[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[PROPOSAL] Cluster MISC-2002a - 39 candidates

I am proposing cluster MISC-2002a for review and voting by the
Editorial Board.

Name: MISC-2002a
Description: Misc CANs from Jun 2002 to Aug 2002
Size: 39

You may vote on candidates by modifying this email ballot and sending
it back to me, or by using the CVE voting web site.

The candidates are listed in order of priority.  Priority 1 and
Priority 2 candidates both deal with varying levels of vendor
confirmation, so they should be easy to review and it can be trusted
that the problems are real.


Summary of votes to use (in ascending order of "severity")
----------------------------------------------------------

ACCEPT - voter accepts the candidate as proposed
NOOP - voter has no opinion on the candidate
MODIFY - voter wants to change some MINOR detail (e.g. reference/description)
REVIEWING - voter is reviewing/researching the candidate, or needs more info
RECAST - candidate must be significantly modified, e.g. split or merged
REJECT - candidate is "not a vulnerability", or a duplicate, etc.

1) Please write your vote on the line that starts with "VOTE: ".  If
   you want to add comments or details, add them to lines after the
   VOTE: line.

2) If you see any missing references, please mention them so that they
   can be included.  References help greatly during mapping.

3) Note that a "MODIFY" is treated as an "ACCEPT" when counting votes.
   So if you don't have sufficient information for a candidate but you
   don't want to NOOP, use a REVIEWING.

********** NOTE ********** NOTE ********** NOTE ********** NOTE **********

Please keep in mind that your vote and comments will be recorded and
publicly viewable in the mailing list archives or in other formats.

======================================================
Candidate: CAN-2002-1410
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1410
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020727 Easy Guestbook Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0356.html
Reference: BID:5341
Reference: URL:http://www.securityfocus.com/bid/5341
Reference: XF:easy-guestbook-gain-access(9697)
Reference: URL:http://www.iss.net/security_center/static/9697.php

Easy Guestbook CGI programs do not authenticate the administrator,
which allows remote attackers to (1) delete entries via direct access
of admin.cgi, or (2) reconfigure Guestbook via direct access of
config.cgi.

Analysis
----------------
ED_PRI CAN-2002-1410 3
Vendor Acknowledgement:
Content Decisions: SF-LOC, SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1411
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1411
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020622 DPGS allows any file to be overwritten
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-06/0265.html
Reference: BID:5081
Reference: URL:http://www.securityfocus.com/bid/5081
Reference: XF:dpgs-dotdot-directory-traversal(9414)
Reference: URL:http://www.iss.net/security_center/static/9414.php

Directory traversal vulnerability in update.dpgs in Duma Photo Gallery
System (DPGS) 0.99.4 allows remote attackers to read arbitrary files
via .. (dot dot) sequences in the id parameter.

Analysis
----------------
ED_PRI CAN-2002-1411 3
Vendor Acknowledgement: no not-supported

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1415
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1415
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020820 Advisory: DoS in WebEasyMail +more possible?
Reference: URL:http://online.securityfocus.com/archive/1/288222
Reference: BID:5518
Reference: URL:http://www.securityfocus.com/bid/5518
Reference: XF:webeasymail-smtp-service-dos(9924)
Reference: URL:http://www.iss.net/security_center/static/9924.php

Format string vulnerability in SMTP service for WebEasyMail 3.4.2.2
and earlier allows remote attackers to cause a denial of service
(crash) and possibly execute arbitrary code via format strings in SMTP
requests.

Analysis
----------------
ED_PRI CAN-2002-1415 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1416
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1416
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020820 Advisory: DoS in WebEasyMail +more possible?
Reference: URL:http://online.securityfocus.com/archive/1/288222
Reference: XF:webeasymail-pop3-bruteforce(9925)
Reference: URL:http://www.iss.net/security_center/static/9925.php
Reference: BID:5519
Reference: URL:http://www.securityfocus.com/bid/5519

The POP3 service for WebEasyMail 3.4.2.2 and earlier generates
diffferent error messages for valid and invalid usernames during
authentication, which makes it easier for remote attackers to conduct
brute force attacks.

Analysis
----------------
ED_PRI CAN-2002-1416 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1421
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1421
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020818 FUDforum file access and SQL Injection
Reference: URL:http://online.securityfocus.com/archive/1/288042
Reference: VULNWATCH:20020818 FUDforum file access and SQL Injection
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0082.html
Reference: BID:5500
Reference: URL:http://www.securityfocus.com/bid/5500
Reference: XF:fudforum-sql-injection(9912)
Reference: URL:http://www.iss.net/security_center/static/9912.php

SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote
attackers to perform unauthorized database operations via (1)
report.php, (2) selmsg.php, and (3) showposts.php.

Analysis
----------------
ED_PRI CAN-2002-1421 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC, SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1422
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1422
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020818 FUDforum file access and SQL Injection
Reference: URL:http://online.securityfocus.com/archive/1/288042
Reference: VULNWATCH:20020818 FUDforum file access and SQL Injection
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0082.html
Reference: XF:fudforum-admnbrowse-modify-files(9901)
Reference: URL:http://www.iss.net/security_center/static/9901.php
Reference: BID:5502
Reference: URL:http://www.securityfocus.com/bid/5502

admbrowse.php in FUDforum before 2.2.0 allows remote attackers to
create or delete files via URL-encoded pathnames in the cur and dest
parameters.

Analysis
----------------
ED_PRI CAN-2002-1422 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-EXEC, SF-LOC

ABSTRACTION: while the tmp_view.php and admbrowse.php problems appear
to be of the same type (file retrieval via /absolute/pathname), the
admbrowse.php issue has another aspect - URL encoding - that suggests
that the issues may be slightly different. Therefore CD:SF-EXEC
suggests creating separate candidates.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1423
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1423
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020818 FUDforum file access and SQL Injection
Reference: URL:http://online.securityfocus.com/archive/1/288042
Reference: VULNWATCH:20020818 FUDforum file access and SQL Injection
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0082.html
Reference: XF:fudforum-tmpview-download-files(9896)
Reference: URL:http://www.iss.net/security_center/static/9896.php
Reference: BID:5501
Reference: URL:http://www.securityfocus.com/bid/5501

tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read
arbitrary files via an absolute pathname in the file parameter.

Analysis
----------------
ED_PRI CAN-2002-1423 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-EXEC, SF-LOC

ABSTRACTION: while the tmp_view.php and admbrowse.php problems appear
to be of the same type (file retrieval via /absolute/pathname), the
admbrowse.php issue has another aspect - URL encoding - that suggests
that the issues may be slightly different. Therefore CD:SF-EXEC
suggests creating separate candidates.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1426
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1426
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020727 Phenoelit Advisory 0815 ++ /+ HP ProCurve
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0338.html
Reference: MISC:http://www.phenoelit.de/stuff/HP_ProCurve.txt
Reference: BID:5336
Reference: URL:http://www.securityfocus.com/bid/5336
Reference: XF:hp-procurve-snmp-write-dos(9708)
Reference: URL:http://www.iss.net/security_center/static/9708.php

HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a
denial of service (crash) via an SNMP write request containing 85
characters, possibly triggering a buffer overflow.

Analysis
----------------
ED_PRI CAN-2002-1426 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1427
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1427
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020727 Easy Homepage Creator Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0350.html
Reference: BID:5340
Reference: URL:http://www.securityfocus.com/bid/5340
Reference: XF:easy-homepage-gain-access(9696)
Reference: URL:http://www.iss.net/security_center/static/9696.php

The print_html_to_file function in edit.cgi for Easy Homepage Creator
1.0 does not check user credentials, which allows remote attackers to
modify home pages of other users.

Analysis
----------------
ED_PRI CAN-2002-1427 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1428
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1428
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020728 php dotProject by pass authentication
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0366.html
Reference: BID:5347
Reference: URL:http://www.securityfocus.com/bid/5347
Reference: XF:dotproject-admin-access(9720)
Reference: URL:http://www.iss.net/security_center/static/9720.php

index.php in dotProject 0.2.1.5 allows remote attackers to bypass
authentication via a cookie or URL with the user_cookie parameter set
to 1.

Analysis
----------------
ED_PRI CAN-2002-1428 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1429
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1429
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020729 Code injection Vulnerability in endity.com
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0389.html
Reference: MISC:http://endity.com/board/index.php?act=ST&f=3&t=68&s=363128162825b2d7fcf60c9cd2a292fe
Reference: XF:shoutbox-site-html-injection(9739)
Reference: URL:http://www.iss.net/security_center/static/9739.php
Reference: BID:5354
Reference: URL:http://www.securityfocus.com/bid/5354

Cross-site scripting vulnerability in board.php of endity.com ShoutBOX
allows remote attackers to inject arbitrary HTML into the shoutbox
page via the site parameter.

Analysis
----------------
ED_PRI CAN-2002-1429 3
Vendor Acknowledgement: unknown vague

ACKNOWLEDGEMENT: a post to a user board dated August 9, 2002, says
"The new download is safer as it contains the security patch," but it
does not say whether the patch is related to the Bugtraq post or not.
A look at the source code for board.php does suggest that the site
variable is being quoted, but it is not clear whether that was the
change that was made.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1431
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1431
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020609 Problem with IP reporting - Belkin Cable/DSL router
Reference: URL:http://online.securityfocus.com/archive/1/276256
Reference: BID:4982
Reference: URL:http://www.securityfocus.com/bid/4982
Reference: XF:belkin-incorrect-ip(9324)
Reference: URL:http://www.iss.net/security_center/static/9324.php

Belkin F5D5230-4 4-Port Cable/DSL Gateway Router 1.20.000 modifies the
source IP address of internal packets to that of the router's external
interface when forwarding a request from an internal host to an
internal web server, which allows remote attackers to hide which host
is being used to access the web server.

Analysis
----------------
ED_PRI CAN-2002-1431 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1432
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1432
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: CF
Reference: BUGTRAQ:20020807 MidiCart Shopping Cart Software database vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0074.html
Reference: BID:5438
Reference: URL:http://www.securityfocus.com/bid/5438
Reference: XF:shopping-cart-database-access(9816)
Reference: URL:http://www.iss.net/security_center/static/9816.php

MidiCart stores the midicart.mdb database file under the Web document
root, which allows remote attackers to steal sensitive information by
directly requesting the database.

Analysis
----------------
ED_PRI CAN-2002-1432 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1433
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1433
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020819 Kerio Mail Server Multiple Security Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0183.html
Reference: XF:kerio-mailserver-syn-dos(9904)
Reference: URL:http://www.iss.net/security_center/static/9904.php
Reference: BID:5505
Reference: URL:http://www.securityfocus.com/bid/5505

Kerio MailServer 5.0 allows remote attackers to cause a denial of
service (hang) via SYN packets to the supported network services.

Analysis
----------------
ED_PRI CAN-2002-1433 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1434
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1434
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020819 Kerio Mail Server Multiple Security Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0183.html
Reference: BID:5507
Reference: URL:http://www.securityfocus.com/bid/5507
Reference: XF:kerio-webserver-webmail-xss(9905)
Reference: URL:http://www.iss.net/security_center/static/9905.php

Multiple cross-site scripting (XSS) vulnerabilities in the Web mail
module of Kerio MailServer 5.0 allow remote attackers to execute HTML
script as other users via certain URLs.

Analysis
----------------
ED_PRI CAN-2002-1434 3
Vendor Acknowledgement:
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1440
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1440
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020814 Trivial root compromise in Gateway GS-400 NAS Servers
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0126.html
Reference: XF:gateway-gs400-default-password(9864)
Reference: URL:http://www.iss.net/security_center/static/9864.php
Reference: BID:5472
Reference: URL:http://www.securityfocus.com/bid/5472

The Gateway GS-400 server has a default root password of "0001n" that
can not be changed via the administrative interface, which can allow
attackers to gain root privileges.

Analysis
----------------
ED_PRI CAN-2002-1440 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: CF-PASS

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1441
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1441
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020819 Multiple Buffer Overflow vulnerabilities in SteelArrow (#NISR19082002B)
Reference: URL:http://online.securityfocus.com/archive/1/288013
Reference: VULNWATCH:20020819 Multiple Buffer Overflow vulnerabilities in SteelArrow (#NISR19082002B)
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0085.html
Reference: MISC:http://www.steelarrow.com/
Reference: MISC:http://www.nextgenss.com/advisories/steel-arrow-bo.txt
Reference: MISC:http://www.nextgenss.com/vna/tom-saro.txt
Reference: XF:steelarrow-userident-bo(9888)
Reference: URL:http://www.iss.net/security_center/static/9888.php
Reference: XF:steelarrow-long-aro-bo(9889)
Reference: URL:http://www.iss.net/security_center/static/9889.php
Reference: XF:steelarrow-chunked-aro-bo(9890)
Reference: URL:http://www.iss.net/security_center/static/9890.php
Reference: BID:4860
Reference: URL:http://www.securityfocus.com/bid/4860
Reference: BID:5494
Reference: URL:http://www.securityfocus.com/bid/5494
Reference: BID:5496
Reference: URL:http://www.securityfocus.com/bid/5496
Reference: BID:5495
Reference: URL:http://www.securityfocus.com/bid/5495

Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow
remote attackers to execute arbitrary code via (1) the Steelarrow
Service (Steelarrow.exe) using a long UserIdent Cookie header, (2)
DLLHOST.EXE (Steelarrow.dll) via a request for a long .aro file, or
(3) DLLHOST.EXE via a Chunked Transfer-Encoding request.

Analysis
----------------
ED_PRI CAN-2002-1441 3
Vendor Acknowledgement: unknown vague
Content Decisions: SF-EXEC

ACKNOWLEDGEMENT: the vendor's front page includes an item dated August
2002 which states "version [4.5] also eliminates a buffer overrun
issue found in version 4.1," but since it does not credit NGSSoftware
(the disclosers) and it only mentions one overflow instead of 3, it
cannot be certain whether the fix was for the issues identified by
this candidate.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1442
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1442
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020808 Exploiting the Google toolbar (GM#001-MC)
Reference: URL:http://online.securityfocus.com/archive/1/286527
Reference: NTBUGTRAQ:20020808 Exploiting the Google toolbar (GM#001-MC)
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2002-q3/0066.html
Reference: MISC:http://sec.greymagic.com/adv/gm001-mc/
Reference: BID:5424
Reference: URL:http://www.securityfocus.com/bid/5424

The Google toolbar 1.1.58 and earlier allows remote web sites to
perform unauthorized toolbar operations including script execution and
file reading in other zones such as "My Computer" by opening a window
to tools.google.com or the res: protocol, then using script to modify
the window's location to the toolbar's configuration URL, which
bypasses the origin verification check.

Analysis
----------------
ED_PRI CAN-2002-1442 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1444
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1444
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020815 IE [with Google Toolbar installed] crash
Reference: URL:http://online.securityfocus.com/archive/1/287498
Reference: MISC:http://www.sztolnia.pl/hack/googIE/googIE.html
Reference: XF:ie-google-toolbar-dos(9883)
Reference: URL:http://www.iss.net/security_center/static/9883.php
Reference: BID:5477
Reference: URL:http://www.securityfocus.com/bid/5477

The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and
6.0, allows remote attackers to cause a denial of service (crash with
an exception in oleaut32.dll) via malicious HTML, possibly related to
small width and height parameters or an incorrect call to the
Google.Search() function.

Analysis
----------------
ED_PRI CAN-2002-1444 3
Vendor Acknowledgement: unknown discloser-claimed

ACCURACY: the discloser provides no diagnosis of where the problem
could lie, or which parts of the "exploit code" are malformed.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1445
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1445
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020811 CERN Proxy Server: Cross-Site Scripting Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0097.html
Reference: BID:5447
Reference: URL:http://www.securityfocus.com/bid/5447
Reference: XF:cern-proxy-xss(9834)
Reference: URL:http://www.iss.net/security_center/static/9834.php

Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows
remote attackers to execute script as other users via a link to a
non-existent page whose name contains the script, which is inserted
into the resulting error page.

Analysis
----------------
ED_PRI CAN-2002-1445 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1449
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1449
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020730 Bug in Eupload
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0412.html
Reference: BID:5369
Reference: URL:http://online.securityfocus.com/bid/5369
Reference: XF:eupload-passwordtxt-overwrite-files(9733)
Reference: URL:http://www.iss.net/security_center/static/9733.php

eUpload 1.0 stores the password.txt password file in plaintext under
the web document root, which allows remote attackers to overwrite
arbitrary files by reading password.txt.

Analysis
----------------
ED_PRI CAN-2002-1449 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1450
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1450
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020731 TZ Advisores - Buffer Overflow in IBM U2 UniVerse ODBC
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-07/0442.html
Reference: XF:ibm-universe-invalid-query-dos(9736)
Reference: URL:http://www.iss.net/security_center/static/9736.php

IBM UniVerse with UV/ODBC allows attackers to cause a denial of
service (client crash or server CPU consumption) via a query with an
invalid link between tables, possibly via a buffer overflow.

Analysis
----------------
ED_PRI CAN-2002-1450 3
Vendor Acknowledgement: no

ACCURACY: while the original Bugtraq post's subject line includes the
word "buffer overflow," the discloser provides little information to
indicate where the overflow may be. ACKNOWLEDGEMENT: a search for
"vulnerability" or "buffer" at
http://www-3.ibm.com/software/data/u2/universe/support/ produced no
results.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1451
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1451
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020824 Blazix 1.2 jsp view and free protected folder access
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0259.html
Reference: BID:5566
Reference: URL:http://www.securityfocus.com/bid/5566
Reference: XF:blazix-unauth-file-access(9952)
Reference: URL:http://www.iss.net/security_center/static/9952.php
Reference: BID:5567
Reference: URL:http://www.securityfocus.com/bid/5567

Blazix before 1.2.2 allows remote attackers to read source code of JSP
scripts or list restricted web directories via an HTTP request that
ends in a (1) "+" or (2) "\" (backslash) character.

Analysis
----------------
ED_PRI CAN-2002-1451 3
Vendor Acknowledgement: unknown discloser-claimed
Content Decisions: SF-LOC

Email inquiry sent to support@desisoft.com on November 18, 2002.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1452
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1452
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: VULNWATCH:20020814 new bugs in MyWebServer
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0077.html
Reference: BUGTRAQ:20020814 new bugs in MyWebServer
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102935720109934&w=2
Reference: XF:mywebserver-search-bo(9859)
Reference: URL:http://www.iss.net/security_center/static/9859.php
Reference: BID:5469
Reference: URL:http://www.securityfocus.com/bid/5469

Buffer overflow in the search capability for MyWebServer 1.0.2 allows
remote attackers to execute arbitrary code via a long searchTarget
parameter.

Analysis
----------------
ED_PRI CAN-2002-1452 3
Vendor Acknowledgement: no
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1453
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1453
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: VULNWATCH:20020814 new bugs in MyWebServer
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0077.html
Reference: BUGTRAQ:20020814 new bugs in MyWebServer
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102935720109934&w=2
Reference: BID:5470
Reference: URL:http://www.securityfocus.com/bid/5470
Reference: XF:mywebserver-long-http-xss(9861)
Reference: URL:http://www.iss.net/security_center/static/9861.php

Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows
remote attackers to insert script and HTML via a long request followed
by the malicious script, which is echoed back to the user in an error
message.

Analysis
----------------
ED_PRI CAN-2002-1453 3
Vendor Acknowledgement: no
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1454
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1454
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: VULNWATCH:20020814 new bugs in MyWebServer
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0077.html
Reference: BUGTRAQ:20020814 new bugs in MyWebServer
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=102935720109934&w=2
Reference: XF:mywebserver-invalid-path-disclosure(9862)
Reference: URL:http://www.iss.net/security_center/static/9862.php
Reference: BID:5471
Reference: URL:http://www.securityfocus.com/bid/5471

MyWebServer 1.0.2 allows remote attackers to determine the absolute
path of the web document root via a request for a directory that does
not exist, which leaks the pathname in an error message.

Analysis
----------------
ED_PRI CAN-2002-1454 3
Vendor Acknowledgement: no
Content Decisions: SF-LOC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1455
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1455
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020825 OmniHTTPd test.shtml Cross-Site Scripting Issue
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0264.html
Reference: BUGTRAQ:20020825 OmniHTTPd test.php Cross-Site Scripting Issue
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0263.html
Reference: BUGTRAQ:20020825 More OmniHTTPd Problems
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0266.html

Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow
remote attackers to insert script or HTML into web pages via (1)
test.php, (2) test.shtml, or (3) redir.exe.

Analysis
----------------
ED_PRI CAN-2002-1455 3
Vendor Acknowledgement: no
Content Decisions: SF-EXEC

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1456
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1456
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020827 uuuppz.com - Advisory 002 - mIRC $asctime overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=103046375002380&w=2
Reference: NTBUGTRAQ:20020827 uuuppz.com - Advisory 002 - mIRC $asctime overflow
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=103046138631893&w=2
Reference: VULNWATCH:20020827 uuuppz.com - Advisory 002 - mIRC $asctime overflow
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0092.html
Reference: MISC:http://www.mirc.co.uk/whatsnew.txt
Reference: XF:mirc-asctime-bo(9970)
Reference: BID:5576
Reference: URL:http://online.securityfocus.com/bid/5576

Buffer overflow in mIRC 6.0.2 and earlier allows remote attackers to
execute arbitrary code via a long $asctime value.

Analysis
----------------
ED_PRI CAN-2002-1456 3
Vendor Acknowledgement: unknown vague

ACKNOWLEDGEMENT: the vendor changelog for 2.0.3 is too vague to know
whether it's addressing a vulnerability or not; it simply refers to
"the $asctime() bug."

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1457
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1457
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: VULNWATCH:20020813 L-Forum Vulnerability - SQL Injection
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0074.html
Reference: XF:lforum-search-sql-injection(9837)
Reference: URL:http://www.iss.net/security_center/static/9837.php
Reference: BID:5468
Reference: URL:http://www.securityfocus.com/bid/5468

SQL injection vulnerability in search.php for L-Forum 2.40 allows
remote attackers to execute arbitrary SQL statements via the search
parameter.

Analysis
----------------
ED_PRI CAN-2002-1457 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1458
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1458
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020813 L-Forum XSS and upload spoofing
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0115.html
Reference: MISC:http://sourceforge.net/tracker/download.php?group_id=53716&atid=471343&file_id=26687&aid=579278
Reference: XF:lforum-html-message-xss(9838)
Reference: URL:http://www.iss.net/security_center/static/9838.php
Reference: BID:5462
Reference: URL:http://www.securityfocus.com/bid/5462

Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when
the "Enable HTML in messages" option is on, allows remote attackers to
insert arbitrary script or HTML via message fields including (1) From,
(2) E-Mail, (3) Subject and (4) Body.

Analysis
----------------
ED_PRI CAN-2002-1458 3
Vendor Acknowledgement: no
Content Decisions: SF-LOC

ABSTRACTION: CD:SF-LOC suggests a SPLIT of items if one item appears
in a different version than another. As noted in the Bugtraq post and
vendor acknowledgement, the bugs with the "Enable HTML" option *off*
were fixed, but related bugs when "Enable HTML" is *off* were NOT
fixed. Therefore these items should be SPLIT.
ACKNOWLEDGEMENT: the patch supplied by the vendor clearly indicates
that it only removes XSS issues when "Enable HTML" is
*OFF*. Therefore, the vendor has not fixed the problem when "Enable
HTML" is on, and there is no acknowledgement.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1461
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1461
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020815 Web Shop Manager Security Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0130.html
Reference: MISC:http://www.securiteam.com/securitynews/5KP0G0080E.html
Reference: BID:5474
Reference: URL:http://www.securityfocus.com/bid/5474
Reference: XF:webshop-manager-execute-commands(9817)
Reference: URL:http://www.iss.net/security_center/static/9817.php

Web Shop Manager 1.1 allows remote attackers to execute arbitrary
commands via shell metacharacters in the search box.

Analysis
----------------
ED_PRI CAN-2002-1461 3
Vendor Acknowledgement: no

ACKNOWLEDGEMENT: inquiry posted to vendor form at
http://www.webscriptworld.com/contact.phtml on November 18, 2002.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1462
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1462
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020815 Input validation attack in php-affiliate-v1.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0141.html
Reference: BID:5482
Reference: URL:http://www.securityfocus.com/bid/5482
Reference: XF:phpaffiliate-details-account-access(9858)
Reference: URL:http://www.iss.net/security_center/static/9858.php

details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later
versions, allows remote attackers to modify information of other users
by modifying certain hidden form fields.

Analysis
----------------
ED_PRI CAN-2002-1462 3
Vendor Acknowledgement: no vendor inaccessible

ACKNOWLEDGEMENT: there is no clear acknowledgement. The vendor site at
http://www.organicphp.com/ includes an item for 1.1 that says there
were "some bugs found," and 1.2 says that two scripts "were faulty."
But there is no way to know whether these bugs were security-related.
The site requires registration to obtain the software, and there is no
email POC, so the possibility of acknowledgement was not investigated
further.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1464
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1464
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: VULNWATCH:20020813 Multiple Vulnerabilities in CafeLog Weblog Package
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0071.html
Reference: BUGTRAQ:20020813 Multiple Vulnerabilities in CafeLog Weblog Package
Reference: URL:http://online.securityfocus.com/archive/1/287228
Reference: BID:5455
Reference: URL:http://www.securityfocus.com/bid/5455
Reference: XF:b2-gpc-xss(9835)
Reference: URL:http://www.iss.net/security_center/static/9835.php

Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool
allows remote attackers to insert arbitrary HTML or script via the GPC
variable.

Analysis
----------------
ED_PRI CAN-2002-1464 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1465
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1465
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: VULNWATCH:20020813 Multiple Vulnerabilities in CafeLog Weblog Package
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0071.html
Reference: BUGTRAQ:20020813 Multiple Vulnerabilities in CafeLog Weblog Package
Reference: URL:http://online.securityfocus.com/archive/1/287228
Reference: BID:5456
Reference: URL:http://www.securityfocus.com/bid/5456
Reference: XF:b2-tableposts-sql-injection(9836)
Reference: URL:http://www.iss.net/security_center/static/9836.php

SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote
attackers to execute arbitrary SQL code via the tablehosts variable.

Analysis
----------------
ED_PRI CAN-2002-1465 3
Vendor Acknowledgement:

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1466
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1466
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: VULNWATCH:20020813 Multiple Vulnerabilities in CafeLog Weblog Package
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0071.html
Reference: BUGTRAQ:20020813 Multiple Vulnerabilities in CafeLog Weblog Package
Reference: URL:http://online.securityfocus.com/archive/1/287228

CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows
remote attackers to execute arbitrary PHP code via the b2inc variable.

Analysis
----------------
ED_PRI CAN-2002-1466 3
Vendor Acknowledgement:
Content Decisions: INCLUSION

ACCURACY/INCLUSION: This may be a duplicate or variant of
CAN-2002-0734.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1470
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1470
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020806 Fate Research Labs Advisory: Retrieve SHOUTcast Admin Password Through GET /
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0017.html
Reference: XF:shoutcast-scservlog-world-readable(9775)
Reference: URL:http://www.iss.net/security_center/static/9775.php
Reference: BID:5414
Reference: URL:http://www.securityfocus.com/bid/5414

SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext
administrative password via a GET request to port 8001, which causes
the password to be logged in the world-readable sc_serv.log file.

Analysis
----------------
ED_PRI CAN-2002-1470 3
Vendor Acknowledgement: no disputed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1498
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1498
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020828 SWServer 2.2 directory traversal bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0307.html
Reference: BID:5590
Reference: URL:http://www.securityfocus.com/bid/5590
Reference: XF:swserver-encoded-directory-traversal(9981)
Reference: URL:http://www.iss.net/security_center/static/9981.php

Directory traversal vulnerability in SWServer 2.2 and earlier allows
remote attackers to read arbitrary files via a URL containing ..
sequences with "/" or "\" characters.

Analysis
----------------
ED_PRI CAN-2002-1498 3
Vendor Acknowledgement: unknown discloser-claimed

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1499
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1499
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020831 FactoSystem CMS Contains Multiple Vulnerabilities
Reference: URL:http://online.securityfocus.com/archive/1/290021
Reference: VULNWATCH:20020830 FactoSystem CMS Contains Multiple Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0097.html
Reference: MISC:http://sourceforge.net/tracker/index.php?func=detail&aid=602711&group_id=12668&atid=112668
Reference: XF:factosystem-asp-sql-injection(10000)
Reference: URL:http://www.iss.net/security_center/static/10000.php
Reference: BID:5600
Reference: URL:http://www.securityfocus.com/bid/5600

Multiple SQL injection vulnerabilities in FactoSystem CMS allows
remote attackers to perform unauthorized database actions via (1) the
authornumber parameter in author.asp, (2) the discussblurbid parameter
in discuss.asp, (3) the name parameter in holdcomment.asp, and (4) the
email parameter in holdcomment.asp.

Analysis
----------------
ED_PRI CAN-2002-1499 3
Vendor Acknowledgement: no
Content Decisions: SF-LOC, SF-EXEC

A bug report was filed, but as of January 2003, the bug status was
still "open." Therefore it cannot be certain whether the developer has
acknowledged the vulnerability.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:

======================================================
Candidate: CAN-2002-1506
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-1506
Final-Decision:
Interim-Decision:
Modified:
Proposed: 20030317
Assigned: 20030205
Category: SF
Reference: BUGTRAQ:20020828 iDEFENSE Security Advisory: Linuxconf locally exploitable buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2002-08/0304.html
Reference: VULNWATCH:20020828 iDEFENSE Security Advisory: Linuxconf locally exploitable buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0093.html
Reference: MISC:http://www.solucorp.qc.ca/changes.hc?projet=linuxconf&version=1.28r4
Reference: BID:5585
Reference: URL:http://www.securityfocus.com/bid/5585
Reference: XF:linuxconf-linuxconflang-env-bo(9980)
Reference: URL:http://www.iss.net/security_center/static/9980.php

Buffer overflow in Linuxconf before 1.28r4 allows local users to
execute arbitrary code via a long LINUXCONF_LANG environment variable,
which overflows an error string that is generated.

Analysis
----------------
ED_PRI CAN-2002-1506 3
Vendor Acknowledgement: unknown vague

ACKNOWLEDGEMENT: the vendor change log for 1.28r4 discusses a "fix for
a local security exploit" but does not provide details. The log is
dated August 18; however, iDEFENSE's disclosure timeline says that the
vendor was not notified until the 19th. While this may appear to be a
minor inconsistency, when viewed in conjunction with the vendor's
vague statement, this changelog can NOT be viewed as conclusive
evidence that the vendor fixed this particular vulnerability.

Voting Section
--------------
Possible votes: ACCEPT/MODIFY/NOOP/REVIEWING/RECAST/REJECT
If ACCEPT or MODIFY, include reason for acceptance:
  VERIFIED-BY-MY-ORG, ACKNOWLEDGED-BY-VENDOR, VERIFIED-BY-SOMEONE-I-TRUST,
  HAS-INDEPENDENT-CONFIRMATION, or provide other reason.

VOTE:
ACCEPT_REASON:

COMMENTS:
Page Last Updated or Reviewed: May 22, 2007