Weekly Vulnerabilities Reports > December 31, 2001 to January 6, 2002

Overview

109 new vulnerabilities reported during this period, including 5 critical vulnerabilities and 32 high severity vulnerabilities. This weekly summary report vulnerabilities in 99 products from 67 vendors including Microsoft, Macromedia, SUN, IBM, and Apple. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Session Fixation", "Improper Input Validation", and "Improper Authentication".

  • 71 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 109 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 13 reported vulnerabilities.
  • Trend Micro has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

5 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-12-31 CVE-2001-1583 SUN Remote Command Execution vulnerability in Solaris lpd

lpd daemon (in.lpd) in Solaris 8 and earlier allows remote attackers to execute arbitrary commands via a job request with a crafted control file that is not properly handled when lpd invokes a mail program.

10.0
2001-12-31 CVE-2001-1574 Trend Micro Remote Security vulnerability in Trend Micro Interscan Viruswall 3.5.1

Buffer overflow in (1) HttpSaveCVP.dll and (2) HttpSaveCSP.dll in Trend Micro InterScan VirusWall 3.5.1 allows remote attackers to execute arbitrary code.

10.0
2001-12-31 CVE-2001-1573 Trend Micro Remote Security vulnerability in Trend Micro Interscan Viruswall 3.51

Buffer overflow in smtpscan.dll for Trend Micro InterScan VirusWall 3.51 for Windows NT has allows remote attackers to execute arbitrary code via a certain configuration parameter.

10.0
2001-12-31 CVE-2001-1514 Macromedia Unspecified vulnerability in Macromedia Coldfusion 4.5/5.0

ColdFusion 4.5 and 5, when running on Windows with the advanced security sandbox type set to "operating system," does not properly pass security context to (1) child processes created with <CFEXECUTE> and (2) child processes that call the CreateProcess function and are executed with <CFOBJECT> or end with the CFX extension, which allows attackers to execute programs with the permissions of the System account.

10.0
2001-12-31 CVE-2001-1481 Imatix Unspecified vulnerability in Imatix Xitami 2.4/2.5/2.5B4

Xitami 2.4 through 2.5 b4 stores the Administrator password in plaintext in the default.aut file, whose default permissions are world-readable, which allows remote attackers to gain privileges.

10.0

32 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-12-31 CVE-2001-1584 Michael Barretto Improper Input Validation vulnerability in Michael Barretto Cardboard 2.4

CardBoard 2.4 greeting card CGI by Michael Barretto allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient field.

7.5
2001-12-31 CVE-2001-1581 Clearswift Limited Security Bypass vulnerability in Clearswift Limited Mailsweeper 4.2

The File Blocker feature in Clearswift MAILsweeper for SMTP 4.2 allows remote attackers to bypass e-mail attachment filtering policies via a modified name in a Content-Type header.

7.5
2001-12-31 CVE-2001-1577 Caldera Unspecified vulnerability in Caldera Openunix and Unixware

Unknown vulnerability in CDE in Caldera OpenUnix 7.1.0, 7.1.1, and 8.0 allows an xterm session to gain privileges when the session is reused.

7.5
2001-12-31 CVE-2001-1572 Linux Unspecified vulnerability in Linux Kernel

The MAC module in Netfilter in Linux kernel 2.4.1 through 2.4.11, when configured to filter based on MAC addresses, allows remote attackers to bypass packet filters via small packets.

7.5
2001-12-31 CVE-2001-1566 Vanessa
Verge
Format string vulnerability in libvanessa_logger 0.0.1 in Perdition 0.1.8 allows remote attackers to execute arbitrary code via format string specifiers in the __vanessa_logger_log function.
7.5
2001-12-31 CVE-2001-1563 Apache
HP
Remote Security vulnerability in Tomcat

Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for Linux 1.0 allows attackers to access servlet resources.

7.5
2001-12-31 CVE-2001-1557 IBM Remote Security vulnerability in AIX 4.3/5.1

Buffer overflow in ftpd in IBM AIX 4.3 and 5.1 allows attackers to gain privileges.

7.5
2001-12-31 CVE-2001-1547 Microsoft Remote Security vulnerability in Microsoft Outlook Express 6.0

Outlook Express 6.0, with "Do not allow attachments to be saved or opened that could potentially be a virus" enabled, does not block email attachments from forwarded messages, which could allow remote attackers to execute arbitrary code.

7.5
2001-12-31 CVE-2001-1543 Axis Unspecified vulnerability in Axis products

Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default administration password "pass", which allows remote attackers to gain access to the camera.

7.5
2001-12-31 CVE-2001-1542 Network Associates Unspecified vulnerability in Network Associates Webshield Smtp 4.5/4.5Mr1A

NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter improperly MIME encoded email attachments, which could allow remote attackers to bypass filtering and possibly execute arbitrary code in email clients that process the invalid attachments.

7.5
2001-12-31 CVE-2001-1538 Speedxess Unspecified vulnerability in Speedxess Ha-120 DSL Router

SpeedXess HA-120 DSL router has a default administrative password of "speedxess", which allows remote attackers to gain access.

7.5
2001-12-31 CVE-2001-1531 Apple Buffer Overflow vulnerability in Apple Claris Emailer 2.0V2

Buffer overflow in Claris Emailer 2.0v2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an email attachment with a long filename.

7.5
2001-12-31 CVE-2001-1529 IBM Remote Security vulnerability in AIX

Buffer overflow in rpc.yppasswdd (yppasswd server) in AIX allows attackers to gain unauthorized access via a long string.

7.5
2001-12-31 CVE-2001-1513 Macromedia Unspecified vulnerability in Macromedia Jrun 3.0/3.1

Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain duplicate active user session IDs and perform actions as other users via a URL request for the web application directory without the trailing '/' (slash), as demonstrated using ctx.

7.5
2001-12-31 CVE-2001-1507 Openbsd Unspecified vulnerability in Openbsd Openssh 3.0/3.0P1

OpenSSH before 3.0.1 with Kerberos V enabled does not properly authenticate users, which could allow remote attackers to login unchallenged.

7.5
2001-12-31 CVE-2001-1504 IBM Unspecified vulnerability in IBM Lotus Notes 4.6/5.0

Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary commands via a Lotus Notes object with code in an event, which is automatically executed when the user processes the e-mail message.

7.5
2001-12-31 CVE-2001-1502 Mountain Network Systems Unspecified vulnerability in Mountain Network Systems Webcart 8.4

webcart.cgi in Mountain Network Systems WebCart 8.4 allows remote attackers to execute arbitrary commands via shell metacharacters in the NEXTPAGE parameter.

7.5
2001-12-31 CVE-2001-1500 Proftpd Project Unspecified vulnerability in Proftpd Project Proftpd

ProFTPD 1.2.2rc2, and possibly other versions, does not properly verify reverse-resolved hostnames by performing forward resolution, which allows remote attackers to bypass ACLs or cause an incorrect client hostname to be logged.

7.5
2001-12-31 CVE-2001-1496 Acme Labs Buffer Overflow vulnerability in thttpd Basic Authentication

Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd 1.95 through 2.20 allows remote attackers to cause a denial of service and possibly execute arbitrary code.

7.5
2001-12-31 CVE-2001-1495 Freshmeat Remote Command Execution vulnerability in Network Query Tool

network_query.php in Network Query Tool 1.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the target parameter.

7.5
2001-12-31 CVE-2001-1484 Alcatel Remote Security vulnerability in Adsl Modem 1000

Alcatel ADSL modems allow remote attackers to access the Trivial File Transfer Protocol (TFTP) to modify firmware and configuration via a bounce attack from a system on the local area network (LAN) side, which is allowed to access TFTP without authentication.

7.5
2001-12-31 CVE-2001-1482 Phpbb Group Remote SQL Query Manipulation vulnerability in PHPbb Group PHPbb 1.4.2

SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 allows remote attackers to execute arbitrary SQL queries via the $sortby variable.

7.5
2001-12-31 CVE-2001-1480 Apple
SUN
Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows untrusted applets to access the system clipboard.
7.5
2001-12-31 CVE-2001-1211 Ipswitch Privilege Escalation vulnerability in Ipswitch IMail Domain Administration

Ipswitch IMail 7.0.4 and earlier allows attackers with administrator privileges to read and modify user alias and mailing list information for other domains hosted by the same server via the (1) aliasadmin or (2) listadm1 CGI programs, which do not properly verify that an administrator is the administrator for the target domain.

7.5
2001-12-31 CVE-2001-1208 Daydream Remote Security vulnerability in DayDream BBS

Format string vulnerability in DayDream BBS allows remote attackers to execute arbitrary code via format string specifiers in a file containing a ~#RA control code.

7.5
2002-01-02 CVE-2002-1594 Grpck
Pwck
Local Security vulnerability in Grpck

Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a system as recommended in some AIX documentation, may allow local users to gain privileges via a long command line argument.

7.2
2001-12-31 CVE-2001-1582 SUN Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in SUN Solaris and Sunos

Buffer overflow in the LDAP naming services library (libsldap) in Sun Solaris 8 allows local users to execute arbitrary code via a long LDAP_OPTIONS environment variable to a privileged program that uses libsldap.

7.2
2001-12-31 CVE-2001-1562 BSD Unspecified vulnerability in BSD NVI 1.79

Format string vulnerability in nvi before 1.79 allows local users to gain privileges via format string specifiers in a filename.

7.2
2001-12-31 CVE-2001-1561 John Bovey
Debian
Buffer Overflow vulnerability in Xvt

Buffer overflow in Xvt 2.1 in Debian Linux 2.2 allows local users to execute arbitrary code via long (1) -name and (2) -T arguments.

7.2
2001-12-31 CVE-2001-1541 Bsdi Buffer Overflow vulnerability in BSD/OS UUCP Argument

Buffer overflow in Unix-to-Unix Copy Protocol (UUCP) in BSDI BSD/OS 3.0 through 4.2 allows local users to execute arbitrary code via a long command line argument.

7.2
2001-12-31 CVE-2001-1498 Markus Kliegl Buffer Overflow vulnerability in Markus Kliegl MOD BF 0.2

Buffer overflow in mod_bf 0.2 allows local users to execute arbitrary commands via a long script.

7.2
2001-12-31 CVE-2001-1478 Caldera Buffer Overflow vulnerability in Caldera Openunix and Unixware

Buffer overflow in xlock in UnixWare 7.1.0 and 7.1.1 and Open Unix 8.0.0 allows local users to execute arbitrary code.

7.2

51 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-12-31 CVE-2001-1585 Openbsd Improper Authentication vulnerability in Openbsd Openssh 2.3.1

SSH protocol 2 (aka SSH-2) public key authentication in the development snapshot of OpenSSH 2.3.1, available from 2001-01-18 through 2001-02-08, does not perform a challenge-response step to ensure that the client has the proper private key, which allows remote attackers to bypass authentication as other users by supplying a public key from that user's authorized_keys file.

6.8
2001-12-31 CVE-2001-1569 CMG Remote Security vulnerability in Openwave Wap Gateway

Openwave WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-in-the-middle attack.

6.4
2001-12-31 CVE-2001-1568 CMG Remote Security vulnerability in Wap Gateway

CMG WAP gateway does not verify the fully qualified domain name URL with X.509 certificates from root certificate authorities, which allows remote attackers to spoof SSL certificates via a man-in-the-middle attack.

6.4
2001-12-31 CVE-2001-1512 Macromedia Unspecified vulnerability in Macromedia Jrun 3.1

Unknown vulnerability in Allaire JRun 3.1 allows remote attackers to directly access the WEB-INF and META-INF directories and execute arbitrary JavaServer Pages (JSP), a variant of CVE-2000-1050.

6.4
2001-12-31 CVE-2001-1580 Nombas
Novell
Directory traversal vulnerability in ScriptEase viewcode.jse for Netware 5.1 before 5.1 SP3 allows remote attackers to read arbitrary files via ".." sequences in the query string.
5.0
2001-12-31 CVE-2001-1579 SCO Denial-Of-Service vulnerability in SCO Open Unix and Unixware

The timed program (in.timed) in UnixWare 7 and OpenUnix 8.0.0 does not properly terminate certain strings with a null, which allows remote attackers to cause a denial of service.

5.0
2001-12-31 CVE-2001-1575 Apple Authentication DoS vulnerability in Apple Personal web Sharing 1.1/1.5/1.5.5

Apple Personal Web Sharing (PWS) 1.1, 1.5, and 1.5.5, when Web Sharing authentication is enabled, allows remote attackers to cause a denial of service via a long password, possibly due to a buffer overflow.

5.0
2001-12-31 CVE-2001-1571 Microsoft Remote Desktop Plaintext Username vulnerability in Microsoft Windows XP

The Remote Desktop client in Windows XP sends the most recent user account name in cleartext, which could allow remote attackers to obtain terminal server user account names via sniffing.

5.0
2001-12-31 CVE-2001-1567 IBM Remote Authentication Bypass vulnerability in IBM Lotus Domino and Lotus Domino Server

Lotus Domino server 5.0.9a and earlier allows remote attackers to bypass security restrictions and view Notes database files and possibly sensitive Notes template files (.ntf) via an HTTP request with a large number of "+" characters before the .nsf file extension, which are converted to spaces by Domino.

5.0
2001-12-31 CVE-2001-1558 Snort Denial-Of-Service vulnerability in Snort 1.8.0/1.8.1/1.8.2

Unknown vulnerability in IP defragmenter (frag2) in Snort before 1.8.3 allows attackers to cause a denial of service (crash).

5.0
2001-12-31 CVE-2001-1556 Apache Remote Security vulnerability in Apache

The log files in Apache web server contain information directly supplied by clients and does not filter or quote control characters, which could allow remote attackers to hide HTTP requests and spoof source IP addresses when logs are viewed with UNIX programs such as cat, tail, and grep.

5.0
2001-12-31 CVE-2001-1554 IBM Denial-Of-Service vulnerability in IBM AIX 430

IBM AIX 430 does not properly unlock IPPMTU_LOCK, which allows remote attackers to cause a denial of service (hang) via Path Maximum Transmit Unit (PMTU) IP packets.

5.0
2001-12-31 CVE-2001-1552 Microsoft Denial of Service vulnerability in Windows ME Simple Service Discovery Protocol

ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of service by sending multiple newlines in a Simple Service Discovery Protocol (SSDP) message.

5.0
2001-12-31 CVE-2001-1545 Macromedia Unspecified vulnerability in Macromedia Jrun 3.0/3.1

Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a.

5.0
2001-12-31 CVE-2001-1544 Macromedia Directory Traversal vulnerability in Macromedia Jrun 2.3.3/3.0/3.1

Directory traversal vulnerability in Macromedia JRun Web Server (JWS) 2.3.3, 3.0 and 3.1 allows remote attackers to read arbitrary files via a ..

5.0
2001-12-31 CVE-2001-1540 David F Mischler Denial-Of-Service vulnerability in David F. Mischler Iproute 0.973/0.974/1.18

IPRoute 0.973, 0.974 and 1.18 allows remote attackers to cause a denial of service via fragmented IP packets that split the TCP header.

5.0
2001-12-31 CVE-2001-1539 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Internet Explorer 6.0.2900

Stack consumption vulnerability in Internet Explorer The JavaScript settimeout function in Internet Explorer allows remote attackers to cause a denial of service (crash) via the JavaScript settimeout function.

5.0
2001-12-31 CVE-2001-1537 Twig Unspecified vulnerability in Twig Webmail

The default "basic" security setting' in config.php for TWIG webmail 2.7.4 and earlier stores cleartext usernames and passwords in cookies, which could allow attackers to obtain authentication information and gain privileges.

5.0
2001-12-31 CVE-2001-1536 Autogalaxy Unspecified vulnerability in Autogalaxy

Autogalaxy stores usernames and passwords in cleartext in cookies, which makes it easier for remote attackers to obtain authentication information and gain unauthorized access via sniffing or a cross-site scripting attack.

5.0
2001-12-31 CVE-2001-1533 Microsoft Denial of Service vulnerability in Microsoft ISA Server 2000

** DISPUTED * Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service via a flood of fragmented UDP packets.

5.0
2001-12-31 CVE-2001-1532 WEB Crossing Remote Security vulnerability in Webx

WebX stores authentication information in the HTTP_REFERER variable, which is included in URL links within bulletin board messages posted by users, which could allow remote attackers to hijack user sessions.

5.0
2001-12-31 CVE-2001-1528 Amtote International Unspecified vulnerability in Amtote International Homebet

AmTote International homebet program returns different error messages when invalid account numbers and PIN codes are provided, which allows remote attackers to determine the existence of valid account numbers via a brute force attack.

5.0
2001-12-31 CVE-2001-1525 Easyscripts Unspecified vulnerability in Easyscripts Easynews 1.5

Directory traversal vulnerability in the comments action in easyNews 1.5 and earlier allows remote attackers to modify news.dat, template.dat and possibly other files via a ".." in the cid parameter.

5.0
2001-12-31 CVE-2001-1515 Microsoft Unspecified vulnerability in Microsoft Windows 2000

Macintosh clients, when using NT file system volumes on Windows 2000 SP1, create subdirectories and automatically modify the inherited NTFS permissions, which may cause the directories to have less restrictive permissions than intended.

5.0
2001-12-31 CVE-2001-1511 Macromedia Remote Security vulnerability in Jrun 3.0/3.1

JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows remote attackers to read arbitrary JavaServer Pages (JSP) source code via a request URL containing the source filename ending in (1) "jsp%00" or (2) "js%2570".

5.0
2001-12-31 CVE-2001-1510 Macromedia Unspecified vulnerability in Macromedia Jrun 2.3.3/3.0/3.1

Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, Apache, JRun web server (JWS), and possibly other web servers allows remote attackers to read arbitrary files and directories by appending (1) "%3f.jsp", (2) "?.jsp" or (3) "?" to the requested URL.

5.0
2001-12-31 CVE-2001-1505 Tinc Unspecified vulnerability in Tinc 1.0Pre3/1.0Pre4

tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into user sessions by sniffing and replaying packets.

5.0
2001-12-31 CVE-2001-1501 Proftpd Project Denial-Of-Service vulnerability in Proftpd Project Proftpd 1.2.1

The glob functionality in ProFTPD 1.2.1, and possibly other versions allows remote attackers to cause a denial of service (CPU and memory consumption) via commands with large numbers of wildcard and other special characters, as demonstrated using an ls command with multiple (1) "*/..", (2) "*/.*", or (3) ".*./*?/" sequences in the argument.

5.0
2001-12-31 CVE-2001-1499 Checkpoint Unspecified vulnerability in Checkpoint Vpn-1 4.1

Check Point VPN-1 4.1SP4 using SecuRemote returns different error messages for valid and invalid users, with prompts that vary depending on the authentication method being used, which makes it easier for remote attackers to conduct brute force attacks.

5.0
2001-12-31 CVE-2001-1491 Opera Software Denial of Service vulnerability in Opera Software Opera web Browser 5.1.1

Opera 5.11 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.

5.0
2001-12-31 CVE-2001-1490 Mozilla Denial of Service vulnerability in Mozilla 0.9.6

Mozilla 0.9.6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.

5.0
2001-12-31 CVE-2001-1489 Microsoft Denial of Service vulnerability in Microsoft IE 6

Microsoft Internet Explorer 6 allows remote attackers to cause a denial of service (CPU consumption and memory leak) via a web page with a large number of images.

5.0
2001-12-31 CVE-2001-1488 Open Projects Network Remote Security vulnerability in Open Projects Network Open Projects Network Ircd U2.10.05.18

Open Projects Network Internet Relay Chat (IRC) daemon u2.10.05.18 does not perform a double-reverse DNS lookup, which allows remote attackers to spoof any valid hostname on the Internet.

5.0
2001-12-31 CVE-2001-1483 NRL Unspecified vulnerability in NRL Opie 2.32/2.4

One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows remote attackers to determine the existence of user accounts by printing random passphrases if the user account does not exist and static passphrases if the user account does exist.

5.0
2001-12-31 CVE-2001-1209 ABE Timmerman Unspecified vulnerability in ABE Timmerman Zml.Cgi 0.0

Directory traversal vulnerability in zml.cgi allows remote attackers to read arbitrary files via a ..

5.0
2001-12-31 CVE-2001-1576 Caldera Local Security vulnerability in Caldera Unixware 7

Buffer overflow in cron in Caldera UnixWare 7 allows local users to execute arbitrary code via a command line argument.

4.6
2001-12-31 CVE-2001-1555 SUN Unspecified vulnerability in SUN Solaris and Sunos

pt_chmod in Solaris 8 does not call fdetach to reset terminal privileges when users log out of terminals, which allows local users to write to other users' terminals by modifying the ACL of a TTY.

4.6
2001-12-31 CVE-2001-1553 University OF California Local Security vulnerability in University of California Seti AT Home 3.03

Buffer overflow in setiathome for SETI@home 3.03, if installed setuid, could allow local users to execute arbitrary code via long command line options (1) socks_server, (2) socks_user, and (3) socks_passwd.

4.6
2001-12-31 CVE-2001-1546 Mckesson Unspecified vulnerability in Mckesson Pathways Homecare 6.5

Pathways Homecare 6.5 uses weak encryption for user names and passwords, which allows local users to gain privileges by recovering the passwords from the pwhc.ini file.

4.6
2001-12-31 CVE-2001-1535 Open Source Development Network Local Security vulnerability in Open Source Development Network Slashcode 2.0

Slashcode 2.0 creates new accounts with an 8-character random password, which could allow local users to obtain session ID's from cookies and gain unauthorized access via a brute force attack.

4.6
2001-12-31 CVE-2001-1530 Webmin Local Security vulnerability in Webmin 0.80/0.88

run.cgi in Webmin 0.80 and 0.88 creates temporary files with world-writable permissions, which allows local users to execute arbitrary commands.

4.6
2001-12-31 CVE-2001-1509 HP Unspecified vulnerability in HP Hp-Ux 11.20

geteuid in Itanium Architecture (IA) running on HP-UX 11.20 does not properly identify a user's effective user id, which could allow local users to gain privileges.

4.6
2001-12-31 CVE-2001-1508 SCO Buffer Overflow vulnerability in SCO OpenServer lpstat

Buffer overflow in lpstat in SCO OpenServer 5.0 through 5.0.6a allows local users to execute arbitrary code as group bin via a long command line argument.

4.6
2001-12-31 CVE-2001-1506 HP Unspecified vulnerability in HP Secure OS 1.0

Unknown vulnerability in the file system protection subsystem in HP Secure OS Software for Linux 1.0 allows additional user privileges on some files beyond what is specified in the file system protection rules, which allows local users to conduct unauthorized operations on restricted files.

4.6
2001-12-31 CVE-2001-1487 Qualcomm Local Security vulnerability in qpopper

popauth utility in Qualcomm Qpopper 4.0 and earlier allows local users to overwrite arbitrary files and execute commands as the pop user via a symlink attack on the -trace file option.

4.6
2001-12-31 CVE-2001-1477 BEA Local Security vulnerability in BEA Tuxedo 7.1

The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remote domain.

4.6
2001-12-31 CVE-2001-1526 Easyscripts Cross-Site Scripting vulnerability in Easyscripts Easynews 1.5

Cross-site scripting (XSS) vulnerability in the comments action in index.php in easyNews 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the zeit parameter.

4.3
2001-12-31 CVE-2001-1524 Francisco Burzi Cross-Site Scripting vulnerability in PHPNuke

Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) uname parameter in user.php, (2) ttitle, letter and file parameters in modules.php, (3) subject, story and storyext parameters in submit.php, (4) upload parameter in admin.php and (5) fname parameter in friend.php.

4.3
2001-12-31 CVE-2001-1523 Dmozgateway Cross-Site Scripting vulnerability in Dmozgateway

Cross-site scripting (XSS) vulnerability in the DMOZGateway module for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via the topic parameter.

4.3
2001-12-31 CVE-2001-1522 Francisco Burzi Cross-Site Scripting vulnerability in Francisco Burzi PHP-Nuke 8.0Final

Cross-site scripting (XSS) vulnerability in im.php in IMessenger for PHP-Nuke allows remote attackers to inject arbitrary web script or HTML via a message.

4.3
2001-12-31 CVE-2001-1516 Hans Wolters Unspecified vulnerability in Hans Wolters PHPreview

Cross-site scripting (XSS) vulnerability in phpReview 0.9.0 rc2 and earlier allows remote attackers to inject arbitrary web script or HTML via user-submitted reviews.

4.3

21 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2001-12-31 CVE-2001-1519 Microsoft Unspecified vulnerability in Microsoft Windows 2000

** DISPUTED ** RunAs (runas.exe) in Windows 2000 allows local users to create a spoofed named pipe when the service is stopped, then capture cleartext usernames and passwords when clients connect to the service.

3.6
2001-12-31 CVE-2001-1521 Postnuke Software Foundation Cross-Site Scripting vulnerability in Postnuke Software Foundation Postnuke 0.62/0.63/0.64

Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 allows remote attackers to inject arbitrary web script or HTML via the uname parameter.

2.6
2001-12-31 CVE-2001-1578 SCO Local Security vulnerability in SCO Openserver 5.0.6

Unknown vulnerability in SCO OpenServer 5.0.6 and earlier allows local users to modify critical information such as certain CPU registers and segment descriptors.

2.1
2001-12-31 CVE-2001-1570 Microsoft Unspecified vulnerability in Microsoft Windows XP

Windows XP with fast user switching and account lockout enabled allows local users to deny user account access by setting the fast user switch to the same user (self) multiple times, which causes other accounts to be locked out.

2.1
2001-12-31 CVE-2001-1565 Apple Authentication Credentials Disclosure vulnerability in Apple Mac OS X PPP

Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through 10.1.5 provides the username and password on the command line, which allows local users to obtain authentication information via the ps command.

2.1
2001-12-31 CVE-2001-1564 HP Unspecified vulnerability in HP Hp-Ux

setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11 does not properly enforce core file size on processes after setuid or setgid privileges are dropped, which could allow local users to cause a denial of service by exhausting available disk space.

2.1
2001-12-31 CVE-2001-1560 Microsoft Denial of Service vulnerability in Microsoft Windows 2000 and Windows XP

Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and XP allows local users to cause a denial of service (system crash) by calling the ShowWindow function after receiving a WM_NCCREATE message.

2.1
2001-12-31 CVE-2001-1559 Openbsd Denial-Of-Service vulnerability in Openbsd 2.9/3.0

The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide user mode return instead of versus rval kernel mode values to the fdrelease function, which allows local users to cause a denial of service and trigger a null dereference.

2.1
2001-12-31 CVE-2001-1551 Linux Local Security vulnerability in Linux Kernel 2.2.19

Linux kernel 2.2.19 enables CAP_SYS_RESOURCE for setuid processes, which allows local users to exceed disk quota restrictions during execution of setuid programs.

2.1
2001-12-31 CVE-2001-1550 Centra Unspecified vulnerability in Centra Asp, Centraone and Smart Connect

CentraOne 5.2 and Centra ASP with basic authentication enabled creates world-writable base64 encoded log files, which allows local users to obtain cleartext passwords from decoded log files and impersonate users.

2.1
2001-12-31 CVE-2001-1549 Tiny Software Unspecified vulnerability in Tiny Software Tiny Personal Firewall 1.0/2.0

Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters.

2.1
2001-12-31 CVE-2001-1548 Zonelabs Unspecified vulnerability in Zonelabs Zonealarm

ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local users to bypass filtering via non-standard TCP packets created with non-Windows protocol adapters.

2.1
2001-12-31 CVE-2001-1534 Apache Session Fixation vulnerability in Apache Http Server

mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's using predictable information including host IP address, system time and server process ID, which allows local users to obtain session ID's and bypass authentication when these session ID's are used for authentication.

2.1
2001-12-31 CVE-2001-1527 Easyscripts Local Security vulnerability in Easyscripts Easynews 1.5

easyNews 1.5 and earlier stores administration passwords in cleartext in settings.php, which allows local users to obtain the passwords and gain access.

2.1
2001-12-31 CVE-2001-1520 Intel Unspecified vulnerability in Intel Xircom REX 6000 1

Xircom REX 6000 allows local users to obtain the 10 digit PIN by starting a serial monitor, connecting to the personal digital assistant (PDA) via Rextools, and capturing the cleartext PIN.

2.1
2001-12-31 CVE-2001-1518 Microsoft Denial of Services vulnerability in Microsoft Windows 2000 RunAs Service

RunAs (runas.exe) in Windows 2000 only creates one session instance at a time, which allows local users to cause a denial of service (RunAs hang) by creating a named pipe session with the authentication server without any request for service.

2.1
2001-12-31 CVE-2001-1517 Microsoft Unspecified vulnerability in Microsoft Windows 2000

** DISPUTED ** RunAs (runas.exe) in Windows 2000 stores cleartext authentication information in memory, which could allow attackers to obtain usernames and passwords by executing a process that is allocated the same memory page after termination of a RunAs command.

2.1
2001-12-31 CVE-2001-1503 SUN Information Disclosure vulnerability in Solaris in.fingerd

The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS 5.5 through 5.8 allows remote attackers to list all accounts on a host by typing finger 'a b c d e f g h'@host.

2.1
2001-12-31 CVE-2001-1497 Microsoft Unspecified vulnerability in Microsoft IE and Internet Explorer

Microsoft Internet Explorer 4.0 through 6.0 could allow local users to differentiate between alphanumeric and non-alphanumeric characters used in a password by pressing certain control keys that jump between non-alphanumeric characters, which makes it easier to conduct a brute-force password guessing attack.

2.1
2001-12-31 CVE-2001-1494 Andries Brouwer Unspecified vulnerability in Andries Brouwer Util-Linux

script command in the util-linux package before 2.11n allows local users to overwrite arbitrary files by setting a hardlink from the typescript log file to any file on the system, then having root execute the script command.

2.1
2001-12-31 CVE-2001-1479 SUN Unspecified vulnerability in SUN Management+Center 2.0

smcboot in Sun SMC (Sun Management Center) 2.0 in Solaris 8 allows local users to delete arbitrary files via a symlink attack on /tmp/smc$SMC_PORT.

2.1