Weekly Vulnerabilities Reports > December 3 to 9, 2001

Overview

79 new vulnerabilities reported during this period, including 11 critical vulnerabilities and 31 high severity vulnerabilities. This weekly summary report vulnerabilities in 77 products from 53 vendors including Microsoft, Cisco, SGI, Oracle, and IBM. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Missing Release of Resource after Effective Lifetime", and "Insufficient Entropy".

  • 64 reported vulnerabilities are remotely exploitables.
  • 79 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 9 reported vulnerabilities.
  • SGI has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

11 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-12-08 CVE-2001-0953 Nara Vision Unspecified vulnerability in Nara Vision Kebi Community 1.0Academy/1.0Enterprise

Kebi WebMail allows remote attackers to access the administrator menu and gain privileges via the /a/ hidden directory, which is installed under the web document root.

10.0
2001-12-06 CVE-2001-0850 Caldera Remote Security vulnerability in Caldera Openlinux 3.1

A configuration error in the libdb1 package in OpenLinux 3.1 uses insecure versions of the snprintf and vsnprintf functions, which could allow local or remote users to exploit those functions with a buffer overflow.

10.0
2001-12-06 CVE-2001-0846 Lotus Unspecified vulnerability in Lotus Domino

Lotus Domino 5.x allows remote attackers to read files or execute arbitrary code by requesting the ReplicaID of the Web Administrator template file (webadmin.ntf).

10.0
2001-12-06 CVE-2001-0840 Compaq Buffer Overflow vulnerability in Compaq Insight Manager XE

Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows remote attackers to execute arbitrary code via (1) SNMP and (2) DMI.

10.0
2001-12-06 CVE-2001-0825 Xinetd Buffer Overflow vulnerability in Xinetd 2.1.8.8/2.1.8.9/2.3.0

Buffer overflow in internal string handling routines of xinetd before 2.1.8.8 allows remote attackers to execute arbitrary commands via a length argument of zero or less, which disables the length check.

10.0
2001-12-06 CVE-2001-0817 HP Remote Line Printer Daemon Logic Flaw vulnerability in HP-UX

Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 through 11.11 allows remote attackers to modify arbitrary files and gain root privileges via a certain print request.

10.0
2001-12-06 CVE-2001-0808 Yngve Svendsen Unspecified vulnerability in Yngve Svendsen Gnatsweb

gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers to execute arbitrary commands via certain characters in the help_file parameter.

10.0
2001-12-06 CVE-2001-0803 Open Group Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Open Group CDE Common Desktop Environment

Buffer overflow in the client connection routine of libDtSvc.so.1 in CDE Subprocess Control Service (dtspcd) allows remote attackers to execute arbitrary commands.

10.0
2001-12-06 CVE-2001-0800 SGI Remote Command Execution vulnerability in IRIX 'lpsched'

lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute arbitrary commands via shell metacharacters.

10.0
2001-12-06 CVE-2001-0799 SGI Remote Security vulnerability in IRIX

Buffer overflows in lpsched in IRIX 6.5.13f and earlier allow remote attackers to execute arbitrary commands via a long argument.

10.0
2001-12-06 CVE-2001-0671 IBM Remote Security vulnerability in AIX 4.3/5.1

Buffer overflows in (1) send_status, (2) kill_print, and (3) chk_fhost in lpd in AIX 4.3 and 5.1 allow remote attackers to gain root privileges.

10.0

31 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-12-06 CVE-2001-0867 Cisco Unspecified vulnerability in Cisco 12000 Router

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly filter does not properly filter packet fragments even when the "fragment" keyword is used in an ACL, which allows remote attackers to bypass the intended access controls.

7.5
2001-12-06 CVE-2001-0866 Cisco Unspecified vulnerability in Cisco 12000 Router

Cisco 12000 with IOS 12.0 and lines card based on Engine 2 does not properly handle an outbound ACL when an input ACL is not configured on all the interfaces of a multi port line card, which could allow remote attackers to bypass the intended access controls.

7.5
2001-12-06 CVE-2001-0865 Cisco Unspecified vulnerability in Cisco 12000 Router

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not support the "fragment" keyword in an outgoing ACL, which could allow fragmented packets in violation of the intended access.

7.5
2001-12-06 CVE-2001-0864 Cisco Unspecified vulnerability in Cisco 12000 Router

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not properly handle the implicit "deny ip any any" rule in an outgoing ACL when the ACL contains exactly 448 entries, which can allow some outgoing packets to bypass access restrictions.

7.5
2001-12-06 CVE-2001-0862 Cisco Unspecified vulnerability in Cisco 12000 Router

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not block non-initial packet fragments, which allows remote attackers to bypass the ACL.

7.5
2001-12-06 CVE-2001-0860 Microsoft Unspecified vulnerability in Microsoft Windows 2000 and Windows XP

Terminal Services Manager MMC in Windows 2000 and XP trusts the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g.

7.5
2001-12-06 CVE-2001-0857 IMP Unspecified vulnerability in IMP Webmail

Cross-site scripting vulnerability in status.php3 in Imp Webmail 2.2.6 and earlier allows remote attackers to gain access to the e-mail of other users by hijacking session cookies via the message parameter.

7.5
2001-12-06 CVE-2001-0849 Duncan Hall Remote Shell Command vulnerability in Duncan Hall Viralator 0.7/0.8/0.9Pre1

viralator CGI script in Viralator 0.9pre1 and earlier allows remote attackers to execute arbitrary code via a URL for a file being downloaded, which is insecurely passed to a call to wget.

7.5
2001-12-06 CVE-2001-0847 Lotus Unspecified vulnerability in Lotus Domino web Server 5.X

Lotus Domino Web Server 5.x allows remote attackers to gain sensitive information by accessing the default navigator $defaultNav via (1) URL encoding the request, or (2) directly requesting the ReplicaID.

7.5
2001-12-06 CVE-2001-0844 Seth Leonard Remote Arbitrary Command Execution vulnerability in Seth Leonard Book of Guests and Post IT

Vulnerability in (1) Book of guests and (2) Post it! allows remote attackers to execute arbitrary code via shell metacharacters in the email parameter.

7.5
2001-12-06 CVE-2001-0842 Leoboard Unspecified vulnerability in Leoboard Lb5000

Directory traversal vulnerability in Search.cgi in Leoboard LB5000 LB5000II 1029 and earlier allows remote attackers to overwrite files and gain privileges via ..

7.5
2001-12-06 CVE-2001-0841 Ikonboard COM Unspecified vulnerability in Ikonboard.Com Ikonboard

Directory traversal vulnerability in Search.cgi in Ikonboard ib219 and earlier allows remote attackers to overwrite files and gain privileges via ..

7.5
2001-12-06 CVE-2001-0839 Ibill Internet Billing Company Unspecified vulnerability in Ibill Internet Billing Company Processing Plus

ibillpm.pl in iBill password management system generates weak passwords based on a client's MASTER_ACCOUNT, which allows remote attackers to modify account information in the .htpasswd file via brute force password guessing.

7.5
2001-12-06 CVE-2001-0838 Network Solutions Remote Security vulnerability in Network Solutions Rwhoisd 1.5.X

Format string vulnerability in Network Solutions Rwhoisd 1.5.x allows remote attackers to execute arbitrary code via format string specifiers in the -soa command.

7.5
2001-12-06 CVE-2001-0836 Oracle Unspecified vulnerability in Oracle Application Server web Cache 2.0.0.1

Buffer overflow in Oracle9iAS Web Cache 2.0.0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request.

7.5
2001-12-06 CVE-2001-0835 Bradford Barrett Unspecified vulnerability in Bradford Barrett Webalizer

Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information, or (2) host names that are retrieved via a reverse DNS lookup.

7.5
2001-12-06 CVE-2001-0830 6Tunnel Project Missing Release of Resource after Effective Lifetime vulnerability in 6Tunnel Project 6Tunnel 0.08

6tunnel 0.08 and earlier does not properly close sockets that were initiated by a client, which allows remote attackers to cause a denial of service (resource exhaustion) by repeatedly connecting to and disconnecting from the server.

7.5
2001-12-06 CVE-2001-0824 IBM Cross-Site Scripting vulnerability in IBM WebSphere

Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to execute Javascript by inserting the Javascript into (1) a request for a .JSP file, or (2) a request to the webapp/examples/ directory, which inserts the Javascript into an error page.

7.5
2001-12-06 CVE-2001-0820 Gaztek Buffer Overflow vulnerability in Gaztek Ghttp 1.4

Buffer overflows in GazTek ghttpd 1.4 allows a remote attacker to execute arbitrary code via long arguments that are passed to (1) the Log function in util.c, or (2) serveconnection in protocol.c.

7.5
2001-12-06 CVE-2001-0819 Fetchmail Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Fetchmail

A buffer overflow in Linux fetchmail before 5.8.6 allows remote attackers to execute arbitrary code via a large 'To:' field in an email header.

7.5
2001-12-06 CVE-2001-0818 Marty Bochane Buffer Overflow vulnerability in MDBMS Query Display

A buffer overflow the '\s' console command in MDBMS 0.99b9 and earlier allows remote attackers to execute arbitrary commands by sending the command a large amount of data.

7.5
2001-12-06 CVE-2001-0816 Openbsd Unspecified vulnerability in Openbsd Openssh

OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands.

7.5
2001-12-06 CVE-2001-0815 Activestate Buffer Overflow vulnerability in Activeperl 5.6.1/5.6.1.629

Buffer overflow in PerlIS.dll in Activestate ActivePerl 5.6.1.629 and earlier allows remote attackers to execute arbitrary code via an HTTP request for a long filename that ends in a .pl extension.

7.5
2001-12-06 CVE-2001-0726 Microsoft Unspecified vulnerability in Microsoft Exchange Server 5.5

Outlook Web Access (OWA) in Microsoft Exchange 5.5 Server, when used with Internet Explorer, does not properly detect certain inline script, which can allow remote attackers to perform arbitrary actions on a user's Exchange mailbox via an HTML e-mail message.

7.5
2001-12-06 CVE-2001-0720 Apple Unspecified vulnerability in Apple mac OS X 10.4.9

Internet Explorer 5.1 for Macintosh on Mac OS X allows remote attackers to execute arbitrary commands by causing a BinHex or MacBinary file type to be downloaded, which causes the files to be executed if automatic decoding is enabled.

7.5
2001-12-06 CVE-2001-0719 Microsoft Buffer Overflow vulnerability in Microsoft Windows Media Player 6.4

Buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via a malformed Advanced Streaming Format (ASF) file.

7.5
2001-12-04 CVE-2001-0950 Valicert Insufficient Entropy vulnerability in Valicert Enterprise Validation Authority

ValiCert Enterprise Validation Authority (EVA) Administration Server 3.3 through 4.2.1 uses insufficiently random data to (1) generate session tokens for HSMs using the C rand function, or (2) generate certificates or keys using /dev/urandom instead of another source which blocks when the entropy pool is low, which could make it easier for local or remote attackers to steal tokens or certificates via brute force guessing.

7.5
2001-12-06 CVE-2001-0855 Rational Software Buffer Overflow vulnerability in Rational ClearCase DB Loader TERM Environment Variable

Buffer overflow in db_loader in ClearCase 4.2 and earlier allows local users to gain root privileges via a long TERM environment variable.

7.2
2001-12-06 CVE-2001-0833 Oracle Buffer Overflow vulnerability in Oracle OTRCREP Oracle Home Environment Variable

Buffer overflow in otrcrep in Oracle 8.0.x through 9.0.1 allows local users to execute arbitrary code via a long ORACLE_HOME environment variable, aka the "Oracle Trace Collection Security Vulnerability."

7.2
2001-12-06 CVE-2001-0823 SGI Symbolic Link vulnerability in SGI Performance Co-Pilot pmpost

The pmpost program in Performance Co-Pilot (PCP) before 2.2.1-3 allows a local user to gain privileges via a symlink attack on the NOTICES file in the PCP log directory (PCP_LOG_DIR).

7.2
2001-12-06 CVE-2001-0801 SGI Unspecified vulnerability in SGI Irix

lpstat in IRIX 6.5.13f and earlier allows local users to gain root privileges by specifying a Trojan Horse nettype shared library.

7.2

31 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-12-06 CVE-2001-1247 PHP Permissions, Privileges, and Access Controls vulnerability in PHP 4.0.4Pl1/4.0.5

PHP 4.0.4pl1 and 4.0.5 in safe mode allows remote attackers to read and write files owned by the web server UID by uploading a PHP script that uses the error_log function to access the files.

6.4
2001-12-06 CVE-2001-0834 Htdig
Conectiva
Debian
Suse
Remote Denial of Service/File Disclosure vulnerability in ht://Dig

htsearch CGI program in htdig (ht://Dig) 3.1.5 and earlier allows remote attackers to use the -c option to specify an alternate configuration file, which could be used to (1) cause a denial of service (CPU consumption) by specifying a large file such as /dev/zero, or (2) read arbitrary files by uploading an alternate configuration file that specifies the target file.

6.4
2001-12-06 CVE-2001-0722 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 5.5/6.0

Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript in an about: URL, aka the "First Cookie Handling Vulnerability."

6.4
2001-12-06 CVE-2001-0829 Apache Cross-Site Scripting vulnerability in Apache Tomcat 3.2.1

A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message.

5.1
2001-12-06 CVE-2001-0828 Caucho Technology Cross-Site Scripting vulnerability in Caucho Technology Resin 1.2.2

A cross-site scripting vulnerability in Caucho Technology Resin before 1.2.4 allows a malicious webmaster to embed Javascript in a hyperlink that ends in a .jsp extension, which causes an error message that does not properly quote the Javascript.

5.1
2001-12-08 CVE-2001-1184 Denicomp Denial of Service vulnerability in Denicomp Winsock RSHD/NT Standard Error

wrshdsp.exe in Denicomp Winsock RSHD/NT 2.21.00 and earlier allows remote attackers to cause a denial of service (CPU consumption) via (1) in 2.20.00 and earlier, an invalid port number such as a negative number, which causes a connection attempt to that port and all ports below 1024, and (2) in 2.21.00, a port number of 1024.

5.0
2001-12-07 CVE-2001-0954 Lotus Denial of Service vulnerability in Lotus Domino 5.0.5/5.0.8

Lotus Domino 5.0.5 and 5.0.8, and possibly other versions, allows remote attackers to cause a denial of service (block access to databases that have not been previously accessed) via a URL that includes the .

5.0
2001-12-07 CVE-2001-0952 Volition Denial Of Service vulnerability in Volition Red Faction Game Server/Client

THQ Volition Red Faction Game allows remote attackers to cause a denial of service (hang) of a client or server via packets to UDP port 7755.

5.0
2001-12-07 CVE-2001-0951 Microsoft Unspecified vulnerability in Microsoft Windows 2000

Windows 2000 allows remote attackers to cause a denial of service (CPU consumption) by flooding Internet Key Exchange (IKE) UDP port 500 with packets that contain a large number of dot characters.

5.0
2001-12-06 CVE-2001-0863 Cisco Unspecified vulnerability in Cisco 12000 Router

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 does not handle the "fragment" keyword in a compiled ACL (Turbo ACL) for packets that are sent to the router, which allows remote attackers to cause a denial of service via a flood of fragments.

5.0
2001-12-06 CVE-2001-0861 Cisco Denial Of Service vulnerability in Cisco 12000 Series Internet Router

Cisco 12000 with IOS 12.0 and line cards based on Engine 2 and earlier allows remote attackers to cause a denial of service (CPU consumption) by flooding the router with traffic that generates a large number of ICMP Unreachable replies.

5.0
2001-12-06 CVE-2001-0859 Redhat Unspecified vulnerability in Redhat Linux 7.1

2.4.3-12 kernel in Red Hat Linux 7.1 Korean installation program sets the setting default umask for init to 000, which installs files with world-writeable permissions.

5.0
2001-12-06 CVE-2001-0854 Francisco Burzi Unspecified vulnerability in Francisco Burzi PHP-Nuke 5.2

PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary files by calling case.filemanager.php with admin.php as an argument, which sets the $PHP_SELF variable and makes it appear that case.filemanager.php is being called by admin.php instead of the user.

5.0
2001-12-06 CVE-2001-0853 Entrust Unspecified vulnerability in Entrust Getaccess Allversions

Directory traversal vulnerability in Entrust GetAccess allows remote attackers to read arbitrary files via a ..

5.0
2001-12-06 CVE-2001-0852 Redhat Denial of Service vulnerability in Redhat Linux 7.2

TUX HTTP server 2.1.0-2 in Red Hat Linux allows remote attackers to cause a denial of service via a long Host: header.

5.0
2001-12-06 CVE-2001-0851 Caldera
Linux
Suse
Linux kernel 2.0, 2.2 and 2.4 with syncookies enabled allows remote attackers to bypass firewall rules by brute force guessing the cookie.
5.0
2001-12-06 CVE-2001-0843 Squid Unspecified vulnerability in Squid web Proxy

Squid proxy server 2.4 and earlier allows remote attackers to cause a denial of service (crash) via a mkdir-only FTP PUT request.

5.0
2001-12-06 CVE-2001-0827 Grant Averett Denial of Service vulnerability in Cerberus FTP Server 'PASV'

Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a denial of service (crash) via a large number of "PASV" requests.

5.0
2001-12-06 CVE-2001-0822 Packet Knights Denial Of Service vulnerability in Packet Knights FPF Linux Kernel Module 1.0

FPF kernel module 1.0 allows a remote attacker to cause a denial of service via fragmented packets.

5.0
2001-12-06 CVE-2001-0821 Dcscripts Unspecified vulnerability in Dcscripts Dcshop 1.002Beta

The default configuration of DCShop 1.002 beta places sensitive files in the cgi-bin directory, which could allow remote attackers to read sensitive data via an HTTP GET request for (1) orders.txt or (2) auth_user_file.txt.

5.0
2001-12-06 CVE-2001-0796 SGI
Freebsd
Denial of Service vulnerability in SGI IRIX IGMP Multicast Packet

SGI IRIX 6.5 through 6.5.12f and possibly earlier versions, and FreeBSD 3.0, allows remote attackers to cause a denial of service via a malformed IGMP multicast packet with a small response delay.

5.0
2001-12-06 CVE-2001-0721 Microsoft Unspecified vulnerability in Microsoft products

Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows remote attackers to cause a denial of service (memory consumption or crash) via a malformed UPnP request.

5.0
2001-12-06 CVE-2001-0716 Citrix Sessions Denial of Service vulnerability in Citrix MetaFrame

Citrix MetaFrame 1.8 Server with Service Pack 3, and XP Server Service Pack 1 and earlier, allows remote attackers to cause a denial of service (crash) via a large number of incomplete connections to the server.

5.0
2001-12-06 CVE-2001-0663 Microsoft Unspecified vulnerability in Microsoft Windows 2000 and Windows NT

Terminal Server in Windows NT and Windows 2000 allows remote attackers to cause a denial of service via a sequence of invalid Remote Desktop Protocol (RDP) packets.

5.0
2001-12-03 CVE-2001-0945 Microsoft Buffer Overflow vulnerability in Microsoft Outlook Express 5.0/5.0.1/5.0.2

Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh allows remote attackers to cause a denial of service via an e-mail message that contains a long line.

5.0
2001-12-06 CVE-2001-1272 Wliang Local root vulnerability in wmtv

wmtv 0.6.5 and earlier does not properly drop privileges, which allows local users to execute arbitrary commands via the -e (external command) option.

4.6
2001-12-06 CVE-2001-0858 Caldera Local Security vulnerability in Caldera Openunix and Unixware

Buffer overflow in pppattach and other linked PPP utilities in Caldera Open Unix 8.0 and UnixWare 7.1.0 and 7.1.1 allows local users to gain privileges.

4.6
2001-12-06 CVE-2001-0856 IBM Unspecified vulnerability in IBM 4758

Common Cryptographic Architecture (CCA) in IBM 4758 allows an attacker with physical access to the system and Combine_Key_Parts permissions, to steal DES and 3DES keys by using a brute force attack to create a 3DES exporter key.

4.6
2001-12-06 CVE-2001-0848 E Zone Media Unspecified vulnerability in E-Zone Media Fuse Talk

join.cfm in e-Zone Media Fuse Talk allows a local user to execute arbitrary SQL code via a semi-colon (;) in a form variable.

4.6
2001-12-06 CVE-2001-0845 DEC Unspecified vulnerability in DEC products

Vulnerability in DECwindows Motif Server on OpenVMS VAX or Alpha 6.2 through 7.3, and SEVMS VAX or Alpha 6.2, allows local users to gain access to unauthorized resources.

4.6
2001-12-06 CVE-2001-0831 Oracle Unspecified vulnerability in Oracle Database Server 8.1.7/9.0.1

Unknown vulnerability in Oracle Label Security in Oracle 8.1.7 and 9.0.1, when audit functionality, SET_LABEL, or SQL*Predicate is being used, allows local users to gain additional access.

4.6

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-12-06 CVE-2001-0806 Apple Unspecified vulnerability in Apple mac OS X

Apple MacOS X 10.0 and 10.1 allow a local user to read and write to a user's desktop folder via insecure default permissions for the Desktop when it is created in some languages.

3.6
2001-12-04 CVE-2001-0946 Redhat Denial-Of-Service vulnerability in Redhat Linux 7.2

apmscript in Apmd in Red Hat 7.2 "Enigma" allows local users to create or change the modification dates of arbitrary files via a symlink attack on the LOW_POWER temporary file, which could be used to cause a denial of service, e.g.

3.6
2001-12-06 CVE-2001-0807 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 5.0

Internet Explorer 5.0, and possibly other versions, may allow remote attackers (malicious web pages) to read known text files from a client's hard drive via a SCRIPT tag with a SRC value that points to the text file.

2.6
2001-12-06 CVE-2001-0837 Deltathree Information Disclosure vulnerability in Deltathree Pc-To-Phone 3.0.3

DeltaThree Pc-To-Phone 3.0.3 places sensitive data in world-readable locations in the installation directory, which allows local users to read the information in (1) temp.html, (2) the log folder, and (3) the PhoneBook folder.

2.1
2001-12-06 CVE-2001-0832 Oracle Local Security vulnerability in Oracle9i Enterprise Edition

Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local users to overwrite arbitrary files, possibly via a symlink attack or incorrect file permissions in (1) the ORACLE_HOME/rdbms/log directory or (2) an alternate directory as specified in the ORACLE_HOME environmental variable, aka the "Oracle File Overwrite Security Vulnerability."

2.1
2001-12-06 CVE-2001-0809 HP Local Security vulnerability in HP-Ux 11.00/11.11

Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX 11.0 and 11.11, when configured as a print server, allows local users to overwrite arbitrary files by modifying certain resources.

2.1