Weekly Vulnerabilities Reports > May 27 to June 2, 2002

Overview

99 new vulnerabilities reported during this period, including 8 critical vulnerabilities and 47 high severity vulnerabilities. This weekly summary report vulnerabilities in 93 products from 70 vendors including Microsoft, Apache, Netwin, Alcatel Lucent, and SGI. Vulnerabilities are notably categorized as and "Cross-site Scripting".

  • 75 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities have public exploit available.
  • 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 99 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 10 reported vulnerabilities.
  • Oracle has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

8 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2002-05-31 CVE-2002-0311 Caldera Unspecified vulnerability in Caldera Openunix and Unixware

Vulnerability in webtop in UnixWare 7.1.1 and Open UNIX 8.0.0 allows local and possibly remote attackers to gain root privileges via shell metacharacters in the -c argument for (1) in scoadminreg.cgi or (2) service_action.cgi.

10.0
2002-05-31 CVE-2002-0308 Stefan Holmberg Remote SQL Injection vulnerability in Stefan Holmberg Admentor 2.11

admin.asp in AdMentor 2.11 allows remote attackers to bypass authentication and gain privileges via a SQL injection attack on the Login and Password arguments.

10.0
2002-05-31 CVE-2002-0287 Powie SQL Injection User Authentication vulnerability in Powie's PForum

pforum 1.14 and earlier does not explicitly enable PHP magic quotes, which allows remote attackers to bypass authentication and gain administrator privileges via an SQL injection attack when the PHP server is not configured to use magic quotes by default.

10.0
2002-05-31 CVE-2002-0272 Mpg321 Buffer Overflow vulnerability in Mpg321 0.2.2/0.2.3/0.2.9

Buffer overflows in mpg321 before 0.2.9 allows local and possibly remote attackers to execute arbitrary code via a long URL to (1) a command line option, (2) an HTTP request, or (3) an FTP request.

10.0
2002-05-29 CVE-2002-0267 Sips Unspecified vulnerability in Sips

preferences.php in Simple Internet Publishing System (SIPS) before 0.3.1 allows remote attackers to gain administrative privileges via a linebreak in the "theme" field followed by the Status::admin command, which causes the Status line to be entered into the password file.

10.0
2002-05-29 CVE-2002-0255 Arescom Unspecified vulnerability in Arescom Netdsl 800U

The default configuration of Arescom NetDSL 800 does not require authentication, which allows remote attackers to cause a denial of service or reconfigure the router.

10.0
2002-05-29 CVE-2002-0033 SUN Heap Overflow vulnerability in Solaris cachefsd

Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd allows remote attackers to execute arbitrary code via a request with a long directory and cache name.

10.0
2002-05-27 CVE-2002-1641 Oracle Remotely Exploitable Buffer Overflow vulnerability in Oracle Web Cache

Multiple buffer overflows in Oracle Web Cache for Oracle 9i Application Server (9iAS) allow remote attackers to execute arbitrary code via unknown vectors.

10.0

47 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2002-05-31 CVE-2002-0299 Cnet Remote Arbitrary Code Execution vulnerability in CNet CatchUp

CNet CatchUp before 1.3.1 allows attackers to execute arbitrary code via a .RVP file that creates a file with an arbitrary extension (such as .BAT), which is executed during a scan.

7.6
2002-05-31 CVE-2002-0310 Netwin Unspecified vulnerability in Netwin Webnews

Netwin WebNews 1.1k CGI program includes several default usernames and cleartext passwords that cannot be deleted by the administrator, which allows remote attackers to gain privileges via the username/password combinations (1) testweb/newstest, (2) alwn3845/imaptest, (3) alwi3845/wtest3452, or (4) testweb2/wtest4879.

7.5
2002-05-31 CVE-2002-0307 Avengers News System Directory Traversal vulnerability in Avengers News System Avengers News System 2.01/2.11

Directory traversal vulnerability in ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote attackers to determine the existence of arbitrary files or execute any Perl program on the system via a ..

7.5
2002-05-31 CVE-2002-0306 Avengers News System Remote Command Execution vulnerability in Avengers News System Avengers News System 2.01/2.11

ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the p (plugin) parameter.

7.5
2002-05-31 CVE-2002-0290 Netwin Remote Buffer Overflow vulnerability in Netwin Webnews 1.1H/1.1I/1.1J

Buffer overflow in Netwin WebNews CGI program 1.1, Webnews.exe, allows remote attackers to execute arbitrary code via a long group argument.

7.5
2002-05-31 CVE-2002-0286 Sitenews Unspecified vulnerability in Sitenews

The GetPassword function in function.php of SiteNews 0.10 and 0.11 allows remote attackers to gain privileges and add users by providing a non-existent user name and the MD5 checksum for an empty password to add_user.php, which causes GetPassword to produce and compare a blank password for the non-existent user.

7.5
2002-05-31 CVE-2002-0285 Microsoft Unspecified vulnerability in Microsoft Outlook Express 5.5/6.0

Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") in a message header as if it were a valid carriage return/line feed combination (CR/LF), which could allow remote attackers to bypass virus protection and or other filtering mechanisms via a mail message with headers that only contain the CR, which causes Outlook to create separate headers.

7.5
2002-05-31 CVE-2002-0280 Codeblue Remote Security vulnerability in Codeblue

Buffer overflow in CodeBlue 4 and earlier, and possibly other versions, allows remote attackers to execute arbitrary code via a long string in an SMTP reply.

7.5
2002-05-31 CVE-2002-0278 Add2It Directory Traversal vulnerability in Mailman Free

Directory traversal vulnerability in Add2it Mailman Free 1.73 and earlier allows remote attackers to modify arbitrary files via a ..

7.5
2002-05-31 CVE-2002-0277 Add2It Remote Arbitrary Command Execution vulnerability in Add2it Mailman Free

Add2it Mailman Free 1.73 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the list parameter.

7.5
2002-05-31 CVE-2002-0276 Ettercap Buffer Overflow vulnerability in Ettercap 0.6.3.1

Buffer overflow in various decoders in Ettercap 0.6.3.1 and earlier, when running on networks with an MTU greater than 2000, allows remote attackers to execute arbitrary code via large packets.

7.5
2002-05-29 CVE-2002-0374 Padl Software Unspecified vulnerability in Padl Software PAM Ldap

Format string vulnerability in the logging function for the pam_ldap PAM LDAP module before version 144 allows attackers to execute arbitrary code via format strings in the configuration file name.

7.5
2002-05-29 CVE-2002-0363 Aladdin Enterprises Unspecified vulnerability in Aladdin Enterprises Ghostscript

ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice.

7.5
2002-05-29 CVE-2002-0362 AOL Remote Buffer Overflow vulnerability in AOL Instant Messenger 4.2

Buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows remote attackers to execute arbitrary code via a long AddExternalApp request and a TLV type greater than 0x2711.

7.5
2002-05-29 CVE-2002-0269 Microsoft Unspecified vulnerability in Microsoft Internet Explorer

Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks.

7.5
2002-05-29 CVE-2002-0264 Cooolsoft Unspecified vulnerability in Cooolsoft Powerftp 2.03/2.10

PowerFTP Personal FTP Server 2.03 through 2.10 stores sensitive account information in plaintext in the ftpserver.ini file, which allows attackers with access to the file to gain privileges.

7.5
2002-05-29 CVE-2002-0263 Ezne NET Remote Buffer Overflow vulnerability in Ezne.Net Ezboard 2000 1.27

Buffer overflow in EasyBoard 2000 1.27 (aka EZboard) allows remote attackers to execute arbitrary code via a long boundary value in a multipart Content-Type header to (1) ezboard.cgi, (2) ezman.cgi, or (3) ezadmin.cgi.

7.5
2002-05-29 CVE-2002-0261 Instantservers INC Directory Traversal vulnerability in InstantServers MiniPortal

Directory traversal vulnerability in InstantServers MiniPortal 1.1.5 and earlier allows remote authenticated users to read arbitrary files via a ...

7.5
2002-05-29 CVE-2002-0260 Instantservers INC Remote Buffer Overlow vulnerability in InstantServers MiniPortal FTP Login

Buffer overflow in InstantServers MiniPortal 1.1.5 and earlier allows remote attackers to execute arbitrary code via a long login name, which is not properly handled by the logging utility.

7.5
2002-05-29 CVE-2002-0258 Icewarp
Merak
Merak Mail IceWarp Web Mail uses a static identifier as a user session ID that does not change across sessions, which could allow remote attackers with access to the ID to gain privileges as that user, e.g.
7.5
2002-05-29 CVE-2002-0257 Apache
Usanet Creations
Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3, (10) PHONE1, (11) PHONE2, (12) PHONE3, or (13) PHONE4.
7.5
2002-05-29 CVE-2002-0252 Apple Remote Buffer Overflow vulnerability in Apple QuickTime Content-Type

Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote web servers to execute arbitrary code via a response containing a long Content-Type MIME header.

7.5
2002-05-29 CVE-2002-0251 Licq Denial Of Service vulnerability in LICQ Format String

Buffer overflow in licq 1.0.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string of format string characters such as "%d".

7.5
2002-05-29 CVE-2002-0250 HP Authentication Bypass vulnerability in HP AdvanceStack Switch

Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration and modify the administrator password.

7.5
2002-05-29 CVE-2002-0245 Lotus Information Disclosure vulnerability in Lotus Domino Banner

Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the pathname in the error message, or (2) make any request that causes an HTTP 500 error, which leaks the server's version name in the HTTP error message.

7.5
2002-05-29 CVE-2002-0244 Atheos Unspecified vulnerability in Atheos 0.3.7

Directory traversal vulnerability in chroot function in AtheOS 0.3.7 allows attackers to escape the jail via a ..

7.5
2002-05-29 CVE-2002-0243 Opera Software Unspecified vulnerability in Opera Software Opera web Browser

Cross-site scripting vulnerability in Opera 6.0 and earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed.

7.5
2002-05-29 CVE-2002-0242 Microsoft Unspecified vulnerability in Microsoft Internet Explorer

Cross-site scripting vulnerability in Internet Explorer 6 earlier allows remote attackers to execute arbitrary script via an Extended HTML Form, whose output from the remote server is not properly cleansed.

7.5
2002-05-29 CVE-2002-0241 Cisco Authentication vulnerability in Cisco Secure Access Control Server 3.0.1

NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 does not check the Expired or Disabled state of users in the Novell Directory Services (NDS), which could allow those users to authenticate to the server.

7.5
2002-05-29 CVE-2002-0238 Netgear Cross-Site Scripting vulnerability in Netgear RT314/RT311 Gateway Router

Cross-site scripting vulnerability in web administration interface for NetGear RT314 and RT311 Gateway Routers allows remote attackers to execute arbitrary script on another client via a URL that contains the script.

7.5
2002-05-29 CVE-2002-0237 ISS Buffer Overflow vulnerability in ISS products

Buffer overflow in ISS BlackICE Defender 2.9 and earlier, BlackICE Agent 3.0 and 3.1, and RealSecure Server Sensor 6.0.1 and 6.5 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a flood of large ICMP ping packets.

7.5
2002-05-29 CVE-2002-0236 Lucent Authentication Bypass vulnerability in Lucent VitalNet Password

Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and VitalHelp/VitalAnalysis, allows remote attackers to bypass authentication via a direct HTTP request to the VsSetCookie.exe program, which returns a valid cookie for the desired user.

7.5
2002-05-29 CVE-2002-0235 Castelle Unspecified vulnerability in Castelle Faxpress 6.3

Castelle FaxPress, possibly 6.3 and other versions, when configured to use the Network print queue, allows attackers to obtain the username and password by submitting an incorrect login, which causes Faxpress to leak the correct username and password in plaintext in an error event.

7.5
2002-05-29 CVE-2002-0193 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 5.0.1/6.0

Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the first variant of the "Content Disposition" vulnerability.

7.5
2002-05-29 CVE-2002-0190 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0

Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code under fewer security restrictions via a malformed web page that requires NetBIOS connectivity, aka "Zone Spoofing through Malformed Web Page" vulnerability.

7.5
2002-05-29 CVE-2002-0189 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 5.0/5.5/6.0

Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local HTML Resource" vulnerability.

7.5
2002-05-29 CVE-2002-0188 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 5.01/6.0

Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back to the operating system for handling rather than raise an error message, aka the second variant of the "Content Disposition" vulnerability.

7.5
2002-05-29 CVE-2002-0155 Microsoft Remote Buffer Overflow vulnerability in Microsoft products

Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6, allows remote attackers to execute arbitrary code via a long ResDLL parameter in the MSNChat OCX.

7.5
2002-05-29 CVE-2002-0356 SGI Unspecified vulnerability in SGI Irix

Vulnerability in XFS filesystem reorganizer (fsr_xfs) in SGI IRIX 6.5.10 and earlier allows local users to gain root privileges by overwriting critical system files.

7.2
2002-05-29 CVE-2002-0268 Identix Authentication Bypass vulnerability in Identix Biologon 3.0

Identix BioLogon 3 allows users with physical access to the system to gain administrative privileges by using CTRL-ALT-DEL and running a "Browse" function, which runs Explorer with SYSTEM privileges.

7.2
2002-05-29 CVE-2002-0248 Wliang Unspecified vulnerability in Wliang Wmtv

wmtv 0.6.5 and earlier allows local users to modify arbitrary files via a symlink attack on a configuration file.

7.2
2002-05-29 CVE-2002-0247 Wliang Buffer Overflow vulnerability in WMTV

Buffer overflows in wmtv 0.6.5 and earlier may allow local users to gain privileges.

7.2
2002-05-29 CVE-2002-0246 Caldera Unspecified vulnerability in Caldera Unixware 7.1.1

Format string vulnerability in the message catalog library functions in UnixWare 7.1.1 allows local users to gain privileges by modifying the LC_MESSAGE environment variable to read other message catalogs containing format strings from setuid programs such as vxprint.

7.2
2002-05-29 CVE-2002-0239 Hanterm Local Buffer Overflow vulnerability in Hanterm 3.3/3.3.1

Buffer overflow in hanterm 3.3.1 and earlier allows local users to execute arbitrary code via a long string in the (1) -fn, (2) -hfb, or (3) -hfn argument.

7.2
2002-05-29 CVE-2002-0178 GNU Symbolic Link Attack vulnerability in GNU Sharutils 4.2

uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute commands.

7.2
2002-05-29 CVE-2002-0174 SGI Symbolic Link vulnerability in SGI Irix nsd

nsd on SGI IRIX before 6.5.11 allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the nsd.dump file.

7.2
2002-05-28 CVE-2002-1447 Cisco Local Buffer Overflow vulnerability in Cisco VPN Client for Unix

Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument.

7.2

36 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2002-05-31 CVE-2002-0293 Alcatel Lucent Local Security vulnerability in Alcatel-Lucent Omnipcx 4400

FTP service in Alcatel OmniPCX 4400 allows the "halt" user to gain root privileges by modifying root's .profile file.

6.2
2002-05-31 CVE-2002-0281 Codeworx Technologies Unspecified vulnerability in Codeworx Technologies Dcp-Portal

Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier allows remote attackers to gain privileges of other portal users by providing Javascript in the job information field to user_update.php.

5.1
2002-05-31 CVE-2002-0309 Symantec Unspecified vulnerability in Symantec Enterprise Firewall 6.5.2

SMTP proxy in Symantec Enterprise Firewall (SEF) 6.5.x includes the firewall's physical interface name and address in an SMTP protocol exchange when NAT translation is made to an address other than the firewall, which could allow remote attackers to determine certain firewall configuration information.

5.0
2002-05-31 CVE-2002-0305 Zero ONE Tech Unspecified vulnerability in Zero ONE Tech P100S

Zero One Tech (ZOT) P100s print server does not properly disable the SNMP service or change the default password, which could leave the server open to attack without the administrator's knowledge.

5.0
2002-05-31 CVE-2002-0304 Summit Computer Networks Unspecified vulnerability in Summit Computer Networks LIL Http Server 2.1

Lil HTTP Server 2.1 allows remote attackers to read password-protected files via a /./ in the HTTP request.

5.0
2002-05-31 CVE-2002-0302 Symantec Unspecified vulnerability in Symantec Enterprise Firewall 6.5.2/7.0

The Notify daemon for Symantec Enterprise Firewall (SEF) 6.5.x drops large alerts when SNMP is used as the transport, which could prevent some alerts from being sent in the event of an attack.

5.0
2002-05-31 CVE-2002-0301 Citrix Information Disclosure vulnerability in Citrix Nfuse 1.6

Citrix NFuse 1.6 allows remote attackers to bypass authentication and obtain sensitive information by directly calling launch.asp with invalid NFUSE_USER and NFUSE_PASSWORD parameters.

5.0
2002-05-31 CVE-2002-0300 Gnujsp Unspecified vulnerability in Gnujsp 1.0.0/1.0.1

gnujsp 1.0.0 and 1.0.1 allows remote attackers to list directories, read source code of certain scripts, and bypass access restrictions by directly requesting the target file from the gnujsp servlet, which does not work around a limitation of JServ and does not process the requested file.

5.0
2002-05-31 CVE-2002-0298 Nombas Denial of Service vulnerability in Nombas Scriptease Webserver 0.95

ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a denial of service (crash) via certain HTTP GET requests containing (1) a %2e%2e (encoded dot-dot), (2) several /../ (dot dot) sequences, (3) a missing URI, or (4) several ../ in a URI that does not begin with a / (slash) character.

5.0
2002-05-31 CVE-2002-0297 Nombas Denial of Service vulnerability in Nombas Scriptease Webserver 0.95

Buffer overflow in ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long URL in an HTTP request.

5.0
2002-05-31 CVE-2002-0291 Funsoft Denial of Service vulnerability in Dino's Webserver 1.0/1.2

Dino's Webserver 1.2 allows remote attackers to cause a denial of service (CPU consumption) and possibly execute arbitrary code via several large HTTP requests within a short time.

5.0
2002-05-31 CVE-2002-0289 Bbshareware COM Denial Of Service vulnerability in Bbshareware.Com Phusion Webserver 1.0

Buffer overflow in Phusion web server 1.0 allows remote attackers to cause a denial of service and execute arbitrary code via a long HTTP request.

5.0
2002-05-31 CVE-2002-0288 Bbshareware COM Directory Traversal vulnerability in Bbshareware.Com Phusion Webserver 1.0

Directory traversal vulnerability in Phusion web server 1.0 allows remote attackers to read arbitrary files via a ...

5.0
2002-05-31 CVE-2002-0283 Microsoft Denial-Of-Service vulnerability in Windows XP Gold

Windows XP with port 445 open allows remote attackers to cause a denial of service (CPU consumption) via a flood of TCP SYN packets containing possibly malformed data.

5.0
2002-05-31 CVE-2002-0282 Codeworx Technologies Path Disclosure vulnerability in DCP-Portal System Information

DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the physical path of the server via (1) a direct request to add_user.php, or via an invalid new_language parameter in (2) contents.php, (3) categories.php, or (4) files.php, which leaks the path in an error message.

5.0
2002-05-31 CVE-2002-0275 Blueface Authentication Bypass vulnerability in BlueFace Falcon Web Server 2.0.0.1009/2.0.0.1020

Falcon web server 2.0.0.1020 and earlier allows remote attackers to bypass authentication and read restricted files via an extra / (slash) in the requested URL.

5.0
2002-05-29 CVE-2002-0375 Ecometry Unspecified vulnerability in Ecometry Sgdynamo 5.32/6.1/7.0

Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows remote attackers to execute arbitrary Javascript via a URL with the script in the HTNAME parameter.

5.0
2002-05-29 CVE-2002-0266 Thunderstone Software Path Disclosure vulnerability in Thunderstone Software Texis 3.0

Thunderstone Texis CGI script allows remote attackers to obtain the full path of the web root via a request for a nonexistent file, which generates an error message that includes the full pathname.

5.0
2002-05-29 CVE-2002-0262 Sybex Directory Traversal vulnerability in Sybex E-Trainer Software Relative Path Filtering

Directory traversal vulnerability in netget for Sybex E-Trainer web server allows remote attackers to read arbitrary files via a ..

5.0
2002-05-29 CVE-2002-0256 Arescom Denial of Service vulnerability in Arescom Netdsl 1000

The telnet port in Arescom NetDSL 1000 router allows remote attackers to cause a denial of service via a series of connections with long strings, which causes a large number of login failures and causes the telnet service to stop.

5.0
2002-05-29 CVE-2002-0254 Mirabilis Denial-Of-Service vulnerability in Mirabilis ICQ 2001Bbuild3659

ICQ 2001b Build 3659 allows remote attackers to cause a denial of service (crash) via a malformed picture that contains large height and width values, which causes the crash when viewed in Userdetails.

5.0
2002-05-29 CVE-2002-0253 PHP Information Disclosure vulnerability in PHP Include File Relative Directory

PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive to fail, and produces an error message that contains the path.

5.0
2002-05-29 CVE-2002-0249 Apache Path Disclosure vulnerability in Apache Http Server 2.0.28

PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.

5.0
2002-05-29 CVE-2002-0240 Apache Path Disclosure vulnerability in Apache Http Server 2.0.28

PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.

5.0
2002-05-29 CVE-2002-0233 Eshare Communications INC Directory Traversal vulnerability in eshare Expressions 1.0/2.0

Directory traversal vulnerability in eshare Expressions 4 Web server allows remote attackers to read arbitrary files via a ..

5.0
2002-05-29 CVE-2002-0232 Mrtg Unspecified vulnerability in Mrtg Multi Router Traffic Grapher CGI 2.9.17

Directory traversal vulnerability in Multi Router Traffic Grapher (MRTG) allows remote attackers to read portions of arbitrary files via a ..

5.0
2002-05-29 CVE-2002-0191 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 5.01/5.5/6.0

Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to view arbitrary files that contain the "{" character via script containing the cssText property of the stylesheet object, aka "Local Information Disclosure through HTML Object" vulnerability.

5.0
2002-05-31 CVE-2002-0303 Novell Authentication Bypass vulnerability in Novell Groupwise 6.0

GroupWise 6, when using LDAP authentication and when Post Office has a blank username and password, allows attackers to gain privileges of other users by logging in without a password.

4.6
2002-05-31 CVE-2002-0295 Alcatel Lucent Unspecified vulnerability in Alcatel-Lucent Omnipcx 4400

Alcatel OmniPCX 4400 installs files with world-writable permissions, which allows local users to reconfigure the system and possibly gain privileges.

4.6
2002-05-31 CVE-2002-0279 HP Unspecified vulnerability in HP Hp-Ux 11.11

The kernel in HP-UX 11.11 does not properly provide arguments for setrlimit, which could allow local attackers to cause a denial of service (kernel panic) and possibly gain privileges.

4.6
2002-05-31 CVE-2002-0274 University OF Cambridge Buffer Overflow vulnerability in Exim Configuration File Argument Command Line

Exim 3.34 and earlier may allow local users to gain privileges via a buffer overflow in long -C (configuration file) and other command line arguments.

4.6
2002-05-31 CVE-2002-0273 Netwin Buffer Overflow vulnerability in Netwin CWMail

Buffer overflow in CWMail.exe in NetWin before 2.8a allows remote authenticated users to execute arbitrary code via a long item parameter.

4.6
2002-05-29 CVE-2002-0265 Sawmill Unspecified vulnerability in Sawmill

Sawmill for Solaris 6.2.14 and earlier creates the AdminPassword file with world-writable permissions, which allows local users to gain privileges by modifying the file.

4.6
2002-05-29 CVE-2002-0259 Instantservers INC Unspecified vulnerability in Instantservers Inc. Miniportal

InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.

4.6
2002-05-29 CVE-2002-0169 Redhat Unspecified vulnerability in Redhat Docbook Stylesheets and Docbook Utils

The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is installed with an insecure option enabled, which could allow users to overwrite files outside of the current directory from an untrusted document by using a full pathname as an element identifier.

4.6
2002-05-29 CVE-2002-0270 Opera Software Cross-Site Scripting vulnerability in Opera Software Opera web Browser 9.10

Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks.

4.3

8 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2002-05-31 CVE-2002-0292 Open Source Development Network Cross-Site Scripting vulnerability in SlashCode

Cross-site scripting vulnerability in Slash before 2.2.5, as used in Slashcode and elsewhere, allows remote attackers to steal cookies and authentication information from other users via Javascript in a URL, possibly in the formkey field.

2.6
2002-05-31 CVE-2002-0284 Nullsoft Remote Security vulnerability in Nullsoft Winamp 2.77/2.78

Winamp 2.78 and 2.77, when opening a wma file that requires a license, sends the full path of the Temporary Internet Files directory to the web page that is processing the license, which could allow malicious web servers to obtain the pathname.

2.6
2002-05-31 CVE-2002-0294 Alcatel Lucent Denial Of Service vulnerability in Alcatel-Lucent Omnipcx 4400

Alcatel 4400 installs the /chetc/shutdown command with setgid privileges, which allows many different local users to shut down the system.

2.1
2002-05-29 CVE-2002-0377 ROB Flynn Unspecified vulnerability in ROB Flynn Gaim 0.57

Gaim 0.57 stores sensitive information in world-readable and group-writable files in the /tmp directory, which allows local users to access MSN web email accounts of other users who run Gaim by reading authentication information from the files.

2.1
2002-05-29 CVE-2002-0355 SGI Unspecified vulnerability in SGI Irix

netstat in SGI IRIX before 6.5.12 allows local users to determine the existence of files on the system, even if the users do not have the appropriate permissions.

2.1
2002-05-29 CVE-2002-0234 Juniper Unspecified vulnerability in Juniper Netscreen Screenos

NetScreen ScreenOS before 2.6.1 does not support a maximum number of concurrent sessions for a system, which allows an attacker on the trusted network to cause a denial of service (resource exhaustion) via a port scan to an external network, which consumes all available connections.

2.1
2002-05-31 CVE-2002-0296 Tarantella Symbolic Link vulnerability in Tarantella Enterprise 3

The installation of Tarantella Enterprise 3 allows local users to overwrite arbitrary files via a symlink attack on the "spinning" temporary file.

1.2
2002-05-29 CVE-2002-0271 ADA Core Technologies Unspecified vulnerability in ADA Core Technologies Gnat PRO Native 3.12P/3.13P/3.14P

Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows local users to modify files of other users via a symlink attack on temporary files.

1.2