA-2000-11]
[K-051]
[http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt]
[RHSA-2000:031]
-
Entry
Kerberos 4 KDC program improperly frees memory twice (aka "double-free"), which allows remote attackers to cause a denial of service.
[1465]
[20000609 Security Advisory: MULTIPLE DENIAL OF SERVICE VULNERABILITIES IN KRB4 KDC]
[CA-2000-11]
[K-051]
[http://web.mit.edu/kerberos/www/advisories/krb4kdc.txt]
[RHSA-2000:031]
[kerberos-free-memory]
-
Entry
The file transfer mechanism in Danware NetOp 6.0 does not provide authentication, which allows remote attackers to access and modify arbitrary files.
[1263]
[20000523 I think]
[danware-netop-bypass-security(4569)]
-
Entry
ICQwebmail client for ICQ 2000A creates a world readable temporary file during login and does not delete it, which allows local users to obtain sensitive information.
[1307]
[20000606 ICQ2000A ICQmail temparary internet link vulnearbility]
[icq-temp-link(4607)]
-
Entry
Race condition in IPFilter firewall 3.4.3 and earlier, when configured with overlapping "return-rst" and "keep state" rules, allows remote attackers to bypass access restrictions.
[1308]
[20000525 Security Vulnerability in IPFilter 3.3.15 and 3.4.3]
[1377]
[ipfilter-firewall-race-condition(4994)]
-
Entry
Ceilidh allows remote attackers to cause a denial of service via a large number of POST requests.
[1320]
[20000608 DST2K0010: DoS & Path Revealing Vulnerability in Ceilidh v2.60a]
[ceilidh-post-dos(4622)]
-
Entry
Buffer overflow in the web interface for Cmail 2.4.7 allows remote attackers to cause a denial of service by sending a large user name to the user dialog running on port 8002.
[1319]
[http://www.computalynx.net/news/Jun2000/news0806200001.html]
[20000608 DST2K0011: DoS & BufferOverrun in CMail v2.4.7 WebMail]
[cmail-long-username-dos(4625)]
-
Entry
Buffer overflow in the web interface for Cmail 2.4.7 allows remote attackers to execute arbitrary commands via a long GET request.
[1318]
[20000608 DST2K0011: DoS & BufferOverrun in CMail v2.4.7 WebMail]
[cmail-get-overflow-execute(4626)]
-
Entry
Buffer overflow in HP Openview Network Node Manager 6.1 allows remote attackers to execute arbitrary commands via the Alarm service (OVALARMSRV) on port 2345.
[1317]
[20000608 DST2K0012: BufferOverrun in HP Openview Network Node Manager v6.1]
-
Entry
Buffer overflow in WebBBS 1.15 allows remote attackers to execute arbitrary commands via a long HTTP GET request.
[1365]
[20000620 DST2K0018: Multiple BufferOverruns in WebBBS HTTP Server v1.15]
[3544]
[webbbs-get-request-overflow(4742)]
-
Entry
SmartFTP Daemon 0.2 allows a local user to access arbitrary files by uploading and specifying an alternate user configuration file via a .. (dot dot) attack.
[1344]
[20000613 SmartFTP Daemon v0.2 Beta Build 9 - Remote Exploit]
[1394]
[smartftp-directory-traversal(4706)]
-
Entry
makewhatis in Linux man package allows local users to overwrite files via a symlink attack.
[1434]
[20000707 [Security Announce] man update]
[20000727 CONECTIVA LINUX SECURITY ANNOUNCEMENT - MAN]
[CSSA-2000-021.0]
[20000712 Insecure temporary file handling in Linux makewhatis]
[MDKSA-2000:015]
[RHSA-2000:041]
[linux-man-makewhatis-tmp(4900)]
-
Entry
Buffer overflow in Microsoft Outlook and Outlook Express allows remote attackers to execute arbitrary commands via a long Date field in an email header, aka the "Malformed E-mail Header" vulnerability.
[1481]
[20000719 Aaron Drew - Security Advisory: Buffer Overflow in MS Outlook & Outlook Express Email Clients]
[20000719 Buffer Overflow in MS Outlook Email Clients]
[MS00-043]
[outlook-date-overflow(4953)]
-
Entry
Sybergen Secure Desktop 2.1 does not properly protect against false router advertisements (ICMP type 9), which allows remote attackers to modify default routes.
[1417]
[20000630 Multiple vulnerabilities in Sybergen Secure Desktop]
[sybergen-routing-table-modify]
-
Entry
Sybergen Sygate allows remote attackers to cause a denial of service by sending a malformed DNS UDP packet to its internal interface.
[1420]
[20000630 Any LAN user can crash Sygate]
[sygate-udp-packet-dos(5049)]
-
Entry
FirstClass Internet Services server 5.770, and other versions before 6.1, allows remote attackers to cause a denial of service by sending an email with a long To: mail header.
[1421]
[20000627 DoS in FirstClass Internet Services 5.770]
[5718]
[firstclass-large-bcc-dos(4843)]
-
Entry
LocalWEB HTTP server 1.2.0 allows remote attackers to cause a denial of service via a long GET request.
[1423]
[20000703 Remote DoS Attack in LocalWEB HTTP Server 1.2.0 Vulnerability]
[localweb-get-bo(4896)]
-
Entry
The lreply function in wu-ftpd 2.6.0 and earlier does not properly cleanse an untrusted format string, which allows remote attackers to execute arbitrary commands via the SITE EXEC command.
[AA-2000.02]
[1387]
[20000622 WuFTPD: Providing *remote* root since at least1994]
[20000623 WUFTPD 2.6.0 remote root exploit]
[20000623 ftpd: the advisory version]
[20000702 [Security Announce] wu-ftpd update]
[20000707 New Released Version of the WuFTPD Sploit]
[20000723 CONECTIVA LINUX SECURITY ANNOUNCEMENT - WU-FTPD (re-release)]
[20000929 [slackware-security] wuftpd vulnerability - Slackware 4.0, 7.0, 7.1, -current]
[CSSA-2000-020.0]
[CA-2000-13]
[20000623]
[FreeBSD-SA-00:29]
[NetBSD-SA2000-009]
[RHSA-2000:039]
[wuftp-format-string-stack-overwrite]
[wuftp-format-string-stack-overwrite(4773)]
-
Entry
SSH 1.2.27 with Kerberos authentication support stores Kerberos tickets in a file which is created in the current directory of the user who is logging in, which could allow remote attackers to sniff the ticket cache if the home directory is installed on NFS.
[1426]
[20000630 Kerberos security vulnerability in SSH-1.2.27]
[ssh-kerberos-tickets-disclosure(4903)]
-
Entry
Oracle Web Listener for AIX versions 4.0.7.0.0 and 4.0.8.1.0 allows remote attackers to cause a denial of service via a malformed URL.
[1427]
[20000704 Oracle Web Listener for AIX DoS]
-
Entry
Netscape Professional Services FTP Server 1.3.6 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
[1411]
[20000621 Netscape FTP Server - "Professional" as hell :>]
[20000629 (forw) Re: Netscape ftp Server (fwd)]
[netscape-ftpserver-chroot]
-
Entry
IRIX crontab creates temporary files with predictable file names and with the umask of the user, which could allow local users to modify another user's crontab file as it is being edited.
[1413]
[20000621 Predictability Problems in IRIX Cron and Compilers]
[irix-cron-modify-crontab]
-
Entry
Windows 2000 Telnet Server allows remote attackers to cause a denial of service by sending a continuous stream of binary zeros, which causes the server to crash.
[1414]
[20000630 SecureXpert Advisory [SX-20000620-1]]
[win2k-telnetserver-dos]
-
Entry
Check Point FireWall-1 4.0 and 4.1 allows remote attackers to cause a denial of service by sending a stream of invalid commands (such as binary zeros) to the SMTP Security Server proxy.
[1416]
[20000630 SecureXpert Advisory [SX-20000620-3]]
[http://www.checkpoint.com/techsupport/alerts/list_vun.html#SMTP_Security]
[1438]
[fw1-resource-overload-dos]
-
Entry
vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of service via a USER or PASS command that contains arbitrary formatting directives.
[1418]
[20000626 vpopmail-3.4.11 problems]
[http://www.vpopmail.cx/vpopmail-ChangeLog]
[vpopmail-format-string]
-
Entry
Buffer overflow in Canna input system allows remote attackers to execute arbitrary commands via an SR_INIT command with a long user name or group name.
[1445]
[20000702]
[FreeBSD-SA-00:31]
[http://shadowpenguin.backsection.net/advisories/advisory038.html]
[canna-bin-execute-bo(4912)]
-
Entry
ISC DHCP client program dhclient allows remote attackers to execute arbitrary commands via shell metacharacters.
[1388]
[20000624 Possible root exploit in ISC DHCP client.]
[20000702 [Security Announce] dhcp update]
[20000628 dhcp client: remote root exploit in dhcp client]
[FreeBSD-SA-00:34]
[NetBSD-SA2000-008]
[20000624 A serious bug in dhclient(8) could allow strings from a malicious dhcp server to be executed in the shell as root.]
[20000711 Security Hole in dhclient < 2.0]
[openbsd-isc-dhcp(4772)]
-
Entry
Buffer overflow in Dalnet IRC server 4.6.5 allows remote attackers to cause a denial of service or execute arbitrary commands via the SUMMON command.
[1404]
[20000628 dalnet 4.6.5 remote vulnerability]
[ircd-dalnet-summon-bo]
-
Entry
The privpath directive in glftpd 1.18 allows remote attackers to bypass access restrictions for directories by using the file name completion capability.
[1401]
[20000626 Glftpd privpath bugs... +fix]
[20000627 Re: Glftpd privpath bugs... +fix]
[glftpd-privpath-directive]
-
Entry
SawMill 5.0.21 CGI program allows remote attackers to read the first line of arbitrary files by listing the file in the rfcf parameter, whose contents SawMill attempts to parse as configuration commands.
[1402]
[20000626 sawmill5.0.21 old path bug & weak hash algorithm]
[20000706 Patch for Flowerfire Sawmill Vulnerabilities Available]
[sawmill-file-access]
-
Entry
Poll It 2.0 CGI script allows remote attackers to read arbitrary files by specifying the file name in the data_dir parameter.
[1431]
[20000706 Vulnerability in Poll_It cgi v2.0]
[http-cgi-pollit-variable-overwrite(4878)]
-
Entry
Novell BorderManager 3.0 and 3.5 allows remote attackers to bypass URL filtering by encoding characters in the requested URL.
[1432]
[20000705 Novell BorderManager 3.0 EE - Encoded URL rule bypass]
[bordermanager-bypass-url-restriction]
-
Entry
WinProxy 2.0 and 2.0.1 allows remote attackers to cause a denial of service by sending an HTTP GET request without listing an HTTP version number.
[1400]
[20000627 [SPSadvisory #37]WinProxy 2.0.0/2.0.1 DoS and Exploitable Buffer Overflow]
[winproxy-get-dos(4831)]
-
Entry
BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters.
[1436]
[20000704 BitchX exploit possibly waiting to happen, certain DoS]
[20000707 BitchX update]
[20000707 CONECTIVA LINUX SECURITY ANNOUNCEMENT - BitchX]
[CSSA-2000-022.0]
[FreeBSD-SA-00:32]
[RHSA-2000:042]
[20000704 BitchX /ignore bug]
[irc-bitchx-invite-dos(4897)]
-
Entry
libedit searches for the .editrc file in the current directory instead of the user's home directory, which may allow local users to execute arbitrary commands by installing a modified .editrc in another directory.
[1437]
[FreeBSD-SA-00:24]
[1446]
[bsd-libedit-editrc]
-
Entry
Internet Explorer 5.x does not warn a user before opening a Microsoft Access database file that is referenced within ActiveX OBJECT tags in an HTML document, which could allow remote attackers to execute arbitrary commands, aka the "IE Script" vulnerability.
[1398]
[20000627 FW: IE 5 and Access 2000 vulnerability - executing programs]
[20000627 IE 5 and Access 2000 vulnerability - executing programs]
[CA-2000-16]
[MS00-049]
[ie-access-vba-code-execute]
-
Entry
Microsoft Office 2000 (Excel and PowerPoint) and PowerPoint 97 are marked as safe for scripting, which allows remote attackers to force Internet Explorer or some email clients to save files to arbitrary locations via the Visual Basic for Applications (VBA) SaveAs function, aka the "Office HTML Script" vulnerability.
[1399]
[20000627 IE 5 and Excel 2000, PowerPoint 2000 vulnerability - executing programs]
[MS00-049]
[ie-powerpoint-activex-object-execute]
-
Entry
Fortech Proxy+ allows remote attackers to bypass access restrictions for to the administration service by redirecting their connections through the telnet proxy.
[1395]
[20000626 Proxy+ Telnet Gateway Problems]
[http://www.proxyplus.cz/faq/articles/EN/art01002.htm]
[fortech-proxy-telnet-gateway]
-
Entry
Buffer overflow in iMesh 1.02 allows remote attackers to execute arbitrary commands via a long string to the iMesh port.
[1407]
[20000629 iMesh 1.02 vulnerability]
[http://www.imesh.com/download/download.html]
[imesh-tcp-port-overflow]
-
Entry
Netscape Enterprise Server in NetWare 5.1 allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed URL.
[1393]
[20000626 Netscape Enterprise Server for NetWare Virtual Directory Vulnerab ility]
[netscape-virtual-directory-bo(4780)]
-
Entry
LeafChat 1.7 IRC client allows a remote IRC server to cause a denial of service by rapidly sending a large amount of error messages.
[1396]
[20000625 LeafChat Denial of Service]
[http://www.leafdigital.com/Software/leafChat/history.html]
[irc-leafchat-dos]
-
Entry
Secure Locate (slocate) in Red Hat Linux allows local users to gain privileges via a malformed configuration file that is specified in the LOCATE_PATH environmental variable.
[1385]
[20000621 rh 6.2 - gid compromises, etc]
[redhat-secure-locate-path]
-
Entry
Microsoft SQL Server 7.0 allows a local user to bypass permissions for stored procedures by referencing them via a temporary stored procedure, aka the "Stored Procedure Permissions" vulnerability.
[1444]
[MS00-048]
[mssql-procedure-perms(4921)]
-
Entry
gkermit in Red Hat Linux is improperly installed with setgid uucp, which allows local users to modify files owned by uucp.
[1383]
[20000621 rh 6.2 - gid compromises, etc]
[redhat-gkermit]
-
Entry
NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to bypass authentication and use the server for mail relay via a username that contains a carriage return.
[1390]
[20000623 NetWin dMailWeb Unrestricted Mail Relay]
[netwin-dmailweb-newline(4770)]
-
Entry
The default configuration of NetWin dMailWeb and cwMail trusts all POP servers, which allows attackers to bypass normal authentication and cause a denial of service.
[1391]
[20000623 NetWin dMailWeb Unrestricted Mail Relay]
[netwin-dmailweb-auth(4771)]
-
Entry
Cisco Secure PIX Firewall does not properly identify forged TCP Reset (RST) packets, which allows remote attackers to force the firewall to close legitimate connections.
[1454]
[20000320 PIX DMZ Denial of Service - TCP Resets]
[20000711 Cisco Secure PIX Firewall TCP Reset Vulnerability]
[1457]
[cisco-pix-firewall-tcp(4928)]
-
Entry
LPRng 3.6.x improperly installs lpd as setuid root, which can allow local users to append lpd trace and logging messages to files.
[1447]
[20000709 LPRng lpd should not be SETUID root]
[lpd-suid-root(7361)]
-
Entry
Vulnerability in HP TurboIMAGE DBUTIL allows local users to gain additional privileges via DBUTIL.PUB.SYS.
[1405]
[HPSBMP0006-007]
[hp-turboimage-dbutil]
-
Entry
Top Layer AppSwitch 2500 allows remote attackers to cause a denial of service via malformed ICMP packets.
[1258]
[20000520 TopLayer layer 7 switch Advisory]
[20000614 Update on TopLayer Advisory]
[toplayer-icmp-dos(7364)]
-
Entry
libX11 X library allows remote attackers to cause a denial of service via a resource mask of 0, which causes libX11 to go into an infinite loop.
[1409]
[20000619 XFree86: Various nasty libX11 holes]
[libx11-infinite-loop-dos(4996)]
-
Entry
Microsoft Outlook 98 and 2000, and Outlook Express 4.0x and 5.0x, allow remote attackers to read files on the client's system via a malformed HTML message that stores files outside of the cache, aka the "Cache Bypass" vulnerability.
[1501]
[CA-2000-14]
[MS00-046]
[outlook-cache-bypass(5013)]
-
Entry
Buffer overflow in Webfind CGI program in O'Reilly WebSite Professional web server 2.x allows remote attackers to execute arbitrary commands via a URL containing a long "keywords" parameter.
[1487]
[http://website.oreilly.com/support/software/wspro25_releasenotes.txt]
[20000719 O'Reilly WebSite Professional Overflow]
[website-webfind-bo(4962)]
-
Entry
Buffer overflow in Winamp 2.64 and earlier allows remote attackers to execute arbitrary commands via a long #EXTINF: extension in the M3U playlist.
[1496]
[20000720 Winamp M3U playlist parser buffer overflow security vulnerability]
[http://www.winamp.com/getwinamp/newfeatures.jhtml]
[winamp-playlist-parser-bo(4956)]
-
Entry
BlackBoard CourseInfo 4.0 does not properly authenticate users, which allows local users to modify CourseInfo database information and gain privileges by directly calling the supporting CGI programs such as user_update_passwd.pl and user_update_admin.pl.
[1486]
[20000718 Blackboard Courseinfo v4.0 User Authentication]
[20000719 Security Fix for Blackboard CourseInfo 4.0]
[blackboard-courseinfo-dbase-modification(4946)]
-
Entry
The source.asp example script in the Apache ASP module Apache::ASP 1.93 and earlier allows remote attackers to modify files.
[1457]
[20000710 ANNOUNCE Apache::ASP v1.95 - Security Hole Fixed]
[http://www.nodeworks.com/asp/changes.html]
[apache-source-asp-file-write(4931)]
-
Entry
IIS 4.0 and 5.0 allows remote attackers to obtain fragments of source code by appending a +.htr to the URL, a variant of the "File Fragment Reading via .HTR" vulnerability.
[1488]
[MS00-044]
[iis-htr-obtain-code(5104)]
-
Entry
An administrative script from IIS 3.0, later included in IIS 4.0 and 5.0, allows remote attackers to cause a denial of service by accessing the script without a particular argument, aka the "Absent Directory Browser Argument" vulnerability.
[1476]
[20000718 ISBASE Security Advisory(SA2000-02)]
[MS00-044]
[iis-absent-directory-dos(4951)]
-
Entry
Buffer overflow in the web archive component of L-Soft Listserv 1.8d and earlier allows remote attackers to execute arbitrary commands via a long query string.
[1490]
[http://www.lsoft.com/news/default.asp?item=Advisory1]
[20000717 [COVERT-2000-07] LISTSERV Web Archive Remote Overflow]
[lsoft-listserv-querystring-bo(4952)]
-
Entry
Vulnerability in Mandrake Linux usermode package allows local users to to reboot or halt the system.
[1489]
[20000718 MDKSA-2000:020 usermode update]
[20000812 Conectiva Linux security announcement - usermode]
[RHSA-2000:053]
[linux-usermode-dos(4944)]
-
Entry
The web administration interface for CommuniGate Pro 3.2.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.
[1493]
[20000717 S21SEC-003: Vulnerabilities in CommuniGate Pro v3.2.4]
[5774]
[communigate-pro-file-read(5105)]
-
Entry
The view_page.html sample page in the MiniVend shopping cart program allows remote attackers to execute arbitrary commands via shell metacharacters.
[1449]
[20000711 Akopia MiniVend Piped Command Execution Vulnerability]
[http://www.zdnet.com/zdnn/stories/news/0,4586,2600258,00.html]
[minivend-viewpage-sample(4880)]
-
Entry
HP JetDirect printers versions G.08.20 and H.08.20 and earlier allow remote attackers to cause a denial of service via a malformed FTP quote command.
[1491]
[20000719 HP Jetdirect - Invalid FTP Command DoS]
[hp-jetdirect-quote-dos(4947)]
-
Entry
Microsoft Excel 97 and 2000 allows an attacker to execute arbitrary commands by specifying a malicious .dll using the Register.ID function, aka the "Excel REGISTER.ID Function" vulnerability.
[1451]
[20000711 Excel 2000 vulnerability - executing programs]
[MS00-051]
[excel-register-function(5016)]
-
Entry
bb-hostsvc.sh in Big Brother 1.4h1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack on the HOSTSVC parameter.
[1455]
[20000711 BIG BROTHER EXPLOIT]
[20000711 REMOTE EXPLOIT IN ALL CURRENT VERSIONS OF BIG BROTHER]
[http://bb4.com/README.CHANGES]
[http-cgi-bigbrother-bbhostsvc(4879)]
-
Entry
The default configuration of Big Brother 1.4h2 and earlier does not include proper access restrictions, which allows remote attackers to execute arbitrary commands by using bbd to upload a file whose extension will cause it to be executed as a CGI script by the web server.
[1494]
[20000711 Big Brother filename extension vulnerability]
[1472]
[big-brother-filename-extension(5103)]
-
Entry
Guild FTPd allows remote attackers to determine the existence of files outside the FTP root via a .. (dot dot) attack, which provides different error messages depending on whether the file exists or not.
[1452]
[20000708 gnu-pop3d (FTGate problem), Savant Webserver, Guild FTPd]
[573]
[guild-ftpd-disclosure(4922)]
-
Entry
Savant web server allows remote attackers to execute arbitrary commands via a long GET request.
[1453]
[20000708 gnu-pop3d (FTGate problem), Savant Webserver, Guild FTPd]
[savant-get-bo(4901)]
-
Entry
The default configuration of WebActive HTTP Server 1.00 stores the web access log active.log in the document root, which allows remote attackers to view the logs by directly requesting the page.
[1497]
[20000711 Lame DoS in WEBactive win65/NT server]
[webactive-active-log(5184)]
-
Entry
Buffer overflow in WebActive HTTP Server 1.00 allows remote attackers to cause a denial of service via a long URL.
[1470]
[20000711 Lame DoS in WEBactive win65/NT server]
[webactive-long-get-dos(4949)]
-
Entry
WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of service by executing a STAT command while the LIST command is still executing.
[1506]
[20000721 WFTPD/WFTPD Pro 2.41 RC11 vulnerabilities.]
[1477]
[wftpd-stat-dos(5003)]
-
Entry
The default installation of VirusScan 4.5 and NetShield 4.5 has insecure permissions for the registry key that identifies the AutoUpgrade directory, which allows local users to execute arbitrary commands by replacing SETUP.EXE in that directory with a Trojan Horse.
[1458]
[20000711 Potential Vulnerability in McAfee Netshield and VirusScan 4.5]
[1458]
[4200]
[nai-virusscan-netshield-autoupgrade(5177)]
-
Entry
The ClientTrust program in Novell BorderManager does not properly verify the origin of authentication requests, which could allow remote attackers to impersonate another user by replaying the authentication requests and responses from port 3024 of the victim's machine.
[1440]
[20000707 Novell Border Manger - Anyone can pose as an authenticated user]
[novell-bordermanager-verification(5186)]
-
Entry
IBM WebSphere allows remote attackers to read source code for executable web files by directly calling the default InvokerServlet using a URL which contains the "/servlet/file" string.
[1500]
[20000723 IBM WebSphere default servlet handler showcode vulnerability]
[websphere-showcode(5012)]
-
Entry
Microsoft Enterprise Manager allows local users to obtain database passwords via the Data Transformation Service (DTS) package Registered Servers Dialog dialog, aka a variant of the "DTS Password" vulnerability.
[1466]
[MS00-041]
[mssql-dts-reveal-passwords(4582)]
-
Entry
Netscape Communicator 4.73 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a JPEG image containing a comment with an illegal field length of 1.
[1503]
[20000724 JPEG COM Marker Processing Vulnerability in Netscape Browsers]
[20000801 MDKSA-2000:027-1 netscape update]
[20000810 Conectiva Linux Security Announcement - netscape]
[FreeBSD-SA-00:39]
[NetBSD-SA2000-011]
[RHSA-2000:046]
[20000823 Security Hole in Netscape, Versions 4.x, possibly others]
[TLSA2000017-1]
[netscape-jpg-comment]
-
Entry
The WDaemon web server for WorldClient 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
[1462]
[20000712 Infosec.20000712.worldclient.2.1]
[http://www.altn.com/Downloads/WorldClient/Release/RelNotes.txt]
[1459]
[worldclient-dir-traverse(4913)]
-
Entry
WircSrv IRC Server 5.07s allows remote attackers to cause a denial of service via a long string to the server port.
[1448]
[20000710 Remote DoS Attack in WircSrv Irc Server v5.07s Vulnerability]
[wircsrv-character-flood-dos(4914)]
-
Entry
Internet Explorer 5.x and Microsoft Outlook allows remote attackers to read arbitrary files by redirecting the contents of an IFRAME using the DHTML Edit Control (DHTMLED).
[1474]
[20000714 IE 5.5 and 5.01 vulnerability - reading at least local and from any host text and parsed html files]
[ie-dhtmled-file-read(5107)]
-
Entry
The registry entry for the Windows Shell executable (Explorer.exe) in Windows NT and Windows 2000 uses a relative path name, which allows local users to execute arbitrary commands by inserting a Trojan Horse named Explorer.exe into the %Systemdrive% directory, aka the "Relative Shell Path" vulnerability.
[1507]
[MS00-052]
[Q269049]
[explorer-relative-path-name(5040)]
-
Entry
AnalogX SimpleServer:WWW 1.06 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack that uses the %2E URL encoding for the dots.
[1508]
[20000726 AnalogX "SimpleServer:WWW" dot dot bug]
[http://www.analogx.com/contents/download/network/sswww.htm]
[388]
[analogx-simpleserver-directory-path(4999)]
-
Entry
GAMSoft TelSrv telnet server 1.5 and earlier allows remote attackers to cause a denial of service via a long username.
[1478]
[20000717 DoS in Gamsoft TelSrv telnet server for MS Windows 95/98/NT/2k.]
[20000729 TelSrv Reveals Usernames & Passwords After DoS Attack]
[373]
[gamsoft-telsrv-dos(4945)]
-
Entry
rpc.statd in the nfs-utils package in various Linux distributions does not properly cleanse untrusted format strings, which allows remote attackers to gain root privileges.
[1480]
[20000716 Lots and lots of fun with rpc.statd]
[20000717 CONECTIVA LINUX SECURITY ANNOUNCEMENT - nfs-utils]
[20000718 Trustix Security Advisory - nfs-utils]
[20000718 [Security Announce] MDKSA-2000:021 nfs-utils update]
[CSSA-2000-025.0]
[CA-2000-17]
[20000719a]
[RHSA-2000:043]
[linux-rpcstatd-format-overwrite(4939)]
-
Entry
pam_console PAM module in Linux systems allows a user to access the system console and reboot the system when a display manager such as gdm or kdm has XDMCP enabled.
[1513]
[20000727 CONECTIVA LINUX SECURITY ANNOUNCEMENT - PAM]
[20000801 MDKSA-2000:029 pam update]
[RHSA-2000:044]
[linux-pam-console(5001)]
-
Entry
Novell NetWare 5.0 allows remote attackers to cause a denial of service by flooding port 40193 with random data.
[1467]
[20000711 Remote Denial Of Service -- NetWare 5.0 with SP 5]
[netware-port40193-dos]
-
Entry
The cvsweb CGI script in CVSWeb 1.80 allows remote attackers with write access to a CVS repository to execute arbitrary commands via shell metacharacters.
[1469]
[20000712 cvsweb: remote shell for cvs committers]
[20000714 MDKSA-2000:019 cvsweb update]
[20000719b]
[FreeBSD-SA-00:37]
[TLSA2000016-1]
[cvsweb-shell-access(4925)]
-
Entry
Roxen web server earlier than 2.0.69 allows allows remote attackers to bypass access restrictions, list directory contents, and read source code by inserting a null character (%00) to the URL.
[1510]
[20000721 Roxen Web Server Vulnerability]
[20000721 Roxen security alert: Problems with URLs containing null characters.]
[roxen-null-char-url(4965)]
-
Entry
The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory.
[1548]
[20000721 Jakarta-tomcat.../admin]
[jakarta-tomcat-admin(5160)]
-
Entry
The NetBIOS Name Server (NBNS) protocol does not perform authentication, which allows remote attackers to cause a denial of service by sending a spoofed Name Conflict or Name Release datagram, aka the "NetBIOS Name Server Protocol Spoofing" vulnerability.
[1514]
[1515]
[MS00-047]
[20000727 Windows NetBIOS Name Conflicts]
[netbios-name-server-spoofing(5035)]
-
Entry
ftp.pl CGI program for Virtual Visions FTP browser allows remote attackers to read directories outside of the document root via a .. (dot dot) attack.
[1471]
[20000712 ftp.pl vulnerability]
[virtualvision-ftp-browser(5187)]
-
Entry
Buffer overflow in Infopulse Gatekeeper 3.5 and earlier allows remote attackers to execute arbitrary commands via a long string.
[1477]
[20000713 The MDMA Crew's GateKeeper Exploit]
[gatekeeper-long-string-bo(4948)]
-
Entry
Netscape Communicator and Navigator 4.04 through 4.74 allows remote attackers to read arbitrary files by using a Java applet to open a connection to a URL using the "file", "http", "https", and "ftp" protocols, as demonstrated by Brown Orifice.
[1546]
[20000804 Dangerous Java/Netscape Security Hole]
[20000810 MDKSA-2000:033 Netscape Java vulnerability]
[20000818 Conectiva Linux Security Announcement - netscape]
[20000821 MDKSA-2000:036 - netscape update]
[CSSA-2000-027.1]
[CA-2000-15]
[FreeBSD-SA-00:39]
[RHSA-2000:054]
[20000823 Security Hole in Netscape, Versions 4.x, possibly others]
[java-brownorifice]
-
Entry
Buffer overflow in IBM Net.Data db2www CGI program allows remote attackers to execute arbitrary commands via a long PATH_INFO environmental variable.
[20000907 Buffer Overflow in IBM Net.Data db2www CGI program.]
[ibm-netdata-db2www-bo(4976)]
-
Entry
PGP 5.5.x through 6.5.3 does not properly check if an Additional Decryption Key (ADK) is stored in the signed portion of a public certificate, which allows an attacker who can modify a victim's public certificate to decrypt any data that has been encrypted with the modified certificate.
[1606]
[CA-2000-18]
[4354]
-
Entry
The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files.
[1523]
[20000728 cvs security problem]
[cvs-client-creates-file]
-
Entry
Buffer overflow in BEA WebLogic server proxy plugin allows remote attackers to execute arbitrary commands via a long URL with a .JSP extension.
[1570]
[20000815 BEA Weblogic server proxy library vulnerabilities]
[weblogic-plugin-bo]
-
Entry
BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /ConsoleHelp/ into the URL, which invokes the FileServlet.
[1518]
[20000728 BEA's WebLogic force handlers show code vulnerability]
[http://developer.bea.com/alerts/security_000731.html]
[1481]
[weblogic-fileservlet-show-code]
-
Entry
BEA WebLogic 5.1.x allows remote attackers to read source code for parsed pages by inserting /*.shtml/ into the URL, which invokes the SSIServlet.
[1517]
[20000728 BEA's WebLogic force handlers show code vulnerability]
[http://developer.bea.com/alerts/security_000728.html]
[1480]
-
Entry
BEA WebLogic 5.1.x does not properly restrict access to the JSPServlet, which could allow remote attackers to compile and execute Java JSP code by directly invoking the servlet on any source file.
[1525]
[20000731 BEA's WebLogic *.jsp/*.jhtml remote command execution]
[http://developer.bea.com/alerts/security_000731.html]
[html-malicious-tags]
-
Entry
BEA WebLogic 5.1.x does not properly restrict access to the PageCompileServlet, which could allow remote attackers to compile and execute Java JHTML code by directly invoking the servlet on any source file.
[1525]
[20000731 BEA's WebLogic *.jsp/*.jhtml remote command execution]
[http://developer.bea.com/alerts/security_000731.html]
[html-malicious-tags]
-
Entry
pgxconfig in the Raptor GFX configuration tool uses a relative path name for a system call to the "cp" program, which allows local users to execute arbitrary commands by modifying their path to point to an alternate "cp" program.
[1563]
[20000802 Local root compromise in PGX Config Sun Sparc Solaris]
[1501]
-
Entry
pgxconfig in the Raptor GFX configuration tool allows local users to gain privileges via a symlink attack.
[20000802 Local root compromise in PGX Config Sun Sparc Solaris]
[5740]
-
Entry
Minicom 1.82.1 and earlier on some Linux systems allows local users to create arbitrary files owned by the uucp user via a symlink attack.
[1599]
[20000819 RH 6.1 / 6.2 minicom vulnerability]
[minicom-capture-groupown(5151)]
-
Entry
Format string vulnerability in ftpd in HP-UX 10.20 allows remote attackers to cause a denial of service or execute arbitrary commands via format strings in the PASS command.
[1560]
[20000806 HPUX FTPd vulnerability]
-
Entry
Cisco Gigabit Switch Routers (GSR) with Fast Ethernet / Gigabit Ethernet cards, from IOS versions 11.2(15)GS1A up to 11.2(19)GS0.2 and some versions of 12.0, do not properly handle line card failures, which allows remote attackers to bypass ACLs or force the interface to stop forwarding packets.
[1541]
[20000803 Possible Access Control Bypass and Denial of Service in Gigabit Switch Routers Using Gigabit Ethernet or Fast Ethernet Cards]
[793]
[798]
-
Entry
The net.init rc script in HP-UX 11.00 (S008net.init) allows local users to overwrite arbitrary files via a symlink attack that points from /tmp/stcp.conf to the targeted file.
[1602]
[20000821 [HackersLab bugpaper] HP-UX net.init rc script]
[hp-netinit-symlink(5131)]
-
Entry
suidperl (aka sperl) does not properly cleanse the escape sequence "~!" before calling /bin/mail to send an error report, which allows local users to gain privileges by setting the "interactive" environmental variable and calling suidperl with a filename that contains the escape sequence.
[1547]
[20000805 sperl 5.00503 (and newer ;) exploit]
[20000808 MDKSA-2000:031 perl update]
[20000810 Conectiva Linux security announcemente - PERL]
[20000814 Trustix Security Advisory - perl and mailx]
[CSSA-2000-026.0]
[20000810]
[RHSA-2000:048]
[20000810 Security Hole in perl, all versions]
[TLSA2000018-1]
[perl-shell-escape]
-
Entry
ntop running in web mode allows remote attackers to read arbitrary files via a .. (dot dot) attack.
[1550]
[20000802 [ Hackerslab bug_paper ] ntop web mode vulnerabliity]
[1496]
[RHSA-2000:049]
[ntop-remote-file-access]
-
Entry
Buffer overflows in ntop running in web mode allows remote attackers to execute arbitrary commands.
[1576]
[20000830 ntop: Still remotely exploitable using buffer overflows]
[FreeBSD-SA-00:36]
[1513]
[ntop-bo]
-
Entry
PCCS MySQLDatabase Admin Tool Manager 1.2.4 and earlier installs the file dbconnect.inc within the web root, which allows remote attackers to obtain sensitive information such as the administrative password.
[1557]
[20000804 PCCS MySQL DB Admin Tool v1.2.3- Advisory]
[http://pccs-linux.com/public/view.php3?bn=agora_pccslinux&key=965951324]
[pccs-mysql-admin-tool]
-
Entry
Buffer overflow in Pragma Systems TelnetServer 2000 version 4.0 allows remote attackers to cause a denial of service via a long series of null characters to the rexec port.
[1605]
[http://www.pragmasys.com/TelnetServer/]
[20000824 Remote DoS Attack in Pragma TelnetServer 2000 (Remote Execute Daemon) Vulnerability]
[telnetserver-rpc-bo]
-
Entry
Netscape Communicator does not properly prevent a ServerSocket object from being created by untrusted entities, which allows remote attackers to create a server on the victim's system via a malicious applet, as demonstrated by Brown Orifice.
[1545]
[20000805 Dangerous Java/Netscape Security Hole]
[20000816 JDK 1.1.x Listening Socket Vulnerability (was Re: BrownOrifice can break firewalls!)]
[CA-2000-15]
-
Entry
Linux Intrusion Detection System (LIDS) 0.9.7 allows local users to gain root privileges when LIDS is disabled via the security=0 boot option.
[1549]
[2000803 LIDS severe bug]
[http://www.lids.org/changelog.html]
[http://www.egroups.com/message/lids/1038]
[1495]
-
Entry
WorldClient email client in MDaemon 2.8 includes the session ID in the referer field of an HTTP request when the user clicks on a URL, which allows the visited web site to hijack the session ID and read the user's email.
[1553]
[20000809 Session hijacking in Alt-N's MDaemon 2.8]
[mdaemon-session-id-hijack(5070)]
-
Entry
GoodTech FTP server allows remote attackers to cause a denial of service via a large number of RNTO commands.
[1619]
[20000830 [EXPL] GoodTech's FTP Server vulnerable to a DoS (RNTO)]
[ftp-goodtech-rnto-dos(5166)]
-
Entry
A race condition in MandrakeUpdate allows local users to modify RPM files while they are in the /tmp directory before they are installed.
[1567]
[20000812 MDKSA-2000:034 MandrakeUpdate update]
-
Entry
news.cgi in GWScripts News Publisher does not properly authenticate requests to add an author to the author index, which allows remote attackers to add new authors by directly posting an HTTP request to the new.cgi program with an addAuthor parameter, and setting the Referer to the news.cgi program.
[1621]
[20000829 News Publisher CGI Vulnerability]
[news-publisher-add-author(5169)]
-
Entry
Zope before 2.2.1 does not properly restrict access to the getRoles method, which allows users who can edit DTML to add or modify roles by modifying the roles list that is included in a request.
[1577]
[20000816 MDKSA-2000:035 Zope update]
[20000821 Conectiva Linux Security Announcement - Zope]
[http://www.zope.org/Products/Zope/Hotfix_08_09_2000/security_alert]
[20000821 zope: unauthorized escalation of privilege (update)]
[RHSA-2000:052]
-
Entry
CGIMail.exe CGI program in Stalkerlab Mailers 1.1.2 allows remote attackers to read arbitrary files by specifying the file in the $Attach$ hidden form variable.
[1623]
[20000829 Stalker's CGImail Gives Read Access to All Server Files]
[mailers-cgimail-spoof(5165)]
-
Entry
xpdf PDF viewer client earlier than 0.91 does not properly launch a web browser for embedded URL's, which allows an attacker to execute arbitrary commands via a URL that contains shell metacharacters.
[1624]
[20000829 MDKSA-2000:041 - xpdf update]
[20000913 Conectiva Linux Security Announcement - xpdf]
[CSSA-2000-031.0]
[20000910 xpdf: local exploit]
[RHSA-2000:060]
-
Entry
xpdf PDF viewer client earlier than 0.91 allows local users to overwrite arbitrary files via a symlink attack.
[1624]
[20000829 MDKSA-2000:041 - xpdf update]
[20000913 Conectiva Linux Security Announcement - xpdf]
[CSSA-2000-031.0]
[20000910a]
[RHSA-2000:060]
-
Entry
FreeBSD 5.x, 4.x, and 3.x allows local users to cause a denial of service by executing a program with a malformed ELF image header.
[1625]
[FreeBSD-SA-00:41]
[1534]
[freebsd-elf-dos(5967)]
-
Entry
Vulnerability in newgrp command in HP-UX 11.0 allows local users to gain privileges.
[1580]
[HPSBUX0008-118]
-
Entry
Directory traversal vulnerability in Worm HTTP server allows remote attackers to read arbitrary files via a .. (dot dot) attack.
[1626]
[20000825 DST2K0023: Directory Traversal Possible & Denial of Service in Wo rm HTTP Server]
[1535]
[wormhttp-dir-traverse(5148)]
-
Entry
Worm HTTP server allows remote attackers to cause a denial of service via a long URL.
[1626]
[20000825 DST2K0023: Directory Traversal Possible & Denial of Service in Wo rm HTTP Server]
[wormhttp-filename-dos(5149)]
-
Entry
Telnetd telnet server in IRIX 5.2 through 6.1 does not properly cleans user-injected format strings, which allows remote attackers to execute arbitrary commands via a long RLD variable in the IAC-SB-TELOPT_ENVIRON request.
[1572]
[20000814 [LSD] IRIX telnetd remote vulnerability]
[20000801-02-P]
-
Entry
The Service Control Manager (SCM) in Windows 2000 creates predictable named pipes, which allows a local user with console access to gain administrator privileges, aka the "Service Control Manager Named Pipe Impersonation" vulnerability.
[1535]
[MS00-053]
-
Entry
WebShield SMTP 4.5 allows remote attackers to cause a denial of service by sending e-mail with a From: address that has a . (period) at the end, which causes WebShield to continuously send itself copies of the e-mail.
[1589]
[20000818 WebShield SMTP infinite loop DoS Attack]
[webshield-smtp-dos(5100)]
-
Entry
Directory traversal vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to read arbitrary files via a .. (dot dot) attack in an HTTPS request to the enrollment server.
[1537]
[20000802 NAI Net Tools PKI Server vulnerabilities]
[http://download.nai.com/products/licensed/pgp/hf3pki10.txt]
[1489]
[nettools-pki-dir-traverse(5066)]
-
Entry
Buffer overflow in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary commands via a long URL in the HTTPS port.
[1536]
[20000802 NAI Net Tools PKI Server vulnerabilities]
[http://download.nai.com/products/licensed/pgp/hf3pki10.txt]
[1488]
[nai-nettools-strong-bo(5026)]
-
Entry
Format string vulnerability in strong.exe program in NAI Net Tools PKI server 1.0 before HotFix 3 allows remote attackers to execute arbitrary code via format strings in a URL with a .XUDA extension.
[1538]
[20000802 NAI Net Tools PKI Server vulnerabilities]
[http://download.nai.com/products/licensed/pgp/hf3pki10.txt]
[1490]
-
Entry
The IPX protocol implementation in Microsoft Windows 95 and 98 allows remote attackers to cause a denial of service by sending a ping packet with a source IP address that is a broadcast address, aka the "Malformed IPX Ping Packet" vulnerability.
[1544]
[20000602 ipx storm]
[MS00-054]
[win-ipx-ping-packet(5079)]
-
Entry
Buffer overflow in University of Minnesota (UMN) gopherd 2.x allows remote attackers to execute arbitrary commands via a DES key generation request (GDESkey) that contains a long ticket value.
[1569]
[20000810 Remote vulnerability in Gopherd 2.x]
-
Entry
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2000-0743. Reason: This candidate is a duplicate of CVE-2000-0743. Notes: All CVE users should reference CVE-2000-0743 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
-
Entry
admin.php3 in PHP-Nuke does not properly verify the PHP-Nuke administrator password, which allows remote attackers to gain privileges by requesting a URL that does not specify the aid or pwd parameter.
[1592]
[20000821 Vuln. in all sites using PHP-Nuke, versions less than 3]
[1521]
-
Entry
The logrotate script for OpenLDAP before 1.2.11 in Conectiva Linux sends an improper signal to the kernel log daemon (klogd) and kills it.
[20000726 CONECTIVA LINUX SECURITY ANNOUNCEMENT - OPENLDAP]
[openldap-logrotate-script-dos(5036)]
-
Entry
Buffer overflow in the Linux binary compatibility module in FreeBSD 3.x through 5.x allows local users to gain root privileges via long filenames in the linux shadow file system.
[1628]
[FreeBSD-SA-00:42]
[1536]
[freebsd-linux-module-bo(5968)]
-
Entry
Buffer overflow in mopd (Maintenance Operations Protocol loader daemon) allows remote attackers to execute arbitrary commands via a long file name.
[1558]
[20000808 OpenBSD 2.7 / NetBSD 1.4.2 mopd buffer overflow]
[FreeBSD-SA-00:40]
[http://cvsweb.netbsd.org/bsdweb.cgi/basesrc/usr.sbin/mopd/mopd/process.c.diff?r1=1.7&r2=1.8&f=h]
[20000705 Mopd contained a buffer overflow.]
[RHSA-2000:050]
-
Entry
mopd (Maintenance Operations Protocol loader daemon) does not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands.
[1559]
[20000808 OpenBSD 2.7 / NetBSD 1.4.2 mopd buffer overflow]
[FreeBSD-SA-00:40]
[http://cvsweb.netbsd.org/bsdweb.cgi/basesrc/usr.sbin/mopd/mopd/process.c.diff?r1=1.7&r2=1.8&f=h]
[20000705 Mopd contained a buffer overflow.]
[RHSA-2000:050]
-
Entry
The Microsoft Outlook mail client identifies the physical path of the sender's machine within a winmail.dat attachment to Rich Text Format (RTF) files.
[1631]
[20000824 Outlook winmail.dat]
[20010802 Outlook 2000 Rich Text information disclosure]
[outlook-reveal-path(5508)]
-
Entry
Vulnerability in HP OpenView Network Node Manager (NMM) version 6.1 related to passwords.
[1581]
[HPSBUX0008-119]
-
Entry
The web interface for Lyris List Manager 3 and 4 allows list subscribers to obtain administrative access by modifying the value of the list_admin hidden form field.
[1584]
[20000811 Lyris List Manager Administration Hole]
[http://www.lyris.com/lm/lm_updates.html]
-
Entry
OS2/Warp 4.5 FTP server allows remote attackers to cause a denial of service via a long username.
[1582]
[20000815 OS/2 Warp 4.5 FTP Server DoS]
[ftp://ftp.software.ibm.com/ps/products/tcpip/fixes/v4.3os2/ic27721/README]
-
Entry
The default installation of eTrust Access Control (formerly SeOS) uses a default encryption key, which allows remote attackers to spoof the eTrust administrator and gain privileges.
[1583]
[20000811 eTrust Access Control - Root compromise for default install]
[http://support.ca.com/techbases/eTrust/etrust_access_control-response.html]
[1517]
[etrust-access-control-default(5076)]
-
Entry
xlockmore and xlockf do not properly cleanse user-injected format strings, which allows local users to gain root privileges via the -d option.
[1585]
[20000816 xlock vulnerability]
[20000817 Conectiva Linux Security Announcement - xlockmore]
[20000823 MDKSA-2000:038 - xlockmore update]
[20000816 xlockmore: possible shadow file compromise]
[FreeBSD-SA-00:44.xlockmore]
-
Entry
Intel Express 500 series switches allow a remote attacker to cause a denial of service via a malformed IP packet.
[1609]
[20000828 Intel Express Switch 500 series DoS]
[intel-express-switch-dos(5154)]
-
Entry
Buffer overflow in the HTML interpreter in Microsoft Office 2000 allows an attacker to execute arbitrary commands via a long embedded object tag, aka the "Microsoft Office HTML Object Tag" vulnerability.
[1561]
[MS00-056]
-
Entry
Buffer overflow in vqSoft vqServer 1.4.49 allows remote attackers to cause a denial of service or possibly gain privileges via a long HTTP GET request.
[1610]
[20000819 D.o.S Vulnerability in vqServer]
[vqserver-get-dos(5152)]
-
Entry
The ActiveX control for invoking a scriptlet in Internet Explorer 4.x and 5.x renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka the "Scriptlet Rendering" vulnerability.
[1564]
[MS00-055]
-
Entry
A function in Internet Explorer 4.x and 5.x does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a variant of the "Frame Domain Verification" vulnerability.
[1564]
[MS00-055]
-
Entry
IIS 4.0 and 5.0 does not properly restrict access to certain types of files when their parent folders have less restrictive permissions, which could allow remote attackers to bypass access restrictions to some files, aka the "File Permission Canonicalization" vulnerability.
[1565]
[MS00-057]
-
Entry
Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.
[1613]
[MS00-062]
-
Entry
Bajie HTTP web server 0.30a allows remote attackers to read arbitrary files via a URL that contains a "....", a variant of the dot dot directory traversal attack.
[1522]
[20000731 Two security flaws in Bajie Webserver]
[bajie-view-arbitrary-files(5021)]
-
Entry
Mediahouse Statistics Server 5.02x allows remote attackers to execute arbitrary commands via a long HTTP GET request.
[1568]
[20000810 [DeepZone Advisory] Statistics Server 5.02x stack overflow (Win2k remote exploit)]
[mediahouse-stats-livestats-bo(5113)]
-
Entry
The password protection feature of Microsoft Money can store the password in plaintext, which allows attackers with physical access to the system to obtain the password, aka the "Money Password" vulnerability.
[1615]
[MS00-061]
-
Entry
IIS 5.0 allows remote attackers to obtain source code for .ASP files and other scripts via an HTTP GET request with a "Translate: f" header, aka the "Specialized Header" vulnerability.
[1578]
[20000815 Translate:f summary, history and thoughts]
[MS00-058]
[20000816 Translate: f]
[oval:org.mitre.oval:def:927]
-
Entry
Checkpoint Firewall-1 with the RSH/REXEC setting enabled allows remote attackers to bypass access restrictions and connect to a RSH/REXEC client via malformed connection requests.
[1534]
[http://www.checkpoint.com/techsupport/alerts/list_vun.html#Improper_stderr]
[1487]
-
Entry
The web server in IPSWITCH IMail 6.04 and earlier allows remote attackers to read and delete arbitrary files via a .. (dot dot) attack.
[1617]
[20000830 Vulnerability Report On IPSWITCH's IMail]
[http://www.ipswitch.com/Support/IMail/news.html]
-
Entry
uagentsetup in ARCServeIT Client Agent 6.62 does not properly check for the existence or ownership of a temporary file which is moved to the agent.cfg configuration file, which allows local users to execute arbitrary commands by modifying the temporary file before it is moved.
[1519]
[20000728 Client Agent 6.62 for Unix Vulnerability]
[arcserveit-clientagent-temp-file(5023)]
-
Entry
netauth.cgi program in Netwin Netauth 4.2e and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.
[1587]
[20000817 Netauth: Web Based Email Management System]
[http://netwinsite.com/netauth/updates.htm]
[netwin-netauth-dir-traverse(5090)]
-
Entry
Watchguard Firebox II allows remote attackers to cause a denial of service by sending a malformed URL to the authentication service on port 4100.
[1573]
[20000815 Watchguard Firebox Authentication DoS]
[firebox-url-dos(5098)]
-
Entry
GNU userv 1.0.0 and earlier does not properly perform file descriptor swapping, which can corrupt the USERV_GROUPS and USERV_GIDS environmental variables and allow local users to bypass some access restrictions.
[1516]
[20000726 userv security boundary tool 1.0.1 (SECURITY FIX)]
[http://marc.info/?l=bugtraq&m=96473640717095&w=2]
[20000727 userv: local exploit]
-
Entry
IRC Xchat client versions 1.4.2 and earlier allows remote attackers to execute arbitrary commands by encoding shell metacharacters into a URL which XChat uses to launch a web browser.
[1601]
[20000817 XChat URL handler vulnerabilty]
[20000824 MDKSA-2000:039 - xchat update]
[20000825 Conectiva Linux Security Announcement - xchat]
[RHSA-2000:055]
-
Entry
The Mail Merge tool in Microsoft Word does not prompt the user before executing Visual Basic (VBA) scripts in an Access database, which could allow an attacker to execute arbitrary commands.
[1566]
[20000807 MS Word and MS Access vulnerability - executing arbitrary programs, may be exploited by IE/Outlook]
[MS00-071]
[word-mail-merge(5322)]
-
Entry
The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb method in the ShellDefView ActiveX control to specify a default execute option for the first file that is listed in the folder.
[1571]
[20000828 IE 5.5/5.x for Win98 may execute arbitrary files that can be accessed thru Microsoft Networking. Also local Administrator compromise at least on default Windows 2000.]
[ie-folder-remote-exe(5097)]
-
Entry
Gnome Lokkit firewall package before 0.41 does not properly restrict access to some ports, even if a user does not make any services available.
[1590]
[20000819 Security update for Gnome-Lokkit]
[1520]
-
Entry
Buffer overflow in lpstat in IRIX 6.2 and 6.3 allows local users to gain root privileges via a long -n option.
[1529]
[20000802 [LSD] some unpublished LSD exploit codes]
[1485]
-
Entry
Buffer overflow in dmplay in IRIX 6.2 and 6.3 allows local users to gain root privileges via a long command line option.
[1528]
[20000802 [LSD] some unpublished LSD exploit codes]
[1484]
[irix-dmplay-bo(5064)]
-
Entry
Buffer overflow in gr_osview in IRIX 6.2 and 6.3 allows local users to gain privileges via a long -D option.
[1526]
[20000802 [LSD] some unpublished LSD exploit codes]
[3815]
[20040104-01-P]
[irix-grosview-bo(5062)]
-
Entry
inpview in InPerson in SGI IRIX 5.3 through IRIX 6.5.10 allows local users to gain privileges via a symlink attack on the .ilmpAAA temporary file.
[1530]
[20000802 [LSD] some unpublished LSD exploit codes]
[20001101-01-I]
[irix-inpview-symlink(5065)]
-
Entry
GNU Groff uses the current working directory to find a device description file, which allows a local user to gain additional privileges by including a malicious postpro directive in the description file, which is executed when another user runs groff.
[20001004 GNU Groff utilities read untrusted commands from current working directory]
[gnu-groff-utilities(5280)]
-
Entry
Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass the directionality check via fragmented TCP connection requests or reopening closed TCP connection requests, aka "One-way Connection Enforcement Bypass."
[http://www.checkpoint.com/techsupport/alerts/list_vun.html#One-way_Connection]
[4419]
[fw1-remote-bypass(5468)]
-
Entry
Check Point VPN-1/FireWall-1 4.1 and earlier improperly retransmits encapsulated FWS packets, even if they do not come from a valid FWZ client, aka "Retransmission of Encapsulated Packets."
[http://www.checkpoint.com/techsupport/alerts/list_vun.html#Retransmission_of]
[4415]
[fw1-client-spoof(5469)]
-
Entry
The inter-module authentication mechanism (fwa1) in Check Point VPN-1/FireWall-1 4.1 and earlier may allow remote attackers to conduct a denial of service, aka "Inter-module Communications Bypass."
[http://www.checkpoint.com/techsupport/alerts/list_vun.html#Inter-module_Communications]
[4413]
[fw1-fwa1-auth-replay(5162)]
-
Entry
The OPSEC communications authentication mechanism (fwn1) in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to spoof connections, aka the "OPSEC Authentication Vulnerability."
[http://www.checkpoint.com/techsupport/alerts/list_vun.html#OPSEC_Authentication]
[4420]
[fw1-opsec-auth-spoof(5471)]
-
Entry
The seed generation mechanism in the inter-module S/Key authentication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass authentication via a brute force attack, aka "One-time (s/key) Password Authentication."
[http://www.checkpoint.com/techsupport/alerts/list_vun.html#One-time_Password]
[4421]
[fw1-localhost-auth(5137)]
-
Entry
Buffer overflow in Getkey in the protocol checker in the inter-module communication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to cause a denial of service.
[http://www.checkpoint.com/techsupport/alerts/list_vun.html#Getkey_Buffer]
[4422]
[fw1-getkey-bo(5139)]
-
Entry
Auction Weaver 1.0 through 1.04 does not properly validate the names of form fields, which allows remote attackers to delete arbitrary files and directories via a .. (dot dot) attack.
[1782]
[20001016 File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04]
[1600]
[auction-weaver-delete-files(5371)]
-
Entry
Auction Weaver 1.0 through 1.04 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the username or bidfile form fields.
[1783]
[20001016 File deletion and other bugs in Auction Weaver LITE 1.0 - 1.04]
[4053]
[auction-weaver-username-bidfile(5372)]
-
Entry
Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to redirect FTP connections to other servers ("FTP Bounce") via invalid FTP commands that are processed improperly by FireWall-1, aka "FTP Connection Enforcement Bypass."
[http://www.checkpoint.com/techsupport/alerts/list_vun.html#FTP_Connection]
[4434]
[fw1-ftp-redirect(5474)]
-
Entry
Linux tmpwatch --fuser option allows local users to execute arbitrary commands by creating files whose names contain shell metacharacters.
[1785]
[20001006 Insecure call of external programs in Red Hat Linux tmpwatch]
[MDKSA-2000:056]
[RHSA-2000:080]
[linux-tmpwatch-fuser(5320)]
-
Entry
The default installation for the Oracle listener program 7.3.4, 8.0.6, and 8.1.6 allows an attacker to cause logging information to be appended to arbitrary files and execute commands via the SET TRC_FILE or SET LOG_FILE commands.
[http://otn.oracle.com/deploy/security/pdf/listener_alert.pdf]
[20001025 Vulnerability in the Oracle Listener Program]
[oracle-listener-connect-statements(5380)]
-
Entry
The unsetenv function in glibc 2.1.1 does not properly unset an environmental variable if the variable is provided twice to a program, which could allow local users to execute arbitrary commands in setuid programs by specifying their own duplicate environmental variables such as LD_PRELOAD or LD_LIBRARY_PATH.
[1639]
[648]
[19990917 A few bugs...]
[20000831 glibc unsetenv bug]
[20000902 Conectiva Linux Security Announcement - glibc]
[20000905 Conectiva Linux Security Announcement - glibc]
[20000906 [slackware-security]: glibc 2.1.3 vulnerabilities patched]
[CSSA-2000-028.0]
[20000902 glibc: local root exploit]
[MDKSA-2000:040]
[MDKSA-2000:045]
[RHSA-2000:057]
[20000924 glibc locale security problem]
[TLSA2000020-1]
[glibc-ld-unsetenv(5173)]
-
Entry
Ipswitch Imail 6.0 allows remote attackers to cause a denial of service via a large number of connections in which a long Host: header is sent, which causes a thread to crash.
[2011]
[20000817 Imail Web Service Remote DoS Attack v.2]
[20000817 Imail Web Service Remote DoS Attack v.2]
[20000817 Imail Web Service Remote DoS Attack v.2]
[ipswitch-imail-remote-dos(5475)]
-
Entry
The tmpwatch utility in Red Hat Linux forks a new process for each directory level, which allows local users to cause a denial of service by creating deeply nested directories in /tmp or /var/tmp/.
[1664]
[20000909 tmpwatch: local DoS : fork()bomb as root]
[RHSA-2000:080]
[linux-tmpwatch-fork-dos(5217)]
-
Entry
annclist.exe in webTV for Windows allows remote attackers to cause a denial of service by via a large, malformed UDP packet to ports 22701 through 22705.
[1671]
[20000913 trivial DoS in webTV]
[MS00-074]
[webtv-udp-dos(5216)]
-
Entry
The Windows 2000 telnet client attempts to perform NTLM authentication by default, which allows remote attackers to capture and replay the NTLM challenge/response via a telnet:// URL that points to the malicious server, aka the "Windows 2000 Telnet Client NTLM Authentication" vulnerability.
[A091400-1]
[1683]
[MS00-067]
[win2k-telnet-ntlm-authentication(5242)]
-
Entry
FTP Serv-U 2.5e allows remote attackers to cause a denial of service by sending a large number of null bytes.
[1543]
[20000804 FTP Serv-U 2.5e vulnerability.]
[servu-null-character-dos(5029)]
-
Entry
Fastream FUR HTTP server 1.0b allows remote attackers to cause a denial of service via a long GET request.
[20000914 DST2K0028: DoS in FUR HTTP Server v1.0b]
[fur-get-dos(5237)]
-
Entry
WinCOM LPD 1.00.90 allows remote attackers to cause a denial of service via a large number of LPD options to the LPD port (515).
[1701]
[20000919 VIGILANTE-2000013: WinCOM LPD DoS]
[wincom-lpd-dos(5258)]
-
Entry
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.
[IY13753]
[1634]
[20000902 Conectiva Linux Security Announcement - glibc]
[20000904 UNIX locale format string vulnerability]
[CSSA-2000-030.0]
[SSRT0689U]
[20000902 glibc: local root exploit]
[RHSA-2000:057]
[20000901-01-P]
[20000906 glibc locale security problem]
[TLSA2000020-1]
[unix-locale-format-string(5176)]
-
Entry
Buffer overflow in Darxite 0.4 and earlier allows a remote attacker to execute arbitrary commands via a long username or password.
[1598]
[20000821 Darxite daemon remote exploit/DoS problem]
[darxite-login-bo(5134)]
-
Entry
Buffer overflow in University of Washington c-client library (used by pine and other programs) allows remote attackers to execute arbitrary commands via a long X-Keywords header.
[1646]
[1687]
[20000901 More about UW c-client library]
[20000901 UW c-client library vulnerability]
[FreeBSD-SA-00:47.pine]
[c-client-dos(5223)]
-
Entry
Buffer overflow in IBM WebSphere web application server (WAS) allows remote attackers to execute arbitrary commands via a long Host: request header.
[1691]
[20000915 WebSphere application server plugin issue & vendor fix]
[http://www-4.ibm.com/software/webservers/appserv/doc/v3022/fxpklst.htm#Security]
[websphere-header-dos(5252)]
-
Entry
Race condition in Microsoft Windows Media server allows remote attackers to cause a denial of service in the Windows Media Unicast Service via a malformed request, aka the "Unicast Service Race Condition" vulnerability.
[1655]
[MS00-064]
[unicast-service-dos(5193)]
-
Entry
Netegrity SiteMinder before 4.11 allows remote attackers to bypass its authentication mechanism by appending "$/FILENAME.ext" (where ext is .ccc, .class, or .jpg) to the requested URL.
[A091100-1]
[1681]
[siteminder-bypass-authentication(5230)]
-
Entry
Buffer overflow in the Still Image Service in Windows 2000 allows local users to gain additional privileges via a long WM_USER message, aka the "Still Image Service Privilege Escalation" vulnerability.
[A090700-1]
[1651]
[MS00-065]
[w2k-still-image-service(5203)]
-
Entry
Multiple buffer overflows in eject on FreeBSD and possibly other OSes allows local users to gain root privileges.
[1686]
[FreeBSD-SA-00:49]
[1559]
[freebsd-eject-port(5248)]
-
Entry
YaBB Bulletin Board 9.1.2000 allows remote attackers to read arbitrary files via a .. (dot dot) attack.
[1668]
[20000909 YaBB 1.9.2000 Vulnerabilitie]
[yabb-file-access(5254)]
-
Entry
When a Microsoft Office 2000 document is launched, the directory of that document is first used to locate DLL's such as riched20.dll and msi.dll, which could allow an attacker to execute arbitrary commands by inserting a Trojan Horse DLL into the same directory as the document.
[1699]
[20000922 Eudora + riched20.dll affects WinZip v8.0 as well]
[20000921 Mitigators for possible exploit of Eudora via Guninski #21,2000]
[20000918 Double clicking on MS Office documents from Windows Explorer may execute arbitrary programs in some cases]
[office-dll-execution(5263)]
-
Entry
Buffer overflow in SunFTP build 9(1) allows remote attackers to cause a denial of service or possibly execute arbitrary commands via a long GET request.
[1638]
[20000901 [EXPL] SunFTP vulnerable to two Denial-of-Service attacks (long buffer, half-open)]
-
Entry
Vulnerability in Microsoft Windows NT 4.0 allows remote attackers to cause a denial of service in IIS by sending it a series of malformed requests which cause INETINFO.EXE to fail, aka the "Invalid URL" vulnerability.
[1642]
[20000906 VIGILANTE-2000009: "Invalid URL" DoS]
[MS00-063]
[iis-invald-url-dos(5202)]
-
Entry
The web configuration server for NTMail V5 and V6 allows remote attackers to cause a denial of service via a series of partial HTTP requests.
[1640]
[20000904 VIGILANTE-2000008: NTMail Configuration Service DoS]
[ntmail-incomplete-http-requests(5182)]
-
Entry
The file upload capability in PHP versions 3 and 4 allows remote attackers to read arbitrary files by setting hidden form fields whose names match the names of internal PHP script variables.
[1649]
[20000903 (SRADV00001) Arbitrary file disclosure through PHP file upload]
[20000904 Re: [PHP-DEV] RE: (SRADV00001) Arbitrary file disclosure through PHP file upload]
[http://cvsweb.php.net/viewcvs.cgi/php4/main/rfc1867.c.diff?r1=1.38%3Aphp_4_0_2&tr1=1.1&r2=text&tr2=1.45&diff_format=u]
[MDKSA-2000:048]
[php-file-upload(5190)]
-
Entry
Mailman 1.1 allows list administrators to execute arbitrary commands via shell metacharacters in the %(listname) macro expansion.
[1667]
[20000907 Mailman 1.1 + external archiver vulnerability]
[FreeBSD-SA-00:51]
[mailman-execute-external-commands(5493)]
-
Entry
Vulnerability in an administrative interface utility for Allaire Spectra 1.0.1 allows remote attackers to read and modify sensitive configuration information.
[ASB00-23]
[allaire-spectra-admin-access(5466)]
-
Entry
Buffer overflow in listmanager earlier than 2.105.1 allows local users to gain additional privileges.
[FreeBSD-SA-00:50]
[listmanager-port-bo(5503)]
-
Entry
Race condition in the creation of a Unix domain socket in GNOME esound 0.2.19 and earlier allows a local user to change the permissions of arbitrary files and directories, and gain additional privileges, via a symlink attack.
[1659]
[20000911 Patch for esound-0.2.19]
[20001006 Immunix OS Security Update for esound]
[20001008 esound: race condition]
[FreeBSD-SA-00:45]
[MDKSA-2000:051]
[RHSA-2000:077]
[20001012 esound daemon race condition]
[gnome-esound-symlink(5213)]
-
Entry
Buffer overflow in dvtermtype in Tridia Double Vision 3.07.00 allows local users to gain root privileges via a long terminal type argument.
[1697]
[20000916 Advisory: Tridia DoubleVision / SCO UnixWare]
[doublevision-dvtermtype-bo(5261)]
-
Entry
Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.
[20000917 klogd format bug]
[20000918 Conectiva Linux Security Announcement - sysklogd]
[CSSA-2000-032.0]
[20000919]
[MDKSA-2000:050]
[5824]
[RHSA-2000:061]
[20000920 syslogd + klogd format string parsing error]
[TLSA2000022-2]
[klogd-format-string(5259)]
-
Entry
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.
[A090700-2]
[1658]
[20000907]
[suse-apache-cgi-source-code(5197)]
-
Entry
The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary directories via the PROPFIND HTTP request method.
[A090700-3]
[1656]
[20000907]
[apache-webdav-directory-listings(5204)]
-
Entry
Buffer overflow in EFTP allows remote attackers to cause a denial of service via a long string.
[1675]
[20000911[EXPL] EFTP vulnerable to two DoS attacks]
[1555]
[eftp-bo(5219)]
-
Entry
Buffer overflow in EFTP allows remote attackers to cause a denial of service by sending a string that does not contain a newline, then disconnecting from the server.
[1677]
[20000911[EXPL] EFTP vulnerable to two DoS attacks]
[409]
[eftp-newline-dos(5220)]
-
Entry
netstat in AIX 4.x.x does not properly restrict access to the -Zi option, which allows local users to clear network interface statistics and possibly hide evidence of unusual network activities.
[1660]
[20000903 aix allows clearing the interface stats]
[aix-clear-netstat(5214)]
-
Entry
Eudora mail client includes the absolute path of the sender's host within a virtual card (VCF).
[1653]
[20000907 Eudora disclosure]
[1545]
[eudora-path-disclosure(5206)]
-
Entry
WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to cause a denial of service by sending a long string of unprintable characters.
[20000905 WFTPD/WFTPD Pro 2.41 RC12 vulnerabilities]
[http://www.wftpd.com/bug_gpf.htm]
[wftpd-long-string-dos(5194)]
-
Entry
WFTPD and WFTPD Pro 2.41 RC12 allows remote attackers to obtain the full pathname of the server via a "%C" command, which generates an error message that includes the pathname.
[20000905 WFTPD/WFTPD Pro 2.41 RC12 vulnerabilities]
[5829]
[wftpd-path-disclosure(5196)]
-
Entry
mailform.pl CGI script in MailForm 2.0 allows remote attackers to read arbitrary files by specifying the file name in the XX-attach_file parameter, which MailForm then sends to the attacker.
[1670]
[20000911 Unsafe passing of variables to mailform.pl in MailForm V2.0]
[mailform-attach-file(5224)]
-
Entry
The mailto CGI script allows remote attacker to execute arbitrary commands via shell metacharacters in the emailadd form field.
[1669]
[20000911 Fwd: Poor variable checking in mailto.cgi]
[mailto-piped-address(5241)]
-
Entry
The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
[1678]
[MDKSA-2000:046]
[linux-mod-perl(5257)]
-
Entry
IIS 4.0 and 5.0 allows remote attackers to read documents outside of the web root, and possibly execute arbitrary commands, via malformed URLs that contain UNICODE encoded characters, aka the "Web Server Folder Traversal" vulnerability.
[1806]
[20001017 IIS %c1%1c remote command execution]
[MS00-078]
[436]
[oval:org.mitre.oval:def:44]
[iis-unicode-translation(5377)]
-
Entry
IIS 5.0 allows remote attackers to execute arbitrary commands via a malformed request for an executable file whose name is appended with operating system commands, aka the "Web Server File Request Parsing" vulnerability.
[1912]
[20001107 NSFOCUS SA2000-07 : Microsoft IIS 4.0/5.0 CGI File Name Inspection Vulnerability]
[MS00-086]
[oval:org.mitre.oval:def:191]
[iis-invalid-filename-passing(5470)]
-
Entry
named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by making a compressed zone transfer (ZXFR) request and performing a name service query on an authoritative record that is not cached, aka the "zxfr bug."
[1923]
[20001107 BIND 8.2.2-P5 Possible DOS]
[20001115 Trustix Security Advisory - bind and openssh (and modutils)]
[CA-2000-20]
[CLSA-2000:338]
[CLSA-2000:339]
[20001112 bind: remote Denial of Service]
[ERS-SVA-E01-2000:005.1]
[MDKSA-2000:067]
[RHSA-2000:107]
[SuSE-SA:2000:45]
[20001107 Possible DOS in Bind 8.2.2-P5]
[20001109 Re: Possible DOS in Bind 8.2.2-P5]
[bind-zxfr-dos(5540)]
-
Entry
named in BIND 8.2 through 8.2.2-P6 allows remote attackers to cause a denial of service by sending an SRV record to the server, aka the "srv bug."
[CA-2000-20]
[CLSA-2000:338]
[CLSA-2000:339]
[20001112 bind: remote Denial of Service]
[ERS-SVA-E01-2000:005.1]
[MDKSA-2000:067]
[RHSA-2000:107]
[SuSE-SA:2000:45]
[bind-srv-dos(5814)]
-
Entry
periodic in FreeBSD 4.1.1 and earlier, and possibly other operating systems, allows local users to overwrite arbitrary files via a symlink attack.
[2325]
[VU#626919]
[FreeBSD-SA-01:12]
[1754]
[periodic-temp-file-symlink(6047)]
-
Entry
A default ECL in Lotus Notes before 5.02 allows remote attackers to execute arbitrary commands by attaching a malicious program in an email message that is automatically executed when the user opens the email.
[VU#5962]
[http://www.notes.net/R5FixList.nsf/Search!SearchView&Query=CBAT45TU9S]
[lotus-notes-bypass-ecl(5045)]
-
Entry
Some telnet clients allow remote telnet servers to request environment variables from the client that may contain sensitive information, or remote web servers to obtain the information via a telnet: URL.
[VU#22404]
[telnet-obtain-env-variable(6644)]
-
Entry
HTTP server on the WatchGuard SOHO firewall does not properly restrict access to administrative functions such as password resets or rebooting, which allows attackers to cause a denial of service or conduct unauthorized activities.
[2119]
[20001214 Multiple vulnerabilities in the WatchGuard SOHO Firewall]
[4404]
[watchguard-soho-web-auth(5554)]
-
Entry
Buffer overflow in HTTP server on the WatchGuard SOHO firewall allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long GET request.
[2114]
[20001214 Multiple vulnerabilities in the WatchGuard SOHO Firewall]
[4403]
[watchguard-soho-web-dos(5218)]
-
Entry
WatchGuard SOHO firewall allows remote attackers to cause a denial of service via a flood of fragmented IP packets, which causes the firewall to drop connections and stop forwarding packets.
[2113]
[20001214 Multiple vulnerabilities in the WatchGuard SOHO Firewall]
[1690]
[watchguard-soho-fragmented-packets(5749)]
-
Entry
Small HTTP Server 2.03 and earlier allows remote attackers to cause a denial of service by repeatedly requesting a URL that references a directory that does not contain an index.html file, which consumes memory that is not released after the request is completed.
[1941]
[20001114 Vulnerabilites in SmallHTTP Server]
[http://home.lanck.net/mf/srv/index.htm]
[small-http-nofile-dos(5524)]
-
Entry
Directory traversal vulnerability in ssi CGI program in thttpd 2.19 and earlier allows remote attackers to read arbitrary files via a "%2e%2e" string, a variation of the .. (dot dot) attack.
[1737]
[20001002 thttpd ssi: retrieval of arbitrary world-readable files]
[FreeBSD-SA-00:73]
[acme-thttpd-ssi(5313)]
-
Entry
Format string vulnerability in screen 3.9.5 and earlier allows local users to gain root privileges via format characters in the vbell_msg initialization variable.
[1641]
[20000905 screen 3.9.5 root vulnerability]
[20000906 Screen-3.7.6 local compromise]
[20000902a]
[FreeBSD-SA-00:46]
[MDKSA-2000:044]
[RHSA-2000:058]
[20000906 screen format string parsing security problem]
[screen-format-string(5188)]
-
Entry
BrowseGate 2.80 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via long Authorization or Referer MIME headers in the HTTP request.
[1702]
[20000921 DST2K0031: DoS in BrowseGate(Home) v2.80(H)]
[http://www.netcplus.com/browsegate.htm#BGLatest]
[20000921 DST2K0031: DoS in BrowseGate(Home) v2.80(H)]
[browsegate-http-dos(5270)]
-
Entry
Buffer overflow in the automatic mail checking component of Pine 4.21 and earlier allows remote attackers to execute arbitrary commands via a long From: header.
[1709]
[20000922 [ no subject ]]
[20001031 FW: Pine 4.30 now available]
[FreeBSD-SA-00:59]
[MDKSA-2000:073]
[RHSA-2000:102]
[pine-check-mail-bo(5283)]
-
Entry
Horde library 1.02 allows attackers to execute arbitrary commands via shell metacharacters in the "from" address.
[1674]
[20000908 horde library bug - unchecked from-address]
[http://ssl.coc-ag.de/sec/hordelib-1.2.0.frombug.patch]
[20000910 imp: remote compromise]
[horde-imp-sendmail-command(5278)]
-
Entry
IMP 2.2 and earlier allows attackers to read and delete arbitrary files by modifying the attachment_name hidden form variable, which causes IMP to send the file to the attacker as an attachment.
[1679]
[20000912 (SRADV00003) Arbitrary file disclosure through IMP]
[imp-attach-file(5227)]
-
Entry
MultiHTML CGI script allows remote attackers to read arbitrary files and possibly execute arbitrary commands by specifying the file name to the "multi" parameter.
[20000913 MultiHTML vulnerability]
[http-cgi-multihtml(5285)]
-
Entry
mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.
[1728]
[20000929 Security vulnerability in Apache mod_rewrite]
[20001011 Conectiva Linux Security Announcement - apache]
[CSSA-2000-035.0]
[HPSBUX0010-126]
[MDKSA-2000:060]
[[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/]
[[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/]
[[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[RHSA-2000:088]
[RHSA-2000:095]
[apache-rewrite-view-files(5310)]
-
Entry
OpenBSD 2.6 and earlier allows remote attackers to cause a denial of service by flooding the server with ARP requests.
[1759]
[20001005 obsd_fun.c]
[1592]
[bsd-arp-request-dos(5340)]
-
Entry
fingerd in FreeBSD 4.1.1 allows remote attackers to read arbitrary files by specifying the target file name instead of a regular user name.
[1803]
[20001002 [sa2c@and.or.jp: bin/21704: enabling fingerd makes files world readable]]
[FreeBSD-SA-00:54]
[433]
[freebsd-fingerd-files(5385)]
-
Entry
Format string vulnerability in use_syslog() function in LPRng 3.6.24 allows remote attackers to execute arbitrary commands.
[1712]
[20000925 Format strings: bug #2: LPRng]
[CSSA-2000-033.0]
[CA-2000-22]
[FreeBSD-SA-00:56]
[RHSA-2000:065]
[lprng-format-string(5287)]
-
Entry
Directory traversal vulnerability in PHPix Photo Album 1.0.2 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack.
[1773]
[20001007 PHPix advisory]
[472]
[phpix-dir-traversal(5331)]
-
Entry
Directory traversal vulnerability in BOA web server 0.94.8.2 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack in the GET HTTP request that uses a "%2E" instead of a "."
[1770]
[20001006 Vulnerability in BOA web server v0.94.8.2]
[20001009 boa: exposes contents of local files]
[FreeBSD-SA-00:60]
[boa-webserver-get-dir-traversal(5330)]
-
Entry
Directory traversal vulnerability in Hassan Consulting shop.cgi shopping cart program allows remote attackers to read arbitrary files via a .. (dot dot) attack on the page parameter.
[1777]
[20001007 Security Advisory: Hassan Consulting's shop.cgi Directory Traversal Vulnerability.]
[1596]
[hassan-shopping-cart-dir-traversal(5342)]
-
Entry
Directory traversal vulnerability in Bytes Interactive Web Shopper shopping cart program (shopper.cgi) 2.0 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) attack on the newpage parameter.
[1776]
[20001008 Security Advisory: Bytes Interactive's Web Shopper (shopper.cgi) Directory Traversal Vulnerability]
[web-shopper-directory-traversal(5351)]
-
Entry
authenticate.cgi CGI program in Aplio PRO allows remote attackers to execute arbitrary commands via shell metacharacters in the password parameter.
[1784]
[20001006 Fwd: APlio PRO web shell]
[uclinux-apliophone-bin-execute(5333)]
-
Entry
Directory traversal vulnerability in search.cgi CGI script in Armada Master Index allows remote attackers to read arbitrary files via a .. (dot dot) attack in the "catigory" parameter.
[1772]
[20001009 Master Index traverse advisory]
[461]
[master-index-directory-traversal(5355)]
-
Entry
The default installation of SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) installs the _private directory with world readable permissions, which allows remote attackers to obtain sensitive information.
[1734]
[20001002 DST2K0035: Credit card (customer) details exposed within CyberOff ice Shopping Cart v2]
[20001002 DST2K0035: Credit card (customer) details exposed within CyberOff ice Shopping Cart v2]
[cyberoffice-world-readable-directory(5318)]
-
Entry
SmartWin CyberOffice Shopping Cart 2 (aka CyberShop) allows remote attackers to modify price information by changing the "Price" hidden form variable.
[1733]
[20001002 DST2K0036: Price modification possible in CyberOffice Shopping Cart]
[20001002 DST2K0036: Price modification possible in CyberOffice Shopping Ca rt]
[cyberoffice-price-modification(5319)]
-
Entry
WQuinn QuotaAdvisor 4.1 does not properly record file sizes if they are stored in alternative data streams, which allows users to bypass quota restrictions.
[1724]
[20000928 DST2K0037: QuotaAdvisor 4.1 by WQuinn is susceptible to alternati ve datastreams to bypass quotas.]
[20000928 DST2K0037: QuotaAdvisor 4.1 by WQuinn is susceptible to alternati ve datastreams to bypass quotas.]
[quotaadvisor-quota-bypass(5302)]
-
Entry
WQuinn QuotaAdvisor 4.1 allows users to list directories and files by running a report on the targeted shares.
[1765]
[20001006 DST2K0040: QuotaAdvisor 4.1 by WQuinn susceptible to any user bei ng able to list (not read) all files on any server running QuotaAdvisor.]
[quotaadvisor-list-files(5327)]
-
Entry
Microsoft Windows Media Player 7 allows attackers to cause a denial of service in RTF-enabled email clients via an embedded OCX control that is not closed properly, aka the "OCX Attachment" vulnerability.
[1714]
[20000929 Malformed Embedded Windows Media Player 7 "OCX Attachment"]
[MS00-068]
[mediaplayer-outlook-dos(5309)]
-
Entry
Pegasus Mail 3.12 allows remote attackers to read arbitrary files via an embedded URL that calls the mailto: protocol with a -F switch.
[1738]
[20001003 Pegasus mail file reading vulnerability]
[20001030 Pegasus Mail file reading vulnerability]
[pegasus-file-forwarding(5326)]
-
Entry
MAILsweeper for SMTP 3.x does not properly handle corrupt CDA documents in a ZIP file and hangs, which allows remote attackers to cause a denial of service.
[20000926 FW: DOS for Content Technologies' MAILsweeper for SMTP.]
[mailsweeper-smtp-dos(5641)]
-
Entry
The Input Method Editor (IME) in the Simplified Chinese version of Windows 2000 does not disable access to privileged functionality that should normally be restricted, which allows local users to gain privileges, aka the "Simplified Chinese IME State Recognition" vulnerability.
[1729]
[MS00-069]
[win2k-simplified-chinese-ime(5301)]
-
Entry
Glint in Red Hat Linux 5.2 allows local users to overwrite arbitrary files and cause a denial of service via a symlink attack.
[1703]
[RHSA-2000:062]
[glint-symlink(5271)]
-
Entry
Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users to overwrite arbitrary files via a symlink attack on the cgi.log file.
[1872]
[20001030 Samba 2.0.7 SWAT vulnerabilities]
[samba-swat-logging-sym-link(5443)]
-
Entry
Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords.
[1874]
[20001030 Samba 2.0.7 SWAT vulnerabilities]
[samba-swat-logfile-info(5445)]
-
Entry
Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login attempts in which the username is correct but the password is wrong, which allows remote attackers to conduct brute force password guessing attacks.
[1873]
[20001030 Samba 2.0.7 SWAT vulnerabilities]
[samba-swat-brute-force(5442)]
-
Entry
Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server.
[20001030 Samba 2.0.7 SWAT vulnerabilities]
[samba-swat-brute-force(5442)]
-
Entry
Kootenay Web KW Whois 1.0 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "whois" parameter.
[1883]
[20001029 Re: Remote command execution via KW Whois 1.0 (addition)]
[20001029 Remote command execution via KW Whois 1.0]
[http://www.kootenayweb.bc.ca/scripts/whois.txt]
[kw-whois-meta(5438)]
-
Entry
The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross Site Scripting" vulnerability.
[1861]
[20001028 IIS 5.0 cross site scripting vulnerability - using .htw]
[MS00-084]
[iis-htw-cross-scripting(5441)]
-
Entry
Buffer overflow in bftp daemon (bftpd) 1.0.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long USER command.
[1858]
[20001027 Potential Security Problem in bftpd-1.0.11]
[bftpd-user-bo(5426)]
-
Entry
CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password.
[1881]
[20001027 CGI-Bug: News Update 1.1 administration password bug]
[news-update-bypass-password(5433)]
-
Entry
The web configuration interface for Catalyst 3500 XL switches allows remote attackers to execute arbitrary commands without authentication when the enable password is not set, via a URL containing the /exec/ directory.
[1846]
[20001026 Advisory def-2000-02: Cisco Catalyst remote command execution]
[20001113 Re: 3500XL]
[444]
[cisco-catalyst-remote-commands(5415)]
-
Entry
Compaq Easy Access Keyboard software 1.3 does not properly disable access to custom buttons when the screen is locked, which could allow an attacker to gain privileges or execute programs without authorization.
[http://www5.compaq.com/support/files/desktops/us/revision/1723.html]
[20001012 Security issue with Compaq Easy Access Keyboard software]
[5831]
[compaq-ea-elevate-privileges(5718)]
-
Entry
Format string vulnerability in cfd daemon in GNU CFEngine before 1.6.0a11 allows attackers to execute arbitrary commands via format characters in the CAUTH command.
[1757]
[20001002 Very probable remote root vulnerability in cfengine]
[MDKSA-2000:061]
[NetBSD-SA2000-013]
[cfengine-cfd-format-string(5630)]
-
Entry
GnoRPM before 0.95 allows local users to modify arbitrary files via a symlink attack.
[1761]
[20001002 GnoRPM local /tmp vulnerability]
[20001003 Conectiva Linux Security Announcement - gnorpm]
[20001011 Immunix OS Security Update for gnorpm package]
[MDKSA-2000:055]
[RHSA-2000:072]
[gnorpm-temp-symlink(5317)]
-
Entry
Heap overflow in savestr function in LBNL traceroute 1.4a5 and earlier allows a local user to execute arbitrary commands via the -g option.
[1739]
[20000928 Very interesting traceroute flaw]
[20000930 Conectiva Linux Security Announcement - traceroute]
[CSSA-2000-034.0]
[20001013 traceroute: local root exploit]
[MDKSA-2000:053]
[RHSA-2000:078]
[TLSA2000023-1]
[traceroute-heap-overflow(5311)]
-
Entry
A misconfiguration in IIS 5.0 with Index Server enabled and the Index property set allows remote attackers to list directories in the web root via a Web Distributed Authoring and Versioning (WebDAV) search.
[A100400-1]
[1756]
[Q272079]
[iis-index-dir-traverse(5335)]
-
Entry
global.cgi CGI program in Global 3.55 and earlier on NetBSD allows remote attackers to execute arbitrary commands via shell metacharacters.
[FreeBSD-SA-00:64]
[NetBSD-SA2000-014]
[6486]
[global-execute-remote-commands(5424)]
-
Entry
Shambala Server 4.5 allows remote attackers to cause a denial of service by opening then closing a connection.
[1778]
[20001009 Shambala 4.5 vulnerability]
[shambala-connection-dos(5345)]
-
Entry
cyrus-sasl before 1.5.24 in Red Hat Linux 7.0 does not properly verify the authorization for a local user, which could allow the users to bypass specified access restrictions.
[1875]
[RHSA-2000:094]
[cyrus-sasl-gain-access(5427)]
-
Entry
The pluggable authentication module for mysql (pam_mysql) before 0.4.7 does not properly cleanse user input when constructing SQL statements, which allows attackers to obtain plaintext passwords or hashes.
[20001026 (SRADV00004) Remote and local vulnerabilities in pam_mysql]
[pammysql-auth-input(5447)]
-
Entry
HotJava Browser 3.0 allows remote attackers to access the DOM of a web page by opening a javascript: URL in a named window.
[20001025 HotJava Browser 3.0 JavaScript security vulnerability]
[hotjava-browser-dom-access(5428)]
-
Entry
glibc2 does not properly clear the LD_DEBUG_OUTPUT and LD_DEBUG environmental variables when a program is spawned from a setuid program, which could allow local users to overwrite files via a symlink attack.
[1719]
[20000926 ld.so bug - LD_DEBUG_OUTPUT follows symlinks]
[glibc-unset-symlink(5299)]
-
Entry
The POP3 server in Netscape Messaging Server 4.15p1 generates different error messages for incorrect user names versus incorrect passwords, which allows remote attackers to determine valid users on the system and harvest email addresses for spam abuse.
[1787]
[20001011 Netscape Messaging server 4.15 poor error strings]
[netscape-messaging-email-verify(5364)]
-
Entry
Buffer overflow in IMAP server in Netscape Messaging Server 4.15 Patch 2 allows local users to execute arbitrary commands via a long LIST command.
[1721]
[20000928 commercial products and security [ + new bug ]]
[netscape-messaging-list-dos(5292)]
-
Entry
The IPSEC implementation in OpenBSD 2.7 does not properly handle empty AH/ESP packets, which allows remote attackers to cause a denial of service.
[1723]
[20000925 Nmap Protocol Scanning DoS against OpenBSD IPSEC]
[20000918 Bad ESP/AH packets could cause a crash under certain conditions.]
[1574]
[openbsd-nmap-dos(5634)]
-
Entry
Buffer overflow in the web administration service for the HiNet LP5100 IP-phone allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
[1727]
[20000928 Another thingy.]
[hinet-ipphone-get-bo(5298)]
-
Entry
The NSAPI plugins for TGA and the Java Servlet proxy in HP-UX VVOS 10.24 and 11.04 allows an attacker to cause a denial of service (high CPU utilization).
[HPSBUX0010-124]
[hp-virtualvault-nsapi-dos(5361)]
-
Entry
Buffer overflows in lpspooler in the fileset PrinterMgmt.LP-SPOOL of HP-UX 11.0 and earlier allows local users to gain privileges.
[HPSBUX0010-125]
[7244]
[hp-lpspooler-bo(5379)]
-
Entry
PHP 3 and 4 do not properly cleanse user-injected format strings, which allows remote attackers to execute arbitrary commands by triggering error messages that are improperly written to the error logs.
[A101200-1]
[1786]
[20001012 Conectiva Linux Security Announcement - mod_php3]
[CSSA-2000-037.0]
[20001014a]
[20001014b]
[FreeBSD-SA-00:75]
[MDKSA-2000:062]
[RHSA-2000:088]
[RHSA-2000:095]
[php-logging-format-string(5359)]
-
Entry
Buffer overflow in Half Life dedicated server before build 3104 allows remote attackers to execute arbitrary commands via a long rcon command.
[1799]
[20001016 Half-Life Dedicated Server Vulnerability]
[20001024 Tamandua Sekure Labs Security Advisory 2000-01]
[20001027 Re: Half Life dedicated server Patch]
[halflife-server-changelevel-bo(5375)]
-
Entry
Format string vulnerability in Half Life dedicated server build 3104 and earlier allows remote attackers to execute arbitrary commands by injecting format strings into the changelevel command, via the system console or rcon.
[20001016 Half-Life Dedicated Server Vulnerability]
[20001024 Tamandua Sekure Labs Security Advisory 2000-01]
[20001027 Re: Half Life dedicated server Patch]
[6983]
[halflife-rcon-format-string(5413)]
-
Entry
IIS 4.0 and 5.0 .ASP pages send the same Session ID cookie for secure and insecure web sessions, which could allow remote attackers to hijack the secure web session of the user if that user moves to an insecure session, aka the "Session ID Cookie Marking" vulnerability.
[http://www.acrossecurity.com/aspr/ASPR-2000-07-22-1-PUB.txt]
[MS00-080]
[7265]
[session-cookie-remote-retrieval(5396)]
-
Entry
HP-UX 11.00 crontab allows local users to read arbitrary files via the -e option by creating a symlink to the target file during the crontab session, quitting the session, and reading the error messages that crontab generates.
[20001020 [ Hackerslab bug_paper ] HP-UX crontab temporary file symbolic link vulnerability]
[hp-crontab-read-files(5410)]
-
Entry
Buffer overflow in curl earlier than 6.0-1.1, and curl-ssl earlier than 6.0-1.2, allows remote attackers to execute arbitrary commands by forcing a long error message to be generated.
[1804]
[20001013a]
[FreeBSD-SA-00:72]
[RHBA-2000:092-01]
[curl-error-bo(5374)]
-
Entry
GnuPG (gpg) 1.0.3 does not properly check all signatures of a file containing multiple documents, which allows an attacker to modify contents of all documents but the first without detection.
[1797]
[20001011 GPG 1.0.3 doesn't detect modifications to files with multiple signatures]
[20001025 Immunix OS Security Update for gnupg package]
[CSSA-2000-038.0]
[CLSA-2000:334]
[20001111 gnupg: incorrect signature verification]
[FreeBSD-SA-00:67]
[MDKSA-2000:063-1]
[1608]
[RHSA-2000:089]
[gnupg-message-modify(5386)]
-
Entry
Directory traversal vulnerability in apexec.pl in Anaconda Foundation Directory allows remote attackers to read arbitrary files via a .. (dot dot) attack.
[20001012 Anaconda Advisory]
[435]
[anaconda-apexec-directory-traversal(5750)]
-
Entry
Buffer overflow in xlib in XFree 3.3.x possibly allows local users to execute arbitrary commands via a long DISPLAY environment variable or a -display command line parameter.
[1805]
[20001012 another Xlib buffer overflow]
[20020502-01-I]
[xfree-xlib-bo(5751)]
-
Entry
mailfile.cgi CGI program in MailFile 1.10 allows remote attackers to read arbitrary files by specifying the target file name in the "filename" parameter in a POST request, which is then sent by email to the address specified in the "email" parameter.
[1807]
[20001011 Mail File POST Vulnerability]
[mailfile-post-file-read(5358)]
-
Entry
bbd server in Big Brother System and Network Monitor before 1.5c2 allows remote attackers to execute arbitrary commands via the "&" shell metacharacter.
[1779]
[20001010 Big Brother Systems and Network Monitor vulnerability]
[bb4-netmon-execute-commands(5719)]
-
Entry
File and Print Sharing service in Windows 95, Windows 98, and Windows Me does not properly check the password for a file share, which allows remote attackers to bypass share access controls by sending a 1-byte password that matches the first character of the real password, aka the "Share Level Password" vulnerability.
[1780]
[20001012 NSFOCUS SA2000-05: Microsoft Windows 9x NETBIOS password]
[MS00-072]
[oval:org.mitre.oval:def:996]
[win9x-share-level-password(5395)]
-
Entry
NMPI (Name Management Protocol on IPX) listener in Microsoft NWLink does not properly filter packets from a broadcast address, which allows remote attackers to cause a broadcast storm and flood the network.
[1781]
[MS00-073]
[win-nmpi-packet-dos(5357)]
-
Entry
MySQL Database Engine uses a weak authentication method which leaks information that could be used by a remote attacker to recover the password.
[20001023 [CORE SDI ADVISORY] MySQL weak authentication]
[http://www.mysql.com/documentation/mysql/commented/manual.php?section=Security]
[mysql-authentication(5409)]
-
Entry
Internet Explorer before 5.5 forwards cached user credentials for a secure web site to insecure pages on the same web site, which could allow remote attackers to obtain the credentials by monitoring connections to the web server, aka the "Cached Web Credentials" vulnerability.
[1793]
[http://www.acrossecurity.com/aspr/ASPR-2000-07-22-2-PUB.txt]
[MS00-076]
[ie-cache-info(5367)]
-
Entry
Microsoft NetMeeting with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service (CPU utilization) via a sequence of null bytes to the NetMeeting port, aka the "NetMeeting Desktop Sharing" vulnerability.
[1798]
[20001018 Denial of Service attack against computers running Microsoft NetMeeting]
[MS00-077]
[Q273854]
[netmeeting-desktop-sharing-dos(5368)]
-
Entry
The HTTP server in Cisco IOS 12.0 through 12.1 allows local users to cause a denial of service (crash and reload) via a URL containing a "?/" string.
[1838]
[20001026 [CORE SDI ADVISORY] Cisco IOS HTTP server DoS]
[20001025 Cisco IOS HTTP Server Query Vulnerability]
[cisco-ios-query-dos(5412)]
-
Entry
Buffer overflow in Intel InBusiness eMail Station 1.04.87 POP service allows remote attackers to cause a denial of service and possibly execute commands via a long username.
[20001020 DoS in Intel corporation 'InBusiness eMail Station']
[6488]
[intel-email-username-bo(5414)]
-
Entry
cmd5checkpw 0.21 and earlier allows remote attackers to cause a denial of service via an "SMTP AUTH" command with an unknown username.
[1809]
[20001016 Authentication failure in cmd5checkpw 0.21]
[http://members.elysium.pl/brush/cmd5checkpw/changes.html]
[cmd5checkpw-qmail-bypass-authentication(5382)]
-
Entry
Buffer overflow in Hilgraeve, Inc. HyperTerminal client on Windows 98, ME, and 2000 allows remote attackers to execute arbitrary commands via a long telnet URL, aka the "HyperTerminal Buffer Overflow" vulnerability.
[1815]
[MS00-079]
[win-hyperterminal-telnet-bo(5387)]
-
Entry
Directory traversal vulnerability in scp in sshd 1.2.xx allows a remote malicious scp server to overwrite arbitrary files via a .. (dot dot) attack.
[1742]
[20000930 scp file transfer hole]
[20001001 openssh2.2.p1 - Re: scp file transfer hole]
[MDKSA-2000:057]
[scp-overwrite-files(5312)]
-
Entry
Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.
[1744]
[20001004 Re: OpenBSD Security Advisory]
[FreeBSD-SA-00:58]
[NetBSD-SA2000-015]
[20001003 A format string vulnerability exists in the pw_error(3) function.]
[bsd-libutil-format(5339)]
-
Entry
Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating systems) allows local users to gain root privileges via the PWD environmental variable.
[1746]
[20001004 Re: OpenBSD Security Advisory]
[ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch]
[20001006 There are printf-style format string bugs in several privileged programs.]
[bsd-fstat-format(5338)]
-
Entry
Format string vulnerability in OpenBSD yp_passwd program (and possibly other BSD-based operating systems) allows attackers to gain root privileges a malformed name.
[ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch]
[20001006 There are printf-style format string bugs in several privileged programs.]
[6125]
[bsd-yp-passwd-format(5635)]
-
Entry
Format string vulnerability in OpenBSD su program (and possibly other BSD-based operating systems) allows local attackers to gain root privileges via a malformed shell.
[ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch]
[20001006 There are printf-style format string bugs in several privileged programs.]
[6124]
[bsd-su-format(5636)]
-
Entry
Format string vulnerability in AOL Instant Messenger (AIM) 4.1.2010 allows remote attackers to cause a denial of service and possibly execute arbitrary commands by transferring a file whose name includes format characters.
[1747]
[20001003 AOL Instant Messenger DoS]
[aim-file-transfer-dos(5314)]
-
Entry
add_2_basket.asp in Element InstantShop allows remote attackers to modify price information via the "price" hidden form variable.
[20001024 Price modification in Element InstantShop]
[6487]
[instantshop-modify-price(5402)]
-
Entry
POP3 daemon in Stalker CommuniGate Pro 3.3.2 generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to determine valid email addresses on the server for SPAM attacks.
[1792]
[20001012 Re: Netscape Messaging server 4.15 poor error strings]
[communigate-email-verify(5363)]
-
Entry
NETBIOS client in Windows 95 and Windows 98 allows a remote attacker to cause a denial of service by changing a file sharing service to return an unknown driver type, which causes the client to crash.
[1794]
[20001012 NSFOCUS SA2000-04: Microsoft Win9x client driver type comparing vulnerability]
[win-netbios-driver-type-dos(5370)]
-
Entry
Format string vulnerability in OpenBSD photurisd allows local users to execute arbitrary commands via a configuration file directory name that contains formatting characters.
[20001004 Re: OpenBSD Security Advisory]
[6123]
[bsd-photurisd-format(5336)]
-
Entry
Directory traversal vulnerability in html_web_store.cgi and web_store.cgi CGI programs in eXtropia WebStore allows remote attackers to read arbitrary files via a .. (dot dot) attack on the page parameter.
[1774]
[20001009 Security Advisory : eXtropia WebStore (web_store.cgi) Directory Traversal Vulnerability]
[extropia-webstore-fileread(5347)]
-
Entry
Microsoft Exchange Server 5.5 does not properly handle a MIME header with a blank charset specified, which allows remote attackers to cause a denial of service via a charset="" command, aka the "Malformed MIME Header" vulnerability.
[1869]
[MS00-082]
[ms-exchange-mime-dos(5448)]
-
Entry
I-gear 3.5.7 and earlier does not properly process log entries in which a URL is longer than 255 characters, which allows an attacker to cause reporting errors.
[20001025 I-gear 3.5.x for Microsoft Proxy logging vulnerability + temporary fix.]
[igear-invalid-log(5791)]
-
Entry
Format string vulnerability in talkd in OpenBSD and possibly other BSD-based OSes allows remote attackers to execute arbitrary commands via a user name that contains format characters.
[1764]
[20001006 talkd [WAS: Re: OpenBSD Security Advisory]]
[linux-talkd-overwrite-root(5344)]
-
Entry
Buffer overflow in catopen() function in FreeBSD 5.0 and earlier, and possibly other OSes, allows local users to gain root privileges via a long environmental variable.
[FreeBSD-SA-00:53]
[6070]
[freebsd-catopen-bo(5638)]
-
Entry
Format string vulnerability in the search97.cgi CGI script in SCO help http server for Unixware 7 allows remote attackers to execute arbitrary commands via format characters in the queryText parameter.
[1717]
[20000927 Unixware SCOhelp http server format string vulnerability]
[3240]
[unixware-scohelp-format(5291)]
-
Entry
The default configuration of Apache (httpd.conf) on SuSE 6.4 includes an alias for the /usr/doc directory, which allows remote attackers to read package documentation and obtain system configuration information via an HTTP request for the /doc/packages URL.
[1707]
[20000921 httpd.conf in Suse 6.4]
[suse-installed-packages-exposed(5276)]
-
Entry
shred 1.0 file wiping utility does not properly open a file for overwriting or flush its buffers, which prevents shred from properly replacing the file's data and allows local users to recover the file.
[1788]
[20001010 Shred 1.0 Bug Report]
[20001011 Shred v1.0 Fix]
[shred-recover-files(5722)]
-
Entry
Search engine in Ultraseek 3.1 and 3.1.10 (aka Inktomi Search) allows remote attackers to cause a denial of service via a malformed URL.
[1866]
[20001030 Ultraseek 3.1.x Remote DoS Vulnerability]
[ultraseek-malformed-url-dos(5439)]
-
Entry
The mailguard feature in Cisco Secure PIX Firewall 5.2(2) and earlier does not properly restrict access to SMTP commands, which allows remote attackers to execute restricted commands by sending a DATA command before sending the restricted commands.
[1698]
[20000919 Cisco PIX Firewall (smtp content filtering hack)]
[20000920 Re: Cisco PIX Firewall (smtp content filtering hack) - Version 4.2(1) not exploitable]
[20001005 Cisco Secure PIX Firewall Mailguard Vulnerability]
[cisco-pix-smtp-filtering(5277)]
-
Entry
eWave ServletExec 3.0C and earlier does not restrict access to the UploadServlet Java/JSP servlet, which allows remote attackers to upload files and execute arbitrary commands.
[1876]
[20001101 Unify eWave ServletExec upload]
[ewave-servletexec-file-upload(5450)]
-
Entry
Multiple buffer overflows in LBNL tcpdump allow remote attackers to execute arbitrary commands.
[1870]
[20001120a]
[FreeBSD-SA-00:61]
[SuSE-SA:2000:46]
[tcpdump-afs-packet-overflow(5480)]
-
Entry
Cisco Secure PIX Firewall 5.2(2) allows remote attackers to determine the real IP address of a target FTP server by flooding the server with PASV requests, which includes the real IP address in the response when passive mode is established.
[1877]
[20001003 Cisco PIX Firewall allow external users to discover internal IPs]
[1623]
[cisco-pix-reveal-address(5646)]
-
Entry
Buffer overflow in dtterm in HP-UX 11.0 and HP Tru64 UNIX 4.0f through 5.1a allows local users to execute arbitrary code via a long -tn option.
[1889]
[20000810 Re: Possible vulnerability in HPUX ( Add vulnerability List )]
[20020902 Happy Labor Day from Snosoft]
[20020919 iDEFENSE OSF1/Tru64 3.x vuln clarification]
[VU#320067]
[20020919 iDEFENSE OSF1/Tru64 3.x vuln clarification]
[HPSBUX0011-128]
[SSRT2275]
[SSRT2280]
[hp-dtterm(5461)]
-
Entry
The client authentication interface for Check Point Firewall-1 4.0 and earlier generates different error messages for invalid usernames versus invalid passwords, which allows remote attackers to identify valid usernames on the firewall.
[1890]
[20001101 Re: Samba 2.0.7 SWAT vulnerabilities]
[1632]
[fw1-login-response(5816)]
-
Entry
Buffer overflow in the System Monitor ActiveX control in Windows 2000 allows remote attackers to execute arbitrary commands via a long LogFileName parameter in HTML source code, aka the "ActiveX Parameter Validation" vulnerability.
[1899]
[20001106 System Monitor ActiveX Buffer Overflow Vulnerability]
[MS00-085]
[system-monitor-activex-bo(5467)]
-
Entry
Directory traversal vulnerability in Extent RBS ISP web server allows remote attackers to read sensitive information via a .. (dot dot) attack on the Image parameter.
[1704]
[20000920 Extent RBS directory Transversal.]
[rbs-isp-directory-traversal(5275)]
-
Entry
The web administration interface for IBM AS/400 Firewall allows remote attackers to cause a denial of service via an empty GET request.
[SA90544]
[http://as400service.rochester.ibm.com/n_dir/nas4apar.NSF/5ec6cdc6ab42894a862568f90073c74a/9ce636030a58807186256955003d128d?OpenDocument]
[as400-firewall-dos(5266)]
-
Entry
Format string vulnerability in logging function of ypbind 3.3, while running in debug mode, leaks file descriptors and allows an attacker to cause a denial of service.
[1820]
[20001025 Immunix OS Security Update for ypbind package]
[20001030 Trustix Security Advisory - ping gnupg ypbind]
[CSSA-2000-039.0]
[20001014 nis: local exploit]
[MDKSA-2000:064]
[RHSA-2000:086]
[SuSE-SA:2000:042]
[ypbind-printf-format-string(5394)]
-
Entry
Buffer overflow in ypbind 3.3 possibly allows an attacker to gain root privileges.
[CSSA-2000-039.0]
[MDKSA-2000:064]
[SuSE-SA:2000:042]
[ypbind-remote-bo(5759)]
-
Entry
Buffer overflow in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.
[MDKSA-2000:064]
[linux-ypserv-bo(5730)]
-
Entry
Format string vulnerability in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.
[MDKSA-2000:064]
[linux-ypserv-format-string(5731)]
-
Entry
Format string vulnerability in ypbind-mt in SuSE SuSE-6.2, and possibly other Linux operating systems, allows an attacker to gain root privileges.
[1820]
[SuSE-SA:2000:042]
[ypbind-printf-format-string(5394)]
-
Entry
nss_ldap earlier than 121, when run with nscd (name service caching daemon), allows remote attackers to cause a denial of service via a flood of LDAP requests.
[1863]
[MDKSA-2000-066]
[RHSA-2000:024]
[nssldap-nscd-dos(5449)]
-
Entry
Buffer overflow in SMTP service of Lotus Domino 5.0.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long ENVID keyword in the "MAIL FROM" command.
[1905]
[20001103 [SAFER] Buffer overflow in Lotus Domino SMTP Server]
[442]
[lotus-domino-smtp-envid(5488)]
-
Entry
Allaire JRun 3.0 http servlet server allows remote attackers to cause a denial of service via a URL that contains a long string of "." characters.
[ASB00-030]
[20001101 Allaire's JRUN DoS]
[allaire-jrun-servlet-dos(5452)]
-
Entry
Allaire JRun 3.0 http servlet server allows remote attackers to directly access the WEB-INF directory via a URL request that contains an extra "/" in the beginning of the request (aka the "extra leading slash").
[ASB00-027]
[20001023 Allaire's JRUN Unauthenticated Access to WEB-INF directory]
[500]
[allaire-jrun-webinf-access(5407)]
-
Entry
Directory traversal vulnerability in Allaire JRun 2.3 server allows remote attackers to read arbitrary files via the SSIFilter servlet.
[ASB00-028]
[20001023 Allaire JRUN 2.3 Arbitrary File Retrieval]
[allaire-jrun-ssifilter-url(5405)]
-
Entry
Buffer overflow in CSAdmin module in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large packet.
[1705]
[20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server]
[ciscosecure-csadmin-bo(5272)]
-
Entry
Buffer overflow in CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large TACACS+ packet.
[1706]
[20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server]
[1569]
[ciscosecure-tacacs-dos(5273)]
-
Entry
CiscoSecure ACS Server 2.4(2) and earlier allows remote attackers to bypass LDAP authentication on the server if the LDAP server allows null passwords.
[1708]
[20000921 Multiple Vulnerabilities in CiscoSecure ACS for Windows NT Server]
[ciscosecure-ldap-bypass-authentication(5274)]
-
Entry
Vulnerabilities in database configuration scripts in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows local users to gain privileges, possibly via insecure permissions.
[1682]
[HPSBUX0009-120]
[hp-openview-nnm-scripts(5229)]
-
Entry
Buffer overflow in OverView5 CGI program in HP OpenView Network Node Manager (NNM) 6.1 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, in the SNMP service (snmp.exe), aka the "Java SNMP MIB Browser Object ID parsing problem."
[20000926 DST2K0014: BufferOverrun in HP Openview Network Node Manager v6.1 (Round2)]
[HPSBUX0009-121]
[openview-nmm-snmp-bo(5282)]
-
Entry
The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges.
[1735]
[20000929 Mandrake 7.1 bypasses Xauthority X session security.]
[MDKSA-2000:052]
[xinitrc-bypass-xauthority(5305)]
-
Entry
The default configuration of XFCE 3.5.1 bypasses the Xauthority access control mechanism with an "xhost + localhost" command in the xinitrc program, which allows local users to sniff X Windows traffic and gain privileges.
[1736]
[20001002 Local vulnerability in XFCE 3.5.1]
[FreeBSD-SA-00:65]
[xinitrc-bypass-xauthority(5305)]
-
Entry
Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the "Microsoft VM ActiveX Component" vulnerability.
[MS00-075]
[java-vm-applet(5127)]
-
Entry
pollit.cgi in Poll It 2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the poll_options parameter.
[20001023 Re: Poll It v2.0 cgi (again)]
[http://www.cgi-world.com/pollit.html]
[pollit-polloptions-execute-commands(5792)]
-
Entry
pollit.cgi in Poll It 2.01 and earlier allows remote attackers to access administrative functions without knowing the real password by specifying the same value to the entered_password and admin_password parameters.
[20001023 Re: Poll It v2.0 cgi (again)]
[pollit-admin-password-var(5419)]
-
Entry
pollit.cgi in Poll It 2.01 and earlier uses data files that are located under the web document root, which allows remote attackers to access sensitive or private information.
[20001023 Re: Poll It v2.0 cgi (again)]
[pollit-webroot-gain-access(5794)]
-
Entry
The GUI installation for iCal 2.1 Patch 2 disables access control for the X server using an "xhost +" command, which allows remote attackers to monitor X Windows events and gain privileges.
[A100900-1]
[1767]
[7213]
[ical-xhost-gain-privileges(5752)]
-
Entry
iCal 2.1 Patch 2 installs many files with world-writeable permissions, which allows local users to modify the iCal configuration and execute arbitrary commands by replacing the iplncal.sh program with a Trojan horse.
[A100900-1]
[1768]
[7212]
[ical-iplncal-gain-access(5756)]
-
Entry
csstart program in iCal 2.1 Patch 2 searches for the cshttpd program in the current working directory, which allows local users to gain root privileges by creating a Trojan Horse cshttpd program in a directory and calling csstart from that directory.
[A100900-1]
[1769]
[7210]
[ical-csstart-gain-access(5757)]
-
Entry
csstart program in iCal 2.1 Patch 2 uses relative pathnames to install the libsocket and libnsl libraries, which could allow the icsuser account to gain root privileges by creating a Trojan Horse library in the current or parent directory.
[A100900-1]
[1769]
[7209]
[ical-csstart-gain-access(5757)]
-
Entry
Directory traversal vulnerability in iPlanet Certificate Management System 4.2 and Directory Server 4.12 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the Agent, End Entity, or Administrator services.
[1839]
[20001026 [CORE SDI ADVISORY] iPlanet Certificate Management System 4.2 path traversal bug]
[http://www.iplanet.com/downloads/patches/0122.html]
[4086]
[486]
[iplanet-netscape-directory-traversal(5421)]
-
Entry
Buffer overflow in the SHTML logging functionality of iPlanet Web Server 4.x allows remote attackers to execute arbitrary commands via a long filename with a .shtml extension.
[20001026 Buffer overflow in iPlanet Web Server 4 server side SHTML parsing module]
[iplanet-web-server-shtml-bo(5446)]
-
Entry
Quake 1 (quake1) and ProQuake 1.01 and earlier allow remote attackers to cause a denial of service via a malformed (empty) UDP packet.
[1900]
[20001102 dos on quake1 servers]
[http://proquake.ai.mit.edu/]
[quake-empty-udp-dos(5527)]
-
Entry
Buffer overflow in Microsoft Phone Book Service allows local users to execute arbitrary commands, aka the "Phone Book Service Buffer Overflow" vulnerability.
[A120400-1]
[2048]
[MS00-094]
[phone-book-service-bo(5623)]
-
Entry
Buffer overflow in AOL Instant Messenger (AIM) before 4.3.2229 allows remote attackers to execute arbitrary commands via a "buddyicon" command with a long "src" argument.
[A121200-1]
[20001213 Administrivia & AOL IM Advisory]
[20001214 Re: AIM & @stake's advisory]
[1692]
[aolim-buddyicon-bo]
-
Entry
modprobe in the modutils 2.3.x package on Linux systems allows a local user to execute arbitrary commands via shell metacharacters.
[1936]
[20001112 RedHat 7.0 (and SuSE): modutils + netkit = root compromise. (fwd)]
[CLSA-2000:340]
[20001120 modutils: local exploit]
[MDKSA-2000:071]
[RHSA-2000:108]
[SuSE-SA:2000:44]
[linux-modprobe-execute-code(5516)]
-
Entry
crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating world-writeable temporary files and modifying them while the victim is editing the file.
[1960]
[20001116 vixie cron...]
[20001118a]
[vixie-cron-execute-commands(5543)]
-
Entry
The web server for the SonicWALL SOHO firewall allows remote attackers to cause a denial of service via a long username in the authentication page.
[2013]
[20001129 DoS in Sonicwall SOHO firewall]
[20001201 FW: SonicWALL SOHO Vulnerability (fwd)]
[1667]
[sonicwall-soho-dos(5596)]
-
Entry
Java Runtime Environment in Java Development Kit (JDK) 1.2.2_05 and earlier can allow an untrusted Java class to call into a disallowed class, which could allow an attacker to escape the Java sandbox and conduct unauthorized activities.
[HPSBUX0011-132]
[7255]
[00199]
[jdk-untrusted-java-class(5605)]
-
Entry
Directory traversal vulnerability in Winsock FTPd (WFTPD) 3.00 and 2.41 with the "Restrict to home directory" option enabled allows local users to escape the home directory via a "/../" string, a variation of the .. (dot dot) attack.
[2005]
[20001127 Vulnerability in Winsock FTPD 2.41/3.00 (Pro)]
[wftpd-dir-traverse(5608)]
-
Entry
Trend Micro InterScan VirusWall creates an "Intscan" share to the "InterScan" directory with permissions that grant Full Control permissions to the Everyone group, which allows attackers to gain privileges by modifying the VirusWall programs.
[2014]
[20001128 TrendMicro InterScan VirusWall shared folder problem]
[20001201 Responding to BugTraq ID 2014 - "Trend Micro InterScan VirusWall Shared Directory Vulnerability"]
[interscan-viruswall-unauth-access(5606)]
-
Entry
in.identd ident server in SuSE Linux 6.x and 7.0 allows remote attackers to cause a denial of service via a long request, which causes the server to access a NULL pointer and crash.
[2015]
[20001128 SuSE Linux 6.x 7.0 Ident buffer overflow]
[linux-ident-bo(5590)]
-
Entry
cons.saver in Midnight Commander (mc) 4.5.42 and earlier does not properly verify if an output file descriptor is a TTY, which allows local users to corrupt files by creating a symbolic link to the target file, calling mc, and specifying that link as a TTY argument.
[1945]
[20001113 Problems with cons.saver]
[20001125 mc: local DoS]
[MDKSA-2000:078]
[midnight-commander-conssaver-symlink(5519)]
-
Entry
Midnight Commander (mc) 4.5.51 and earlier does not properly process malformed directory names when a user opens a directory, which allows other local users to gain privileges by creating directories that contain special characters followed by the commands to be executed.
[2016]
[20001127 Midnight Commander]
[DSA-036]
[SuSE-SA:2001:11]
[midnight-commander-elevate-privileges(5929)]
-
Entry
Telnet Service for Windows 2000 Professional does not properly terminate incomplete connection attempts, which allows remote attackers to cause a denial of service by connecting to the server and not providing any input.
[2018]
[20001129 Windows 2000 Telnet Service DoS]
[win2k-telnet-dos(5598)]
-
Entry
Microsoft Windows Media Player 7 executes scripts in custom skin (.WMS) files, which could allow remote attackers to gain privileges via a skin that contains a malicious script, aka the ".WMS Script Execution" vulnerability.
[1976]
[MS00-090]
[mediaplayer-wms-script-exe(5575)]
-
Entry
Buffer overflow in Microsoft Windows Media Player allows remote attackers to execute arbitrary commands via a malformed Active Stream Redirector (.ASX) file, aka the ".ASX Buffer Overrun" vulnerability.
[A112300-1]
[1980]
[MS00-090]
[mediaplayer-asx-bo(5574)]
-
Entry
Buffer overflow in remote web administration component (webprox.dll) of 602Pro LAN SUITE before 2000.0.1.33 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long GET request.
[1979]
[20001122 602Pro Lan Suite Web Admin Overflow]
[http://www.software602.com/products/ls/support/newbuild.html]
[software602-lan-suite-bo(5583)]
-
Entry
Buffer overflow in setsenv command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands via a long "x=" argument.
[IY08812]
[IY10721]
[2032]
[20001201 Fixed local AIX V43 vulnerabilities]
[1676]
[aix-setsenv-bo(5621)]
-
Entry
Buffer overflow in digest command in IBM AIX 4.3.x and earlier allows local users to execute arbitrary commands.
[IY08143]
[IY08287]
[2033]
[20001201 Fixed local AIX V43 vulnerabilities]
[aix-digest-bo(5620)]
-
Entry
Buffer overflow in enq command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long -M argument.
[IY08143]
[IY08287]
[2034]
[20001201 Fixed local AIX V43 vulnerabilities]
[aix-enq-bo(5619)]
-
Entry
Buffer overflow in setclock command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands via a long argument.
[IY07790]
[IY07831]
[2035]
[20001201 Fixed local AIX V43 vulnerabilities]
-
Entry
Buffer overflow in pioout command in IBM AIX 4.3.x and earlier may allow local users to execute arbitrary commands.
[IY12638]
[2036]
[20001201 Fixed local AIX V43 vulnerabilities]
[aix-pioout-bo(5617)]
-
Entry
Buffer overflow in piobe command in IBM AIX 4.3.x allows local users to gain privileges via long environmental variables.
[IY12638]
[2037]
[20001201 Fixed local AIX V43 vulnerabilities]
[aix-piobe-bo(5616)]
-
Entry
Bill Kendrick web site guestbook (GBook) allows remote attackers to execute arbitrary commands via shell metacharacters in the _MAILTO form variable.
[1940]
[20001110 [hacksware] gbook.cgi remote command execution vulnerability]
[gbook-cgi-remote-execution(5509)]
-
Entry
DCForum cgforum.cgi CGI script allows remote attackers to read arbitrary files, and delete the program itself, via a malformed "forum" variable.
[1951]
[20001114 Cgisecurity.com advisory on dcforum]
[http://www.dcscripts.com/dcforum/dcfNews/124.html#1]
[1646]
[dcforum-cgi-view-files(5533)]
-
Entry
fshd (fsh daemon) in Debian GNU/Linux allows local users to overwrite files of other users via a symlink attack.
[20001130 DSA-002-1 fsh: symlink attack]
[7208]
[linux-fsh-symlink(5633)]
-
Entry
elvis-tiny before 1.4-10 in Debian GNU/Linux, and possibly other Linux operating systems, allows local users to overwrite files of other users via a symlink attack.
[1984]
[20001122 New version of elvis-tiny released]
[linux-tinyelvis-tmpfiles(5632)]
-
Entry
GNU ed before 0.2-18.1 allows local users to overwrite the files of other users via a symlink attack.
[20001211 Immunix OS Security update for ed]
[CLA-2000:359-2]
[20001129 DSA-001-1 ed: symlink attack]
[MDKSA-2000:076]
[6491]
[RHSA-2000:123]
[gnu-ed-symlink(5723)]
-
Entry
The installation of Microsoft Exchange 2000 before Rev. A creates a user account with a known password, which could allow attackers to gain privileges, aka the "Exchange User Account" vulnerability.
[1958]
[MS00-088]
[ms-exchange-username-pwd(5537)]
-
Entry
Recourse ManTrap 1.6 does not properly hide processes from attackers, which could allow attackers to determine that they are in a honeypot system by comparing the results from kill commands with the process listing in the /proc filesystem.
[1908]
[20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)]
[20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs]
[mantrap-hidden-processes(5473)]
-
Entry
Recourse ManTrap 1.6 modifies the kernel so that ".." does not appear in the /proc listing, which allows attackers to determine that they are in a honeypot system.
[20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)]
[20001105 Mantrap Advisory Vendor Followup - Fate Research Labs]
[20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs]
[mantrap-hidden-processes(5473)]
-
Entry
Recourse ManTrap 1.6 generates an error when an attacker cd's to /proc/self/cwd and executes the pwd command, which allows attackers to determine that they are in a honeypot system.
[20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)]
[20001105 Mantrap Advisory Vendor Followup - Fate Research Labs]
[20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs]
[mantrap-pwd-reveal-information(5949)]
-
Entry
Recourse ManTrap 1.6 hides the first 4 processes that run on a Solaris system, which allows attackers to determine that they are in a honeypot system.
[20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)]
[20001105 Mantrap Advisory Vendor Followup - Fate Research Labs]
[20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs]
[mantrap-hidden-processes(5473)]
-
Entry
Recourse ManTrap 1.6 sets up a chroot environment to hide the fact that it is running, but the inode number for the resulting "/" file system is higher than normal, which allows attackers to determine that they are in a chroot environment.
[1909]
[20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)]
[20001105 Mantrap Advisory Vendor Followup - Fate Research Labs]
[20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs]
[mantrap-inode-disclosure(5472)]
-
Entry
Recourse ManTrap 1.6 allows attackers who have gained root access to use utilities such as crash or fsdb to read /dev/mem and raw disk devices to identify ManTrap processes or modify arbitrary data files.
[20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)]
[20001105 Mantrap Advisory Vendor Followup - Fate Research Labs]
[20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs]
[mantrap-identify-processes(5950)]
-
Entry
Recourse ManTrap 1.6 allows attackers to cause a denial of service via a sequence of commands that navigate into and out of the /proc/self directory and executing various commands such as ls or pwd.
[1913]
[20001102 Mantrap By Recourse Technologies - Fate Advisory (11-01-00)]
[20001105 Mantrap Advisory Vendor Followup - Fate Research Labs]
[20001107 Vendor Response Re: Mantrap Advisory Vendor Followup - Fate Research Labs]
[mantrap-dir-dos(5528)]
-
Entry
The installation of VolanoChatPro chat server sets world-readable permissions for its configuration file and stores the server administrator passwords in plaintext, which allows local users to gain privileges on the server.
[1906]
[20001104 Filesystem Access + VolanoChat = VChat admin (fwd)]
[20001106 Re: FW: Filesystem Access + VolanoChat = VChat admin (fwd)]
[volanochatpro-plaintext-password(5465)]
-
Entry
Buffer overflow in RegAPI.DLL used by Windows NT 4.0 Terminal Server allows remote attackers to execute arbitrary commands via a long username, aka the "Terminal Server Login Buffer Overflow" vulnerability.
[1924]
[20001108 [CORE SDI ADVISORY] MS NT4.0 Terminal Server Edition GINA buffer overflow]
[MS00-087]
[nt-termserv-gina-bo(5489)]
-
Entry
ghostscript before 5.10-16 allows local users to overwrite files of other users via a symlink attack.
[1990]
[CSSA-2000-041]
[CLSA-2000:343]
[20001123 ghostscript: symlink attack]
[MDKSA-2000:074]
[RHSA-2000:114]
[ghostscript-sym-link(5563)]
-
Entry
ghostscript before 5.10-16 uses an empty LD_RUN_PATH environmental variable to find libraries in the current directory, which could allow local users to execute commands as other users by placing a Trojan horse library into a directory from which another user executes ghostscript.
[1991]
[CSSA-2000-041]
[CLSA-2000:343]
[20001123 ghostscript: symlink attack]
[MDKSA-2000:074]
[ghostscript-env-variable(5564)]
-
Entry
WinVNC installs the WinVNC3 registry key with permissions that give Special Access (read and modify) to the Everybody group, which allows users to read and modify sensitive information such as passwords and gain access to the system.
[1961]
[20001118 WinVNC 3.3.x]
[winvnc-modify-registry(5545)]
-
Entry
Balabit syslog-ng allows remote attackers to cause a denial of service (application crash) via a malformed log message that does not have a closing > in the priority specifier.
[1981]
[20001122 DoS possibility in syslog-ng]
[http://www.balabit.hu/products/syslog-ng/]
[FreeBSD-SA-01:02]
[balabit-syslog-ng-dos(5576)]
-
Entry
Twig webmail system does not properly set the "vhosts" variable if it is not configured on the site, which allows remote attackers to insert arbitrary PHP (PHP3) code by specifying an alternate vhosts as an argument to the index.php3 program.
[1998]
[20001124 Security problems with TWIG webmail system]
[http://twig.screwdriver.net/file.php3?file=CHANGELOG]
[twig-php3-script-execute(5581)]
-
Entry
ppp utility in FreeBSD 4.1.1 and earlier does not properly restrict access as specified by the "nat deny_incoming" command, which allows remote attackers to connect to the target system.
[1974]
[FreeBSD-SA-00:70]
[1655]
[freebsd-ppp-bypass-gateway(5584)]
-
Entry
OpenSSH SSH client before 2.3.0 does not properly disable X11 or agent forwarding, which could allow a malicious SSH server to gain access to the X11 display and sniff X11 events, or gain access to the ssh-agent.
[1949]
[20001115 Trustix Security Advisory - bind and openssh (and modutils)]
[20001123 OpenSSH Security Advisory (adv.fwd)]
[CLSA-2000:345]
[20001118 openssh: possible remote exploit]
[MDKSA-2000:068]
[2114]
[6248]
[RHSA-2000:111]
[SuSE-SA:2000:47]
[openssh-unauthorized-access(5517)]
-
Entry
Buffer overflow in Netsnap webcam HTTP server before 1.2.9 allows remote attackers to execute arbitrary commands via a long GET request.
[1956]
[20001115 Netsnap Webcam Software Remote Overflow]
[http://www.netsnap.com/new.htm]
[netsnap-remote-bo(5534)]
-
Entry
Directory traversal vulnerability in cgiforum.pl script in CGIForum 1.0 allows remote attackers to ready arbitrary files via a .. (dot dot) attack in the "thesection" parameter.
[1963]
[20001120 CGIForum 1.0 Vulnerability]
[cgiforum-view-files(5553)]
-
Entry
Multiple buffer overflows in AFS ACL parser for Ethereal 0.8.13 and earlier allows remote attackers to execute arbitrary commands via a packet with a long username.
[1972]
[20001118 [hacksware] Ethereal 0.8.13 AFS ACL parsing buffer overflow bug]
[CLSA-2000:342]
[20001121 ethereal: remote exploit]
[FreeBSD-SA-00:81]
[RHSA-2000:116]
[ethereal-afs-bo(5557)]
-
Entry
Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes.
[1959]
[20001116 Joe's Own Editor File Link Vulnerability]
[20001121 Immunix OS Security update for joe]
[CLA-2000:356]
[20001122]
[20001201 DSA-003-1 joe: symlink attack]
[MDKSA-2000:072]
[RHSA-2000:110]
[joe-symlink-corruption(5546)]
-
Entry
Netopia ISDN Router 650-ST before 4.3.5 allows remote attackers to read system logs without authentication by directly connecting to the login screen and typing certain control characters.
[1952]
[20001115 Netopia ISDN Router 650-ST: Viewing of all system logs without login]
[netopia-view-system-log(5536)]
-
Entry
Buffer overflow in cmctl program in Oracle 8.1.5 Connection Manager Control allows local users to gain privileges via a long command line argument.
[1968]
[20001120 vulnerability in Connection Manager Control binary in Oracle]
[20010118 Patch for Potential Security Vulnerability in Oracle Connection Manager Control]
[oracle-cmctl-bo(5551)]
-
Entry
Real Networks RealServer 7 and earlier allows remote attackers to obtain portions of RealServer's memory contents, possibly including sensitive information, by accessing the /admin/includes/ URL.
[1957]
[20001116 [CORE SDI ADVISORY] RealServer memory contents disclosure]
[http://service.real.com/help/faq/security/memory.html]
[realserver-gain-access(5538)]
-
Entry
WatchGuard Firebox II allows remote attackers to cause a denial of service by flooding the Firebox with a large number of FTP or SMTP requests, which disables proxy handling.
[1953]
[20001116 Possible Watchguard Firebox II DoS]
[https://www.watchguard.com/support/patches.html]
[watchguard-firebox-ftp-dos(5535)]
-
Entry
telnetd in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service by specifying an arbitrary large file in the TERMCAP environmental variable, which consumes resources as the server processes the file.
[FreeBSD-SA-00:69]
[6083]
[telnetd-termcap-dos(5959)]
-
Entry
Buffer overflow in the HTML parser for Netscape 4.75 and earlier allows remote attackers to execute arbitrary commands via a long password value in a form field.
[20001121 Immunix OS Security update for netscape]
[CLSA-2000:344]
[FreeBSD-SA-00:66]
[7207]
[RHSA-2000:109]
[SuSE-SA:2000:48]
[netscape-client-html-bo(5542)]
-
Entry
Buffer overflow in pam_localuser PAM module in Red Hat Linux 7.x and 6.x allows attackers to gain privileges.
[CLA-2000:358]
[MDKSA-2000:082-1]
[RHSA-2000:120]
[pam-localuser-bo(5747)]
-
Entry
imwheel-solo in imwheel package allows local users to modify arbitrary files via a symlink attack from the .imwheelrc file.
[20000531 Re: strike#2]
[RHSA-2000:016]
[linux-imwheel-symlink(4941)]
-
Entry
Performance Metrics Collector Daemon (PMCD) in Performance Copilot in IRIX 6.x allows remote attackers to cause a denial of service (resource exhaustion) via an extremely long string to the PMCD port.
[20000412 Performance Copilot for IRIX 6.5]
[20020407-01-I]
[irix-pcp-pmcd-dos(4284)]
-
Entry
telnet daemon (telnetd) from the Linux netkit package before netkit-telnet-0.16 allows remote attackers to bypass authentication when telnetd is running with the -L command line option.
[CSSA-2000-008.0]
[telnetd-login-bypass(4225)]
-
Entry
PSCOErrPage.htm in Netscape PublishingXpert 2.5 before SP2 allows remote attackers to read arbitrary files by specifying the target file in the errPagePath parameter.
[http://docs.iplanet.com/docs/manuals/pubx/2.5.2_Relnotes.html]
[http://packetstormsecurity.org/0004-exploits/ooo1.txt]
[publishingxpert-pscoerrpage-url(7362)]
-
Entry
Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users.
[959]
[20000201 Windows NT and account list leak ! A new SID usage]
[nt-lsa-domain-sid(4015)]
-
Entry
Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop.
[3212]
[20010820 Lotus Domino DoS]
[20010823 Lotus Domino DoS solution]
[20000520 Infinite loop in LOTUS NOTE 5.0.3. SMTP SERVER]
[lotus-domino-bounced-message-dos(7012)]
-
Entry
Directory traversal vulnerability in source.jsp of Apache Tomcat before 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the argument to source.jsp.
[20000322 Security bug in Apache project: Jakarta Tomcat]
[apache-tomcat-file-contents(4205)]
-
Entry
Zope 2.2.0 through 2.2.4 does not properly perform security registration for legacy names of object constructors such as DTML method objects, which could allow attackers to perform unauthorized activities.
[20001222 Zope DTML Role Issue]
[http://www.zope.org/Products/Zope/Hotfix_2000-12-08/security_alert]
[MDKSA-2000:083]
[6282]
[RHSA-2000:125]
[zope-legacy-names(5824)]
-
Entry
Zope 2.2.0 through 2.2.4 does not properly protect a data updating method on Image and File objects, which allows attackers with DTML editing privileges to modify the raw data of these objects.
[CLA-2000:365]
[http://www.zope.org/Products/Zope/Hotfix_2000-12-18/security_alert]
[DSA-007]
[MDKSA-2000:086]
[6283]
[RHSA-2000:135]
[zope-image-file(5778)]
-
Entry
cookiedecode function in PHP-Nuke 4.4 allows users to bypass authentication and gain access to other user accounts by extracting the authentication information from a cookie.
[20010213 RFP2101: RFPlutonium to fuel your PHP-Nuke]
[php-nuke-elevate-privileges(6183)]
-
Entry
Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs.
[2456]
[20001120 IE 5.x/Outlook allows executing arbitrary programs using .chm files and temporary internet files folder]
[http://www.guninski.com/chmtempmain.html]
[MS01-015]
[7823]
[oval:org.mitre.oval:def:920]
[ie-chm-execute-files(5567)]
-
Entry
Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability.
[2199]
[MS01-001]
[wec-ntlm-authentication(5920)]
-
Entry
IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability.
[2313]
[20010108 IIS 5.0 allows viewing files using %3F+.htr]
[MS01-004]
[iis-read-files(5903)]
-
Entry
Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands.
[A012301-1]
[MS01-002]
[powerpoint-execute-code(5996)]
-
Entry
The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex" vulnerability.
[20010126 ntsecurity.nu advisory: Winsock Mutex Vulnerability in Windows NT 4.0 SP6 and below]
[MS01-003]
[winnt-mutex-dos(6006)]
-
Entry
Buffer overflow in NetScreen Firewall WebUI allows remote attackers to cause a denial of service via a long URL request to the web administration interface.
[2176]
[20010109 NSFOCUS SA2001-01: NetScreen Firewall WebUI Buffer Overflow vulnerability]
[1707]
[netscreen-webui-bo(5908)]
-
Entry
Backdoor account in Interbase database server allows remote attackers to overwrite arbitrary files using stored procedures.
[2192]
[CA-2001-01]
[interbase-backdoor-account(5911)]
-
Entry
Directory traversal vulnerability in Lotus Domino 5.0.5 web server allows remote attackers to read arbitrary files via a .. attack.
[2173]
[20010105 Lotus Domino 5.0.5 Web Server vulnerability - reading files outside the web root]
[20010109 bugtraq id 2173 Lotus Domino Server]
[1703]
[lotus-domino-directory-traversal(5899)]
-
Entry
Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges.
[2302]
[CA-2001-02]
[000377]
[DSA-026]
[FreeBSD-SA-01:18]
[ERS-SVA-E01-2001:002.1]
[MDKSA-2001-017]
[20010129 Vulnerabilities in BIND 4 and 8]
[RHSA-2001:007]
[bind-tsig-bo]
-
Entry
Buffer overflow in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges.
[2307]
[CA-2001-02]
[000377]
[FreeBSD-SA-01:18]
[ERS-SVA-E01-2001:002.1]
[MDKSA-2001-017]
[20010129 Vulnerabilities in BIND 4 and 8]
[RHSA-2001:007]
[bind-complain-bo]
-
Entry
BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables.
[2321]
[CA-2001-02]
[000377]
[DSA-026]
[FreeBSD-SA-01:18]
[ERS-SVA-E01-2001:002.1]
[MDKSA-2001-017]
[20010129 Vulnerabilities in BIND 4 and 8]
[RHSA-2001:007]
[bind-inverse-query-disclosure]
-
Entry
Format string vulnerability in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges.
[2309]
[CA-2001-02]
[000377]
[FreeBSD-SA-01:18]
[ERS-SVA-E01-2001:002.1]
[MDKSA-2001-017]
[20010129 Vulnerabilities in BIND 4 and 8]
[RHSA-2001:007]
[bind-complain-format-string]
-
Entry
Remote Data Protocol (RDP) in Windows 2000 Terminal Service does not properly handle certain malformed packets, which allows remote attackers to cause a denial of service, aka the "Invalid RDP Data" vulnerability.
[2326]
[MS01-006]
[win2k-rdp-dos]
-
Entry
Network Dynamic Data Exchange (DDE) in Windows 2000 allows local users to gain SYSTEM privileges via a "WM_COPYDATA" message to an invisible window that is running with the privileges of the WINLOGON process.
[A020501-1]
[2341]
[MS01-007]
[win-dde-elevate-privileges(6062)]
-
Entry
NTLM Security Support Provider (NTLMSSP) service does not properly check the function number in an LPC request, which could allow local users to gain administrator level access.
[2348]
[20010207 Local promotion vulnerability in NT4's NTLM Security Support Provider]
[MS01-008]
[ntlm-ssp-elevate-privileges(6076)]
-
Entry
Memory leak in PPTP server in Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed data packet, aka the "Malformed PPTP Packet Stream" vulnerability.
[2368]
[MS01-009]
[winnt-pptp-dos(6103)]
-
Entry
Windows 2000 domain controller in Windows 2000 Server, Advanced Server, or Datacenter Server allows remote attackers to cause a denial of service via a flood of malformed service requests.
[L-049]
[MS01-011]
[20001202 UDP Ping-pong in Win2k]
[win2k-domain-controller-dos(6136)]
-
Entry
Directory traversal vulnerability in Arrowpoint (aka Cisco Content Services, or CSS) allows local unprivileged users to read arbitrary files via a .. (dot dot) attack.
[A013101-1]
[2331]
[20010131 Cisco Content Services Switch Vulnerability]
[1757]
[cisco-ccs-file-access(6031)]
-
Entry
MailMan Webmail 3.0.25 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the alternate_template parameter.
[2063]
[20001206 (SRADV00005) Remote command execution vulnerabilities in MailMan Webmail]
[http://www.endymion.com/products/mailman/history.htm]
[mailman-alternate-templates(5649)]
-
Entry
rp-pppoe PPPoE client allows remote attackers to cause a denial of service via the Clamp MSS option and a TCP packet with a zero-length TCP option.
[2098]
[20001211 DoS vulnerability in rp-pppoe versions <= 2.4]
[CLA-2000:357]
[MDKSA-2000:084]
[RHSA-2000:130]
[rppppoe-zero-length-dos(5727)]
-
Entry
Buffer overflow in the HTML parsing code in oops WWW proxy server 1.5.2 and earlier allows remote attackers to execute arbitrary commands via a large number of " (quotation) characters.
[2099]
[20001211 [pkc] remote heap buffer overflow in oops]
[FreeBSD-SA-00:79]
[oops-ftputils-bo(5725)]
-
Entry
KTH Kerberos IV allows local users to change the configuration of a Kerberos server running at an elevated privilege by specifying an alternate directory using with the KRBCONFDIR environmental variable, which allows the user to gain additional privileges.
[20001208 Vulnerabilities in KTH Kerberos IV]
[20001210 KTH upgrade and FIX]
[kerberos4-user-config(5738)]
-
Entry
KTH Kerberos IV allows local users to specify an alternate proxy using the krb4_proxy variable, which allows the user to generate false proxy responses and possibly gain privileges.
[20001208 Vulnerabilities in KTH Kerberos IV]
[20001210 KTH upgrade and FIX]
[kerberos4-arbitrary-proxy(5733)]
-
Entry
Buffer overflow in the kdc_reply_cipher function in KTH Kerberos IV allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long authentication request.
[20001208 Vulnerabilities in KTH Kerberos IV]
[20001210 KTH upgrade and FIX]
[20010130 Buffer overflow in old ssh-1.2.2x-afs-kerberosv4 patches]
[kerberos4-auth-packet-overflow(5734)]
-
Entry
KTH Kerberos IV allows local users to overwrite arbitrary files via a symlink attack on a ticket file.
[20001208 Vulnerabilities in KTH Kerberos IV]
[20001210 KTH upgrade and FIX]
[RHSA-2001:025]
[kerberos4-tmpfile-dos(5754)]
-
Entry
IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of service using the SMTP AUTH command by sending a base64-encoded user password whose length is between 80 and 136 bytes.
[2083]
[20001206 DoS by SMTP AUTH command in IPSwitch IMail server]
[http://www.ipswitch.com/Support/IMail/news.html]
[imail-smtp-auth-dos(5674)]
-
Entry
APC UPS daemon, apcupsd, saves its process ID in a world-writable file, which allows local users to kill an arbitrary process by specifying the target process ID in the apcupsd.pid file.
[2070]
[20001206 apcupsd 3.7.2 Denial of Service]
[MDKSA-2000:077]
[apc-apcupsd-dos(5654)]
-
Entry
Memory leak in Cisco Catalyst 4000, 5000, and 6000 series switches allows remote attackers to cause a denial of service via a series of failed telnet authentication attempts.
[2072]
[20001206 Cisco Catalyst Memory Leak Vulnerability]
[801]
[cisco-catalyst-telnet-dos(5656)]
-
Entry
PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences.
[2060]
[20001206 CHINANSL Security Advisory(CSA-200011)]
[apache-php-disclose-files(5659)]
-
Entry
phpGroupWare before 0.9.7 allows remote attackers to execute arbitrary PHP commands by specifying a malicious include file in the phpgw_info parameter of the phpgw.inc.php program.
[2069]
[20001206 (SRADV00006) Remote command execution vulnerabilities in phpGroupWare]
[http://sourceforge.net/project/shownotes.php?release_id=17604]
[1682]
[phpgroupware-include-files(5650)]
-
Entry
Buffer overflow in BitchX IRC client allows remote attackers to cause a denial of service and possibly execute arbitrary commands via an IP address that resolves to a long DNS hostname or domain name.
[2087]
[20001207 BitchX DNS Overflow Patch]
[20001207 bitchx/ircd DNS overflow demonstration]
[CLA-2000:364]
[FreeBSD-SA-00:78]
[MDKSA-2000:079]
[RHSA-2000:126]
[irc-bitchx-dns-bo(5701)]
-
Entry
One-byte buffer overflow in replydirname function in BSD-based ftpd allows remote attackers to gain root privileges.
[2124]
[20001218 Trustix Security Advisory - ed, tcsh, and ftpd-BSD]
[NetBSD-SA2000-018]
[20001218]
[bsd-ftpd-replydirname-bo(5776)]
-
Entry
Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as "/..%20." to a CD command, a variant of a .. (dot dot) attack.
[2052]
[20001205 (no subject)]
[20001205 Serv-U FTP directory traversal vunerability (all versions)]
[464]
[ftp-servu-homedir-travers(5639)]
-
Entry
CBOS 2.4.1 and earlier in Cisco 600 routers allows remote attackers to cause a denial of service via a slow stream of TCP SYN packets.
[20001204 Multiple Vulnerabilities in CBOS]
[cisco-cbos-syn-packets(5627)]
-
Entry
The Cisco Web Management interface in routers running CBOS 2.4.1 and earlier does not log invalid logins, which allows remote attackers to guess passwords without detection.
[20001204 Multiple Vulnerabilities in CBOS]
[cisco-cbos-invalid-login(5628)]
-
Entry
Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a large ICMP echo (ping) packet.
[20001204 Multiple Vulnerabilities in CBOS]
[cisco-cbos-icmp-echo(5629)]
-
Entry
The Web interface to Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a URL that does not end in a space character.
[20001204 Multiple Vulnerabilities in CBOS]
[460]
[cisco-cbos-web-access(5626)]
-
Entry
patchadd in Solaris allows local users to overwrite arbitrary files via a symlink attack.
[2127]
[20001218 Solaris patchadd(1) (3) symlink vulnerabilty]
[solaris-patchadd-symlink(5789)]
-
Entry
Format string vulnerability in stunnel 3.8 and earlier allows attackers to execute arbitrary commands via a malformed ident username.
[2128]
[20001209 Trustix Security Advisory - stunnel]
[20001218 Stunnel format bug]
[CLA-2000:363]
[DSA-009]
[FreeBSD-SA-01:05]
[RHSA-2000:129]
[stunnel-format-logfile(5807)]
-
Entry
procfs in FreeBSD and possibly other operating systems does not properly restrict access to per-process mem and ctl files, which allows local users to gain root privileges by forking a child process and executing a privileged process from the child, while the parent retains access to the child's address space.
[2130]
[FreeBSD-SA-00:77]
[1697]
[procfs-elevate-privileges(6106)]
-
Entry
procfs in FreeBSD and possibly other operating systems allows local users to cause a denial of service by calling mmap on the process' own mem file, which causes the kernel to hang.
[2131]
[FreeBSD-SA-00:77]
[1698]
[6082]
[procfs-mmap-dos(6107)]
-
Entry
procfs in FreeBSD and possibly other operating systems allows local users to bypass access control restrictions for a jail environment and gain additional privileges.
[2132]
[FreeBSD-SA-00:77]
[1691]
[procfs-access-control-bo(6108)]
-
Entry
Secure Locate (slocate) allows local users to corrupt memory via a malformed database file that specifies an offset value that accesses memory outside of the intended buffer.
[2004]
[20001126 [MSY] S(ecure)Locate heap corruption vulnerability]
[CLA-2001:369]
[20001217a]
[DSA-005-1]
[MDKSA-2000:085]
[RHSA-2000:128]
[TLSA2001002-1]
[slocate-heap-execute-code(5594)]
-
Entry
dialog before 0.9a-20000118-3bis in Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack.
[2151]
[DSA-008-1]
[dialog-symlink(5809)]
-
Entry
gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection.
[2141]
[20001220 Trustix Security Advisory - gnupg, ftpd-BSD]
[CLA-2000:368]
[DSA-010-1]
[MDKSA-2000-087]
[1699]
[RHSA-2000:131]
[gnupg-detached-sig-modify(5802)]
-
Entry
gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust.
[2153]
[20001220 Trustix Security Advisory - gnupg, ftpd-BSD]
[CLA-2000:368]
[DSA-010-1]
[MDKSA-2000-087]
[1702]
[RHSA-2000:131]
[gnupg-reveal-private(5803)]
-
Entry
The clustmon service in Sun Cluster 2.x does not require authentication, which allows remote attackers to obtain sensitive information such as system logs and cluster configurations.
[20001212 Two Holes in Sun Cluster 2.x]
[clustmon-no-authentication(6123)]
-
Entry
in.mond in Sun Cluster 2.x allows local users to read arbitrary files via a symlink attack on the status file of a host running HA-NFS.
[20001212 Two Holes in Sun Cluster 2.x]
[6437]
[ha-nfs-symlink(6125)]
-
Entry
Cisco Catalyst 6000, 5000, or 4000 switches allow remote attackers to cause a denial of service by connecting to the SSH service with a non-SSH client, which generates a protocol mismatch error.
[2117]
[20001213 Cisco Catalyst SSH Protocol Mismatch Vulnerability]
[cisco-catalyst-ssh-mismatch(5760)]
-
Entry
swinit in nCipher does not properly disable the Operator Card Set recovery feature even when explicitly disabled by the user, which could allow attackers to gain access to application keys.
[20001212 nCipher Security Advisory: Operator Cards unexpectedly recoverable]
[http://active.ncipher.com/updates/advisory.txt]
[4849]
[ncipher-recover-operator-cards(5999)]
-
Entry
Windows Media Unicast Service in Windows Media Services 4.0 and 4.1 does not properly shut down some types of connections, producing a memory leak that allows remote attackers to cause a denial of service via a series of severed connections, aka the "Severed Windows Media Server Connection" vulnerability.
[MS00-097]
[Q281256]
[mediaservices-dropped-connection-dos(5785)]
-
Entry
Buffer overflow in Kermit communications software in HP-UX 11.0 and earlier allows local users to cause a denial of service and possibly execute arbitrary commands.
[2170]
[HPSBUX0012-135]
[hpux-kermit-bo(5793)]
-
Entry
Internet Explorer 5.0 through 5.5 allows remote attackers to read arbitrary files from the client via the INPUT TYPE element in an HTML form, aka the "File Upload via Form" vulnerability.
[MS00-093]
[ie-form-file-upload(5615)]
-
Entry
The Print Templates feature in Internet Explorer 5.5 executes arbitrary custom print templates without prompting the user, which could allow an attacker to execute arbitrary ActiveX controls, aka the "Browser Print Template" vulnerability.
[2046]
[MS00-093]
[ie-print-template(5614)]
-
Entry
The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 through 5.5 renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka a variant of the "Scriptlet Rendering" vulnerability.
[MS00-093]
[7820]
[ie-scriptlet-rendering-read-files(6085)]
-
Entry
A function in Internet Explorer 5.0 through 5.5 does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a new variant of the "Frame Domain Verification" vulnerability.
[MS00-093]
[7817]
[ie-frame-verification-read-files(6086)]
-
Entry
Buffer overflow in kdc_reply_cipher of libkrb (Kerberos 4 authentication library) in NetBSD 1.5 and FreeBSD 4.2 and earlier, as used in Kerberised applications such as telnetd and login, allows local users to gain root privileges.
[FreeBSD-SA-01:25]
[NetBSD-SA2000-017]
[kerberos4-auth-packet-overflow(5734)]
-
Entry
catman in Solaris 2.7 and 2.8 allows local users to overwrite arbitrary files via a symlink attack on the sman_PID temporary file.
[20001218 Catman file clobbering vulnerability Solaris 2.x]
[6024]
[4392144]
[solaris-catman-symlink(5788)]
-
Entry
FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote attackers to cause a denial of service via a malformed form, aka the "Malformed Web Form Submission" vulnerability.
[MS00-100]
[iis-web-form-submit(5823)]
-
Entry
bsguest.cgi guestbook script allows remote attackers to execute arbitrary commands via shell metacharacters in the email address.
[20001221 BS Scripts Vulnerabilities]
[http://www.stanback.net/]
[bsguest-cgi-execute-commands(5796)]
-
Entry
bslist.cgi mailing list script allows remote attackers to execute arbitrary commands via shell metacharacters in the email address.
[20001221 BS Scripts Vulnerabilities]
[http://www.stanback.net/]
[bslist-cgi-execute-commands(5797)]
-
Entry
Vulnerability in top in HP-UX 11.04 and earlier allows local users to overwrite files owned by the "sys" group.
[HPSBUX0012-134]
[hp-top-sys-files(5773)]
-
Entry
Vulnerability in inetd server in HP-UX 11.04 and earlier allows attackers to cause a denial of service when the "swait" state is used by a server.
[HPSBUX0101-136]
[hp-inetd-swait-dos(5904)]
-
Entry
PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
[2206]
[20010112 PHP Security Advisory - Apache Module bugs]
[CLA-2001:373]
[DSA-020]
[MDKSA-2001:013]
[RHSA-2000:136]
[php-htaccess-unauth-access(5940)]
-
Entry
rctab in SuSE 7.0 and earlier allows local users to create or overwrite arbitrary files via a symlink attack on the rctmp temporary file.
[2207]
[20010113 Serious security flaw in SuSE rctab]
[20010117 Re: Serious security flaw in SuSE rctab]
[rctab-elevate-privileges(5945)]
-
Entry
Buffer overflow in jaZip Zip/Jaz drive manager allows local users to gain root privileges via a long DISPLAY environmental variable.
[2209]
[20010114 Vulnerability in jaZip.]
[DSA-017]
[jazip-display-bo(5942)]
-
Entry
Format string vulnerability in splitvt before 1.6.5 allows local users to execute arbitrary commands via the -rcfile command line argument.
[2210]
[20010114 [MSY] Multiple vulnerabilities in splitvt]
[DSA-014-1]
[splitvt-perserc-format-string(5948)]
-
Entry
Buffer overflow in arp command in Solaris 7 and earlier allows local users to execute arbitrary commands via a long -f parameter.
[2193]
[20010111 Solaris Arp Vulnerability]
[20010112 arp exploit]
[00200]
[solaris-arp-bo(5928)]
-
Entry
gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink attack.
[2188]
[20010110 Immunix OS Security update for lots of temp file problems]
[MDKSA-2001:006]
[linux-gpm-symlink(5917)]
-
Entry
sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack.
[2191]
[20010110 Immunix OS Security update for lots of temp file problems]
[VU#579928]
[IMNX-2000-70-028-01]
[MDKSA-2001:008-1]
[RHSA-2001:116]
[linux-diffutils-sdiff-symlink(5914)]
-
Entry
rdist 6.1.5 allows local users to overwrite arbitrary files via a symlink attack.
[2195]
[20010110 Immunix OS Security update for lots of temp file problems]
[MDKSA-2001-005]
[rdist-symlink(5925)]
-
Entry
getty_ps 2.0.7j allows local users to overwrite arbitrary files via a symlink attack.
[2194]
[20010110 Immunix OS Security update for lots of temp file problems]
[MDKSA-2001:004]
[gettyps-symlink(5924)]
-
Entry
useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack.
[2196]
[20010110 Immunix OS Security update for lots of temp file problems]
[MDKSA-2001:007]
[shadow-utils-useradd-symlink(5927)]
-
Entry
ImageCast Control Center 4.1.0 allows remote attackers to cause a denial of service (resource exhaustion or system crash) via a long string to port 12002.
[2174]
[20010108 def-2001-01: ImageCast IC3 Control Center DoS]
[storagesoft-imagecast-dos(5901)]
-
Entry
Kernel leak in AfpaCache module of the Fast Response Cache Accelerator (FRCA) component of IBM HTTP Server 1.3.x and Websphere 3.52 allows remote attackers to cause a denial of service via a series of malformed HTTP requests that generate a "bad request" error.
[2175]
[20010108 def-2001-02: IBM Websphere 3.52 Kernel Leak DoS]
[20010307 def-2001-02: IBM HTTP Server Kernel Leak DoS (re-release)]
[http://www-4.ibm.com/software/webservers/security.html]
[ibm-websphere-dos(5900)]
-
Entry
Directory traversal vulnerability in eXtropia bbs_forum.cgi 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the file parameter.
[2177]
[20010107 Cgisecurity.com Advisory #3.1]
[http://www.extropia.com/hacks/bbs_security.html]
[3546]
[http-cgi-bbs-forum(5906)]
-
Entry
Buffer overflow in exrecover in Solaris 2.6 and earlier possibly allows local users to gain privileges via a long command line argument.
[2179]
[20010109 Solaris /usr/lib/exrecover buffer overflow]
[4161925]
[solaris-exrecover-bo(5913)]
-
Entry
exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exmhErrorMsg temporary file.
[20001231 Advisory: exmh symlink vulnerability]
[20010112 exmh security vulnerability]
[http://www.beedub.com/exmh/symlink.html]
[DSA-022]
[FreeBSD-SA-01:17]
[MDKSA-2001:015]
[exmh-error-symlink(5829)]
-
Entry
Oracle XSQL servlet 1.0.3.0 and earlier allows remote attackers to execute arbitrary Java code by redirecting the XSQL server to another source via the xml-stylesheet parameter in the xslt stylesheet.
[20010109 Oracle XSQL servlet and xml-stylesheet allow executing java on the web server]
[20010123 Patch for Potential Vulnerability in Oracle XSQL Servlet]
[oracle-xsql-execute-code(5905)]
-
Entry
Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.
[CLA-2000:365]
[DSA-006-1]
[FreeBSD-SA-01:06]
[MDKSA-2000-083]
[6284]
[RHSA-2000:127]
[zope-calculate-roles(5777)]
-
Entry
Buffer overflow in Tinyproxy HTTP proxy 1.3.3 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long connect request.
[2217]
[20010117 [pkc] remote heap overflow in tinyproxy]
[DSA-018]
[FreeBSD-SA-01:15]
[tinyproxy-remote-bo(5954)]
-
Entry
Buffer overflow in HTML parser of the Lotus R5 Domino Server before 5.06, and Domino Client before 5.05, allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed font size specifier.
[http://service1.symantec.com/sarc/sarc.nsf/info/html/Lotus.Domino.Denial.of.Service.Malformed.HTML.Email.html]
[lotus-html-bo(6207)]
-
Entry
Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.
[20001220 ProFTPD 1.2.0 Memory leakage - denial of service]
[20010109 Memory leakage in ProFTPd leads to remote DoS (SIZE FTP); (Exploit Code)]
[20010110 Re: Memory leakage in ProFTPd leads to remote DoS (SIZE FTP); (Exploit Code)]
[20010213 Trustix Security Advisory - proftpd, kernel]
[CLA-2001:380]
[DSA-029]
[MDKSA-2001:021]
[proftpd-size-memory-leak(5801)]
-
Entry
Windows Media Player 7 allows remote attackers to execute malicious Java applets in Internet Explorer clients by enclosing the applet in a skin file named skin.wmz, then referencing that skin in the codebase parameter to an applet tag, aka the Windows Media Player Skins File Download" vulnerability.
[2203]
[20010115 Windows Media Player 7 and IE java vulnerability - executing arbitrary programs]
[MS01-010]
[win-mediaplayer-arbitrary-code(5937)]
-
Entry
privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack.
[2189]
[20010110 Immunix OS Security update for lots of temp file problems]
[DSA-016]
[MDKSA-2001-001]
[linux-wuftpd-privatepw-symlink(5915)]
-
Entry
inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
[2190]
[20010110 Immunix OS Security update for lots of temp file problems]
[CSSA-2001-001.0]
[MDKSA-2001:010]
[linux-inn-symlink(5916)]
-
Entry
arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
[2183]
[20010110 Immunix OS Security update for lots of temp file problems]
[MDKSA-2001:002]
[tcpdump-arpwatch-symlink(5922)]
-
Entry
mgetty 1.1.22 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
[2187]
[20010110 Immunix OS Security update for lots of temp file problems]
[CSSA-2001-002.0]
[DSA-011]
[MDKSA-2001:009]
[RHSA-2001:050]
[linux-mgetty-symlink(5918)]
-
Entry
squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.
[2184]
[20010110 Immunix OS Security update for lots of temp file problems]
[20010112 Trustix Security Advisory - diffutils squid]
[DSA-019]
[MDKSA-2001:003]
[squid-email-symlink(5921)]
-
Entry
vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack.
[2186]
[20010110 Immunix OS Security update for lots of temp file problems]
[MDKSA-2001:011]
[linuxconf-vpop3d-symlink(5923)]
-
Entry
CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow.
[2347]
[20010208 Remote vulnerability in SSH daemon crc32 compensation attack detector]
[20010208 [CORE SDI ADVISORY] SSH1 CRC-32 compensation attack detector]
[20011122 Secure Computing SafeWord uses vulnerable ssh server]
[CA-2001-35]
[503]
[795]
[ssh-deattack-overwrite-memory(6083)]
-
Entry
Buffer overflow in Windows 2000 event viewer snap-in allows attackers to execute arbitrary commands via a malformed field that is improperly handled during the detailed view of event records.
[MS01-013]
-
Entry
The WMP ActiveX Control in Windows Media Player 7 allows remote attackers to execute commands in Internet Explorer via javascript URLs, a variant of the "Frame Domain Verification" vulnerability.
[20010101 Windows Media Player 7 and IE vulnerability - executing arbitrary programs]
[MS01-015]
[media-player-execute-commands(6227)]
-
Entry
Windows Scripting Host in Internet Explorer 5.5 and earlier allows remote attackers to read arbitrary files via the GetObject Javascript function and the htmlfile ActiveX object.
[1718]
[20000926 IE 5.5/Outlook Express security vulnerability - GetObject() expose user's files]
[MS01-015]
[20000926 IE 5.5/Outlook Express security vulnerability - GetObject() expose user's files]
[ie-getobject-expose-files(5293)]
-
Entry
Internet Explorer 5.5 and earlier executes Telnet sessions using command line arguments that are specified by the web site, which could allow remote attackers to execute arbitrary commands if the IE client is using the Telnet client provided in Services for Unix (SFU) 2.0, which creates session transcripts.
[2463]
[20010313 Internet Explorer and Services for Unix 2.0 Telnet Client]
[MS01-015]
[7816]
[ie-telnet-execute-commands(6230)]
-
Entry
IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests.
[MS01-016]
[oval:org.mitre.oval:def:90]
[iis-webdav-dos(6205)]
-
Entry
The password protection option for the Compressed Folders feature in Plus! for Windows 98 and Windows Me writes password information to a file, which allows local users to recover the passwords and read the compressed folders.
[MS01-019]
-
Entry
Buffer overflow in VB-TSQL debugger object (vbsdicli.exe) in Visual Studio 6.0 Enterprise Edition allows remote attackers to execute arbitrary commands.
[20010327 Remote buffer overflow in DCOM VB T-SQL debugger]
[MS01-018]
-
Entry
HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly.
[2524]
[20010330 Incorrect MIME Header Can Cause IE to Execute E-mail Attachment]
[CA-2001-06]
[L-066]
[MS01-020]
[7806]
[oval:org.mitre.oval:def:141]
[1001197]
[ie-mime-execute-code(6306)]
-
Entry
Format string vulnerability in VShell SSH gateway 1.0.1 and earlier allows remote attackers to execute arbitrary commands via a user name that contains format string specifiers.
[A021601-1]
[http://www.vandyke.com/products/vshell/security102.html]
-
Entry
VShell SSH gateway 1.0.1 and earlier has a default port forwarding rule of 0.0.0.0/0.0.0.0, which could allow local users to conduct arbitrary port forwarding to other systems.
[A021601-1]
[2402]
[http://www.vandyke.com/products/vshell/security102.html]
[vshell-port-forwarding-rule(6148)]
-
Entry
Debugging utility in the backdoor mode of Palm OS 3.5.2 and earlier allows attackers with physical access to a Palm device to bypass access restrictions and obtain passwords, even if the system lockout mechanism is enabled.
[A030101-1]
[palm-debug-bypass-password(6196)]
-
Entry
Buffer overflow in Netscape Directory Server 4.12 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed recipient field.
[A030701-1]
[netscape-directory-server-bo(6233)]
-
Entry
Buffer overflow in ximp40 shared library in Solaris 7 and Solaris 8 allows local users to gain privileges via a long "arg0" (process name) argument.
[2322]
[20010131 [SPSadvisory#40]Solaris7/8 ximp40 shared library buffer overflow]
[4409148]
[solaris-ximp40-bo(6039)]
-
Entry
Macromedia Shockwave Flash plugin version 8 and earlier allows remote attackers to cause a denial of service via malformed tag length specifiers in a SWF file.
[20001229 Shockwave Flash buffer overflow]
[shockwave-flash-swf-bo(5826)]
-
Entry
When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.
[2223]
[20010121 Trustix Security Advisory - glibc]
[CSSA-2001-007]
[DSA-039]
[MDKSA-2001:012]
[RHSA-2001:002]
[SuSE-SA:2001:01]
[TLSA2000021-2]
[linux-glibc-preload-overwrite(5971)]
-
Entry
glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files.
[2181]
[20010110 Glibc Local Root Exploit]
[20010110 [slackware-security] glibc 2.2 local vulnerability on setuid binaries]
[RHSA-2001:001]
[linux-glibc-read-files(5907)]
-
Entry
Buffer overflow in Trend Micro Virus Buster 2001 8.00 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a large "To" address.
[20010130 Security hole in Virus Buster 2001]
[6138]
[virusbuster-mua-bo(6034)]
-
Entry
The caching module in Netscape Fasttrack Server 4.1 allows remote attackers to cause a denial of service (resource exhaustion) by requesting a large number of non-existent URLs.
[2273]
[20010122 def-2001-05: Netscape Fasttrack Server Caching DoS]
[20010124 iPlanet FastTrack/Enterprise 4.1 DoS clarifications]
[netscape-fasttrack-cache-dos(5985)]
-
Entry
The setuid doroot program in Voyant Sonata 3.x executes arbitrary command line arguments, which allows local users to gain root privileges.
[2125]
[20001218 More Sonata Conferencing software vulnerabilities.]
[sonata-command-execute(5787)]
-
Entry
kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges.
[CSSA-2001-005.0]
[MDKSA-2001:018]
[SuSE-SA:2001:02]
[kde2-kdesu-retrieve-passwords(5995)]
-
Entry
Allaire JRun 3.0 allows remote attackers to list contents of the WEB-INF directory, and the web.xml file in the WEB-INF directory, via a malformed URL that contains a "."
[ASB01-02]
[jrun-webinf-file-retrieval(6008)]
-
Entry
FireWall-1 4.1 with a limited-IP license allows remote attackers to cause a denial of service by sending a large number of spoofed IP packets with various source addresses to the inside interface, which floods the console with warning messages and consumes CPU resources.
[2238]
[20010117 Licensing Firewall-1 DoS Attack]
[1733]
[fw1-limited-license-dos(5966)]
-
Entry
ipfw and ip6fw in FreeBSD 4.2 and earlier allows remote attackers to bypass access restrictions by setting the ECE flag in a TCP packet, which makes the packet appear to be part of an established connection.
[2293]
[20010125 ecepass - proof of concept code for FreeBSD ipfw bypass]
[L-029]
[FreeBSD-SA-01:08]
[1743]
[ipfw-bypass-firewall(5998)]
-
Entry
Netopia R9100 router version 4.6 allows authenticated users to cause a denial of service by using the router's telnet program to connect to the router's IP address, which causes a crash.
[2287]
[20010123 Make The Netopia R9100 Router To Crash]
[netopia-telnet-dos(6001)]
-
Entry
Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment.
[2296]
[CLA-2001:443]
[ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_current/missing_format_strings.patch]
[DSA-016]
[wuftp-debug-format-string(6020)]
-
Entry
Directory traversal vulnerability in LocalWEB2000 HTTP server allows remote attackers to read arbitrary commands via a .. (dot dot) attack in an HTTP GET request.
[2268]
[20010119 LocalWEB2000 Directory Traversal Vulnerability]
[localweb2k-directory-traversal(5982)]
-
Entry
Buffer overflow in /usr/bin/cu in Solaris 2.8 and earlier, and possibly other operating systems, allows local users to gain privileges by executing cu with a long program name (arg0).
[20010117 Solaris /usr/bin/cu Vulnerability]
[20010123 Solaris /usr/bin/cu Vulnerability]
[4406722]
[cu-argv-bo(6224)]
-
Entry
gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length.
[20010202 Remote vulnerability in gnuserv/XEmacs]
[MDKSA-2001:019]
[RHSA-2001:010]
[RHSA-2001:011]
[gnuserv-tcp-cookie-overflow(6056)]
-
Entry
Format string vulnerability in man in some Linux distributions allows local users to gain privileges via a malformed -l parameter.
[2327]
[20010131 SuSe / Debian man package format string vulnerability]
[DSA-028]
[man-i-format-string(6059)]
-
Entry
Buffer overflow in httpGets function in CUPS 1.1.5 allows remote attackers to execute arbitrary commands via a long input line.
[MDKSA-2001:020-1]
[6064]
[cups-httpgets-dos(6043)]
-
Entry
sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking.
[DSA-015]
[linux-sash-shadow-readable(5994)]
-
Entry
inetd ident server in FreeBSD 4.x and earlier does not properly set group permissions, which allows remote attackers to read the first 16 bytes of files that are accessible by the wheel group.
[2324]
[FreeBSD-SA-01:11]
[1753]
[inetd-ident-read-files(6052)]
-
Entry
Format string vulnerability in print_client in icecast 1.3.8beta2 and earlier allows remote attackers to execute arbitrary commands.
[2264]
[20010121 [pkc] format bugs in icecast 1.3.8b2 and prior]
[CLA-2001:374]
[RHSA-2001:004]
[icecast-format-string(5978)]
-
Entry
Watchguard Firebox II firewall allows users with read-only access to gain read-write access, and administrative privileges, by accessing a file that contains hashed passphrases, and using the hashes during authentication.
[2284]
[20010120 Watchguard Firewall Elevated Privilege Vulnerability]
[watchguard-firebox-obtain-passphrase(5979)]
-
Entry
Watchguard Firebox II allows remote attackers to cause a denial of service by establishing multiple connections and sending malformed PPTP packets.
[2369]
[20010214 def-2001-07: Watchguard Firebox II PPTP DoS]
[firebox-pptp-dos(6109)]
-
Entry
Buffer overflow in bing allows remote attackers to execute arbitrary commands via a long hostname, which is copied to a small buffer after a reverse DNS lookup using the gethostbyaddr function.
[2279]
[20010119 Buffer overflow in bing]
[linux-bing-bo(6036)]
-
Entry
ROADS search.pl program allows remote attackers to read arbitrary files by specifying the file name in the form parameter and terminating the filename with a null byte.
[2371]
[20010212 ROADS search system "show files" Vulnerability with "null bite" bug]
[http://www.roads.lut.ac.uk/lists/open-roads/2001/02/0001.html]
[roads-search-view-files(6097)]
-
Entry
Format string vulnerability in mars_nwe 0.99.pl19 allows remote attackers to execute arbitrary commands.
[20010126 format string vulnerability in mars_nwe 0.99pl19]
[FreeBSD-SA-01:20]
[mars-nwe-format-string(6019)]
-
Entry
Vulnerability in Support Tools Manager (xstm,cstm,stm) in HP-UX 11.11 and earlier allows local users to cause a denial of service.
[2239]
[HPSBUX0101-137]
[6991]
[7029]
[7030]
[hp-stm-dos(5957)]
-
Entry
Buffer overflow in ja-xklock 2.7.1 and earlier allows local users to gain root privileges.
[FreeBSD-SA-01:19]
[ja-xklock-bo(6073)]
-
Entry
webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack.
[CSSA-2001-004.0]
[MDKSA-2001-016]
[linux-webmin-tmpfiles(6011)]
-
Entry
Buffer overflow in dc20ctrl before 0.4_1 in FreeBSD, and possibly other operating systems, allows local users to gain privileges.
[FreeBSD-SA-01:22]
[6081]
[dc20ctrl-port-bo(6077)]
-
Entry
Buffer overflow in micq client 0.4.6 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Description field.
[20010118 [PkC] Advisory #003: micq-0.4.6 remote buffer overflow]
[20010124 patch Re: [PkC] Advisory #003: micq-0.4.6 remote buffer overflow]
[DSA-012]
[FreeBSD-SA-01:14]
[RHSA-2001:005]
[micq-sprintf-remote-bo(5962)]
-
Entry
NewsDaemon before 0.21b allows remote attackers to execute arbitrary SQL queries and gain privileges via a malformed user_username parameter.
[20010126 NewsDaemon remote administrator access]
[http://sourceforge.net/forum/forum.php?forum_id=60570]
[newsdaemon-gain-admin-access(6010)]
-
Entry
Vulnerability in crontab allows local users to read crontab files of other users by replacing the temporary file that is being edited while crontab is running.
[2332]
[DSA-024]
[FreeBSD-SA-01:09]
[crontab-read-files(6225)]
-
Entry
Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows remote attackers to execute arbitrary commands via a long "indication" event.
[2417]
[20010314 Solaris /usr/lib/dmi/snmpXdmid vulnerability]
[CA-2001-05]
[L-065]
[00207]
[solaris-snmpxdmid-bo(6245)]
-
Entry
Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data.
[2707]
[20010509 def-2001-24: Windows 2000 Kerberos DoS]
[L-079]
[MS01-024]
[win2k-kerberos-dos(6506)]
-
Entry
Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests.
[L-074]
[MS01-022]
[ms-dacipp-webdav-access(6405)]
-
Entry
Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type.
[2600]
[20010416 [SX-20010320-2] - Microsoft ISA Server Denial of Service]
[20010417 [SX-20010320-2b] - Followup re. Microsoft ISA Server Denial of Service]
[20010427 Microsoft ISA Server Vulnerability]
[L-073]
[MS01-021]
[isa-web-proxy-dos(6383)]
-
Entry
Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro.
[2753]
[MS01-028]
[word-rtf-macro-execution(6571)]
-
Entry
Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0.
[2674]
[20010501 Windows 2000 IIS 5.0 Remote buffer overflow vulnerability (Remote SYSTEM Level Access)]
[CA-2001-10]
[MS01-023]
[3323]
[oval:org.mitre.oval:def:1068]
[iis-isapi-printer-bo(6485)]
-
Entry
Windows Media Player 7 and earlier stores Internet shortcuts in a user's Temporary Files folder with a fixed filename instead of in the Internet Explorer cache, which causes the HTML in those shortcuts to run in the Local Computer Zone instead of the Internet Zone, which allows remote attackers to read certain files.
[2765]
[MS01-029]
[mediaplayer-html-shortcut(6584)]
-
Entry
Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter.
[2709]
[MS01-025]
[winnt-indexserver-search-bo(6517)]
-
Entry
Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability.
[MS01-025]
[win-indexserver-view-files(6518)]
-
Entry
iPlanet (formerly Netscape) Enterprise Server 4.1 allows remote attackers to cause a denial of service via a long HTTP GET request that contains many "/../" (dot dot) sequences.
[2282]
[20010122 def-2001-04: Netscape Enterprise Server Dot-DoS]
[20010124 iPlanet FastTrack/Enterprise 4.1 DoS clarifications]
[netscape-enterprise-dot-dos(5983)]
-
Entry
ssh-keygen in ssh 1.2.27 - 1.2.30 with Secure-RPC can allow local attackers to recover a SUN-DES-1 magic phrase generated by another user, which the attacker can use to decrypt that user's private key file.
[2222]
[20010116 Bug in SSH1 secure-RPC support can expose users' private keys]
[http://www.ssh.com/products/ssh/patches/secureRPCvulnerability.html]
[ssh-rpc-private-key(5963)]
-
Entry
Buffer overflow in Lotus Domino Mail Server 5.0.5 and earlier allows a remote attacker to crash the server or execute arbitrary code via a long "RCPT TO" command.
[2283]
[20010123 [SAFER] Security Bulletin 010123.EXP.1.10]
[3321]
[lotus-domino-smtp-bo(5993)]
-
Entry
ASCII Armor parser in Windows PGP 7.0.3 and earlier allows attackers to create files in arbitrary locations via a malformed ASCII armored file.
[A040901-1]
[2556]
[1782]
[pgp-armor-code-execution(6643)]
-
Entry
Vulnerability in Software Distributor SD-UX in HP-UX 11.0 and earlier allows local users to gain privileges.
[HPSBUX0102-143]
[6033]
-
Entry
NM debug in HP MPE/iX 6.5 and earlier does not properly handle breakpoints, which allows local users to gain privileges.
[HPSBMP0102-008]
[6032]
[hp-nmdebug-gain-privileges(6226)]
-
Entry
The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table (LDT) with a target that specifies an arbitrary kernel address.
[2739]
[20010219 Re: your mail]
[CSSA-2001-SCO.35]
[VU#358960]
[NetBSD-SA:2001-002]
[20010302 The USER_LDT kernel option allows an attacker to gain access to privileged areas of kernel memory.]
[6141]
[user-ldt-validation(6222)]
-
Entry
pam_ldap authentication module in Solaris 8 allows remote attackers to bypass authentication via a NULL password.
[20010217 Solaris 8 pam_ldap.so.1 module broken]
[6030]
[4384816]
[solaris-pamldap-bypass-authentication(6440)]
-
Entry
kicq IRC client 1.0.0, and possibly later versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
[20010214 Security hole in kicq]
[20010303 Re: Security hole in kicq]
[kicq-execute-commands(6112)]
-
Entry
ext.dll in BadBlue 1.02.07 Personal Edition web server allows remote attackers to determine the physical path of the server by directly calling ext.dll without any arguments, which produces an error message that contains the path.
[2390]
[20010217 BadBlue Web Server Ext.dll Vulnerabilities]
[http://www.badblue.com/p010219.htm]
[badblue-ext-reveal-path(6130)]
-
Entry
Vulnerability in linkeditor in HP MPE/iX 6.5 and earlier allows local users to gain privileges.
[HPSBMP0102-009]
[hp-linkeditor-gain-privileges(6223)]
-
Entry
Buffer overflow in sudo earlier than 1.6.3p6 allows local users to gain root privileges.
[20010222 Sudo version 1.6.3p6 now available (fwd)]
[20010225 [slackware-security] buffer overflow in sudo fixed]
[20010226 Trustix Security Advisory - sudo]
[CLA-2001:381]
[DSA-031]
[MDKSA-2001:024]
[RHSA-2001:018]
[RHSA-2001:019]
-
Entry
Buffer overflow in MERCUR SMTP server 3.30 allows remote attackers to execute arbitrary commands via a long EXPN command.
[20010223 Mercur Mailserver 3.3 buffer overflow with EXPN]
[6027]
[mercur-expn-bo(6149)]
-
Entry
Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed Authentication header (AH) IPv4 option.
[20010302 Insufficient checks in the IPSEC AH IPv4 option handling code can lead to a buffer overrun in the kernel.]
[6026]
-
Entry
VERITAS Cluster Server (VCS) 1.3.0 on Solaris allows local users to cause a denial of service (system panic) via the -L option to the lltstat command.
[20010302 Option to VERITAS Cluster Server (VCS) lltstat command will panic system.]
[http://seer.support.veritas.com/docs/234326.htm]
[6025]
-
Entry
Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections.
[20010228 Cisco IOS Software TCP Initial Sequence Number Randomization Improvements]
-
Entry
Joe text editor 2.8 searches the current working directory (CWD) for the .joerc configuration file, which could allow local users to gain privileges of other users by placing a Trojan Horse .joerc file into a directory, then waiting for users to execute joe from that directory.
[20010228 Joe's Own Editor File Handling Error]
[DSA-041]
[MDKSA-2001:026]
[RHSA-2001:024]
-
Entry
Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords.
[20010306 [Mailman-Announce] ANNOUNCE Mailman 2.0.2 (important privacy patch)]
-
Entry
Directory traversal vulnerability in War FTP 1.67.04 allows remote attackers to list directory contents and possibly read files via a "dir *./../.." command.
[2444]
[20010306 Warftp 1.67b04 Directory Traversal]
[http://support.jgaa.com/?cmd=ShowArticle&ID=31]
[874]
-
Entry
Buffer overflow in Voyager web administration server for Nokia IP440 allows local users to cause a denial of service, and possibly execute arbitrary commands, via a long URL.
[2054]
[20001127 Nokia firewalls]
[20001205 Nokia firewalls - Response from Nokia]
[6020]
[nokia-ip440-bo(5640)]
-
Entry
Buffer overflow in Analog before 4.16 allows remote attackers to execute arbitrary commands by using the ALIAS command to construct large strings.
[2377]
[20010213 Security advisory for analog]
[http://www.analog.cx/security2.html]
[DSA-033]
[1762]
[RHSA-2001:017]
[analog-alias-bo(6105)]
-
Entry
inetd in Red Hat 6.2 does not properly close sockets for internal services such as chargen, daytime, echo, etc., which allows remote attackers to cause a denial of service via a series of connections to the internal services.
[RHSA-2001:006]
[inetd-internal-socket-dos(6380)]
-
Entry
sort in FreeBSD 4.1.1 and earlier, and possibly other operating systems, uses predictable temporary file names and does not properly handle when the temporary file already exists, which causes sort to crash and possibly impacts security-sensitive scripts.
[3960]
[FreeBSD-SA-01:13]
[sort-temp-file-abort(6038)]
-
Entry
Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows attackers to gain unauthorized access to an OmniBack client.
[HPSBUX0102-142]
[PHSS_22914]
[PHSS_22915]
[omniback-unauthorized-access(6434)]
-
Entry
Linux kernel 2.4 and 2.2 allows local users to read kernel memory and possibly gain privileges via a negative argument to the sysctl call.
[2364]
[20010213 Trustix Security Advisory - proftpd, kernel]
[CSSA-2001-009]
[6017]
[RHSA-2001:013]
[linux-sysctl-read-memory(6079)]
-
Entry
Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local users to gain privileges by using ptrace to track and modify a running setuid process.
[20010213 Trustix Security Advisory - proftpd, kernel]
[CSSA-2001-009]
[RHSA-2001:013]
[linux-ptrace-modify-process(6080)]
-
Entry
Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory (cwd).
[20010110 proftpd 1.2.0rc2 -- example of bad coding]
[20010206 Response to ProFTPD issues]
[CLA-2001:380]
[DSA-029]
[MDKSA-2001:021]
[proftpd-format-string(6433)]
-
Entry
orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability.
[2350]
[20010205 IBM NetCommerce Security]
[http://www-4.ibm.com/software/webservers/commerce/netcomletter.html]
[ibm-netcommerce-reveal-information(6067)]
-
Entry
opendir.php script in PHP-Nuke allows remote attackers to read arbitrary files by specifying the filename as an argument to the requesturl parameter.
[20010212 Fwd: Re: phpnuke, security problem...]
[phpnuke-opendir-read-files(6512)]
-
Entry
Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to read arbitrary files via the .jsp and .sqljsp file extensions when the server is configured to use the <<ALL FILES>> FilePermission.
[20010212 Solution for Potential Vunerability in Granting FilePermission to Oracle Java Virtual Machine]
[5706]
[oracle-jvm-file-permissions(6438)]
-
Entry
iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to retrieve sensitive data from memory allocation pools, or cause a denial of service, via a URL-encoded Host: header in the HTTP request, which reveals memory in the Location: header that is returned by the server.
[A041601-1]
[VU#276767]
[http://www.iplanet.com/products/iplanet_web_enterprise/iwsalert4.16.html]
[5704]
-
Entry
Bugzilla 2.10 allows remote attackers to access sensitive information, including the database username and password, via an HTTP request for the globals.pl file, which is normally returned by the web server without being executed.
[A043001-1]
[2671]
[bugzilla-gobalpl-gain-information(6489)]
-
Entry
Buffer overflow in Embedded Support Partner (ESP) daemon (rpc.espd) in IRIX 6.5.8 and earlier allows remote attackers to execute arbitrary commands.
[2714]
[VU#258632]
[20010509 Remote Buffer Overflow Vulnerability in IRIX Embedded Support Partner Infrastructure]
[20010509 Remote Buffer Overflow Vulnerability in IRIX Embedded Support Partner Infrastructure ]
[1822]
[20010501-01-P]
[irix-espd-bo(6502)]
-
Entry
Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice.
[2708]
[20010515 NSFOCUS SA2001-02 : Microsoft IIS CGI Filename Decode Error Vulnerability]
[CA-2001-12]
[MS01-026]
[oval:org.mitre.oval:def:1018]
[oval:org.mitre.oval:def:1051]
[oval:org.mitre.oval:def:37]
[oval:org.mitre.oval:def:78]
[iis-url-decoding(6534)]
-
Entry
FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded.
[MS01-026]
[iis-ftp-wildcard-dos(6535)]
-
Entry
FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters.
[2719]
[MS01-026]
[iis-ftp-domain-authentication(6545)]
-
Entry
The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request.
[MS01-026]
[5693]
[iis-crosssitescripting-patch-dos(6858)]
-
Entry
Internet Explorer 5.5 and earlier does not properly validate digital certificates when Certificate Revocation List (CRL) checking is enabled, which could allow remote attackers to spoof trusted web sites, aka the "Server certificate validation vulnerability."
[2735]
[L-087]
[MS01-027]
[ie-crl-certificate-spoofing(6555)]
-
Entry
Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the "Web page spoofing vulnerability."
[2737]
[L-087]
[MS01-027]
[5694]
[oval:org.mitre.oval:def:1096]
[ie-html-url-spoofing(6556)]
-
Entry
An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically.
[L-091]
[MS01-030]
[exchange-owa-script-execution(6652)]
-
Entry
Buffer overflow in Microsoft Visual Studio RAD Support sub-component of FrontPage Server Extensions allows remote attackers to execute arbitrary commands via a long registration request (URL) to fp30reg.dll.
[2906]
[20010625 NSFOCUS SA2001-03 : Microsoft FrontPage 2000 Server Extensions Buffer Overflow Vulnerability]
[MS01-035]
[577]
[frontpage-ext-rad-bo(6730)]
-
Entry
An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account.
[L-095]
[MS01-032]
[oval:org.mitre.oval:def:71]
[mssql-cached-connection-access(6684)]
-
Entry
Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions.
[2843]
[MS01-031]
[win2k-telnet-idle-sessions-dos(6667)]
-
Entry
Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them.
[MS01-031]
[win2k-telnet-handle-leak-dos(6668)]
-
Entry
Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid.
[2847]
[L-092]
[MS01-031]
[5686]
[win2k-telnet-domain-authentication(6665)]
-
Entry
Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace.
[2838]
[20010608 Range checking fault condition in Microsoft Windows 2000 Telnet server]
[20050511 Microsoft Windows 2000 Telnet server vulnerability]
[L-092]
[MS01-031]
[win2k-telnet-username-dos(6666)]
-
Entry
Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service.
[2846]
[L-092]
[MS01-031]
[win2k-telnet-system-call-dos(6669)]
-
Entry
Buffer overflow in the line printer daemon (in.lpd) for Solaris 8 and earlier allows local and remote attackers to gain root privileges via a "transfer job" routine.
[2894]
[CA-2001-15]
[20010619 Remote Buffer Overflow Vulnerability in Solaris Print Protocol Daemon]
[00206]
[solaris-lpd-bo(6718)]
-
Entry
Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5.
[2344]
[20010207 [CORE SDI ADVISORY] SSH1 session key recovery vulnerability]
[L-047]
[20010627 Multiple SSH Vulnerabilities]
[DSA-023]
[DSA-027]
[DSA-086]
[FreeBSD-SA-01:24]
[2116]
[SuSE-SA:2001:04]
[ssh-session-key-recovery(6082)]
-
Entry
SSH Communications Security sshd 2.4 for Windows allows remote attackers to create a denial of service via a large number of simultaneous connections.
[2477]
[20010315 Remote DoS attack against SSH Secure Shell for Windows Servers]
[ssh-ssheloop-dos(6241)]
-
Entry
Eudora before 5.1 allows a remote attacker to execute arbitrary code, when the 'Use Microsoft Viewer' and 'allow executables in HTML content' options are enabled, via an HTML email message containing Javascript, with ActiveX controls and malicious code within IMG tags.
[2490]
[20010318 feeble.you!dora.exploit]
[eudora-html-execute-code(6262)]
-
Entry
saposcol in SAP R/3 Web Application Server Demo before 1.5 trusts the PATH environmental variable to find and execute the expand program, which allows local users to obtain root access by modifying the PATH to point to a Trojan horse expand program.
[2662]
[20010429 SAP R/3 Web Application Server Demo for Linux: root exploit]
[ftp://ftp.sap.com/pub/linuxlab/saptools/README.saposcol]
[linux-sap-execute-code(6487)]
-
Entry
Directory traversal vulnerability in BearShare 2.2.2 and earlier allows a remote attacker to read certain files via a URL containing a series of . characters, a variation of the .. (dot dot) attack.
[2672]
[20010430 A Serious Security Vulnerability Found in BearShare (Directory Traversal)]
[1810]
[bearshare-dot-download-files(6481)]
-
Entry
Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and earlier, and possibly other operating systems, makes deleted data available to user processes before it is zeroed out, which allows a local user to access otherwise restricted information.
[FreeBSD-SA-01:30]
[5682]
[ufs-ext2fs-data-disclosure(6268)]
-
Entry
The default configuration of the Dr. Watson program in Windows NT and Windows 2000 generates user.dmp crash dump files with world-readable permissions, which could allow a local user to gain access to sensitive information.
[2501]
[20010323 NT crash dump files insecure by default]
[5683]
[win-userdmp-insecure-permission(6275)]
-
Entry
Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa authentication to a TACACS+ server allows remote attackers to cause a denial of service via a large number of authentication requests.
[2551]
[20010406 PIX Firewall 5.1 DoS Vulnerability]
[20011003 Cisco PIX Firewall Authentication Denial of Service Vulnerability]
[cisco-pix-tacacs-dos(6353)]
-
Entry
Infradig Inframail prior to 3.98a allows a remote attacker to create a denial of service via a malformed POST request which includes a space followed by a large string.
[20010328 Inframail Denial of Service Vulnerability]
[5685]
[inframail-post-dos(6297)]
-
Entry
readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history files with insecure permissions, which allows a local attacker to recover potentially sensitive information via readline history files.
[ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/024_readline.patch]
[5680]
[bsd-readline-permissions(6586)]
-
Entry
Vulnerability in the newgrp program included with HP9000 servers running HP-UX 11.11 allows a local attacker to obtain higher access rights.
[VU#249224]
[HPSBUX0103-147]
[5681]
[hp-newgrp-additional-privileges(6282)]
-
Entry
banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to modify banner ad URLs by directly calling the Change operation, which does not require authentication.
[2544]
[20010401 Php-nuke exploit...]
[http://phpnuke.org/download.php?dcategory=Fixes]
[php-nuke-url-redirect(6342)]
-
Entry
AnalogX SimpleServer:WWW 1.08 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory.
[2608]
[20010417 Advisory for SimpleServer:WWW (analogX)]
[3781]
[analogx-simpleserver-aux-dos(6395)]
-
Entry
Format string vulnerability in hfaxd in HylaFAX before 4.1.b2_2 allows local users to gain privileges via the -q command line argument.
[2574]
[20010412 HylaFAX vulnerability]
[20010415 **SECURITY ADVISORY** - HylaFAX format string vulnerability]
[FreeBSD-SA-01:34]
[MDKSA-2001:041]
[5679]
[SuSE-SA:2001:15]
[hylafax-hfaxd-format-string(6377)]
-
Entry
time server daemon timed allows remote attackers to cause a denial of service via malformed packets.
[FreeBSD-SA-01:28]
[MDKSA-2001:034]
[SuSE-SA:2001:07]
[timed-remote-dos(6228)]
-
Entry
Remote manager service in Website Pro 3.0.37 allows remote attackers to cause a denial of service via a series of malformed HTTP requests to the /dyn directory.
[20010328 def-2001-15: Website Pro Remote Manager DoS]
[5669]
[website-pro-remote-dos(6295)]
-
Entry
IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrestricted port.
[20010408 A fragmentation attack against IP Filter]
[FreeBSD-SA-01:32]
[ipfilter-access-ports(6331)]
-
Entry
ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote attackers to bypass access restrictions for an FTP server via a PORT command that lists an arbitrary IP address and port number, which is added to the RELATED table and allowed by the firewall.
[2602]
[20010416 Tempest Security Techonologies -- Adivsory #01/2001 -- Linux IPTables]
[MDKSA-2001:071]
[RHSA-2001:052]
[RHSA-2001:084]
[linux-netfilter-iptables(6390)]
-
Entry
Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot).
[2522]
[20010318 potential vulnerability of mysqld running with root privileges (can be used as good DoS or r00t expoloit)]
[20010327 MySQL 3.23.36 is relased (fwd)]
[mysql-dot-directory-traversal(6617)]
-
Entry
vim (aka gvim) processes VIM control codes that are embedded in a file, which could allow attackers to execute arbitrary commands when another user opens a file containing malicious VIM control codes.
[2510]
[20010329 Immunix OS Security update for vim]
[CSSA-2001-014.0]
[MDKSA-2001:035]
[RHSA-2001:008]
[SuSE-SA:2001:12]
[vim-elevate-privileges(6259)]
-
Entry
vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the victim is editing the file in a world writable directory.
[CSSA-2001-014.0]
[SuSE-SA:2001:12]
[vim-tmp-symlink(6628)]
-
Entry
Cisco Content Services (CSS) switch products 11800 and earlier, aka Arrowpoint, allows local users to gain privileges by entering debug mode.
[2559]
[20010404 Cisco Content Services Switch User Account Vulnerability]
[1784]
[cisco-css-elevate-privileges(6322)]
-
Entry
BinTec X4000 Access router, and possibly other versions, allows remote attackers to cause a denial of service via a SYN port scan, which causes the router to hang.
[20010404 BinTec X4000 Access Router DoS Vulnerability]
[20010406 X4000 DoS: Details and workaround]
[20010409 BINTEC X1200]
[20010410 BinTec Router DoS: Workaround and Details]
[bintec-x4000-nmap-dos(6323)]
-
Entry
Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument.
[2540]
[20010404 ntpd =< 4.0.99k remote buffer overflow]
[20010405 Re: ntpd =< 4.0.99k remote buffer overflow]]
[20010406 Immunix OS Security update for ntp and xntp3]
[20010408 [slackware-security] buffer overflow fix for NTP]
[20010409 PROGENY-SA-2001-02: ntpd remote buffer overflow]
[20010409 [ESA-20010409-01] xntp buffer overflow]
[20010409 ntp-4.99k23.tar.gz is available]
[20010409 ntpd - new Debian 2.2 (potato) version is also vulnerable]
[20010413 PROGENY-SA-2001-02A: [UPDATE] ntpd remote buffer overflow]
[20010418 IBM MSS Outside Advisory Redistribution: IBM AIX: Buffer Overflow Vulnerability in (x)ntp]
[CSSA-2001-013]
[CLA-2001:392]
[DSA-045]
[FreeBSD-SA-01:31]
[MDKSA-2001:036]
[NetBSD-SA2001-004]
[805]
[oval:org.mitre.oval:def:3831]
[RHSA-2001:045]
[SSE073]
[SSE074]
[SuSE-SA:2001:10]
[ntpd-remote-bo(6321)]
-
Entry
sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools.
[2506]
[2683]
[20010316 Immunix OS Security update for sgml-tools]
[CLA-2001:390]
[DSA-038]
[MDKSA-2001:030]
[RHSA-2001:027]
[SuSE-SA:2001:16]
[sgmltools-symlink(6201)]
-
Entry
Buffer overflow in Xsun in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable.
[2561]
[20010410 Solaris Xsun buffer overflow vulnerability]
[oval:org.mitre.oval:def:555]
[4356377]
[4425845]
[4440161]
[solaris-xsun-home-bo(6343)]
-
Entry
Buffer overflow in ipcs in Solaris 7 x86 allows local users to execute arbitrary code via a long TZ (timezone) environmental variable, a different vulnerability than CAN-2002-0093.
[2581]
[20010412 Solaris ipcs vulnerability]
[solaris-ipcs-bo(6369)]
-
Entry
Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts.
[20010328 VPN3000 Concentrator TELNET Vulnerability]
[5643]
[cisco-vpn-telnet-dos(6298)]
-
Entry
Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via an IP packet with an invalid IP option.
[2573]
[20010412 VPN 3000 Concentrator IP Options Vulnerability]
[1786]
[cisco-vpn-ip-dos(6360)]
-
Entry
Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an 802.1x frame on a Spanning Tree Protocol (STP) blocked port, which causes a network storm and a denial of service.
[2604]
[L-072]
[20010416 Catalyst 5000 Series 802.1x Vulnerability]
[cisco-catalyst-8021x-dos(6379)]
-
Entry
Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates temporary files.
[DSA-046]
[5642]
[exuberant-ctags-symlink(6388)]
-
Entry
The LogDataListToFile ActiveX function used in (1) Knowledge Center and (2) Back web components of Compaq Presario computers allows remote attackers to modify arbitrary files and cause a denial of service.
[SSRT0716]
[compaq-activex-dos(6355)]
-
Entry
licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
[CLA-2001:389]
[FreeBSD-SA-01:35]
[MDKSA-2001:032]
[5641]
[RHSA-2001:022]
[RHSA-2001:023]
[licq-url-execute-commands(6261)]
-
Entry
Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands.
[CLA-2001:389]
[FreeBSD-SA-01:35]
[MDKSA-2001:032]
[5601]
[RHSA-2001:022]
[RHSA-2001:023]
[licq-logging-bo(6645)]
-
Entry
Buffer overflow in Mercury MTA POP3 server for NetWare 1.48 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long APOP command.
[2641]
[20010421 Mercury for NetWare POP3 server vulnerable to remote buffer overflow]
[20010424 Re: Mercury for NetWare POP3 server vulnerable to remote buffer overflow]
[mercury-mta-bo(6444)]
-
Entry
Cisco CBOS 2.3.0.053 sends output of the "sh nat" (aka "show nat") command to the terminal of the next user who attempts to connect to the router via telnet, which could allow that user to obtain sensitive information.
[2635]
[20010420 Bug in Cisco CBOS v2.3.0.053]
[1796]
[cisco-cbos-gain-information(6453)]
-
Entry
Buffer overflow in WinZip 8.0 allows attackers to execute arbitrary commands via a long file name that is processed by the /zipandemail command line option.
[20010302 def-2001-09: Winzip32 zipandemail Buffer Overflow]
[winzip-zipandemail-bo(6191)]
-
Entry
Cisco Aironet 340 Series wireless bridge before 8.55 does not properly disable access to the web interface, which allows remote attackers to modify its configuration.
[20010307 Access to the Cisco Aironet 340 Series Wireless Bridge via Web Interface]
[5597]
[cisco-aironet-web-access(6200)]
-
Entry
postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended.
[DSA-032]
[proftpd-postinst-root(6208)]
-
Entry
man2html before 1.5-22 allows remote attackers to cause a denial of service (memory exhaustion).
[DSA-035]
[5631]
[man2html-remote-dos(6211)]
-
Entry
template.cgi in Free On-Line Dictionary of Computing (FOLDOC) allows remote attackers to read files and execute commands via shell metacharacters in the argument to template.cgi.
[20010309 Cgisecurity.com advisory #4 The Free On-line Dictionary of Computing]
[http://wombat.doc.ic.ac.uk/foldoc/index.html]
[5591]
[foldoc-cgi-execute-commands(6217)]
-
Entry
Directory traversal vulnerability in Perl web server 0.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
[2648]
[20010424 Advisory for perl webserver]
[perl-webserver-directory-traversal(6451)]
-
Entry
Directory traversal vulnerability in cal_make.pl in PerlCal allows remote attackers to read arbitrary files via a .. (dot dot) in the p0 parameter.
[2663]
[20010427 PerlCal (CGI) show files vulnerability]
[http://www.perlcal.com/calendar/docs/bugs.txt]
[perlcal-calmake-directory-traversal(6480)]
-
Entry
TurboTax saves passwords in a temporary file when a user imports investment tax information from a financial institution, which could allow local users to obtain sensitive information.
[20010405]
[http://www.turbotax.com/atr/update/]
[turbotax-save-passwords(6622)]
-
Entry
Directory traversal vulnerability in RobTex Viking Web server before 1.07-381 allows remote attackers to read arbitrary files via a \... (modified dot dot) in an HTTP URL request.
[2643]
[20010423 Vulnerability in Viking Web Server]
[http://www.robtex.com/files/viking/beta/chglog.txt]
[viking-dot-directory-traversal(6450)]
-
Entry
rwho daemon rwhod in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service via malformed packets with a short length.
[2473]
[FreeBSD-SA-01:29]
[rwhod-remote-dos(6229)]
-
Entry
Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands.
[20010315 Immunix OS Security update for mutt]
[20010320 Trustix Security Advisory - mutt]
[CLA-2001:385]
[MDKSA-2001-031]
[5615]
[RHSA-2001:029]
[mutt-imap-format-string(6235)]
-
Entry
Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/glxmemory file.
[MDKSA-2001:029]
[mesa-utahglx-symlink(6231)]
-
Entry
index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote attackers to execute arbitrary PHP code via special characters in the templatecache parameter.
[2474]
[20010315 vBulletin allows arbitrary code execution]
[http://www.vbulletin.com/forum/showthread.php?s=b20af207b5b908ecf7a4ecf56fbe3cd3&threadid=10839]
[vbulletin-php-elevate-privileges(6237)]
-
Entry
Vulnerability in rpmdrake in Mandrake Linux 8.0 related to insecure temporary file handling.
[MDKSA-2001:043]
[5612]
[linux-rpmdrake-temp-file(6494)]
-
Entry
Configuration error in Argus PitBull LX allows root users to bypass specified access control restrictions and cause a denial of service or execute arbitrary commands by modifying kernel variables such as MaxFiles, MaxInodes, and ModProbePath in /proc/sys via calls to sysctl.
[20010330 Serious Pitbull LX Vulnerability]
[pitbull-lx-modify-kernel(6623)]
-
Entry
Unknown vulnerability in netprint in IRIX 6.2, and possibly other versions, allows local users with lp privileges attacker to execute arbitrary commands via the -n option.
[2656]
[20010426 IRIX /usr/lib/print/netprint local root symbols exploit.]
[20010427 Re: IRIX /usr/lib/print/netprint local root symbols exploit.]
[8571]
[20010701-01-P]
[irix-netprint-shared-library(6473)]
-
Entry
Remote attackers can cause a denial of service in Novell BorderManager 3.6 and earlier by sending TCP SYN flood to port 353.
[2623]
[20010420 Novell BorderManager 3.5 VPN Denial of Service]
[20010429 Proof of concept DoS against novell border manager enterprise]
[20010501 Re: Proof of concept DoS against novell border manager enterprise edition 3.5]
[http://support.novell.com/cgi-bin/search/searchtid.cgi?/2959062.htm]
[20010402 (no subject)]
[bordermanager-vpn-syn-dos(6429)]
-
Entry
AIX SNMP server snmpd allows remote attackers to cause a denial of service via a RST during the TCP connection.
[IY17630]
[5611]
[aix-snmpd-rst-dos(6996)]
-
Entry
pcltotiff in HP-UX 10.x has unnecessary set group id permissions, which allows local users to cause a denial of service.
[2646]
[HPSBUX0104-149]
[2188]
[hp-pcltotiff-insecure-permissions(6447)]
-
Entry
Format string vulnerability in gftp prior to 2.0.8 allows remote malicious FTP servers to execute arbitrary commands.
[2657]
[DSA-057]
[MDKSA-2001-044]
[1805]
[RHSA-2001:053]
[20010417 gftp exploitable?]
[gftp-format-string(6478)]
-
Entry
Small HTTP server 2.03 allows remote attackers to cause a denial of service via a URL that contains an MS-DOS device name such as aux.
[2649]
[20010424 Advisory for Small HTTP Server]
[http://home.lanck.net/mf/srv/index.htm]
[small-http-aux-dos(6446)]
-
Entry
Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior versions allows remote attackers to execute arbitrary code via a long From: header.
[20010424 IPSwitch IMail 6.06 SMTP Remote System Access Vulnerability]
[http://ipswitch.com/Support/IMail/news.html]
[5610]
[ipswitch-imail-smtp-bo(6445)]
-
Entry
Directory traversal in DataWizard WebXQ server 1.204 allows remote attackers to view files outside of the web root via a .. (dot dot) attack.
[2660]
[20010426 Vulnerability in WebXQ Server]
[1799]
[webxq-dot-directory-traversal(6466)]
-
Entry
dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates.
[20010611 BIND Inadvertent Local Exposure of HMAC-MD5 (TSIG) Keys]
[5609]
[bind-local-key-exposure(6694)]
-
Entry
Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red.
[2880]
[20010618 All versions of Microsoft Internet Information Services, Remote buffer overflow (SYSTEM Level Access)]
[CA-2001-13]
[L-098]
[MS01-033]
[oval:org.mitre.oval:def:197]
[iis-isapi-idq-bo(6705)]
-
Entry
Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner.
[2876]
[20010622 Fwd: Microsoft Word macro vulnerability advisory MS01-034]
[MS01-034]
[msword-macro-bypass-security(6732)]
-
Entry
Running Windows 2000 LDAP Server over SSL, a function does not properly check the permissions of a user request when the directory principal is a domain user and the data attribute is the domain password, which allows local users to modify the login password of other users.
[2929]
[L-101]
[MS01-036]
[win2k-ldap-change-passwords(6745)]
-
Entry
Microsoft NetMeeting 3.01 with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service via a malformed string to the NetMeeting service port, aka a variant of the "NetMeeting Desktop Sharing" vulnerability.
[MS00-077]
[5608]
[netmeeting-desktop-sharing-dos(5368)]
-
Entry
Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activities such as mail relaying.
[2988]
[VU#435963]
[L-107]
[MS01-037]
[win2k-smtp-mail-relay(6803)]
-
Entry
Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability.
[3190]
[20010817 NSFOCUS SA2001-06 : Microsoft IIS ssinc.dll Buffer Overflow Vulnerability]
[20011127 IIS Server Side Include Buffer overflow exploit code]
[L-132]
[MS01-044]
[iis-ssi-directive-bo(6984)]
-
Entry
IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability.
[20010816 ENTERCEPT SECURITY ALERT: Privilege Escalation Vulnerability in Microsoft IIS]
[L-132]
[MS01-044]
[5607]
[oval:org.mitre.oval:def:909]
[oval:org.mitre.oval:def:912]
[iis-relative-path-privilege-elevation(6985)]
-
Entry
Vulnerability in IIS 5.0 allows remote attackers to cause a denial of service (restart) via a long, invalid WebDAV request.
[2690]
[20010506 IIS 5.0 PROPFIND DOS #2]
[MS01-044]
[5606]
[5633]
[iis-webdav-long-request-dos(6982)]
-
Entry
Oracle listener process on Windows NT redirects connection requests to another port and creates a separate thread to process the request, which allows remote attackers to cause a denial of service by repeatedly connecting to the Oracle listener but not connecting to the redirected port.
[VU#105259]
[20010619 Oracle Redirect Denial of Service]
[5600]
[oracle-listener-redirect-dos(6717)]
-
Entry
SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used in Netgear ME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain sensitive information such as WEP keys, cause a denial of service, or gain access to the network.
[2896]
[20010620 Multiple Vendor 802.11b Access Point SNMP authentication flaw]
[atmel-vnetb-ap-snmp-security(6576)]
-
Entry
Oracle listener in Oracle 8i on Solaris allows remote attackers to cause a denial of service via a malformed connection packet with a maximum transport data size that is set to 0.
[http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf]
[20010515 Multiple Oracle Listener Denial of Service Vulnerabilities]
[5590]
[oracle-listener-data-transport-dos(6715)]
-
Entry
Oracle listener before Oracle 9i allows attackers to cause a denial of service by repeatedly sending the first portion of a fragmented Oracle command without sending the remainder of the command, which causes the listener to hang.
[http://otn.oracle.com/deploy/security/alerts.htm]
[20010515 Multiple Oracle Listener Denial of Service Vulnerabilities]
[oracle-listener-fragmentation-dos(6716)]
-
Entry
Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file.
[2797]
[20010529 [synnergy] - GnuPG remote format string vulnerability]
[20010601 The GnuPG format string bug (was: TSLSA-2001-0009 - GnuPG)]
[CSSA-2001-020.0]
[VU#403051]
[CLA-2001:399]
[http://www.gnupg.org/whatsnew.html#rn20010529]
[DSA-061]
[IMNX-2001-70-023-01]
[MDKSA-2001:053]
[1845]
[RHSA-2001:073]
[SuSE-SA:2001:020]
[TLSA2001028]
[gnupg-tty-format-string(6642)]
-
Entry
Buffer overflow in dsh in dqs 3.2.7 in SuSE Linux 7.0 and earlier, and possibly other operating systems, allows local users to gain privileges via a long first command line argument.
[2749]
[20010519 Re: dqs 3.2.7 local root exploit.]
[20010519 dqs 3.2.7 local root exploit.]
[dqs-dsh-bo(6577)]
-
Entry
Buffer overflow in the Xview library as used by mailtool in Solaris 8 and earlier allows a local attacker to gain privileges via the OPENWINHOME environment variable.
[20010528 [synnergy] - Solaris mailtool(1) buffer overflow vulnerability]
[4458476]
[solaris-mailtool-openwinhome-bo(6626)]
-
Entry
DCScripts DCForum versions 2000 and earlier allow a remote attacker to gain additional privileges by inserting pipe symbols (|) and newlines into the last name in the registration form, which will create an extra entry in the registration database.
[2728]
[20010515 DCForum Password File Manipukation Vulnerability (qDefense Advisory Number QDAV-5-2000-2)]
[http://www.dcscripts.com/dcforum/dcfNews/167.html]
[480]
[dcforum-cgi-admin-access(6538)]
-
Entry
Oracle E-Business Suite Release 11i Applications Desktop Integrator (ADI) version 7.x includes a debug version of FNDPUB11I.DLL, which logs the APPS schema password in cleartext in a debug file, which allows local users to obtain the password and gain privileges.
[2694]
[20010507 Oracle's ADI 7.1.1.10.1 Major security hole]
[20010522 Vulnerability in Oracle E-Business Suite Release 11i Applications Desktop Integrator]
[oracle-adi-plaintext-passwords(6501)]
-
Entry
OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack.
[2825]
[20010604 Re: SSH allows deletion of other users files...]
[20010604 SSH allows deletion of other users files...]
[20010605 OpenSSH_2.5.2p2 RH7.0 <- version info]
[CSSA-2001-023.0]
[VU#655259]
[CLA-2001:431]
[IMNX-2001-70-034-01]
[NetBSD-SA2001-010]
[20010612]
[1853]
[openssh-symlink-file-deletion(6676)]
-
Entry
Spearhead NetGAP 200 and 300 before build 78 allow a remote attacker to bypass file blocking and content inspection via specially encoded URLs which include '%' characters.
[2798]
[20010528 Vulnerability discovered in SpearHead NetGap]
[20010607 SpearHead Security NetGAP]
[netgap-unicode-bypass-filter(6625)]
-
Entry
Buffer overflow in libi18n library in IBM AIX 5.1 and 4.3.x allows local users to gain root privileges via a long LANG environmental variable.
[L-123]
[MSS-OAR-E01-2001:271.1]
[5585]
[aix-libi18n-lang-bo(6863)]
-
Entry
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL.
[2936]
[20010629 Re: Cisco Security Advisory: IOS HTTP authorization vulnerability]
[20010702 Cisco IOS HTTP Configuration Exploit]
[20010702 Cisco device HTTP exploit...]
[20010702 ios-http-auth.sh]
[CA-2001-14]
[L-106]
[20010627 IOS HTTP authorization vulnerability]
[578]
[cisco-ios-admin-access(6749)]
-
Entry
Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page.
[3025]
[20010712 MS Office XP - the more money I give to Microsoft, the more vulnerable my Windows computers are]
[VU#131569]
[L-113]
[MS01-038]
[20010712 Vulnerability in IE/Outlook ActiveX control]
[outlook-activex-view-control(6831)]
-
Entry
Memory leak in Terminal servers in Windows NT and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed Remote Desktop Protocol (RDP) requests to port 3389.
[3099]
[MS01-040]
[win-terminal-rdp-dos(6912)]
-
Entry
Buffer overflow in Microsoft Windows Media Player 7.1 and earlier allows remote attackers to execute arbitrary commands via a malformed Windows Media Station (.NSC) file.
[3105]
[20010527 Microsoft Windows Media Player Buffer Overflow Vulnerability]
[MS01-042]
[mediaplayer-nsc-bo(6907)]
-
Entry
Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts.
[3183]
[MS01-043]
[oval:org.mitre.oval:def:334]
[win-nntp-dos(6977)]
-
Entry
IIS 5.0 allows local users to cause a denial of service (hang) via by installing content that produces a certain invalid MIME Content-Type header, which corrupts the File Type table.
[3195]
[L-132]
[MS01-044]
[iis-invalid-mime-header-dos(6983)]
-
Entry
IIS 4.0 with URL redirection enabled allows remote attackers to cause a denial of service (crash) via a malformed request that specifies a length that is different than the actual length.
[L-132]
[MS01-044]
[5736]
[iis-url-redirection-dos(6981)]
-
Entry
Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data.
[3196]
[MS01-045]
[isa-h323-gatekeeper-dos(6989)]
-
Entry
Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion).
[3197]
[MS01-045]
[isa-proxy-memory-leak-dos(6990)]
-
Entry
Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to gain privileges via the MAIL environment variable.
[3081]
[20010724 NSFOCUS SA2001-04 : Solaris dtmail Buffer Overflow Vulnerability]
[solaris-dtmail-bo(6879)]
-
Entry
Symantec LiveUpdate 1.5 stores proxy passwords in cleartext in a registry key, which could allow local users to obtain the passwords.
[VU#814187]
[http://www.sarc.com/avcenter/security/Content/2001_07_20.html]
[liveupdate-obtain-proxy-password(7013)]
-
Entry
wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob).
[3581]
[20011128 CORE-20011001: Wu-FTP glob heap corruption vulnerability]
[CSSA-2001-041.0]
[CSSA-2001-SCO.36]
[CSSA-2002-SCO.1]
[CA-2001-33]
[VU#886083]
[CLA-2001:442]
[DSA-087]
[HPSBUX0107-162]
[IMNX-2001-70-036-01]
[20011129 WU-FTPD Heap Corruption Vulnerability]
[MDKSA-2001:090]
[RHSA-2001:157]
[SuSE-SA:2001:043]
[20010430 some ftpd implementations mishandle CWD ~{]
[wuftp-glob-heap-corruption(7611)]
-
Entry
SSH Secure Shell 3.0.0 on Unix systems does not properly perform password authentication to the sshd2 daemon, which allows local users to gain access to accounts with short password fields, such as locked accounts that use "NP" in the password field.
[3078]
[20010720 URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0]
[VU#737451]
[L-121]
[http://www.ssh.com/products/ssh/exploit.cfm]
[586]
[ssh-password-length-unauth-access(6868)]
-
Entry
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function.
[3064]
[20010718 multiple vendor telnet daemon vulnerability]
[20010725 SCO - Telnetd AYT overflow ?]
[20010725 Telnetd AYT overflow scanner]
[20010810 ADV/EXP: netkit <=0.17 in.telnetd remote buffer overflow]
[CSSA-2001-030.0]
[CSSA-2001-SCO.10]
[CA-2001-21]
[L-131]
[20020129 Cisco CatOS Telnet Buffer Vulnerability]
[SSRT0745U]
[CLA-2001:413]
[DSA-070]
[DSA-075]
[FreeBSD-SA-01:49]
[HPSBUX0110-172]
[MSS-OAR-E01-2001:298]
[MDKSA-2001:068]
[NetBSD-SA2001-012]
[809]
[RHSA-2001:099]
[RHSA-2001:100]
[20010801-01-P]
[SuSE-SA:2001:029]
[telnetd-option-telrcv-bo(6875)]
-
Entry
T. Hauck Jana Webserver 2.01 beta 1 and earlier allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name (i.e. GET /aux HTTP/1.0).
[2704]
[20010507 Advisory for Jana server]
[1817]
[jana-server-device-dos(6521)]
-
Entry
crontab in Vixie cron 3.0.1 and earlier does not properly drop privileges after the failed parsing of a modification operation, which could allow a local attacker to gain additional privileges when an editor is called to correct the error.
[2687]
[20010507 Vixie cron vulnerability]
[DSA-054]
[MDKSA-2001:050]
[SuSE-SA:2001:17]
[vixie-cron-gain-privileges(6508)]
-
Entry
Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local attacker to gain additional privileges via a long username (> 20 characters).
[IY17048]
[IY17261]
[20010210 vixie cron possible local root compromise]
[20010220 Immunix OS Security update for vixie-cron]
[MDKSA-2001:022]
[5583]
[RHSA-2001:014]
[vixie-crontab-bo(6098)]
-
Entry
ElectroSystems Engineering Inc. ElectroComm 2.0 and earlier allows a remote attacker to create a denial of service via large (> 160000 character) strings sent to port 23.
[2706]
[20010507 Advisory for Electrocomm 2.0]
[electrocomm-telnet-dos(6514)]
-
Entry
APC Web/SNMP Management Card prior to Firmware 310 only supports one telnet connection, which allows a remote attacker to create a denial of service via repeated failed logon attempts which temporarily locks the card.
[2430]
[20010225 APC web/snmp/telnet management card dos]
[ftp://ftp.apcftp.com/hardware/webcard/firmware/sy/v310/install.txt]
[apc-telnet-dos(6199)]
-
Entry
Buffer overflow in mailx in Solaris 8 and earlier allows a local attacker to gain additional privileges via a long '-F' command line option.
[2610]
[20010502 Solaris mailx Vulnerability]
[20010511 Solaris /usr/bin/mailx exploit (SPARC)]
[VU#446864]
[4452732]
[solaris-mailx-f-bo(8246)]
-
Entry
Digital Creations Zope 2.3.2 and earlier allows a local attacker to gain additional privileges via the changing of ZClass permission mappings for objects and methods in the ZClass.
[CLA-2001:407]
[http://www.zope.org/Products/Zope/Hotfix_2001-05-01/security_alert]
[DSA-055]
[MDKSA-2001:049]
[RHSA-2001:065]
[zope-zclass-gain-privileges(6958)]
-
Entry
lsfs in AIX 4.x allows a local user to gain additional privileges by creating Trojan horse programs named (1) grep or (2) lslv in a certain directory that is under the user's control, which cause lsfs to access the programs in that directory.
[IY16909]
[VU#123651]
[5582]
[aix-lsfs-path(7007)]
-
Entry
Directory traversal vulnerability in MP3Mystic prior to 1.04b3 allows a remote attacker to download arbitrary files via a '..' (dot dot) in the URL.
[2699]
[20010507 Advisory for MP3Mystic]
[http://mp3mystic.com/mp3mystic/news.phtml]
[1815]
[mp3mystic-dot-directory-traversal(6504)]
-
Entry
Gordano NTMail 6.0.3c allows a remote attacker to create a denial of service via a long (>= 255 characters) URL request to port 8000 or port 9000.
[2494]
[20010320 def-2001-13: NTMail Web Services DoS]
[ntmail-long-url-dos(6249)]
-
Entry
TrendMicro ScanMail for Exchange 3.5 Evaluation allows a local attacker to recover the administrative credentials for ScanMail via a combination of unprotected registry keys and weakly encrypted passwords.
[20010330 STAT Security Advisory: Trend Micro's ScanMail for Exchange store s passwords in registry unprotected]
[5581]
[scanmail-reveals-credentials(6311)]
-
Entry
NetScreen ScreenOS prior to 2.5r6 on the NetScreen-10 and Netscreen-100 can allow a local attacker to bypass the DMZ 'denial' policy via specific traffic patterns.
[2523]
[20010326 Netscreen: DMZ Network Receives Some "Denied" Traffic]
[1780]
[netscreen-screenos-bypass-firewall(6317)]
-
Entry
Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).
[20010403 Re: Tomcat may reveal script source code by URL trickery]
[HPSBTL0112-004]
[5580]
[jakarta-tomcat-jsp-source(6971)]
-
Entry
Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 and Oracle 8.1.7 iAS Release 1.0.2 can allow a remote attacker to read or execute arbitrary .jsp files via a '..' (dot dot) attack.
[2286]
[20010212 Patch for Potential Vulnerability in the execution of JSPs outside doc_root]
[20010122 Oracle JSP/SQLJS handlers allow viewing files and executing JSP outside the web root]
[oracle-handlers-directory-traversal(5986)]
-
Entry
Anaconda Partners Clipper 3.3 and earlier allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in the template parameter.
[2512]
[20010327 advisory]
[http://anacondapartners.com/cgi-local/apexec.pl?template=ap_releasenotestemplate.html&f1=ap_af_updates_menu&f2=ap_af_releasenotes_clip]
[anaconda-clipper-directory-traversal(6286)]
-
Entry
kcms_configure as included with Solaris 7 and 8 allows a local attacker to gain additional privileges via a buffer overflow in a command line argument.
[2558]
[20010409 Solaris kcms_configure vulnerability]
[oval:org.mitre.oval:def:65]
[oval:org.mitre.oval:def:7]
[4199722]
[solaris-kcms-command-bo(6359)]
-
Entry
Buffer overflow in the kcsSUNWIOsolf.so library in Solaris 7 and 8 allows local attackers to execute arbitrary commands via the KCMS_PROFILES environment variable, e.g. as demonstrated using the kcms_configure program.
[2605]
[20010411 [LSD] Solaris kcsSUNWIOsolf.so and dtsession vulnerabilities]
[4415570]
[solaris-kcssunwiosolf-bo(6365)]
-
Entry
Netscape Communicator before 4.77 allows remote attackers to execute arbitrary Javascript via a GIF image whose comment contains the Javascript.
[2637]
[20010409 Netscape 4.76 gif comment flaw]
[CLA-2001:393]
[DSA-051]
[IMNX-2001-70-014-01]
[5579]
[RHSA-2001:046]
[netscape-javascript-access-data(6344)]
-
Entry
Becky! 2.00.05 and earlier can allow a remote attacker to gain additional privileges via a buffer overflow attack on long messages without newline characters.
[2723]
[20010514 Becky! 2.00.05 Buffer Overflow]
[becky-mail-message-bo(6531)]
-
Entry
McAfee Remote Desktop 3.0 and earlier allows remote attackers to cause a denial of service (crash) via a large number of packets to port 5045.
[2726]
[20010516 Remote Desktop DoS]
[6288]
[remote-desktop-dos(6547)]
-
Entry
Omnicron Technologies OmniHTTPD Professional 2.08 and earlier allows a remote attacker to create a denial of service via a long POST URL request.
[2730]
[20010515 OmniHTTPd Pro Denial of Service Vulnerability]
[omnihttpd-post-dos(6540)]
-
Entry
Directory traversal vulnerability in Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a remote attacker to read arbitrary files via a specially crafted URL which includes variations of a '..' (dot dot) attack such as '...' or '....'.
[2776]
[20010525 Advisory for Freestyle Chat server]
[1841]
[freestyle-chat-directory-traversal(6601)]
-
Entry
Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name (e.g., GET /aux HTTP/1.0).
[2777]
[20010525 Advisory for Freestyle Chat server]
[freestyle-chat-device-dos(6602)]
-
Entry
The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands.
[2745]
[L-085]
[20010517 Cisco Content Service Switch 11000 Series FTP Vulnerability]
[1834]
[cisco-css-ftp-commands(6557)]
-
Entry
The web management service on Cisco Content Service series 11000 switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote attacker to gain additional privileges by directly requesting the web management URL instead of navigating through the interface.
[2806]
[20010531 Cisco Content Service Switch 11000 Series Web Management Vulnerability]
[1848]
[cisco-css-web-management(6631)]
-
Entry
ftpdownload in Computer Associates InoculateIT 6.0 allows a local attacker to overwrite arbitrary files via a symlink attack on /tmp/ftpdownload.log .
[2778]
[20010525 Security Bug in InoculateIT for Linux (fwd)]
[1843]
[inoculateit-ftpdownload-symlink(6607)]
-
Entry
O'Reilly Website Professional 2.5.4 and earlier allows remote attackers to determine the physical path to the root directory via a URL request containing a ":" character.
[2488]
[20010316 WebServer Pro All Version Vulnerability]
[website-pro-dir-path(3839)]
-
Entry
vi as included with SCO OpenServer 5.0 - 5.0.6 allows a local attacker to overwrite arbitrary files via a symlink attack.
[2752]
[20010522 [SRT2001-09] - vi and crontab -e /tmp issues]
[CSSA-2001-SCO.17]
[VU#747736]
[sco-openserver-vi-symlink(6588)]
-
Entry
Microsoft Word 2000 does not check AutoRecovery (.asd) files for macros, which allows a local attacker to execute arbitrary macros with the user ID of the Word user.
[2760]
[Q274228]
[word-asd-macro-execution(6614)]
-
Entry
HP Event Correlation Service (ecsd) as included with OpenView Network Node Manager 6.1 allows a remote attacker to gain addition privileges via a buffer overflow attack in the '-restore_config' command line parameter.
[2761]
[20010523 HP OpenView NNM v6.1 buffer overflow]
[HPSBUX0107-158]
[openview-nnm-ecsd-bo(6582)]
-
Entry
Directory traversal vulnerability in MIMAnet viewsrc.cgi 2.0 allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in the 'loc' variable.
[2762]
[20010523 Vulnerability in viewsrc.cgi]
[5565]
[viewsrc-cgi-view-files(6583)]
-
Entry
Centrinity First Class Internet Services 5.50 allows for the circumventing of the default 'spam' filters via the presence of '<@>' in the 'From:' field, which allows remote attackers to send spoofed email with the identity of local users.
[2423]
[20010221 FirstClass Internetgateway "stupidity"]
[20010226 Re: [Fwd: FirstClass Internetgateway "stupidity"]]
[centrinity-firstclass-email-spoofing(6192)]
-
Entry
Sun Chili!Soft ASP has weak permissions on various configuration files, which allows a local attacker to gain additional privileges and create a denial of service.
[2409]
[20010220 Advisory: Chili!Soft ASP Multiple Vulnerabilities]
[20010226 Re: Advisory: Chili!Soft ASP Multiple Vulnerabilities]
[chilisoft-asp-license-dos(6176)]
-
Entry
Red Hat Linux 7.1 sets insecure permissions on swap files created during installation, which can allow a local attacker to gain additional privileges by reading sensitive information from the swap file, such as passwords.
[5564]
[RHSA-2001:058]
[mount-swap-world-readable(6493)]
-
Entry
Buffer overflow in man program in various distributions of Linux allows local user to execute arbitrary code as group man via a long -S option.
[2711]
[20010513 RH 7.0:/usr/bin/man exploit: gid man + more]
[20010612 man 1.5h10 + man 1.5i-4 exploits]
[RHSA-2001:069]
[SuSE-SA:2001:019]
[man-s-bo(6530)]
-
Entry
Internet Explorer 5.5 does not display the Class ID (CLSID) when it is at the end of the file name, which could allow attackers to trick the user into executing dangerous programs by making it appear that the document is of a safe file type.
[2612]
[20010416 Double clicking on innocent looking files may be dangerous]
[http://vil.nai.com/vil/virusSummary.asp?virus_k=99048]
[http://www.guninski.com/clsidext.html]
[http://www.sarc.com/avcenter/venc/data/vbs.postcard@mm.html]
[7858]
[ie-clsid-execute-files(6426)]
-
Entry
Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 stores passwords in plaintext in the "Rumpus User Database" file in the prefs folder, which could allow attackers to gain privileges on the server.
[2718]
[20010515 Rumpus FTP DoS]
[rumpus-plaintext-passwords(6543)]
-
Entry
Maxum Rumpus FTP Server 1.3.3 and 2.0.3 dev 3 allows a remote attacker to perform a denial of service (hang) by creating a directory name of a specific length.
[2716]
[20010515 Rumpus FTP DoS]
[rumpus-long-directory-dos(6542)]
-
Entry
Directory traversal vulnerability in PHProjekt 2.1 and earlier allows a remote attacker to conduct unauthorized activities via a dot dot (..) attack on the file module.
[2702]
[20010508 security hole in os groupware suite PHProjekt]
[phprojekt-dot-directory-traversal(6522)]
-
Entry
Cisco devices IOS 12.0 and earlier allow a remote attacker to cause a crash, or bad route updates, via malformed BGP updates with unrecognized transitive attribute.
[2733]
[VU#106392]
[L-082]
[20010510 Cisco IOS BGP Attribute Corruption Vulnerability]
[1830]
[cisco-ios-bgp-dos(6566)]
-
Entry
Heap overflow in xlock in Solaris 2.6 through 8 allows local users to gain root privileges via a long (1) XFILESEARCHPATH or (2) XUSERFILESEARCHPATH environmental variable.
[3160]
[20010810 NSFOCUS SA2001-05 : Solaris Xlock Heap Overflow Vulnerability]
[oval:org.mitre.oval:def:10]
[oval:org.mitre.oval:def:131]
[4483090]
[solaris-xlock-bo(6967)]
-
Entry
Sendmail 8.10.0 through 8.11.5, and 8.12.0 beta, allows local users to modify process memory and possibly gain privileges via a large value in the 'category' part of debugger (-d) command line arguments, which is interpreted as a negative number.
[3163]
[20010821 *ALERT* UPDATED BID 3163 (URGENCY 6.58): Sendmail Debugger Arbitrary Code Execution Vulnerability (fwd)]
[CSSA-2001-032.0]
[CSSA-2001-SCO.31]
[L-133]
[CLA-2001:412]
[http://www.sendmail.org/8.11.html]
[HPSBTL0112-007]
[IMNX-2001-70-032-01]
[MDKSA-2001:075]
[NetBSD-SA2001-017]
[RHSA-2001:106]
[SuSE-SA:2001:028]
[sendmail-debug-signed-int-overflow(7016)]
-
Entry
Cross-site scripting (CSS) vulnerability in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause other clients to execute certain script or read cookies via malicious script in an invalid URL that is not properly quoted in an error message.
[3198]
[MS01-045]
[isa-cross-site-scripting(6991)]
-
Entry
Buffer overflow in IrDA driver providing infrared data exchange on Windows 2000 allows attackers who are physically close to the machine to cause a denial of service (reboot) via a malformed IrDA packet.
[3215]
[20010821 IrDA semiremote vulnerability]
[MS01-046]
[win2k-irda-dos(7008)]
-
Entry
Outlook Web Access (OWA) in Microsoft Exchange 5.5, SP4 and earlier, allows remote attackers to identify valid user email addresses by directly accessing a back-end function that processes the global address list (GAL).
[3301]
[MS01-047]
[Q307195]
[exchange-owa-obtain-addresses(7089)]
-
Entry
RPC endpoint mapper in Windows NT 4.0 allows remote attackers to cause a denial of service (loss of RPC services) via a malformed request.
[3313]
[L-142]
[MS01-048]
[winnt-rpc-endpoint-dos(7105)]
-
Entry
Terminal Server in Windows NT and Windows 2000 allows remote attackers to cause a denial of service via a sequence of invalid Remote Desktop Protocol (RDP) packets.
[3445]
[MS01-052]
[win-rdp-packet-dos(7302)]
-
Entry
Internet Explorer 5.5 and 5.01 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing vulnerability."
[3420]
[20011011 Serious security Flaw in Microsoft Internet Explorer - Zone Spoofing]
[http://morph3us.org/blog/?p=31]
[MS01-051]
[1971]
[ie-incorrect-security-zone(7258)]
-
Entry
Internet Explorer 6 and earlier allows remote attackers to cause certain HTTP requests to be automatically executed and appear to come from the user, which could allow attackers to gain privileges or execute operations within web-based services, aka the "HTTP Request Encoding vulnerability."
[3421]
[MS01-051]
[1972]
[ie-url-http-requests(7259)]
-
Entry
Outlook Web Access (OWA) in Microsoft Exchange 2000 allows an authenticated user to cause a denial of service (CPU consumption) via a malformed OWA request for a deeply nested folder within the user's mailbox.
[3368]
[MS01-049]
[exchange-owa-folder-request-dos(7168)]
-
Entry
Internet Explorer 6 and earlier, when used with the Telnet client in Services for Unix (SFU) 2.0, allows remote attackers to execute commands by spawning Telnet with a log file option on the command line and writing arbitrary code into an executable file which is later executed, aka a new variant of the Telnet Invocation vulnerability as described in CVE-2001-0150.
[VU#952611]
[M-024]
[MS01-051]
[ie-telnet-command-execution-variant(7260)]
-
Entry
Buffer overflow in line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to execute arbitrary commands.
[3240]
[CA-2001-30]
[VU#966075]
[L-134]
[HPSBUX0108-163]
[20010827 Remote Buffer Overflow Vulnerability in HP-UX Line Printer Daemon]
[hpux-rlpd-bo(6811)]
-
Entry
Buffer overflow in BSD line printer daemon (in.lpd or lpd) in various BSD-based operating systems allows remote attackers to execute arbitrary code via an incomplete print job followed by a request to display the printer queue.
[3252]
[CSSA-2001-SCO.20]
[CA-2001-30]
[VU#274043]
[20010829 Remote Buffer Overflow Vulnerability in BSD Line Printer Daemon]
[NetBSD-SA2001-018]
[20010829]
[RHSA-2001:147]
[bsd-lpd-bo(7046)]
-
Entry
Rit Research Labs The Bat! 1.51 for Windows allows a remote attacker to cause a denial of service by sending an email to a user's account containing a carriage return <CR> that is not followed by a line feed <LF>.
[2636]
[20010418 SECURITY.NNOV: The Bat! <cr> bug]
[20010421 Re: SECURITY.NNOV: The Bat! <cr> bug]
[20010423 Re: SECURITY.NNOV: The Bat! <cr> bug]
[thebat-pop3-dos(6423)]
-
Entry
Directory traversal vulnerability in Rit Research Labs The Bat! 1.48f and earlier allows a remote attacker to create arbitrary files via a "dot dot" attack in the filename for an attachment.
[20010104 SECURITY.NNOV advisory - The Bat! directory traversal (public release)]
[thebat-attachment-directory-traversal(5871)]
-
Entry
Eudora 5.0.2 allows a remote attacker to read arbitrary files via an email with the path of the target file in the "Attachment Converted" MIME header, which sends the file when the email is forwarded to the attacker by the user.
[2616]
[20010418 Eudora file leakage problem (still)]
[3085]
[eudora-plain-text-attachment(6431)]
-
Entry
Directory traversal vulnerability in ftpd in QPC QVT/Net 4.0 and AVT/Term 5.0 allows a remote attacker to traverse directories on the web server via a "dot dot" attack in a LIST (ls) command.
[2618]
[20010413 QPC FTPd Directory Traversal and BoF Vulnerabilities]
[20010925 Vulnerabilities in QVT/Term]
[1794]
[4050]
[qpc-ftpd-directory-traversal(6375)]
-
Entry
ZoneAlarm and ZoneAlarm Pro allows a local attacker to cause a denial of service by running a trojan to initialize a ZoneAlarm mutex object which prevents ZoneAlarm from starting.
[20001230 [DiamondCS Advisory] ZoneAlarm and ZoneAlarm Pro can be blocked from loading by setting a Mutex in memory]
[zonealarm-mutex-dos(5821)]
-
Entry
Thibault Godouet FCron prior to 1.1.1 allows a local user to corrupt another user's crontab file via a symlink attack on the fcrontab temporary file.
[2835]
[20010228 fcron 0.9.5 is vulnerable to a symlink attack]
[http://fcron.free.fr/CHANGES.html]
[fcron-tmpfile-symlink(7127)]
-
Entry
Buffer overflow in mail included with SunOS 5.8 for x86 allows a local user to gain privileges via a long HOME environment variable.
[2819]
[20010604 $HOME buffer overflow in SunOS 5.8 x86]
[4465086]
[solaris-mail-home-bo(6638)]
-
Entry
Format string vulnerability in exim (3.22-10 in Red Hat, 3.12 in Debian and 3.16 in Conectiva) in batched SMTP mode allows a remote attacker to execute arbitrary code via format strings in SMTP mail headers.
[2828]
[20010606 lil' exim format bug]
[CLA-2001:402]
[DSA-058]
[RHSA-2001:078]
[exim-syntax-format-string(6671)]
-
Entry
SMTP proxy in WatchGuard Firebox (2500 and 4500) 4.5 and 4.6 allows a remote attacker to bypass firewall filtering via a base64 MIME encoded email attachment whose boundary name ends in two dashes.
[2855]
[20010608 WatchGuard SMTP Proxy issue]
[20010628 RE: WatchGuard SMTP Proxy issue]
[firebox-smtp-bypass-filter(6682)]
-
Entry
NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to cause a denial of service (crash) via a CD command to a directory with an MS-DOS device name such as con.
[2891]
[20010619 SurgeFTP vulnerabilities]
[http://netwinsite.com/surgeftp/manual/updates.htm]
[surgeftp-concon-dos(6712)]
-
Entry
NetWin SurgeFTP prior to 1.1h allows a remote attacker to cause a denial of service (crash) via an 'ls ..' command.
[2442]
[20010228 SurgeFTP Denial of Service]
[http://netwinsite.com/surgeftp/manual/updates.htm]
[20010301 SurgeFTP 1.0b Denial of Service]
[surgeftp-listing-dos(6168)]
-
Entry
Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to list arbitrary files and directories via the 'nlist ...' command.
[2892]
[20010619 SurgeFTP vulnerabilities]
[http://www.netwinsite.com/surgeftp/manual/updates.htm]
[surgeftp-nlist-directory-traversal(6711)]
-
Entry
Buffer overflow in cb_reset in the System Service Processor (SSP) package of SunOS 5.8 allows a local user to execute arbitrary code via a long argument.
[2893]
[20010620 Solaris /opt/SUNWssp/bin/cb_reset Vulnerability]
[4469366]
[sun-cbreset-bo(6726)]
-
Entry
Buffer overflow in w3m 0.2.1 and earlier allows a remote attacker to execute arbitrary code via a long base64 encoded MIME header.
[2895]
[20010621 [SNS Advisory No.32] w3m malformed MIME header Buffer Overflow Vulnerability]
[CLA-2001:434]
[http://mi.med.tohoku.ac.jp/~satodai/w3m-dev-en/200106.month/537.html]
[DSA-064]
[DSA-081]
[w3m-mime-header-bo(6725)]
-
Entry
Buffer overflow in ptexec in the Sun Validation Test Suite 4.3 and earlier allows a local user to gain privileges via a long -o argument.
[2898]
[20010621 Solaris /opt/SUNWvts/bin/ptexec Vulnerability]
[4469370]
[sunvts-ptexec-bo(6736)]
-
Entry
Maximum Rumpus FTP Server 2.0.3 dev and before allows an attacker to cause a denial of service (crash) via a mkdir command that specifies a large number of sub-folders.
[2864]
[20010612 Rumpus FTP DoS vol. 2]
[rumpus-ftp-directory-dos(6699)]
-
Entry
NetBSD 1.5 and earlier and FreeBSD 4.3 and earlier allows a remote attacker to cause a denial of service by sending a large number of IP fragments to the machine, exhausting the mbuf pool.
[2799]
[FreeBSD-SA-01:52]
[NetBSD-SA2001-006]
[bsd-ip-fragments-dos(6636)]
-
Entry
Citrix MetaFrame 1.8 Server with Service Pack 3, and XP Server Service Pack 1 and earlier, allows remote attackers to cause a denial of service (crash) via a large number of incomplete connections to the server.
[3440]
[20011016 Citrix MetaFrame Remote Denial of Service Vulnerability]
[metaframe-multiple-sessions-dos(7068)]
-
Entry
Format string vulnerability in ToolTalk database server rpc.ttdbserverd allows remote attackers to execute arbitrary commands via format string specifiers that are passed to the syslog function.
[3382]
[CSSA-2001-SCO.28]
[CA-2001-27]
[M-002]
[SSRT0767U]
[HPSBUX0110-168]
[20011002 Multi-Vendor Format String Vulnerability in ToolTalk Service]
[1002479]
[00212]
[tooltalk-ttdbserverd-format-string(7069)]
-
Entry
Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document.
[3402]
[20011005 Symantec Security Response SecBul-10042001, Revision1, Malformed Microsoft Excel or PowerPoint documents bypass Microsoft macro security features]
[CA-2001-28]
[VU#287067]
[MS01-050]
[ms-malformed-document-macro(7223)]
-
Entry
Buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via a malformed Advanced Streaming Format (ASF) file.
[3156]
[20010807 MS Windows Media Player ASF Marker Buffer Overflow]
[MS01-056]
[5558]
[oval:org.mitre.oval:def:287]
[mediaplayer-asf-marker-bo(6962)]
-
Entry
Internet Explorer 5.1 for Macintosh on Mac OS X allows remote attackers to execute arbitrary commands by causing a BinHex or MacBinary file type to be downloaded, which causes the files to be executed if automatic decoding is enabled.
[3471]
[M-013]
[MS01-053]
[ie-mac-downloaded-file-execution(7336)]
-
Entry
Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript in an about: URL, aka the "First Cookie Handling Vulnerability."
[3513]
[20011019 Minor IE vulnerability: about: URLs]
[20011108 Microsoft IE cookies readable via about: URLS]
[M-016]
[MS01-055]
[1982]
[ie-about-cookie-information(7486)]
-
Entry
Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript, aka the "Second Cookie Handling Vulnerability."
[3546]
[MS01-055]
-
Entry
Internet Explorer 5.5 allows remote attackers to bypass security restrictions via malformed URLs that contain dotless IP addresses, which causes Internet Explorer to process the page in the Intranet Zone, which may have fewer security restrictions, aka the "Zone Spoofing Vulnerability variant" of CVE-2001-0664.
[MS01-055]
[5556]
[ie-incorrect-security-zone-variant(8471)]
-
Entry
Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used with Internet Explorer, does not properly detect certain inline script, which can allow remote attackers to perform arbitrary actions on a user's Exchange mailbox via an HTML e-mail message.
[3650]
[MS01-057]
[5557]
[exchange-owa-embedded-script-execution(7663)]
-
Entry
Internet Explorer 6.0 allows remote attackers to execute arbitrary code by modifying the Content-Disposition and Content-Type header fields in a way that causes Internet Explorer to believe that the file is safe to open without prompting the user, aka the "File Execution Vulnerability."
[3578]
[20011214 MSIE may download and run progams automatically]
[20011216 Re: MSIE may download and run progams automatically - NOT SO FAST]
[CA-2001-36]
[VU#443699]
[M-027]
[MS01-058]
[3033]
[oval:org.mitre.oval:def:921]
[ie-file-download-execution(7703)]
-
Entry
Buffer overflow in Compaq Management Agents before 5.2, included in Compaq Web-enabled Management Software, allows local users to gain privileges.
[3376]
[VU#275979]
[SSRT0758]
[compaq-wbm-bo(7189)]
-
Entry
split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.
[CLA-2001:430]
[http://www.apacheweek.com/issues/01-09-28#security]
[ESA-20011019-01]
[MDKSA-2001:077]
[[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/]
[[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/]
[[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[RHSA-2001:126]
[RHSA-2001:164]
[apache-log-file-overwrite(7419)]
-
Entry
Apache 1.3.20 with Multiviews enabled allows remote attackers to view directory contents and bypass the index page via a URL containing the "M=D" query string.
[3009]
[20010709 How Google indexed a file with no external link]
[http://www.apacheweek.com/issues/01-10-05#security]
[MDKSA-2001:077]
[[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/]
[[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/]
[[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[RHSA-2001:126]
[RHSA-2001:164]
[20020301-01-P]
[apache-multiviews-directory-listing(8275)]
-
Entry
The #sinclude directive in Embedded Perl (ePerl) 2.2.14 and earlier allows a remote attacker to execute arbitrary code by modifying the 'sinclude' file to point to another file that contains a #include directive that references a file that contains the code.
[2912]
[20010621 bugtraq submission]
[eperl-embedded-code-execution(6743)]
-
Entry
LogLine function in klogd in sysklogd 1.3 in various Linux distributions allows an attacker to cause a denial of service (hang) by causing null bytes to be placed in log messages.
[20010614 sysklogd update -- Immunix OS 6.2, 7.0-beta, 7.0]
[VU#249579]
[IMNX-2001-70-026-01]
[klogd-null-byte-dos(7098)]
-
Entry
Guardian Digital WebTool in EnGarde Secure Linux 1.0.1 allows restarted services to inherit some environmental variables, which could allow local users to gain root privileges.
[ESA-20010529-02]
[RHSA-2001:126]
[linux-webtool-inherit-privileges(7404)]
-
Entry
3COM OfficeConnect 812 and 840 ADSL Router 4.2, running OCR812 router software 1.1.9 and earlier, allows remote attackers to cause a denial of service via a long string containing a large number of "%s" strings, possibly triggering a format string vulnerability.
[2721]
[20010515 3COM OfficeConnect DSL router vulneratibilities]
[20010921 3Com OfficeConnect 812/840 Router DoS exploit code]
[20010924 Regarding: 3Com OfficeConnect 812/840 Router DoS exploit code]
[3com-officeconnect-http-dos(6573)]
-
Entry
Cisco Hot Standby Routing Protocol (HSRP) allows local attackers to cause a denial of service by spoofing HSRP packets.
[2684]
[20010503 Cisco HSRP Weakness/DoS]
[http://www.cisco.com/networkers/nw00/pres/2402.pdf]
[cisco-hsrp-dos(6497)]
-
Entry
Netscape 4.7x allows remote attackers to obtain sensitive information such as the user's login, mailbox location and installation path via Javascript that accesses the mailbox: URL in the document.referrer property.
[20010605 SECURITY.NNOV: Netscape 4.7x Messanger user information retrival]
[5543]
[netscape-user-info-retrieval(7417)]
-
Entry
Acme.Serve 1.7, as used in Cisco Secure ACS Unix and possibly other products, allows remote attackers to read arbitrary files by prepending several / (slash) characters to the URI.
[2809]
[20010531 Acme.Server v1.7 of 13nov96 Directory Browsing]
[20020702 Cisco Secure ACS Unix Acme.server Information Disclosure Vulnerability]
[5544]
[acme-serve-directory-traversal(6634)]
-
Entry
Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to read arbitrary files via a webserver root directory set to system root.
[2775]
[20010524 IPC@Chip Security]
[ipcchip-web-root-system(8922)]
-
Entry
Cisco IOS 12.1(2)T, 12.1(3)T allow remote attackers to cause a denial of service (reload) via a connection to TCP ports 3100-3999, 5100-5999, 7100-7999 and 10100-10999.
[2804]
[20010524 IOS Reload after Scanning Vulnerability]
[800]
[cisco-ios-tcp-dos(6589)]
-
Entry
Cisco switches and routers running CBOS 2.3.8 and earlier use predictable TCP Initial Sequence Numbers (ISN), which allows remote attackers to spoof or hijack TCP connections.
[20010522 More Multiple Vulnerabilities in CBOS]
[tcp-seq-predict(139)]
-
Entry
Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via an ICMP ECHO REQUEST (ping) with the IP Record Route option set.
[20010522 More Multiple Vulnerabilities in CBOS]
[5573]
[cisco-cbos-record-dos(7298)]
-
Entry
Cisco CBOS 2.3.8 and earlier allows remote attackers to cause a denial of service via a series of large ICMP ECHO REPLY (ping) packets, which cause it to enter ROMMON mode and stop forwarding packets.
[20010522 More Multiple Vulnerabilities in CBOS]
[cisco-cbos-multiple-echo(7299)]
-
Entry
Cisco 6400 Access Concentrator Node Route Processor 2 (NRP2) 12.1DC card does not properly disable access when a password has not been set for vtys, which allows remote attackers to obtain access via telnet.
[2874]
[VU#516659]
[L-097]
[20010614 Cisco 6400 NRP2 Telnet Vulnerability]
[804]
[cisco-nrp2-telnet-access(6691)]
-
Entry
Citrix Nfuse 1.51 allows remote attackers to obtain the absolute path of the web root via a malformed request to launch.asp that does not provide the session field.
[2956]
[20010630 Nfuse reveals full path]
[20010702 Re: Nfuse reveals full path]
[citrix-nfuse-path-disclosure(6786)]
-
Entry
Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow remote attackers to execute arbitrary code via a long ident response, which is not properly handled by the svc_logprint function.
[2840]
[20010608 potential buffer overflow in xinetd-2.1.8.9pre11-1]
[L-104]
[CLA-2001:404]
[DSA-063]
[ESA-20010621-01]
[FreeBSD-SA-01:47]
[IMNX-2001-70-024-01]
[RHSA-2001:075]
[SA:2001:022]
[xinetd-identd-bo(6670)]
-
Entry
Buffer overflow in ntping in scotty 2.1.0 allows local users to execute arbitrary code via a long hostname as a command line argument.
[2911]
[20010621 suid scotty (ntping) overflow (fwd)]
[SuSE-SA:2001:023]
[20010609 suid scotty / ntping overflow]
[20010615 Re: suid scotty (ntping) overflow (fwd)]
[scotty-ntping-bo(6735)]
-
Entry
BisonFTP V4R1 allows local users to access directories outside of their home directory by uploading .bdl files, which can then be linked to other directories.
[2963]
[20010702 BisonFTP Server V4R1 *.bdl upload Directory Traversal]
[http://www.bisonftp.com/ServRev.htm]
[1888]
[bisonftp-bdl-directory-traversal(6782)]
-
Entry
Memory leak in GuildFTPd Server 0.97 allows remote attackers to cause a denial of service via a request containing a null character.
[20010527 def-2001-27: GuildFTPD Buffer Overflow and Memory Leak DoS]
[guildftpd-null-memory-leak(6613)]
-
Entry
Buffer overflow in GuildFTPd Server 0.97 allows remote attacker to execute arbitrary code via a long SITE command.
[20010527 def-2001-27: GuildFTPD Buffer Overflow and Memory Leak DoS]
[http://www.nitrolic.com/help/history.htm]
[guildftpd-site-bo(6612)]
-
Entry
Cayman 3220-H DSL Router 1.0 allows remote attacker to cause a denial of service (crash) via a series of SYN or TCP connect requests.
[3001]
[20010709 Cayman-DSL Model 3220-H DOS with nmap]
[VU#312761]
[cayman-dsl-portscan-dos(6825)]
-
Entry
Tripwire 1.3.1, 2.2.1 and 2.3.0 allows local users to overwrite arbitrary files and possible gain privileges via a symbolic link attack on temporary files.
[3003]
[20010709 Tripwire temporary files]
[VU#349019]
[MDKSA-2001:064]
[1895]
[tripwire-tmpfile-symlink(6820)]
-
Entry
Buffer overflow in rpc.yppasswdd (yppasswd server) in Solaris 2.6, 7 and 8 allows remote attackers to gain root access via a long username.
[2763]
[20010528 solaris 2.6, 7 yppasswd vulnerability]
[20011004 Patches for Solaris rpc.yppasswdd available]
[VU#327281]
[M-008]
[oval:org.mitre.oval:def:102]
[oval:org.mitre.oval:def:56]
[00209]
[4456994]
[solaris-yppasswd-bo(6629)]
-
Entry
Directory traversal vulnerability in Icecast 1.3.10 and earlier allows remote attackers to read arbitrary files via a modified .. (dot dot) attack using encoded URL characters.
[2932]
[20010626 Advisory]
[DSA-089]
[1883]
[RHSA-2001:105]
[RHSA-2002:063]
[icecast-dot-directory-traversal(6752)]
-
Entry
LPRng in Red Hat Linux 7.0 and 7.1 does not properly drop memberships in supplemental groups when lowering privileges, which could allow a local user to elevate privileges.
[2865]
[L-096]
[RHSA-2001:077]
[lprng-supplementary-groups(6703)]
-
Entry
Format string vulnerability in XChat 1.2.x allows remote attackers to execute arbitrary code via a malformed nickname.
[http://www.securiteam.com/exploits/5AP0Q2A4AQ.html]
[xchat-nickname-format-string(7416)]
-
Entry
SGI IRIX 6.5 through 6.5.12f and possibly earlier versions, and FreeBSD 3.0, allows remote attackers to cause a denial of service via a malformed IGMP multicast packet with a small response delay.
[3463]
[http://www.freebsd.org/cgi/query-pr.cgi?pr=8990]
[20011001-01-P]
[irix-igmp-dos(7332)]
-
Entry
Buffer overflow in login in various System V based operating systems allows remote attackers to execute arbitrary commands via a large number of arguments through services such as telnet and rlogin.
[IY26221]
[3681]
[20011214 Sun Solaris login bug patches out]
[20011219 Linux distributions and /bin/login overflow]
[CSSA-2001-SCO.40]
[CA-2001-34]
[VU#569272]
[20011212 Buffer Overflow in /bin/login]
[oval:org.mitre.oval:def:2025]
[20011201-01-I]
[00213]
[4516885]
[telnet-tab-bo(7284)]
-
Entry
lpstat in IRIX 6.5.13f and earlier allows local users to gain root privileges by specifying a Trojan Horse nettype shared library.
[http://www.lsd-pl.net/files/get?IRIX/irx_lpstat2]
[20011003-02-P]
[irix-lpstat-net-type-library(7639)]
-
Entry
Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary commands.
[3517]
[CSSA-2001-SCO.30]
[CA-2001-31]
[CA-2002-01]
[VU#172583]
[SSRT541]
[HPSBUX0111-175]
[20011112 Multi-Vendor Buffer Overflow Vulnerability in CDE Subprocess Control Service]
[oval:org.mitre.oval:def:70]
[oval:org.mitre.oval:def:74]
[20011107-01-P]
[00214]
[cde-dtspcd-bo(7396)]
-
Entry
Directory traversal vulnerability in story.pl in Interactive Story 1.3 allows a remote attacker to read arbitrary files via a .. (dot dot) attack on the "next" parameter.
[3028]
[20010715 Interactive Story File Disclosure Vulnerability]
[http://www.valeriemates.com/story_download.html]
[683]
[interactive-story-next-directory-traversal(6843)]
-
Entry
Directory traversal vulnerability in ttawebtop.cgi in Tarantella Enterprise 3.00 and 3.01 allows remote attackers to read arbitrary files via a .. (dot dot) in the pg parameter.
[2890]
[20010618 SCO Tarantella Remote file read via ttawebtop.cgi]
[20010619 Re: SCO Tarantella Remote file read via ttawebtop.cgi]
[tarantella-ttawebtop-read-files(6723)]
-
Entry
Apple MacOS X 10.0 and 10.1 allow a local user to read and write to a user's desktop folder via insecure default permissions for the Desktop when it is created in some languages.
[2930]
[20010626 MacOSX 10.0.X Permissions uncorrectly set]
[20010704 Re: MacOSX 10.0.X Permissions uncorrectly set - I got it]
[20011007 OS X 10.1 and localized desktop folder still vulnerable]
[1882]
[macos-desktop-insecure-permissions(6750)]
-
Entry
Buffer overflow in PerlIS.dll in Activestate ActivePerl 5.6.1.629 and earlier allows remote attackers to execute arbitrary code via an HTTP request for a long filename that ends in a .pl extension.
[3526]
[20011115 NSFOCUS SA2001-07 : ActivePerl PerlIS.dll Remote Buffer Overflow Vulnerability]
[http://bugs.activestate.com/show_bug.cgi?id=18062]
[678]
[activeperl-perlis-filename-bo(7539)]
-
Entry
OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands.
[20010918 OpenSSH: sftp & bypassing keypair auth restrictions]
[CLSA-2001:431]
[IMNX-2001-70-034-01]
[5536]
[RHSA-2001:154]
[openssh-sftp-bypass-restrictions(7634)]
-
Entry
A buffer overflow in Linux fetchmail before 5.8.6 allows remote attackers to execute arbitrary code via a large 'To:' field in an email header.
[2877]
[CSSA-2001-022.1]
[CLA-2001:403]
[DSA-060]
[ESA-20010620-01]
[FreeBSD-SA-01:43]
[IMNX-2001-70-025-01]
[MDKSA-2001:063]
[RHSA-2001:103]
[SuSE-SA:2001:026]
[fetchmail-long-header-bo(6704)]
-
Entry
FPF kernel module 1.0 allows a remote attacker to cause a denial of service via fragmented packets.
[2816]
[20010602 fpf module and packet fragmentation:local/remote DoS.]
[http://www.pkcrew.org/news.php]
[linux-fpf-kernel-dos(6659)]
-
Entry
The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR).
[2887]
[20010618 pmpost - another nice symlink follower]
[20010619 Re: pmpost - another nice symlink follower]
[20010601-01-A]
[irix-pcp-pmpost-symlink(6724)]
-
Entry
Buffer overflow in internal string handling routines of xinetd before 2.1.8.8 allows remote attackers to execute arbitrary commands via a length argument of zero or less, which disables the length check.
[2971]
[CLA-2001:406]
[IMNX-2001-70-029-01]
[RHSA-2001:092]
[SuSE-SA:2001:022]
[xinetd-zero-length-bo(6804)]
-
Entry
A cross-site scripting vulnerability in Caucho Technology Resin before 1.2.4 allows a malicious webmaster to embed Javascript in a hyperlink that ends in a .jsp extension, which causes an error message that does not properly quote the Javascript.
[2981]
[20010702 Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability]
[VU#981651]
[http://www.caucho.com/products/resin/changes.xtp]
[1890]
[java-servlet-crosssite-scripting(6793)]
-
Entry
6tunnel 0.08 and earlier does not properly close sockets that were initiated by a client, which allows remote attackers to cause a denial of service (resource exhaustion) by repeatedly connecting to and disconnecting from the server.
[3467]
[20011023 Remote DoS in 6tunnel]
[ftp://213.146.38.146/pub/wojtekka/6tunnel-0.09.tar.gz]
[6tunnel-open-socket-dos(7337)]
-
Entry
Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable, aka the "Oracle Trace Collection Security Vulnerability."
[3139]
[20010802 vulnerability in otrcrep binary in Oracle 8.0.5.]
[20011023 FW: ASI Oracle Security Alert: 3 new security alerts]
[20011024 Oracle Trace Collection Security Vulnerability]
[M-011]
[http://otn.oracle.com/deploy/security/pdf/otrcrep.pdf]
[20011024 Oracle Trace Collection Security Vulnerability]
[oracle-binary-symlink(6940)]
-
Entry
htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.
[3410]
[20011007 Re: Bug found in ht://Dig htsearch CGI]
[CSSA-2001-035.0]
[CLA-2001:429]
[DSA-080]
[MDKSA-2001:083]
[http://sourceforge.net/tracker/index.php?func=detail&aid=458013&group_id=4593&atid=104593]
[RHSA-2001:139]
[SuSE-SA:2001:035]
[htdig-htsearch-infinite-loop(7262)]
[htdig-htsearch-retrieve-files(7263)]
-
Entry
Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request.
[20011018 def-2001-30]
[20011024 Oracle9iAS Web Cache Overflow Vulnerability]
[CA-2001-29]
[VU#649979]
[http://otn.oracle.com/deploy/security/pdf/webcache.pdf]
[5534]
[oracle-appserver-http-bo(7306)]
-
Entry
DeltaThree Pc-To-Phone 3.0.3 places sensitive data in world-readable locations in the installation directory, which allows local users to read the information in (1) temp.html, (2) the log folder, and (3) the PhoneBook folder.
[3475]
[20011025 Pc-to-Phone vulnerability - broken by design]
[pc2phone-temp-account-readable(7393)]
-
Entry
Squid proxy server 2.4 and earlier allows remote attackers to cause a denial of service (crash) via a mkdir-only FTP PUT request.
[3354]
[20010921 squid DoS]
[CLA-2001:426]
[DSA-077]
[MDKSA-2001:088]
[RHSA-2001:113]
[SuSE-SA:2001:037]
[squid-mkdir-put-dos(7157)]
-
Entry
Lotus Domino 5.x allows remote attackers to read files or execute arbitrary code by requesting the ReplicaID of the Web Administrator template file (webadmin.ntf).
[3491]
[20011030 Lotus Domino Web Administrator Template ReplicaID Access (#NISR29102001A)]
[1979]
[lotus-domino-replicaid-access(7424)]
-
Entry
A configuration error in the libdb1 package in OpenLinux 3.1 uses insecure versions of the snprintf and vsnprintf functions, which could allow local or remote users to exploit those functions with a buffer overflow.
[CSSA-2001-037.0]
[openlinux-libdb-bo(7427)]
-
Entry
Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie.
[CSSA-2001-38.0]
[CLA-2001:432]
[ESA-20011106-01]
[MDKSA-2001:082]
[RHSA-2001:142]
[SuSE-SA:2001:039]
[linux-syncookie-bypass-filter(7461)]
-
Entry
TUX HTTP server 2.1.0-2 in Red Hat Linux allows remote attackers to cause a denial of service via a long Host: header.
[3506]
[20011105 RH Linux Tux HTTPD DoS]
[http://marc.info/?l=tux-list&m=100584714702328&w=2]
[RHSA-2001:142]
[20011102 [RH Linux7.2] Tux HTTPD Denial of Service]
[tux-http-host-dos(7464)]
-
Entry
Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter.
[3525]
[20011109 Imp Webmail session hijacking vulnerability]
[20011110 IMP 2.2.7 (SECURITY) released]
[CSSA-2001-039.0]
[CLA-2001:437]
[668]
[imp-css-steal-cookies(7496)]
-
Entry
2.4.3-12 kernel in Red Hat Linux 7.1 Korean installation program sets the setting default umask for init to 000, which installs files with world-writeable permissions.
[3527]
[HPSBTL0112-006]
[RHSA-2001:148]
[linux-korean-default-umask(7549)]
-
Entry
Terminal Services Manager MMC in Windows 2000 and XP trusts the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through a Network Address Translation (NAT).
[3541]
[20011114 Xato Advisory: Win2k/XP Terminal Services IP Spoofing]
[win-terminal-spoof-address(7538)]
-
Entry
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier allows remote attackers to cause a denial of service (CPU consumption) by flooding the router with traffic that generates a large number of ICMP Unreachable replies.
[3534]
[M-018]
[20011114 ICMP Unreachable Vulnerability in Cisco 12000 Series Internet Router]
[794]
[cisco-icmp-unreachable-dos(7536)]
-
Entry
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not block non-initial packet fragments, which allows remote attackers to bypass the ACL.
[3535]
[M-018]
[20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router]
[1985]
[cisco-acl-noninital-dos(7550)]
-
Entry
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not handle the "fragment" keyword in a compiled ACL (Turbo ACL) for packets that are sent to the router, which allows remote attackers to cause a denial of service via a flood of fragments.
[3539]
[M-018]
[20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router]
[1987]
[cisco-acl-outgoing-fragment(7551)]
-
Entry
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly handle the implicit "deny ip any any" rule in an outgoing ACL when the ACL contains exactly 448 entries, which can allow some outgoing packets to bypass access restrictions.
[3536]
[M-018]
[20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router]
[1986]
[cisco-acl-deny-ip(7553)]
-
Entry
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not support the "fragment" keyword in an outgoing ACL, which could allow fragmented packets in violation of the intended access.
[3540]
[M-018]
[20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router]
[1988]
[cisco-turbo-acl-dos(7552)]
-
Entry
Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access controls.
[3537]
[M-018]
[20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router]
[1984]
[cisco-input-acl-configured(7554)]
-
Entry
Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly filter does not properly filter packet fragments even when the "fragment" keyword is used in an ACL, which allows remote attackers to bypass the intended access controls.
[3538]
[M-018]
[20011114 Multiple Vulnerabilities in Access Control List Implementation for Cisco 12000 Series Internet Router]
[1989]
[cisco-acl-fragment-bypass(7555)]
-
Entry
Format string vulnerability in the default logging callback function _sasl_syslog in common.c in Cyrus SASL library (cyrus-sasl) may allow remote attackers to execute arbitrary commands.
[3498]
[20011101 Formatting string bug on cyrus-sasl library]
[CSSA-2001-040.0]
[CLA-2001:444]
[FreeBSD-SA-02:15]
[MDKSA-2002:018]
[RHSA-2001:150]
[RHSA-2001:151]
[SuSE-SA:2001:042]
[cyrus-sasl-format-string(7443)]
-
Entry
OpenSSH 3.0.1 and earlier with UseLogin enabled does not properly cleanse critical environment variables such as LD_PRELOAD, which allows local users to gain root privileges.
[3614]
[20011204 [Fwd: OpenSSH 3.0.2 fixes UseLogin vulnerability]]
[20011220 TSL-2001-0030 - openssh (updated)]
[CSSA-2001-042.1]
[VU#157447]
[M-026]
[CLA-2001:446]
[http://marc.info/?l=openssh-unix-dev&m=100747128105913&w=2]
[DSA-091]
[FreeBSD-SA-01:63]
[HPSBUX0112-005]
[MDKSA-2001:092]
[688]
[RHSA-2001:161]
[SuSE-SA:2001:045]
[TLSA2002001]
[20011205 OpenSSH UseLogin proof of concept exploit]
[openssh-uselogin-execute-code(7647)]
-
Entry
uuxqt in Taylor UUCP package does not properly remove dangerous long options, which allows local users to gain privileges by calling uux and specifying an alternate configuration file with the --config option.
[3312]
[20010908 Multiple vendor 'Taylor UUCP' problems.]
[20011130 Redhat 7.0 local root (via uucp) (attempt 2)]
[CSSA-2001-033.0]
[CLA-2001:425]
[DSA-079]
[RHSA-2001:165]
[SuSE-SA:2001:38]
[uucp-argument-gain-privileges(7099)]
-
Entry
Internet Explorer 5.5 and 6.0 allow remote attackers to read certain files via HTML that passes information from a frame in the client's domain to a frame in the web site's domain, a variant of the "Frame Domain Verification" vulnerability.
[3693]
[M-027]
[MS01-058]
[ie-frame-verification-variant2(7702)]
-
Entry
Internet Explorer 5.5 and 6.0 allows remote attackers to cause the File Download dialogue box to misrepresent the name of the file in the dialogue in a way that could fool users into thinking that the file type is safe to download.
[3597]
[20011126 File extensions spoofable in MSIE download dialog]
[MS01-058]
[oval:org.mitre.oval:def:1014]
[ie-file-download-ext-spoof(7636)]
-
Entry
Buffer overflow in Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to execute arbitrary code via a NOTIFY directive with a long Location URL.
[3723]
[20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities]
[CA-2001-37]
[VU#951555]
[M-030]
[MS01-059]
[20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities]
[win-upnp-notify-bo(7721)]
-
Entry
Universal Plug and Play (UPnP) on Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service via (1) a spoofed SSDP advertisement that causes the client to connect to a service on another machine that generates a large amount of traffic (e.g., chargen), or (2) via a spoofed SSDP announcement to broadcast or multicast addresses, which could cause all UPnP clients to send traffic to a single target system.
[3724]
[20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities]
[20020109 UPNP Denial of Service]
[CA-2001-37]
[VU#411059]
[M-030]
[MS01-059]
[20011220 Multiple Remote Windows XP/ME/98 Vulnerabilities]
[win-upnp-udp-dos(7722)]
-
Entry
Format string vulnerability in the C runtime functions in SQL Server 7.0 and 2000 allows attackers to cause a denial of service.
[A122001-1]
[3732]
[20011221 @stake advisory: Multiple overflow and format string vulnerabilities in in Microsoft SQL Server]
[MS01-060]
[oval:org.mitre.oval:def:253]
[mssql-c-runtime-format-string(7725)]
-
Entry
Cross-site scripting vulnerability in Mailman email archiver before 2.08 allows attackers to obtain sensitive information or authentication credentials via a malicious link that is accessed by other web users.
[3602]
[20011128 Cgisecurity.com Advisory #7: Mailman Email Archive Cross Site Scripting]
[CLA-2001:445]
[RHSA-2001:168]
[RHSA-2001:169]
[RHSA-2001:170]
[mailman-java-css(7617)]
-
Entry
Buffer overflow in glob function of glibc allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via a glob pattern that ends in a brace "{" character.
[3707]
[20011217 [Global InterSec 2001121001] glibc globbing issues.]
[20011220 TSLSA-2001-0029 - glibc]
[M-029]
[CLA-2002:447]
[DSA-103]
[ESA-20011217-01]
[HPSBTL0112-008]
[IMNX-2001-70-037-01]
[MDKSA-2001:095]
[http://sources.redhat.com/ml/bug-glibc/2001-11/msg00109.html]
[RHSA-2001:160]
[SuSE-SA:2001:046]
[glibc-glob-bo(7705)]
-
Entry
xSANE 0.81 and earlier allows local users to modify files of other xSANE users via a symlink attack on temporary files.
[3700]
[FreeBSD-SA-01:68]
[RHSA-2001:171]
[RHSA-2001:172]
[xsane-temp-symlink(7714)]
-
Entry
Atmel Firmware 1.3 Wireless Access Point (WAP) allows remote attackers to cause a denial of service via a SNMP request with (1) a community string other than "public" or (2) an unknown OID, which causes the WAP to deny subsequent SNMP requests.
[3734]
[20011221 VIGILANTe advisory 2001003 : Atmel SNMP Non Public Community String DoS Vulnerability]
[atmel-snmp-community-dos(7734)]
-
Entry
Exim 3.22 and earlier, in some configurations, does not properly verify the local part of an address when redirecting the address to a pipe, which could allow remote attackers to execute arbitrary commands via shell metacharacters.
[3728]
[20011219 [ph10@cus.cam.ac.uk: [Exim] Potential security problem]]
[VU#283723]
[DSA-097]
[RHSA-2001:176]
[exim-pipe-hostname-commands(7738)]
-
Entry
Format string vulnerability in NQS daemon (nqsdaemon) in NQE 3.3.0.16 for CRAY UNICOS and SGI IRIX allows a local user to gain root privileges by using qsub to submit a batch job whose name contains formatting characters.
[3590]
[20011127 UNICOS LOCAL HOLE ALL VERSIONS]
[3275]
[20020101-01-I]
[unicos-nqsd-format-string(7618)]
-
Entry
Vulnerability in Postfix SMTP server before 20010228-pl07, when configured to email the postmaster when SMTP errors cause the session to terminate, allows remote attackers to cause a denial of service (memory exhaustion) by generating a large number of SMTP errors, which forces the SMTP session log to grow too large.
[3544]
[20011115 Postfix session log memory exhaustion bugfix]
[CLA-2001:439]
[DSA-093]
[MDKSA-2001:089]
[RHSA-2001:156]
[postfix-smtp-log-dos(7568)]
-
Entry
Multiple Cisco networking products allow remote attackers to cause a denial of service on the local network via a series of ARP packets sent to the router's interface that contains a different MAC address for the router, which eventually causes the router to overwrite the MAC address in its ARP table.
[3547]
[VU#399355]
[20011115 Cisco IOS ARP Table Overwrite Vulnerability]
[807]
[cisco-arp-overwrite-table(7547)]
-
Entry
Inetd in OpenServer 5.0.5 allows remote attackers to cause a denial of service (crash) via a port scan, e.g. with nmap -PO.
[20020201 RE: DoS bug on Tru64]
[20020205 nmap vs. inetd on Caldera (ex-SCO) OpenServer, Re: DoS bug on Tru64]
[CSSA-2001-SCO.33]
[openserver-nmap-po-option(7571)]
-
Entry
Network Tools 0.2 for PHP-Nuke allows remote attackers to execute commands on the server via shell metacharacters in the $hostinput variable.
[20011116 Network Tool 0.2 Addon for PHPNuke vulnerable to remote command execution]
[http://phpnukerz.org/modules.php?name=Downloads&d_op=viewsdownload&sid=32]
[phpnuke-nettools-command-execution(7578)]
-
Entry
Directory traversal vulnerability in modules.php in Gallery before 1.2.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the include parameter.
[3554]
[20011118 Gallery Addon for PhpNuke remote file viewing vulnerability]
[http://www.menalto.com/projects/gallery/article.php?sid=33&mode=&order=]
[677]
[phpnuke-gallery-directory-traversal(7580)]
-
Entry
Hypermail allows remote attackers to execute arbitrary commands on a server supporting SSI via an attachment with a .shtml extension, which is archived on the server and can then be executed by requesting the URL for the attachment.
[20011119 Hypermail SSI Vulnerability]
[http://www.hypermail.org/dist/hypermail-2.1.4.tar.gz]
[hypermail-ssi-execute-commands(7576)]
-
Entry
Microsoft IIS 5.0 allows remote attackers to spoof web log entries via an HTTP request that includes hex-encoded newline or form-feed characters.
[6795]
[20011120 IIS logging issue]
[20011120 IIS logging issue]
[iis-fake-log-entry(7613)]
-
Entry
Race condition in signal handling of procmail 3.20 and earlier, when running setuid, allows local users to cause a denial of service or gain root privileges by sending a signal while a signal handling routine is already running.
[3071]
[CLA-2001:433]
[DSA-083]
[FreeBSD-SA-01:60]
[MDKSA-2001:085]
[RHSA-2001:093]
[procmail-signal-handling-race(6872)]
-
Entry
teTeX filter before 1.0.7 allows local users to gain privileges via a symlink attack on temporary files that are produced when printing .dvi files using lpr.
[2974]
[20010622 LPRng + tetex tmpfile race - uid lp exploit]
[IMNX-2001-70-030-01]
[MDKSA-2001:086]
[RHSA-2001:102]
[tetex-lprng-tmp-race(6785)]
-
Entry
Linux kernel 2.2.1 through 2.2.19, and 2.4.1 through 2.4.10, allows local users to cause a denial of service via a series of deeply nested symlinks, which causes the kernel to spend extra time when trying to access the link.
[3444]
[20011018 Flaws in recent Linux kernels]
[20011019 TSLSA-2001-0028]
[CSSA-2001-036.0]
[ESA-20011019-02]
[IMNX-2001-70-035-01]
[MDKSA-2001:079]
[MDKSA-2001:082]
[SuSE-SA:2001:036]
[linux-multiple-symlink-dos(7312)]
-
Entry
Buffer overflow in helpctr.exe program in Microsoft Help Center for Windows XP allows remote attackers to execute arbitrary code via a long hcp: URL.
[6802]
[20011121 Buffer overflow in Windows XP "helpctr.exe"]
[winxp-helpctr-bo(7605)]
-
Entry
Packaging error for expect 8.3.3 in Mandrake Linux 8.1 causes expect to search for its libraries in the /home/snailtalk directory before other directories, which could allow a local user to gain root privileges.
[MDKSA-2001:087]
[linux-expect-unauth-root(7604)]
-
Entry
Linux kernel before 2.4.11pre3 in multiple Linux distributions allows local users to cause a denial of service (crash) by starting the core vmlinux kernel, possibly related to poor error checking during ELF loading.
[3570]
[20011121 SuSE 7.3 : Kernel 2.4.10-4GB Bug]
[20011122 Re: SuSE 7.3 : Kernel 2.4.10-4GB Bug]
[linux-vmlinux-dos(7591)]
-
Entry
Jakarta Tomcat 4.0.1 allows remote attackers to reveal physical path information by requesting a long URL with a .JSP extension.
[20011122 Hi]
[http://marc.info/?l=tomcat-dev&m=100658457507305&w=2]
[[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/]
[[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/]
[[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/]
[tomcat-reveal-install-path(7599)]
-
Entry
Vulnerabilities in CGI scripts in susehelp in SuSE 7.2 and 7.3 allow remote attackers to execute arbitrary commands by not opening files securely.
[3576]
[SuSE-SA:2001:041]
[susehelp-cgi-command-execution(7583)]
-
Entry
Format string vulnerability in auto nice daemon (AND) 1.0.4 and earlier allows a local user to possibly execute arbitrary code via a process name containing a format string.
[3580]
[20011126 [CERT-intexxia] Auto Nice Daemon Format String Vulnerability]
[http://and.sourceforge.net/]
[and-format-string(7606)]
-
Entry
Netscape 4.79 and earlier for MacOS allows an attacker with access to the browser to obtain passwords from form fields by printing the document into which the password has been typed, which is printed in cleartext.
[3565]
[20011121 Mac Netscape password fields]
[5524]
[macos-netscape-print-passwords(7593)]
-
Entry
Cisco IOS Firewall Feature set, aka Context Based Access Control (CBAC) or Cisco Secure Integrated Software, for IOS 11.2P through 12.2T does not properly check the IP protocol type, which could allow remote attackers to bypass access control lists.
[3588]
[VU#362483]
[20011128 A Vulnerability in IOS Firewall Feature Set]
[808]
[ios-cbac-bypass-acl(7614)]
-
Entry
Buffer overflow in Frox transparent FTP proxy 0.6.6 and earlier, with the local caching method selected, allows remote FTP servers to run arbitrary code via a long response to an MDTM request.
[3606]
[20011130 Alert: Vulnerability in frox transparent ftp proxy.]
[http://frox.sourceforge.net/security.txt]
[frox-ftp-proxy-bo(7632)]
-
Entry
Lotus Domino 5.08 and earlier allows remote attackers to cause a denial of service (crash) via a SunRPC NULL command to port 443.
[3607]
[20011130 Denial of Service in Lotus Domino 5.08 and earlier HTTP Server]
[http://www-1.ibm.com/support/manager.wss?rs=0&rt=0&org=sims&doc=4C8E450DBF2E7F1885256B200079FA88]
[1998]
[lotus-domino-nhttp-dos(7631)]
-
Entry
Buffer overflow in the GUI authentication code of Check Point VPN-1/FireWall-1 Management Server 4.0 and 4.1 allows remote attackers to execute arbitrary code via a long user name.
[3336]
[20010919 Check Point FireWall-1 GUI Log Viewer vulnerability (vuldb 3336)]
[20011128 Firewall-1 remote SYSTEM shell buffer overflow]
[20011130 Fw: Firewall-1 remote SYSTEM shell buffer overflow]
[20010919 GUI Buffer Overflow]
[1951]
[20010921 Check Point FireWall-1 GUI Buffer Overflow]
[fw1-log-viewer-bo(7145)]
-
Entry
apmscript in Apmd in Red Hat 7.2 "Enigma" allows local users to create or change the modification dates of arbitrary files via a symlink attack on the LOW_POWER temporary file, which could be used to cause a denial of service, e.g. by creating /etc/nologin and disabling logins.
[20011204 Symlink attack with apmd of RH 7.2]
[https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=56389]
[5493]
[apmd-apmscript-symlink(8268)]
-
Entry
Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that contain a large number of dot characters.
[3652]
[20011207 UDP DoS attack in Win2k via IKE]
[20011211 UDP DoS attack in Win2k via IKE]
[win2k-ike-dos(7667)]
-
Entry
Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows remote attackers to cause a denial of service (block access to databases that have not been previously accessed) via a URL that includes the . (dot) directory.
[3656]
[20011207 Lotus Domino Web server vulnerability]
[http://www-1.ibm.com/support/manager.wss?rs=1&rt=0&org=sims&doc=255CC03D83CFF50C85256B1E005E349B]
[2000]
[lotus-domino-database-dos(7684)]
-
Entry
Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 creates a hidden share named ARCSERVE$, which allows remote attackers to obtain sensitive information and overwrite critical files.
[3342]
[20010915 ARCserve 6.61 Share Access Vulnerability]
[http://support.ca.com/Download/patches/asitnt/QO00945.html]
[5483]
[arcserve-aremote-plaintext(7122)]
-
Entry
Computer Associates ARCserve for NT 6.61 SP2a and ARCserve 2000 7.0 stores the backup agent user name and password in cleartext in the aremote.dmp file in the ARCSERVE$ hidden share, which allows local and remote attackers to gain privileges.
[3343]
[20010915 ARCserve 6.61 Share Access Vulnerability]
[http://support.ca.com/Download/patches/asitnt/QO00945.html]
[arcserve-aremote-plaintext(7122)]
-
Entry
Buffer overflow in tab expansion capability of the most program allows local or remote attackers to execute arbitrary code via a malformed file that is viewed with most.
[3347]
[DSA-076]
[most-file-create-bo(7149)]
-
Entry
IBM WebSphere Application Server 3.02 through 3.53 uses predictable session IDs for cookies, which allows remote attackers to gain privileges of WebSphere users via brute force guessing.
[20010919 Websphere cookie/sessionid predictable]
[20010928 Re: Websphere cookie/sessionid predictable]
[http://www14.software.ibm.com/webapp/download/postconfig.jsp?id=4000805&pf=Multi-Platform&v=3.0.2&e=Standard+%26+Advanced+Editions&cat=&s=p]
[5492]
[ibm-websphere-seq-predict(7153)]
-
Entry
Directory traversal vulnerability in SpoonFTP 1.1 allows local and sometimes remote attackers to access files outside of the FTP root via a ... (modified dot dot) in the CD (CWD) command.
[3351]
[20010920 Vulnerability in SpoonFTP]
[http://www.pi-soft.com/spoonftp/index.shtml]
[1953]
[spoonftp-dot-directory-traversal(7147)]
-
Entry
glFTPD 1.23 allows remote attackers to cause a denial of service (CPU consumption) via a LIST command with an argument that contains a large number of * (asterisk) characters.
[3201]
[20010817 [ASGUARD-LABS] glFTPD v1.23 DOS Attack]
[http://www.glftpd.org/]
[glftpd-list-dos(7001)]
-
Entry
ipfw in FreeBSD does not properly handle the use of "me" in its rules when point to point interfaces are used, which causes ipfw to allow connections from arbitrary remote hosts.
[3206]
[FreeBSD-SA-01:53]
[1937]
[ipfw-me-unauthorized-access(7002)]
-
Entry
BSCW groupware system 3.3 through 4.0.2 beta allows remote attackers to read or modify arbitrary files by uploading and extracting a tar file with a symlink into the data-bag space.
[3227]
[20010822 BSCW symlink vulnerability]
[VU#465971]
[http://bscw.gmd.de/Bulletins/BSCW-SB-2001-08.extract.txt]
[bscw-extracted-file-symlink(7029)]
-
Entry
slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field.
[3049]
[CA-2001-18]
[VU#935800]
[CLA-2001:417]
[DSA-068]
[MDKSA-2001:069]
[1905]
[RHSA-2001:098]
[openldap-ldap-protos-dos(6904)]
-
Entry
login in HP-UX 10.26 does not record failed login attempts in /var/adm/btmp, which could allow attackers to conduct brute force password guessing attacks without being detected or observed using the lastb program.
[3289]
[PHCO_17719]
[PHCO_24454]
[hpux-login-btmp(8632)]
-
Entry
docview before 1.0-15 allows remote attackers to execute arbitrary commands via shell metacharacters that are processed when converting a man page to a web page.
[3052]
[CSSA-2001-026.0]
[docview-httpd-command-execution(6854)]
-
Entry
HP CIFS/9000 Server (SAMBA) A.01.07 and earlier with the "unix password sync" option enabled calls the passwd program without specifying the username of the user making the request, which could cause the server to change the password of a different user.
[HPSBUX0108-164]
[hp-cifs-change-passwords(7051)]
-
Entry
Directory traversal vulnerability in IBM Tivoli WebSEAL Policy Director 3.01 through 3.7.1 allows remote attackers to read arbitrary files or directories via encoded .. (dot dot) sequences containing "%2e" strings.
[IY18152]
[3080]
[20010723 iXsecurity.20010618.policy_director.a]
[ftp://ftp.tivoli.com/support/patches/patches_3.7.1/3.7.1-POL-0003/3.7.1-POL-0003.README]
[1908]
[tivoli-secureway-dot-directory-traversal(6884)]
-
Entry
Cross-site scripting vulnerability in CGIWrap before 3.7 allows remote attackers to execute arbitrary Javascript on other web clients by causing the Javascript to be inserted into error messages that are generated by CGIWrap.
[3084]
[20010722 Re: [cgiwrap-users] Re: Security hole in CGIWrap (cross-site scripting vulnerability)]
[http://cgiwrap.sourceforge.net/changes.html]
[1909]
[cgiwrap-cross-site-scripting(6886)]
-
Entry
sendmsg function in NetBSD 1.3 through 1.5 allows local users to cause a denial of service (kernel trap or panic) via a msghdr structure with a large msg_controllen length.
[3088]
[NetBSD-SA2001-011]
[1910]
[bsd-kernel-sendmsg-dos(6908)]
-
Entry
PHProjekt before 2.4a allows remote attackers to perform actions as other PHProjekt users by modifying the ID number in an HTTP request to PHProjekt CGI programs.
[3239]
[20010826 security hole in os groupware suite PHProjekt]
[http://www.phprojekt.com/ChangeLog]
[phprojekt-id-modify(7035)]
-
Entry
IBM HACMP 4.4 allows remote attackers to cause a denial of service via a completed TCP connection to HACMP ports (e.g., using a port scan) that does not send additional data, which causes a failure in snmpd.
[IY17630]
[IY20943]
[3358]
[20010924 HACMP and port scans]
[20011002 Vulnerability 3358, "IBM HACMP Port Scan Denial of Service Vulnerability"]
[hacmp-portscan-dos(7165)]
-
Entry
The default configuration of the DVI print filter (dvips) in Red Hat Linux 7.0 and earlier does not run dvips in secure mode when dvips is executed by lpd, which could allow remote attackers to gain privileges by printing a DVI file that contains malicious commands.
[3241]
[20010827 LPRng/rhs-printfilters - remote execution of commands]
[RHSA-2001:102]
[dvips-lpd-command-execution(16509)]
-
Entry
Java Plugin 1.4 for JRE 1.3 executes signed applets even if the certificate is expired, which could allow remote attackers to conduct unauthorized activities via an applet that has been signed by an expired certificate.
[3245]
[20010824 Java Plugin 1.4 with JRE 1.3 -> Ignores certificates.]
[javaplugin-jre-expired-certificate(7048)]
-
Entry
Directory traversal vulnerability in pagecount CGI script in Sambar Server before 5.0 beta 5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) attack on the page parameter.
[3092]
[20010721 Sambar Web Server pagecount exploit code]
[http://www.sambar.com/security.htm]
[sambar-pagecount-overwrite-files(6916)]
-
Entry
index2.php in Mambo Site Server 3.0.0 through 3.0.5 allows remote attackers to gain Mambo administrator privileges by setting the PHPSESSID parameter and providing the appropriate administrator information in other parameters.
[3093]
[20010725 Serious security hole in Mambo Site Server version 3.0.X]
[http://prdownloads.sourceforge.net/mambo/mambov3.0.6.tar.gz]
[1911]
[mambo-phpsessid-gain-privileges(6910)]
-
Entry
PGP Corporate Desktop before 7.1, Personal Security before 7.0.3, Freeware before 7.0.3, and E-Business Server before 7.1 does not properly display when invalid userID's are used to sign a message, which could allow an attacker to make the user believe that the document has been signed by a trusted third party by adding a second, invalid user ID to a key which has already been signed by the third party, aka the "PGPsdk Key Validity Vulnerability."
[3280]
[20010904 PGPsdk Key Validity Vulnerability]
[http://www.pgp.com/support/product-advisories/pgpsdk.asp]
[1946]
[pgp-invalid-key-display(7081)]
-
Entry
rmuser utility in FreeBSD 4.2 and 4.3 creates a copy of the master.passwd file with world-readable permissions while updating the original file, which could allow local users to gain privileges by reading the copied file while rmuser is running, obtain the password hashes, and crack the passwords.
[3282]
[FreeBSD-SA-01:59]
[1947]
[rmuser-insecure-password-file(7086)]
-
Entry
edit_image.php in Vibechild Directory Manager before 0.91 allows remote attackers to execute arbitrary commands via shell metacharacters in the userfile_name parameter, which is sent unfiltered to the PHP passthru function.
[3288]
[20010905 directorymanager bug]
[http://sourceforge.net/project/shownotes.php?release_id=51589]
[directory-manager-execute-commands(7079)]
-
Entry
Format string vulnerability in pic utility in groff 1.16.1 and other versions, and jgroff before 1.15, allows remote attackers to bypass the -S option and execute arbitrary commands via format string specifiers in the plot command.
[3103]
[20010727 ADV/EXP:pic/lpd remote exploit - RH 7.0]
[CLA-2001:428]
[DSA-072]
[DSA-107]
[1914]
[RHSA-2002:004]
[linux-groff-format-string(6918)]
-
Entry
Buffer overflow in WindowMaker (aka wmaker) 0.64 and earlier allows remote attackers to execute arbitrary code via a long window title.
[3177]
[CLA-2001:411]
[http://www.windowmaker.org/src/ChangeLog]
[DSA-074]
[MDKSA-2001:074]
[SuSE-SA:2001:032]
[windowmaker-title-bo(6969)]
-
Entry
Buffer overflow in ultimate_source function of man 1.5 and earlier allows local users to gain privileges.
[RHSA-2001:072]
[man-ultimate-source-bo(8622)]
-
Entry
libutil in OpenSSH on FreeBSD 4.4 and earlier does not drop privileges before verifying the capabilities for reading the copyright and welcome files, which allows local users to bypass the capabilities checks and read arbitrary files by specifying alternate copyright or welcome files.
[20010920 Local vulnerability in libutil derived with FreeBSD 4.4-RC (and earlier)]
[6073]
[bsd-libutil-privilege-dropping(8697)]
-
Entry
Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.
[20010718 Squid httpd acceleration acl bug enables portscanning]
[20010719 TSLSA-2001-0013 - Squid]
[CSSA-2001-029.0]
[IMNX-2001-70-031-01]
[MDKSA-2001:066]
[RHSA-2001:097]
[squid-http-accelerator-portscanning(6862)]
-
Entry
admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and specifying the file to copy.
[3361]
[20010924 twlc advisory: all versions of php nuke are vulnerable...]
[http://sourceforge.net/forum/forum.php?forum_id=113892]
[php-nuke-admin-file-overwrite(7170)]
-
Entry
Binary decoding feature of slrn 0.9 and earlier allows remote attackers to execute commands via shell scripts that are inserted into a news post.
[3364]
[DSA-078]
[slrn-decode-script-execution(7166)]
-
Entry
GNU locate in findutils 4.1 on Slackware 7.1 and 8.0 allows local users to gain privileges via an old formatted filename database (locatedb) that contains an entry with an out-of-range offset, which causes locate to write to arbitrary process memory.
[3127]
[20010801 Slackware 8.0, 7.1 Vulnerability: /usr/bin/locate]
[5477]
[locate-command-execution(6932)]
-
Entry
Cisco SN 5420 Storage Router 1.1(3) and earlier allows local users to access a developer's shell without a password and execute certain restricted commands without being logged.
[3131]
[20010711 Vulnerabilities in Cisco SN 5420 Storage Routers]
[1917]
[cisco-sn-gain-access(6827)]
-
Entry
Cisco SN 5420 Storage Router 1.1(3) and earlier allows remote attackers to cause a denial of service (reboot) via a series of connections to TCP port 8023.
[3014]
[L-112]
[20010711 Vulnerabilities in Cisco SN 5420 Storage Routers]
[1899]
[cisco-sn-dos(6826)]
-
Entry
ArGoSoft FTP Server 1.2.2.2 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file.
[2961]
[20010701 ArGoSoft 1.2.2.2 *.lnk upload Directory Traversal]
[1886]
[ftp-lnk-directory-traversal(6760)]
-
Entry
Buffer overflow in qpopper (aka qpop or popper) 4.0 through 4.0.2 allows remote attackers to gain privileges via a long username.
[2811]
[20010602 Qpopper 4.0.3 **** Fixes Buffer Overflow **** (fwd)]
[CSSA-2001-SCO.8]
[20010420 Qpopper 4.0 Buffer Overflow]
[qpopper-username-bo(6647)]
-
Entry
AWOL PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
[3387]
[20011002 results of semi-automatic source code audit]
[http://www.gospelcom.net/mnn/topher/awol/changelog.php]
[http://www.geocrawler.com/archives/3/14414/2001/9/0/6668723/]
[php-includedir-code-execution(7215)]
-
Entry
Phorecast PHP script before 0.40 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
[3388]
[20011002 results of semi-automatic source code audit]
[http://phorecast.org/]
[php-includedir-code-execution(7215)]
-
Entry
AdLogin.pm in AdCycle 1.15 and earlier allows remote attackers to bypass authentication and gain privileges by injecting SQL code in the $password argument.
[3032]
[20010713 AdCycle SQL Command Insertion Vulnerability - qDefense Advisory Number QDAV-2001-7-2]
[http://www.adcycle.com/cgi-bin/download.cgi?type=UNIX&version=1.17]
[adcycle-insert-sql-command(6837)]
-
Entry
PHPAdsNew PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
[3392]
[20011002 results of semi-automatic source code audit]
[http://sourceforge.net/forum/forum.php?forum_id=117952]
[http://sourceforge.net/forum/forum.php?thread_id=148900&forum_id=117952]
[php-includedir-code-execution(7215)]
-
Entry
The Microsoft Windows network stack allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed ARP request packets with random source IP and MAC addresses, as demonstrated by ARPNuke.
[3113]
[20010730 ARPNuke - 80 kb/s kills a whole subnet]
[win-arp-packet-flooding-dos(6924)]
-
Entry
IRC DCC helper in the ip_masq_irc IP masquerading module 2.2 allows remote attackers to bypass intended firewall restrictions by causing the target system to send a "DCC SEND" request to a malicious server which listens on port 6667, which may cause the module to believe that the traffic is a valid request and allow the connection to the port specified in the DCC SEND request.
[3117]
[20010730 Re: [RAZOR] Linux kernel IP masquerading vulnerability (_actual_ patch)]
[20010730 [RAZOR] Linux kernel IP masquerading vulnerability]
[1916]
[linux-ipmasqirc-bypass-protection(6923)]
-
Entry
VMWare creates a temporary file vmware-log.USERNAME with insecure permissions, which allows local users to read or modify license information.
[3119]
[20010730 vmware bug?]
[5475]
[vmware-obtain-license-info(6925)]
-
Entry
Buffer overflow in mana in OpenServer 5.0.6a and earlier allows local users to execute arbitrary code.
[CSSA-2001-SCO.12]
[openserver-mana-bo(7034)]
-
Entry
Buffer overflow in uidadmin in Caldera Open Unix 8.0.0 and UnixWare 7 allows local users to gain root privileges via a long -S (scheme) command line argument.
[3244]
[CSSA-2001-SCO.14]
[unixware-openunix-uidadmin-bo(7036)]
-
Entry
ns6install installation script for Netscape 6.01 on Solaris, and other versions including 6.2.1 beta, allows local users to overwrite arbitrary files via a symlink attack.
[3243]
[20010827 Dangerous temp file creation during installation of Netscape 6.]
[4633888]
[20010827 Dangerous temp file creation during installation of Netscape 6.]
[netscape-install-tmpfile-symlink(7042)]
-
Entry
Buffer overflow in AOLserver 3.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via an HTTP request with a long Authorization header.
[3230]
[20010822 AOLserver 3.0 vulnerability]
[20010906 AOLserver exploit code]
[aolserver-long-password-dos(7030)]
-
Entry
libCoolType library as used in Adobe Acrobat (acroread) on Linux creates the AdobeFnt.lst file with world-writable permissions, which allows local users to modify the file and possibly modify acroread's behavior.
[3225]
[20010822 Adobe Acrobat creates world writable ~/AdobeFnt.lst files]
[http://lists.debian.org/debian-security/2001/debian-security-200101/msg00085.html]
[adobe-acrobat-insecure-permissions(7024)]
-
Entry
Cisco IOS 12.2 and earlier running Cisco Discovery Protocol (CDP) allows remote attackers to cause a denial of service (memory consumption) via a flood of CDP neighbor announcements.
[3412]
[20011009 Cisco CDP attacks]
[20011009 Cisco Systems - Vulnerability in CDP]
[VU#139491]
[1969]
[cisco-ios-cdp-dos(7242)]
-
Entry
Apache with mod_rewrite enabled on most UNIX systems allows remote attackers to bypass RewriteRules by inserting extra / (slash) characters into the requested path, which causes the regular expression in the RewriteRule to fail.
[3176]
[20010812 Are your mod_rewrite rules doing what you expect?]
[http://www.apacheweek.com/issues/02-02-01#security]
[apache-rewrite-bypass-directives(8633)]
-
Entry
Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges.
[2795]
[20010526 Webmin Doesn't Clean Env (root exploit)]
[CSSA-2001-019.1]
[MDKSA-2001:059]
[webmin-gain-information(6627)]
-
Entry
poprelayd script before 2.0 in Cobalt RaQ3 servers allows remote attackers to bypass authentication for relaying by causing a "POP login by user" string that includes the attacker's IP address to be injected into the maillog log file.
[2986]
[20010703 poprelayd and sendmail relay authentication problem (Cobalt Raq3)]
[20010709 Re: poprelayd and sendmail relay authentication problem (Cobalt Raq3)]
[cobalt-poprelayd-mail-relay(6806)]
-
Entry
create_keyfiles in PSSP 3.2 with DCE 3.1 authentication on AIX creates keyfile directories with world-writable permissions, which could allow a local user to delete key files and cause a denial of service.
[IY19069]
[5473]
[aix-keyfile-world-writable(8923)]
-
Entry
diagrpt in AIX 4.3.x and 5.1 uses the DIAGDATADIR environment variable to find and execute certain programs, which allows local users to gain privileges by modifying the variable to point to a Trojan horse program.
[2916]
[MSS-OAR-E01-2001:225.1]
[aix-diagrpt-root-shell(6734)]
-
Entry
Format string vulnerabilities in Livingston/Lucent RADIUS before 2.1.va.1 may allow local or remote attackers to cause a denial of service and possibly execute arbitrary code via format specifiers that are injected into log messages.
[2994]
[http://freshmeat.net/releases/52020/]
[[fm-news] 20010713 Newsletter for Friday, July 13th 2001]
[20010719 [VulnWatch] Changelog maddness (14 various broken apps)]
-
Entry
Icecast 1.3.7, and other versions before 1.3.11 with HTTP server file streaming support enabled allows remote attackers to cause a denial of service (crash) via a URL that ends in . (dot), / (forward slash), or \ (backward slash).
[2933]
[20010626 Advisory]
[CSSA-2002-020.0]
[http://www.icecast.org/releases/icecast-1.3.11.tar.gz]
[DSA-089]
[http://www.icecast.org/index.html]
[RHSA-2001:105]
[RHSA-2002:063]
[icecast-http-remote-dos(6751)]
-
Entry
Cross-site scripting vulnerability in Allaire JRun 3.0 and 2.3.3 allows a malicious webmaster to embed Javascript in a request for a .JSP, .shtml, .jsp10, .jrun, or .thtml file that does not exist, which causes the Javascript to be inserted into an error message.
[MPSB01-06]
[2983]
[20010702 Multiple Vendor Java Servlet Container Cross-Site Scripting Vulnerability]
[VU#654643]
[1891]
[java-servlet-crosssite-scripting(6793)]
-
Entry
Lmail 2.7 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file.
[2984]
[20010705 lmail local root exploit]
[lmail-tmpfile-symlink(6809)]
-
Entry
Microsoft Outlook 8.5 and earlier, and Outlook Express 5 and earlier, with the "Automatically put people I reply to in my address book" option enabled, do not notify the user when the "Reply-To" address is different than the "From" address, which could allow an untrusted remote attacker to spoof legitimate addresses and intercept email from the client that is intended for another user.
[2823]
[20010605 SECURITY.NNOV: Outlook Express address book spoofing]
[http://support.microsoft.com/default.aspx?scid=kb;EN-US;q234241]
[outlook-address-book-spoofing(6655)]
-
Entry
libnss-pgsql in nss-pgsql 0.9.0 and earlier allows remote attackers to execute arbitrary SQL queries by inserting SQL code into an HTTP request.
[3314]
[20010910 RUS-CERT Advisory 2001-09:01]
[postgresql-nss-authentication-modules(7111)]
-
Entry
Buffer overflow in uuq in AIX 4 could allow local users to execute arbitrary code via a long -r parameter.
[IY23401]
[IY24231]
[5469]
-
Entry
Buffer overflows in muxatmd in AIX 4 allows an attacker to cause a core dump and possibly execute code.
[IY23402]
[5470]
-
Entry
Cisco PIX firewall manager (PFM) 4.3(2)g logs the enable password in plaintext in the pfm.log file, which could allow local users to obtain the password by reading the file.
[3419]
[20011010 Vulnerability: Cisco PIX Firewall Manager]
[VU#639507]
[cisco-pfm-plaintext-password(7265)]
-
Entry
The default configuration of Norton AntiVirus for Microsoft Exchange 2000 2.x allows remote attackers to identify the recipient's INBOX file path by sending an email with an attachment containing malicious content, which includes the path in the rejection notice.
[3305]
[20010907 Microsoft Exchange + Norton AntiVirus leak local information]
[20010912 Re: Microsoft Exchange + Norton AntiVirus leak local information]
[nav-exchange-reveal-information(7093)]
-
Entry
sendmessage.cgi in W3Mail 1.0.2, and possibly other CGI programs, allows remote attackers to execute arbitrary commands via shell metacharacters in any field of the 'Compose Message' page.
[3673]
[20011007 Bug found at W3Mail Webmail]
[http://www.w3mail.org/ChangeLog]
[w3mail-metacharacters-command-execution(7230)]
-
Entry
FTP Voyager ActiveX control before 8.0, when it is marked as safe for scripting (the default) or if allowed by the IObjectSafety interface, allows remote attackers to execute arbitrary commands.
[VU#320944]
[ftp-voyager-embedded-script-execution(7119)]
-
Entry
The default configuration of Sambar Server 5 and earlier uses a symmetric key that is compiled into the binary program for encrypting passwords, which could allow local users to break all user passwords by cracking the key or modifying a copy of the sambar program to call the decryption procedure.
[3095]
[20010725 Sambar Server password decryption]
[sambar-insecure-passwords(6909)]
-
Entry
Directory traversal vulnerability in SnapStream PVS 1.2a allows remote attackers to read arbitrary files via a .. (dot dot) attack in the requested URL.
[3100]
[20010726 Snapstream PVS vulnerability]
[http://discuss.snapstream.com/ubb/Forum1/HTML/000216.html]
[2080]
[snapstream-dot-directory-traversal(6917)]
-
Entry
Buffer overflow in TrollFTPD 1.26 and earlier allows local users to execute arbitrary code by creating a series of deeply nested directories with long names, then running the ls -R (recursive) command.
[3174]
[20010813 Local exploit for TrollFTPD-1.26]
[ftp://ftp.trolltech.com/freebies/ftpd/troll-ftpd-1.27.tar.gz]
[trollftpd-long-path-bo(6974)]
-
Entry
Identix BioLogon 2.03 and earlier does not lock secondary displays on a multi-monitor system running Windows 98 or ME, which allows an attacker with physical access to the system to bypass authentication through a secondary display.
[3140]
[20010802 Identix BioLogon Client security bug]
[20010808 Response to Identix BioLogon Client security bug]
[5453]
[identix-biologon-auth-bypass(6948)]
-
Entry
LinkSys EtherFast BEFSR41 Cable/DSL routers running firmware before 1.39.3 Beta allows a remote attacker to view administration and user passwords by connecting to the router and viewing the HTML source for (1) index.htm and (2) Password.htm.
[3141]
[20010802 Advisory Update: Design Flaw in Linksys EtherFast 4-Port]
[20010810 Linksys router security fix]
[ftp://ftp.linksys.com/pub/befsr41/befsr-fw1402.zip]
[1920]
[5467]
[linksys-etherfast-reveal-passwords(6949)]
-
Entry
A module in Roxen 2.0 before 2.0.92, and 2.1 before 2.1.264, does not properly decode UTF-8, Mac and ISO-2202 encoded URLs, which could allow a remote attacker to execute arbitrary commands or view arbitrary files via an encoded URL.
[3145]
[20010802 FW: Security alert: Remote user can access any file]
[20010802 Roxen security alert: URL decoding vulnerable]
[http://download.roxen.com/2.0/patch/security-notice.html]
[roxen-urlrectifier-retrieve-files(6937)]
-
Entry
cda in xmcd 3.0.2 and 2.6 in SuSE Linux allows local users to overwrite arbitrary files via a symlink attack.
[3148]
[VU#105347]
[SuSE-SA:2001:025]
[xmcd-cda-symlink(6941)]
-
Entry
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2001-1084. Reason: This candidate is a duplicate of CVE-2001-1084. Notes: All CVE users should reference CVE-2001-1084 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.
-
Entry
Sdbsearch.cgi in SuSE Linux 6.0-7.2 could allow remote attackers to execute arbitrary commands by uploading a keylist.txt file that contains filenames with shell metacharacters, then causing the file to be searched using a .. in the HTTP referer (from the HTTP_REFERER variable) to point to the directory that contains the keylist.txt file.
[20010802 suse: sdbsearch.cgi vulnerability]
[SuSE-SA:2001:027]
[sdbsearch-cgi-command-execution(7003)]
-
Entry
Mailman 2.0.x before 2.0.6 allows remote attackers to gain access to list administrative pages when there is an empty site or list password, which is not properly handled during the call to the crypt function during authentication.
[CLA-2001:420]
[5455]
[mailman-blank-passwords(7091)]
-
Entry
The Pseudo-Random Number Generator (PRNG) in SSLeay and OpenSSL before 0.9.6b allows attackers to use the output of small PRNG requests to determine the internal state information, which could be used by attackers to predict future pseudo-random numbers.
[3004]
[20010710 OpenSSL Security Advisory: PRNG weakness in versions up to 0.9.6a]
[CLA-2001:418]
[ESA-20010709-01]
[FreeBSD-SA-01:51]
[MDKSA-2001:065]
[NetBSD-SA2001-013]
[853]
[RHSA-2001:051]
[openssl-prng-brute-force(6823)]
-
Entry
Directory traversal vulnerability in McAfee ASaP VirusScan agent 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the HTTP request.
[3020]
[20010711 McAfee ASaP Virusscan - myCIO HTTP Server Directory Traversal Vulnerabilty]
[VU#190267]
[20010716 McAfee ASaP Virusscan - MyCIO HTTP Server Directory Traversal Vul nerability]
[584]
[mcafee-mycio-directory-traversal(6834)]
-
Entry
fts routines in FreeBSD 4.3 and earlier, NetBSD before 1.5.2, and OpenBSD 2.9 and earlier can be forced to change (chdir) into a different directory than intended when the directory above the current directory is moved, which could cause scripts to perform dangerous actions on the wrong directories.
[3205]
[FreeBSD-SA-01:40]
[NetBSD-SA2001-016]
[20010530 029: SECURITY FIX: May 30, 2001]
[5466]
[bsd-fts-race-condition(8715)]
-
Entry
AllCommerce with debugging enabled in EnGarde Secure Linux 1.0.1 creates temporary files with predictable names, which allows local users to modify files via a symlink attack.
[3016]
[ESA-20010711-01]
[allcommerce-temp-symlink(6830)]
-
Entry
The PAM implementation in /bin/login of the util-linux package before 2.11 causes a password entry to be rewritten across multiple PAM calls, which could provide the credentials of one user to a different user, when used in certain PAM modules such as pam_limits.
[3415]
[20011008 pam_limits.so Bug!!]
[M-009]
[MDKSA-2001:084]
[RHSA-2001:132]
[SuSE-SA:2001:034]
[utillinux-pamlimits-gain-privileges(7266)]
-
Entry
Panda Antivirus Platinum before 6.23.00 allows a remore attacker to cause a denial of service (crash) when a user selects an action for a malformed UPX packed executable file.
[5456]
[20010821 RE: Bug report -- Incident number 240649]
-
Entry
lpsystem in OpenUnix 8.0.0 allows local users to cause a denial of service and possibly execute arbitrary code via a long command line argument.
[3248]
[CSSA-2001-SCO.15]
[openunix-lpsystem-bo(7041)]
-
Entry
TCP Wrappers (tcp_wrappers) in FreeBSD 4.1.1 through 4.3 with the PARANOID ACL option enabled does not properly check the result of a reverse DNS lookup, which could allow remote attackers to bypass intended access restrictions via DNS spoofing.
[FreeBSD-SA-01:56]
[5454]
-
Entry
Check Point VPN-1/FireWall-1 4.1 base.def contains a default macro, accept_fw1_rdp, which can allow remote attackers to bypass intended restrictions with forged RDP (internal protocol) headers to UDP port 259 of arbitrary hosts.
[2952]
[20010709 Check Point FireWall-1 RDP Bypass Vulnerability]
[20010709 Check Point response to RDP Bypass]
[CA-2001-17]
[VU#310295]
[20010712 RDP Bypass workaround for VPN-1/FireWall 4.1 SPx]
[L-109]
[1884]
[fw1-rdp-bypass(6815)]
-
Entry
udirectory.pl in Microburst Technologies uDirectory 2.0 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the category_file field.
[2884]
[20010618 udirectory from Microburst Technologies remote command execution]
[udirectory-remote-command-execution(6706)]
-
Entry
Cross-site scripting (CSS) vulnerability in Lotus Domino 5.0.6 allows remote attackers to execute script on other web clients via a URL that ends in Javascript, which generates an error message that does not quote the resulting script.
[2962]
[20010702 Lotus Domino Server Cross-Site Scripting Vulnerability]
[20010702 Re: Lotus Domino Server Cross-Site Scripting Vulnerability]
[VU#642239]
[1887]
[lotus-domino-css(6789)]
-
Entry
Directory traversal vulnerability in the %m macro in the smb.conf configuration file in Samba before 2.2.0a allows remote attackers to overwrite certain files via a .. in a NETBIOS name, which is used as the name for a .log file.
[2928]
[20010623 smbd remote file creation vulnerability]
[CSSA-2001-024.0]
[L-105]
[CLA-2001:405]
[http://us1.samba.org/samba/whatsnew/macroexploit.html]
[DSA-065]
[HPSBUX0107-157]
[IMNX-2001-70-027-01]
[MDKSA-2001-062]
[RHSA-2001:086]
[20011002-01-P]
[samba-netbios-file-creation(6731)]
-
Entry
linprocfs on FreeBSD 4.3 and earlier does not properly restrict access to kernel memory, which allows one process with debugging rights on a privileged process to read restricted memory from that process.
[3217]
[FreeBSD-SA-01:55]
[1938]
[linprocfs-process-memory-leak(7017)]
-
Entry
OmniSecure HTTProtect 1.1.1 allows a superuser without omnish privileges to modify a protected file by creating a symbolic link to that file.
[20010719 [SNS Advisory No.37] HTTProtect allows attackers to change the protected file using a symlink]
[http://www.omnisecure.com/security-alert.html]
[5452]
[httprotect-protected-file-symlink(6880)]
-
Entry
Buffer overflow in Elm 2.5.5 and earlier allows remote attackers to execute arbitrary code via a long Message-ID header.
[MDKSA-2001:067]
[5451]
[RHSA-2001:091]
[elm-messageid-bo(6852)]
-
Entry
vipw in the util-linux package before 2.10 causes /etc/shadow to be world-readable in some cases, which would make it easier for local users to perform brute force password guessing.
[3036]
[RHSA-2001:095]
[RHSA-2001:132]
[vipw-world-readable-files(6851)]
-
Entry
Format string vulnerability in Check Point VPN-1/FireWall-1 4.1 allows a remote authenticated firewall administrator to execute arbitrary code via format strings in the control connection.
[3021]
[20010712 VPN-1/FireWall-1 Format Strings Vulnerability]
[http://www.checkpoint.com/techsupport/alerts/format_strings.html]
[1901]
[fw1-management-format-string(6849)]
-
Entry
ml85p in Samsung ML-85G GDI printer driver before 0.2.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.
[3008]
[20010717 Samsung ML-85G Printer Linux Helper/Driver Binary Exploit (Mandrake: ghostscript package)]
[samsung-printer-temp-symlink(6845)]
-
Entry
FreeBSD 4.3 does not properly clear shared signal handlers when executing a process, which allows local users to gain privileges by calling rfork with a shared signal handler, having the child process execute a setuid program, and sending a signal to the child.
[3007]
[20010710 FreeBSD 4.3 local root, yet Linux and *BSD much better than Windows]
[VU#943633]
[L-111]
[FreeBSD-SA-01:42]
[1897]
[bsd-rfork-signal-handlers(6829)]
-
Entry
PPTP implementation in Cisco IOS 12.1 and 12.2 allows remote attackers to cause a denial of service (crash) via a malformed packet.
[3022]
[VU#656315]
[20010712 Cisco IOS PPTP Vulnerability]
[802]
[cisco-ios-pptp-dos(6835)]
-
Entry
Some AIO operations in FreeBSD 4.4 may be delayed until after a call to execve, which could allow a local user to overwrite memory of the new process and gain privileges.
[3661]
[20011210 AIO vulnerability]
[2001]
[bsd-aio-overwrite-memory(7693)]
-
Entry
Microsoft IIS 5.0 allows remote attackers to cause a denial of service via an HTTP request with a content-length value that is larger than the size of the request, which prevents IIS from timing out the connection.
[3667]
[20011211 Microsoft IIS/5 bogus Content-length bug Memory attack]
[20011211 Microsoft IIS/5 bogus Content-length bug.]
[20011212 Microsoft IIS/5.0 Content-Length DoS (proved)]
[iis-false-content-length-dos(7691)]
-
Entry
Directory traversal vulnerability in EFTP 2.0.8.346 allows local users to read directories via a ... (modified dot dot) in the CWD command.
[3691]
[20011213 EFTP 2.0.8.346 directory content disclosure]
[VU#413875]
[http://www.eftp.org/releasehistory.html]
[2003]
[eftp-dot-directory-traversal(7699)]
-
Entry
Cross-site scripting vulnerability in agora.cgi for Agora 3.0a through 4.0g, when debug mode is enabled, allows remote attackers to execute Javascript on other clients via the cart_id parameter.
[3702]
[20011217 Agoracgi v3.3e Cross Site Scripting Vulnerability]
[http://www.agoracgi.com/security.html]
[698]
[agora-cgi-css(7708)]
-
Entry
Microsoft Windows XP allows local users to bypass a locked screen and run certain programs that are associated with Hot Keys.
[3703]
[20011217 Hot keys permissions bypass under XP]
[winxp-hotkey-execute-programs(7713)]
-
Entry
Buffer overflow in wmcube-gdk for WMCube/GDK 0.98 allows local users to execute arbitrary code via long lines in the object description file.
[3706]
[20011217 New Advisory + Exploit]
[20011218 wmcube-gdk is vulnerable to a local exploit]
[http://www.ne.jp/asahi/linux/timecop/software/wmcube-gdk-0.98p2.tar.gz]
[wmcubegdk-object-file-bo(7720)]
-
Entry
Format string vulnerability in gpm-root in gpm 1.17.8 through 1.17.18 allows local users to gain root privileges.
[3750]
[DSA-095]
[linux-gpm-format-string(7748)]
-
Entry
Format string vulnerability in PFinger 0.7.5 through 0.7.7 allows remote attackers to execute arbitrary code via format string specifiers in a .plan file.
[3725]
[20011220 [CERT-intexxia] pfinger Format String Vulnerability]
[http://www.xelia.ch/unix/pfinger/ChangeLog]
[pfinger-plan-format-string(7742)]
-
Entry
Zope before 2.2.4 allows partially trusted users to bypass security controls for certain methods by accessing the methods through the fmt attribute of dtml-var tags.
[3425]
[MDKSA-2001:080]
[RHSA-2001:072]
[RHSA-2001:115]
[zope-fmt-access-methods(7271)]
-
Entry
GroupWise 5.5 and 6 running in live remote or smart caching mode allows remote attackers to read arbitrary users' mailboxes by extracting usernames and passwords from sniffed network traffic, as addressed by the "Padlock" fix.
[3189]
[20010814 Fwd: Security Alert: Groupwise - Action Required]
[http://support.novell.com/padlock/details.htm]
[novell-groupwise-admin-privileges(6998)]
-
Entry
Bharat Mediratta Gallery PHP script before 1.2.1 allows remote attackers to execute arbitrary code by including files from remote web sites via an HTTP request that modifies the includedir variable.
[3397]
[20011002 results of semi-automatic source code audit]
[http://prdownloads.sourceforge.net/gallery/gallery-1.2.5.tar.gz]
[1967]
[php-includedir-code-execution(7215)]
-
Entry
pSlash PHP script 0.7 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable.
[3395]
[20011002 results of semi-automatic source code audit]
[VU#847803]
[php-includedir-code-execution(7215)]
-
Entry
myphpPagetool PHP script 0.4.3-1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the includedir variable.
[3394]
[20011002 results of semi-automatic source code audit]
[VU#847803]
[php-includedir-code-execution(7215)]
-
Entry
Phormation PHP script 0.9.1 and earlier allows remote attackers to execute arbitrary code by including files from remote web sites, using an HTTP request that modifies the phormationdir variable.
[3393]
[20011002 results of semi-automatic source code audit]
[VU#847803]
[http://www.peaceworks.ca/phormation/phormation-0.9.2.tar.gz]
[php-includedir-code-execution(7215)]
-
Entry
The default configuration of sudo in Engarde Secure Linux 1.0.1 allows any user in the admin group to run certain commands that could be leveraged to gain full root access.
[ESA-20010711-02]
-
Entry
PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.
[2954]
[20010630 php breaks safe mode]
[http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz]
[RHSA-2002:102]
[RHSA-2002:129]
[RHSA-2003:159]
[php-safemode-elevate-privileges(6787)]
-
Entry
PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files.
[20010630 php breaks safe mode]
[http://www.php.net/do_download.php?download_file=php-4.1.2.tar.gz]
[5440]
[RHSA-2002:035]
-
Entry
SmallHTTP 1.204 through 3.00 beta 8 allows remote attackers to cause a denial of service via multiple long URL requests.
[2980]
[20010629 4 New vulns. vWebServer and SmallHTTP]
[vwebserver-long-url-dos(6771)]
-
Entry
Network Associates PGP Keyserver 7.0 allows remote attackers to bypass authentication and access the administrative web interface via URLs that directly access cgi-bin instead of keyserver/cgi-bin for the programs (1) console, (2) cs, (3) multi_config and (4) directory.
[3375]
[20010928 SNS-43: PGP Keyserver Permissions Misconfiguration]
[http://www.pgp.com/support/product-advisories/keyserver.asp]
[1955]
[4193]
[pgp-keyserver-http-dos(7203)]
-
Entry
Directory traversal vulnerability in Doug Neal's HTTPD Daemon (DNHTTPD) before 0.4.1 allows remote attackers to view arbitrary files via a .. (dot dot) attack using the dot hex code '%2E'.
[http://dnhttpd.sourceforge.net/changelog.html]
[http://archives.neohapsis.com/archives/apps/freshmeat/2001-07/0002.html]
-
Entry
Directory traversal vulnerability in GNU tar 1.13.19 and earlier allows local users to overwrite arbitrary files during archive extraction via a tar file whose filenames contain a .. (dot dot).
[3024]
[20010712 SECURITY.NNOV: directory traversal and path globing in multiple archivers]
[CLA-2002:538]
[ftp://alpha.gnu.org/gnu/tar/tar-1.13.25.tar.gz]
[HPSBTL0209-068]
[MDKSA-2002:066]
[RHSA-2002:096]
[RHSA-2002:138]
[RHSA-2003:218]
[47800]
[archive-extraction-directory-traversal(10224)]
-
Entry
ispell before 3.1.20 allows local users to overwrite files of other users via a symlink attack on a temporary file.
[20010621 ispell update -- Immunix OS 6.2]
[IMNX-2001-62-004-01]
[MDKSA-2001:058]
[RHSA-2001:074]
-
Entry
makewhatis in the man package before 1.5i2 allows an attacker in group man to overwrite arbitrary files via a man page whose name contains shell metacharacters.
[20010611 man 1.5h10 + man 1.5i-4 exploits]
[https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=41805]
[RHSA-2001:072]
-
Entry
Buffer overflow in print-rx.c of tcpdump 3.x (probably 3.6x) allows remote attackers to cause a denial of service and possibly execute arbitrary code via AFS RPC packets with invalid lengths that trigger an integer signedness error, a different vulnerability than CVE-2000-1026.
[3065]
[CSSA-2002-025.0]
[VU#797201]
[CLA-2002:480]
[FreeBSD-SA-01:48]
[MDKSA-2002:032]
[RHSA-2001:089]
[tcpdump-afs-rpc-bo(7006)]
-
Entry
The telnet server for 3Com hardware such as PS40 SuperStack II does not delay or disconnect remote attackers who provide an incorrect username or password, which makes it easier to break into the server via brute force password guessing.
[3034]
[20010712 3Com TelnetD]
[3com-telnetd-brute-force(6855)]
-
Entry
Directory traversal vulnerability in Cerberus FTP Server 1.5 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the CD command.
[http://www.greenepa.net/~averett/cerberus-releasenotes.htm#ReleaseNotes]
[http://www.securiteam.com/windowsntfocus/5SP0M0055W.html]
[cerberus-ftp-directory-traversal(7004)]
-
Entry
More.groupware PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
[3383]
[20011002 results of semi-automatic source code audit]
[http://www.moregroupware.org/index.php?action=detail&news_id=24]
[php-includedir-code-execution(7215)]
-
Entry
PHP remote file inclusion vulnerability in Actionpoll PHP script before 1.1.2 allows remote attackers to execute arbitrary PHP code via a URL in the includedir parameter.
[3384]
[20011002 results of semi-automatic source code audit]
[http://sourceforge.net/project/shownotes.php?release_id=58331]
[1960]
[php-includedir-code-execution(7215)]
-
Entry
Zorbat Zorbstats PHP script before 0.9 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable.
[3386]
[20011002 results of semi-automatic source code audit]
[VU#847803]
[http://www.come.to/zorbat/]
[http://www.kb.cert.org/vuls/id/JARL-53RJKV]
[php-includedir-code-execution(7215)]
-
Entry
rcs2log, as used in Emacs 20.4, xemacs 21.1.10 and other versions before 21.4, and possibly other packages, allows local users to modify files of other users via a symlink attack on a temporary file.
[20010807 rcs2log]
[http://savannah.gnu.org/cgi-bin/viewcvs/emacs/emacs/lib-src/rcs2log?only_with_tag=EMACS_PRETEST_21_0_95]
[rcs2log-tmp-symlink(11210)]
-
Entry
The change password option in the Windows Security interface for Windows 2000 allows attackers to use the option to attempt to change passwords of other users on other systems or identify valid accounts by monitoring error messages, possibly due to a problem in the NetuserChangePassword function.
[3063]
[20010718 Changing NT/2000 accounts password from the command line]
[win2k-change-network-passwords(6876)]
-
Entry
The default configuration of SecuRemote for Check Point Firewall-1 allows remote attackers to obtain sensitive configuration information for the protected network without authentication.
[3058]
[20010718 Firewall-1 Information leak]
[588]
[fw1-securemote-gain-information(6857)]
-
Entry
xinetd 2.1.8 and earlier runs with a default umask of 0, which could allow local users to read or modify files that are created by an application that runs under xinetd but does not set its own safe umask.
[2826]
[CLA-2001:404]
[DSA-063]
[ESA-20010621-01]
[FreeBSD-SA-01:47]
[IMNX-2001-70-024-01]
[MDKSA-2001:055]
[RHSA-2001:075]
[SuSE-SA:2001:022]
[xinetd-insecure-permissions(6657)]
-
Entry
pmake before 2.1.35 in Turbolinux 6.05 and earlier is installed with setuid root privileges, which could allow local users to gain privileges by exploiting vulnerabilities in pmake or programs that are used by pmake.
[TLSA2001024]
[pmake-binary-gain-privileges(9988)]
-
Entry
Buffer overflow in ypbind daemon in Solaris 5.4 through 8 allows remote attackers to execute arbitrary code.
[AA-2001.03]
[L-103]
[oval:org.mitre.oval:def:1844]
[00203]
[solaris-ypbind-bo(6828)]
-
Entry
Block_render_url.class in PHPSlash 0.6.1 allows remote attackers with PHPSlash administrator privileges to read arbitrary files by creating a block and specifying the target file as the source URL.
[2724]
[20010515 PHPSlash : potential vulnerability in URL blocks]
[http://marc.info/?l=phpslash&m=99029398904419&w=2]
[phpslash-block-read-files(9990)]
-
Entry
Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or other characters, which causes certain functions to dereference a null pointer.
[2740]
[20010412 Apache Win32 8192 chars string bug]
[20010522 [Announce] Apache 1.3.20 Released]
[http://bugs.apache.org/index.cgi/full/7522]
[http://www.apacheweek.com/issues/01-05-25]
[[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/]
[[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/]
[[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[apache-server-dos(6527)]
-
Entry
bctool in Jetico BestCrypt 0.7 and earlier trusts the user-supplied PATH to find and execute an fsck utility program, which allows local users to gain privileges by modifying the PATH to point to a Trojan horse program.
[2820]
[20010604 Fatal flaw in BestCrypt <= v0.7 (Linux)]
[http://www.jetico.com/index.htm#/linux.htm]
[bestcrypt-bctool-gain-privileges(6648)]
-
Entry
Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes.
[2764]
[20010524 Elevation of privileges with debug registers on Win2K]
[win2k-debug-elevate-privileges(6590)]
-
Entry
Sendmail before 8.11.4, and 8.12.0 before 8.12.0.Beta10, allows local users to cause a denial of service and possibly corrupt the heap and gain privileges via race conditions in signal handlers.
[2794]
[20010528 Unsafe Signal Handling in Sendmail]
[20010529 sendmail 8.11.4 and 8.12.0.Beta10 available (fwd)]
[http://archives.neohapsis.com/archives/sendmail/2001-q2/0001.html]
[RHSA-2001:106]
[sendmail-signal-handling(6633)]
-
Entry
Cross-site scripting vulnerability in namazu.cgi for Namazu 2.0.7 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the lang parameter.
[http://search.namazu.org/ml/namazu-devel-ja/msg02114.html]
[RHSA-2001:162]
-
Entry
Cross-site scripting vulnerability in Namazu 2.0.8 and earlier allows remote attackers to execute arbitrary Javascript as other web users via the index file name that is displayed when displaying hit numbers.
[5690]
[RHSA-2001:162]
[linux-namazu-css(7875)]
-
Entry
Cross-site scripting vulnerability in Namazu 2.0.9 and earlier allows remote attackers to execute arbitrary Javascript as other web users via an error message that is returned when an invalid index file is specified in the idxname parameter.
[20011227 Re: [RHSA-2001:162-04] Updated namazu packages are available]
[20020109 Details on the updated namazu packages that are available]
[5691]
[RHSA-2001:179]
[linux-namazu-css(7875)]
-
Entry
Volution clients 1.0.7 and earlier attempt to contact the computer creation daemon (CCD) when an LDAP authentication failure occurs, which allows remote attackers to fully control clients via a Trojan horse Volution server.
[2850]
[CSSA-2001-021.0]
[volution-authentication-failure-access(6672)]
-
Entry
The checkAccess function in PHPSlice 0.1.4, and all other versions between 0.1.1 and 0.1.6, does not properly verify the administrative access level, which could allow remote attackers to gain privileges.
[http://phpslice.org/comments.php?aid=1031&]
[20010719 [VulnWatch] Changelog maddness (14 various broken apps)]
[phpslice-checkaccess-function-privileges(9649)]
-
Entry
Leon J Breedt pam-pgsql before 0.5.2 allows remote attackers to execute arbitrary SQL code and bypass authentication or modify user account records by injecting SQL statements into user or password fields.
[3319]
[FreeBSD-SA-02:14]
[postgresql-pam-authentication-module(7110)]
-
Entry
prepend.php3 in PHPLib before 7.2d, when register_globals is enabled for PHP, allows remote attackers to execute arbitrary scripts via an HTTP request that modifies $_PHPLIB[libdir] to point to malicious code on another server, as seen in Horde 1.2.5 and earlier, IMP before 2.2.6, and other packages that use PHPLib.
[3079]
[20010721 IMP 2.2.6 (SECURITY) released]
[20010722 [SEC] Hole in PHPLib 7.2 prepend.php3]
[20010726 TSLSA-2001-0014 - PHPLib]
[CSSA-2001-027.0]
[CLA-2001:410]
[DSA-073]
[phplib-script-execution(6892)]
-
Entry
The default configuration of Oracle Application Server 9iAS 1.0.2.2 enables SOAP and allows anonymous users to deploy applications by default via urn:soap-service-manager and urn:soap-provider-manager.
[4289]
[20020206 Hackproofing Oracle Application Server paper]
[CA-2002-08]
[VU#736923]
[http://technet.oracle.com/deploy/security/pdf/ias_soap_alert.pdf]
[http://www.nextgenss.com/papers/hpoas.pdf]
[oracle-appserver-soap-components(8449)]
-
Entry
Oracle 9i Application Server 1.0.2 allows remote attackers to obtain the physical path of a file under the server root via a request for a non-existent .JSP file, which leaks the pathname in an error message.
[3341]
[20010917 Yet another path disclosure vulnerability]
[20010921 Response to "Path disclosure vulnerability in Oracle 9i and 8i]
[CA-2002-08]
[VU#278971]
[http://otn.oracle.com/deploy/security/pdf/jspexecute_alert.pdf]
[http://www.nii.co.in/research.html]
[oracle-jsp-reveal-path(7135)]
-
Entry
MailSafe in Zone Labs ZoneAlarm 2.6 and earlier and ZoneAlarm Pro 2.6 and 2.4 does not block prohibited file types with long file names, which allows remote attackers to send potentially dangerous attachments.
[3055]
[20010718 ZoneAlarm Pro]
[http://www.zonelabs.com/products/zap/rel_history.html#2.6.362]
[zonealarm-bypass-mailsafe(6877)]
-
Entry
expect before 5.32 searches for its libraries in /var/tmp before other directories, which could allow local users to gain root privileges via a Trojan horse library that is accessed by mkpasswd.
[3074]
[CLA-2001:409]
[https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=22187]
[https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=28224]
[MDKSA-2002:060]
[RHSA-2002:148]
[expect-insecure-library-search(6870)]
-
Entry
tcl/tk package (tcltk) 8.3.1 searches for its libraries in the current working directory before other directories, which could allow local users to execute arbitrary code via a Trojan horse library that is under a user-controlled directory.
[3073]
[CLA-2001:409]
[https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=28226]
[MDKSA-2002:060]
[RHSA-2002:148]
[tcltk-insecure-library-search(6869)]
-
Entry
fetchmailconf in fetchmail before 5.7.4 allows local users to overwrite files of other users via a symlink attack on temporary files.
[http://lists.ccil.org/pipermail/fetchmail-announce/2001-March/000015.html]
[RHSA-2001:103]
-
Entry
OpenSSH before 2.9.9, while using keypairs and multiple keys of different types in the ~/.ssh/authorized_keys2 file, may not properly handle the "from" option associated with a key, which could allow remote attackers to login from unauthorized IP addresses.
[3369]
[20010926 OpenSSH Security Advisory (adv.option)]
[20011017 TSLSA-2001-0023 - OpenSSH]
[20011018 Immunix OS update for OpenSSH]
[20011019 TSLSA-2001-0026 - OpenSSH]
[VU#905795]
[M-010]
[CLSA-2001:431]
[IMNX-2001-70-034-01]
[MDKSA-2001:081]
[642]
[RHSA-2001:114]
[openssh-access-control-bypass(7179)]
-
Entry
The "echo simulation" traffic analysis countermeasure in OpenSSH before 2.9.9p2 sends an additional echo packet after the password and carriage return is entered, which could allow remote attackers to determine that the countermeasure is being used.
[http://www.openwall.com/Owl/CHANGES-stable.shtml]
[5408]
-
Entry
initscript in setserial 2.17-4 and earlier uses predictable temporary file names, which could allow local users to conduct unauthorized operations on files.
[3367]
[RHSA-2001:110]
[linux-setserial-initscript-symlink(7177)]
-
Entry
The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
[2205]
[20010112 PHP Security Advisory - Apache Module bugs]
[CLA-2001:373]
[DSA-020]
[MDKSA-2001:013]
[RHSA-2000:136]
[php-view-source-code(5939)]
-
Entry
WFTPD 3.00 allows remote attackers to read arbitrary files by uploading a (link) file that ends in a ".lnk." extension, which bypasses WFTPD's check for a ".lnk" extension.
[2957]
[20010701 WFTPD v3.00 R5 Directory Traversal]
[ftp-lnk-directory-traversal(6760)]
-
Entry
Off-by-one vulnerability in CPIA driver of Linux kernel before 2.2.19 allows users to modify kernel memory.
[20010405 Trustix Security Advisory #2001-0003 - kernel]
[20010409 PROGENY-SA-2001-01: execve()/ptrace() exploit in Linux kernels]
[CSSA-2001-012.0]
[CLA-2001:394]
[http://www.linux.org.uk/VERSION/relnotes.2219.html]
[DSA-047]
[IMNX-2001-70-010-01]
[MDKSA-2001:037]
[RHSA-2001:047]
[SuSE-SA:2001:018]
[linux-cpia-memory-overwrite(11162)]
-
Entry
process_bug.cgi in Bugzilla before 2.14 does not set the "groupset" bit when a bug is moved between product groups, which will cause the bug to have the old group's restrictions, which might not be as stringent.
[20010829 Security Advisory for Bugzilla v2.13 and older]
[http://bugzilla.mozilla.org/show_bug.cgi?id=66235]
[RHSA-2001:107]
[bugzilla-processbug-old-restrictions(10478)]
-
Entry
Bugzilla before 2.14 allows Bugzilla users to bypass group security checks by marking a bug as the duplicate of a restricted bug, which adds the user to the CC list of the restricted bug and allows the user to view the bug.
[20010829 Security Advisory for Bugzilla v2.13 and older]
[http://bugzilla.mozilla.org/show_bug.cgi?id=96085]
[RHSA-2001:107]
[bugzilla-duplicate-view-restricted(10479)]
-
Entry
Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code.
[3748]
[20011227 Stunnel: Format String Bug in versions <3.22]
[20020102 Stunnel: Format String Bug update]
[http://stunnel.mirt.net/news.html]
[MDKSA-2002:004]
[http://marc.info/?l=stunnel-users&m=100869449828705&w=2]
[RHSA-2002:002]
[stunnel-client-format-string(7741)]
-
Entry
Buffer overflow in the preprocessor in groff 1.16 and earlier allows remote attackers to gain privileges via lpd in the LPRng printing system.
[3869]
[HPSBTL0201-014]
[MDKSA-2002:012]
[RHSA-2002:004]
[linux-groff-preprocessor-bo(7881)]
-
Entry
Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.
[3886]
[20020117 '/usr/bin/at 31337 + vuln' problem + exploit]
[DSA-102]
[HPSBTL0201-021]
[HPSBTL0302-034]
[MDKSA-2002:007]
[RHSA-2002:015]
[SuSE-SA:2002:003]
[linux-at-exetime-heap-corruption(7909)]
-
Entry
Buffer overflow in AOL Instant Messenger (AIM) 4.7.2480, 4.8.2616, and other versions allows remote attackers to execute arbitrary code via a long argument in a game request (AddGame).
[3769]
[20020102 AIM addendum]
[20020102 w00w00 on AOL Instant Messenger (serious vulnerability)]
[VU#907819]
[20020102 AIM addendum]
[20020102 w00w00 on AOL Instant Messenger (serious vulnerability)]
[aim-game-overflow(7743)]
-
Entry
XChat 1.8.7 and earlier, including default configurations of 1.4.2 and 1.4.3, allows remote attackers to execute arbitrary IRC commands as other clients via encoded characters in a PRIVMSG command that calls CTCP PING, which expands the characters in the client response when the percascii variable is set.
[3830]
[20020109 xchat IRC session hijacking vulnerability (versions 1.4.1, 1.4.2)]
[CLA-2002:453]
[DSA-099]
[HPSBTL0201-016]
[RHSA-2002:005]
[xchat-ctcp-ping-command(7856)]
-
Entry
CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attackers to obtain an anonymous bind to the LDAP server via a request that does not include a password, which causes a null password to be sent to the LDAP server.
[3792]
[20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older]
[http://www.bugzilla.org/security2_14_1.html]
[http://bugzilla.mozilla.org/show_bug.cgi?id=54901]
[RHSA-2002:001]
[bugzilla-ldap-auth-bypass(7812)]
-
Entry
show_bug.cgi in Bugzilla before 2.14.1 allows a user with "Bugs Access" privileges to see other products that are not accessible to the user, by submitting a bug and reading the resulting Product pulldown menu.
[3798]
[20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older]
[http://www.bugzilla.org/security2_14_1.html]
[http://bugzilla.mozilla.org/show_bug.cgi?id=102141]
[RHSA-2002:001]
[bugzilla-showbug-reveal-bugs(7802)]
-
Entry
Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may allow remote attackers to more easily conduct attacks on the login.
[3800]
[20020105 Security Advisory for Bugzilla v2.15 (cvs20020103) and older]
[http://www.bugzilla.org/security2_14_1.html]
[http://bugzilla.mozilla.org/show_bug.cgi?id=98146]
[RHSA-2002:001]
[bugzilla-doeditvotes-login-information(7803)]
-
Entry
URL-handling code in Pine 4.43 and earlier allows remote attackers to execute arbitrary commands via a URL enclosed in single quotes and containing shell metacharacters (&).
[3815]
[20020105 Pine 4.33 (at least) URL handler allows embedded commands.]
[CLA-2002:460]
[ESA-20020114-002]
[FreeBSD-SA-02:05]
[HPSBTL0201-015]
[RHSA-2002:009]
-
Entry
Buffer overflow in SNMP daemon (snmpd) on SGI IRIX 6.5 through 6.5.15m allows remote attackers to execute arbitrary code via an SNMP request.
[4421]
[20020403 Remote Buffer Overflow Vulnerability in IRIX SNMP Daemon]
[20020201-01-P]
[irix-snmp-bo(7846)]
-
Entry
In Microsoft Windows NT and Windows 2000, a trusting domain that receives authorization information from a trusted domain does not verify that the trusted domain is authoritative for all listed SIDs, which allows remote attackers to gain Domain Administrator privileges on the trusting domain by injecting SIDs from untrusted domains into the authorization data that comes from from the trusted domain.
[3997]
[MS02-001]
[oval:org.mitre.oval:def:159]
[oval:org.mitre.oval:def:64]
[win-sid-gain-privileges(8023)]
-
Entry
Buffer overflow in telnet server in Windows 2000 and Interix 2.2 allows remote attackers to execute arbitrary code via malformed protocol options.
[4061]
[MS02-004]
[oval:org.mitre.oval:def:424]
[ms-telnet-option-bo(8094)]
-
Entry
Network Product Identification (PID) Checker in Microsoft Office v. X for Mac allows remote attackers to cause a denial of service (crash) via a malformed product announcement.
[4045]
[MS02-002]
[2041]
-
Entry
Buffer overflow in the implementation of an HTML directive in mshtml.dll in Internet Explorer 5.5 and 6.0 allows remote attackers to execute arbitrary code via a web page that specifies embedded ActiveX controls in a way that causes 2 Unicode strings to be concatenated.
[4080]
[20020213 dH & SECURITY.NNOV: buffer overflow in mshtml.dll]
[20020227 Details and exploitation of buffer overflow in mshtml.dll (and few sidenotes on Unicode overflows in general)]
[CA-2002-04]
[MS02-005]
[oval:org.mitre.oval:def:925]
[ie-html-directive-bo(8116)]
-
Entry
Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read arbitrary files via malformed requests to the GetObject function, which bypass some of GetObject's security checks.
[3767]
[20020101 IE GetObject() problems]
[MS02-005]
[3030]
[oval:org.mitre.oval:def:17]
[oval:org.mitre.oval:def:40]
[oval:org.mitre.oval:def:50]
[oval:org.mitre.oval:def:77]
[ie-getobject-directory-traversal(7758)]
-
Entry
File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an attacker to use the Content-Disposition and Content-Type HTML header fields to modify how the name of the file is displayed, which could trick a user into believing that a file is safe to download.
[4087]
[MS02-005]
-
Entry
Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the Content-Type HTML header field, which allows remote attackers to modify which application is used to process a document.
[4085]
[20020212 [ GFISEC04102001 ] Internet Explorer and Access allow macros to be executed automatically]
[MS02-005]
[ie-application-invocation(8118)]
-
Entry
Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restrictions for executing scripts via an object that processes asynchronous events after the initial security checks have been made.
[4082]
[MS02-005]
[oval:org.mitre.oval:def:12]
[oval:org.mitre.oval:def:23]
[oval:org.mitre.oval:def:32]
-
Entry
Internet Explorer 5.5 and 6.0 allows remote attackers to read certain files and spoof the URL in the address bar by using the Document.open function to pass information between two frames from different domains, a new variant of the "Frame Domain Verification" vulnerability described in MS:MS01-058/CAN-2001-0874.
[3721]
[20011219 Internet Explorer Document.Open() Without Close() Cookie Stealing, File Reading, Site Spoofing Bug]
[MS02-005]
[3031]
[oval:org.mitre.oval:def:974]
-
Entry
Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows remote attackers to execute arbitrary code via a Voice Video & Games request.
[3813]
[20020106 ICQ remote buffer overflow vulnerability]
[CA-2002-02]
[VU#570167]
[20020107 ICQ remote buffer overflow vulnerability]
[aim-game-overflow(7743)]
-
Entry
Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to execute arbitrary script as other users via the addview parameter of a ymsgr URI.
[4838]
[20020527 Yahoo Messenger - Multiple Vulnerabilities]
[CA-2002-16]
[VU#172315]
[yahoo-messenger-script-injection(9184)]
-
Entry
Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name.
[4674]
[20020505 [LSD] Solaris cachefsd remote buffer overflow vulnerability]
[CA-2002-11]
[VU#635811]
[http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F44309]
[oval:org.mitre.oval:def:124]
[oval:org.mitre.oval:def:31]
[solaris-cachefsd-name-bo(8999)]
-
Entry
Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 1.2.5 allows remote attackers to cause a denial of service via a large unsigned data element length, which is later used as a negative value.
[6713]
[VU#587579]
[CLA-2003:639]
[http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt]
[MDKSA-2003:043]
[4896]
[RHSA-2003:051]
[RHSA-2003:052]
[RHSA-2003:168]
[kerberos-kdc-neglength-bo(11190)]
-
Entry
Vulnerability in the cache-limiting function of the unified name service daemon (nsd) in IRIX 6.5.4 through 6.5.11 allows remote attackers to cause a denial of service by forcing the cache to fill the disk.
[3882]
[20020102-01-I]
[20020102-02-I]
[20020102-03-P]
[irix-nsd-cache-dos(7907)]
-
Entry
Vulnerability in SGI IRIX 6.5.11 through 6.5.15f allows local users to cause privileged applications to dump core via the HOSTALIASES environment variable, which might allow the users to gain privileges.
[4388]
[2058]
[20020306-01-P]
[irix-hostaliases-gain-privileges(8669)]
-
Entry
Vulnerability in the XFS file system for SGI IRIX before 6.5.12 allows local users to cause a denial of service (hang) by creating a file that is not properly processed by XFS.
[4511]
[20020402-01-P]
[irix-xfs-dos(8839)]
-
Entry
sudo 1.6.0 through 1.6.3p7 does not properly clear the environment before calling the mail program, which could allow local users to gain root privileges by modifying environment variables and changing how the mail program is invoked.
[3871]
[20020114 Sudo version 1.6.4 now available (fwd)]
[20020116 Sudo +Postfix Exploit]
[CLA-2002:451]
[DSA-101]
[ESA-20020114-001]
[FreeBSD-SA-02:06]
[IMNX-2002-70-001-01]
[MDKSA-2002:003]
[http://www.sudo.ws/sudo/alerts/postfix.html]
[RHSA-2002:011]
[RHSA-2002:013]
[SuSE-SA:2002:002]
[sudo-unclean-env-root(7891)]
-
Entry
GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitrary files of the Enscript user via a symlink attack on temporary files.
[3920]
[DSA-105]
[HPSBTL0201-019]
[MDKSA-2002:010]
[RHSA-2002:012]
[gnu-enscript-tmpfile-symlink(7932)]
-
Entry
slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous users before 2.0.8, to conduct a "replace" action on access controls without any values, which causes OpenLDAP to delete non-mandatory attributes that would otherwise be protected by ACLs.
[3945]
[CSSA-2002-001.0]
[CLA-2002:459]
[http://www.openldap.org/lists/openldap-announce/200201/msg00002.html]
[HPSBTL0201-020]
[MDKSA-2002:013]
[5395]
[RHSA-2002:014]
[openldap-slapd-delete-attributes(7978)]
-
Entry
Linux kernel, and possibly other operating systems, allows remote attackers to read portions of memory via a series of fragmented ICMP packets that generate an ICMP TTL Exceeded response, which includes portions of the memory in the response packet.
[20020120 remote memory reading through tcp/icmp]
[5394]
[RHSA-2002:007]
[icmp-read-memory(7998)]
-
Entry
CIPE VPN package before 1.3.0-3 allows remote attackers to cause a denial of service (crash) via a short malformed packet.
[DSA-104]
[RHSA-2002:007]
[cipe-packet-handling-dos(7883)]
-
Entry
Microsoft Exchange Server 2000 System Attendant gives "Everyone" group privileges to the WinReg key, which could allow remote attackers to read or modify registry keys.
[4053]
[MS02-003]
[2042]
[oval:org.mitre.oval:def:1022]
[exchange-attendant-incorrect-permissions(8092)]
-
Entry
Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 allows remote attackers to execute arbitrary code via long authentication data.
[4157]
[MS02-010]
-
Entry
Windows 2000 allows local users to prevent the application of new group policy settings by opening Group Policy files with exclusive-read access.
[4438]
[20011205 SECURITY.NNOV: file locking and security (group policy DoS on Windows 2000 domain)]
[MS02-016]
[oval:org.mitre.oval:def:38]
-
Entry
Internet Explorer 6.0 and earlier does not properly handle VBScript in certain domain security checks, which allows remote attackers to read arbitrary files.
[4158]
[MS02-009]
[763]
[1003630]
-
Entry
SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Connector (IMC) in Exchange Server 5.5 does not properly handle responses to NTLM authentication, which allows remote attackers to perform mail relaying via an SMTP AUTH command using null session credentials.
[4205]
[20020301 IIS SMTP component allows mail relaying via Null Session]
[MS02-011]
-
Entry
SMTP service in Microsoft Windows 2000, Windows XP Professional, and Exchange 2000 allows remote attackers to cause a denial of service via a command with a malformed data transfer (BDAT) request.
[4204]
[20020306 Vulnerability Details for MS02-012]
[MS02-012]
[oval:org.mitre.oval:def:30]
[ms-smtp-data-transfer-dos(8307)]
-
Entry
XMLHTTP control in Microsoft XML Core Services 2.6 and later does not properly handle IE Security Zone settings, which allows remote attackers to read arbitrary files by specifying a local file as an XML Data Source.
[3699]
[20011214 MSIE6 can read local files]
[20020212 Update on the MS02-005 patch, holes still remain]
[MS02-008]
[3032]
[ie-xmlhttp-redirect(7712)]
-
Entry
The decompression algorithm in zlib 1.1.3 and earlier, as used in many different utilities and packages, causes inflateEnd to release certain memory more than once (a "double free"), which may allow local and remote attackers to execute arbitrary code via a block of malformed compression data.
[4267]
[20020311 security problem fixed in zlib 1.1.4]
[20020312 Re: [VulnWatch] exploiting the zlib bug in openssh]
[20020312 [OpenPKG-SA-2002.003] OpenPKG Security Advisory (zlib)]
[20020312 exploiting the zlib bug in openssh]
[20020312 zlib & java]
[20020312 zlibscan : script to find suid binaries possibly affected by zlib vulnerability]
[20020313 OpenSSH rebuild warning: problems avoiding zlib problems in Solaris]
[20020314 Re: about zlib vulnerability - Microsoft products]
[20020314 ZLib double free bug: Windows NT potentially unaffected]
[20020314 about zlib vulnerability]
[20020315 RE: [Whitehat] about zlib vulnerability]
[20020318 TSLSA-2002-0040 - zlib]
[20020402 VNC Security Bulletin - zlib double free issue (multiple vendors and versions)]
[CSSA-2002-014.1]
[CSSA-2002-015.1]
[CA-2002-07]
[VU#368819]
[20020403 Vulnerability in the zlib Compression Library]
[CLA-2002:469]
[DSA-122]
[ESA-20020311-008]
[FreeBSD-SA-02:18]
[HPSBTL0204-030]
[HPSBTL0204-036]
[HPSBTL0204-037]
[MDKSA-2002:022]
[MDKSA-2002:023]
[MDKSA-2002:024]
[20020313 015: RELIABILITY FIX: March 13, 2002]
[RHSA-2002:026]
[RHSA-2002:027]
[SuSE-SA:2002:010]
[SuSE-SA:2002:011]
[20020311 [VulnWatch] zlibscan : script to find suid binaries possibly affected by zlib vulnerability]
[20020312 exploiting the zlib bug in openssh]
[zlib-doublefree-memory-corruption(8427)]
-
Entry
IRC connection tracking helper module in the netfilter subsystem for Linux 2.4.18-pre9 and earlier does not properly set the mask for conntrack expectations for incoming DCC connections, which could allow remote attackers to bypass intended firewall restrictions.
[4188]
[20020227 security advisory linux 2.4.x ip_conntrack_irc]
[VU#230307]
[http://www.netfilter.org/security/2002-02-25-irc-dcc-mask.html]
[HPSBUX0203-027]
[MDKSA-2002:041]
[RHSA-2002:028]
[20020227 Fwd: [ANNOUNCE] Security Advisory about IRC DCC connection tracking]
[linux-dcc-port-access(8302)]
-
Entry
Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows remote attackers to execute arbitrary commands via shell metacharacters (a | pipe character) provided as arguments to batch (.bat) or .cmd scripts, which are sent unfiltered to the shell interpreter, typically cmd.exe.
[4335]
[20020321 Vulnerability in Apache for Win32 batch file processing - Remote command execution]
[20020325 Apache 1.3.24 Released! (fwd)]
[http://www.apacheweek.com/issues/02-03-29#apache1324]
[[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/]
[[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/]
[[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[apache-dos-batch-command-execution(8589)]
-
Entry
Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package as used in Red Hat Linux, allows local users to gain privileges, related to "routines for moving the physical cursor and scrolling."
[2116]
[DSA-113]
[RHSA-2002:020]
[gnu-ncurses-window-bo(8222)]
-
Entry
Buffer overflow in ippRead function of CUPS before 1.1.14 may allow attackers to execute arbitrary code via long attribute names or language values.
[4100]
[CSSA-2002-008.0]
[CLA-2002:471]
[http://www.cups.org/relnotes.html]
[DSA-110]
[MDKSA-2002:015]
[RHSA-2002:032]
[SuSE-SA:2002:005]
[SuSE-SA:2002:006]
[cups-ippread-bo(8192)]
-
Entry
Funk Software Proxy Host 3.x is installed with insecure permissions for the registry and the file system.
[4458]
[20020408 Unauthorized remote control access to systems running Funk Software's Proxy v3.x]
[funk-proxy-insecure-permissions(8791)]
-
Entry
Funk Software Proxy Host 3.x uses weak encryption for the Proxy Host password, which allows local users to gain privileges by recovering the passwords from the PHOST.INI file or the Windows registry.
[4459]
[20020408 Unauthorized remote control access to systems running Funk Software's Proxy v3.x]
[funk-proxy-weak-password(8792)]
-
Entry
Funk Software Proxy Host 3.x before 3.09A creates a Named Pipe that does not require authentication and is installed with insecure access control, which allows local and possibly remote users to use the Proxy Host's configuration utilities and gain privileges.
[4460]
[20020408 Unauthorized remote control access to systems running Funk Software's Proxy v3.x]
[funk-proxy-named-pipe(8793)]
-
Entry
Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even when "htcp_port 0" is specified in squid.conf, which could allow remote attackers to bypass intended access restrictions.
[4150]
[20020221 Squid HTTP Proxy Security Update Advisory 2002:1]
[20020222 TSLSA-2002-0031 - squid]
[CSSA-2002-SCO.7]
[CLA-2002:464]
[http://www.squid-cache.org/Versions/v2/2.4/bugs/]
[FreeBSD-SA-02:12]
[MDKSA-2002:016]
[5379]
[RHSA-2002:029]
[squid-htcp-enabled(8261)]
-
Entry
Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service (core dump) and possibly execute arbitrary code with an ftp:// URL with a larger number of special characters, which exceed the buffer when Squid URL-escapes the characters.
[4148]
[20020221 Squid HTTP Proxy Security Update Advisory 2002:1]
[20020222 Squid buffer overflow]
[20020222 TSLSA-2002-0031 - squid]
[CSSA-2002-010.0]
[CSSA-2002-SCO.7]
[CLA-2002:464]
[http://www.squid-cache.org/Versions/v2/2.4/bugs/]
[FreeBSD-SA-02:12]
[MDKSA-2002:016]
[5378]
[RHSA-2002:029]
[SuSE-SA:2002:008]
[squid-ftpbuildtitleurl-bo(8258)]
-
Entry
Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denial of service.
[4146]
[20020221 Squid HTTP Proxy Security Update Advisory 2002:1]
[20020222 TSLSA-2002-0031 - squid]
[CSSA-2002-SCO.7]
[CLA-2002:464]
[http://www.squid-cache.org/Versions/v2/2.4/bugs/]
[FreeBSD-SA-02:12]
[MDKSA-2002:016]
[RHSA-2002:029]
[squid-snmp-dos(8260)]
-
Entry
Buffer overflow in Windows Shell (used as the Windows Desktop) allows local and possibly remote attackers to execute arbitrary code via a custom URL handler that has not been removed for an application that has been improperly uninstalled.
[4248]
[20020312 ADVISORY: Windows Shell Overflow]
[MS02-014]
[20020311 ADVISORY: Windows Shell Overflow]
[oval:org.mitre.oval:def:147]
[oval:org.mitre.oval:def:18]
[20020311 ADVISORY: Windows Shell Overflow]
[win-shell-bo(8384)]
-
Entry
Buffer overflow in the ism.dll ISAPI extension that implements HTR scripting in Internet Information Server (IIS) 4.0 and 5.0 allows attackers to cause a denial of service or execute arbitrary code via HTR requests with long variable names.
[A041002-1]
[4474]
[20020411 KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun]
[CA-2002-09]
[VU#363715]
[20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018]
[MS02-018]
[3325]
[oval:org.mitre.oval:def:130]
[oval:org.mitre.oval:def:45]
[20020411 [VulnWatch] KPMG-2002010: Microsoft IIS .htr ISAPI buffer overrun]
[iis-htr-isapi-bo(8799)]
-
Entry
The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET for Internet Information Server (IIS) 4.0, 5.0, and 5.1 does not properly handle the error condition when a long URL is provided, which allows remote attackers to cause a denial of service (crash) when the URL parser accesses a null pointer.
[4479]
[20020411 KPMG-2002009: Microsoft IIS W3SVC Denial of Service]
[CA-2002-09]
[VU#521059]
[20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018]
[MS02-018]
[3326]
[iis-isapi-filter-error-dos(8800)]
-
Entry
The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows attackers who have established an FTP session to cause a denial of service via a specially crafted status request containing glob characters.
[4482]
[20020417 Microsoft FTP Service STAT Globbing DoS]
[CA-2002-09]
[VU#412203]
[20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018]
[http://www.digitaloffense.net/msftpd/advisory.txt]
[MS02-018]
[3328]
[oval:org.mitre.oval:def:24]
[oval:org.mitre.oval:def:35]
[20020416 [VulnWatch] Microsoft FTP Service STAT Globbing DoS]
[iis-ftp-session-status-dos(8801)]
-
Entry
Cross-site scripting vulnerability in Help File search facility for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to embed scripts into another user's session.
[4483]
[20020410 Cgisecurity Advisory #9: Novell Websearch, and Microsoft IIS XSS Issues]
[CA-2002-09]
[VU#883091]
[20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018]
[http://www.cgisecurity.com/advisory/9.txt]
[MS02-018]
[3338]
[oval:org.mitre.oval:def:46]
[iis-help-file-css(8802)]
-
Entry
Cross-site scripting vulnerability for Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other web users via the error message used in a URL redirect (""302 Object Moved") message.
[4487]
[20020411 [SNS Advisory No.49] A Possibility of Internet Information Server/Services Cross Site Scripting]
[CA-2002-09]
[VU#520707]
[20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018]
[MS02-018]
[3341]
[oval:org.mitre.oval:def:210]
[oval:org.mitre.oval:def:58]
[iis-redirected-url-error-css(8804)]
-
Entry
Java Runtime Environment (JRE) Bytecode Verifier allows remote attackers to escape the Java sandbox and execute commands via an applet containing an illegal cast operation, as seen in (1) Microsoft VM build 3802 and earlier as used in Internet Explorer 4.x and 5.x, (2) Netscape 6.2.1 and earlier, and possibly other implementations that use vulnerable versions of SDK or JDK, aka a variant of the "Virtual Machine Verifier" vulnerability.
[4313]
[SSRT0822]
[MS02-013]
[00218]
[java-vm-verifier-variant(8480)]
-
Entry
The zone determination function in Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to run scripts in the Local Computer zone by embedding the script in a cookie, aka the "Cookie-based Script Execution" vulnerability.
[4392]
[20020330 IE: Remote webpage can script in local zone]
[MS02-015]
[3029]
[oval:org.mitre.oval:def:96]
[ie-cookie-local-zone(8701)]
-
Entry
Buffer overflow in the chunked encoding transfer mechanism in Internet Information Server (IIS) 4.0 and 5.0 Active Server Pages allows attackers to cause a denial of service or execute arbitrary code.
[4485]
[20020410 Windows 2000 and NT4 IIS .ASP Remote Buffer Overflow]
[CA-2002-09]
[VU#610291]
[20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018]
[MS02-018]
[oval:org.mitre.oval:def:16]
[oval:org.mitre.oval:def:25]
[iis-asp-chunked-encoding-bo(8795)]
-
Entry
rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.
[4285]
[CSSA-2002-014.1]
[MDKSA-2002:024]
[RHSA-2002:026]
[linux-rsync-inherit-privileges(8463)]
-
Entry
Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 and earlier, and (2) php3_mime_split in PHP 3.0.x allows remote attackers to execute arbitrary code via a multipart/form-data HTTP POST request when file_uploads is enabled.
[4183]
[20020227 Advisory 012002: PHP remote vulnerabilities]
[20020228 TSLSA-2002-0033 - mod_php]
[20020304 Apache+php Proof of Concept Exploit]
[CA-2002-05]
[VU#297363]
[CLA-2002:468]
[http://www.php.net/downloads.php]
[DSA-115]
[ESA-20020301-006]
[HPSBTL0203-028]
[MDKSA-2002:017]
[http://security.e-matters.de/advisories/012002.html]
[20020227 PHP remote vulnerabilities]
[RHSA-2002:035]
[RHSA-2002:040]
[SuSE-SA:2002:007]
[20020225 Re: Rumours about Apache 1.3.22 exploits]
[php-file-upload-overflow(8281)]
-
Entry
The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and Apache-SSL before 1.3.22+1.46, does not properly initialize memory using the i2d_SSL_SESSION function, which allows remote attackers to use a buffer overflow to execute arbitrary code via a large client certificate that is signed by a trusted Certificate Authority (CA), which produces a large serialized session.
[4189]
[20020227 mod_ssl Buffer Overflow Condition (Update Available)]
[20020228 TSLSA-2002-0034 - apache]
[20020301 Apache-SSL buffer overflow (fix available)]
[20020304 Apache-SSL 1.3.22+1.47 - update to security fix]
[CSSA-2002-011.0]
[SSRT0817]
[CLA-2002:465]
[http://www.apacheweek.com/issues/02-03-01#security]
[DSA-120]
[ESA-20020301-005]
[HPSBTL0203-031]
[HPSBUX0204-190]
[MDKSA-2002:020]
[http://packetstormsecurity.com/files/153567/Apache-mod_ssl-OpenSSL-Remote-Buffer-Overflow.html]
[RHSA-2002:041]
[RHSA-2002:042]
[RHSA-2002:045]
[apache-modssl-bo(8308)]
-
Entry
Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.
[4241]
[20020307 OpenSSH Security Advisory (adv.channelalloc)]
[20020307 [PINE-CERT-20020301] OpenSSH off-by-one]
[20020308 [OpenPKG-SA-2002.002] OpenPKG Security Advisory (openssh)]
[20020310 OpenSSH 2.9.9p2 packages for Immunix 6.2 with latest fix]
[20020311 TSLSA-2002-0039 - openssh]
[20020328 OpenSSH channel_lookup() off by one exploit]
[CSSA-2002-012.0]
[CSSA-2002-SCO.10]
[CSSA-2002-SCO.11]
[CLA-2002:467]
[http://www.openbsd.org/advisories/ssh_channelalloc.txt]
[DSA-119]
[ESA-20020307-007]
[FreeBSD-SA-02:13]
[HPSBTL0203-029]
[MDKSA-2002:019]
[NetBSD-SA2002-004]
[730]
[RHSA-2002:043]
[SuSE-SA:2002:009]
[20020307 [VulnWatch] [PINE-CERT-20020301] OpenSSH off-by-one]
[openssh-channel-error(8383)]
-
Entry
Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allows local users to execute arbitrary code via a long display command line option.
[4633]
[20020429 eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability]
[VU#188507]
[http://www.esecurityonline.com/advisories/eSO3761.asp]
[oval:org.mitre.oval:def:179]
[oval:org.mitre.oval:def:86]
[44842]
[20020429 [VulnWatch] eSecurityOnline Security Advisory 3761 - Sun Solaris lbxproxy display name buffer overflow vulnerability]
[solaris-lbxproxy-display-bo(8958)]
-
Entry
CVS before 1.10.8 does not properly initialize a global variable, which allows remote attackers to cause a denial of service (server crash) via the diff capability.
[4234]
[DSA-117]
[RHSA-2002:026]
[20020220 Help needed with bufferoverflow in cvs]
[20020220 Re: [Fwd: Help needed with bufferoverflow in cvs]]
[cvs-global-var-dos(8366)]
-
Entry
config_converters.py in BSCW (Basic Support for Cooperative Work) 3.x and versions before 4.06 allows remote attackers to execute arbitrary commands via shell metacharacters in the file name during filename conversion.
[3776]
[20020102 BSCW: Vulnerabilities and Problems]
[http://bscw.gmd.de/WhatsNew.html]
[bscw-remote-shell-execution(7774)]
-
Entry
The default configuration of BSCW (Basic Support for Cooperative Work) 3.x and possibly version 4 enables user self registration, which could allow remote attackers to upload files and possibly join a user community that was intended to be closed.
[3777]
[20020102 BSCW: Vulnerabilities and Problems]
[bscw-default-installation-registration(7775)]
-
Entry
The installation of Geeklog 1.3 creates an extra group_assignments record which is not properly deleted, which causes the first newly created user to be added to the GroupAdmin and UserAdmin groups, which could provide that user with administrative privileges that were not intended.
[3783]
[20020103 Vulnerability in new user creation in Geeklog 1.3]
[http://geeklog.sourceforge.net/index.php?topic=Security]
[geeklog-default-admin-privileges(7780)]
-
Entry
Geeklog 1.3 allows remote attackers to hijack user accounts, including the administrator account, by modifying the UID of a user's permanent cookie to the target account.
[3844]
[20020110 Cookie modification allows unauthenticated user login in Geeklog 1.3]
[http://geeklog.sourceforge.net/index.php?topic=Security]
[geeklog-modify-auth-cookie(7869)]
-
Entry
Buffer overflow in index.cgi administration interface for Boozt! Standard 0.9.8 allows local users to execute arbitrary code via a long name field when creating a new banner.
[3787]
[20020105 BOOZT! Standard 's administration cgi vulnerable to buffer overflow]
[20020109 BOOZT! Standard CGI Vulnerability : Exploit Released]
[http://www.boozt.com/news_detail.php?id=3]
[boozt-long-name-bo(7790)]
-
Entry
Web administration interface in CacheFlow CacheOS 4.0.13 and earlier allows remote attackers to obtain sensitive information via a series of GET requests that do not end in with HTTP/1.0 or another version string, which causes the information to be leaked in the error message.
[3841]
[20020108 svindel.net security advisory - web admin vulnerability in CacheOS]
[20020205 RE: svindel.net security advisory - web admin vulnerability in Ca cheOS]
[cachos-insecure-web-interface(7835)]
-
Entry
Directory traversal vulnerability in Funsoft Dino's Webserver 1.2 and earlier allows remote attackers to read files or execute arbitrary commands via a .. (dot dot) in the URL.
[3861]
[20020109 File Transversal Vulnerability in Dino's WebServer]
[dinos-webserver-directory-traversal(7853)]
-
Entry
Snort 1.8.3 does not properly define the minimum ICMP header size, which allows remote attackers to cause a denial of service (crash and core dump) via a malformed ICMP packet.
[3849]
[20020110 Re: Snort core dumped]
[20020110 Snort core dumped]
[2022]
[snort-icmp-dos(7874)]
-
Entry
Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB) 1 Gold SP 1 and earlier allows remote attackers to execute arbitrary script and steal cookies via a message containing encoded Javascript in an IMG tag.
[3828]
[20020108 CSS vulnerabilities in YaBB and UBB allow account hijack [Multiple Vendor]]
[http://www.yabbforum.com/]
[2019]
[yabb-encoded-css(7840)]
-
Entry
Apple Palm Desktop 4.0b76 and 4.0b77 creates world-readable backup files and folders when a hotsync is performed, which could allow a local user to obtain sensitive information.
[3863]
[20020112 Palm Desktop 4.0b76-77 for Mac OS X]
[palm-macos-backup-permissions(7937)]
-
Entry
PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name contains the session ID, which allows local users to hijack web connections.
[3873]
[20020113 PHP 4.x session spoofing]
[php-session-temp-disclosure(7908)]
-
Entry
MDG Computer Services Web Server 4D WS4D/eCommerce 3.0 and earlier, and possibly 3.5.3, allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP request.
[3874]
[20020114 Web Server 4D/eCommerce 3.5.3 DoS Vulnerability]
[ws4d-long-url-dos(7879)]
-
Entry
cgitest.exe in Sambar Server 5.1 before Beta 4 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long argument.
[3885]
[20020116 Sambar Webserver v5.1 DoS Vulnerability]
[20020206 Sambar Webserver Sample Script v5.1 DoS Vulnerability Exploit]
[http://www.sambar.com/security.htm]
[sambar-cgitest-dos(7894)]
-
Entry
Pi-Soft SpoonFTP 1.1 and earlier allows remote attackers to redirect traffic to other sites (aka FTP bounce) via the PORT command.
[3910]
[20020120 Bounce vulnerability in SpoonFTP 1.1.0.1]
[http://www.pi-soft.com/spoonftp/index.shtml]
[spoonftp-ftp-bounce(7943)]
-
Entry
Buffer overflow in Eterm of Enlightenment Imlib2 1.0.4 and earlier allows local users to execute arbitrary code via a long HOME environment variable.
[3868]
[20020113 Eterm SGID utmp Buffer Overflow (Local)]
[20020121 Re: Eterm SGID utmp Buffer Overflow (Local)]
[eterm-home-bo(7896)]
-
Entry
fetchmail email client before 5.9.10 does not properly limit the maximum number of messages available, which allows a remote IMAP server to overwrite memory via a message count that exceeds the boundaries of an array.
[4788]
[CSSA-2002-027.0]
[HPSBTL0205-042]
[MDKSA-2002:036]
[RHSA-2002:047]
[fetchmail-imap-msgnum-bo(9133)]
-
Entry
Buffer overflow in the ASP data transfer mechanism in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to cause a denial of service or execute code, aka "Microsoft-discovered variant of Chunked Encoding buffer overrun."
[4490]
[CA-2002-09]
[VU#669779]
[20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018]
[MS02-018]
[3301]
[oval:org.mitre.oval:def:22]
[oval:org.mitre.oval:def:72]
[iis-asp-data-transfer-bo(8796)]
-
Entry
Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page.
[4486]
[20020410 IIS allows universal CrossSiteScripting]
[CA-2002-09]
[VU#886699]
[20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018]
[MS02-018]
[3339]
[oval:org.mitre.oval:def:81]
[oval:org.mitre.oval:def:92]
[iis-http-error-page-css(8803)]
-
Entry
Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names.
[4478]
[CA-2002-09]
[VU#721963]
[20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018]
[MS02-018]
[3320]
[oval:org.mitre.oval:def:132]
[oval:org.mitre.oval:def:95]
[iis-ssi-safety-check-bo(8798)]
-
Entry
Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP header field values.
[4476]
[CA-2002-09]
[VU#454091]
[20020415 Microsoft IIS Vulnerabilities in Cisco Products - MS02-018]
[MS02-018]
[3316]
[oval:org.mitre.oval:def:137]
[oval:org.mitre.oval:def:39]
[iis-asp-http-header-bo(8797)]
-
Entry
Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows operating systems allows local users to cause a denial of service or possibly gain SYSTEM privileges via a long UNC request.
[4426]
[20020404 NSFOCUS SA2002-02 : Microsoft Windows MUP overlong request kernel overflow]
[MS02-017]
[oval:org.mitre.oval:def:145]
[oval:org.mitre.oval:def:89]
[20020404 NSFOCUS SA2002-02 : Microsoft Windows MUP overlong request kernel overflow]
[win-mup-bo(8752)]
-
Entry
Buffer overflow in various Microsoft applications for Macintosh allows remote attackers to cause a denial of service (crash) or execute arbitrary code by invoking the file:// directive with a large number of / characters, which affects Internet Explorer 5.1, Outlook Express 5.0 through 5.0.2, Entourage v. X and 2001, PowerPoint v. X, 2001, and 98, and Excel v. X and 2001 for Macintosh.
[4517]
[20020416 w00w00 on Microsoft IE/Office for Mac OS]
[MS02-019]
[5357]
[ms-mac-html-file-bo(8850)]
-
Entry
Internet Explorer 5.1 for Macintosh allows remote attackers to bypass security checks and invoke local AppleScripts within a specific HTML element, aka the "Local Applescript Invocation" vulnerability.
[3935]
[20020122 Macinosh IE file execuion]
[MS02-019]
[5356]
[ie-mac-applescript-execution(8851)]
[ie-macos-file-execution(7969)]
-
Entry
Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6, allows remote attackers to execute arbitrary code via a long ResDLL parameter in the MSNChat OCX.
[4707]
[20020508 ADVISORY: MSN Messenger OCX Buffer Overflow]
[CA-2002-13]
[MS02-022]
[20020508 [VulnWatch] ADVISORY: MSN Messenger OCX Buffer Overflow]
[msn-chatcontrol-resdll-bo(9041)]
-
Entry
Nautilus 1.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the .nautilus-metafile.xml metadata file.
[4373]
[20020502 R7-0003: Nautilus Symlink Vulnerability]
[RHSA-2002:064]
[nautilus-metafile-xml-symlink(8995)]
-
Entry
Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument.
[4408]
[20020402 NSFOCUS SA2002-01: Sun Solaris Xsun "-co" heap overflow]
[http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fpatches%2F108652]
[oval:org.mitre.oval:def:14]
[oval:org.mitre.oval:def:33]
[20020402 NSFOCUS SA2002-01: Sun Solaris Xsun "-co" heap overflow]
[solaris-xsun-co-bo(8703)]
-
Entry
Format string vulnerability in the administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to crash the CSADMIN module only (denial of service of administration function) or execute arbitrary code via format strings in the URL to port 2002.
[4416]
[20020403 iXsecurity.20020314.csadmin_fmt.a]
[20020403 Web Interface Vulnerabilities in Cisco Secure ACS for Windows]
[2062]
[ciscosecure-acs-format-string(8742)]
-
Entry
The administration function in Cisco Secure Access Control Server (ACS) for Windows, 2.6.x and earlier and 3.x through 3.01 (build 40), allows remote attackers to read HTML, Java class, and image files outside the web root via a ..\.. (modified ..) in the URL to port 2002.
[20020403 iXsecurity.20020316.csadmin_dir.a]
[20020403 Web Interface Vulnerabilities in Cisco Secure ACS for Windows]
[5352]
-
Entry
Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed DNS responses.
[4363]
[20020326 updated squid advisory]
[CSSA-2002-017.1]
[CSSA-2002-SCO.26]
[http://www.squid-cache.org/Advisories/SQUID-2002_2.txt]
[FreeBSD-SA-02:19]
[MDKSA-2002:027]
[RHSA-2002:051]
[squid-dns-reply-dos(8628)]
-
Entry
Cross-site scripting vulnerability in analog before 5.22 allows remote attackers to execute Javascript via an HTTP request containing the script, which is entered into a web logfile and not properly filtered by analog during display.
[4389]
[DSA-125]
[FreeBSD-SN-02:02]
[2059]
[RHSA-2002:059]
[analog-logfile-css(8656)]
-
Entry
Imlib before 1.9.13 sometimes uses the NetPBM package to load trusted images, which could allow attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain weaknesses of NetPBM.
[4339]
[CSSA-2002-019.0]
[CLA-2002:470]
[MDKSA-2002:029]
[RHSA-2002:048]
[SuSE-SA:2002:015]
-
Entry
Vulnerability in Imlib before 1.9.13 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by manipulating arguments that are passed to malloc, which results in a heap corruption.
[4336]
[CSSA-2002-019.0]
[CLA-2002:470]
[MDKSA-2002:029]
[RHSA-2002:048]
[SuSE-SA:2002:015]
-
Entry
The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is installed with an insecure option enabled, which could allow users to overwrite files outside of the current directory from an untrusted document by using a full pathname as an element identifier.
[4654]
[HPSBTL0205-038]
[5349]
[RHSA-2002:062]
[linux-docbook-stylesheet-insecure(8983)]
-
Entry
Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration.
[4229]
[20020301 [matt@zope.com: [Zope-Annce] Zope Hotfix 2002-03-01 (Ownership Roles Enforcement)]]
[http://www.zope.org/Products/Zope/hotfixes/]
[5350]
[RHSA-2002:060]
[zope-proxy-role-privileges(8334)]
-
Entry
IRISconsole 2.0 may allow users to log into the icadmin account with an incorrect password in some circumstances, which could allow users to gain privileges.
[4588]
[VU#498707]
[5351]
[20020406-01-P]
[irix-irisconsole-icadmin-access(8933)]
-
Entry
/dev/ipfilter on SGI IRIX 6.5 is installed by /dev/MAKEDEV with insecure default permissions (644), which could allow a local user to cause a denial of service (traffic disruption).
[4648]
[VU#770891]
[4695]
[20020408-01-I]
[irix-ipfilter-dos(8960)]
-
Entry
Buffer overflow in cpr for the eoe.sw.cpr SGI Checkpoint-Restart Software package on SGI IRIX 6.5.10 and earlier may allow local users to gain root privileges.
[4644]
[5359]
[20020409-01-I]
[irix-cpr-bo(8959)]
-
Entry
nsd on SGI IRIX before 6.5.11 allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the nsd.dump file.
[4655]
[20020501-01-I]
[irix-nsd-symlink(8981)]
-
Entry
libsafe 2.0-11 and earlier allows attackers to bypass protection against format string vulnerabilities via format strings that use the "'" and "I" characters, which are implemented in libc but not libsafe.
[4326]
[20020320 Bypassing libsafe format string protection]
[MDKSA-2002:026]
[20020320 [VulnWatch] Bypassing libsafe format string protection]
[libsafe-flagchar-protection-bypass(8593)]
-
Entry
The printf wrappers in libsafe 2.0-11 and earlier do not properly handle argument indexing specifiers, which could allow attackers to exploit certain function calls through arguments that are not verified by libsafe.
[4327]
[20020320 Bypassing libsafe format string protection]
[MDKSA-2002:026]
[20020320 [VulnWatch] Bypassing libsafe format string protection]
[libsafe-argnum-protection-bypass(8594)]
-
Entry
uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands.
[4742]
[20021030 GLSA: sharutils]
[CSSA-2002-040.0]
[VU#336083]
[SSRT2301]
[HPSBTL0205-040]
[MDKSA-2002:052]
[http://www.aerasec.de/security/index.html?id=ae-200204-033&lang=en]
[8274]
[RHSA-2002:065]
[RHSA-2003:180]
[sharutils-uudecode-symlink(9075)]
-
Entry
Buffer overflow in xpilot-server for XPilot 4.5.0 and earlier allows remote attackers to execute arbitrary code.
[4534]
[DSA-127]
[xpilot-server-bo(8852)]
-
Entry
Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter.
[4444]
[20020406 IMP 2.2.8 (SECURITY) released]
[CSSA-2002-016.1]
[CLA-2001:473]
[DSA-126]
[http://bugs.horde.org/show_bug.cgi?id=916]
[5345]
[imp-status-php3-css(8769)]
-
Entry
Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.
[4593]
[20020425 Sudo version 1.6.6 now available (fwd)]
[20020425 [Global InterSec 2002041701] Sudo Password Prompt]
[20020425 [slackware-security] sudo upgrade fixes a potential vulnerability]
[20020429 TSLSA-2002-0046 - sudo]
[VU#820083]
[CLA-2002:475]
[DSA-128]
[ESA-20020429-010]
[MDKSA-2002:028]
[RHSA-2002:071]
[RHSA-2002:072]
[SuSE-SA:2002:014]
[TSLSA-2002-0046]
[sudo-password-expansion-overflow(8936)]
-
Entry
mod_python version 2.7.6 and earlier allows a module indirectly imported by a published module to then be accessed via the publisher, which allows remote attackers to call possibly dangerous functions from the imported module.
[4656]
[CLA-2002:477]
[http://www.modpython.org/pipermail/mod_python/2002-April/001991.html]
[http://www.modpython.org/pipermail/mod_python/2002-April/002003.html]
[RHSA-2002:070]
[modpython-imported-module-access(8997)]
-
Entry
Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code via data queries with a long content-type parameter, aka "Unchecked Buffer in SQLXML ISAPI Extension."
[5004]
[20020613 wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting]
[VU#811371]
[MS02-030]
[5347]
[oval:org.mitre.oval:def:484]
[oval:org.mitre.oval:def:489]
[20020613 [VulnWatch] wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting]
[mssql-sqlxml-isapi-bo(9328)]
-
Entry
Cross-site scripting vulnerability in the SQLXML component of Microsoft SQL Server 2000 allows an attacker to execute arbitrary script via the root parameter as part of an XML SQL query, aka "Script Injection via XML Tag."
[20020613 wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting]
[MS02-030]
[20020613 [VulnWatch] wp-02-0007: Microsoft SQLXML ISAPI Overflow and Cross Site Scripting]
-
Entry
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the second variant of the "Content Disposition" vulnerability.
[20020516 [SNS Advisory No.48] Microsoft Internet Explorer Still Download And Execute ANY Program Automatically]
[http://www.lac.co.jp/security/english/snsadv_e/48_e.html]
[MS02-023]
[ie-content-disposition-variant2(9086)]
-
Entry
Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Malformed Web Page" vulnerability.
[4753]
[VU#242891]
[MS02-023]
[oval:org.mitre.oval:def:923]
[ie-netbios-incorrect-security-zone(9084)]
-
Entry
Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "{" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability.
[4411]
[20020402 Reading portions of local files in IE, depending on structure (GM#004-IE)]
[MS02-023]
[ie-css-read-files (8740)]
-
Entry
Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability.
[4752]
[MS02-023]
[oval:org.mitre.oval:def:27]
[oval:org.mitre.oval:def:99]
[ie-content-disposition-variant(9085)]
-
Entry
GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the server root is somewhere within the path, which could allow remote attackers to read or write files outside of the web root, in other directories whose path includes the web root.
[3924]
[20020122 (Repost) CwpApi : GetRelativePath() returns invalid paths (security advisory)]
[http://sourceforge.net/forum/forum.php?forum_id=144966]
[cwpapi-getrelativepath-view-files(7981)]
-
Entry
psyBNC 2.3 beta and earlier allows remote attackers to spoof encrypted, trusted messages by sending lines that begin with the "[B]" sequence, which makes the message appear legitimate.
[3931]
[20020122 psyBNC 2.3 Beta - encrypted text "spoofable" in others' irc terminals]
[20020122 psyBNC2.3 Beta - encrypted text spoofable in others irc terminal]
[psybnc-view-encrypted-messages(7985)]
-
Entry
Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows remote attackers to execute arbitrary code via a header length value that exceeds the actual length of the header.
[3809]
[20020124 Potential RealPlayer 8 Vulnerability]
[20020124 RealPlayer Buffer Overflow [Sentinel Chicken Networks Security Advisory #01]]
[http://sentinelchicken.com/advisories/realplayer/]
[20020105 RealPlayer Buffer Problem]
[realplayer-file-header-bo(7839)]
-
Entry
Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing (SLB) and Cookie-Based Persistence features enabled, allows remote attackers to determine the real IP address of a web server with a half-closed session, which causes ACEdirector to send packets from the server without changing the address to the virtual IP address.
[3964]
[20020125 Alteon ACEdirector signature/security bug]
[20020312 Re: Alteon ACEdirector signature/security bug]
[acedirector-http-reveal-ip(8010)]
-
Entry
Race condition in the installation script for Tarantella Enterprise 3 3.01 through 3.20 creates a world-writeable temporary "gunzip" program before executing it, which could allow local users to execute arbitrary commands by modifying the program before it is executed.
[3966]
[20020126 Vulnerability report for Tarantella Enterprise 3.]
[20020404 Exploit for Tarantella Enterprise 3 installation (BID 3966)]
[http://www.tarantella.com/security/bulletin-04.html]
[tarantella-gunzip-tmp-race(7996)]
-
Entry
xkas in Xinet K-AShare 0.011.01 for IRIX allows local users to read arbitrary files via a symlink attack on the VOLICON file, which is copied to the .HSicon file in a shared directory.
[3969]
[20020128 [ Hackerslab bug_paper ] Xkas application vulnerability]
[20020604-01-I]
[kashare-xkas-icon-symlink(8002)]
-
Entry
retrieve_password.pl in DCForum 6.x and 2000 generates predictable new passwords based on a sessionID, which allows remote attackers to request a new password on behalf of another user and use the sessionID to calculate the new password for that user.
[4014]
[20020201 Vulnerability in all versions of DCForum from dcscripts.com]
[http://www.dcscripts.com/bugtrac/DCForumID7/3.html]
[2038]
[3866]
[dcforum-cgi-recover-passwords(8044)]
-
Entry
Buffer overflow in ISS BlackICE Defender 2.9 and earlier, BlackICE Agent 3.0 and 3.1, and RealSecure Server Sensor 6.0.1 and 6.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a flood of large ICMP ping packets.
[4025]
[20020204 Vulnerability in Black ICE Defender]
[20020206 Black ICE Ping Vulnerability Side Note]
[20020209 ALERT: ISS BlackICE Kernel Overflow Exploitable]
[20020204 DoS and Potential Overflow Vulnerability in BlackICE Products]
[20020209 ALERT: ISS BlackICE Kernel Overflow Exploitable]
[blackice-ping-flood-dos(8058)]
-
Entry
NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 does not check the Expired or Disabled state of users in the Novell Directory Services (NDS), which could allow those users to authenticate to the server.
[4048]
[20020207 Cisco Secure Access Control Server Novell Directory Service Expired/Disabled User Authentication Vulnerability]
[ciscosecure-nds-authentication(8106)]
-
Entry
Format string vulnerability in the message catalog library functions in UnixWare 7.1.1 allows local users to gain privileges by modifying the LC_MESSAGE environment variable to read other message catalogs containing format strings from setuid programs such as vxprint.
[4060]
[20020210 Unixware Message catalog exploit code]
[CSSA-2002-SCO.3]
[unixware-msg-catalog-format-string(8113)]
-
Entry
Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration and modify the administrator password.
[4062]
[20020208 Hewlett Packard AdvanceStack Switch Managment Authentication Bypass Vulnerability]
[HPSBUX0202-185]
[20020208 Hewlett Packard AdvanceStack Switch Managment Authentication Bypass Vulnerability]
[hp-advancestack-bypass-auth(8124)]
-
Entry
Buffer overflow in licq 1.0.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string of format string characters such as "%d".
[4036]
[20020206 -Possible- licq D.o.S]
[20020208 RE: -Possible- licq D.o.S]
[licq-static-bo(8107)]
-
Entry
Sawmill for Solaris 6.2.14 and earlier creates the AdminPassword file with world-writable permissions, which allows local users to gain privileges by modifying the file.
[4077]
[20020211 Vulnerability in Sawmill for Solaris v. 6.2.14]
[http://www.sawmill.net/version_history.html]
[sawmill-admin-password-insecure(8173)]
-
Entry
preferences.php in Simple Internet Publishing System (SIPS) before 0.3.1 allows remote attackers to gain administrative privileges via a linebreak in the "theme" field followed by the Status::admin command, which causes the Status line to be entered into the password file.
[4097]
[20020212 SIPS - vulnerable to anyone gaining admin access.]
[http://sips.sourceforge.net/adminvul.html]
[sips-theme-admin-access(8193)]
-
Entry
Exim 3.34 and earlier may allow local users to gain privileges via a buffer overflow in long -C (configuration file) and other command line arguments.
[4096]
[20020213 Exim 3.34 and lower (fwd)]
[[exim-announce] 20020219 Exim 3.35 released]
[RHSA-2002:208]
[exim-config-arg-bo(8194)]
-
Entry
Falcon web server 2.0.0.1020 and earlier allows remote attackers to bypass authentication and read restricted files via an extra / (slash) in the requested URL.
[4099]
[20020213 Falcon Web Server Authentication Circumvention Vulnerability]
[20020526 [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability]
[20020526 [SecurityOffice] Falcon Web Server Unauthorized File Disclosure Vulnerability]
[falcon-protected-dir-access(8189)]
-
Entry
Buffer overflow in various decoders in Ettercap 0.6.3.1 and earlier, when running on networks with an MTU greater than 2000, allows remote attackers to execute arbitrary code via large packets.
[4104]
[20020213 [NGSEC-2002-1] Ettercap, remote root compromise]
[http://ettercap.sourceforge.net/index.php?s=history]
[20020213 [VulnWatch] [NGSEC-2002-1] Ettercap, remote root compromise]
[ettercap-memcpy-bo(8200)]
-
Entry
pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and gain administrator privileges via an SQL injection attack when the PHP server is not configured to use magic quotes by default.
[4114]
[20020216 pforum: mysql-injection-bug]
[http://www.powie.de/news/index.php]
[pforum-quotes-sql-injection(8203)]
-
Entry
Buffer overflow in Netwin WebNews CGI program 1.1, Webnews.exe, allows remote attackers to execute arbitrary code via a long group argument.
[4124]
[20020218 Netwin Webnews Buffer Overflow Vulnerability (#NISR18022002)]
[ftp://netwinsite.com/pub/webnews/beta/webnews11m_solaris.tar.Z]
[webnews-cgi-group-bo(8220)]
-
Entry
Cross-site scripting vulnerability in Slash before 2.2.5, as used in Slashcode and elsewhere, allows remote attackers to steal cookies and authentication information from other users via Javascript in a URL, possibly in the formkey field.
[4116]
[20020219 [SA-2002:01] Slashcode login vulnerability]
[slashcode-site-xss(8221)]
-
Entry
CNet CatchUp before 1.3.1 allows attackers to execute arbitrary code via a .RVP file that creates a file with an arbitrary extension (such as .BAT), which is executed during a scan.
[3975]
[20020220 CNet CatchUp arbitrary code execution]
[cnet-catchup-gain-privileges(8035)]
-
Entry
gnujsp 1.0.0 and 1.0.1 allows remote attackers to list directories, read source code of certain scripts, and bypass access restrictions by directly requesting the target file from the gnujsp servlet, which does not work around a limitation of JServ and does not process the requested file.
[4125]
[20020219 gnujsp: dir- and script-disclosure]
[20020220 Re: gnujsp: dir- and script-disclosure]
[DSA-114]
[gnujsp-jserv-information-disclosure(8240)]
-
Entry
The Notify daemon for Symantec Enterprise Firewall (SEF) 6.5.x drops large alerts when SNMP is used as the transport, which could prevent some alerts from being sent in the event of an attack.
[4139]
[20020220 Symantec Enterprise Firewall (SEF) Notify Daemon data loss via SN MP]
[http://securityresponse.symantec.com/avcenter/security/Content/2002.02.20a.html]
[sef-snmp-notify-loss(8253)]
-
Entry
SMTP proxy in Symantec Enterprise Firewall (SEF) 6.5.x includes the firewall's physical interface name and address in an SMTP protocol exchange when NAT translation is made to an address other than the firewall, which could allow remote attackers to determine certain firewall configuration information.
[4141]
[20020220 Symantec Enterprise Firewall (SEF) SMTP proxy inconsistencies]
[20020221 Symantec Enterprise Firewall (SEF) SMTP proxy inconsistencies]
[http://securityresponse.symantec.com/avcenter/security/Content/2002.02.20.html]
[sef-smtp-proxy-information(8251)]
-
Entry
Buffer overflow in Essentia Web Server 2.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long URL.
[4159]
[20020221 SecurityOffice Security Advisory:// Essentia Web Server DoS Vulnerability]
[20020226 SecurityOffice Security Advisory:// Essentia Web Server Vulnerabilities (Vendor Patch)]
[20030704 Essentia Web Server 2.12 (Linux)]
[essentia-server-long-request-dos(8249)]
-
Entry
FreeRADIUS RADIUS server allows remote attackers to cause a denial of service (CPU consumption) via a flood of Access-Request packets.
[20020221 DoS Attack against many RADIUS servers]
[freeradius-access-request-dos(9968)]
-
Entry
Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and earlier allows remote attackers to execute arbitrary script as other Forums 2000 users via Javascript in an IMG tag.
[4192]
[20020227 RE: Open Bulletin Board javascript bug.]
[20020227 Snitz 2000 Code Patch (was RE: Open Bulletin Board javascript bug.)]
[VU#132011]
[http://forum.snitz.com/forum/link.asp?TOPIC_ID=23660]
[snitz-img-css(8309)]
-
Entry
Cross-site scripting vulnerability in codeparse.php of Open Bulletin Board (OpenBB) 1.0.0 allows remote attackers to execute arbitrary script and steal cookies via Javascript in the IMG tag.
[4171]
[20020225 Open Bulletin Board javascript bug.]
[http://community.iansoft.net/read.php?TID=5159]
[5658]
[openbb-img-css(8278)]
-
Entry
Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF) enabled includes portions of previous packets in the padding of a MAC level packet when the MAC packet's length is less than the IP level packet length.
[4191]
[VU#310387]
[20020227 Cisco Security Advisory: Data Leak with Cisco Express Forwarding]
[806]
[ios-cef-information-leak(8296)]
-
Entry
netstat in SGI IRIX before 6.5.12 allows local users to determine the existence of files on the system, even if the users do not have the appropriate permissions.
[4682]
[20020503-01-I]
[irix-netstat-file-existence(9023)]
-
Entry
Vulnerability in XFS filesystem reorganizer (fsr_xfs) in SGI IRIX 6.5.10 and earlier allows local users to gain root privileges by overwriting critical system files.
[4706]
[20020504-01-I]
[irix-fsrxfs-gain-privileges(9042)]
-
Entry
Unknown vulnerability in rpc.passwd in the nfs.sw.nis subsystem of SGI IRIX 6.5.15 and earlier allows local users to gain root privileges.
[4939]
[VU#430419]
[M-087]
[834]
[20020601-01-P]
[irix-rpcpasswd-gain-privileges(9261)]
-
Entry
MediaMail and MediaMail Pro in SGI IRIX 6.5.16 and earlier allows local users to force the program to dump core via certain arguments, which could allow the users to read sensitive data or gain privileges.
[4959]
[20020602-01-I]
[irix-mediamail-core-dump(9292)]
-
Entry
xfsmd for IRIX 6.5 through 6.5.16 uses weak authentication, which allows remote attackers to call dangerous RPC functions, including those that can mount or unmount xfs file systems, to gain root privileges.
[5072]
[20020620 [LSD] IRIX rpc.xfsmd multiple remote root vulnerabilities]
[VU#521147]
[20020606-01-I]
[irix-xfsmd-bypass-authentication(9401)]
-
Entry
Buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows remote attackers to execute arbitrary code via a long AddExternalApp request and a TLV type greater than 0x2711.
[4677]
[20020506 w00w00 on AOL Instant Messenger remote overflow #2]
[20020506 [VulnWatch] w00w00 on AOL Instant Messenger remote overflow #2]
[aim-addexternalapp-bo(9017)]
-
Entry
ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice.
[4937]
[CSSA-2002-026.0]
[http://www.ghostscript.com/pipermail/gs-code-review/2002-February/001900.html]
[http://www.ghostscript.com/pipermail/gs-code-review/2002-January/001801.html]
[RHSA-2002:083]
[RHSA-2002:123]
[RHSA-2003:209]
[ghostscript-postscript-command-execution(9254)]
-
Entry
Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 and 5.0 allows attackers to execute arbitrary code via the processing of HTR request sessions, aka "Heap Overrun in HTR Chunked Encoding Could Enable Web Server Compromise."
[4855]
[20020612 ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow [AD20020612]]
[20020613 VNA - .HTR HEAP OVERFLOW]
[VU#313819]
[MS02-028]
[20020612 ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow]
[oval:org.mitre.oval:def:182]
[oval:org.mitre.oval:def:29]
[20020612 ADVISORY: Windows 2000 and NT4 IIS .HTR Remote Buffer Overflow [AD20020612]]
[iis-htr-chunked-encoding-bo(9327)]
-
Entry
Buffer overflow in Remote Access Service (RAS) phonebook for Windows NT 4.0, 2000, XP, and Routing and Remote Access Server (RRAS) allows local users to execute arbitrary code by modifying the rasphone.pbk file to use a long dial-up entry.
[4852]
[20020613 Microsoft RASAPI32.DLL]
[20020620 VPN and Q318138]
[http://www.nextgenss.com/vna/ms-ras.txt]
[MS02-029]
[oval:org.mitre.oval:def:61]
[oval:org.mitre.oval:def:63]
-
Entry
smss.exe debugging subsystem in Windows NT and Windows 2000 does not properly authenticate programs that connect to other programs, which allows local users to gain administrator or SYSTEM privileges by duplicating a handle to a privileged process, as demonstrated by DebPloit.
[4287]
[20020314 Fwd: DebPloit (exploit)]
[20020326 Re: DebPloit (exploit)]
[20020327 Local Security Vulnerability in Windows NT and Windows 2000]
[MS02-024]
[20020314 DebPloit (exploit)]
[oval:org.mitre.oval:def:158]
[oval:org.mitre.oval:def:76]
[win-debug-duplicate-handles(8462)]
-
Entry
The Store Service in Microsoft Exchange 2000 allows remote attackers to cause a denial of service (CPU consumption) via a mail message with a malformed RFC message attribute, aka "Malformed Mail Attribute can Cause Exchange 2000 to Exhaust CPU Resources."
[4881]
[MS02-025]
[exchange-msg-attribute-dos(9195)]
-
Entry
Buffer overflow in ASP.NET Worker Process allows remote attackers to cause a denial of service (restart) and possibly execute arbitrary code via a routine that processes cookies while in StateServer mode.
[4958]
[MS02-026]
[ms-aspdotnet-stateserver-bo(9276)]
-
Entry
Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player for Windows XP allow remote attackers to bypass Internet Explorer's (IE) security mechanisms and run code via an executable .wma media file with a license installation requirement stored in the IE cache, aka the "Cache Path Disclosure via Windows Media Player".
[5107]
[MS02-032]
[oval:org.mitre.oval:def:281]
[mediaplayer-cache-code-execution(9420)]
-
Entry
The Windows Media Device Manager (WMDM) Service in Microsoft Windows Media Player 7.1 on Windows 2000 systems allows local users to obtain LocalSystem rights via a program that calls the WMDM service to connect to an invalid local storage device, aka "Privilege Elevation through Windows Media Device Manager Service".
[5109]
[MS02-032]
[mediaplayer-wmdm-privilege-elevation(9421)]
-
Entry
Format string vulnerability in the logging function for the pam_ldap PAM LDAP module before version 144 allows attackers to execute arbitrary code via format strings in the configuration file name.
[4679]
[20020506 ldap vulnerabilities]
[20021030 GLSA: pam_ldap]
[CSSA-2002-041.0]
[MDKSA-2002:075]
[RHSA-2002:084]
[RHSA-2002:141]
[RHSA-2002:175]
[RHSA-2002:180]
[20020506 ldap vulnerabilities]
[pamldap-config-format-string(9018)]
-
Entry
Buffer overflow in Apple QuickTime 5.0 ActiveX component allows remote attackers to execute arbitrary code via a long pluginspage field.
[A091002-1]
[5685]
[20020925 Fwd: QuickTime for Windows ActiveX security advisory]
[quicktime-activex-pluginspage-bo(10077)]
-
Entry
Gaim 0.57 stores sensitive information in world-readable and group-writable files in the /tmp directory, which allows local users to access MSN web email accounts of other users who run Gaim by reading authentication information from the files.
[4730]
[20020512 Gaim abritary Email Reading]
[http://gaim.sourceforge.net/ChangeLog]
[20020511 Gaim abritary Email Reading]
[gaim-email-access(9061)]
-
Entry
Buffer overflow in University of Washington imap server (uw-imapd) imap-2001 (imapd 2001.315) and imap-2001a (imapd 2001.315) with legacy RFC 1730 support, and imapd 2000.287 and earlier, allows remote authenticated users to execute arbitrary code via a long BODY request.
[4713]
[20020510 wu-imap buffer overflow condition]
[CSSA-2002-021.0]
[VU#961489]
[CLA-2002:487]
[http://www.washington.edu/imap/buffer.html]
[ESA-20020607-013]
[HPSBTL0205-043]
[MDKSA-2002:034]
[RHSA-2002:092]
[wuimapd-authenticated-user-bo(10803)]
[wuimapd-partial-mailbox-bo(9055)]
-
Entry
Buffer overflow in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via an NFS packet.
[4890]
[20020606 TSLSA-2002-0055 - tcpdump]
[CSSA-2002-025.0]
[CLA-2002:491]
[DSA-255]
[FreeBSD-SA-02:29]
[HPSBTL0205-044]
[RHSA-2002:094]
[RHSA-2002:121]
[RHSA-2003:214]
[tcpdump-nfs-bo(9216)]
-
Entry
The TCP implementation in various BSD operating systems (tcp_input.c) does not properly block connections to broadcast addresses, which could allow remote attackers to bypass intended filters via packets with a unicast link layer address and an IP broadcast address.
[4309]
[20020317 TCP Connections to a Broadcast Address on BSD-Based Systems]
[http://cvsweb.netbsd.org/bsdweb.cgi/syssrc/sys/netinet/tcp_input.c.diff?r1=1.136&r2=1.137]
[http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet/tcp_input.c.diff?r1=1.109&r2=1.110]
[http://www.FreeBSD.org/cgi/query-pr.cgi?pr=35022]
[5308]
[20030604-01-I]
[bsd-broadcast-address(8485)]
-
Entry
XChat IRC client allows remote attackers to execute arbitrary commands via a /dns command on a host whose DNS reverse lookup contains shell metacharacters.
[4376]
[20020327 Xchat /dns command execution vulnerability]
[CLA-2002:526]
[MDKSA-2002:051]
[RHSA-2002:097]
[RHSA-2002:124]
[xchat-dns-execute-commands(8704)]
-
Entry
Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows remote attackers to execute arbitrary code.
[5406]
[HPSBTL0208-057]
[MDKSA-2002:054]
[3729]
[RHSA-2002:098]
[RHSA-2002:107]
[RHSA-2002:122]
[RHSA-2003:156]
[gaim-jabber-module-bo(9766)]
-
Entry
Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module for Sun ONE Application Server before 6.5 allows remote attackers to execute arbitrary code via a long HTTP request URL.
[A031303-1]
[7082]
[N-064]
[52022]
[sunone-gxnsapi6-bo(11529)]
-
Entry
Pipermail in Mailman stores private mail messages with predictable filenames in a world-executable directory, which allows local users to read private mailing list archives.
[4538]
[20020417 Mailman/Pipermail private mailing list/local user vulnerability]
[http://sourceforge.net/tracker/?func=detail&atid=100103&aid=474616&group_id=103]
[RHSA-2015:1417]
[pipermail-view-archives(8874)]
-
Entry
Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.
[IY34194]
[5356]
[20020731 Remote Buffer Overflow Vulnerability in Sun RPC]
[20020801 RPC analysis]
[20020802 MITKRB5-SA-2002-001: Remote root vulnerability in MIT krb5 admin]
[20020802 kerberos rpc xdr_array]
[20020803 OpenAFS Security Advisory 2002-001: Remote root vulnerability in OpenAFS servers]
[20020909 GLSA: glibc]
[CSSA-2002-055.0]
[CA-2002-25]
[VU#192995]
[CLA-2002:515]
[CLA-2002:535]
[DSA-142]
[DSA-143]
[DSA-146]
[DSA-149]
[DSA-333]
[ESA-20021003-021]
[FreeBSD-SA-02:34.rpc]
[HPSBTL0208-061]
[HPSBUX0209-215]
[20020731 Remote Buffer Overflow Vulnerability in Sun RPC]
[MDKSA-2002:057]
[MS02-057]
[NetBSD-SA2002-011]
[oval:org.mitre.oval:def:42]
[oval:org.mitre.oval:def:4728]
[oval:org.mitre.oval:def:9]
[RHSA-2002:166]
[RHSA-2002:167]
[RHSA-2002:172]
[RHSA-2002:173]
[RHSA-2003:168]
[RHSA-2003:212]
[20020801-01-A]
[20020801-01-P]
[SuSE-SA:2002:031]
[sunrpc-xdr-array-bo(9170)]
-
Entry
Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a chunk-encoded HTTP request that causes Apache to use an incorrect size.
[20005]
[5033]
[20020617 Re: ISS Advisory: Remote Compromise Vulnerability in Apache HTTP Server]
[20020617 Re: Remote Compromise Vulnerability in Apache HTTP Server]
[20020618 Fixed version of Apache 1.3 available]
[20020619 Implications of Apache vuln for Oracle]
[20020619 Remote Apache 1.3.x Exploit]
[20020619 [OpenPKG-SA-2002.004] OpenPKG Security Advisory (apache)]
[20020620 Apache Exploit]
[20020620 TSLSA-2002-0056 - apache]
[20020621 [SECURITY] Remote exploit for 32-bit Apache HTTP Server known]
[20020621 [slackware-security] new apache/mod_ssl packages available]
[20020622 Ending a few arguments with one simple attachment.]
[20020622 blowchunks - protecting existing apache servers until upgrades arrive]
[CSSA-2002-029.0]
[CSSA-2002-SCO.31]
[CSSA-2002-SCO.32]
[CA-2002-17]
[VU#944335]
[SSRT2253]
[CLSA-2002:498]
[http://httpd.apache.org/info/security_bulletin_20020617.txt]
[DSA-131]
[DSA-132]
[DSA-133]
[ESA-20020619-014]
[ADV-2006-3598]
[HPSBMA02149]
[HPSBTL0206-049]
[HPSBUX0207-197]
[SSRT050968]
[20020617 Remote Compromise Vulnerability in Apache HTTP Server]
[MDKSA-2002:039]
[[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/]
[[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/]
[[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/]
[[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/]
[[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[838]
[RHSA-2002:103]
[RHSA-2002:117]
[RHSA-2002:118]
[RHSA-2002:126]
[RHSA-2002:150]
[RHSA-2003:106]
[21917]
[20020605-01-A]
[20020605-01-I]
[SuSE-SA:2002:022]
[20020617 [VulnWatch] Apache httpd: vulnerability with chunked encoding]
[apache-chunked-encoding-bo(9249)]
-
Entry
Red-M 1050 (Bluetooth Access Point) uses case insensitive passwords, which makes it easier for attackers to conduct a brute force guessing attack due to the smaller space of possible passwords.
[A060502-1]
[redm-1050ap-insecure-passwords(9263)]
-
Entry
The TFTP server for Red-M 1050 (Bluetooth Access Point) can not be disabled and makes it easier for remote attackers to crack the administration password via brute force methods.
[A060502-1]
[redm-1050ap-tftp-bruteforce(9264)]
-
Entry
The web management server for Red-M 1050 (Bluetooth Access Point) does not use session-based credentials to authenticate users, which allows attackers to connect to the server from the same IP address as a user who has already established a session.
[A060502-1]
[4940]
[redm-1050ap-insecure-session(9265)]
-
Entry
Red-M 1050 (Bluetooth Access Point) publicizes its name, IP address, and other information in UDP packets to a broadcast address, which allows any system on the network to obtain potentially sensitive information about the Access Point device by monitoring UDP port 8887.
[A060502-1]
[redm-1050ap-device-existence(9266)]
-
Entry
Red-M 1050 (Bluetooth Access Point) PPP server allows bonded users to cause a denial of service and possibly execute arbitrary code via a long user name.
[A060502-1]
[4943]
[redm-1050ap-ppp-dos(9267)]
-
Entry
ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of service (shutdown) via a malformed DNS packet that triggers an error condition that is not properly handled when the rdataset parameter to the dns_message_findtype() function in message.c is not NULL, aka DoS_findtype.
[4936]
[CSSA-2002-SCO.24]
[CA-2002-15]
[VU#739123]
[CLA-2002:494]
[http://www.isc.org/index.pl?/sw/bind/bind-security.php]
[HPSBUX0207-202]
[20020604 Remote Denial of Service Vulnerability in ISC BIND]
[MDKSA-2002:038]
[RHSA-2002:105]
[RHSA-2002:119]
[RHSA-2003:154]
[SuSE-SA:2002:021]
[bind-findtype-dos(9250)]
-
Entry
SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via malformed packets that cause Ethereal to dereference a NULL pointer.
[4806]
[20020529 Potential security issues in Ethereal]
[CSSA-2002-037.0]
[CLSA-2002:505]
[http://www.ethereal.com/appnotes/enpa-sa-00004.html]
[DSA-130]
[RHSA-2002:036]
[RHSA-2002:088]
[ethereal-smb-dissector-dos(9204)]
-
Entry
Buffer overflow in X11 dissector in Ethereal 0.9.3 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code while Ethereal is parsing keysyms.
[4805]
[20020529 Potential security issues in Ethereal]
[CSSA-2002-037.0]
[CLSA-2002:505]
[http://www.ethereal.com/appnotes/enpa-sa-00004.html]
[DSA-130]
[RHSA-2002:036]
[RHSA-2002:088]
[RHSA-2002:170]
[ethereal-x11-dissector-bo(9203)]
-
Entry
DNS dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (CPU consumption) via a malformed packet that causes Ethereal to enter an infinite loop.
[4807]
[20020529 Potential security issues in Ethereal]
[CSSA-2002-037.0]
[CLSA-2002:505]
[http://www.ethereal.com/appnotes/enpa-sa-00004.html]
[DSA-130]
[RHSA-2002:036]
[RHSA-2002:088]
[RHSA-2002:170]
[ethereal-dns-dissector-dos(9205)]
-
Entry
Vulnerability in GIOP dissector in Ethereal before 0.9.3 allows remote attackers to cause a denial of service (memory consumption).
[4808]
[20020529 Potential security issues in Ethereal]
[CSSA-2002-037.0]
[CLSA-2002:505]
[http://www.ethereal.com/appnotes/enpa-sa-00004.html]
[DSA-130]
[RHSA-2002:036]
[RHSA-2002:088]
[RHSA-2002:170]
[ethereal-giop-dissector-dos(9206)]
-
Entry
Menasoft SPHERE server 0.99x and 0.5x allows remote attackers to cause a denial of service by establishing a large number of connections to the server without providing login credentials, which prevents other users from being able to log in.
[4258]
[20020302 Denial of Service in Sphereserver]
[sphereserver-connections-dos(8338)]
-
Entry
Format string vulnerability in TraceEvent function for ntop before 2.1 allows remote attackers to execute arbitrary code by causing format strings to be injected into calls to the syslog function, via (1) an HTTP GET request, (2) a user name in HTTP authentication, or (3) a password in HTTP authentication.
[4225]
[20020304 [H20020304]: Remotely exploitable format string vulnerability in ntop]
[20020411 ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT ALERT]
[20020411 re: gobbles ntop alert]
[20020417 segfault in ntop]
[http://snapshot.ntop.org/]
[http://listmanager.unipi.it/pipermail/ntop-dev/2002-February/000489.html]
[5307]
[20020304 [VulnWatch] [H20020304]: Remotely exploitable format string vulnerability in ntop]
[ntop-traceevent-format-string(8347)]
-
Entry
KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4 packets.
[4224]
[20020304 BSD: IPv4 forwarding doesn't consult inbound SPD in KAME-derived IPsec]
[http://orange.kame.net/dev/cvsweb.cgi/kame/CHANGELOG]
[5304]
[20020304 [VulnWatch] BSD: IPv4 forwarding doesn't consult inbound SPD in KAME-derived IPsec]
[kame-forged-packet-forwarding(8416)]
-
Entry
Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a finger request from an IP address with a long hostname that is obtained via a reverse DNS lookup.
[4239]
[20020306 efingerd remote buffer overflow and a dangerous feature]
[http://melkor.dnp.fmph.uniba.sk/~garabik/efingerd/efingerd_1.5.tar.gz]
[efingerd-reverse-lookup-bo(8380)]
-
Entry
efingerd 1.61 and earlier, when configured without the -u option, executes .efingerd files as the efingerd user (typically "nobody"), which allows local users to gain privileges as the efingerd user by modifying their own .efingerd file and running finger.
[4240]
[20020306 efingerd remote buffer overflow and a dangerous feature]
[http://melkor.dnp.fmph.uniba.sk/~garabik/efingerd/efingerd_1.6.2.tar.gz]
[efingerd-file-execution(8381)]
-
Entry
mIRC DCC server protocol allows remote attackers to gain sensitive information such as alternate IRC nicknames via a "100 testing" message in a DCC connection request that cannot be ignored or canceled by the user, which may leak the alternate nickname in a response message.
[4247]
[20020306 mIRC DCC Server Security Flaw]
[5301]
[mirc-dcc-reveal-info(8393)]
-
Entry
The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a a binary compatibility interface (lcall).
[4259]
[20020308 linux <=2.4.18 x86 traps.c problem]
[http://www.openwall.com/linux/]
[DSA-311]
[DSA-312]
[DSA-332]
[DSA-336]
[DSA-442]
[RHSA-2002:158]
[linux-ibcs-lcall-process(8420)]
-
Entry
XTux allows remote attackers to cause a denial of service (CPU consumption) via random inputs in the initial connection.
[4260]
[20020309 xtux server DoS.]
[https://sourceforge.net/tracker/index.php?func=detail&aid=529046&group_id=206&atid=100206]
[xtux-server-dos(8422)]
-
Entry
Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a low-level directory to a higher level as it is being deleted, which causes fileutils to chdir to a ".." directory that is higher than expected, possibly up to the root file system.
[4266]
[20020310 GNU fileutils - recursive directory removal race condition]
[CSSA-2002-018.1]
[http://mail.gnu.org/archive/html/bug-fileutils/2002-03/msg00028.html]
[MDKSA-2002:031]
[RHSA-2003:015]
[RHSA-2003:016]
[gnu-fileutils-race-condition(8432)]
-
Entry
Smsd in SMS Server Tools (SMStools) before 1.4.8 allows remote attackers to execute arbitrary commands via shell metacharacters (backquotes) in message text, as described with the term "string format vulnerability" by some sources.
[4268]
[20020311 SMStools vulnerabilities in release before 1.4.8]
[http://www.isis.de/members/~s.frings/smstools/history.html]
[sms-tools-format-string(8433)]
-
Entry
Directory traversal vulnerability in imlist.php for Php Imglist allows remote attackers to read arbitrary code via a .. (dot dot) in the cwd parameter.
[4276]
[20020311 Directory traversal vulnerability in phpimglist]
[http://www.liquidpulse.net/get.lp?id=17]
[phpimglist-dot-directory-traversal(8441)]
-
Entry
Buffer overflow in dlvr_audit for Caldera OpenServer 5.0.5 and 5.0.6 allows local users to gain root privileges.
[4273]
[CSSA-2002-SCO.8]
[openserver-dlvraudit-bo(8442)]
-
Entry
Microsoft Windows 2000 allows local users to bypass the policy that prohibits reusing old passwords by changing the current password before it expires, which does not enable the check for previous passwords.
[4256]
[20020307 Windows 2000 password policy bypass possibility]
[win2k-password-bypass-policy(8402)]
-
Entry
Microsoft Windows 2000 running the Terminal Server 90-day trial version, and possibly other versions, does not apply group policies to incoming users when the number of connections to the SYSVOL share exceeds the maximum, e.g. with a maximum number of licenses, which can allow remote authenticated users to bypass group policies.
[4464]
[20020408 Vulnerability: Windows2000Server running Terminalservices]
[win2k-terminal-bypass-policies(8813)]
-
Entry
article.php in PHP FirstPost 0.1 allows allows remote attackers to obtain the full pathname of the server via an invalid post number in the post parameter, which leaks the pathname in an error message.
[4274]
[20020312 [ARL02-A05] PHP FirstPost System Information Path Disclosure Vulnerability]
[7170]
[phpfirstpost-path-disclosure(8434)]
-
Entry
filemanager_forms.php in PHProjekt 3.1 and 3.1a allows remote attackers to execute arbitrary PHP code by specifying the URL to the code in the lib_path parameter.
[4284]
[20020313 Command execution in phprojekt.]
[http://www.phprojekt.com/modules.php?op=modload&name=News&file=article&sid=19&mode=&order=]
[phpprojekt-filemanager-include-files(8448)]
-
Entry
Qpopper (aka in.qpopper or popper) 4.0.3 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a very large string, which causes an infinite loop.
[4295]
[20020315 Bug in QPopper (All Versions?)]
[CSSA-2002-SCO.20]
[ftp://ftp.qualcomm.com/eudora/servers/unix/popper/qpopper4.0.4.tar.gz]
[qpopper-qpopper-dos(8458)]
-
Entry
bigsam_guestbook.php for Big Sam (Built-In Guestbook Stand-Alone Module) 1.1.08 and earlier allows remote attackers to cause a denial of service (CPU consumption) or obtain the absolute path of the web server via a displayBegin parameter with a very large number, which leaks the web path in an error message when PHP safe_mode is enabled, or consumes resources when safe_mode is not enabled.
[4312]
[20020318 [ARL02-A11] Big Sam (Built-In Guestbook Stand-Alone Module) Multiple Vulnerabilities]
[http://www.gezzed.net/bigsam/bigsam.1_1_12.php.txt]
[5287]
[5288]
[bigsam-displaybegin-dos(8478)]
[bigsam-safemode-path-disclosure(8479)]
-
Entry
home.php in ARSC (Really Simple Chat) 1.0.1 and earlier allows remote attackers to determine the full pathname of the web server via an invalid language in the arsc_language parameter, which leaks the pathname in an error message.
[4307]
[20020316 [ARL02-A07] ARSC Really Simple Chat System Information Path Disclosure Vulnerability]
[20020319 Re: [ARL02-A07] ARSC Really Simple Chat System Information Path Disclosure Vulnerability]
[arsc-language-path-disclosure(8472)]
-
Entry
Directory traversal vulnerability in Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files and directories via a .. (dot dot) in arguments to (1) file_editor.asp, (2) folderactions.asp, or (3) editoractions.asp.
[4311]
[20020318 Hosting Directory Traversal madness...]
[http://www.hostingcontroller.com/english/patches/ForAll/download/dot-slash.zip]
-
Entry
db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter.
[4380]
[20020318 Re: phpBB2 remote execution command (fwd)]
[20020318 phpBB2 remote execution command]
[http://prdownloads.sourceforge.net/phpbb/phpBB-2.0.1.zip]
[http://phpbb.sourceforge.net/phpBB2/viewtopic.php?t=9483]
[4268]
[20020318 phpBB2 remote execution command]
[phpbb-db-command-execution(8476)]
-
Entry
move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system.
[4325]
[20020317 move_uploaded_file breaks safe_mode restrictions in PHP]
[20020321 Re: move_uploaded_file breaks safe_mode restrictions in PHP]
[20020322 Re: move_uploaded_file breaks safe_mode restrictions in PHP]
[http://bugs.php.net/bug.php?id=16128]
[php-moveuploadedfile-create-files(8591)]
-
Entry
Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the host parameter.
[4332]
[20020321 PHP script: Penguin Traceroute, Remote Command Execution]
[http://www.linux-directory.com/scripts/traceroute.pl]
[penguin-traceroute-command-execution(8600)]
-
Entry
Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php.
[4361]
[20020323 Instant Web Mail additional POP3 commands and mail headers]
[http://instantwebmail.sourceforge.net/#changeLog]
[instant-webmail-pop-commands(8650)]
-
Entry
Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.
[20020325 re: Tomcat Security Exposure]
[http://www.apachelabs.org/tomcat-dev/200108.mbox/%3C20010810000819.6350.qmail@icarus.apache.org%3E]
[[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/]
[[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/]
[[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/]
[tomcat-xml-bypass-restrictions(9863)]
-
Entry
Cross-site scripting vulnerability in WebSight Directory System 0.1 allows remote attackers to execute arbitrary Javascript and gain access to the WebSight administrator via a new link submission containing the script in a website name.
[4357]
[20020325 WebSight Directory System: cross-site-scripting bug]
[http://sourceforge.net/forum/forum.php?forum_id=163389]
[websight-directory-system-css(8624)]
-
Entry
csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi.
[4368]
[20020325 CGIscript.net - csSearch.cgi - Remote Code Execution (up to 17,000 sites vulnerable)]
[http://www.cgiscript.net/cgi-script/csNews/csNews.cgi?database=cgi.db&command=viewone&id=7]
[cssearch-url-execute-commands(8636)]
-
Entry
Buffer overflow in mtr 0.46 and earlier, when installed setuid root, allows local users to access a raw socket via a long MTR_OPTIONS environment variable.
[4217]
[20020306 mtr 0.45, 0.46]
[DSA-124]
[mtr-options-bo(8367)]
-
Entry
Format string vulnerability in log_print() function of Posadis DNS server before version m5pre2 allows local users and possibly remote attackers to execute arbitrary code via format strings that are inserted into logging messages.
[4378]
[20020327 Format String Bug in Posadis DNS Server]
[http://sourceforge.net/forum/forum.php?forum_id=165094]
[3516]
[posadis-logging-format-string(8653)]
-
Entry
Memory leak in the Call Telephony Integration (CTI) Framework authentication for Cisco CallManager 3.0 and 3.1 before 3.1(3) allows remote attackers to cause a denial of service (crash and reload) via a series of authentication failures, e.g. via incorrect passwords.
[4370]
[20020327 LDAP Connection Leak in CTI when User Authentication Fails]
[cisco-cti-memory-leak(8655)]
-
Entry
Buffer overflow in newt.c of newt windowing library (libnewt) 0.50.33 and earlier may allow attackers to cause a denial of service or execute arbitrary code in setuid programs that use libnewt.
[4393]
[20020328 A possible buffer overflow in libnewt]
[libnewt-bo(8700)]
-
Entry
The default configuration of Name Service Cache Daemon (nscd) in Caldera OpenLinux 3.1 and 3.1.1 uses cached PTR records instead of consulting the authoritative DNS server for the A record, which could make it easier for remote attackers to bypass applications that restrict access based on host names.
[4399]
[CSSA-2002-013.0]
[nscd-dns-ptr-validation(8745)]
-
Entry
startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the LD_LIBRARY_PATH environment variable to include the current working directory, which could allow local users to gain privileges of other users running startkde via Trojan horse libraries.
[4400]
[CSSA-2002-005.0]
[kde-startkde-search-directory(8737)]
-
Entry
The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.
[4412]
[20020330 popper_mod 1.2.1 and previous accounts compromise]
[http://www.symatec-computer.com/forums/viewtopic.php?t=14]
[symatec-popper-admin-access(8746)]
-
Entry
SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie.
[4385]
[20020327 squirrelmail 1.2.5 email user can execute command]
[20020331 Re: squirrelmail 1.2.5 email user can execute command]
[squirrelmail-theme-command-execution(8671)]
-
Entry
Directory traversal vulnerability in emumail.cgi in EMU Webmail 4.5.x and 5.1.0 allows remote attackers to read arbitrary files or list arbitrary directories via a .. (dot dot) in the type parameter.
[4435]
[20020403 emumail.cgi]
[http://www.emumail.com/downloads/download_unix.html/]
[emumail-cgi-view-files(8766)]
-
Entry
EMU Webmail allows local users to execute arbitrary programs via a .. (dot dot) in the HTTP Host header that points to a Trojan horse configuration file that contains a pageroot specifier that contains shell metacharacters.
[4488]
[20020410 Re: emumail.cgi, one more local vulnerability (not verified)]
[5270]
[emumail-http-host-execute(8836)]
-
Entry
PHPGroupware 0.9.12 and earlier, when running with the magic_quotes_gpc feature disabled, allows remote attackers to compromise the database via a SQL injection attack.
[4424]
[20020403 SQL injection in PHPGroupware]
[20020411 Re: SQL injection in PHPGroupware]
[5153]
[phpgroupware-sql-injection(8755)]
-
Entry
FTP proxy in Symantec Raptor Firewall 6.5.3 and Enterprise 7.0 rewrites an FTP server's "FTP PORT" responses in a way that allows remote attackers to redirect FTP data connections to arbitrary ports, a variant of the "FTP bounce" vulnerability.
[4522]
[20020415 Raptor Firewall FTP Bounce vulnerability]
[20020417 Re: Raptor Firewall FTP Bounce vulnerability]
[http://securityresponse.symantec.com/avcenter/security/Content/2002.04.17.html]
[raptor-firewall-ftp-bounce(8847)]
-
Entry
Demarc PureSecure 1.05 allows remote attackers to gain administrative privileges via a SQL injection attack in a session ID that is stored in the s_key cookie.
[4520]
[20020415 Demarc PureSecure 1.05 may be other (user can bypass login)]
[20020417 Demarc Security Update Advisory]
[5239]
[puresecure-sql-injection(8854)]
-
Entry
mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cron.
[4495]
[20020411 OpenBSD Local Root Compromise]
[20020411 local root compromise in openbsd 3.0 and below]
[http://www.openbsd.org/errata30.html#mail]
[5269]
[openbsd-mail-root-privileges(8818)]
-
Entry
Directory traversal vulnerability in Aprelium Abyss Web Server (abyssws) before 1.0.0.2 allows remote attackers to read files outside the web root, including the abyss.conf file, via URL-encoded .. (dot dot) sequences in the HTTP request.
[4466]
[20020409 Abyss Webserver 1.0 Administration password file retrieval exploit]
[http://www.aprelium.com/forum/viewtopic.php?t=24]
[abyss-unicode-directory-traversal(8805)]
-
Entry
Cisco Aironet before 11.21 with Telnet enabled allows remote attackers to cause a denial of service (reboot) via a series of login attempts with invalid usernames and passwords.
[4461]
[20020409 Aironet Telnet Vulnerability]
[cisco-aironet-telnet-dos(8788)]
-
Entry
Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 and 2.79 allows remote attackers to execute script via an ID3v1 or ID3v2 tag in an MP3 file.
[4414]
[20020403 Re: Winamp: Mp3 file can control the minibrowser]
[20020403 Winamp: Mp3 file can control the minibrowser]
[winamp-mp3-browser-css(8753)]
-
Entry
Cross-site scripting vulnerability in SunShop 2.5 and earlier allows remote attackers to gain administrative privileges to SunShop by injecting the script into fields during new customer registration.
[4506]
[20020413 SunSop: cross-site-scripting bug]
[sunshop-new-cust-css(8840)]
-
Entry
Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process.
[4033]
[20020206 Remote Compromise in Oracle 9i Database Server]
[CA-2002-08]
[VU#180147]
[http://otn.oracle.com/deploy/security/pdf/plsextproc_alert.pdf]
[oracle-plsql-remote-access(8089)]
-
Entry
Oracle 9i Application Server allows remote attackers to bypass access restrictions for configuration files via a direct request to the XSQL Servlet (XSQLServlet).
[4298]
[20020206 Hackproofing Oracle Application Server paper]
[CA-2002-08]
[VU#977251]
[http://www.nextgenss.com/papers/hpoas.pdf]
[oracle-appserver-config-file-access(8453)]
-
Entry
Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax.
[4523]
[20020416 ansi outer join syntax in Oracle allows access to any data]
[M-071]
[http://otn.oracle.com/deploy/security/pdf/sql_joins_alert.pdf]
[5236]
[oracle-ansi-sql-bypass-acl(8855)]
-
Entry
Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog function when the wall command cannot be executed.
[4639]
[20020430 Adivosry + Exploit for Remote Root Hole in Default Installation of Popular Commercial Operating System]
[CA-2002-10]
[VU#638099]
[778]
[oval:org.mitre.oval:def:41]
[oval:org.mitre.oval:def:79]
[20020430 [VulnWatch] Adivosry + Exploit for Remote Root Hole in Default Installation of Popular Commercial Operating System]
[solaris-rwall-format-string(8971)]
-
Entry
Memory leak in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (memory exhaustion) via ICMP echo packets that trigger a bug in ip_output() in which the reference count for a routing table entry is not decremented, which prevents the entry from being removed.
[4539]
[FreeBSD-SA-02:21]
[5232]
[freebsd-icmp-echo-reply-dos(8893)]
-
Entry
Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges.
[4560]
[20020419 OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow]
[20020420 OpenSSH Security Advisory (adv.token)]
[20020426 Revised OpenSSH Security Advisory (adv.token)]
[20020429 TSLSA-2002-0047 - openssh]
[20020517 OpenSSH 3.2.2 released (fwd)]
[CSSA-2002-022.2]
[781]
[20020419 OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow]
[openssh-sshd-kerberos-bo(8896)]
-
Entry
ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which leaks the pathname in an error message.
[4542]
[20020418 KPMG-2002013: Coldfusion Path Disclosure]
[http://www.macromedia.com/v1/handlers/index.cfm?ID=22906]
[3337]
[20020418 [VulnWatch] KPMG-2002013: Coldfusion Path Disclosure]
[coldfusion-dos-device-path-disclosure(8866)]
-
Entry
Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes an HTTP redirect.
[4640]
[20020430 RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS)]
[CLA-2002:490]
[RHSA-2002:192]
[RHSA-2003:046]
[mozilla-css-files-exist(8977)]
-
Entry
LANMAN service on Microsoft Windows 2000 allows remote attackers to cause a denial of service (CPU/memory exhaustion) via a stream of malformed data to microsoft-ds port 445.
[4532]
[20020417 KPMG-2002011: Windows 2000 microsoft-ds Denial of Service]
[VU#693099]
[Q320751]
[5179]
[20020417 [VulnWatch] KPMG-2002011: Windows 2000 microsoft-ds Denial of Service]
[win2k-lanman-dos(8867)]
-
Entry
Format string vulnerability in Foundstone FScan 1.12 with banner grabbing enabled allows remote attackers to execute arbitrary code on the scanning system via format string specifiers in the server banner.
[4549]
[20020419 KPMG-2002014: Foundstone Fscan Format String Bug]
[20020501 FW: Fscan advisory (fwd)]
[http://www.foundstone.com/knowledge/fscan112_advisory.html]
[20020419 KPMG-2002014: Foundstone Fscan Format String Bug]
[fscan-banner-format-string(8895)]
-
Entry
Blahz-DNS 0.2 and earlier allows remote attackers to bypass authentication and modify configuration by directly requesting CGI programs such as dostuff.php instead of going through the login screen.
[4618]
[20020428 Blahz-DNS: Authentication bypass vulnerability]
[http://sourceforge.net/project/shownotes.php?release_id=87004]
[5178]
[blahzdns-auth-bypass(8951)]
-
Entry
ISS RealSecure Network Sensor 5.x through 6.5 allows remote attackers to cause a denial of service (crash) via malformed DHCP packets that cause RealSecure to dereference a null pointer.
[4649]
[20020430 ISS Advisory: Remote Denial of Service Vulnerability in RealSecure Network Sensor]
[20020430 Remote Denial of Service Vulnerability in RealSecure Network Sensor]
[5165]
[rs-ns-dhcp-dos(8961)]
-
Entry
Buffer overflow in Flash OCX for Macromedia Flash 6 revision 23 (6,0,23,0) allows remote attackers to execute arbitrary code via a long movie parameter.
[4664]
[20020503 Macromedia Flash Activex Buffer overflow]
[http://www.macromedia.com/support/flash/ts/documents/buf_ovflow_623.htm]
[20020503 Macromedia Flash Activex Buffer overflow]
[5177]
[20020503 Macromedia Flash Activex Buffer overflow]
[20020502 [VulnWatch] Macromedia Flash Activex Buffer overflow]
[flash-activex-movie-bo(8993)]
-
Entry
dnstools.php for DNSTools 2.0 beta 4 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user_logged_in or user_dnstools_administrator parameters.
[4617]
[20020428 dnstools: authentication bypass vulnerability]
[http://www.dnstools.com/dnstools_2.0.1.tar.gz]
[dnstools-auth-bypass(8948)]
-
Entry
The Windows Media Active Playlist in Microsoft Windows Media Player 7.1 stores information in a well known location on the local file system, allowing attackers to execute HTML scripts in the Local Computer zone, aka "Media Playback Script Invocation".
[5110]
[MS02-032]
[mediaplayer-playlist-script-execution(9422)]
-
Entry
The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability."
[5063]
[MS02-031]
[excel-inline-macro-execution(9397)]
-
Entry
The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass."
[5064]
[MS02-031]
[5175]
[excel-hyperlink-macro-execution(9398)]
-
Entry
The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution".
[4821]
[http://www.guninski.com/ex$el2.html]
[MS02-031]
[20020524 Excel XP xml stylesheet problems]
[excel-xsl-script-execution(9399)]
-
Entry
The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788).
[5066]
[20020514 dH team & SECURITY.NNOV: A variant of "Word Mail Merge" vulnerability]
[MS02-031]
[word-mail-merge-variant(9077)]
-
Entry
Buffer overflow in the Office Web Components (OWC) package installer used by Microsoft Commerce Server 2000 allows remote attackers to cause the process to fail or run arbitrary code in the LocalSystem security context via certain input to the OWC package installer.
[5108]
[20020703 Remotely Exploitable Buffer Overruns in Microsoft's Commerce Server 2000/2 (#NISRNISR03062002)]
[MS02-033]
[5172]
[mscs-owc-installer-bo(9424)]
-
Entry
The Office Web Components (OWC) package installer for Microsoft Commerce Server 2000 allows remote attackers to execute commands by passing the commands as input to the OWC package installer, aka "OWC Package Command Execution".
[5111]
[20020703 Remotely Exploitable Buffer Overruns in Microsoft's Commerce Server 2000/2 (#NISRNISR03062002)]
[MS02-033]
[5170]
[mscs-owc-installer-permissions(9425)]
-
Entry
Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Server 2000 and 2002 allows remote attackers to execute arbitrary code via long authentication data, aka "New Variant of the ISAPI Filter Buffer Overrun".
[5112]
[MS02-033]
[5163]
[mscs-authfilter-isapi-bo-variant(9426)]
-
Entry
The Web server for Polycom ViewStation before 7.2.4 allows remote attackers to bypass authentication and read files via Unicode encoded requests.
[5632]
[M-123]
[http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf]
[20020904 Multiple Remote Vulnerabilities in Polycom Videoconferencing Products]
[viewstation-unicode-retrieve-password(9348)]
-
Entry
The Telnet service for Polycom ViewStation before 7.2.4 allows remote attackers to cause a denial of service (crash) via long or malformed ICMP packets.
[5637]
[M-123]
[http://www.polycom.com/common/pw_item_show_doc/0,,1444,00.pdf]
[20020904 Multiple Remote Vulnerabilities in Polycom Videoconferencing Products]
[viewstation-icmp-dos(9350)]
-
Entry
Unknown vulnerability in nveventd in NetVisualyzer on SGI IRIX 6.5 through 6.5.16 allows local users to write arbitrary files and gain root privileges.
[5092]
[20020607-02-I]
[irix-nveventd-file-write(9418)]
-
Entry
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.
[5344]
[20020729 RAZOR advisory: Linux util-linux chfn local root vulnerability]
[20020730 TSLSA-2002-0064 - util-linux]
[CSSA-2002-043.0]
[VU#405955]
[CLA-2002:523]
[HPSBTL0207-054]
[MDKSA-2002:047]
[5164]
[RHSA-2002:132]
[RHSA-2002:137]
[20020729 [VulnWatch] RAZOR advisory: Linux util-linux chfn local root vulnerability]
[utillinux-chfn-race-condition(9709)]
-
Entry
Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote attackers to execute arbitrary code during challenge response authentication (ChallengeResponseAuthentication) when OpenSSH is using SKEY or BSD_AUTH authentication.
[5093]
[20020626 OpenSSH Security Advisory (adv.iss)]
[20020626 Revised OpenSSH Security Advisory (adv.iss)]
[20020626 [OpenPKG-SA-2002.005] OpenPKG Security Advisory (openssh)]
[20020627 How to reproduce OpenSSH Overflow.]
[CSSA-2002-030.0]
[CA-2002-18]
[VU#369347]
[CLA-2002:502]
[DSA-134]
[ESA-20020702-016]
[HPSBUX0206-195]
[20020626 OpenSSH Remote Challenge Vulnerability]
[MDKSA-2002:040]
[https://twitter.com/RooneyMcNibNug/status/1152332585349111810]
[2002-005]
[6245]
[openssh-challenge-response-bo(9169)]
-
Entry
Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote attackers to execute arbitrary code via a large number of responses during challenge response authentication when OpenBSD is using PAM modules with interactive keyboard authentication (PAMAuthenticationViaKbdInt).
[5093]
[20020626 OpenSSH Security Advisory (adv.iss)]
[20020626 Revised OpenSSH Security Advisory (adv.iss)]
[20020627 How to reproduce OpenSSH Overflow.]
[20020628 Sun statement on the OpenSSH Remote Challenge Vulnerability]
[CSSA-2002-030.0]
[CA-2002-18]
[VU#369347]
[CLA-2002:502]
[DSA-134]
[ESA-20020702-016]
[HPSBUX0206-195]
[MDKSA-2002:040]
[839]
[RHSA-2002:127]
[RHSA-2002:131]
[SuSE-SA:2002:024]
-
Entry
The registry key containing the SQL Server service account information in Microsoft SQL Server 2000, including Microsoft SQL Server Desktop Engine (MSDE) 2000, has insecure permissions, which allows local users to gain privileges, aka "Incorrect Permission on SQL Server Service Account Registry Key."
[5205]
[CA-2002-22]
[VU#796313]
[MS02-034]
[oval:org.mitre.oval:def:1025]
[mssql-registry-insecure-permissions(9523)]
-
Entry
Buffer overflow in a legacy ActiveX control used to display specially formatted text in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to execute arbitrary code, aka "Buffer Overrun in Legacy Text Formatting ActiveX Control".
[5558]
[MS02-047]
[ms-legacytext-activex-bo(9935)]
-
Entry
The legacy <script> data-island capability for XML in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to read arbitrary XML files, and portions of other files, via a URL whose "src" attribute redirects to a local file.
[5560]
[20020823 Accessing remote/local content in IE (GM#009-IE)]
[MS02-047]
[oval:org.mitre.oval:def:1026]
[oval:org.mitre.oval:def:1148]
[oval:org.mitre.oval:def:1207]
[oval:org.mitre.oval:def:608]
[oval:org.mitre.oval:def:776]
[ie-xml-redirect-read-files(9936)]
-
Entry
The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop.
[5312]
[20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)]
[MS02-039]
[20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)]
[878]
[mssql-resolution-keepalive-dos(9662)]
-
Entry
Buffer overflow in the DNS resolver code used in libc, glibc, and libbind, as derived from ISC BIND, allows remote malicious DNS servers to cause a denial of service and possibly execute arbitrary code via the stub resolvers.
[IY32719]
[IY32746]
[5100]
[20020626 Remote buffer overflow in resolver code of libc]
[20020704 [OpenPKG-SA-2002.006] OpenPKG Security Advisory (bind)]
[CSSA-2002-SCO.37]
[CSSA-2002-SCO.39]
[CA-2002-19]
[VU#803539]
[CLSA-2002:507]
[ESA-20020724-018]
[FreeBSD-SA-02:28]
[MDKSA-2002:038]
[MDKSA-2002:043]
[http://www.pine.nl/advisories/pine-cert-20020601.txt]
[NetBSD-SA2002-006]
[20020703 Buffer overflow and DoS i BIND]
[oval:org.mitre.oval:def:4190]
[RHSA-2002:119]
[RHSA-2002:133]
[RHSA-2002:139]
[RHSA-2002:167]
[RHSA-2003:154]
[20020701-01-I]
[dns-resolver-lib-bo(9432)]
-
Entry
Off-by-one buffer overflow in the ssl_compat_directive function, as called by the rewrite_command hook for mod_ssl Apache module 2.8.9 and earlier, allows local users to execute arbitrary code as the Apache server user via .htaccess files with long entries.
[5084]
[20020624 Apache mod_ssl off-by-one vulnerability]
[20020628 TSL-2002-0058 - apache/mod_ssl]
[CSSA-2002-031.0]
[CLA-2002:504]
[DSA-135]
[ESA-20020702-017]
[HPSBTL0207-052]
[MDKSA-2002:048]
[RHSA-2002:134]
[RHSA-2002:135]
[RHSA-2002:136]
[RHSA-2002:146]
[RHSA-2002:164]
[RHSA-2003:106]
[SuSE-SA:2002:028]
[20020622 Another flaw in Apache?]
[apache-modssl-htaccess-bo(9415)]
-
Entry
OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.
[5352]
[20020730 [OpenPKG-SA-2002.007] OpenPKG Security Advisory (mm)]
[CSSA-2002-032.0]
[DSA-137]
[FreeBSD-SN-02:05]
[HPSBTL0208-056]
[MDKSA-2002:045]
[RHSA-2002:153]
[RHSA-2002:154]
[RHSA-2002:156]
[RHSA-2002:163]
[RHSA-2002:164]
[RHSA-2003:158]
[SuSE-SA:2002:028]
[mm-tmpfile-symlink(9719)]
-
Entry
scrollkeeper-get-cl in ScrollKeeper 0.3 to 0.3.11 allows local users to create and overwrite files via a symlink attack on the scrollkeeper-tempfile.x temporary files.
[5602]
[20020902 The ScrollKeeper Root Trap]
[20020904 GLSA: scrollkeeper]
[DSA-160]
[RHSA-2002:186]
[scrollkeeper-tmp-file-symlink(10002)]
-
Entry
Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet Firewall 3.0.4.91 and Norton Internet Security 2001 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large outgoing HTTP request.
[A071502-1]
[5237]
[http://securityresponse.symantec.com/avcenter/security/Content/2002.07.15.html]
[4366]
[20020715 Re: [VulnWatch] Advisory Name: Norton Personal Internet Firewall HTTP Proxy Vulnerability]
[norton-fw-http-bo(9579)]
-
Entry
Macromedia JRun Administration Server allows remote attackers to bypass authentication on the login form via an extra slash (/) in the URL.
[5118]
[20020628 wp-02-0009: Macromedia JRun Admin Server Authentication Bypass]
[http://www.macromedia.com/v1/handlers/index.cfm?ID=23164]
[20020628 [VulnWatch] wp-02-0009: Macromedia JRun Admin Server Authentication Bypass]
[jrun-forwardslash-auth-bypass(9450)]
-
Entry
The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows authenticated users to modify the Call Forwarding settings and hijack calls.
[A071202-1]
[http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp]
[5144]
[pingtel-xpressa-call-hijacking(9563)]
-
Entry
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 downloads phone applications from a web site but can not verify the integrity of the applications, which could allow remote attackers to install Trojan horse applications via DNS spoofing.
[A071202-1]
[5224]
[http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp]
[pingtel-xpressa-dns-spoofing(9566)]
-
Entry
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to restore the phone to factory defaults without authentication via a menu option, which sets the administrator password to null.
[A071202-1]
[http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp]
[pingtel-xpressa-factory-defaults(9567)]
-
Entry
The enrollment process for Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 allows attackers with physical access to the phone to log out the current user and re-register the phone using MyPingtel Sign-In to gain remote access and perform unauthorized actions.
[A071202-1]
[http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp]
[pingtel-xpressa-phone-reregister(9568)]
-
Entry
Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 does not "time out" an inactive administrator session, which could allow other users to perform administrator actions if the administrator does not explicitly end the authentication.
[A071202-1]
[5221]
[http://www.pingtel.com/PingtelAtStakeAdvisoryResponse.jsp]
[pingtel-xpressa-admin-timeout(9569)]
-
Entry
SoftwareUpdate for MacOS 10.1.x does not use authentication when downloading a software update, which could allow remote attackers to execute arbitrary code by posing as the Apple update server via techniques such as DNS spoofing or cache poisoning, and supplying Trojan Horse updates.
[5176]
[20020706 MacOS X SoftwareUpdate Vulnerability]
[http://www.cunap.com/~hardingr/projects/osx/exploit.html]
[5137]
[macos-softwareupdate-no-auth(9502)]
-
Entry
CDE ToolTalk database server (ttdbserver) allows local users to overwrite arbitrary files via a symlink attack on the transaction log file used by the _TT_TRANSACTION RPC procedure.
[IY32368]
[IY32370]
[5083]
[20020710 [CORE-20020528] Multiple vulnerabilities in ToolTalk Database server]
[CSSA-2002-SCO.28]
[CA-2002-20]
[VU#299816]
[HPSBUX0207-199]
[oval:org.mitre.oval:def:175]
[oval:org.mitre.oval:def:2770]
[oval:org.mitre.oval:def:80]
[20021101-01-P]
[tooltalk-ttdbserverd-tttransaction-symlink(9527)]
-
Entry
Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC database server (rpc.ttdbserverd) allows remote attackers to execute arbitrary code via an argument to the _TT_CREATE_FILE procedure.
[IY32792]
[IY32793]
[5444]
[20020812 ENTERCEPT RICOCHET ADVISORY: Multi-Vendor CDE ToolTalk Database]
[CSSA-2002-SCO.28.1]
[CA-2002-26]
[VU#387387]
[SSRT2274]
[http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F46366&zone_32=category%3Asecurity]
[HPSBUX0207-199]
[oval:org.mitre.oval:def:177]
[oval:org.mitre.oval:def:192]
[tooltalk-ttdbserverd-ttcreatefile-bo(9822)]
-
Entry
Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remote attackers to execute script as other web users via script in a URL with the /servlet/ mapping, which does not filter the script when an exception is thrown by the servlet.
[5193]
[20020710 wp-02-0008: Apache Tomcat Cross Site Scripting]
[[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/]
[[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/]
[[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/]
[4973]
[20020710 [VulnWatch] wp-02-0008: Apache Tomcat Cross Site Scripting]
[tomcat-servlet-xss(9520)]
-
Entry
Heap-based buffer overflow in the message decoding functionality for PGP Outlook Encryption Plug-In, as used in NAI PGP Desktop Security 7.0.4, Personal Security 7.0.3, and Freeware 7.0.3, allows remote attackers to modify the heap and gain privileges via a large, malformed mail message.
[5202]
[20020710 EEYE: Remote PGP Outlook Encryption Plug-in Vulnerability]
[VU#821139]
[http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.04/hotfix/ReadMe.txt]
[20020710 EEYE: Remote PGP Outlook Encryption Plug-in Vulnerability]
[4364]
[pgp-outlook-heap-overflow(9525)]
-
Entry
The "through the web code" capability for Zope 2.0 through 2.5.1 b1 allows untrusted users to shut down the Zope server via certain headers.
[5813]
[http://www.zope.org/Products/Zope/Hotfix_2002-04-15/security_alert]
[5166]
[RHSA-2002:060]
[zope-inject-headers-dos(9621)]
-
Entry
ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 allows anonymous users and untrusted code to bypass access restrictions and call arbitrary methods of catalog indexes.
[5812]
[http://www.zope.org/Products/Zope/Hotfix_2002-06-14/security_alert]
[DSA-490]
[RHSA-2002:060]
[zope-zcatalog-index-bypass(9610)]
-
Entry
Microsoft Internet Explorer 5.01 and 5.5 allows remote attackers to execute scripts in the Local Computer zone via a URL that references a local HTML resource file, a variant of "Cross-Site Scripting in Local HTML Resource" as identified by CAN-2002-0189.
[5561]
[MS02-047]
[ie-local-resource-xss(9938)]
-
Entry
Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft FrontPage Server Extensions (FPSE) 2000 and 2002 allows remote attackers to cause a denial of service (CPU consumption) or run arbitrary code, respectively, via a certain type of web file request.
[5804]
[VU#723537]
[20020927 Buffer Overrun in SmartHTML Interpreter Could Allow Code Executio n (Q324096)]
[MS02-053]
[fpse-smarthtml-interpreter-bo(10195)]
[fpse-smarthtml-interpreter-dos(10194)]
-
Entry
The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Millennium Edition, NT 4.0, NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP uses the Local Computer Security Zone when opening .chm files from the Temporary Internet Files folder, which allows remote attackers to execute arbitrary code via HTML mail that references or inserts a malicious .chm file containing shortcuts that can be executed, aka "Code Execution via Compiled HTML Help File."
[MS02-055]
[oval:org.mitre.oval:def:403]
[win-chm-code-execution(10254)]
-
Entry
Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command.
[5372]
[http://www.nextgenss.com/advisories/mssql-ors.txt]
[MS02-040]
[mssql-mdac-openrowset-bo(9734)]
-
Entry
Microsoft Visual FoxPro 6.0 does not register its associated files with Internet Explorer, which allows remote attackers to execute Visual FoxPro applications without warning via HTML that references specially-crafted filenames.
[5633]
[M-120]
[MS02-049]
[ms-foxpro-app-execution(10035)]
-
Entry
Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials.
[5308]
[MS02-036]
[mms-data-repository-access(9657)]
-
Entry
Buffer overflow in Internet Mail Connector (IMC) for Microsoft Exchange Server 5.5 allows remote attackers to execute arbitrary code via an EHLO request from a system with a long name as obtained through a reverse DNS lookup, which triggers the overflow in IMC's hello response.
[5306]
[20020724 Remote Buffer Overflow Vulnerability in Microsoft Exchange Server]
[MS02-037]
[Q326322]
[exchange-imc-ehlo-bo(9658)]
-
Entry
Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise."
[5420]
[MS02-041]
[4862]
[mcms-authentication-bo(9783)]
-
Entry
ktrace in BSD-based operating systems allows the owner of a process with special privileges to trace the process after its privileges have been lowered, which may allow the owner to obtain sensitive information that the process obtained while it was running with the extra privileges.
[5133]
[FreeBSD-SA-02:30]
[20020627 009: SECURITY FIX: June 27, 2002]
[openbsd-ktrace-gain-privileges(9474)]
-
Entry
An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl could produce incorrect MD5 checksums for UTF-8 data, which could prevent a system from properly verifying the integrity of the data.
[4716]
[MDKSA-2002:035]
[RHSA-2002:081]
[linux-utf8-incorrect-md5(9051)]
-
Entry
The Network Address Translation (NAT) capability for Netfilter ("iptables") 1.2.6a and earlier leaks translated IP addresses in ICMP error messages.
[4699]
[20020508 [CARTSA-20020402] Linux Netfilter NAT/ICMP code information leak]
[HPSBTL0205-039]
[MDKSA-2002:030]
[RHSA-2002:086]
[linux-netfilter-information-leak(9043)]
-
Entry
Directory traversal vulnerability in sendform.cgi 1.44 and earlier allows remote attackers to read arbitrary files by specifying the desired files in the BlurbFilePath parameter.
[5286]
[20020730 Directory traversal vulnerability in sendform.cgi]
[http://www.scn.org/~bb615/scripts/sendform.html]
[3568]
[20020731 [VulnWatch] Directory traversal vulnerability in sendform.cgi]
[sendform-blurbfile-directory-traversal(9725)]
-
Entry
FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresses of control and data connections with the FTP server, which allows remote attackers to bypass firewall rules or spoof FTP server responses.
[5158]
[20020715 TSLSA-2002-0062 - squid]
[CSSA-2002-046.0]
[CLA-2002:506]
[http://www.squid-cache.org/Advisories/SQUID-2002_3.txt]
[http://www.squid-cache.org/Versions/v2/2.4/bugs/]
[MDKSA-2002:044]
[5924]
[RHSA-2002:051]
[RHSA-2002:130]
[SuSE-SA:2002:025]
[squid-ftp-data-injection(9479)]
-
Entry
Format string vulnerability in crontab for SCO OpenServer 5.0.5 and 5.0.6 allows local users to gain privileges via format string specifiers in the file name argument.
[4938]
[20020604 SRT Security Advisory (SRT2002-06-04-1711): SCO crontab]
[CSSA-2002-SCO.35]
[20020604 SRT Security Advisory (SRT2002-06-04-1711): SCO crontab]
[openserver-crontab-format-string(9271)]
-
Entry
Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function."
[5421]
[MS02-041]
[mcms-authoring-file-execution(9784)]
-
Entry
SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files.
[5422]
[MS02-041]
[mcms-resource-sql-injection(9785)]
-
Entry
A handler routine for the Network Connection Manager (NCM) in Windows 2000 allows local users to gain privileges via a complex attack that causes the handler to run in the LocalSystem context with user-specified code.
[5480]
[MS02-042]
[oval:org.mitre.oval:def:26]
[win2k-ncm-gain-privileges(9856)]
-
Entry
Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to misrepresent the source of a file in the File Download dialogue box to trick users into thinking that the file type is safe to download, aka "File Origin Spoofing."
[5559]
[20020828 Origin of downloaded files can be spoofed in MSIE]
[MS02-047]
[5129]
[ie-file-origin-spoofing(9937)]
-
Entry
Buffer overflow in Microsoft Terminal Services Advanced Client (TSAC) ActiveX control allows remote attackers to execute arbitrary code via a long server name field.
[A082802-1]
[5554]
[MS02-046]
[ms-tsac-activex-bo(9934)]
-
Entry
The Host function in Microsoft Office Web Components (OWC) 2000 and 2002 is exposed in components that are marked as safe for scripting, which allows remote attackers to execute arbitrary commands via the setTimeout method.
[4449]
[20020408 Scripting for the scriptless with OWC in IE (GM#005-IE)]
[MS02-044]
[3006]
[owc-spreadsheet-host-script-execution (8777)]
-
Entry
Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator.
[20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)]
[20020725 Microsoft SQL Server 2000 Unauthenticated System Compromise (#NISR25072002)]
-
Entry
Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message.
[4601]
[http://www.acme.com/software/thttpd/#releasenotes]
[http://www.ifrance.com/kitetoua/tuto/5holes1.txt]
[5125]
[20020417 Smalls holes on 5 products #1]
[thttpd-error-page-css(9029)]
-
Entry
b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly load the b2config.php file in some configurations, which allows remote attackers to execute arbitrary PHP code via a URL that sets the $b2inc variable to point to a malicious program stored on a remote server.
[4673]
[20020506 b2 php remote command execution]
[http://cafelog.com/]
[b2-b2inc-command-execution(9013)]
-
Entry
Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank.
[4528]
[20020416 Back Office Web Administrator Authentication Bypass (#NISR17042002A)]
[Q316838]
[backoffice-bypass-authentication(8862)]
-
Entry
Sambar web server before 5.2 beta 1 allows remote attackers to obtain source code of server-side scripts, or cause a denial of service (resource exhaustion) via DOS devices, using a URL that ends with a space and a null character.
[4533]
[20020417 KPMG-2002012: Sambar Webserver Serverside Fileparse Bypass]
[http://www.sambar.com/security.htm]
[5123]
[20020417 [VulnWatch] KPMG-2002012: Sambar Webserver Serverside Fileparse Bypass]
[sambar-script-source-disclosure(8876)]
-
Entry
MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by (1) splitting the SCRIPT tag into smaller pieces, (2) including the script in a SRC argument to an IMG tag, or (3) using "&={script}" syntax.
[4546]
[20020418 MHonArc v2.5.2 Script Filtering Bypass Vulnerability]
[http://www.mhonarc.org/MHonArc/CHANGES]
[DSA-163]
[mhonarc-script-filtering-bypass(8894)]
-
Entry
psyBNC 2.3 allows remote attackers to cause a denial of service (CPU consumption and resource exhaustion) by sending a PASS command with a long password argument and quickly killing the connection, which is not properly terminated by psyBNC.
[4570]
[20020422 Re: psyBNC 2.3 DoS / Bug]
[20020422 psyBNC 2.3 DoS / bug]
[20020423 PsyBNC Remote Dos POC]
[psybnc-long-password-dos(8912)]
-
Entry
LabVIEW Web Server 5.1.1 through 6.1 allows remote attackers to cause a denial of service (crash) via an HTTP GET request that ends in two newline characters, instead of the expected carriage return/newline combinations.
[4577]
[20020423 LabVIEW Web Server DoS Vulnerability]
[http://digital.ni.com/public.nsf/websearch/4C3F86E655E5389886256BA00064B22F?OpenDocument]
[5119]
[labview-http-get-dos(8919)]
-
Entry
Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them.
[3919]
[FreeBSD-SA-02:07]
[kerberos5-k5su-elevate-privileges(7956)]
-
Entry
Kerberos 5 su (k5su) in FreeBSD 4.5 and earlier does not verify that a user is a member of the wheel group before granting superuser privileges, which could allow unauthorized users to execute commands as root.
[4777]
[FreeBSD-SA-02:24]
[4893]
[freebsd-k5su-gain-privileges(9125)]
-
Entry
ifup-dhcp script in the sysconfig package for SuSE 8.0 allows remote attackers to execute arbitrary commands via spoofed DHCP responses, which are stored and executed in a file.
[4695]
[SuSE-SA:2002:016]
[suse-sysconfig-command-execution(9040)]
-
Entry
bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive.
[4774]
[CSSA-2002-039.0]
[FreeBSD-SA-02:25]
[bzip2-decompression-file-overwrite(9126)]
-
Entry
Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.
[4775]
[CSSA-2002-039.0]
[FreeBSD-SA-02:25]
[bzip2-decompression-race-condition(9127)]
-
Entry
bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended.
[4776]
[CSSA-2002-039.0]
[FreeBSD-SA-02:25]
[bzip2-compression-symlink(9128)]
-
Entry
shadow package in SuSE 8.0 allows local users to destroy the /etc/passwd and /etc/shadow files or assign extra group privileges to some users by changing filesize limits before calling programs that modify the files.
[4757]
[SuSE-SA:2002:017]
[suse-shadow-filesize-limits(9102)]
-
Entry
sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password.
[4803]
[20020527 OpenSSH 3.2.3 released (fwd)]
[20020522 004: SECURITY FIX: May 22, 2002]
[5113]
[bsd-sshd-authentication-error(9215)]
-
Entry
OpenBSD 2.9 through 3.1 allows local users to cause a denial of service (resource exhaustion) and gain root privileges by filling the kernel's file descriptor table and closing file descriptors 0, 1, or 2 before executing a privileged process, which is not properly handled when OpenBSD fails to open an alternate descriptor.
[4708]
[20020509 OpenBSD local DoS and root exploit]
[VU#314963]
[20020508 003: SECURITY FIX: May 8, 2002]
[5114]
[5715]
[20020509 OpenBSD local DoS and root exploit]
[openbsd-file-descriptor-dos(9048)]
-
Entry
Buffer overflow in lukemftp FTP client in SuSE 6.4 through 8.0, and possibly other operating systems, allows a malicious FTP server to execute arbitrary code via a long PASV command.
[SuSE-SA:2002:018]
[lukemftp-pasv-bo(9130)]
-
Entry
getuserdesc.asp in Hosting Controller 2002 allows remote attackers to change the passwords of arbitrary users and gain privileges by modifying the username parameter, as addressed by the "UpdateUser" hot fix.
[5229]
[20020713 Hosting Controller Vulnerability]
[http://hostingcontroller.com/english/logs/sp2log.html]
[hosting-controller-password-modification(9554)]
-
Entry
Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlier allows remote attackers to execute arbitrary code via a long "bind DN" parameter.
[4780]
[20020520 Foundstone Advisory - Buffer Overflow in Ipswitch Imail 7.1 and prior (fwd)]
[imail-ldap-bo(9116)]
-
Entry
The default configuration of the proxy for Cisco Cache Engine and Content Engine allows remote attackers to use HTTPS to make TCP connections to allowed IP addresses while hiding the actual source IP.
[4751]
[20020528 Transparent Cache Engine and Content Engine TCP Relay Vulnerability]
[cisco-cache-content-tcp-forward(9082)]
-
Entry
AOL Instant Messenger (AIM) allows remote attackers to cause a denial of service (crash) via an "AddBuddy" link with the ScreenName parameter set to a large number of comma-separated values, possibly triggering a buffer overflow.
[4709]
[20020508 Hole in AOL Instant Messenger]
[VU#259435]
[5109]
[aim-addbuddy-bo(9058)]
-
Entry
An interaction between PGP 7.0.3 with the "wipe deleted files" option, when used on Windows Encrypted File System (EFS), creates a cleartext temporary files that cannot be wiped or deleted due to strong permissions, which could allow certain local users or attackers with physical access to obtain cleartext information.
[4702]
[20020508 NTFS and PGP interact to expose EFS encrypted data]
[http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1/hotfix/ReadMe.txt]
[4363]
[pgp-ntfs-reveal-data(9044)]
-
Entry
Buffer overflow in search.cgi in mnoGoSearch 3.1.19 and earlier allows remote attackers to execute arbitrary code via a long query (q) parameter.
[4724]
[20020511 Bug in mnogosearch-3.1.19]
[http://www.mnogosearch.org/Download/mnogosearch-3.1.20.tar.gz]
[http://www.mnogosearch.org/history.html#log31]
[mnogosearch-search-cgi-bo(9060)]
-
Entry
clchkspuser and clpasswdremote in AIX expose an encrypted password in the cspoc.log file, which could allow local users to gain privileges.
[IY24556]
-
Entry
The accept_filter mechanism in FreeBSD 4 through 4.5 does not properly remove entries from the incomplete listen queue when adding a syncache, which allows remote attackers to cause a denial of service (network service availability) via a large number of connection attempts, which fills the queue.
[4879]
[FreeBSD-SA-02:26]
[5081]
[freebsd-accept-filter-dos(9209)]
-
Entry
The rc system startup script for FreeBSD 4 through 4.5 allows local users to delete arbitrary files via a symlink attack on X Windows lock files.
[4880]
[FreeBSD-SA-02:27]
[5083]
[freebsd-rc-delete-directories(9217)]
-
Entry
Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows remote attackers to execute arbitrary code via a direct request to the filter with a long HTTP host header field in a URL for a .jsp file.
[4873]
[20020529 Addendum to advisory #NISR29052002 (JRun buffer overflow)]
[20020529 Macromedia JRUN Buffer overflow vulnerability (#NISR29052002)]
[CA-2002-14]
[VU#703835]
[5082]
[20020529 [VulnWatch] FW: Macromedia JRUN Buffer overflow vulnerability (#NISR29052002)]
[jrun-isapi-host-bo(9194)]
-
Entry
The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks.
[http://marc.info/?l=postgresql-general&m=102032794322362]
[RHSA-2002:149]
[postgresql-sqlascii-sql-injection(10328)]
-
Entry
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured to perform reverse DNS lookups, allows remote attackers to bypass IP restrictions by connecting from a system with a spoofed reverse DNS hostname.
[4964]
[20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 Prior To 2.14.2, 2.16 Prior To 2.16rc2]
[http://bugzilla.mozilla.org/show_bug.cgi?id=129466]
[6394]
[RHSA-2002:109]
[bugzilla-reversedns-hostname-spoof(9301)]
-
Entry
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code.
[4964]
[20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2]
[http://bugzilla.mozilla.org/show_bug.cgi?id=134575]
[6395]
[RHSA-2002:109]
[bugzilla-world-writable-dir(9302)]
-
Entry
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option.
[4964]
[20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2]
[http://bugzilla.mozilla.org/show_bug.cgi?id=141557]
[5080]
[RHSA-2002:109]
[bugzilla-edituser-user-delete(9303)]
-
Entry
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing a mass change, sets the groupset of all bugs to the groupset of the first bug, which could inadvertently cause insecure groupset permissions to be assigned to some bugs.
[4964]
[20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2]
[http://bugzilla.mozilla.org/show_bug.cgi?id=107718]
[RHSA-2002:109]
[bugzilla-masschange-change-groupset(9305)]
-
Entry
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names.
[4964]
[20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2]
[http://bugzilla.mozilla.org/show_bug.cgi?id=148674]
[RHSA-2002:109]
[bugzilla-group-permissions-removal(10141)]
-
Entry
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails.
[4964]
[20020608 [BUGZILLA] Security Advisory For Versions of Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2]
[http://bugzilla.mozilla.org/show_bug.cgi?id=92263]
[FreeBSD-SN-02:05]
[6399]
[RHSA-2002:109]
[bugzilla-shadow-database-information(9306)]
-
Entry
Heap-based buffer overflow in the TFTP server capability in Cisco IOS 11.1, 11.2, and 11.3 allows remote attackers to cause a denial of service (reset) or modify configuration via a long filename.
[5328]
[20020727 Phenoelit Advisory, 0815 ++ * - Cisco_tftp]
[20020822 Cisco IOS exploit PoC]
[20020730 TFTP Long Filename Vulnerability]
[854]
[cisco-tftp-filename-bo(9700)]
-
Entry
Buffer overflow in VMware Authorization Service for VMware GSX Server 2.0.0 build-2050 allows remote authenticated users to execute arbitrary code via a long GLOBAL argument.
[5294]
[20020724 VMware GSX Server Remote Buffer Overflow]
[20020726 Re: VMware GSX Server Remote Buffer Overflow]
[http://www.vmware.com/download/gsx_security.html]
[20020805 VMware GSX Server 2.0.1 Release and Security Alert]
[vmware-gsx-auth-bo(9663)]
-
Entry
Buffer overflow in su in Tru64 Unix 5.x allows local users to gain root privileges via a long username and argument.
[5272]
[20020719 tru64 proof of concept /bin/su non-exec bypass]
[VU#229867]
[SSRT2257]
[tru64-su-bo(9640)]
-
Entry
Format string vulnerability in super for Linux allows local users to gain root privileges via a long command line argument.
[5367]
[20020731 The SUPER Bug]
[DSA-139]
[20020730 The SUPER Bug]
[super-syslog-format-string(9741)]
-
Entry
wwwoffled in World Wide Web Offline Explorer (WWWOFFLE) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative Content-Length value.
[5260]
[20020718 wwwoffle-2.7b and prior segfaults with negative Content-Length value]
[CSSA-2002-048.0]
[DSA-144]
[SuSE-SA:2002:029]
[wwwoffle-neg-length-bo(9619)]
-
Entry
Buffer overflow in Winhlp32.exe allows remote attackers to execute arbitrary code via an HTML document that calls the HTML Help ActiveX control (HHCtrl.ocx) with a long pathname in the Item parameter.
[4857]
[20020801 Winhelp32 Remote Buffer Overrun]
[Q293338]
[20020801 Winhlp32.exe Remote BufferOverrun]
[2991]
[htmlhelp-item-bo(9746)]
-
Entry
BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device.
[5355]
[FreeBSD-SA-02:32.pppd]
[NetBSD-SA2002-010]
[20020729 011: SECURITY FIX: July 29, 2002]
[pppd-race-condition(9738)]
-
Entry
Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated users to execute arbitrary code via a long SITE CPWD command.
[A080802-1]
[5427]
[http://www.ipswitch.com/Support/WS_FTP-Server/patch-upgrades.html]
[wsftp-site-cpwd-bo(9794)]
-
Entry
Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD 4.6.1 RELEASE-p4 and earlier allows local users to access arbitrary file contents within FFS to gain privileges by creating a file that is larger than allowed by the virtual memory system.
[5399]
[FreeBSD-SA-02:35.ffs]
[5073]
[freebsd-ffs-integer-overflow(9771)]
-
Entry
Network File System (NFS) in FreeBSD 4.6.1 RELEASE-p7 and earlier, NetBSD 1.5.3 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service (hang) via an RPC message with a zero length payload, which causes NFS to reference a previous payload and enter an infinite loop.
[5402]
[http://www.info.apple.com/usen/security/security_updates.html]
[FreeBSD-SA-02:36.nfs]
[NetBSD-SA2002-013]
[5072]
[bsd-nfs-rpc-dos(9772)]
-
Entry
The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local users to cause a denial of service (kernel panic) via a pipe call in which one end is terminated and an EVFILT_WRITE filter is registered for the other end.
[5405]
[FreeBSD-SA-02:37.kqueue]
[5069]
[freebsd-kqueue-dos(9774)]
-
Entry
Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones.
[5596]
[CSSA-2002-044.0]
[HPSBTL0209-066]
[RHSA-2002:162]
[RHSA-2002:165]
[pxe-dhcp-dos(10003)]
-
Entry
dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.
[5978]
[20021018 GLSA: tetex]
[20021216 [OpenPKG-SA-2002.015] OpenPKG Security Advisory (tetex)]
[VU#169841]
[CLA-2002:537]
[DSA-207]
[HPSBTL0210-073]
[MDKSA-2002:070]
[RHSA-2002:194]
[RHSA-2002:195]
[dvips-system-execute-commands(10365)]
-
Entry
Cross-site scripting (XSS) vulnerability in the default error page of Apache 2.0 before 2.0.43, and 1.3.x up to 1.3.26, when UseCanonicalName is "Off" and support for wildcard DNS is present, allows remote attackers to execute script as other web page visitors via the Host: header, a different vulnerability than CAN-2002-1157.
[5847]
[20021002 Apache 2 Cross-Site Scripting]
[20021003 [OpenPKG-SA-2002.009] OpenPKG Security Advisory (apache)]
[20021017 TSLSA-2002-0069-apache]
[VU#240329]
[CLA-2002:530]
[http://marc.info/?l=apache-httpd-announce&m=103367938230488&w=2]
[http://www.apacheweek.com/issues/02-10-04]
[DSA-187]
[DSA-188]
[DSA-195]
[ESA-20021007-024]
[HPSBUX0210-224]
[MDKSA-2002:068]
[[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/]
[[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/]
[[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/]
[[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/]
[[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[862]
[RHSA-2002:222]
[RHSA-2002:243]
[RHSA-2002:244]
[RHSA-2002:248]
[RHSA-2002:251]
[RHSA-2003:106]
[20021105-02-I]
[20021002 Apache 2 Cross-Site Scripting]
[apache-http-host-xss(10241)]
-
Entry
Format string vulnerability in certain third party modifications to mod_dav for logging bad gateway messages (e.g. Oracle9i Application Server 9.0.2) allows remote attackers to execute arbitrary code via a destination URI that forces a "502 Bad Gateway" response, which causes the format string specifiers to be returned from dav_lookup_uri() in mod_dav.c, which is then used in a call to ap_log_rerror().
[6846]
[20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d)]
[20030218 CSSA-2003-007.0 Advisory withdrawn. Re: Security Update: [CSSA-2003-007.0] Linux: Apache mod_dav mo]
[20030218 Re: CSSA-2003-007.0 Advisory withdrawn.]
[CA-2003-05]
[VU#849993]
[N-046]
[http://otn.oracle.com/deploy/security/pdf/2003alert52.pdf]
[20030218 Re: CSSA-2003-007.0 Advisory withdrawn.]
[http://www.nextgenss.com/advisories/ora-appservfmtst.txt]
[20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d)]
[20030217 Oracle9i Application Server Format String Vulnerability (#NISR16022003d)]
[oracle-appserver-davpublic-dos(11330)]
-
Entry
Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD before 1.11.2 allows local users to execute arbitrary code.
[4829]
[20020525 [DER ADV#8] - Local off by one in CVSD]
[CSSA-2002-035.0]
[RHSA-2004:004]
[20040103-01-U]
[20020525 [DER ADV#8] - Local off by one in CVSD]
[cvs-rcs-offbyone-bo(9175)]
-
Entry
Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows remote attackers to execute arbitrary code via an HTTP request using chunked transfer encoding.
[5433]
[20020808 EEYE: Sun(TM) ONE / iPlanet Web Server 4.1 and 6.0 Remote Buffer Overflow]
[http://www.sun.com/service/support/software/iplanet/alerts/transferencodingalert-23july2002.html]
[iplanet-chunked-encoding-bo(9799)]
-
Entry
The decoder for Macromedia Shockwave Flash allows remote attackers to execute arbitrary code via a malformed SWF header that contains more data than the specified length.
[5430]
[20020808 EEYE: Macromedia Shockwave Flash Malformed Header Overflow]
[20020830 RE: Macromedia Shockwave Flash Malformed Header Overflow]
[http://www.macromedia.com/v1/handlers/index.cfm?ID=23293]
[RHSA-2003:026]
[RHSA-2003:027]
[flash-swf-header-bo(9798)]
-
Entry
tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers to execute arbitrary code via memory that is freed twice (double-free).
[4731]
[http://sourceforge.net/project/shownotes.php?release_id=88790]
[DSA-145]
[tinyproxy-memory-corruption(9079)]
-
Entry
Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, and 5.2.23.0003 and earlier, when using RADIUS with a challenge type of Password Authentication Protocol (PAP) or Challenge, sends the user password in cleartext in a validation retry request, which could allow remote attackers to steal passwords via sniffing.
[5417]
[20020807 Cisco VPN 5000 Series Concentrator RADIUS PAP Authentication Vulnerability]
[cisco-vpn5000-plaintext-password(9781)]
-
Entry
Buffer overflow in PGP Corporate Desktop 7.1.1 allows remote attackers to execute arbitrary code via an encrypted document that has a long filename when it is decrypted.
[5656]
[20020906 Foundstone Labs Advisory - Remotely Exploitable Buffer Overflow in PGP]
[http://download.nai.com/products/licensed/pgp/desktop_security/windows/version_7.1.1/pgphotfix_outlookplugin711/ReadMe.txt]
[20020905 Foundstone Labs Advisory - Remotely Exploitable Buffer Overflow in PGP]
[pgp-long-filename-bo(10043)]
-
Entry
Format string vulnerability in ISDN Point to Point Protocol (PPP) daemon (ipppd) in the ISDN4Linux (i4l) package allows local users to gain root privileges via format strings in the device name command line argument, which is not properly handled in a call to syslog.
[5437]
[SuSE-SA:2002:030]
[20020809 Local Root Exploit]
[isdn4linux-ipppd-format-string(9811)]
-
Entry
Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload.
[5440]
[VU#287771]
[20020812 Cisco VPN Client Multiple Vulnerabilities]
[cisco-vpn-zerolength-dos(9821)]
-
Entry
SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature.
[5457]
[http://otn.oracle.com/deploy/security/pdf/2002alert38rev1.pdf]
[20020813 Remote Denial of Service Vulnerability in Oracle9i SQL*NET]
[20020813 ISS Security Brief: Remote Denial of Service Vulnerability in Oracle9i SQL*NET]
[oracle-listener-debug-dos(9237)]
-
Entry
Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code.
[5057]
[20020619 Microsoft SQL Server 2000 OpenDataSource Buffer Overflow (#NISR19062002)]
[http://www.nextgenss.com/advisories/mssql-ods.txt]
[Q282010]
[mssql-jet-ods-bo(9375)]
-
Entry
The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target file.
[4453]
[20020408 Reading local files with OWC in IE (GM#006-IE)]
[MS02-044]
[3007]
[owc-spreadsheet-loadtext-read-files (8778)]
-
Entry
The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP allows remote attackers to cause a denial of service (crash) when Remote Desktop is enabled via a PDU Confirm Active data packet that does not set the Pattern BLT command, aka "Denial of Service in Remote Desktop."
[5713]
[20020916 Microsoft Windows XP Remote Desktop denial of service vulnerability]
[20020918 Microsoft Windows Terminal Services vulnerabilities]
[MS02-051]
[winxp-remote-desktop-dos(10120)]
-
Entry
A certain class that supports XML (Extensible Markup Language) in Microsoft Virtual Machine (VM) 5.0.3805 and earlier, probably com.ms.osp.ospmrshl, exposes certain unsafe methods, which allows remote attackers to execute unsafe code via a Java applet, aka "Inappropriate Methods Exposed in XML Support Classes."
[5752]
[VU#140898]
[MS02-052]
[msvm-xml-methods-access(10135)]
-
Entry
Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine (VM) up to and including 5.0.3805 allow remote attackers to load and execute DLLs (dynamic link libraries) via a Java applet that calls the constructor for com.ms.jdbc.odbc.JdbcOdbc with the desired DLL terminated by a null string, aka "DLL Execution via JDBC Classes."
[5751]
[20020923 Technical information about the vulnerabilities fixed by MS-02-52]
[VU#307306]
[MS02-052]
[msvm-jdbc-dll-execution(10133)]
-
Entry
Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to cause a denial of service (crash) in Internet Explorer via invalid handle data in a Java applet, aka "Handle Validation Flaw."
[5750]
[VU#792881]
[MS02-052]
[msvm-jdbc-ie-dos(10134)]
-
Entry
xinetd 2.3.4 leaks file descriptors for the signal pipe to services that are launched by xinetd, which could allow those services to cause a denial of service via the pipe.
[5458]
[20020814 GLSA: xinetd]
[DSA-151]
[MDKSA-2002:053]
[RHSA-2002:196]
[RHSA-2003:228]
[xinetd-signal-leak-dos(9844)]
-
Entry
l2tpd 0.67 does not initialize the random number generator, which allows remote attackers to hijack sessions.
[5451]
[20020813 New l2tpd release 0.68]
[DSA-152]
[l2tpd-rand-number-predictable(9845)]
-
Entry
Vulnerability in l2tpd 0.67 allows remote attackers to overwrite the vendor field via a long value in an attribute/value pair, possibly via a buffer overflow.
[20020813 New l2tpd release 0.68]
[DSA-152]
[l2tpd-vendor-field-bo(10460)]
-
Entry
Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group.
[5487]
[DSA-154]
[FreeBSD-SN-02:05]
[RHSA-2005:005]
[20000301-03-I]
[sgi-fam-insecure-permissions(9880)]
-
Entry
scoadmin for Caldera/SCO OpenServer 5.0.5 and 5.0.6 allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using log files.
[4875]
[20010522 [SRT2001-10] - scoadmin /tmp issues]
[CSSA-2002-SCO.22]
[openserver-scoadmin-symlink(9210)]
-
Entry
Buffer overflow in Qpopper (popper) 4.0.4 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a long bulldir argument in the user's .qpopper-options configuration file.
[4614]
[20020428 QPopper 4.0.4 buffer overflow]
[CSSA-2002-SCO.20]
[20020428 QPopper 4.0.4 buffer overflow]
[qpopper-bulldir-bo(8949)]
-
Entry
The web interface (WebUI) of NetScreen ScreenOS before 2.6.1r8, and certain 2.8.x and 3.0.x versions before 3.0.3r1, allows remote attackers to cause a denial of service (crash) via a long user name.
[4842]
[20020527 Netscreen 25 unauthorised reboot issue]
[http://www.netscreen.com/support/ns25_reboot.html]
[netscreen-screenos-username-dos(9186)]
-
Entry
The default configuration of NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to determine the path of the web root via a direct request to com.newatlanta.servletexec.JSP10Servlet without a filename, which leaks the pathname in an error message.
[4793]
[20020522 Multiple vulnerabilities in NewAtlanta ServletExec ISAPI 4.1]
[http://www.newatlanta.com/do/findFaq?faq_id=151]
[20020522 [VulnWatch] Multiple vulnerabilities in NewAtlanta ServletExec ISAPI 4.1]
[servletexec-jsp10servlet-path-disclosure(9139)]
-
Entry
Buffer overflow in MatuFtpServer 1.1.3.0 (1.1.3) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long PASS (password) command.
[4792]
[20020522 MatuFtpServer Remote Buffer Overflow and Possible DoS]
[matuftpserver-pass-bo(9138)]
-
Entry
LocalWEB2000 2.1.0 web server allows remote attackers to bypass access restrictions for restricted files via a URL that contains the "/./" directory.
[4820]
[20020524 [SecurityOffice] LocalWeb2000 Web Server Protected File Access Vulnerability]
[20020524 [SecurityOffice] LocalWeb2000 Web Server Protected File Access Vulnerability]
[localweb2k-protection-bypass(9165)]
-
Entry
Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary files from the client system, without prompting the client, via an input type=file tag whose value contains a newline.
[4834]
[20020527 Reading ANY local file in Opera (GM#001-OP)]
[http://www.opera.com/windows/changelog/log603.html]
[20020527 Reading ANY local file in Opera (GM#001-OP)]
[opera-browser-file-retrieval(9188)]
-
Entry
Buffer overflow in pks PGP public key web server before 0.9.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long search argument to the lookup capability.
[4828]
[20020524 pks public key server DOS and remote execution]
[http://www.rubin.ch/pgp/src/patch_buffoverflow20020525]
[pgp-pks-search-bo(9171)]
-
Entry
SayText function in Kismet 2.2.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters (backtick or pipe) in the essid argument.
[4883]
[20020528 New Kismet Packages available - SayText() and suid kismet_server issues]
[http://www.kismetwireless.net/CHANGELOG]
[20020529 New Kismet Packages available - SayText() and suid kismet_server issues]
[kismet-saytext-command-execution(9213)]
-
Entry
Buffer overflow in Sendmail before 8.12.5, when configured to use a custom DNS map to query TXT records, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malicious DNS server.
[5122]
[VU#814627]
[http://www.sendmail.org/8.12.5.html]
[oval:org.mitre.oval:def:2183]
[sendmail-dns-txt-bo(9443)]
-
Entry
Caldera Volution Manager 1.1 stores the Directory Administrator password in cleartext in the slapd.conf file, which could allow local users to gain privileges.
[4923]
[CSSA-2002-024.0]
[volution-manager-plaintext-password(9240)]
-
Entry
Double Precision Courier e-mail MTA allows remote attackers to cause a denial of service (CPU consumption) via a message with an extremely large or negative value for the year, which causes a tight loop.
[4908]
[20020601 SECURITY.NNOV: Courier CPU exhaustion + bonus on imap-uw]
[http://sourceforge.net/project/shownotes.php?release_id=93065]
[5052]
[courier-mta-year-dos(9228)]
-
Entry
Format string vulnerability in the allowuser code for the Stellar-X msntauth authentication module, as distributed in Squid 2.4.STABLE6 and earlier, allows remote attackers to execute arbitrary code via format strings in the user name, which are not properly handled in a syslog call.
[4929]
[20020604 [DER #11] - Remotey exploitable fmt string bug in squid]
[http://www.squid-cache.org/Versions/v2/2.4/diff-2.4.STABLE6-2.4.STABLE7.gz]
[20020603 [VulnWatch] [DER #11] - Remotey exploitable fmt string bug in squid]
[msntauth-squid-format-string(9248)]
-
Entry
Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, allows remote attackers to cause a denial of service (resource exhaustion) via a large number of requests to the server with null characters, which causes the working threads to hang.
[5067]
[20020620 KPMG-2002025: Apache Tomcat Denial of Service]
[[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/]
[[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/]
[[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/]
[5051]
[20020620 [VulnWatch] KPMG-2002025: Apache Tomcat Denial of Service]
[tomcat-null-thread-dos(9396)]
-
Entry
Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remote attackers to execute arbitrary script or HTML as other web users via the action argument in a link to setup.exe.
[5026]
[20020614 XSS in CiscoSecure ACS v3.0]
[20020621 Re: XSS in CiscoSecure ACS v3.0]
[ciscosecure-web-css(9353)]
-
Entry
The ConsoleCallBack class for nCipher running under JRE 1.4.0 and 1.4.0_01, as used by the TrustedCodeTool and possibly other applications, may leak a passphrase when the user aborts an application that is prompting for the passphrase, which could allow attackers to gain privileges.
[5024]
[20020617 nCipher Advisory #4: Console Java apps can leak passphrases on Windows]
[ncipher-consolecallback-passphrase-leak(9354)]
-
Entry
Buffer overflow in SeaNox Devwex allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request.
[4979]
[20020608 SeaNox Devwex - Denial of Service and Directory traversal]
[http://www.seanox.de/projects.devwex.php]
[5047]
[devwex-get-bo(9298)]
-
Entry
Directory traversal vulnerability in SeaNox Devwex before 1.2002.0601 allows remote attackers to read arbitrary files via ..\ (dot dot) sequences in an HTTP request.
[4978]
[20020608 SeaNox Devwex - Denial of Service and Directory traversal]
[http://www.seanox.de/projects.devwex.php]
[5048]
[devwex-dotdot-directory-traversal(9299)]
-
Entry
Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8.18.0 and earlier, as used in Oracle9iAS and other products, allows remote attackers to execute arbitrary code via a long database name parameter.
[4848]
[20020612 Oracle Reports Server Buffer Overflow (#NISR12062002B)]
[VU#997403]
[http://technet.oracle.com/deploy/security/pdf/reports6i_alert.pdf]
[http://www.nextgenss.com/vna/ora-reports.txt]
[20020612 [VulnWatch] Oracle Reports Server Buffer Overflow (#NISR12062002B)]
[oracle-reports-server-bo(9289)]
-
Entry
Cisco ONS15454 optical transport platform running ONS 3.1.0 to 3.2.0 allows remote attackers to cause a denial of service (reset) by sending IP packets with non-zero Type of Service (TOS) bits to the Timing Control Card (TCC) LAN interface.
[5058]
[20020619 Cisco ONS15454 IP TOS Bit Vulnerability]
[cisco-ons-tcc-dos(9377)]
-
Entry
globals.php in PHP Address before 0.2f, with the PHP allow_url_fopen and register_globals variables enabled, allows remote attackers to execute arbitrary PHP code via a URL to the code in the LangCookie parameter.
[5039]
[20020617 PHP source injection in PHPAddress]
[20020619 Source Injection into PHPAddress]
[phpaddress-include-remote-files(9379)]
-
Entry
Cross-site scripting vulnerability in browse.php for PHP(Reactor) 1.2.7 allows remote attackers to execute script as other users via the go parameter in the comments section.
[4952]
[20020606 [ARL02-A12] PHP(Reactor) Cross Site Scripting Vulnerability]
[http://sourceforge.net/project/shownotes.php?release_id=91877]
[phpreactor-browse-xss(9280)]
-
Entry
Half-Life Server 1.1.1.0 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via multiple responses to the initial challenge with different cd_key values, which reaches the player limit and prevents other players from connecting until the original responses have timed out.
[5076]
[20020620 Half-life fake players bug]
[halflife-mulitple-player-dos(9412)]
-
Entry
Buffer overflow in TNS Listener for Oracle 9i Database Server on Windows systems, and Oracle 8 on VM, allows local users to execute arbitrary code via a long SERVICE_NAME parameter, which is not properly handled when writing an error message to a log file.
[4845]
[20020612 Oracle TNS Listener Buffer Overflow (#NISR12062002A)]
[VU#630091]
[http://otn.oracle.com/deploy/security/pdf/net9_dos_alert.pdf]
[20020612 [VulnWatch] Oracle TNS Listener Buffer Overflow (#NISR12062002A)]
[oracle-listener-servicename-bo(9288)]
-
Entry
Buffer overflow in eDonkey 2000 35.16.60 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long "ed2k:" URL.
[4951]
[20020606 eDonkey 2000 ed2k: URL Buffer Overflow]
[http://www.edonkey2000.com/]
[5042]
[edonkey2000-ed2k-filename-bo(9278)]
-
Entry
Buffer overflow in AnalogX SimpleServer:WWW 1.16 and earlier allows remote attackers to cause a denial of service (crash) and execute code via a long HTTP request method name.
[5006]
[20020613 Remote DoS in AnalogX SimpleServer:www 1.16]
[20020702 Re: Remote DoS in AnlaogX SimpleServer:www 1.16]
[http://www.analogx.com/contents/download/network/sswww.htm]
[3780]
[analogx-simpleserver-at-dos(9338)]
-
Entry
Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta before 4.02, on the Win32 platform, allows local users to execute arbitrary code via a long "datadir" parameter in the my.ini initialization file, whose permissions on Windows allow Full Control to the Everyone group.
[5853]
[20021002 wp-02-0003: MySQL Locally Exploitable Buffer Overflow]
[http://www.mysql.com/documentation/mysql/bychapter/manual_News.html#News-3.23.x]
[http://www.westpoint.ltd.uk/advisories/wp-02-0003.txt]
[20021002 wp-02-0003: MySQL Locally Exploitable Buffer Overflow]
[mysql-myini-datadir-bo(10243)]
-
Entry
The SSL capability for Konqueror in KDE 3.0.2 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.
[5410]
[20020812 Re: IE SSL Vulnerability (Konqueror affected too)]
[20020818 KDE Security Advisory: Konqueror SSL vulnerability]
[CSSA-2002-047.0]
[CLA-2002:519]
[http://www.kde.org/info/security/advisory-20020818-1.txt]
[DSA-155]
[MDKSA-2002:058]
[RHSA-2002:220]
[RHSA-2002:221]
[ssl-ca-certificate-spoofing(9776)]
-
Entry
Help and Support Center for Windows XP allows remote attackers to delete arbitrary files via a link to the hcp: protocol that accesses uplddrvinfo.htm.
[5478]
[20020815 Delete arbitrary files using Help and Support Center [MSRC 1198dg]]
[MS02-060]
[Q328940]
[3001]
[winxp-helpctr-delete-files(9878)]
-
Entry
Buffer overflow in ndcfg command for UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to execute arbitrary code via a long command line.
[5551]
[CSSA-2002-SCO.36]
[openunix-unixware-ndcfg-bo(9945)]
-
Entry
The IRC script included in Light 2.7.x before 2.7.30p5, and 2.8.x before 2.8pre10, running EPIC allows remote attackers to execute arbitrary code if the user joins a channel whose topic includes EPIC4 code.
[5555]
[20020822 Light Security Advisory: Remotely-exploitable code execution]
[DSA-156]
[light-channel-execute-script(9943)]
-
Entry
Argument injection vulnerability in the mail function for PHP 4.x to 4.2.2 may allow attackers to bypass safe mode restrictions and modify command line arguments to the MTA (e.g. sendmail) in the 5th argument to mail(), altering MTA behavior and possibly executing commands.
[20020823 PHP: Bypass safe_mode and inject ASCII control chars with mail()]
[20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php)]
[CSSA-2003-008.0]
[CLA-2002:545]
[DSA-168]
[MDKSA-2003:082]
[2111]
[RHSA-2002:213]
[RHSA-2002:214]
[RHSA-2002:243]
[RHSA-2002:244]
[RHSA-2002:248]
[RHSA-2003:159]
[SuSE-SA:2002:036]
[php-mail-safemode-bypass(9966)]
-
Entry
The mail function in PHP 4.x to 4.2.2 does not filter ASCII control characters from its arguments, which could allow remote attackers to modify mail message content, including mail headers, and possibly use PHP as a "spam proxy."
[5562]
[20020823 PHP: Bypass safe_mode and inject ASCII control chars with mail()]
[20030707 [OpenPKG-SA-2003.032] OpenPKG Security Advisory (php)]
[CSSA-2003-008.0]
[VU#410609]
[CLA-2002:545]
[DSA-168]
[MDKSA-2003:082]
[2160]
[RHSA-2002:213]
[RHSA-2002:214]
[RHSA-2002:243]
[RHSA-2002:244]
[RHSA-2002:248]
[RHSA-2003:159]
[SuSE-SA:2002:036]
[php-mail-ascii-injection(9959)]
-
Entry
X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1 does not drop privileges before calling programs such as xkbcomp using popen, which could allow local users to gain privileges.
[5575]
[CSSA-2002-SCO.38]
[5044]
[openunix-unixware-xsco-privileges(9976)]
-
Entry
Buffer overflow in X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1, possibly related to XBM/xkbcomp capabilities.
[5577]
[CSSA-2002-SCO.38]
[openunix-unixware-xsco-bo(9977)]
-
Entry
The URL handler in the manual browser option for Gaim before 0.59.1 allows remote attackers to execute arbitrary script via shell metacharacters in a link.
[5574]
[20020827 GLSA: gaim]
[CLA-2002:521]
[http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=72728]
[http://gaim.sourceforge.net/ChangeLog]
[DSA-158]
[FreeBSD-SN-02:06]
[HPSBTL0209-067]
[MDKSA-2002:054]
[5033]
[RHSA-2002:189]
[RHSA-2002:190]
[RHSA-2002:191]
[RHSA-2003:156]
[gaim-url-handler-command-execution(9978)]
-
Entry
The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 through 7.0, Raptor Firewall 6.5 and 6.5.3, VelociRaptor, and Symantec Gateway Security allow remote attackers to cause a denial of service (connection resource exhaustion) via multiple connection requests to domains whose DNS server is unresponsive or does not exist, which generates a long timeout.
[5958]
[20021014 Multiple Symantec Firewall Secure Webserver timeout DoS]
[http://securityresponse.symantec.com/avcenter/security/Content/2002.10.11.html]
[simple-webserver-url-dos(10364)]
-
Entry
login.php for PHPAuction allows remote attackers to gain privileges via a direct call to login.php with the action parameter set to "insert," which adds the provided username to the adminUsers table.
[5141]
[20020702 PHPAuction bug]
[http://www.phpauction.org/viewnew.php?id=5]
[phpauction-admin-account-creation(9462)]
-
Entry
Buffer overflow in AnalogX SimpleServer:Shout 1.0 allows remote attackers to cause a denial of service and execute arbitrary code via a long request to TCP port 8001.
[5104]
[20020626 Foundstone Advisory - Buffer Overflow in AnalogX SimpleServer:Shout (fwd)]
[http://www.analogx.com/contents/download/network/ssshout.htm]
[3782]
[analogx-simpleserver-shout-bo(9427)]
-
Entry
Buffer overflow in Novell iManager (eMFrame 1.2.1) allows remote attackers to cause a denial of service (crash) via a long user name.
[5117]
[20020627 Cluestick Advisory #001]
[20020812 NOVL-2002-2963081 - Novell iManager (eMFrame 1.2.1) DoS Attack]
[netware-imanage-username-dos(9444)]
-
Entry
Directory traversal vulnerability in webmail feature of ArGoSoft Mail Server Plus or Pro 1.8.1.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in a URL.
[5144]
[20020703 Argosoft Mail Server Plus/Pro Webmail Reverse Directory Traversal]
[http://www.argosoft.com/applications/mailserver/changelist.asp]
[argosoft-dotdot-directory-traversal(9477)]
-
Entry
Cross-site scripting (XSS) vulnerability in BBC Education Text to Speech Internet Enhancer (Betsie) 1.5.11 and earlier allows remote attackers to execute arbitrary web script via parserl.pl.
[5135]
[20020701 PTL-2002-03 Betsie XSS Vuln]
[http://www.bbc.co.uk/education/betsie/parser.pl.txt]
[betsie-parserl-xss(9468)]
-
Entry
Buffer overflow in traffic_manager for Inktomi Traffic Server 4.0.18 through 5.2.2, Traffic Edge 1.1.2 and 1.5.0, and Media-IXT 3.0.4 allows local users to gain root privileges via a long -path argument.
[5098]
[20020702 CORE-20020620: Inktomi Traffic Server Buffer Overflow]
[http://support.inktomi.com/kb/070202-003.html]
[inktomi-trafficserver-manager-bo(9465)]
-
Entry
Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary code via an RFS skin file whose skin.ini contains a long value in a CONTROLnImage argument, such as CONTROL1Image.
[5217]
[20020712 [SPSadvisory#48]RealONE Player Gold / RealJukebox2 Buffer Overflow]
[VU#843667]
[http://service.real.com/help/faq/security/bufferoverrun07092002.html]
[realplayer-rjs-controlnimage-bo(9538)]
-
Entry
RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10.505, allows remote attackers to execute arbitrary script in the Local computer zone by inserting the script into the skin.ini file of an RJS archive, then referencing skin.ini from a web page after it has been extracted, which is parsed as HTML by Internet Explorer or other Microsoft-based web readers.
[5210]
[20020712 [SPSadvisory#47]RealONE Player Gold / RealJukebox2 skin file download vulnerability]
[VU#888547]
[http://service.real.com/help/faq/security/bufferoverrun07092002.html]
[realplayer-rjs-file-download(9539)]
-
Entry
Cisco IOS 12.0 through 12.2, when supporting SSH, allows remote attackers to cause a denial of service (CPU consumption) via a large packet that was designed to exploit the SSH CRC32 attack detection overflow (CVE-2001-0144).
[5114]
[VU#290140]
[20020627 Scanning for SSH Can Cause a Crash]
[cisco-ssh-scan-dos(9437)]
-
Entry
JRun 3.0 through 4.0 allows remote attackers to read JSP source code via an encoded null byte in an HTTP GET request, which causes the server to send the .JSP file unparsed.
[5134]
[20020701 KPMG-2002026: Jrun sourcecode Disclosure]
[http://www.macromedia.com/v1/handlers/index.cfm?ID=23164]
[5028]
[20020701 [VulnWatch] KPMG-2002026: Jrun sourcecode Disclosure]
[jrun-null-view-source(9459)]
-
Entry
Race condition in Performance Pack in BEA WebLogic Server and Express 5.1.x, 6.0.x, 6.1.x and 7.0 allows remote attackers to cause a denial of service (crash) via a flood of data and connections.
[5159]
[20020708 KPMG-2002029: Bea Weblogic Performance Pack Denial of Service]
[http://dev2dev.bea.com/resourcelibrary/advisoriesdetail.jsp?highlight=advisoriesnotifications&path=components%2Fdev2dev%2Fresourcelibrary%2Fadvisoriesnotifications%2Fadvisory_BEA02-19.htm]
[20020708 [VulnWatch] KPMG-2002029: Bea Weblogic Performance Pack Denial of Service]
[weblogic-race-condition-dos(9486)]
-
Entry
KeyFocus (KF) web server 1.0.2 allows remote attackers to list directories and read restricted files via an HTTP request containing a %00 (null) character.
[5177]
[20020707 KF Web Server version 1.0.2 shows file and directory content]
[http://www.keyfocus.net/kfws/support/]
[20020707 [VulnWatch] KF Web Server version 1.0.2 shows file and directory content]
[kfwebserver-null-view-dir(9500)]
-
Entry
Omnicron OmniHTTPd 2.09 allows remote attackers to cause a denial of service (crash) via an HTTP request with a long, malformed HTTP 1version number.
[5136]
[20020701 BufferOverflow in OmniHTTPd 2.09]
[5000]
[omnihttpd-http-version-bo(9457)]
-
Entry
Directory traversal vulnerability in Double Choco Latte (DCL) before 20020706 allows remote attackers to read arbitrary files via .. (dot dot) sequences when downloading files from the Projects: Attachments feature.
[20020714 Double Choco Latte multiple vulnerabilities]
[http://dcl.sourceforge.net/index.php]
[20020714 [VulnWatch] Double Choco Latte multiple vulnerabilities]
[dcl-dotdot-directory-traversal(9743)]
-
Entry
Dynamic VPN Configuration Protocol service (DVCP) in Watchguard Firebox firmware 5.x.x allows remote attackers to cause a denial of service (crash) via a malformed packet containing tab characters to TCP port 4110.
[5186]
[20020709 KPMG-2002030: Watchguard Firebox Dynamic VPN Configuration Protocol DoS]
[firebox-dvcp-dos(9509)]
-
Entry
Format string vulnerability in HylaFAX faxgetty before 4.1.3 allows remote attackers to cause a denial of service (crash) via the TSI data element.
[5348]
[20020729 HylaFAX - Various Vulnerabilities Fixed]
[http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=300]
[DSA-148]
[MDKSA-2002:055]
[5002]
[SuSE-SA:2002:035]
[hylafax-faxgetty-tsi-dos(9728)]
-
Entry
Buffer overflow in HylaFAX faxgetty before 4.1.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long line of image data.
[5349]
[20020729 HylaFAX - Various Vulnerabilities Fixed]
[http://bugs.hylafax.org/bugzilla/show_bug.cgi?id=312]
[DSA-148]
[MDKSA-2002:055]
[SuSE-SA:2002:035]
[hylafax-faxgetty-image-bo(9729)]
-
Entry
Format string vulnerability in TrACESroute 6.0 GOLD (aka NANOG traceroute) allows local users to execute arbitrary code via the -T (terminator) command line argument.
[4956]
[20020606 Format String bug in TrACESroute 6.0 GOLD]
[20020721 Nanog traceroute format string exploit.]
[20020723 Re: Nanog traceroute format string exploit.]
[20020724 Re: Nanog traceroute format string exploit.]
[SuSE-SA:2000:041]
[tracesroute-t-format-string(9291)]
-
Entry
Cross-site scripting (XSS) vulnerability in W3C Jigsaw Proxy Server before 2.2.1 allows remote attackers to execute arbitrary script via a URL that contains a reference to a nonexistent host followed by the script, which is included in the resulting error message.
[5506]
[20020817 W3C Jigsaw Proxy Server: Cross-Site Scripting Vulnerability (REPOST)]
[http://www.w3.org/Jigsaw/RelNotes.html#2.2.1]
[4015]
[jigsaw-http-proxy-xss(9914)]
-
Entry
Directory traversal vulnerability in Pablo FTP server 1.0 build 9 and earlier allows remote authenticated users to list arbitrary directories via "..\" (dot-dot backslash) sequences in a LIST command.
[5283]
[20020722 Pablo Sofware Solutions FTP server Directory Traversal Vulnerability]
[http://www.pablovandermeer.nl/ftpserversrc.zip]
[4995]
[20020722 [VulnWatch] Pablo Sofware Solutions FTP server Directory Traversal Vulnerability]
[pablo-ftp-directory-traversal(9647)]
-
Entry
Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word as the email editor, does not block scripts that are used while editing email messages in HTML or Rich Text Format (RTF), which could allow remote attackers to execute arbitrary scripts via an email that the user forwards or replies to.
[4397]
[20020331 More Office XP Problems]
[20020403 More Office XP problems (Version 2.0)]
[MS02-021]
[oval:org.mitre.oval:def:205]
[oval:org.mitre.oval:def:429]
[outlook-object-execute-script(8708)]
-
Entry
Buffer overflow in SmartMax MailMax POP3 daemon (popmax) 4.8 allows remote attackers to execute arbitrary code via a long USER command.
[5285]
[20020723 MailMax security advisory/exploit/patch]
[mailmax-pop3max-user-bo(9651)]
-
Entry
Buffer overflow in Van Dyke SecureCRT SSH client before 3.4.6, and 4.x before 4.0 beta 3, allows an SSH server to execute arbitrary code via a long SSH1 protocol version string.
[5287]
[20020723 Arbitrary Code Execution Vulnerability in VanDyke SecureCRT 3.4 & 4.0 beta]
[20020723 Re: Arbitrary Code Execution Vulnerability in VanDyke SecureCRT]
[http://www.vandyke.com/products/securecrt/security07-25-02.html]
[4991]
[securecrt-ssh1-identifier-bo(9650)]
-
Entry
Cross-site scripting (XSS) vulnerability in Blue Coat Systems (formerly CacheFlow) CacheOS on Client Accelerator 4.1.06, Security Gateway 2.1.02, and Server Accelerator 4.1.06 allows remote attackers to inject arbitrary web script or HTML via a URL to a nonexistent hostname that includes the HTML, which is inserted into the resulting error page.
[5305]
[5608]
[20020724 CacheFlow CacheOS Cross-site Scripting Vulnerability]
[20020903 Re: CacheFlow CacheOS Cross-site Scripting Vulnerability]
[http://download.cacheflow.com/release/CA/4.1.00-docs/CACacheOS41fixes.htm]
[cacheos-unresolved-error-xss(9674)]
-
Entry
Buffer overflow in the Web Messaging daemon for Ipswitch IMail before 7.12 allows remote attackers to execute arbitrary code via a long HTTP GET request for HTTP/1.0.
[5323]
[20020725 IPSwitch IMail ADVISORY/EXPLOIT/PATCH]
[20020729 Hoax Exploit]
[20020729 Re: Hoax Exploit (2c79cbe14ac7d0b8472d3f129fa1df55 RETURNS)]
[http://support.ipswitch.com/kb/IM-20020729-DM01.htm]
[http://support.ipswitch.com/kb/IM-20020731-DM02.htm]
[imail-web-messaging-bo(9679)]
-
Entry
Directory traversal vulnerability in Abyss Web Server 1.0.3 allows remote attackers to read arbitrary files via ..\ (dot-dot backslash) sequences in an HTTP GET request.
[5547]
[20020822 Abyss 1.0.3 directory traversal and administration bugs]
[http://www.aprelium.com/news/patch1033.html]
[3285]
[abyss-get-directory-traversal(9941)]
[abyss-http-directory-traversal(9940)]
-
Entry
The Administration console for Abyss Web Server 1.0.3 allows remote attackers to read files without providing login credentials via an HTTP request to a target file that ends in a "+" character.
[5549]
[20020822 Abyss 1.0.3 directory traversal and administration bugs]
[http://www.aprelium.com/news/patch1033.html]
[3286]
[abyss-plus-file-disclosure(9956)]
-
Entry
Buffer overflow in Novell GroupWise 6.0.1 Support Pack 1 allows remote attackers to execute arbitrary code via a long RCPT TO command.
[5313]
[20020725 Novell GroupWise 6.0.1 Support Pack 1 Bufferoverflow]
[http://support.novell.com/servlet/tidfinder/2963273]
[groupwise-rcpt-bo(9671)]
-
Entry
Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers to corrupt heap memory and execute arbitrary code via a GIF image with a zero width.
[5665]
[20020906 zero-width gif: exploit PoC for NS6.2.3 (fixed in 7.0) [Was: GIFs]
[http://bugzilla.mozilla.org/show_bug.cgi?id=157989]
[MDKSA-2002:075]
[http://crash.ihug.co.nz/~Sneuro/zerogif/]
[RHSA-2002:192]
[RHSA-2003:046]
[netscape-zero-gif-bo(10058)]
-
Entry
Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when configured to use internal authentication with group accounts and without any user accounts, allows remote VPN clients to log in using PPTP or IPSEC user authentication.
[5613]
[20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities]
[cisco-vpn-bypass-authentication(10017)]
-
Entry
HTML interface for Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before 3.0.3(B) allows remote attackers to cause a denial of service (CPU consumption) via a long URL request.
[5615]
[20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities]
[cisco-vpn-html-parser-dos(10018)]
-
Entry
Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled, allows remote attackers to cause a denial of service (reload) via a Windows-based PPTP client with the "No Encryption" option set.
[5625]
[20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities]
[cisco-vpn-pptp-dos(10021)]
-
Entry
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.1, allows restricted administrators to obtain user passwords that are stored in plaintext in HTML source code.
[5611]
[20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities]
[cisco-vpn-user-passwords(10019)]
-
Entry
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.2, allows restricted administrators to obtain certificate passwords that are stored in plaintext in the HTML source code for Certificate Management pages.
[5612]
[20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities]
[cisco-vpn-certificate-passwords(10022)]
-
Entry
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTPS on Public Inbound (XML-Auto)(forward/in)" rule but sets the protocol to "ANY" when the XML filter configuration is enabled, which ultimately allows arbitrary traffic to pass through the concentrator.
[5614]
[20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities]
[cisco-vpn-xml-filter(10023)]
-
Entry
Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote attackers to obtain potentially sensitive information without authentication by directly accessing certain HTML pages.
[5616]
[20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities]
[cisco-vpn-web-access(10024)]
-
Entry
The LAN-to-LAN IPSEC capability for Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.4, allows remote attackers to cause a denial of service via an incoming LAN-to-LAN connection with an existing security association with another device on the remote network, which causes the concentrator to remove the previous connection.
[5622]
[20020903 Cisco VPN 3000 Concentrator Multiple Vulnerabilities]
[cisco-vpn-lan-connection-dos(10027)]
-
Entry
Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x before 3.0.5 allows remote attackers to cause a denial of service (crash) via TCP packets with source and destination ports of 137 (NETBIOS).
[5649]
[20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set]
[cisco-vpn-tcp-dos(10042)]
-
Entry
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, allows local users to use a utility program to obtain the group password.
[5650]
[20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set]
[cisco-vpn-obtain-password(10044)]
-
Entry
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.1C, does not properly verify that certificate DN fields match those of the certificate from the VPN Concentrator, which allows remote attackers to conduct man-in-the-middle attacks.
[5652]
[20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set]
[cisco-vpn-certificate-mitm(10045)]
-
Entry
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.5.2B, does not generate sufficiently random numbers, which may make it vulnerable to certain attacks such as spoofing.
[5653]
[20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set]
[cisco-vpn-random-numbers(10046)]
-
Entry
Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x before 3.6(Rel), when configured with all tunnel mode, can be forced into acknowledging a TCP packet from outside the tunnel.
[5651]
[20020905 Cisco VPN Client Multiple Vulnerabilities - Second Set]
[cisco-vpn-tcp-filter(10047)]
-
Entry
securetar, as used in AMaViS shell script 0.2.1 and earlier, allows users to cause a denial of service (CPU consumption) via a malformed TAR file, possibly via an incorrect file size parameter.
[20020905 GLSA: amavis]
[http://marc.info/?l=amavis-announce&m=103121272122242&w=2]
[amavis-securetar-tar-dos(10056)]
-
Entry
print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify the limit_reporters option, which allows remote attackers to view bug summaries for bugs that would otherwise be restricted.
[5515]
[20020819 [Mantis Advisory/2002-02] Limiting output to reporters can be bypassed]
[http://mantisbt.sourceforge.net/advisories/2002/2002-02.txt]
[DSA-153]
[mantis-limit-reporters-bypass(9898)]
-
Entry
Mantis before 0.17.4 allows remote attackers to list project bugs without authentication by modifying the cookie that is used by the "View Bugs" page.
[5514]
[20020819 [Mantis Advisory/2002-03] Bug listings of private projects can be viewed through cookie manipulation]
[http://mantisbt.sourceforge.net/advisories/2002/2002-03.txt]
[DSA-153]
[mantis-private-project-bug-listing(9899)]
-
Entry
summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the g_jpgraph_path parameter to reference the location of the PHP code.
[5504]
[20020813 mantisbt security flaw]
[20020819 [Mantis Advisory/2002-04] Arbitrary code execution]
[DSA-153]
[4858]
[mantis-include-remote-files(9829)]
-
Entry
The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and earlier includes summaries of private bugs for users that do not have access to any projects.
[5565]
[20020823 [Mantis Advisory/2002-07] Bugs in private projects listed on 'View Bugs']
[DSA-161]
[mantis-viewbugs-bug-listing(9955)]
-
Entry
Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymous" registry key for Microsoft Exchange 2000 must be set to 0, which enables anonymous listing of the SAM database and shares.
[20020906 UPDATE: (Was Veritas Backup Exec opens networks for NetBIOS based attacks?)]
[20020906 Veritas Backup Exec opens networks for NetBIOS based attacks?]
[http://seer.support.veritas.com/docs/238618.htm]
[8230]
[oval:org.mitre.oval:def:1036]
[veritas-backupexec-restrictanonymous-zero(10093)]
-
Entry
TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and Oracle 8i 8.1.x, allows remote attackers to cause a denial of service (hang or crash) via a SERVICE_CURLOAD command.
[5678]
[http://otn.oracle.com/deploy/security/pdf/2002alert42rev1.pdf]
[20021009 R7-0006: Oracle 8i/9i Listener SERVICE_CURLOAD Denial of Service]
[oracle-net-services-dos(10283)]
-
Entry
os._execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack.
[5581]
[20030123 [OpenPKG-SA-2003.006] OpenPKG Security Advisory (python)]
[CSSA-2002-045.0]
[CLA-2002:527]
[DSA-159]
[MDKSA-2002:082]
[http://mail.python.org/pipermail/python-dev/2002-August/027229.html]
[RHSA-2002:202]
[RHSA-2003:048]
[python-execvpe-tmpfile-symlink(10009)]
-
Entry
Buffer overflow in the parsing mechanism for ISS Internet Scanner 6.2.1, when using the license banner HTTP check, allows remote attackers to execute arbitrary code via a long web server response.
[5738]
[20020918 Flaw in Internet Scanner Parsing Mechanism]
[3150]
[20020918 Foundstone Research Labs Advisory - Remotely Exploitable Buffer Overflow in ISS Scanner]
[is-http-response-bo(10130)]
-
Entry
Buffer overflow in the authentication function for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows remote attackers to execute arbitrary code via a long request to TCP port 1433, aka the "Hello" overflow.
[5411]
[20020806 SPIKE 2.5 and associated vulns]
[20020807 MS SQL Server Hello Overflow NASL script]
[N-003]
[Microsoft SQL Server 2000 Vulnerabilities in Cisco Products - MS02-061]
[MS02-056]
[mssql-preauth-bo(9788)]
-
Entry
Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape and Galeon, set the document referrer too quickly in certain situations when a new page is being loaded, which allows web pages to determine the next page that is being visited, including manually entered URLs, using the onunload handler.
[5694]
[20020911 Privacy leak in mozilla]
[http://bugzilla.mozilla.org/show_bug.cgi?id=145579]
[MDKSA-2002:075]
[RHSA-2002:192]
[RHSA-2003:046]
[mozilla-onunload-url-leak(10084)]
-
Entry
SquirrelMail 1.2.7 and earlier allows remote attackers to determine the absolute pathname of the options.php script via a malformed optpage file argument, which generates an error message when the file cannot be included in the script.
[5949]
[20020919 Squirrel Mail 1.2.7 XSS Exploit]
[DSA-191]
[RHSA-2002:204]
[squirrelmail-options-path-disclosure(10345)]
-
Entry
modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier, allows remote attackers to execute arbitrary PHP source code via an inc_prefix parameter that points to the malicious code.
[5779]
[20020922 PHP source injection in phpWebSite]
[http://phpwebsite.appstate.edu/article.php?sid=400]
[3848]
[phpwebsite-modsecurity-file-include(10164)]
-
Entry
Buffer overflow in the Database Console Command (DBCC) that handles user inputs in Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, allows attackers to execute arbitrary code via a long SourceDB argument in a "non-SQL OLEDB data source" such as FoxPro, a variant of CAN-2002-0644.
[5877]
[N-003]
[20030203 Microsoft SQL Server 2000 Vulnerabilities in Cisco Products - MS02-061]
[http://www.scan-associates.net/papers/foxpro.txt]
[MS02-056]
[mssql-dbcc-bo-variant(10255)]
-
Entry
Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MSDE) 1.0 and Microsoft Desktop Engine (MSDE) 2000, writes output files for scheduled jobs under its own privileges instead of the entity that launched it, which allows attackers to overwrite system files, aka "Flaw in Output File Handling for Scheduled Jobs."
[N-003]
[MS02-056]
[mssql-agent-create-files(10257)]
-
Entry
The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack, Windows Me, and Windows XP does not properly check the destination folder during the decompression of ZIP files, which allows attackers to place an executable file in a known location on a user's system, aka "Incorrect Target Path for Zipped File Decompression."
[5876]
[MS02-054]
[win-zip-incorrect-path(10252)]
-
Entry
The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service (service hang) via malformed packet fragments, aka "Improper parameter size check leading to denial of service."
[5879]
[MS02-057]
[sfu-rpc-parameter-bo(10258)]
-
Entry
An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows remote attackers to cause a denial of service via malformed fragmented RPC client packets, aka "Denial of service by sending an invalid RPC request."
[5880]
[MS02-057]
[sfu-invalid-rpc-dos(10259)]
-
Entry
Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.
[6214]
[CA-2002-33]
[VU#542081]
[http://www.foundstone.com/knowledge/randd-advisories-display.html?id=337]
[MS02-065]
[oval:org.mitre.oval:def:2730]
[oval:org.mitre.oval:def:294]
[oval:org.mitre.oval:def:3573]
[20021120 Foundstone Advisory]
[mdac-rds-client-bo(10669)]
[mdac-rds-server-bo(10659)]
-
Entry
The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries such as glibc 2.2.5 and earlier, libc, and libresolv, use the maximum buffer size instead of the actual size when processing a DNS response, which causes the stub resolvers to read past the actual boundary ("read buffer overflow"), allowing remote attackers to cause a denial of service (crash).
[VU#738331]
[CLA-2002:535]
[FreeBSD-SA-02:42]
[MDKSA-2004:009]
[NetBSD-SA2002-015]
[RHSA-2002:197]
[RHSA-2002:258]
[RHSA-2003:022]
[RHSA-2003:212]
[dns-resolver-lib-read-bo(10295)]
-
Entry
The HTTP administration interface for HP Procurve 4000M Switch firmware before C.09.16, with stacking features and remote administration enabled, does not authenticate requests to reset the device, which allows remote attackers to cause a denial of service via a direct request to the device_reset CGI program.
[5784]
[20020924 HP Procurve 4000M Stacked Switch HTTP Reset Vulnerability]
[HPSBUX0209-219]
[http://www.tech-serve.com/research/advisories/2002/a092302-1.txt]
[hp-procurve-http-reset-dos(10172)]
-
Entry
The default servlet (org.apache.catalina.servlets.DefaultServlet) in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet.
[5786]
[20020924 JSP source code exposure in Tomcat 4.x]
[DSA-170]
[HPSBUX0212-229]
[[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/]
[[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/]
[[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/]
[RHSA-2002:217]
[RHSA-2002:218]
[tomcat-servlet-source-code(10175)]
-
Entry
The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 through 3.0.3 does not properly initialize the domains on sub-frames and sub-iframes, which can allow remote attackers to execute script and steal cookies from subframes that are in other domains.
[5689]
[20020910 KDE Security Advisory: Konqueror Cross Site Scripting Vulnerability]
[CSSA-2002-047.0]
[CLA-2002:525]
[http://www.kde.org/info/security/advisory-20020908-2.txt]
[DSA-167]
[MDKSA-2002:064]
[7867]
[RHSA-2002:220]
[RHSA-2002:221]
[ie-sameoriginpolicy-bypass(10039)]
-
Entry
Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secure" flag in an HTTP cookie, which could cause Konqueror to send the cookie across an unencrypted channel, which could allow remote attackers to steal the cookie via sniffing.
[5691]
[20020910 KDE Security Advisory: Secure Cookie Vulnerability]
[http://www.kde.org/info/security/advisory-20020908-1.txt]
[RHSA-2002:220]
[kde-konqueror-cookie-hijacking(10083)]
-
Entry
IBM Websphere 4.0.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an HTTP request with long HTTP headers, such as "Host".
[5749]
[20020919 KPMG-2002035: IBM Websphere Large Header DoS]
[ftp://ftp.software.ibm.com/software/websphere/appserv/support/fixes/pq62144/readme.txt]
[2092]
[websphere-host-header-bo(10140)]
-
Entry
anlgform.pl in Analog before 5.23 does not restrict access to the PROGRESSFREQ progress update command, which allows remote attackers to cause a denial of service (disk consumption) by using the command to report updates more frequently and fill the web server error log.
[http://www.analog.cx/security5.html]
[3779]
[RHSA-2002:059]
[analog-anlgform-dos(10344)]
-
Entry
Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.
[6065]
[VU#910713]
[http://www.apache.org/dist/httpd/CHANGES_2.0]
[http://www.apacheweek.com/issues/02-10-04]
[HPSBUX0210-224]
[[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/]
[[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/]
[[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/]
[[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/]
[[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[apache-webdav-cgi-source(10499)]
-
Entry
Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 and earlier, when UseCanonicalName is off and wildcard DNS is enabled, allows remote attackers to execute script as other web site visitors, via the server name in an HTTPS response on the SSL port, which is used in a self-referencing URL, a different vulnerability than CAN-2002-0840.
[6029]
[20021023 [OpenPKG-SA-2002.010] OpenPKG Security Advisory (apache)]
[20021026 GLSA: mod_ssl]
[CLA-2002:541]
[DSA-181]
[ESA-20021029-027]
[MDKSA-2002:072]
[2107]
[RHSA-2002:222]
[RHSA-2002:243]
[RHSA-2002:244]
[RHSA-2002:248]
[RHSA-2002:251]
[RHSA-2003:106]
[apache-modssl-host-xss(10457)]
-
Entry
Buffer overflow in the irw_through function for Canna 3.5b2 and earlier allows local users to execute arbitrary code as the bin user.
[6351]
[20021220 GLSA: canna]
[http://canna.sourceforge.jp/sec/Canna-2002-01.txt]
[DSA-224]
[RHSA-2002:246]
[RHSA-2002:261]
[RHSA-2003:115]
[CSSA-2003-005.0]
[canna-irwthrough-bo(10831)]
-
Entry
Canna 3.6 and earlier does not properly validate requests, which allows remote attackers to cause a denial of service or information leak.
[6354]
[http://canna.sourceforge.jp/sec/Canna-2002-01.txt]
[DSA-224]
[RHSA-2002:246]
[RHSA-2002:261]
[RHSA-2003:115]
[CSSA-2003-005.0]
[canna-improper-request-validation(10832)]
-
Entry
The default configuration of the pam_xauth module forwards MIT-Magic-Cookies to new X sessions, which could allow local users to gain root privileges by stealing the cookies from a temporary .xauth file, which is created with the original user's credentials after root uses su.
[6753]
[20021214 BDT_AV200212140001: Insecure default: Using pam_xauth for su from sh-utils package]
[VU#911505]
[CLA-2003:693]
[MDKSA-2003:017]
[RHSA-2003:028]
[RHSA-2003:035]
[55760]
[linux-pamxauth-gain-privileges(11254)]
-
Entry
IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1.26 allows remote attackers to cause a denial of service (crash) via an HTTP request to helpout.exe with a missing HTTP version number, which causes ibmproxy.exe to crash.
[IY35970]
[6002]
[http://www.rapid7.com/advisories/R7-0007.txt]
[2090]
[20021023 R7-0007: IBM WebSphere Edge Server Caching Proxy Denial of Service]
[ibm-wte-helpout-dos(10452)]
-
Entry
The handle_var_requests function in snmp_agent.c for the SNMP daemon in the Net-SNMP (formerly ucd-snmp) package 5.0.1 through 5.0.5 allows remote attackers to cause a denial of service (crash) via a NULL dereference.
[5862]
[20021002 iDEFENSE Security Advisory 10.02.2002: Net-SNMP DoS Vulnerability]
[20021014 GLSA: net-snmp]
[http://sourceforge.net/forum/forum.php?forum_id=216532]
[http://www.idefense.com/advisory/10.02.02.txt]
[RHSA-2002:228]
[netsnmp-handlevarrequests-dos(10250)]
-
Entry
Directory traversal vulnerability in the CGIServlet for Jetty HTTP server before 4.1.0 allows remote attackers to execute arbitrary commands via ..\ (dot-dot backslash) sequences in an HTTP request to the cgi-bin directory.
[5852]
[20021002 wp-02-0011: Jetty CGIServlet Arbitrary Command Execution]
[http://groups.yahoo.com/group/jetty-announce/message/45]
[http://www.westpoint.ltd.uk/advisories/wp-02-0011.txt]
[20021002 wp-02-0011: Jetty CGIServlet Arbitrary Command Execution]
[jetty-cgiservlet-directory-traversal(10246)]
-
Entry
Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook Express 5.5 and 6.0 allows remote attackers to execute arbitrary code via a digitally signed email with a long "From" address, which triggers the overflow when the user views or previews the message.
[5944]
[20021010 Outlook Express Remote Code Execution in Preview Pane (S/MIME)]
[MS02-058]
[20021010 Outlook Express Remote Code Execution in Preview Pane (S/MIME)]
[20021010 Re: Problems applying MS02-058]
[outlook-smime-bo(10338)]
-
Entry
A typographical error in the script source access permissions for Internet Information Server (IIS) 5.0 does not properly exclude .COM files, which allows attackers with only write permissions to upload malicious .COM files, aka "Script Source Access Vulnerability."
[6068]
[6071]
[N-011]
[MS02-062]
[oval:org.mitre.oval:def:931]
[iis-script-source-access-bypass(10504)]
-
Entry
IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (crash) via malformed WebDAV requests that cause a large amount of memory to be assigned.
[4846]
[6068]
[6070]
[N-011]
[http://www.nextgenss.com/advisories/ms-iisdos.txt]
[http://www.nextgenss.com/vna/ms-iisdos.txt]
[MS02-062]
[oval:org.mitre.oval:def:1009]
[oval:org.mitre.oval:def:1011]
[20021031 Microsoft Internet Information Server 5/5.1 Denial of Service (#NISR31102002)]
[iis-resource-utilization-dos(10184)]
[iis-webdav-memory-allocation-dos(10503)]
-
Entry
Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Basic Constraints of digital certificates, allowing remote attackers to execute code, aka "New Variant of Certificate Validation Flaw Could Enable Identity Spoofing" (CAN-2002-0862).
[5410]
[MS02-050]
[oval:org.mitre.oval:def:1059]
[oval:org.mitre.oval:def:1455]
[oval:org.mitre.oval:def:2108]
[ssl-ca-certificate-spoofing(9776)]
-
Entry
The system root folder of Microsoft Windows 2000 has default permissions of Everyone group with Full access (Everyone:F) and is in the search path when locating programs during login or application launch from the desktop, which could allow attackers to gain privileges as other users via Trojan horse programs.
[5415]
[MS02-064]
[win2k-partition-weak-permissions(9779)]
-
Entry
Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure."
[6216]
[20021212 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability]
[AD20021211]
[MS02-066]
[oval:org.mitre.oval:def:393]
[oval:org.mitre.oval:def:542]
[20021211 PNG (Portable Network Graphics) Deflate Heap Corruption Vulnerability]
[ie-png-bo(10662)]
-
Entry
Internet Explorer 5.01 through 6.0 does not properly perform security checks on certain encoded characters within a URL, which allows a remote attacker to steal potentially sensitive information from a user by redirecting the user to another site that has that information, aka "Encoded Characters Information Disclosure."
[5610]
[20020903 MSIEv6 % encoding causes a problem again]
[20020904 Re: MSIEv6 % encoding causes a problem again]
[MS02-066]
[7845]
[oval:org.mitre.oval:def:143]
[oval:org.mitre.oval:def:471]
[oval:org.mitre.oval:def:495]
[ie-sameoriginpolicy-bypass(10039)]
-
Entry
Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 through 6.0 allows remote attackers to read and execute files on the local system via web pages using the <frame> or <iframe> element and javascript, aka "Frames Cross Site Scripting," as demonstrated using the PrivacyPolicy.dlg resource.
[5672]
[20020909 Who framed Internet Explorer (GM#010-IE)]
[MS02-066]
[2998]
[oval:org.mitre.oval:def:203]
[oval:org.mitre.oval:def:225]
[ie-frame-script-execution (10066)]
-
Entry
Internet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security checks, aka "Temporary Internet Files folders Name Reading."
[6217]
[20020912 LEVERAGING CROSS-PROTOCOL SCRIPTING IN MSIE]
[N-018]
[MS02-066]
[oval:org.mitre.oval:def:444]
[oval:org.mitre.oval:def:690]
[ie-object-read-tif(10665)]
-
Entry
The default configuration of Cisco Unity 2.x and 3.x does not block international operator calls in the predefined restriction tables, which could allow authenticated users to place international calls using call forwarding.
[5896]
[20021004 Predefined Restriction Tables Allow Calls to International Operator]
[cisco-unity-insecure-configuration(10282)]
-
Entry
tkmail before 4.0beta9-8.1 allows local users to create or overwrite files as users via a symlink attack on temporary files.
[5911]
[DSA-172]
[tkmail-tmp-file-symlink(10307)]
-
Entry
Cross-site scripting vulnerability (XSS) in the PHP interface for ht://Check 1.1 allows remote web servers to insert arbitrary HTML, including script, via a web page.
[5699]
[20020912 ht://Check XSS]
[DSA-169]
[htcheck-server-header-xss(10089)]
-
Entry
editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, when the "usebuggroups" feature is enabled and more than 47 groups are specified, does not properly calculate bit values for large numbers, which grants extra permissions to users via known features of Perl math that set multiple bits.
[5843]
[20021001 [BUGZILLA] Security Advisory]
[http://bugzilla.mozilla.org/show_bug.cgi?id=167485#c12]
[DSA-173]
[bugzilla-usebuggroups-permissions-leak(10233)]
-
Entry
bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2.16.1, allows remote attackers to execute arbitrary code via shell metacharacters in a system call to processmail.
[5844]
[20021001 [BUGZILLA] Security Advisory]
[http://bugzilla.mozilla.org/show_bug.cgi?id=163024]
[bugzilla-emailappend-command-injection(10234)]
-
Entry
Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes from an email address during account creation, which allows remote attackers to execute arbitrary SQL via a SQL injection attack.
[5842]
[20021001 [BUGZILLA] Security Advisory]
[http://bugzilla.mozilla.org/show_bug.cgi?id=165221]
[bugzilla-email-sql-injection(10235)]
-
Entry
The getdbm procedure in ypxfrd allows local users to read arbitrary files, and remote attackers to read databases outside /var/yp, via a directory traversal and symlink attack on the domain and map arguments.
[5937]
[20021010 Multiple vendor ypxfrd map handling vulnerability]
[CSSA-2002-SCO.40]
[VU#538033]
[SSRT2339]
[oval:org.mitre.oval:def:2423]
[47903]
[ypxfrd-file-disclosure(10329)]
-
Entry
Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when using template filenames or output, does not properly track the size of a buffer when constant characters are encountered during macro expansion, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.
[5934]
[20021010 syslog-ng buffer overflow]
[CLA-2002:547]
[http://www.balabit.hu/static/zsa/ZSA-2002-014-en.txt]
[DSA-175]
[ESA-20021016-025]
[ESA-20021029-028]
[SuSE-SA:2002:039]
[syslogng-macro-expansion-bo(10339)]
-
Entry
Prometheus 6.0 and earlier allows remote attackers to execute arbitrary PHP code via a modified PROMETHEUS_LIBRARY_BASE that points to code stored on a remote server, which is then used in (1) index.php, (2) install.php, or (3) various test_*.php scripts.
[6087]
[20021101 iDEFENSE Security Advisory 10.31.02b: Prometheus Application Framework Code Injection]
[http://www.idefense.com/advisory/10.31.02b.txt]
[20021101 iDEFENSE Security Advisory 10.31.02b: Prometheus Application Framework Code Injection]
[prometheus-php-file-include(10515)]
-
Entry
Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 2000 allows remote attackers to cause a denial of service (hang) and possibly execute arbitrary code via a certain PPTP packet with malformed control data.
[5807]
[20020926 Microsoft PPTP Server and Client remote vulnerability]
[MS02-063]
[win-pptp-packet-bo (10199)]
-
Entry
Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 versions 8.3.3 and earlier, allows remote attackers to execute arbitrary code via a certain DNS server response containing SIG resource records (RR).
[2002-11-21]
[6160]
[20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8]]
[20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)]
[20021118 TSLSA-2002-0076 - bind]
[CSSA-2003-SCO.2]
[CA-2002-31]
[VU#852283]
[N-013]
[SSRT2408]
[CLA-2002:546]
[http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert%2F48818]
[http://www.isc.org/products/BIND/bind-security.html]
[DSA-196]
[ESA-20021114-029]
[FreeBSD-SA-02:43]
[20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8]
[MDKSA-2002:077]
[oval:org.mitre.oval:def:2539]
[20021201-01-P]
[SuSE-SA:2002:044]
[bind-sig-rr-bo(10304)]
-
Entry
BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of service (termination due to assertion failure) via a request for a subdomain that does not exist, with an OPT resource record with a large UDP payload size.
[2002-11-21]
[6161]
[20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8]]
[20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)]
[20021118 TSLSA-2002-0076 - bind]
[CSSA-2003-SCO.2]
[CA-2002-31]
[VU#229595]
[N-013]
[SSRT2408]
[http://www.isc.org/products/BIND/bind-security.html]
[DSA-196]
[ESA-20021114-029]
[FreeBSD-SA-02:43]
[20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8]
[MDKSA-2002:077]
[oval:org.mitre.oval:def:449]
[SuSE-SA:2002:044]
[bind-opt-rr-dos(10332)]
-
Entry
BIND 8.x through 8.3.3 allows remote attackers to cause a denial of service (crash) via SIG RR elements with invalid expiry times, which are removed from the internal BIND database and later cause a null dereference.
[2002-11-21]
[6159]
[20021112 [Fwd: Notice of serious vulnerabilities in ISC BIND 4 & 8]]
[20021115 [OpenPKG-SA-2002.011] OpenPKG Security Advisory (bind, bind8)]
[20021118 TSLSA-2002-0076 - bind]
[CSSA-2003-SCO.2]
[CA-2002-31]
[VU#581682]
[N-013]
[SSRT2408]
[CLA-2002:546]
[http://www.isc.org/products/BIND/bind-security.html]
[DSA-196]
[ESA-20021114-029]
[FreeBSD-SA-02:43]
[20021112 Multiple Remote Vulnerabilities in BIND4 and BIND8]
[MDKSA-2002:077]
[oval:org.mitre.oval:def:2094]
[SuSE-SA:2002:044]
[bind-null-dereference-dos(10333)]
-
Entry
Buffer overflow in the embedded HTTP server for Cisco Catalyst switches running CatOS 5.4 through 7.3 allows remote attackers to cause a denial of service (reset) via a long HTTP request.
[5976]
[20021016 Cisco CatOS Embedded HTTP Server Buffer Overflow]
[cisco-catalyst-ciscoview-bo(10382)]
-
Entry
Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView in KDE 1.1 and KDE 3.0.3a, may allow attackers to cause a denial of service or execute arbitrary code via a modified .ps (PostScript) input file.
[20021009 KDE Security Advisory: KGhostview Arbitary Code Execution]
[N-155]
[http://www.kde.org/info/security/advisory-20021008-1.txt]
[MDKSA-2002:071]
[RHSA-2002:220]
[101426]
[gsview-dsc-ps-bo(11319)]
-
Entry
Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE 3.0.3a allows remote attackers to read arbitrary files as the kpf user via a URL with a modified icon parameter.
[5951]
[20021009 KDE Security Advisory: kpf Directory traversal]
[20021011 Security hole in kpf - KDE personal fileserver.]
[http://www.kde.org/info/security/advisory-20021008-2.txt]
[RHSA-2002:220]
[kpf-icon-view-files(10347)]
-
Entry
PAM 0.76 treats a disabled password as if it were an empty (null) password, which allows local and remote attackers to gain privileges as disabled users.
[5994]
[DSA-177]
[pam-disabled-bypass-authentication(10405)]
-
Entry
NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code as LocalSystem via "shatter" style attack by sending a WM_COPYDATA message followed by a WM_TIMER message, as demonstrated by GetAd, aka "Flaw in Windows WM_TIMER Message Handling Could Enable Privilege Elevation."
[5927]
[N-027]
[http://getad.chat.ru/]
[http://www.packetstormsecurity.nl/filedesc/GetAd.c.html]
[MS02-071]
[oval:org.mitre.oval:def:681]
[win-netdde-gain-privileges(10343)]
-
Entry
SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a denial of service via an rcp call on /proc.
[6025]
[CSSA-2002-SCO.41]
[openunix-unixware-rcp-dos(10425)]
-
Entry
Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS package 3.9 and earlier allows remote attackers to cause a denial of service (memory consumption) via a large number of requests for a map that does not exist.
[6016]
[20021028 GLSA: ypserv]
[CSSA-2002-054.0]
[CLA-2002:539]
[DSA-180]
[HPSBTL0210-074]
[MDKSA-2002:078]
[RHSA-2002:223]
[RHSA-2002:224]
[RHSA-2003:229]
[ypserv-map-memory-leak(10423)]
-
Entry
The remote management web server for Linksys BEFSR41 EtherFast Cable/DSL Router before firmware 1.42.7 allows remote attackers to cause a denial of service (crash) via an HTTP request to Gozila.cgi without any arguments.
[6086]
[20021101 iDEFENSE Security Advisory 10.31.02a: Denial of Service Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router]
[http://www.idefense.com/advisory/10.31.02a.txt]
[20021101 iDEFENSE Security Advisory 10.31.02a: Denial of Service Vulnerability in Linksys BEFSR41 EtherFast Cable/DSL Router]
[linksys-etherfast-gozila-dos(10514)]
-
Entry
QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and execute the cp program while operating at raised privileges, which allows local users to gain privileges by modifying the PATH to point to a malicious cp program.
[6146]
[20021108 iDEFENSE Security Advisory 11.08.02b: Non-Explicit Path Vulnerability in QNX Neutrino RTOS]
[http://www.idefense.com/advisory/11.08.02b.txt]
[20021108 iDEFENSE Security Advisory 11.08.02b: Non-Explicit Path Vulnerability in QNX Neutrino RTOS]
[qnx-rtos-gain-privileges(10564)]
-
Entry
SQL injection vulnerability in PHP-Nuke before 6.0 allows remote authenticated users to modify the database and gain privileges via the "bio" argument to modules.php.
[6088]
[20021101 iDEFENSE Security Advisory 10.31.02c: PHP-Nuke SQL Injection Vulnerability]
[http://www.idefense.com/advisory/10.31.02c.txt]
[6244]
[20021101 iDEFENSE Security Advisory 10.31.02c: PHP-Nuke SQL Injection Vulnerability]
[phpnuke-accountmanager-sql-injection(10516)]
-
Entry
Format string vulnerability in Pablo FTP Server 1.5, 1.3, and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format strings in the USER command.
[6099]
[20021104 iDEFENSE Security Advisory 11.04.02a: Pablo FTP Server DoS Vulnerability]
[http://www.pablovandermeer.nl/ftpserver.zip]
[4996]
[20021104 iDEFENSE Security Advisory 11.04.02a: Pablo FTP Server DoS Vulnerability]
[pablo-ftp-username-dos(10532)]
-
Entry
Maped in LuxMan 0.41 uses the user-provided search path to find and execute the gzip program, which allows local users to modify /dev/mem and gain privileges via a modified PATH environment variable that points to a Trojan horse gzip program.
[6113]
[20021106 iDEFENSE Security Advisory 11.06.02: Non-Explicit Path Vulnerability in LuxMan]
[DSA-189]
[http://www.idefense.com/advisory/11.06.02.txt]
[20021106 iDEFENSE Security Advisory 11.06.02: Non-Explicit Path Vulnerability in LuxMan]
[luxman-maped-read-memory(10549)]
-
Entry
Northern Solutions Xeneo Web Server 2.1.0.0, 2.0.759.6, and other versions before 2.1.5 allows remote attackers to cause a denial of service (crash) via a GET request for a "%" URI.
[6098]
[20021104 iDEFENSE Security Advisory 11.04.02b: Denial of Service Vulnerability in Xeneo Web Server]
[http://www.idefense.com/advisory/11.04.02b.txt]
[xeneo-php-dos(10534)]
-
Entry
Buffer overflow in Abuse 2.00 and earlier allows local users to gain root privileges via a long -net command line argument.
[6094]
[http://www.idefense.com/advisory/11.01.02.txt]
[20021101 iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse]
[abuse-net-command-bo(10519)]
-
Entry
Buffer overflow in log2mail before 0.2.5.1 allows remote attackers to execute arbitrary code via a long log message.
[6089]
[DSA-186]
[log2mail-log-file-bo(10527)]
-
Entry
The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as used in various PeopleSoft products, allows remote attackers to read arbitrary files via certain XML External Entities (XXE) fields in an HTTP POST request that is processed by the SimpleFileHandler handler.
[6647]
[20030120 PeopleSoft XML External Entities Vulnerability]
[peoplesoft-xxe-read-files(10520)]
-
Entry
Abuse 2.00 and earlier allows local users to gain privileges via command line arguments that specify alternate Lisp scripts that run at escalated privileges, which can contain functions that execute commands or modify files.
[http://www.idefense.com/advisory/11.01.02.txt]
[20021101 iDEFENSE Security Advisory 11.01.02: Buffer Overflow Vulnerability in Abuse]
[abuse-lisp-gain-privileges(11300)]
-
Entry
Microsoft Outlook 2002 allows remote attackers to cause a denial of service (repeated failure) via an email message with a certain invalid header field that is accessed using POP3, IMAP, or WebDAV, aka "E-mail Header Processing Flaw Could Cause Outlook 2002 to Fail."
[6319]
[MS02-067]
[outlook-email-header-dos(10763)]
-
Entry
The SMB signing capability in the Server Message Block (SMB) protocol in Microsoft Windows 2000 and Windows XP allows attackers to disable the digital signing settings in an SMB session to force the data to be sent unsigned, then inject data into the session without detection, e.g. by modifying group policy information sent from a domain controller.
[6367]
[MS02-070]
[oval:org.mitre.oval:def:277]
[win-smb-policy-modification(10843)]
-
Entry
Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allows remote attackers to execute arbitrary code by including a Java applet that invokes COM (Component Object Model) objects in a web site or an HTML mail.
[6371]
[MS02-069]
-
Entry
The Java Database Connectivity (JDBC) APIs in Microsoft Virtual Machine (VM) 5.0.3805 and earlier allow remote attackers to bypass security checks and access database contents via an untrusted Java applet.
[6379]
[N-026]
[MS02-069]
[msvm-jdbc-gain-access(10833)]
-
Entry
Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 database server allows remote attackers to execute arbitrary code via a long USERID parameter in the isqlplus URL.
[6085]
[20021104 Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002)]
[http://technet.oracle.com/deploy/security/pdf/2002alert46rev1.pdf]
[4013]
[20021104 Oracle iSQL*Plus buffer overflow vulnerability (#NISR04112002)]
[oracle-isqlplus-userid-bo(10524)]
-
Entry
The Sun RPC functionality in multiple libc implementations does not provide a time-out mechanism when reading data from TCP connections, which allows remote attackers to cause a denial of service (hang).
[6103]
[VU#266817]
[http://www.info.apple.com/usen/security/security_updates.html]
[HPSBUX01020]
[oval:org.mitre.oval:def:2248]
[20021103-01-P]
[51082]
[sun-rpc-libc-dos(10539)]
-
Entry
Mac OS X 10.2.2 allows local users to gain privileges by mounting a disk image file that was created on another system, aka "Local User Privilege Elevation via Disk Image File."
[http://www.info.apple.com/usen/security/security_updates.html]
[7057]
[macos-disk-image-privileges(10818)]
-
Entry
Mac OS X 10.2.2 allows remote attackers to cause a denial of service by accessing the CUPS Printing Web Administration utility, aka "CUPS Printing Web Administration is Remotely Accessible."
[http://www.info.apple.com/usen/security/security_updates.html]
[7058]
[macos-cups-dos(10824)]
-
Entry
Mac OS X 10.2.2 allows local users to gain privileges via a mounted ISO 9600 CD, aka "User Privilege Elevation via Mounting an ISO 9600 CD."
[http://www.info.apple.com/usen/security/security_updates.html]
[7059]
[macos-iso9600-gain-privileges(10828)]
-
Entry
Mac OS X 10.2.2 allows local users to read files that only allow write access via the map_fd() Mach system call.
[http://www.info.apple.com/usen/security/security_updates.html]
[7060]
[macos-mach-read-files(10829)]
-
Entry
The Mail::Mailer Perl module in the perl-MailTools package 1.47 and earlier uses mailx as the default mailer, which allows remote attackers to execute arbitrary commands by inserting them into the mail body, which is then processed by mailx.
[6104]
[20021106 GLSA: MailTools]
[20021108 [Security Announce] Re: MDKSA-2002:076 - perl-MailTools update]
[DSA-386]
[MDKSA-2002:076]
[SuSE-SA:2002:041]
[mail-mailer-command-execution(10548)]
-
Entry
Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges.
[6220]
[CA-2002-32]
[VU#181721]
[alcatel-omniswitch-backdoor(10664)]
-
Entry
Buffer overflow in Window Maker (wmaker) 0.80.0 and earlier may allow remote attackers to execute arbitrary code via a certain image file that is not properly handled when Window Maker uses width and height information to allocate a buffer.
[6119]
[CLA-2002:548]
[DSA-190]
[MDKSA-2002:085]
[RHSA-2003:009]
[RHSA-2003:043]
[window-maker-image-bo(10560)]
-
Entry
The mailconf module in Linuxconf 1.24, and other versions before 1.28, on Conectiva Linux 6.0 through 8, and possibly other distributions, generates the Sendmail configuration file (sendmail.cf) in a way that configures Sendmail to run as an open mail relay, which allows remote attackers to send Spam email.
[6118]
[CLA-2002:544]
[6066]
[linuxconf-sendmail-mail-relay(10554)]
-
Entry
The wizard in KGPG 0.6 through 0.8.2 does not properly provide the passphrase to gpg when creating new keys, which causes secret keys to be created with an empty passphrase and allows local attackers to steal the keys if they can be read.
[6152]
[20021110 GLSA: kgpg]
[http://devel-home.kde.org/~kgpg/bug.html]
[kgpg-wizard-empty-password(10629)]
-
Entry
Directory traversal vulnerability in priocntl system call in Solaris does allows local users to execute arbitrary code via ".." sequences in the pc_clname field of a pcinfo_t structure, which cause priocntl to load a malicious kernel module.
[6262]
[20021127 Solaris priocntl exploit]
[VU#683673]
[http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doc=fsalert/49131]
[oval:org.mitre.oval:def:3637]
[solaris-priocntl-pcclname-modules(10717)]
-
Entry
Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier allows remote attackers to insert script or HTML via an email message with the script in a MIME header name.
[6204]
[http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users&i=200210211713.g9LHDXE02256@mcguire.earlhood.com]
[DSA-199]
[7353]
[mhonarc-mime-header-xss(10666)]
-
Entry
Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.
[6185]
[20021114 Netscape/Mozilla: Exploitable heap corruption via jar: URI handler.]
[http://bugzilla.mozilla.org/show_bug.cgi?id=157646]
[RHSA-2003:162]
[RHSA-2003:163]
[mozilla-netscape-jar-bo(10636)]
-
Entry
Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.
[6189]
[20021119 GLSA: courier]
[DSA-197]
[courier-mta-insecure-permissions(10643)]
-
Entry
nullmailer 1.00RC5 and earlier allows local users to cause a denial of service via an email to a local user that does not exist, which generates an error that causes nullmailer to stop sending mail to all users.
[6193]
[DSA-198]
[nullmailer-nonexistent-user-dos(10649)]
-
Entry
Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on Solaris 2.5.1 through 9 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a certain XFS query.
[6241]
[20021125 ISS Security Brief: Solaris fs.auto Remote Compromise Vulnerability]
[CA-2002-34]
[VU#312313]
[N-024]
[http://sunsolve.sun.com/pub-cgi/retrieve.pl?doc=fsalert/48879]
[HPSBUX0212-228]
[20021125 Solaris fs.auto Remote Compromise Vulnerability]
[oval:org.mitre.oval:def:149]
[oval:org.mitre.oval:def:152]
[oval:org.mitre.oval:def:2816]
[20021202-01-I]
[solaris-fsauto-execute-code(10375)]
-
Entry
Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string.
[6210]
[20021121 GLSA: samba]
[20021129 [OpenPKG-SA-2002.012] OpenPKG Security Advisory (samba)]
[VU#958321]
[N-019]
[N-023]
[CLA-2002:550]
[http://us1.samba.org/samba/whatsnew/samba-2.2.7.html]
[DSA-200]
[HPSBUX0212-230]
[MDKSA-2002:081]
[oval:org.mitre.oval:def:1467]
[RHSA-2002:266]
[20021204-01-I]
[53580]
[SuSE-SA:2002:045]
[TSLSA-2002-0080]
[samba-password-change-bo(10683)]
-
Entry
The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 systems, allows local users to cause a denial of service (hang) via the emulation mode, which does not properly clear TF and NT EFLAGs.
[6115]
[20021111 i386 Linux kernel DoS]
[20021114 Re: i386 Linux kernel DoS]
[CLA-2002:553]
[RHSA-2002:262]
[RHSA-2002:263]
[RHSA-2002:264]
[linux-kernel-tf-dos(10576)]
-
Entry
Pine 4.44 and earlier allows remote attackers to cause a denial of service (core dump and failed restart) via an email message with a From header that contains a large number of quotation marks (").
[6120]
[20021107 Remote pine Denial of Service]
[20021202 GLSA: pine]
[CLA-2002:551]
[ESA-20021127-032]
[MDKSA-2002:084]
[RHSA-2002:270]
[RHSA-2002:271]
[SuSE-SA:2002:046]
[pine-from-header-dos(10555)]
-
Entry
Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may allow attackers to break out of safe compartments in (1) Safe::reval or (2) Safe::rdo using a redefined @_ variable, which is not reset between successive calls.
[6111]
[20021216 [OpenPKG-SA-2002.014] OpenPKG Security Advisory (perl)]
[20021219 TSLSA-2002-0087 - perl]
[20021220 GLSA: perl]
[CSSA-2004-007.0]
[http://bugs6.perl.org/rt2/Ticket/Display.html?id=17744]
[http://use.perl.org/articles/02/10/06/1118222.shtml?tid=5]
[DSA-208]
[2183]
[3814]
[oval:org.mitre.oval:def:1160]
[RHSA-2003:256]
[RHSA-2003:257]
[SCOSA-2004.1]
[20030606-01-A]
[20021105 Perl Safe.pm compartment reuse vuln]
[safe-pm-bypass-restrictions(10574)]
-
Entry
Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remote attackers to determine a local user's username via a Java applet that accesses the user.dir system property, aka "User.dir Exposure Vulnerability."
[6380]
[MS02-069]
-
Entry
Buffer overflow in the Windows Shell function in Microsoft Windows XP allows remote attackers to execute arbitrary code via an .MP3 or .WMA audio file with a corrupt custom attribute, aka "Unchecked Buffer in Windows Shell Could Enable System Compromise."
[6427]
[20021219 Foundstone Research Labs Advisory - Exploitable Windows XP Media Files]
[CA-2002-37]
[VU#591890]
[MS02-072]
[winxp-windows-shell-bo(10892)]
-
Entry
TightVNC before 1.2.6 generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users.
[5296]
[20020724 VNC authentication weakness]
[20020726 RE: VNC authentication weakness]
[CLA-2003:640]
[http://www.tightvnc.com/WhatsNew.txt]
[MDKSA-2003:022]
[RHSA-2002:287]
[RHSA-2003:041]
[vnc-weak-authentication(5992)]
-
Entry
Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.
[IY40500]
[IY40501]
[IY40502]
[6991]
[20030303 Fwd: APPLE-SA-2003-03-03 sendmail]
[20030303 sendmail 8.12.8 available]
[20030304 GLSA: sendmail (200303-4)]
[20030304 [LSD] Technical analysis of the remote sendmail vulnerability]
[CSSA-2003-SCO.5]
[CSSA-2003-SCO.6]
[CA-2003-07]
[VU#398025]
[CLA-2003:571]
[http://www.sendmail.org/8.12.8.html]
[DSA-257]
[FreeBSD-SA-03:04]
[HPSBUX0302-246]
[20030303 Remote Sendmail Header Processing Vulnerability]
[MDKSA-2003:028]
[NetBSD-SA2003-002]
[oval:org.mitre.oval:def:2222]
[RHSA-2003:073]
[RHSA-2003:074]
[RHSA-2003:227]
[20030301-01-P]
[SuSE-SA:2003:013]
[sendmail-header-processing-bo(10748)]
-
Entry
w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attribute of an IMG tag, which could allow remote attackers to access files or cookies.
[6794]
[20030217 GLSA: w3m]
[http://sourceforge.net/project/shownotes.php?release_id=126233]
[DSA-249]
[DSA-250]
[DSA-251]
[RHSA-2003:044]
[RHSA-2003:045]
[w3m-img-alt-xss(11266)]
-
Entry
Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 allows local users to execute arbitrary code via a long input string to TCP port 110 (POP3).
[6350]
[20021210 Unchecked buffer in PC-cillin]
[VU#157961]
[http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=12982]
[http://www.texonet.com/advisories/TEXONET-20021210.txt]
[pccillin-pop3trap-bo(10814)]
-
Entry
The BGP decoding routines in tcpdump 3.6.x before 3.7 do not properly copy data, which allows remote attackers to cause a denial of service (application crash).
[6213]
[20021219 TSLSA-2002-0084 - tcpdump]
[CSSA-2002-050.0]
[DSA-206]
[MDKSA-2003:027]
[[tcpdump-workers] 20011015 Bug in print-bgp.c?]
[RHSA-2003:032]
[RHSA-2003:033]
[RHSA-2003:214]
[TSL-2002-0084]
[tcpdump-sizeof-memory-corruption(10695)]
-
Entry
overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security Hardening Patch) installed allows remote attackers to execute arbitrary code via a POST request with shell metacharacters in the email parameter.
[6326]
[20021205 Cobalt RaQ4 Remote root exploit]
[CA-2002-35]
[VU#810921]
[N-025]
[49377]
[cobalt-shp-overflow-privileges(10776)]
-
Entry
mICQ 0.4.9 and earlier allows remote attackers to cause a denial of service (crash) via malformed ICQ message types without a 0xFE separator character.
[6392]
[DSA-211]
[RHSA-2003:118]
[micq-0xfe-dos(10872)]
-
Entry
Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does not correctly calculate offsets, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a buffer overflow attack on the row buffers.
[6431]
[DSA-213]
[FLSA:1943]
[MDKSA-2003:008]
[MDKSA-2004:063]
[oval:org.mitre.oval:def:3657]
[RHSA-2003:006]
[RHSA-2003:007]
[RHSA-2003:119]
[RHSA-2003:157]
[RHSA-2004:249]
[RHSA-2004:402]
[SUSE-SA:2003:0004]
[libpng-file-offset-bo(10925)]
-
Entry
Buffer overflow in the get_origin function in traceroute-nanog allows attackers to execute arbitrary code via long WHOIS responses.
[6166]
[20021129 Exploit for traceroute-nanog overflow]
[DSA-254]
[SuSE-SA:2002:043]
[traceroute-nanog-getorigin-bo(10778)]
-
Entry
Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not account for the "@" character when determining buffer lengths for local addresses, which allows remote attackers to execute arbitrary code via a header with a large number of local addresses.
[6390]
[20021213 Advisory 05/2002: Another Fetchmail Remote Vulnerability]
[20021215 GLSA: fetchmail]
[CSSA-2003-001.0]
[CLA-2002:554]
[DSA-216]
[ESA-20030127-002]
[IMNX-2003-7+-023-01]
[MDKSA-2003:011]
[http://security.e-matters.de/advisories/052002.html]
[RHSA-2002:293]
[RHSA-2002:294]
[RHSA-2003:155]
[SuSE-SA:2003:001]
[fetchmail-address-header-bo(10839)]
-
Entry
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local users with lp privileges to create or overwrite arbitrary files via file race conditions, as demonstrated by ice-cream.
[6435]
[20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)]
[DSA-232]
[MDKSA-2003:001]
[http://www.idefense.com/advisory/12.19.02.txt]
[RHSA-2002:295]
[SuSE-SA:2003:002]
[20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)]
[cups-certs-race-condition(10907)]
-
Entry
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to add printers without authentication via a certain UDP packet, which can then be used to perform unauthorized activities such as stealing the local root certificate for the administration server via a "need authorization" page, as demonstrated by new-coke.
[6436]
[20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)]
[CLSA-2003:702]
[DSA-232]
[MDKSA-2003:001]
[http://www.idefense.com/advisory/12.19.02.txt]
[RHSA-2002:295]
[SuSE-SA:2003:002]
[20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)]
[cups-udp-add-printers(10908)]
-
Entry
jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly use the strncat function call when processing the options string, which allows remote attackers to execute arbitrary code via a buffer overflow attack.
[6438]
[20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)]
[CLSA-2003:702]
[DSA-232]
[MDKSA-2003:001]
[http://www.idefense.com/advisory/12.19.02.txt]
[RHSA-2002:295]
[SuSE-SA:2003:002]
[20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)]
[cups-strncat-options-bo(10910)]
-
Entry
filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check for zero-length GIF images, which allows remote attackers to execute arbitrary code via modified chunk headers, as demonstrated by nogif.
[6439]
[20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)]
[CLSA-2003:702]
[DSA-232]
[MDKSA-2003:001]
[http://www.idefense.com/advisory/12.19.02.txt]
[RHSA-2002:295]
[SuSE-SA:2003:002]
[20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)]
[cups-zero-width-images(10911)]
-
Entry
Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not released, as demonstrated by fanta.
[6440]
[20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)]
[CLSA-2003:702]
[DSA-232]
[MDKSA-2003:001]
[http://www.idefense.com/advisory/12.19.02.txt]
[RHSA-2002:295]
[SuSE-SA:2003:002]
[20021219 iDEFENSE Security Advisory 12.19.02: Multiple Security Vulnerabilities in Common Unix Printing System (CUPS)]
[cups-file-descriptor-dos(10912)]
-
Entry
Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3.23.x before 3.23.54 allows remote attackers to cause a denial of service (crash or hang) in mysqld by causing large negative integers to be provided to a memcpy call.
[6368]
[20021212 Advisory 04/2002: Multiple MySQL vulnerabilities]
[CLSA-2002:555]
[DSA-212]
[ESA-20030127-001]
[200212-2]
[IMNX-2003-7+-008-01]
[MDKSA-2002:087]
[http://security.e-matters.de/advisories/042002.html]
[RHSA-2002:288]
[RHSA-2002:289]
[RHSA-2003:166]
[SUSE-SA:2003:003]
[2002-0086]
[mysql-comtabledump-dos(10846)]
-
Entry
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x before 4.0.6, allows remote attackers to gain privileges via a brute force attack using a one-character password, which causes MySQL to only compare the provided password against the first character of the real password.
[6373]
[20021212 Advisory 04/2002: Multiple MySQL vulnerabilities]
[20021216 [OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql)]
[CLSA-2002:555]
[DSA-212]
[ESA-20021213-033]
[GLSA-200212-2]
[IMNX-2003-7+-008-01]
[MDKSA-2002:087]
[http://security.e-matters.de/advisories/042002.html]
[RHSA-2002:288]
[RHSA-2002:289]
[RHSA-2003:166]
[SUSE-SA:2003:003]
[2002-0086]
[mysql-comchangeuser-password-bypass(10847)]
-
Entry
The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4.0.6, allows remote attackers to execute arbitrary code via a long response.
[6375]
[20021212 Advisory 04/2002: Multiple MySQL vulnerabilities]
[20021216 [OpenPKG-SA-2002.013] OpenPKG Security Advisory (mysql)]
[CLSA-2002:555]
[DSA-212]
[ESA-20021213-033]
[GLSA-200212-2]
[IMNX-2003-7+-008-01]
[MDKSA-2002:087]
[http://security.e-matters.de/advisories/042002.html]
[RHSA-2002:288]
[RHSA-2002:289]
[RHSA-2003:166]
[SUSE-SA:2003:003]
[2002-0086]
[mysql-comchangeuser-password-bo(10848)]
-
Entry
vim 6.0 and 6.1, and possibly other versions, allows attackers to execute arbitrary commands using the libcall feature in modelines, which are not sandboxed but may be executed when vim is used to edit a malicious file, as demonstrated using mutt.
[6384]
[20040331 OpenLinux: vim arbitrary commands execution through modelines]
[CLA-2004:812]
[20021213 Some vim problems, yet still vim much better than windows]
[MDKSA-2003:012]
[http://www.guninski.com/vim1.html]
[RHSA-2002:297]
[RHSA-2002:302]
[55700]
[vim-modeline-command-execution(10835)]
-
Entry
Linux kernel 2.2.x allows local users to cause a denial of service (crash) by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface.
[6420]
[DSA-336]
[ESA-20030318-009]
[MDKSA-2003:039]
[RHSA-2003:088]
[2002-0083]
[20021217 RAZOR advisory: Linux 2.2.xx /proc/<pid>/mem mmap() vulnerability]
[linux-protread-mmap-dos(10884)]
-
Entry
Format string vulnerability in daemon.c for Exim 4.x through 4.10, and 3.x through 3.36, allows exim administrative users to execute arbitrary code by modifying the pid_file_path value.
[6314]
[20021204 Local root vulnerability found in exim 4.x (and 3.x)]
[http://groups.yahoo.com/group/exim-users/message/42358]
[GLSA-200212-5]
[[Exim] 20021204 Minor security problem in both Exim 3 and 4]
[exim-daemonc-format-string(10761)]
-
Entry
Macromedia Flash Player before 6.0.65.0 allows remote attackers to execute arbitrary code via certain malformed data headers in Shockwave Flash file format (SWF) files, a different issue than CAN-2002-0846.
[6383]
[20021217 Macromedia Shockwave Flash Malformed Header Overflow #2]
[http://www.macromedia.com/v1/handlers/index.cfm?ID=23569]
[20021217 Macromedia Shockwave Flash Malformed Header Overflow #2]
[flash-swf-bo(10861)]
-
Entry
Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf.
[6475]
[DSA-222]
[DSA-226]
[DSA-232]
[GLSA-200301-1]
[MDKSA-2003:001]
[MDKSA-2003:002]
[http://www.idefense.com/advisory/12.23.02.txt]
[RHSA-2002:295]
[RHSA-2002:307]
[RHSA-2003:037]
[RHSA-2003:216]
[SUSE-SA:2003:002]
[20021223 iDEFENSE Security Advisory 12.23.02: Integer Overflow in pdftops]
[pdftops-integer-overflow(10937)]
-
Entry
openwebmail_init in Open WebMail 1.81 and earlier allows local users to execute arbitrary code via .. (dot dot) sequences in a login name, such as the name provided in the sessionid parameter for openwebmail-abook.pl, which is used to find a configuration file that specifies additional code to be executed.
[6425]
[20021218 Openwebmail 1.71 remote root compromise]
[20021219 [Fix] Openwebmail 1.71 remote root compromise]
[http://sourceforge.net/forum/forum.php?thread_id=782605&forum_id=108435]
[open-webmail-command-execution(10904)]
-
Entry
Cross-site scripting (XSS) vulnerability in MHonArc before 2.5.14 allows remote attackers to inject arbitrary HTML into web archive pages via HTML mail messages.
[6479]
[http://www.mhonarc.org/archive/cgi-bin/mesg.cgi?a=mhonarc-users&i=200212220120.gBM1K8502180@mcguire.earlhood.com]
[DSA-221]
[mhonarc-m2htexthtml-filter-xss(10950)]
-
Entry
Buffer overflow in typespeed 0.4.2 and earlier allows local users to gain privileges via long input.
[6485]
[DSA-217]
[typespeed-command-line-bo(10936)]
-
Entry
The daemon for GeneWeb before 4.09 does not properly handle requested paths, which allows remote attackers to read arbitrary files via a crafted URL.
[6549]
[http://cristal.inria.fr/~ddr/GeneWeb/en/version/4.09.html]
[DSA-223]
[geneweb-absolute-information-disclosure(11021)]
-
Entry
Buffer overflow in cnd-program for mgetty before 1.1.29 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a Caller ID string with a long CallerName argument.
[7303]
[CSSA-2003-021.0]
[http://search.alphanet.ch/cgi-bin/search.cgi?msgid=20021125142338.E12094%40greenie.muc.de&max_results=1&type=long&domain=ml-mgetty]
[GLSA-200304-09]
[RHSA-2003:008]
[RHSA-2003:036]
[mgetty-cndprogram-callername-bo(11072)]
-
Entry
faxspool in mgetty before 1.1.29 uses a world-writable spool directory for outgoing faxes, which allows local users to modify fax transmission privileges.
[7302]
[CSSA-2003-021.0]
[http://search.alphanet.ch/cgi-bin/search.cgi?msgid=20021125142338.E12094%40greenie.muc.de&max_results=1&type=long&domain=ml-mgetty]
[GLSA-200304-09]
[RHSA-2003:008]
[RHSA-2003:036]
[mgetty-faxspool-worldwritable-directory(11070)]
-
Entry
Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148.
[6562]
[http://issues.apache.org/bugzilla/show_bug.cgi?id=13365]
[http://marc.info/?l=tomcat-dev&m=103417249325526&w=2]
[DSA-225]
[GLSA-200210-001]
[[tomcat-dev] 20190319 svn commit: r1855831 [21/30] - in /tomcat/site/trunk: ./ docs/ xdocs/]
[[tomcat-dev] 20190325 svn commit: r1856174 [19/29] - in /tomcat/site/trunk: docs/ xdocs/ xdocs/stylesheets/]
[[tomcat-dev] 20200213 svn commit: r1873980 [24/34] - /tomcat/site/trunk/docs/]
[RHSA-2003:075]
[RHSA-2003:082]
[tomcat-invoker-source-code(10376)]
-
Entry
Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 and before 4.3.0 may allow attackers to cause a denial of service or execute arbitrary code.
[6488]
[20021227 Buffer overflow in PHP "wordwrap" function]
[http://bugs.php.net/bug.php?id=20927]
[ESA-20030219-003]
[200301-8]
[MDKSA-2003:019]
[RHSA-2003:017]
[CSSA-2003-SCO.28]
[SuSE-SA:2003:0009]
[php-wordwrap-bo(10944)]
-
Entry
dhcpcd DHCP client daemon 1.3.22 and earlier allows local users to execute arbitrary code via shell metacharacters that are fed from a dhcpd .info script into a .exe script.
[6200]
[CLA-2002:549]
[DSA-219]
[GLSA-200301-3]
[MDKSA-2003:003]
[dhcpcd-info-execute-commands(10663)]
-
Entry
CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote attackers to inject false HTTP headers into an HTTP request that is provided on the command line, via a URL containing encoded carriage return, line feed, and other whitespace characters.
[5499]
[20020819 Lynx CRLF Injection]
[20020822 Lynx CRLF Injection, part two]
[CSSA-2002-049.0]
[DSA-210]
[MDKSA-2003:023]
[RHSA-2003:029]
[RHSA-2003:030]
[2002-0085]
[lynx-crlf-injection(9887)]
-
Entry
TinySSL 1.02 and earlier does not verify the Basic Constraints for an intermediate CA-signed certificate, which allows remote attackers to spoof the certificates of trusted sites via a man-in-the-middle attack.
[5410]
[20020805 IE SSL Vulnerability]
[20020810 TinySSL Vendor Statement: Basic Constraints Vulnerability]
[ssl-ca-certificate-spoofing(9776)]
-
Entry
Gallery photo album package before 1.3.1 allows local and possibly remote attackers to execute arbitrary code via a modified GALLERY_BASEDIR variable that points to a directory or URL that contains a Trojan horse init.php script.
[5375]
[20020801 code injection in gallery]
[http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=50&mode=thread&order=0&thold=0]
[DSA-138]
[gallery-basedir-execute-commands(9737)]
-
Entry
RCONAG6 for Novell Netware SP2, while running RconJ in secure mode, allows remote attackers to bypass authentication using the RconJ "Secure IP" (SSL) option during a connection.
[5541]
[20020821 NOVL-2002-2963349 - Rconag6 Secure IP Login Vulnerability - NW6SP2]
[VU#746251]
[http://support.novell.com/servlet/tidfinder/2963349]
[netware-rconj-no-password(9928)]
-
Entry
Buffer overflow in qmailadmin allows local users to gain privileges via a long QMAILADMIN_TEMPLATEDIR environment variable.
[5404]
[20020724 Re: qmailadmin SUID buffer overflow]
[http://www.inter7.com/qmailadmin/ChangeLog]
[20020806 qmailadmin SUID buffer overflow]
[qmailadmin-templatedir-bo(9786)]
-
Entry
Directory traversal vulnerability in Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to read arbitrary files via a URL containing a "..%5c" sequence (modified dot-dot), which is mapped to the directory separator.
[5523]
[20020820 NOVL-2002-2963297 - NetBasic Buffer Overflow + Scripting Vulnerability]
[http://support.novell.com/servlet/tidfinder/2963297]
[novell-netbasic-directory-traversal(9910)]
-
Entry
Buffer overflow in the interpreter for Novell NetBasic Scripting Server (NSN) for Netware 5.1 and 6, and Novell Small Business Suite 5.1 and 6, allows remote attackers to cause a denial of service (ABEND) via a long module name.
[5524]
[20020820 NOVL-2002-2963297 - NetBasic Buffer Overflow + Scripting Vulnerability]
[http://support.novell.com/servlet/tidfinder/2963297]
[novell-netbasic-interpreter-bo(9911)]
-
Entry
The upgrade of IRIX on Origin 3000 to 6.5.13 through 6.5.16 changes the MAC address of the system, which could modify intended access restrictions that are based on a MAC address.
[5467]
[20020805-01-I]
[irix-origin-bypass-filtering(9868)]
-
Entry
Integer signedness error in select() on OpenBSD 3.1 and earlier allows local users to overwrite arbitrary kernel memory via a negative value for the size parameter, which satisfies the boundary check as a signed integer, but is later used as an unsigned integer during a data copying operation.
[5442]
[20020812 OpenBSD Security Advisory: Select Boundary Condition (fwd)]
[VU#259787]
[7554]
[openbsd-select-bo(9809)]
-
Entry
Buffer overflow in munpack in mpack 1.5 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.
[5385]
[DSA-141]
[munpack-mime-bo(9747)]
-
Entry
Directory traversal vulnerability in munpack in mpack 1.5 and earlier allows remote attackers to create new files in the parent directory via a ../ (dot-dot) sequence in the filename to be extracted.
[5386]
[DSA-141]
[munpack-dotdot-directory-traversal(9748)]
-
Entry
Unknown vulnerability in Sympoll 1.2 allows remote attackers to read arbitrary files when register_globals is enabled, possibly by modifying certain PHP variables through URL parameters.
[5360]
[20020730 [ADVISORY]: Arbitrary file disclosure vulnerability in Sympoll 1.2]
[http://www.ralusp.net/downloads/sympoll/changelog.txt]
[sympoll-php-view-files(9723)]
-
Entry
class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0.8.2, allows remote attackers to execute arbitrary PHP code when the 'allow_url_fopen' setting is enabled via a URL in the config_atkroot parameter that points to the code.
[5552]
[20020822 Arbitrary code execution problem in Achievo]
[http://www.achievo.org/lists/2002/Aug/msg00092.html]
[achievo-php-execute-code(9947)]
-
Entry
The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to execute arbitrary Perl code via an HTTP POST request.
[5520]
[20020820 NOVL-2002-2963307 - PERL Handler Vulnerability]
[http://support.novell.com/servlet/tidfinder/2963307]
[netware-perl-code-execution(9916)]
-
Entry
Directory traversal vulnerability in the web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to read arbitrary files via an HTTP request containing "..%5c" (URL-encoded dot-dot backslash) sequences.
[5522]
[20020820 NOVL-2002-2963307 - PERL Handler Vulnerability]
[http://support.novell.com/servlet/tidfinder/2963307]
[netware-perl-directory-traversal(9915)]
-
Entry
The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 allows remote attackers to obtain Perl version information via the -v option.
[5521]
[20020820 NOVL-2002-2963307 - PERL Handler Vulnerability]
[http://support.novell.com/servlet/tidfinder/2963307]
[netware-perl-information-disclosure(9917)]
-
Entry
The Google toolbar 1.1.58 and earlier allows remote web sites to monitor a user's input into the toolbar via an "onkeydown" event handler.
[5426]
[20020808 Exploiting the Google toolbar (GM#001-MC)]
[http://toolbar.google.com/whatsnew.php3]
[http://sec.greymagic.com/adv/gm001-mc/]
[20020808 Exploiting the Google toolbar (GM#001-MC)]
[google-toolbar-keypress-monitoring(10054)]
-
Entry
The error checking routine used for the C_Verify call on a symmetric verification key in the nCipher PKCS#11 library 1.2.0 and later returns the CKR_OK status even when it detects an invalid signature, which could allow remote attackers to modify or forge messages.
[5498]
[20020819 nCipher Advisory #5: C_Verify validates incorrect symmetric signatures]
[http://www.ncipher.com/support/advisories/advisory5_c_verify.html]
[ncipher-cverify-improper-verification(9895)]
-
Entry
Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument.
[5056]
[20020619 [AP] Cisco vpnclient buffer overflow]
[20020619 Buffer Overflow in UNIX VPN Client]
[http://sec.angrypacket.com/advisories/0002_AP.vpnclient.txt]
[ciscovpn-profile-name-bo(9376)]
-
Entry
An undocumented SNMP read/write community string ('NoGaH$@!') in Avaya P330, P130, and M770-ATM Cajun products allows remote attackers to gain administrative privileges.
[5396]
[20020805 SNMP vulnerability in AVAYA Cajun firmware]
[http://support.avaya.com/security/Unauthorized_SNMP/index.jhtml]
[avaya-cajun-default-snmp(9769)]
-
Entry
Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor Models 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 generate easily predictable initial sequence numbers (ISN), which allows remote attackers to spoof connections.
[5387]
[20020802 Security Advisory: Raptor Firewall Weak ISN Vulnerability]
[http://www.symantec.com/techsupp/bulletin/archive/firewall/082002firewall.html]
[855]
[symantec-tcp-seq-predict(12836)]
-
Entry
Buffer overflow in errpt in AIX 4.3.3 allows local users to execute arbitrary code as root.
[IY31997]
[5885]
-
Entry
scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs.
[5526]
[20020820 vulnerabilities in scponly]
[http://www.sublimation.org/scponly/]
[scponly-ssh-env-upload(9913)]
-
Entry
The camel component for Ximian Evolution 1.0.x and earlier does not verify certificates when it establishes a new SSL connection after previously verifying a certificate, which could allow remote attackers to monitor or modify sessions via a man-in-the-middle attack.
[5875]
[20021003 SSL certificate validation problems in Ximian Evolution]
[evolution-camel-certificate-mitm(10292)]
-
Entry
Untrusted search path vulnerability in libX11.so in xfree86, when used in setuid or setgid programs, allows local users to gain root privileges via a modified LD_PRELOAD environment variable that points to a malicious module.
[5735]
[CLA-2002:529]
[11922]
[RHSA-2003:066]
[RHSA-2003:067]
[SuSE-SA:2002:032]
[xfree86-x11-program-execution(10137)]
-
Entry
Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and possibly other operating systems, when called with the LC_ALL category, allows local attackers to execute arbitrary code via a user-controlled locale string that has more than 6 elements, which exceeds the boundaries of the new_categories category array, as exploitable through programs such as xterm and zsh.
[5724]
[NetBSD-SA2002-012]
[7565]
[netbsd-libc-setlocale-bo(10159)]
-
Entry
graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti administrators to execute arbitrary commands via shell metacharacters in the title during edit mode.
[5627]
[20020903 Cacti security issues]
[DSA-164]
[http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt]
[cacti-graph-label-commands(10048)]
-
Entry
Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode.
[5630]
[20020903 Cacti security issues]
[DSA-164]
[http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt]
[cacti-console-mode-commands(10050)]
-
Entry
Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges.
[5628]
[20020903 Cacti security issues]
[http://www.knights-of-the-routing-table.org/advisories/krt_001_20020903_cacti.txt]
[cacti-config-world-readable(10049)]
-
Entry
NetBSD 1.4 through 1.6 beta allows local users to cause a denial of service (kernel panic) via a series of calls to the TIOCSCTTY ioctl, which causes an integer overflow in a structure counter and sets the counter to zero, which frees memory that is still in use by other processes.
[5722]
[NetBSD-SA2002-007]
[7566]
[netbsd-tiocsctty-ioctl-bo(10115)]
-
Entry
The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most recently used login password in plaintext when saving "Default Connection" settings, which could allow local users to gain privileges.
[5736]
[20020918 Cisco VPN 5000 Client Multiple Vulnerabilities]
[7041]
[cisco-vpn5000-defaultconnection-password(10129)]
-
Entry
Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook allows remote attackers to inject arbitrary script via (1) STYLE attributes or (2) SRC attributes in an IMG tag.
[5728]
[20020914 Lycos HTMLGear Guestbook Script Injection Vulnerability]
[20020926 [VulnWatch] BugTraq ID: 5728]
[guestgear-img-xss(12235)]
-
Entry
Cross-site scripting (XSS) vulnerabilities in Aestiva HTML/OS allows remote attackers to insert arbitrary HTML or script by inserting the script after a trailing / character, which inserts the script into the resulting error message.
[5618]
[20020903 Cross-Site Scripting in Aestiva's HTML/OS]
[aestiva-htmlos-cgi-xss(10029)]
-
Entry
Heap-based buffer overflow in Null HTTP Server 0.5.0 and earlier allows remote attackers to execute arbitrary code via a negative value in the Content-Length HTTP header.
[5774]
[20020922 remote exploitable heap overflow in Null HTTPd 0.5.0]
[http://freshmeat.net/releases/97910/]
[null-httpd-contentlength-bo(10160)]
-
Entry
Cross-site scripting (XSS) vulnerability in Null HTTP Server 0.5.0 and earlier allows remote attackers to insert arbitrary HTML into a "404 Not Found" response.
[5603]
[20020902 XSS in Null HTTPd]
[http://freshmeat.net/releases/97910/]
[null-httpd-xss(10004)]
-
Entry
The MPS functionality in Enterasys SSR8000 (Smart Switch Router) before firmware 8.3.0.10 allows remote attackers to cause a denial of service (crash) via multiple port scans to ports 15077 and 15078.
[5703]
[20020913 Scan against Enterasys SSR8000 crash the system]
[http://www.enterasys.com/support/techtips/tk0659-9.html]
[smartswitch-portscan-dos(10096)]
-
Entry
Symbolic link vulnerability in xbreaky before 0.5.5 allows local users to overwrite arbitrary files via a symlink from the user's .breakyhighscores file to the target file.
[5700]
[20020912 xbreaky symlink vulnerability]
[http://xbreaky.sourceforge.net/]
[xbreaky-breakyhighscores-symlink(10078)]
-
Entry
SQL injection vulnerability in board.php for WoltLab Burning Board (wBB) 2.0 RC 1 and earlier allows remote attackers to modify the database and possibly gain privileges via the boardid parameter.
[5675]
[20020908 sql injection vulnerability in WBB 2.0 RC1 and below]
[wbb-board-sql-injection(10069)]
-
Entry
A patch for shadow-utils 20000902 causes the useradd command to create a mail spool files with read/write privileges of the new user's group (mode 660), which allows other users in the same group to read or modify the new user's incoming email.
[http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=75418]
[MDKSA-2003:026]
[RHSA-2003:057]
[RHSA-2003:058]
-
Entry
xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist.
[CLA-2002:533]
[http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG]
[RHSA-2003:064]
[RHSA-2003:065]
[55602]
[xfree86-xdm-unauth-access(11389)]
-
Entry
The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies.
[6905]
[CLSA-2003:640]
[http://changelogs.credativ.org/debian/pool/main/v/vnc/vnc_3.3.6-3/changelog]
[200302-15]
[MDKSA-2003:022]
[RHSA-2003:041]
[RHSA-2003:068]
[56161]
[vnc-rand-weak-cookie(11384)]
-
Entry
The UCX POP server in HP TCP/IP services for OpenVMS 4.2 through 5.3 allows local users to truncate arbitrary files via the -logfile command line option, which overrides file system permissions because the server runs with the SYSPRV and BYPASS privileges.
[5790]
[20020927 OpenVMS POP server local vulnerability]
[20021001 [security bulletin] SSRT2371 HP OpenVMS Potential POP server local vulnerability (fwd)]
[SSRT2371]
[openvms-pop-gain-privileges(10236)]
-
Entry
gds_lock_mgr in Borland InterBase allows local users to overwrite files and gain privileges via a symlink attack on a "isc_init1.X" temporary file, as demonstrated by modifying the xinetdbd file.
[5805]
[20020925 Borland Interbase local root exploit]
[interbase-gdslockmgr-bo(10196)]
-
Entry
rpcbind in SGI IRIX, when using the -w command line switch, allows local users to overwrite arbitrary files via a symlink attack.
[5889]
[N-004]
[20020903-01-P]
[irix-rpcbind-w-symlink(10272)]
-
Entry
fsr_efs in IRIX 6.5 allows local users to conduct unauthorized file activities via a symlink attack, possibly via the .fsrlast file.
[5897]
[N-004]
[8579]
[20020903-01-P]
[20020903-02-P]
[20021103-01-P]
[20021103-02-P]
[irix-fsr-efs-symlink(10275)]
-
Entry
mv in IRIX 6.5 creates a directory with world-writable permissions while moving a directory, which could allow local users to modify files and directories.
[5893]
[N-004]
[8580]
[20020903-01-P]
[irix-mv-directory-insecure(10276)]
-
Entry
Format string vulnerability in the CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the password parameter.
[5814]
[20020926 Watchguard firewall appliances security issues]
[20020927 Software Update Available for Legacy RapidStream Appliances and WatchGuard Firebox Vclass appliances]
[4924]
[firebox-vclass-cli-format-string(10217)]
-
Entry
The CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, does not properly close the SSH connection when a -N option is provided during authentication, which allows remote attackers to access CLI with administrator privileges.
[5815]
[20020926 Watchguard firewall appliances security issues]
[20020927 Software Update Available for Legacy RapidStream Appliances and WatchGuard Firebox Vclass appliances]
[4831]
[firebox-vclass-cli-admin-privileges(10218)]
-
Entry
Web Server 4D (WS4D) 3.6 stores passwords in plaintext in the Ws4d.4DD file, which allows attackers to gain privileges.
[5803]
[20020925 [SecurityOffice] Webserver 4D v3.6 Weak Password Preservation Vulnerability]
[webserver-4d-plaintext-passwords(10198)]
-
Entry
Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execute arbitrary code via a skin file (.wal) with a long include file tag.
[5832]
[20020929 IIL Advisory: Winamp 3 (1.0.0.488) XML parser buffer overflow vulnerability]
[winamp-xml-parser-bo(10228)]
-
Entry
MsmMask.exe in MondoSearch 4.4 allows remote attackers to obtain the source code of scripts via the mask parameter.
[5941]
[20021010 MondoSearch show the source of all files]
[mondosearch-url-souce-disclosure(10350)]
-
Entry
Cross-site scripting (XSS) vulnerability in msgError.asp for the administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows remote attackers to insert arbitrary script or HTML via the Reason parameter.
[5928]
[20021008 Four Vulnerabilities in SurfControl's SuperScout Email Filter Administrative Server]
[superscout-emailfilter-error-xss(10319)]
-
Entry
The administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows users to obtain usernames and plaintext passwords via a request to the userlist.asp program, which includes the passwords in a user editing form.
[5929]
[20021008 Four Vulnerabilities in SurfControl's SuperScout Email Filter Administrative Server]
[superscout-emailfilter-plaintext-passwords(10320)]
-
Entry
The administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows remote attackers to cause a denial of service (crash) via an HTTP request without a Content-Length parameter.
[5930]
[20021008 Four Vulnerabilities in SurfControl's SuperScout Email Filter Administrative Server]
[superscout-emailfilter-content-dos(10321)]
-
Entry
The administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows remote attackers to cause a denial of service (resource exhaustion) via a GET request without the terminating /r/n/r/n (CRLF) sequence, which causes the interface to wait for the sequence and blocks other users from accessing it.
[5931]
[20021008 Four Vulnerabilities in SurfControl's SuperScout Email Filter Administrative Server]
[superscout-emailfilter-get-dos(10322)]
-
Entry
Macromedia Flash Player allows remote attackers to read arbitrary files via XML script in a .swf file that is hosted on a remote SMB share.
[5904]
[20021006 Flash player can read local files]
[flash-xml-read-files(10297)]
-
Entry
admin_ug_auth.php in phpBB 2.0.0 allows local users to gain administrator privileges by directly calling admin_ug_auth.php with modifed form fields such as "u".
[6056]
[20021027 Privilege Escalation Vulnerability In phpBB 2.0.0]
[4284]
[phpbb-adminugauth-admin-privileges(10489)]
-
Entry
Acuma Acusend 4, and possibly earlier versions, allows remote authenticated users to read the reports of other users by inferring the full URL, whose name is easily predictable.
[6048]
[20021025 Sec-Tec advisory 24.10.02 Unauthorised file acces in Acuma]
[acusend-unauthorized-file-access(10473)]
-
Entry
The client for Symantec Norton AntiVirus Corporate Edition 7.5.x before 7.5.1 Build 62 and 7.6.x before 7.6.1 Build 35a runs winhlp32 with raised privileges, which allows local users to gain privileges by using certain features of winhlp32.
[20021024 DH team: Norton Antivirus Corporate Edition Privilege Escalation]
[20021025 RE: DH team: Norton Antivirus Corporate Edition Privilege Escalation, http://online.securityfocus.com/archive/1/296979/2002-10-22/2002-10-28/0]
[6258]
[nav-winhlp32-gain-privileges(10475)]
-
Entry
BadBlue 1.7 allows remote attackers to bypass password protections for directories and files via an HTTP request containing an extra / (slash).
[6044]
[20021024 [SecurityOffice] BadBlue Web Server v1.7 Protected File Access Vulnerability]
[badblue-protected-file-access(10466)]
-
Entry
Buffer overflow in trek on NetBSD 1.5 through 1.5.3 allows local users to gain privileges via long keyboard input.
[6036]
[NetBSD-SA2002-025]
[7570]
[trek-keyboard-input-bo(10458)]
-
Entry
Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers to cause a denial of service via a malformed SSH packet to the Secure Command Shell (SCS) management interface, as demonstrated via certain CRC32 exploits, a different vulnerability than CVE-2001-0144.
[20021101 (Correction) Netscreen SSH1 CRC32 Compensation Denial of service]
[20021101 Netscreen SSH1 CRC32 Compensation Denial of service]
[VU#930161]
[http://www.netscreen.com/support/alerts/11_06_02.html]
[4376]
[20021101 (Correction) Netscreen SSH1 CRC32 Compensation Denial of service]
[20021101 Netscreen SSH1 CRC32 Compensation Denial of service]
[netscreen-ssh-dos(10528)]
-
Entry
Unknown vulnerability in autofs on AIX 4.3.0, when using executable maps, allows attackers to execute arbitrary commands as root, possibly related to "string handling around how the executable map is called."
[IY31934]
-
Entry
Buffer overflow in Light HTTPd (lhttpd) 0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request.
[6162]
[20021112 Remote Buffer Overflow vulnerability in Light HTTPd]
[light-httpd-bo(10607)]
-
Entry
dump_smutil.sh in IBM AIX allows local users to overwrite arbitrary files via a symlink attack on temporary files.
[IY34617]
[8802]
-
Entry
Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows users with expired passwords to gain inappropriate permissions when logging in from Remote Manager.
[6163]
[20021112 NOVL-2002-2963767 - Remote Manager Security Issue - eDir 8.6.2]
[20021112 NOVL-2002-2963827 - Remote Manager Security Issue - NW5.1]
[novell-edirectory-expired-accounts(10604)]
-
Entry
index.php in gBook 1.4 allows remote attackers to bypass authentication and gain administrative privileges by setting the login parameter to true.
[6033]
[20021022 gBook]
[gbook-mysql-admin-access(10455)]
-
Entry
Buffer overflow in the ixj telephony card driver in Linux before 2.4.20 has unknown impact and attack vectors.
[5985]
[N-096]
[RHSA-2002:205]
[RHSA-2002:206]
[RHSA-2004:044]
[RHSA-2004:106]
[linux-ixj-root-privileges(10417)]
-
Entry
Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary script via the REASONTXT parameter.
[5922]
[20021007 CSS on Microsoft Content Management Server]
[MS03-002]
[mcms-manuallogin-reasontxt-xss (10318)]
-
Entry
Buffer overflow in the RPC Locator service for Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows local users to execute arbitrary code via an RPC call to the service containing certain parameter information.
[6666]
[20030130 Microsoft RPC Locator Buffer Overflow Vulnerability (#NISR29012003)]
[CA-2003-03]
[VU#610986]
[MS03-001]
[20030130 Microsoft RPC Locator Buffer Overflow Vulnerability (#NISR29012003)]
[oval:org.mitre.oval:def:103]
[win-locator-bo(11132)]
-
Entry
Buffer overflow in the Windows Redirector function in Microsoft Windows XP allows local users to execute arbitrary code via a long parameter.
[6778]
[20030327 NSFOCUS SA2003-01: Microsoft Windows XP Redirector Local Buffer Overflow Vulnerability]
[MS03-005]
[20030327 NSFOCUS SA2003-01: Microsoft Windows XP Redirector Local Buffer Overflow Vulnerability]
[winxp-windows-redirector-bo(11260)]
-
Entry
Microsoft Outlook 2002 does not properly handle requests to encrypt email messages with V1 Exchange Server Security certificates, which causes Outlook to send the email in plaintext, aka "Flaw in how Outlook 2002 handles V1 Exchange Server Security Certificates could lead to Information Disclosure."
[6667]
[MS03-003]
[outlook-v1-certificate-plaintext(11133)]
-
Entry
Cross-site scripting (XSS) vulnerability in Help and Support Center for Microsoft Windows Me allows remote attackers to execute arbitrary script in the Local Computer security context via an hcp:// URL with the malicious script in the topic parameter.
[6966]
[20030227 MS-Windows ME IE/Outlook/HelpCenter critical vulnerability]
[VU#489721]
[N-047]
[MS03-006]
[6074]
[winme-hsc-hcp-bo(11425)]
-
Entry
The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 sets world-writable permissions for the data/mining directory when it runs, which allows local users to modify or delete the data.
[6502]
[20030102 [BUGZILLA] Security Advisory - remote database password disclosure]
[DSA-230]
[RHSA-2003:012]
[bugzilla-mining-world-writable(10971)]
-
Entry
The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16.x before 2.16.2, and 2.17.x before 2.17.3 do not include filenames for backup copies of the localconfig file that are made from editors such as vi and Emacs, which could allow remote attackers to obtain a database password by directly accessing the backup file.
[6501]
[20030102 [BUGZILLA] Security Advisory - remote database password disclosure]
[DSA-230]
[6351]
[bugzilla-htaccess-database-password(10970)]
-
Entry
Double-free vulnerability in CVS 1.11.4 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a malformed Directory request, as demonstrated by bypassing write checks to execute Update-prog and Checkin-prog commands.
[6650]
[20030122 [security@slackware.com: [slackware-security] New CVS packages available]]
[20030124 Test program for CVS double-free.]
[20030202 Exploit for CVS double free() for Linux pserver]
[CSSA-2003-006]
[CA-2003-02]
[VU#650937]
[N-032]
[http://ccvs.cvshome.org/servlets/NewsItemView?newsID=51&JServSessionIdservlets=5of2iuhr14]
[DSA-233]
[FreeBSD-SA-03:01]
[20030120 Advisory 01/2003: CVS remote vulnerability]
[MDKSA-2003:009]
[http://security.e-matters.de/advisories/012003.html]
[RHSA-2003:012]
[RHSA-2003:013]
[SuSE-SA:2003:0007]
[20030120 Advisory 01/2003: CVS remote vulnerability]
[cvs-doublefree-memory-corruption(11108)]
-
Entry
Apache before 2.0.44, when running on unpatched Windows 9x and Me operating systems, allows remote attackers to cause a denial of service or execute arbitrary code via an HTTP request containing MS-DOS device names.
[6659]
[VU#825177]
[VU#979793]
[http://www.apacheweek.com/issues/03-01-24#security]
[[apache-httpd-announce] 20030120 [ANNOUNCE] Apache 2.0.44 Released]
[[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/]
[[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/]
[[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/]
[[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/]
[[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/]
[[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/]
[[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[apache-device-code-execution(11125)]
[apache-device-name-dos(11124)]
-
Entry
Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers to obtain certain files via an HTTP request that ends in certain illegal characters such as ">", which causes a different filename to be processed and served.
[http://marc.info/?l=apache-httpd-announce&m=104313442901017&w=2]
[[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/]
[[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/]
[[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/]
[[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/]
[[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/]
[[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/]
[[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210606 svn commit: r1075467 [1/2] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
-
Entry
Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O_DIRECT feature, which allows local attackers with write privileges to read portions of previously deleted files, or cause file system corruption.
[6763]
[http://linux.bkbits.net:8080/linux-2.4/cset@3e2f193drGJDBg9SG6JwaDQwCBnAMQ]
[DSA-358]
[DSA-423]
[MDKSA-2003:014]
[RHSA-2003:025]
[linux-odirect-information-leak(11249)]
-
Entry
uml_net in the kernel-utils package for Red Hat Linux 8.0 has incorrect setuid root privileges, which allows local users to modify network interfaces, e.g. by modifying ARP entries or placing interfaces into promiscuous mode.
[6801]
[VU#134025]
[N-044]
[RHSA-2003:056]
[linux-umlnet-gain-privileges(11276)]
-
Entry
Apache does not filter terminal escape sequences from its error logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences.
[APPLE-SA-2004-05-03]
[9930]
[20030224 Terminal Emulator Security Issues]
[20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)]
[GLSA-200405-22]
[SSRT4717]
[MDKSA-2003:050]
[MDKSA-2004:046]
[[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/]
[[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/]
[[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/]
[[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/]
[[httpd-cvs] 20210330 svn commit: r1073149 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/]
[[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/]
[[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[oval:org.mitre.oval:def:100109]
[oval:org.mitre.oval:def:150]
[oval:org.mitre.oval:def:4114]
[RHSA-2003:082]
[RHSA-2003:083]
[RHSA-2003:104]
[RHSA-2003:139]
[RHSA-2003:243]
[RHSA-2003:244]
[SSA:2004-133]
[101555]
[57628]
[2004-0017]
[2004-0027]
[20030224 Terminal Emulator Security Issues]
[apache-esc-seq-injection(11412)]
-
Entry
The "screen dump" feature in Eterm 0.9.1 and earlier allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence.
[6936]
[20030224 Terminal Emulator Security Issues]
[GLSA-200303-1]
[MDKSA-2003:040]
[20030224 Terminal Emulator Security Issues]
[terminal-emulator-screen-dump(11413)]
-
Entry
The "screen dump" feature in rxvt 2.7.8 allows attackers to overwrite arbitrary files via a certain character escape sequence when it is echoed to a user's terminal, e.g. when the user views a file containing the malicious sequence.
[6938]
[20030224 Terminal Emulator Security Issues]
[MDKSA-2003:034]
[RHSA-2003:054]
[RHSA-2003:055]
[20030224 Terminal Emulator Security Issues]
[terminal-emulator-screen-dump(11413)]
-
Entry
The menuBar feature in rxvt 2.7.8 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu.
[6947]
[20030224 Terminal Emulator Security Issues]
[MDKSA-2003:034]
[RHSA-2003:054]
[RHSA-2003:055]
[20030224 Terminal Emulator Security Issues]
[terminal-emulator-menu-modification(11416)]
-
Entry
The menuBar feature in aterm 0.42 allows attackers to modify menu options and execute arbitrary commands via a certain character escape sequence that inserts the commands into the menu.
[6949]
[20030224 Terminal Emulator Security Issues]
[20030224 Terminal Emulator Security Issues]
[terminal-emulator-menu-modification(11416)]
-
Entry
Directory traversal vulnerability in Sun Kodak Color Management System (KCMS) library service daemon (kcms_server) allows remote attackers to read arbitrary files via the KCS_OPEN_PROFILE procedure.
[6665]
[20030122 Entercept Ricochet Advisory: Sun Solaris KCMS Library Service Daemon Arbitrary File Retrieval Vulner]
[VU#850785]
[http://www.entercept.com/news/uspr/01-22-03.asp]
[oval:org.mitre.oval:def:120]
[oval:org.mitre.oval:def:195]
[oval:org.mitre.oval:def:2592]
[50104]
[solaris-kcms-directory-traversal(11129)]
-
Entry
Memory leak in libmcrypt before 2.5.5 allows attackers to cause a denial of service (memory exhaustion) via a large number of requests to the application, which causes libmcrypt to dynamically load algorithms via libtool.
[6512]
[20030103 Multiple libmcrypt vulnerabilities]
[20030105 GLSA: libmcrypt]
[CLA-2003:567]
[DSA-228]
[SuSE-SA:2003:0010]
[libmcrypt-libtool-memory-leak(10988)]
-
Entry
Buffer overflow in the RPC preprocessor for Snort 1.8 and 1.9.x before 1.9.1 allows remote attackers to execute arbitrary code via fragmented RPC packets.
[6963]
[20030303 Snort RPC Vulnerability (fwd)]
[CA-2003-13]
[VU#916785]
[DSA-297]
[ESA-20030307-007]
[GLSA-200303-6.1]
[GLSA-200304-06]
[20030303 Snort RPC Preprocessing Vulnerability]
[MDKSA-2003:029]
[4418]
[snort-rpc-fragment-bo(10956)]
-
Entry
ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other versions, allows remote attackers to cause a denial of service (packet storm) via a certain BOOTP packet that is forwarded to a broadcast MAC address, causing an infinite loop that is not restricted by a hop count.
[6628]
[20030115 DoS against DHCP infrastructure with isc dhcrelay]
[20030219 [OpenPKG-SA-2003.012] OpenPKG Security Advisory (dhcpd)]
[VU#149953]
[CLSA-2003:616]
[DSA-245]
[RHSA-2003:034]
[TLSA-2003-26]
[dhcp-dhcrelay-dos(11187)]
-
Entry
SQL injection vulnerability in the PostgreSQL auth module for courier 0.40 and earlier allows remote attackers to execute SQL code via the user name.
[6738]
[DSA-247]
[courierimap-authmysqllib-sql-injection(11213)]
-
Entry
Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file.
[6722]
[N-060]
[http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/]
[http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt]
[DSA-246]
[HPSBUX0303-249]
[tomcat-webxml-read-files(11195)]
-
Entry
Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remote attackers to cause a denial of service (thread hang and resource consumption) via a request for a JSP page containing an MS-DOS device name, such as aux.jsp.
[http://jakarta.apache.org/builds/jakarta-tomcat/release/v3.3.1a/RELEASE-NOTES-3.3.1a.txt]
[jakarta-tomcat-msdos-dos(12102)]
-
Entry
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via shell metacharacters.
[A032403-1]
[6954]
[20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities]
[http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt]
[quicktime-darwin-command-execution(11401)]
-
Entry
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to obtain the physical path of the server's installation path via a NULL file parameter.
[A032403-1]
[6956]
[20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities]
[http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt]
[quicktime-darwin-path-disclosure(11402)]
-
Entry
parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to list arbitrary directories.
[A032403-1]
[6955]
[20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities]
[http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt]
[quicktime-darwin-directory-disclosure(11403)]
-
Entry
Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to insert arbitrary script via the filename parameter, which is inserted into an error message.
[A032403-1]
[6958]
[20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities]
[http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt]
[quicktime-darwin-parsexml-xss(11404)]
-
Entry
Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute certain code via a request to port 7070 with the script in an argument to the rtsp DESCRIBE method, which is inserted into a log file and executed when the log is viewed using a browser.
[A032403-1]
[6960]
[20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities]
[http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt]
[quicktime-darwin-describe-xss(11405)]
-
Entry
Buffer overflow in the MP3 broadcasting module of Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Streaming Server 4.1.1 allows remote attackers to execute arbitrary code via a long filename.
[A032403-1]
[6957]
[20030224 QuickTime/Darwin Streaming Administration Server Multiple vulnerabilities]
[http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt]
[quicktime-darwin-mp3-bo(11406)]
-
Entry
MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remote authenticated attackers to cause a denial of service (crash) on KDCs within the same realm via a certain protocol request that causes a null dereference.
[6683]
[VU#661243]
[CLSA-2003:639]
[http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt]
[MDKSA-2003:043]
[oval:org.mitre.oval:def:1110]
[RHSA-2003:051]
[RHSA-2003:052]
[RHSA-2003:168]
[50142]
[kerberos-kdc-null-pointer-dos(10099)]
-
Entry
Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys.
[6714]
[VU#684563]
[CLSA-2003:639]
[http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-001-multiple.txt]
[MDKSA-2003:043]
[RHSA-2003:051]
[RHSA-2003:052]
[RHSA-2003:168]
[kerberos-kdc-user-spoofing(11188)]
-
Entry
Buffer overflow in Eset Software NOD32 for UNIX before 1.013 allows local users to execute arbitrary code via a long path name.
[6803]
[20030210 iDEFENSE Security Advisory 02.10.03: Buffer Overflow In NOD32 Antivirus Software for Unix]
[http://www.idefense.com/advisory/02.10.03.txt]
[nod32-pathname-bo(11282)]
-
Entry
The xterm terminal emulator in XFree86 4.2.0 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
[6940]
[20030224 Terminal Emulator Security Issues]
[DSA-380]
[RHSA-2003:064]
[RHSA-2003:065]
[RHSA-2003:066]
[RHSA-2003:067]
[20030224 Terminal Emulator Security Issues]
[terminal-emulator-window-title(11414)]
-
Entry
The dtterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
[6942]
[20030224 Terminal Emulator Security Issues]
[HPSBUX0401-309]
[20030224 Terminal Emulator Security Issues]
[terminal-emulator-window-title(11414)]
-
Entry
The uxterm terminal emulator allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
[6945]
[20030224 Terminal Emulator Security Issues]
[20030224 Terminal Emulator Security Issues]
[terminal-emulator-window-title(11414)]
-
Entry
The rxvt terminal emulator 2.7.8 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
[6953]
[20030224 Terminal Emulator Security Issues]
[200303-16]
[MDKSA-2003:003]
[RHSA-2003:054]
[RHSA-2003:055]
[20030224 Terminal Emulator Security Issues]
[terminal-emulator-window-title(11414)]
-
Entry
The aterm terminal emulator 0.42 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
[20030224 Terminal Emulator Security Issues]
[20030224 Terminal Emulator Security Issues]
[terminal-emulator-window-title(11414)]
-
Entry
The Eterm terminal emulator 0.9.1 and earlier allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
[10237]
[20030224 Terminal Emulator Security Issues]
[DSA-496]
[GLSA-200303-1]
[MDKSA-2003:040]
[20030224 Terminal Emulator Security Issues]
[terminal-emulator-window-title(11414)]
-
Entry
The PuTTY terminal emulator 0.53 allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
[20030224 Terminal Emulator Security Issues]
[8347]
[20030224 Terminal Emulator Security Issues]
[terminal-emulator-window-title(11414)]
-
Entry
VTE, as used by default in gnome-terminal terminal emulator 2.2 and as an option in gnome-terminal 2.0, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
[20030224 Terminal Emulator Security Issues]
[GLSA-200303-2]
[RHSA-2003:053]
[20030224 Terminal Emulator Security Issues]
[terminal-emulator-window-title(11414)]
-
Entry
The DEC UDK processing feature in the xterm terminal emulator in XFree86 4.2.99.4 and earlier allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.
[6950]
[20030224 Terminal Emulator Security Issues]
[DSA-380]
[RHSA-2003:064]
[RHSA-2003:065]
[RHSA-2003:066]
[RHSA-2003:067]
[20030224 Terminal Emulator Security Issues]
[terminal-emulator-dec-udk(11415)]
-
Entry
Double-free vulnerability in mysqld for MySQL before 3.23.55 allows attackers with MySQL access to cause a denial of service (crash) via mysql_change_user.
[6718]
[20030129 [OpenPKG-SA-2003.008] OpenPKG Security Advisory (mysql)]
[CLA-2003:743]
[http://www.mysql.com/doc/en/News-3.23.55.html]
[DSA-303]
[ESA-20030220-004]
[MDKSA-2003:013]
[oval:org.mitre.oval:def:436]
[RHSA-2003:093]
[RHSA-2003:094]
[RHSA-2003:166]
[mysql-mysqlchangeuser-doublefree-dos(11199)]
-
Entry
Integer signedness error in the myFseek function of samplein.c for Blade encoder (BladeEnc) 0.94.2 and earlier allows remote attackers to execute arbitrary code via a negative offset value following a "fmt" wave chunk.
[6745]
[20030202 Bladeenc 0.94.2 code execution]
[GLSA-200302-04]
[http://www.pivx.com/luigi/adv/blade942-adv.txt]
[bladeenc-myfseek-code-execution(11227)]
-
Entry
The hanterm (hanterm-xf) terminal emulator 2.0.5 and earlier, and possibly later versions, allows attackers to modify the window title via a certain character escape sequence and then insert it back to the command line in the user's terminal, e.g. when the user views a file containing the malicious sequence, which could allow the attacker to execute arbitrary commands.
[20030224 Terminal Emulator Security Issues]
[4917]
[RHSA-2003:070]
[RHSA-2003:071]
[20030224 Terminal Emulator Security Issues]
[terminal-emulator-window-title(11414)]
-
Entry
ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack."
[6884]
[20030219 OpenSSL 0.9.7a and 0.9.6i released]
[20030219 [OpenPKG-SA-2003.013] OpenPKG Security Advisory (openssl)]
[N-051]
[CLSA-2003:570]
[http://www.openssl.org/news/secadv_20030219.txt]
[DSA-253]
[ESA-20030220-005]
[FreeBSD-SA-03:02]
[GLSA-200302-10]
[MDKSA-2003:020]
[NetBSD-SA2003-001]
[3945]
[RHSA-2003:062]
[RHSA-2003:063]
[RHSA-2003:082]
[RHSA-2003:104]
[RHSA-2003:205]
[20030501-01-I]
[SuSE-SA:2003:011]
[2003-0005]
[ssl-cbc-information-leak(11369)]
-
Entry
The DEC UDK processing feature in the hanterm (hanterm-xf) terminal emulator before 2.0.5 allows attackers to cause a denial of service via a certain character escape sequence that causes the terminal to enter a tight loop.
[6944]
[20030224 Terminal Emulator Security Issues]
[4918]
[RHSA-2003:070]
[RHSA-2003:071]
[20030224 Terminal Emulator Security Issues]
[terminal-emulator-dec-udk(11415)]
-
Entry
Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers.
[7049]
[CLSA-2003:627]
[http://www.ethereal.com/appnotes/enpa-sa-00008.html]
[DSA-258]
[20030308 Ethereal format string bug, yet still ethereal much better than windows]
[GLSA-200303-10]
[MDKSA-2003:051]
[http://www.guninski.com/etherre.html]
[oval:org.mitre.oval:def:54]
[RHSA-2003:076]
[RHSA-2003:077]
[SuSE-SA:2003:019]
[ethereal-socks-format-string(11497)]
-
Entry
Buffer overflow in libIM library (libIM.a) for National Language Support (NLS) on AIX 4.3 through 5.2 allows local users to gain privileges via several possible attack vectors, including a long -im argument to aixterm.
[IY40307]
[IY40317]
[IY40320]
[6840]
[20030212 iDEFENSE Security Advisory 02.12.03: Buffer Overflow in AIX libIM.a]
[20030212 libIM.a buffer overflow vulnerability]
[http://www.idefense.com/advisory/02.12.03.txt]
[7996]
[20030212 iDEFENSE Security Advisory 02.12.03: Buffer Overflow in AIX libIM.a]
[aix-aixterm-libim-bo(11309)]
-
Entry
TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to overwrite or create arbitrary files and gain root privileges by setting a certain environment variable that is used to write debugging information.
[A021403-1]
[6859]
[http://docs.info.apple.com/article.html?artnum=61798]
[http://lists.apple.com/archives/security-announce/2003/Feb/25/applesa20030225macosx102.txt]
[macos-trublueenvironment-gain-privileges(11332)]
-
Entry
The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service (crash) via an invalid RADIUS packet with a header length field of 0, which causes tcpdump to generate data within an infinite loop.
[DSA-261]
[MDKSA-2003:027]
[https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=81585]
[RHSA-2003:032]
[RHSA-2003:033]
[RHSA-2003:214]
[tcpdump-radius-decoder-dos(11324)]
-
Entry
A patch for mcookie in the util-linux package for Mandrake Linux 8.2 and 9.0 uses /dev/urandom instead of /dev/random, which causes mcookie to use an entropy source that is more predictable than expected, which may make it easier for certain types of attacks to succeed.
[6855]
[MDKSA-2003:016]
[utillinux-mcookie-cookie-predictable(11318)]
-
Entry
Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7, and 8.0.6 allows remote attackers to execute arbitrary code via a long username that is provided during login, as exploitable through client applications that perform their own authentication, as demonstrated using LOADPSP.
[6849]
[20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)]
[CA-2003-05]
[VU#953746]
[N-046]
[http://otn.oracle.com/deploy/security/pdf/2003alert51.pdf]
[6319]
[20030217 Oracle unauthenticated remote system compromise (#NISR16022003a)]
[oracle-username-bo(11328)]
-
Entry
Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to access arbitrary files as the PHP user, and possibly execute PHP code, by bypassing the CGI force redirect settings (cgi.force_redirect or --enable-force-cgi-redirect).
[6875]
[20030217 PHP Security Advisory: CGI vulnerability in PHP version 4.3.0]
[http://www.slackware.com/changelog/current.php?cpu=i386]
[GLSA-200302-09]
[GLSA-200302-09.1]
[20030217 PHP Security Advisory: CGI vulnerability in PHP version 4.3.0]
[php-cgi-sapi-access(11343)]
-
Entry
Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers to cause a denial of service and possibly execute commands via a large number of OSPF neighbor announcements.
[6895]
[20030220 Cisco IOS OSPF exploit]
[20030221 Re: Cisco IOS OSPF exploit]
[cisco-ios-ospf-bo(11373)]
-
Entry
Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).
[7008]
[20030304 [OpenPKG-SA-2003.017] OpenPKG Security Advisory (file)]
[20030304 iDEFENSE Security Advisory 03.04.03: Locally Exploitable Buffer Overflow in file(1)]
[VU#611865]
[DSA-260]
[IMNX-2003-7+-012-01]
[MDKSA-2003:030]
[http://www.idefense.com/advisory/03.04.03.txt]
[NetBSD-SA2003-003]
[RHSA-2003:086]
[RHSA-2003:087]
[SuSE-SA:2003:017]
[file-afctr-read-bo(11469)]
-
Entry
Format string vulnerability in Nokia 6210 handset allows remote attackers to cause a denial of service (crash, lockup, or restart) via a Multi-Part vCard with fields containing a large number of format string specifiers.
[A022503-1]
[6952]
[nokia-6210-vcard-dos(11421)]
-
Entry
Directory traversal vulnerability in PeopleTools 8.10 through 8.18, 8.40, and 8.41 allows remote attackers to overwrite arbitrary files via the SchedulerTransfer servlet.
[7053]
[20030310 PeopleSoft PeopleTools Remote Command Execution Vulnerability]
[peoplesoft-schedulertransfer-create-files(10962)]
-
Entry
Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is compiled without vsnprintf or when long inputs are truncated using vsnprintf, allows attackers to cause a denial of service or possibly execute arbitrary code.
[6913]
[20030222 buffer overrun in zlib 1.1.4]
[20030223 poc zlib sploit just for fun :)]
[20030224 Re: buffer overrun in zlib 1.1.4]
[20030225 [sorcerer-spells] ZLIB-SORCERER2003-02-25]
[CSSA-2003-011.0]
[VU#142121]
[CLSA-2003:619]
[http://lists.apple.com/mhonarc/security-announce/msg00038.html]
[GLSA-200303-25]
[JVN#78689801]
[JVNDB-2015-000066]
[MDKSA-2003:033]
[NetBSD-SA2003-004]
[6599]
[RHSA-2003:079]
[RHSA-2003:081]
[57405]
[zlib-gzprintf-bo(11381)]
-
Entry
isakmp_sub_print in tcpdump 3.6 through 3.7.1 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed ISAKMP packet to UDP port 500, which causes tcpdump to enter an infinite loop.
[6974]
[20030227 iDEFENSE Security Advisory 02.27.03: TCPDUMP Denial of Service Vulnerability in ISAKMP Packet Parsin]
[20030304 [OpenPKG-SA-2003.014] OpenPKG Security Advisory (tcpdump)]
[CLA-2003:629]
[DSA-255]
[MDKSA-2003:027]
[http://www.idefense.com/advisory/02.27.03.txt]
[RHSA-2003:032]
[RHSA-2003:085]
[RHSA-2003:214]
[SuSE-SA:2003:0015]
[tcpdump-isakmp-dos(11434)]
-
Entry
adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local users to overwrite arbitrary files via a symlink attack on a default temporary directory with a predictable name.
[6978]
[DSA-256]
[mhc-adb2mhc-insecure-tmp(11439)]
-
Entry
Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.11, and early R6 allows remote attackers to execute arbitrary code via a long distinguished name (DN) during NotesRPC authentication and an outer field length that is less than that of the DN field.
[7037]
[20030313 R7-0010: Buffer Overflow in Lotus Notes Protocol Authentication]
[CA-2003-11]
[VU#433489]
[N-065]
[http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105101]
[http://www.rapid7.com/advisories/R7-0010.html]
[20030313 R7-0010: Buffer Overflow in Lotus Notes Protocol Authentication]
[lotus-nrpc-bo(11526)]
-
Entry
Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 through R6 allows remote malicious web servers to cause a denial of service (crash) via a long HTTP status line.
[7038]
[20030313 R7-0011: Lotus Notes/Domino Web Retriever HTTP Status Buffer Overflow]
[CA-2003-11]
[VU#411489]
[N-065]
[http://www-1.ibm.com/support/docview.wss?rs=482&q=Domino&uid=swg21105060]
[http://www.rapid7.com/advisories/R7-0011.html]
[lotus-web-retriever-bo(11525)]
-
Entry
man before 1.5l allows attackers to execute arbitrary code via a malformed man file with improper quotes, which causes the my_xsprintf function to return a string with the value "unsafe," which is then executed as a program via a system call if it is in the search path of the user who runs man.
[7066]
[20030311 Vulnerability in man < 1.5l]
[CLSA-2003:620]
[GLSA-200303-13]
[RHSA-2003:133]
[RHSA-2003:134]
[man-myxsprintf-code-execution(11512)]
-
Entry
Buffer overflow in the web interface for SOHO Routefinder 550 before firmware 4.63 allows remote attackers to cause a denial of service (reboot) and execute arbitrary code via a long GET /OPTIONS value.
[7067]
[ftp://ftp.multitech.com/Routers/RF550VPN.TXT]
[http://www.krusesecurity.dk/advisories/routefind550bof.txt]
[20030311 SOHO Routefinder 550 VPN, DoS and Buffer Overflow]
[routefinder-vpn-options-bo(11514)]
-
Entry
The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null terminate a message buffer after a call to Qvsnprintf, which could allow authenticated users to execute arbitrary code via a buffer overflow in a mdef command with a long macro name.
[7058]
[20030310 QPopper 4.0.x buffer overflow vulnerability]
[20030312 Re: QPopper 4.0.x buffer overflow vulnerability]
[20030314 [OpenPKG-SA-2003.018] OpenPKG Security Advisory (qpopper)]
[DSA-259]
[GLSA-200303-12]
[SuSE-SA:2003:018]
[qpopper-popmsg-macroname-bo(11516)]
-
Entry
Unknown vulnerability in tcpdump before 3.7.2 related to an inability to "Handle unknown RADIUS attributes properly," allows remote attackers to cause a denial of service (infinite loop), a different vulnerability than CAN-2003-0093.
[http://www.tcpdump.org/tcpdump-changes.txt]
[DSA-261]
[MDKSA-2003:027]
[RHSA-2003:032]
[RHSA-2003:151]
[RHSA-2003:214]
[tcpdump-radius-attribute-dos(11857)]
-
Entry
The Windows Internet Naming Service (WINS) for Microsoft Windows Server 2003, and possibly Windows NT and Server 2000, does not properly validate the length of certain packets, which allows attackers to cause a denial of service and possibly execute arbitrary code.
[9624]
[VU#445214]
[O-077]
[MS04-006]
[3903]
[oval:org.mitre.oval:def:704]
[oval:org.mitre.oval:def:800]
[oval:org.mitre.oval:def:801]
[oval:org.mitre.oval:def:802]
[win-wins-gsflag-dos(15037)]
-
Entry
Buffer overflow in a component of Microsoft Data Access Components (MDAC) 2.5 through 2.8 allows remote attackers to execute arbitrary code via a malformed UDP response to a broadcast request.
[9407]
[VU#139150]
[MS04-003]
[3457]
[oval:org.mitre.oval:def:525]
[oval:org.mitre.oval:def:553]
[oval:org.mitre.oval:def:751]
[oval:org.mitre.oval:def:775]
[mdac-broadcastrequest-bo(14187)]
-
Entry
Unknown vulnerability in Windows Media Station Service and Windows Media Monitor Service components of Windows Media Services 4.1 allows remote attackers to cause a denial of service (disallowing new connections) via a certain sequence of TCP/IP packets.
[9825]
[VU#982630]
[MS04-008]
[oval:org.mitre.oval:def:842]
[win-media-services-dos(15038)]
-
Entry
netpbm 9.25 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.
[9442]
[VU#487102]
[DSA-426]
[GLSA-200410-02]
[MDKSA-2004:011]
[oval:org.mitre.oval:def:804]
[oval:org.mitre.oval:def:810]
[RHSA-2004:030]
[RHSA-2004:031]
[20040201-01-U]
[netpbm-temp-insecure-file(14874)]
-
Entry
Buffer overflow in the frm command in elm 2.5.6 and earlier, and possibly later versions, allows remote attackers to execute arbitrary code via a long Subject line.
[9430]
[http://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=112078]
[RHSA-2004:009]
[20040103-01-U]
[elm-frm-subject-bo(14840)]
-
Entry
mpg321 0.2.10 allows remote attackers to overwrite memory and possibly execute arbitrary code via an mp3 file that passes certain strings to the printf function, possibly triggering a format string vulnerability.
[9364]
[DSA-411]
[3331]
[SuSE-SA:2004:002]
[mpg321-mp3-format-string(14148)]
-
Entry
The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21, and possibly other versions before 2.4.24, does not properly perform bounds checks, which allows local users to cause a denial of service and possibly gain privileges by causing a remapping of a virtual memory area (VMA) to create a zero length VMA, a different vulnerability than CAN-2004-0077.
[9356]
[20040105 Linux kernel do_mremap() proof-of-concept exploit code]
[20040105 Linux kernel mremap vulnerability]
[20040106 Linux mremap bug correction]
[20040107 [slackware-security] Kernel security update (SSA:2004-006-01)]
[20040108 [slackware-security] Slackware 8.1 kernel security update (SSA:2004-008-01)]
[20040112 SmoothWall Project Security Advisory SWP-2004:001]
[VU#490620]
[O-045]
[CLA-2004:799]
[http://klecker.debian.org/~joey/security/kernel/patches/patch.CAN-2005-0528.mremap]
[http://svn.debian.org/wsvn/kernel/patch-tracking/CVE-2005-0528?op=file&rev=0&sc=0]
[http://www.kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.24]
[DSA-1067]
[DSA-1069]
[DSA-1070]
[DSA-1082]
[DSA-413]
[DSA-417]
[DSA-423]
[DSA-427]
[DSA-439]
[DSA-440]
[DSA-442]
[DSA-450]
[DSA-470]
[DSA-475]
[ESA-20040105-001]
[IMNX-2004-73-001-01]
[MDKSA-2004:001]
[http://isec.pl/vulnerabilities/isec-0013-mremap.txt]
[[linux-kernel] 20040105 linux-2.4.24 released]
[3315]
[oval:org.mitre.oval:def:860]
[oval:org.mitre.oval:def:867]
[RHSA-2003:416]
[RHSA-2003:417]
[RHSA-2003:418]
[RHSA-2003:419]
[10532]
[20163]
[20202]
[20338]
[20040102-01-U]
[SuSE-SA:2004:001]
[SuSE-SA:2004:003]
[2004-0001]
[linux-domremap-gain-privileges(14135)]
-
Entry
Buffer overflow in the VCF file information reader for KDE Personal Information Management (kdepim) suite in KDE 3.1.0 through 3.1.4 allows attackers to execute arbitrary code via a VCF file.
[9419]
[20040114 KDE Security Advisory: VCF file information reader vulnerability]
[VU#820798]
[CLA-2004:810]
[http://www.kde.org/info/security/advisory-20040114-1.txt]
[GLSA-200404-02]
[MDKSA-2004:003]
[oval:org.mitre.oval:def:858]
[oval:org.mitre.oval:def:865]
[RHSA-2004:005]
[RHSA-2004:006]
[kde-kdepim-bo(14833)]
-
Entry
Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands.
[9620]
[CLA-2004:842]
[DSA-436]
[MDKSA-2004:013]
[[Mailman-Announce] 20040208 RELEASED: Mailman 2.0.14 patch-only release]
[RHSA-2004:019]
[20040201-01-U]
[mailman-command-handler-dos(15106)]
-
Entry
mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit platforms, does not properly parse Allow/Deny rules using IP addresses without a netmask, which could allow remote attackers to bypass intended access restrictions.
[9829]
[20040512 [OpenPKG-SA-2004.021] OpenPKG Security Advisory (apache)]
[http://issues.apache.org/bugzilla/show_bug.cgi?id=23850]
[http://www.apacheweek.com/features/security-13]
[GLSA-200405-22]
[MDKSA-2004:046]
[[apache-cvs] 20040307 cvs commit: apache-1.3/src/modules/standard mod_access.c]
[[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/]
[[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/]
[[httpd-cvs] 20210330 svn commit: r1073140 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/]
[[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/]
[[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/]
[[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210606 svn commit: r1075470 [1/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[oval:org.mitre.oval:def:100111]
[oval:org.mitre.oval:def:4670]
[SSA:2004-133]
[101555]
[101841]
[57628]
[2004-0027]
[apache-modaccess-obtain-information(15422)]
-
Entry
The GUI functionality for an interactive session in Symantec LiveUpdate 1.70.x through 1.90.x, as used in Norton Internet Security 2001 through 2004, SystemWorks 2001 through 2004, and AntiVirus and Norton AntiVirus Pro 2001 through 2004, AntiVirus for Handhelds v3.0, allows local users to gain SYSTEM privileges.
[20040112 Re: SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM]
[20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM]
[20040112 SRT2004-01-9-1022 - Symantec LiveUpdate allows local users to become SYSTEM]
[http://www.secnetops.biz/research/SRT2004-01-09-1022.txt]
[3428]
-
Entry
Directory traversal vulnerability in fsp before 2.81.b18 allows remote users to access files outside the FSP root directory.
[9377]
[O-048]
[DSA-416]
[3346]
[fspsuite-dot-directory-traversal(14154)]
-
Entry
Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cross-domain security model to run malicious script or arbitrary programs via dialog boxes, aka "Improper Cross Domain Security Validation with dialog box."
[6779]
[N-038]
[MS03-004]
[oval:org.mitre.oval:def:126]
[oval:org.mitre.oval:def:178]
[oval:org.mitre.oval:def:49]
[ie-dialog-zone-bypass(11258)]
-
Entry
The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and 6.0 supports certain types of pluggable protocols that allow remote attackers to bypass the cross-domain security model and execute arbitrary code, aka "Improper Cross Domain Security Validation with ShowHelp functionality."
[6780]
[20030206 showHelp("file:") disables security in IE - Sandblad advisory #11]
[VU#400577]
[N-038]
[MS03-004]
[oval:org.mitre.oval:def:57]
[ie-showhelp-zone-bypass(11259)]
-
Entry
Unknown vulnerability in the eflags checking in the 32-bit ptrace emulation for the Linux kernel on AMD64 systems allows local users to gain privileges.
[9429]
[VU#337238]
[GLSA-200402-06]
[oval:org.mitre.oval:def:868]
[RHSA-2004:017]
[linux-ptrace-gain-privilege(14888)]
-
Entry
The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6 and earlier only compares the serial of the signer's certificate and the one in the database, which can cause OpenCA to incorrectly accept a signature if the certificate's chain is trusted by OpenCA's chain directory, allowing remote attackers to spoof requests from other users.
[9435]
[20040116 [OpenCA Advisory] Vulnerability in signature verification]
[VU#336446]
[http://www.openca.org/news/CAN-2004-0004.txt]
[3615]
[openca-improper-signature-verification(14847)]
-
Entry
Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 and SSLFakeBasicAuth enabled, allows remote attackers to forge a client certificate by using basic authentication with the "one-line DN" of the target user.
[9590]
[20040206 Apache-SSL security advisory - apache_1.3.28+ssl_1.52 and prior]
[http://www.apache-ssl.org/advisory-20040206.txt]
[20040206 [apache-ssl] Apache-SSL security advisory - apache_1.3.28+ssl_1.52 and prior]
[3877]
[apachessl-default-password(15065)]
-
Entry
Buffer overflow in fsp before 2.81.b18 allows remote users to execute arbitrary code.
[9377]
[O-048]
[DSA-416]
[fsp-boundry-error-bo(14155)]
-
Entry
jabber 1.4.2, 1.4.2a, and possibly earlier versions, does not properly handle SSL connections, which allows remote attackers to cause a denial of service (crash).
[9376]
[DSA-414]
[MDKSA-2004:005]
[3345]
[10559]
[jabber-ssl-connections-dos(14158)]
-
Entry
vbox3 0.1.8 and earlier does not properly drop privileges before executing a user-provided TCL script, which allows local users to gain privileges.
[9381]
[DSA-418]
[vbox3-gain-privileges(14170)]
-
Entry
The calendar module for phpgroupware 0.9.14 does not enforce the "save extension" feature for holiday files, which allows remote attackers to create and execute PHP files.
[9387]
[DSA-419]
[6860]
[phpgroupware-calendar-file-include(13489)]
-
Entry
jitterbug 1.6.2 does not properly sanitize inputs, which allows remote authenticated users to execute arbitrary commands.
[9397]
[DSA-420]
[jitterbug-execute-code(14207)]
-
Entry
PHPGEDVIEW 2.61 allows remote attackers to reinstall the software and change the administrator password via a direct HTTP request to editconfig.php.
[20040106 Vuln in PHPGEDVIEW 2.61 Multi-Problem]
[3403]
[10565]
[phpgedview-modify-admin-password(14161)]
-
Entry
Cross-site scripting (XSS) vulnerability in search.php in PHPGEDVIEW 2.61 allows remote attackers to inject arbitrary HTML and web script via the firstname parameter.
[9369]
[20040106 Vuln in PHPGEDVIEW 2.61 Multi-Problem]
[3402]
[10565]
[phpgedview-search-xss(14160)]
-
Entry
admin.php in PHPGEDVIEW 2.61 allows remote attackers to obtain sensitive information via an action parameter with a phpinfo command.
[9371]
[20040106 Vuln in PHPGEDVIEW 2.61 Multi-Problem]
[3404]
[10565]
[phpgedview-admin-info-disclosure(14162)]
-
Entry
SQL injection vulnerability in register.php for Phorum 3.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the hide_email parameter.
[9363]
[20040105 Multiple Vulnerabilities in Phorum 3.4.5]
[3508]
[10567]
[phorum-register-sql-injection(14146)]
-
Entry
SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x before 2.3.4 allows remote attackers to steal sensitive information via the eventid parameter.
[9360]
[20040105 vBulletin Forum 2.3.xx calendar.php SQL Injection]
[http://www.vbulletin.com/forum/showthread.php?postid=588825]
[3344]
[vbulletin-calendar-sql-injection(14144)]
-
Entry
Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4.1 SP6 and Check Point SecuRemote/SecureClient 4.1 through 4.1 build 4200 allows remote attackers to execute arbitrary code via an ISAKMP packet with a large Certificate Request packet.
[9582]
[20040205 Two checkpoint fw-1/vpn-1 vulns]
[VU#873334]
[O-073]
[20040204 Checkpoint VPN-1/SecureClient ISAKMP Buffer Overflow]
[3821]
[4432]
[vpn1-ike-bo(14150)]
-
Entry
Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentication when "Allow Only Cisco CallManager Users" is enabled and the Corporate Directory settings refer to the directory service being used by Cisco CallManager, which allows remote attackers to gain access with a valid username.
[9384]
[20040108 Cisco Personal Assistant User Password Bypass Vulnerability]
[3430]
[ciscopersonalassistant-config-file-access(14172)]
-
Entry
Buffer overflow in the ARTpost function in art.c in the control message handling code for INN 2.4.0 may allow remote attackers to execute arbitrary code.
[9382]
[20040107 [SECURITY] INN: Buffer overflow in control message handling]
[20040108 [OpenPKG-SA-2004.001] OpenPKG Security Advisory (inn)]
[VU#759020]
[10578]
[SSA:2004-014-02]
[inn-artpost-control-message-bo(14190)]
-
Entry
Helix Universal Server/Proxy 9 and Mobile Server 10 allow remote attackers to cause a denial of service via certain HTTP POST messages to the Administration System port.
[9421]
[20040318 ptl-2004-02: RealNetworks Helix Server 9 Administration Server Buffer Overflow]
[http://service.real.com/help/faq/security/040112_dos/]
[http://service.real.com/help/faq/security/security022604.html]
[20040318 ptl-2004-02: RealNetworks Helix Server 9 Administration Server Buffer Overflow]
-
Entry
The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a Status_OK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. by accepting an invalid PIN number.
[9422]
[20040114 nCipher Advisory #8: payShield library may verify bad requests]
[http://www.ncipher.com/support/advisories/advisory8_payshield.html]
[3537]
[payshield-incorrect-request-verification(14832)]
-
Entry
PHP remote file inclusion vulnerability in config.php for PhpDig 1.6.5 and earlier allows remote attackers to execute arbitrary PHP code by modifying the $relative_script_path parameter to reference a URL on a remote web server that contains the code.
[9424]
[20040114 PhpDig 1.6.x: remote command execution]
[http://www.phpdig.net/showthread.php?s=58bcc71c822830ec3bbdaae6d56846e0&threadid=393]
[phpdig-config-file-include(14826)]
-
Entry
PHP remote file inclusion vulnerability in module.php for ezContents allows remote attackers to execute arbitrary PHP code by modifying the link parameter to reference a URL on a remote web server that contains the code.
[9396]
[20040110 Remote Code Execution in ezContents]
[http://www.ezcontents.org/forum/viewtopic.php?t=361]
[6878]
[ezcontents-php-file-include(14199)]
-
Entry
The Vicam USB driver in Linux before 2.4.25 does not use the copy_from_user function when copying data from userspace to kernel space, which crosses security boundaries and allows local users to cause a denial of service.
[9690]
[O-082]
[CLA-2004:846]
[MDKSA-2004:015]
[oval:org.mitre.oval:def:836]
[RHSA-2004:065]
[RHSA-2005:293]
[SuSE-SA:2004:005]
[linux-vicam-dos(15246)]
-
Entry
The do_mremap function for the mremap system call in Linux 2.2 to 2.2.25, 2.4 to 2.4.24, and 2.6 to 2.6.2, does not properly check the return value from the do_munmap function when the maximum number of VMA descriptors is exceeded, which allows local users to gain root privileges, a different vulnerability than CAN-2003-0985.
[9686]
[20040218 Second critical mremap() bug found in all Linux kernels]
[VU#981222]
[O-082]
[CLA-2004:820]
[DSA-438]
[DSA-439]
[DSA-440]
[DSA-441]
[DSA-442]
[DSA-444]
[DSA-450]
[DSA-453]
[DSA-454]
[DSA-456]
[DSA-466]
[DSA-470]
[DSA-475]
[DSA-514]
[FEDORA-2004-079]
[20040218 Second critical mremap() bug found in all Linux kernels]
[GLSA-200403-02]
[MDKSA-2004:015]
[http://isec.pl/vulnerabilities/isec-0014-mremap-unmap.txt]
[3986]
[oval:org.mitre.oval:def:825]
[oval:org.mitre.oval:def:837]
[RHSA-2004:065]
[RHSA-2004:066]
[RHSA-2004:069]
[RHSA-2004:106]
[SSA:2004-049]
[SuSE-SA:2004:005]
[2004-0007]
[2004-0008]
[TLSA-2004-7]
[20040218 Second critical mremap() bug found in all Linux kernels]
[linux-mremap-gain-privileges(15244)]
-
Entry
Buffer overflow in the index menu code (menu_pad_string of menu.c) for Mutt 1.4.1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via certain mail messages.
[9641]
[20040211 Mutt-1.4.2 fixes buffer overflow.]
[20040215 LNSA-#2004-0001: mutt remote crash]
[20040309 [OpenPKG-SA-2004.005] OpenPKG Security Advisory (mutt)]
[CSSA-2004-013.0]
[http://bugs.debian.org/126336]
[MDKSA-2004:010]
[3918]
[oval:org.mitre.oval:def:811]
[oval:org.mitre.oval:def:838]
[RHSA-2004:050]
[RHSA-2004:051]
[SSA:2004-043]
[mutt-index-menu-bo(15134)]
-
Entry
The login program in util-linux 2.11 and earlier uses a pointer after it has been freed and reallocated, which could cause login to leak sensitive data.
[9558]
[20040331 OpenLinux: util-linux could leak sensitive data]
[20040408 LNSA-#2004-0010: login may leak sensitive data]
[VU#801526]
[GLSA-200404-06]
[3796]
[RHSA-2004:056]
[10773]
[20040201-01-U]
[20040406-01-U]
[utillinux-information-leak(15016)]
-
Entry
The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1, when creating an account but marking it as disabled, may overwrite the user password with an uninitialized buffer, which could enable the account with a more easily guessable password.
[9637]
[O-078]
[http://us1.samba.org/samba/ftp/WHATSNEW-3.0.2a.txt]
[http://www.vuxml.org/freebsd/3388eff9-5d6e-11d8-80e3-0020ed76ef5a.html]
[3919]
[oval:org.mitre.oval:def:827]
[RHSA-2004:064]
[samba-mksmbpasswd-gain-access(15132)]
-
Entry
Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x allows local users to gain privileges via a long environment variable.
[APPLE-SA-2004-01-26]
[A012704-1]
[9509]
[VU#902374]
[6821]
[macosx-trublue-environmentvariable-bo(14968)]
-
Entry
XFree86 4.1.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an out-of-bounds array index when using the GLX extension and Direct Rendering Infrastructure (DRI).
[9701]
[CLSA-2004:824]
[DSA-443]
[RHSA-2004:152]
[20040406-01-U]
[xfree86-glx-array-dos(15272)]
-
Entry
Integer signedness errors in XFree86 4.1.0 allow remote attackers to cause a denial of service and possibly execute arbitrary code when using the GLX extension and Direct Rendering Infrastructure (DRI).
[9701]
[CLSA-2004:824]
[DSA-443]
[RHSA-2004:152]
[20040406-01-U]
[xfree86-glx-integer-dos(15273)]
-
Entry
McAfee ePolicy Orchestrator agent allows remote attackers to cause a denial of service (memory consumption and crash) and possibly execute arbitrary code via an HTTP POST request with an invalid Content-Length value, possibly triggering a buffer overflow.
[9476]
[http://download.nai.com/products/patches/ePO/v3.1.0/EPO3013.zip]
[3744]
[epolicy-contentlength-post-dos(14989)]
-
Entry
Unknown vulnerability in mod_python 2.7.9 allows remote attackers to cause a denial of service (httpd crash) via a certain query string, a variant of CAN-2003-0973.
[GLSA-200401-03]
[[mod_python] 20040122 [ANNOUNCE] Mod_python 2.7.10]
[RHSA-2004:058]
[RHSA-2004:063]
-
Entry
mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when creating a snapshot for a file system, which causes default values for other flags to be used, possibly disabling security-critical settings and allowing a local user to bypass intended access restrictions.
[9533]
[FreeBSD-SA-04:01]
[3790]
[freebsd-mksnapffs-bypass-security(15005)]
-
Entry
The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107.
[9844]
[DSA-460]
[RHSA-2004:053]
[20040302-01-U]
[sysstat-isag-symlink(15437)]
-
Entry
gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.
[9842]
[DSA-464]
[FLSA:2005]
[MDKSA-2004:020]
[oval:org.mitre.oval:def:845]
[oval:org.mitre.oval:def:846]
[RHSA-2004:102]
[RHSA-2004:103]
[gdk-pixbuf-bitmap-dos(15426)]
-
Entry
Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 allows remote attackers to cause a denial of service (memory consumption) via plain HTTP requests to the SSL port of an SSL-enabled server.
[APPLE-SA-2004-05-03]
[9826]
[20040325 LNSA-#2004-0006: bug workaround for Apache 2.0.48]
[CLSA-2004:839]
[http://www.apacheweek.com/features/security-20]
[GLSA-200403-04]
[SSRT4717]
[MDKSA-2004:043]
[http://issues.apache.org/bugzilla/show_bug.cgi?id=27106]
[[apache-cvs] 20040307 cvs commit: httpd-2.0/modules/ssl ssl_engine_io.c]
[[httpd-cvs] 20190815 svn commit: r1048742 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20190815 svn commit: r1048743 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20200401 svn commit: r1058586 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20200401 svn commit: r1058587 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/]
[[httpd-cvs] 20210330 svn commit: r1073139 [2/13] - in /websites/staging/httpd/trunk/content: ./ security/json/]
[[httpd-cvs] 20210330 svn commit: r1073140 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210330 svn commit: r1073143 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/]
[[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/]
[[httpd-cvs] 20210330 svn commit: r1073149 [3/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/]
[[httpd-cvs] 20210330 svn commit: r1888194 [2/13] - /httpd/site/trunk/content/security/json/]
[[httpd-cvs] 20210603 svn commit: r1075360 [1/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[[httpd-cvs] 20210606 svn commit: r1075470 [2/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html]
[4182]
[oval:org.mitre.oval:def:876]
[RHSA-2004:084]
[RHSA-2004:182]
[2004-0017]
[apache-modssl-plain-dos(15419)]
-
Entry
The shmat system call in the System V Shared Memory interface for FreeBSD 5.2 and earlier, NetBSD 1.3 and earlier, and OpenBSD 2.6 and earlier, does not properly decrement a shared memory segment's reference count when the vm_map_find function fails, which could allow local users to gain read or write access to a portion of kernel memory and gain privileges.
[9586]
[20040205 [PINE-CERT-20040201] reference count overflow in shmat()]
[http://www.openbsd.org/errata33.html#sysvshm]
[FreeBSD-SA-04:02]
[http://www.pine.nl/press/pine-cert-20040201.txt]
[NetBSD-SA2004-004]
[3836]
[bsd-shmat-gain-privileges(15061)]
-
Entry
VirtualPC_Services in Microsoft Virtual PC for Mac 6.0 through 6.1 allows local attackers to truncate and overwrite arbitrary files, and execute arbitrary code, via a symlink attack on the VPCServices_Log temporary file.
[A021004-1]
[9632]
[O-076]
[MS04-005]
[3893]
[virtual-pc-gain-privileges(15113)]
-
Entry
Argument injection vulnerability in Microsoft Outlook 2002 does not sufficiently filter parameters of mailto: URLs when using them as arguments when calling OUTLOOK.EXE, which allows remote attackers to use script code in the Local Machine zone and execute arbitrary programs.
[9827]
[20040310 Outlook mailto: URL argument injection vulnerability]
[TA04-070A]
[VU#305206]
[O-096]
[20040309 Microsoft Outlook "mailto:" Parameter Passing Vulnerability]
[MS04-009]
[oval:org.mitre.oval:def:843]
[outlook-mailtourl-execute-code(15414)]
[outlook-ms04009-patch(15429)]
-
Entry
Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain requests, which allows remote attackers to read arbitrary files.
[9828]
[VU#688094]
[MS04-010]
[oval:org.mitre.oval:def:844]
[msn-ms04010-patch(15427)]
[msn-request-view-files(15415)]
-
Entry
The jail_attach system call in FreeBSD 5.1 and 5.2 changes the directory of a calling process even if the process doesn't have permission to change directory, which allows local users to gain read/write privileges to files and directories within another jail.
[9762]
[FreeBSD-SA-04:03]
[4101]
[freebsd-jailattach-gain-privileges(15344)]
-
Entry
PHP remote file inclusion vulnerability in the GEDCOM configuration script for phpGedView 2.65.1 and earlier allows remote attackers to execute arbitrary PHP code by modifying the PGV_BASE_DIRECTORY parameter to reference a URL on a remote web server that contains a malicious theme.php script.
[9531]
[20040129 PHP Code Injection Vulnerabilities in phpGedView 2.65.1 and prior]
[http://sourceforge.net/project/shownotes.php?release_id=141517]
[3769]
[10753]
[phpgedview-gedfilconf-file-include(14987)]
-
Entry
Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 and earlier allows remote attackers to read arbitrary files via .. (dot dot) sequences in the what parameter.
[9564]
[20040203 Arbitrary File Disclosure Vulnerability in phpMyAdmin 2.5.5-pl1 and prior]
[http://sourceforge.net/forum/forum.php?forum_id=350228]
[http://www.phpmyadmin.net/home_page/relnotes.php?rel=0]
[GLSA-200402-05]
[3800]
[10769]
[phpmyadmin-dotdot-directory-traversal(15021)]
-
Entry
The rad_print_request function in logger.c for GNU Radius daemon (radiusd) before 1.2 allows remote attackers to cause a denial of service (crash) via a UDP packet with an Acct-Status-Type attribute without a value and no Acct-Session-Id attribute, which causes a null dereference.
[9578]
[VU#277396]
[http://ftp.gnu.org/gnu/radius/radius-1.2.tar.gz]
[20040204 GNU Radius Remote Denial of Service Vulnerability]
[3824]
[10799]
[radius-radprintrequest-dos(15046)]
-
Entry
wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.
[9832]
[DSA-457]
[ADV-2006-1867]
[SSRT4704]
[oval:org.mitre.oval:def:1147]
[oval:org.mitre.oval:def:1636]
[oval:org.mitre.oval:def:1637]
[oval:org.mitre.oval:def:648]
[RHSA-2004:096]
[SCOSA-2005.6]
[11055]
[20168]
[102356]
[wuftpd-restrictedgid-gain-access(15423)]
-
Entry
Buffer overflow in the getaddrinfo function in Python 2.2 before 2.2.2, when IPv6 support is disabled, allows remote attackers to execute arbitrary code via an IPv6 address that is obtained using DNS.
[9836]
[DSA-458]
[GLSA-200409-03]
[MDKSA-2004:019]
[4172]
[python-getaddrinfo-bo(15409)]
-
Entry
Format string vulnerability in hsftp 1.11 allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via file names containing format string characters that are not properly handled when executing an "ls" command.
[9715]
[DSA-447]
[20040223 Re: [SECURITY] [DSA 447-1] New hsftp packages fix format string vulnerability]
[4029]
[hsftp-format-string(15276)]
-
Entry
Synaesthesia 2.2 and earlier allows local users to execute arbitrary code via a symlink attack on the configuration file.
[9713]
[DSA-446]
[synaesthesia-configuration-symlink-attack(15279)]
-
Entry
Format string vulnerability in Point-to-Point Protocol (PPP) daemon (pppd) 2.4.0 for Mac OS X 10.3.2 and earlier allows remote attackers to read arbitrary pppd process data, including PAP or CHAP authentication credentials, to gain privileges.
[APPLE-SA-2004-02-23]
[A022304-1]
[9730]
[VU#841742]
[6822]
[macos-pppd-format-string(15297)]
-
Entry
DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly initialize writeable removable media.
[APPLE-SA-2004-02-23]
[9731]
[VU#578886]
[6824]
[10959]
[macos-diskarbitration-unknown(15300)]
-
Entry
QuickTime Streaming Server in MacOS X 10.2.8 and 10.3.2 allows remote attackers to cause a denial of service (crash) via DESCRIBE requests with long User-Agent fields, which causes an Assert error to be triggered in the BufferIsFull function.
[APPLE-SA-2004-02-23]
[9735]
[VU#460350]
[20040223 Darwin Streaming Server Remote Denial of Service Vulnerability]
[6826]
[6837]
[darwin-describe-request-dos(15291)]
-
Entry
FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote attackers to cause a denial of service (resource exhaustion of memory buffers and system crash) via a large number of out-of-sequence TCP packets, which prevents the operating system from creating new connections.
[APPLE-SA-2004-05-28]
[9792]
[VU#395670]
[FreeBSD-SA-04:04]
[20040302 FreeBSD Memory Buffer Exhaustion Denial of Service Vulnerability]
[4124]
[freebsd-mbuf-dos(15369)]
-
Entry
Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.
[9733]
[20040224 STG Security Advisory: [SSA-20040217-06] Apache for cygwin]
[http://issues.apache.org/bugzilla/show_bug.cgi?id=26152]
[http://www.apacheweek.com/issues/04-03-12]
[20040224 STG Security Advisory: [SSA-20040217-06] Apache for cygwin directory traversal vulnerability]
[10962]
[apache-cygwin-directory-traversal(15293)]
-
Entry
Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp daemon (wu-ftpd) 2.6.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a s/key (SKEY) request with a long name.
[8893]
[ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_2.6.2/skeychallenge.patch]
[DSA-457]
[http://unixpunx.org/txt/exploits_archive/packetstorm/0310-advisories/wuftpd-skey.txt]
[http://www.securiteam.com/unixfocus/6X00Q1P8KC.html]
[RHSA-2004:096]
[wuftpd-skey-bo(13518)]
-
Entry
smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allows local users to gain root privileges by mounting a Samba share that contains a setuid root program, whose setuid attributes are not cleared when the share is mounted.
[9619]
[20040209 Samba 3.x + kernel 2.6.x local root vulnerability]
[20040211 Re: Samba 3.x + kernel 2.6.x local root vulnerability]
[DSA-463]
[3916]
[samba-smbmnt-gain-privileges(15131)]
-
Entry
Heap-based buffer overflow in Calife 2.8.5 and earlier may allow local users to execute arbitrary code via a long password.
[9756]
[9776]
[20040227 Calife heap corrupt / potential local root exploit]
[20040227 Re: Calife heap corrupt / potential local root exploit]
[DSA-461]
[calife-long-password-bo(15335)]
-
Entry
The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows remote attackers to bypass url_regex ACLs via a URL with a NULL ("%00") character, which causes Squid to use only a portion of the requested URL when comparing it against the access control lists.
[9778]
[20040401 [OpenPKG-SA-2004.008] OpenPKG Security Advisory (squid)]
[CLA-2004:838]
[http://www.squid-cache.org/Advisories/SQUID-2004_1.txt]
[DSA-474]
[GLSA-200403-11]
[MDKSA-2004:025]
[5916]
[oval:org.mitre.oval:def:877]
[oval:org.mitre.oval:def:941]
[RHSA-2004:133]
[RHSA-2004:134]
[SCOSA-2005.16]
[20040404-01-U]
[squid-urlregex-acl-bypass(15366)]
-
Entry
Symantec FireWall/VPN Appliance model 200 records a cleartext password for the password administration page, which may be cached on the administrator's local system or in a proxy, which allows attackers to steal the password and gain privileges.
[9784]
[20040216 Symantec FireWall/VPN Appliance model 200 leak of security]
[20040216 Symantec FireWall/VPN Appliance model 200 leak of security]
[4117]
[symantec-firewallvpn-password-plaintext(15212)]
-
Entry
Mozilla before 1.4.2 executes Javascript events in the context of a new page while it is being loaded, allowing it to interact with the previous page (zombie document) and enable cross-domain and cross-site scripting (XSS) attacks, as demonstrated using onmousemove events.
[9747]
[20040225 Sandblad #13: Cross-domain exploit on zombie document with event handlers]
[http://bugzilla.mozilla.org/show_bug.cgi?id=227417]
[SSRT4722]
[4062]
[oval:org.mitre.oval:def:874]
[oval:org.mitre.oval:def:937]
[RHSA-2004:110]
[RHSA-2004:112]
[mozilla-event-handler-xss(15322)]
-
Entry
Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), as used in certain versions of RealSecure Network 7.0 and Server Sensor 7.0, Proventia A, G, and M Series, RealSecure Desktop 7.0 and 3.6, RealSecure Guard 3.6, RealSecure Sentry 3.6, BlackICE PC Protection 3.6, and BlackICE Server Protection 3.6, allows remote attackers to execute arbitrary code via an SMB packet containing an authentication request with a long username.
[9752]
[20040227 EEYE: RealSecure/BlackICE Server Message Block (SMB) Processing Overflow]
[VU#150326]
[AD20040226]
[20040226 Vulnerability in SMB Parsing in ISS Products]
[http://www.eeye.com/html/Research/Upcoming/20040213.html]
[4072]
[10988]
[pam-smb-protocol-bo(15207)]
-
Entry
Stack-based buffer overflow in the OutputDebugString function for Adobe Acrobat Reader 5.1 allows remote attackers to execute arbitrary code via a PDF document with XML Forms Data Format (XFDF) data.
[9802]
[20040303 Abobe Reader 5.1 XFDF Buffer Overflow Vulnerability]
[20040303 Adobe Acrobat Reader XML Forms Data Format Buffer Overflow]
[http://www.nextgenss.com/advisories/adobexfdf.txt]
[4135]
[acrobatreader-xfdf-bo(15384)]
-
Entry
GNU libtool before 1.5.2, during compile time, allows local users to overwrite arbitrary files via a symlink attack on libtool directories in /tmp.
[9530]
[20040130 Symlink Vulnerability in GNU libtool <1.5.2]
[20040203 Re: Symlink Vulnerability in GNU libtool <1.5.2]
[CLA-2004:811]
[http://www.geocrawler.com/mail/msg.php3?msg_id=3438808&list=405]
[3795]
[10777]
[libtool-insecure-temp-directory(15017)]
-
Entry
OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a denial of service (crash) by sending an IPv6 packet with a small MTU to a listening port and then issuing a TCP connect to that port.
[9577]
[20040205 OpenBSD IPv6 remote kernel crash]
[http://www.openbsd.org/cgi-bin/cvsweb/src/sys/netinet6/ip6_output.c]
[20040204 Remote openbsd crash with ip6, yet still openbsd much better than windows]
[http://www.guninski.com/obsdmtu.html]
[NetBSD-SA2004-002]
[3825]
[openbsd-ipv6-dos(15044)]
-
Entry
oj.cgi in OpenJournal 2.0 through 2.0.5 allows remote attackers to bypass authentication and access the control panel via a 0 in the uid parameter.
[9598]
[20040206 Open Journal Blog Authenticaion Bypassing Vulnerability]
[http://www.grohol.com/downloads/oj/latest/changelog.txt]
[20040206 Open Journal Blog Authenticaion Bypassing Vulnerability]
[3872]
[openjournal-uid-admin-access(15069)]
-
Entry
PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.
[9599]
[GLSA-200402-01]
[3878]
[php-virtualhost-info-disclosure(15072)]
-
Entry
libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service (crash) via a uuencoded e-mail message with an invalid line length (e.g., a lowercase character), which causes an assert error in clamd that terminates the calling program.
[9610]
[20040209 clamav 0.65 remote DOS exploit]
[http://www.freebsd.org/cgi/query-pr.cgi?pr=62586]
[GLSA-200402-07]
[3894]
[clam-antivirus-uuencoded-dos(15077)]
-
Entry
Directory traversal vulnerability in RealOne Player, RealOne Player 2.0, and RealOne Enterprise Desktop allows remote attackers to upload arbitrary files via an RMP file that contains .. (dot dot) sequences in a .rjs skin file.
[9580]
[20040210 Directory traversal in RealPlayer allows code execution]
[VU#514734]
[http://service.real.com/help/faq/security/040123_player/EN/]
[realoneplayer-rmp-directory-traversal(15123)]
-
Entry
Share.mod in Eggheads Eggdrop IRC bot 1.6.10 through 1.6.15 can mistakenly assign STAT_OFFERED status to a bot that is not a sharebot, which allows remote attackers to use STAT_OFFERED to promote a bot to a sharebot and conduct unauthorized activities.
[9606]
[20040208 Eggrop bug]
[20040210 Re: Eggrop bug]
[http://www.eggheads.org/news/2004/04/10/26]
[http://mogan.nonsoloirc.com/egg_advisory.txt]
[3928]
[eggdrop-sharemod-gain-access(15084)]
-
Entry
The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an HTTP request with a sequence of "%" characters and a missing Host field.
[9642]
[20040211 Denial of Service in Monkey httpd <= 0.8.1]
[http://monkeyd.sourceforge.net/]
[http://aluigi.altervista.org/poc/monkeydos.zip]
[3921]
[monkey-getrealstring-dos(15187)]
-
Entry
Buffer overflow in the Lightweight Directory Access Protocol (LDAP) daemon (iLDAP.exe 3.9.15.10) in Ipswitch IMail Server 8.03 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via an LDAP message with a large tag length.
[9682]
[VU#972334]
[http://www.ipswitch.com/support/imail/releases/imail_professional/im805HF2.html]
[20040217 Ipswitch IMail LDAP Daemon Remote Buffer Overflow]
[3984]
[imail-ldap-tag-bo(15243)]
-
Entry
Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD before 4.1(3), and Cisco ONS 15600 before 1.3(0) enable TFTP service on UDP port 69 by default, which allows remote attackers to GET or PUT ONS system files on the current active TCC in the /flash0 or /flash1 directories.
[9699]
[20040219 Cisco ONS 15327, ONS 15454, ONS 15454 SDH, and ONS 15600 Vulnerabilities]
[cisco-ons-file-upload(15264)]
-
Entry
Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), and ONS 15454 SD before 4.1(3) allows remote attackers to cause a denial of service (reset) by not sending the ACK portion of the TCP three-way handshake and sending an invalid response instead.
[9699]
[20040219 Cisco ONS 15327, ONS 15454, ONS 15454 SDH, and ONS 15600 Vulnerabilities]
[4009]
[cisco-ons-ack-dos(15265)]
-
Entry
Stack-based buffer overflow in the SMTP service support in vsmon.exe in Zone Labs ZoneAlarm before 4.5.538.001, ZoneLabs Integrity client 4.0 before 4.0.146.046, and 4.5 before 4.5.085, allows remote attackers to execute arbitrary code via a long RCPT TO argument.
[9696]
[20040219 EEYE: ZoneLabs SMTP Processing Buffer Overflow]
[VU#619982]
[O-084]
[http://download.zonelabs.com/bin/free/securityAlert/8.html]
[3991]
[zonelabs-multiple-products-bo(14991)]
-
Entry
Unknown vulnerability in nCipher Hardware Security Modules (HSM) 1.67.x through 1.99.x allows local users to access secrets stored in the module's run-time memory via certain sequences of commands.
[9717]
[20040223 nCipher Advisory #9: Host-side attackers can access secret data]
[4055]
[ncipher-hsm-obtain-info(15281)]
-
Entry
LAN SUITE Web Mail 602Pro allows remote attackers to gain sensitive information via the mail login form, which contains the path to the mail directory.
[9781]
[20040228 LAN SUITE Web Mail 602Pro Multiple Vulnerabilities]
[20040310 Re: LAN SUITE Web Mail 602Pro Multiple Vulnerabilities]
[602pro-path-disclosure(15350)]
-
Entry
Cross-site scripting (XSS) vulnerability in delhomepage.cgi in NetScreen-SA 5000 Series running firmware 3.3 Patch 1 (build 4797) allows remote authenticated users to execute arbitrary script as other users via the row parameter.
[9791]
[20040302 03-02-04 XSS Bug in NetScreen-SA 5000 Series of SSL VPN appliance]
[20040304 NetScreen Advisory 58412: XSS Bug in NetScreen-SA SSL VPN]
[VU#114070]
[20040302 03-02-04 XSS Bug in NetScreen-SA 5000 Series of SSL VPN appliance]
[netscreen-delhomepagecgi-xss(15368)]
-
Entry
Stack-based buffer overflow in Supervisor Report Center in SL Mail Pro 2.0.9 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a long HTTP sub-version.
[9809]
[20040305 SLMail Pro Supervisor Report Center Buffer Overflow (#NISR05022004a)]
[http://216.26.170.92/Download/webfiles/Patches/SLMPPatch-2.0.14.pdf]
[http://www.nextgenss.com/advisories/slmailsrc.txt]
[slmail-src-stack-bo(15398)]