Weekly Vulnerabilities Reports > August 12 to 18, 2002

Overview

245 new vulnerabilities reported during this period, including 35 critical vulnerabilities and 101 high severity vulnerabilities. This weekly summary report vulnerabilities in 208 products from 133 vendors including Microsoft, Freebsd, Mozilla, Hosting Controller, and Cisco. Vulnerabilities are notably categorized as "Information Exposure", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Link Following", "Improper Authentication", and "Classic Buffer Overflow".

  • 196 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 244 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 29 reported vulnerabilities.
  • IBM has the most reported critical vulnerabilities, with 6 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

35 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2002-08-12 CVE-2002-0801 Macromedia Buffer Overflow vulnerability in Macromedia JRun Host Header Field

Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows remote attackers to execute arbitrary code via a direct request to the filter with a long HTTP host header field in a URL for a .jsp file.

10.0
2002-08-12 CVE-2002-0797 SUN Remote Buffer Overflow vulnerability in Sun Solaris mibiisa

Buffer overflow in the MIB parsing component of mibiisa for Solaris 5.6 through 8 allows remote attackers to gain root privileges.

10.0
2002-08-12 CVE-2002-0796 SUN Unspecified vulnerability in SUN Solaris and Sunos

Format string vulnerability in the logging component of snmpdx for Solaris 5.6 through 8 allows remote attackers to gain root privileges.

10.0
2002-08-12 CVE-2002-0777 Ipswitch Buffer Overflow vulnerability in Ipswitch IMail Server LDAP

Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlier allows remote attackers to execute arbitrary code via a long "bind DN" parameter.

10.0
2002-08-12 CVE-2002-0774 Hosting Controller Unspecified vulnerability in Hosting Controller Hosting Controller

Hosting Controller creates a default user AdvWebadmin with a default password, which could allow remote attackers to gain privileges if the password is not changed.

10.0
2002-08-12 CVE-2002-0773 Hosting Controller Unspecified vulnerability in Hosting Controller Hosting Controller

imp_rootdir.asp for Hosting Controller allows remote attackers to copy or delete arbitrary files and directories via a direct request to imp_rootdir.asp and modifying parameters such as (1) ftp, (2) owwwPath, and (3) oftpPath.

10.0
2002-08-12 CVE-2002-0753 Talentsoft Buffer Overflow vulnerability in Talentsoft Web+ Server 4.6/5.0

Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers to execute arbitrary code via an HTTP request with a long cookie.

10.0
2002-08-12 CVE-2002-0747 IBM Remote Security vulnerability in IBM AIX 4.3.3

Buffer overflow in lsmcode in AIX 4.3.3.

10.0
2002-08-12 CVE-2002-0746 IBM Remote Security vulnerability in IBM AIX 4.3.3

Vulnerability in template.dhcpo in AIX 4.3.3 related to an insecure linker argument.

10.0
2002-08-12 CVE-2002-0745 IBM Remote Security vulnerability in IBM AIX 4.3.3

Buffer overflow in uucp in AIX 4.3.3.

10.0
2002-08-12 CVE-2002-0744 IBM Remote Security vulnerability in IBM AIX 4.3.3

namerslv in AIX 4.3.3 core dumps when called with a very long argument, possibly as a result of a buffer overflow.

10.0
2002-08-12 CVE-2002-0743 IBM Remote Security vulnerability in IBM AIX 4.3.3

mail and mailx in AIX 4.3.3 core dump when called with a very long argument, an indication of a buffer overflow.

10.0
2002-08-12 CVE-2002-0742 IBM Remote Security vulnerability in IBM AIX 4.3.3

Buffer overflow in pioout on AIX 4.3.3.

10.0
2002-08-12 CVE-2002-0736 Microsoft Authentication Bypass vulnerability in Microsoft BackOffice Server Web Administration

Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by other systems, allows remote attackers to bypass authentication and access the administrative ASP pages via an HTTP request with an authorization type (auth_type) that is not blank.

10.0
2002-08-12 CVE-2002-0697 Microsoft Remote LDAP Client Administration vulnerability in Microsoft Metadirectory Services 2.2

Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to bypass authentication and modify sensitive data by using an LDAP client to directly connect to MMS and bypass the checks for MMS credentials.

10.0
2002-08-12 CVE-2002-0528 Watchguard Unspecified vulnerability in Watchguard Soho Firewall 5.0.35

Watchguard SOHO firewall 5.0.35 unpredictably disables certain IP restrictions for customized services that were set before the administrator upgrades to 5.0.35, which could allow remote attackers to bypass the intended access control rules.

10.0
2002-08-12 CVE-2002-0525 ISC Local Format String Vulnerabilties in ISC INN

Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 and earlier allow local users and remote malicious NNTP servers to gain privileges via format string specifiers in NTTP responses.

10.0
2002-08-12 CVE-2002-0516 Squirrelmail Remote Command Execution vulnerability in SquirrelMail Theme

SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users to execute arbitrary commands by modifying the THEME variable in a cookie.

10.0
2002-08-12 CVE-2002-0513 Symatec Unspecified vulnerability in Symatec Popper MOD 1.0/1.2/1.2.1

The PHP administration script in popper_mod 1.2.1 and earlier relies on Apache .htaccess authentication, which allows remote attackers to gain privileges if the script is not appropriately configured by the administrator.

10.0
2002-08-12 CVE-2002-0508 Wwwisis Remote Command Execution vulnerability in Wwwisis 3.3/3.45

wwwisis 3.45 and earlier allows remote attackers to execute arbitrary commands and read files via the parameters (1) prolog or (2) epilog.

10.0
2002-08-12 CVE-2002-0495 Cgiscript NET Remote Command Execution vulnerability in Cgiscript.Net Cssearch 2.3

csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to execute arbitrary Perl code via the savesetup command and the setup parameter, which overwrites the setup.cgi configuration file that is loaded by csSearch.cgi.

10.0
2002-08-12 CVE-2002-0491 Alguest Unspecified vulnerability in Alguest 1.0

admin.php in AlGuest 1.0 guestbook checks for the existence of the admin cookie to authenticate the AlGuest administrator, which allows remote attackers to bypass the authentication and gain privileges by setting the admin cookie to an arbitrary value.

10.0
2002-08-12 CVE-2002-0490 Instant WEB Mail Unspecified vulnerability in Instant web Mail Instant web Mail

Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers via numerous parameters in write.php.

10.0
2002-08-12 CVE-2002-0489 Linux Directory Penguin Unspecified vulnerability in Linux Directory Penguin Nslookup 1.0

Linux Directory Penguin NsLookup CGI script (nslookup.pl) 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the (1) query or (2) type parameters.

10.0
2002-08-12 CVE-2002-0488 Linux Directory Penguin Unspecified vulnerability in Linux Directory Penguin Linux Directory Penguin Traceroute 1.0

Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the host parameter.

10.0
2002-08-12 CVE-2002-0480 ISS Unspecified vulnerability in ISS Realsecure Nokia 6.0

ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is configured to allow a user "skank" on a machine "starscream" to become a key manager when the "first time connection" feature is enabled and before any legitimate administrators have connected, which could allow remote attackers to gain access to the device during installation.

10.0
2002-08-12 CVE-2002-0473 Phpbb Group Remote File Include vulnerability in PHPBB2 'phpbb_root_path'

db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter.

10.0
2002-08-12 CVE-2002-0471 Phpnettoolpack Remote Command Execution vulnerability in PHPnettoolpack 0.1

PHPNetToolpack 0.1 allows remote attackers to execute arbitrary code via shell metacharacters in the a_query variable.

10.0
2002-08-12 CVE-2002-0467 Ecartis
Listar
Buffer Overflow vulnerability in Ecartis/Listar

Buffer overflows in Ecartis (formerly Listar) 1.0.0 before snapshot 20020125 allows remote attackers to execute arbitrary code via (1) address_match() of mystring.c or (2) other functions in tolist.c.

10.0
2002-08-12 CVE-2002-0465 Hosting Controller Unspecified vulnerability in Hosting Controller Hosting Controller 1.4/1.4.1

Directory traversal vulnerability in filemanager.asp for Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files, and execute commands, via a ..

10.0
2002-08-12 CVE-2002-0427 Christof Pohl Buffer Overflow vulnerability in Improved mod_frontpage

Buffer overflows in fpexec in mod_frontpage before 1.6.1 may allow attackers to gain root privileges.

10.0
2002-08-12 CVE-2002-0423 Efingerd Buffer Overflow vulnerability in EFingerD Reverse Resolver

Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a finger request from an IP address with a long hostname that is obtained via a reverse DNS lookup.

10.0
2002-08-12 CVE-2002-0416 Sh39 Denial of Service vulnerability in Sh39 Mailserver 1.2.1

Buffer overflow in SH39 MailServer 1.21 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long command to the SMTP port.

10.0
2002-08-12 CVE-2002-0391 Freebsd
Openbsd
SUN
Buffer Overflow vulnerability in Multiple Vendor Sun RPC xdr_array

Integer overflow in xdr_array function in RPC servers for operating systems that use libc, glibc, or other code based on SunRPC including dietlibc, allows remote attackers to execute arbitrary code by passing a large number of arguments to xdr_array through RPC services such as rpc.cmsd and dmispd.

10.0
2002-08-12 CVE-2000-1209 Compaq
Microsoft
The "sa" account is installed with a default null password on (1) Microsoft SQL Server 2000, (2) SQL Server 7.0, and (3) Data Engine (MSDE) 1.0, including third party packages that use these products such as (4) Tumbleweed Secure Mail (MMS) (5) Compaq Insight Manager, and (6) Visio 2000, which allows remote attackers to gain privileges, as exploited by worms such as Voyager Alpha Force and Spida.
10.0

101 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2002-08-12 CVE-2002-0459 Linux Sottises Unspecified vulnerability in Linux-Sottises Board-Tnk and News-Tnk

Cross-site scripting vulnerability in Board-TNK 1.3.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter.

7.6
2002-08-12 CVE-2002-0458 Linux Sottises Security vulnerability in News-Tnk 1.2.1/1.2.2

Cross-site scripting vulnerability in News-TNK 1.2.1 and earlier allows remote attackers to execute arbitrary Javascript via the WEB parameter.

7.6
2002-08-12 CVE-2002-0457 BG Guestbook Unspecified vulnerability in BG Guestbook BG Guestbook 1.0

Cross-site scripting vulnerability in signgbook.php for BG GuestBook 1.0 allows remote attackers to execute arbitrary Javascript via encoded tags such as <, >, and & in fields such as (1) name, (2) email, (3) AIM screen name, (4) website, (5) location, or (6) message.

7.6
2002-08-14 CVE-2002-1452 Mywebserver Remote Buffer Overflow vulnerability in Mywebserver 1.0.2

Buffer overflow in the search capability for MyWebServer 1.0.2 allows remote attackers to execute arbitrary code via a long searchTarget parameter.

7.5
2002-08-12 CVE-2002-0847 Tinyproxy Unspecified vulnerability in Tinyproxy 1.3.2/1.3.3/1.4.3

tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers to execute arbitrary code via memory that is freed twice (double-free).

7.5
2002-08-12 CVE-2002-0846 Macromedia Buffer Overflow vulnerability in Macromedia Flash Malformed Header

The decoder for Macromedia Shockwave Flash allows remote attackers to execute arbitrary code via a malformed SWF header that contains more data than the specified length.

7.5
2002-08-12 CVE-2002-0845 Iplanet Unspecified vulnerability in Iplanet web Server 4.1/6.0

Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows remote attackers to execute arbitrary code via an HTTP request using chunked transfer encoding.

7.5
2002-08-12 CVE-2002-0833 Qualcomm Buffer Overflow vulnerability in Qualcomm Eudora 5.0J/5.1.1

Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly other versions, allows remote attackers to execute arbitrary code via a multi-part message with a long boundary string.

7.5
2002-08-12 CVE-2002-0832 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 5.0/5.5/6.0

Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass cookie privacy settings and store information across browser sessions via the userData (storeuserData) feature.

7.5
2002-08-12 CVE-2002-0826 Progress Remote Buffer Overflow vulnerability in Progress Ipswitch WS FTP Server 3.1.1

Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated users to execute arbitrary code via a long SITE CPWD command.

7.5
2002-08-12 CVE-2002-0825 Padl Software Unspecified vulnerability in Padl Software NSS Ldap

Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 allows remote attackers to cause a denial of service and possibly execute arbitrary code.

7.5
2002-08-12 CVE-2002-0823 Microsoft Buffer Overflow vulnerability in Microsoft Windows WinHlp Item

Buffer overflow in Winhlp32.exe allows remote attackers to execute arbitrary code via an HTML document that calls the HTML Help ActiveX control (HHCtrl.ocx) with a long pathname in the Item parameter.

7.5
2002-08-12 CVE-2002-0822 Ethereal Group Unspecified vulnerability in Ethereal Group Ethereal

Ethereal 0.9.4 and earlier allows remote attackers to cause a denial of service and possibly excecute arbitrary code via the (1) SOCKS, (2) RSVP, (3) AFS, or (4) LMP dissectors, which can be caused to core dump.

7.5
2002-08-12 CVE-2002-0821 Ethereal Group Denial-Of-Service vulnerability in Ethereal

Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers to cause a denial of service or execute arbitrary code via (1) the BGP dissector, or (2) the WCP dissector.

7.5
2002-08-12 CVE-2002-0818 Wwwoffle Buffer Overflow vulnerability in Andrew Bishop WWWOFFLE Negative Content-Length

wwwoffled in World Wide Web Offline Explorer (WWWOFFLE) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a negative Content-Length value.

7.5
2002-08-12 CVE-2002-0815 Mozilla
Netscape
Microsoft
The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netscape, (2) Mozilla, and (3) Internet Explorer, allows a remote web server to access HTTP and SOAP/XML content from restricted sites by mapping the malicious server's parent DNS domain name to the restricted site, loading a page from the restricted site into one frame, and passing the information to the attacker-controlled frame, which is allowed because the document.domain of the two frames matches on the parent domain.
7.5
2002-08-12 CVE-2002-0814 Vmware Buffer Overflow vulnerability in VMWare GSX Server 2.0.0Build2050

Buffer overflow in VMware Authorization Service for VMware GSX Server 2.0.0 build-2050 allows remote authenticated users to execute arbitrary code via a long GLOBAL argument.

7.5
2002-08-12 CVE-2002-0811 Mozilla Unspecified vulnerability in Mozilla Bugzilla 2.14/2.14.1/2.16

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote attackers to cause a denial of service or execute certain queries via a SQL injection attack on the sort order parameter to buglist.cgi.

7.5
2002-08-12 CVE-2002-0809 Mozilla Unspecified vulnerability in Mozilla Bugzilla 2.14/2.14.1/2.16

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properly handle URL-encoded field names that are generated by some browsers, which could cause certain fields to appear to be unset, which has the effect of removing group permissions on bugs when buglist.cgi is provided with the encoded field names.

7.5
2002-08-12 CVE-2002-0808 Mozilla Unspecified vulnerability in Mozilla Bugzilla 2.14/2.14.1/2.16

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing a mass change, sets the groupset of all bugs to the groupset of the first bug, which could inadvertently cause insecure groupset permissions to be assigned to some bugs.

7.5
2002-08-12 CVE-2002-0807 Mozilla Unspecified vulnerability in Mozilla Bugzilla 2.14/2.14.1/2.16

Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, could allow remote attackers to execute script as other Bugzilla users via the full name (real name) field, which is not properly quoted by editusers.cgi.

7.5
2002-08-12 CVE-2002-0804 Mozilla Unspecified vulnerability in Mozilla Bugzilla 2.14/2.14.1/2.16

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured to perform reverse DNS lookups, allows remote attackers to bypass IP restrictions by connecting from a system with a spoofed reverse DNS hostname.

7.5
2002-08-12 CVE-2002-0802 Postgresql SQL-Injection vulnerability in Postgresql 6.5.0

The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding consumes an extra character when processing a character that cannot be converted, which could remove an escape character from the query and make the application subject to SQL injection attacks.

7.5
2002-08-12 CVE-2002-0799 Youngzsoft Buffer Overflow vulnerability in Youngzsoft Cmailserver 3.30

Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers to execute arbitrary code via a long USER argument.

7.5
2002-08-12 CVE-2002-0789 Mnogosearch Buffer Overflow vulnerability in Mnogosearch 3.1.19

Buffer overflow in search.cgi in mnoGoSearch 3.1.19 and earlier allows remote attackers to execute arbitrary code via a long query (q) parameter.

7.5
2002-08-12 CVE-2002-0787 Critical Path Cross-Site Scripting vulnerability in Critical Path Injoin Directory Server 4.0

Cross-site scripting vulnerabilities in iCon administrative web server for Critical Path inJoin Directory Server 4.0 allow remote attackers to execute script as the administrator via administrator URLs with modified (1) LOCID or (2) OC parameters.

7.5
2002-08-12 CVE-2002-0783 Opera Software Unspecified vulnerability in Opera Software Opera web Browser 5.12/6.0/6.0.1

Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary JavaScript in the security context of other sites by setting the location of a frame or iframe to a Javascript: URL.

7.5
2002-08-12 CVE-2002-0778 Cisco Unspecified vulnerability in Cisco products

The default configuration of the proxy for Cisco Cache Engine and Content Engine allows remote attackers to use HTTPS to make TCP connections to allowed IP addresses while hiding the actual source IP.

7.5
2002-08-12 CVE-2002-0776 Hosting Controller Unspecified vulnerability in Hosting Controller Hosting Controller 2002

getuserdesc.asp in Hosting Controller 2002 allows remote attackers to change the passwords of arbitrary users and gain privileges by modifying the username parameter, as addressed by the "UpdateUser" hot fix.

7.5
2002-08-12 CVE-2002-0768 Luke Mewburn
Suse
Remote Security vulnerability in Linux

Buffer overflow in lukemftp FTP client in SuSE 6.4 through 8.0, and possibly other operating systems, allows a malicious FTP server to execute arbitrary code via a long PASV command.

7.5
2002-08-12 CVE-2002-0765 Openbsd Authentication Implementation Error vulnerability in Openbsd and Openssh

sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain conditions, may allow users to successfully authenticate and log in with another user's password.

7.5
2002-08-12 CVE-2002-0764 Phorum Remote Command Execution vulnerability in Phorum 3.3.2A

Phorum 3.3.2a allows remote attackers to execute arbitrary commands via an HTTP request to (1) plugin.php, (2) admin.php, or (3) del.php that modifies the PHORUM[settings_dir] variable to point to a directory that contains a PHP file with the commands.

7.5
2002-08-12 CVE-2002-0763 HP Unspecified vulnerability in HP Virtualvault 4.5

Vulnerability in administration server for HP VirtualVault 4.5 on HP-UX 11.04 allows remote web servers or privileged external processes to bypass access restrictions and establish connections to the server.

7.5
2002-08-12 CVE-2002-0758 Suse Remote Arbitrary Command Execution vulnerability in Suse Linux 8.0

ifup-dhcp script in the sysconfig package for SuSE 8.0 allows remote attackers to execute arbitrary commands via spoofed DHCP responses, which are stored and executed in a file.

7.5
2002-08-12 CVE-2002-0757 Usermin
Webmin
Authentication Bypass vulnerability in Webmin / Usermin

(1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled allow local and possibly remote attackers to bypass authentication and gain privileges via certain control characters in the authentication information, which can force Webmin or Usermin to accept arbitrary username/session ID combinations.

7.5
2002-08-12 CVE-2002-0756 Usermin
Webmin
Cross-Site Scripting vulnerability in Webmin / Usermin Login

Cross-site scripting vulnerability in the authentication page for (1) Webmin 0.96 and (2) Usermin 0.90 allows remote attackers to insert script into an error page and possibly steal cookies.

7.5
2002-08-12 CVE-2002-0751 Cgiscript NET Remote Command Execution vulnerability in CGIScript.NET csMailto Hidden Form Field

CGIscript.net csMailto.cgi program allows remote attackers to use csMailto as a "spam proxy" and send mail to arbitrary users via modified (1) form-to, (2) form-from, and (3) form-results parameters.

7.5
2002-08-12 CVE-2002-0749 Cgiscript NET Remote Command Execution vulnerability in CGIScript.NET csMailto Hidden Form Field

CGIscript.net csMailto.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the form-attachment field.

7.5
2002-08-12 CVE-2002-0739 Postnuke Software Foundation Cross-Site Scripting vulnerability in Postnuke Software Foundation Postcalendar 3.0

Cross-site scripting in PostCalendar 3.02 allows remote attackers to insert arbitrary HTML and script, and steal cookies, by modifying a calendar entry in its preview page.

7.5
2002-08-12 CVE-2002-0738 Mhonarc Unspecified vulnerability in Mhonarc 2.5/2.5.1/2.5.2

MHonArc 2.5.2 and earlier does not properly filter Javascript from archived e-mail messages, which could allow remote attackers to execute script in web clients by (1) splitting the SCRIPT tag into smaller pieces, (2) including the script in a SRC argument to an IMG tag, or (3) using "&={script}" syntax.

7.5
2002-08-12 CVE-2002-0735 C Note
Padl Software
Format string vulnerability in the logging() function in C-Note Squid LDAP authentication module (squid_auth_LDAP) 2.0.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code by triggering log messages.
7.5
2002-08-12 CVE-2002-0734 Michel Valdrighi Remote Command Execution vulnerability in Michel Valdrighi B2 0.6Pre

b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly load the b2config.php file in some configurations, which allows remote attackers to execute arbitrary PHP code via a URL that sets the $b2inc variable to point to a malicious program stored on a remote server.

7.5
2002-08-12 CVE-2002-0733 Acme Labs Cross-Site Scripting vulnerability in Acme Labs Thttpd 2.20B

Cross-site scripting vulnerability in thttpd 2.20 and earlier allows remote attackers to execute arbitrary script via a URL to a nonexistent page, which causes thttpd to insert the script into a 404 error message.

7.5
2002-08-12 CVE-2002-0732 Levcgi COM Unspecified vulnerability in Levcgi.Com Myguestbook 1.0

Cross-site scripting vulnerability in MyGuestbook 1.0 allows remote attackers to execute arbitrary script or inject HTML via fields such as (1) user name or (2) comments.

7.5
2002-08-12 CVE-2002-0731 Vqsoft Unspecified vulnerability in Vqsoft Vqserver

Cross-site scripting vulnerability in demonstration scripts for vqServer allows remote attackers to execute arbitrary script via a link that contains the script in arguments to demo scripts such as respond.pl.

7.5
2002-08-12 CVE-2002-0730 Philip Chinery Unspecified vulnerability in Philip Chinery Philip Chinerys Guestbook 1.1

Cross-site scripting vulnerability in guestbook.pl for Philip Chinery's Guestbook 1.1 allows remote attackers to execute Javascript or HTML via fields such as (1) Name, (2) EMail, or (3) Homepage.

7.5
2002-08-12 CVE-2002-0719 Microsoft SQL Injection vulnerability in Microsoft Content Management Server 2001

SQL injection vulnerability in the function that services for Microsoft Content Management Server (MCMS) 2001 allows remote attackers to execute arbitrary commands via an MCMS resource request for image files or other files.

7.5
2002-08-12 CVE-2002-0718 Microsoft Unspecified vulnerability in Microsoft Content Management Server 2001

Web authoring command in Microsoft Content Management Server (MCMS) 2001 allows attackers to authenticate and upload executable content, by modifying the upload location, aka "Program Execution via MCMS Authoring Function."

7.5
2002-08-12 CVE-2002-0700 Microsoft Buffer Overflow vulnerability in Microsoft Content Management Server 2001

Buffer overflow in a system function that performs user authentication for Microsoft Content Management Server (MCMS) 2001 allows attackers to execute code in the Local System context by authenticating to a web page that calls the function, aka "Unchecked Buffer in MDAC Function Could Enable SQL Server Compromise."

7.5
2002-08-12 CVE-2002-0698 Microsoft Classic Buffer Overflow vulnerability in Microsoft Exchange Server 5.5

Buffer overflow in Internet Mail Connector (IMC) for Microsoft Exchange Server 5.5 allows remote attackers to execute arbitrary code via an EHLO request from a system with a long name as obtained through a reverse DNS lookup, which triggers the overflow in IMC's hello response.

7.5
2002-08-12 CVE-2002-0695 Microsoft Buffer Overflow vulnerability in Microsoft products

Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Microsoft Data Access Components (MDAC) 2.5 through 2.7 for SQL Server 7.0 or 2000 allows remote attackers to execute arbitrary code via a query that calls the OpenRowSet command.

7.5
2002-08-12 CVE-2002-0684 GNU
ISC
Remote Security vulnerability in glibc

Buffer overflow in DNS resolver functions that perform lookup of network names and addresses, as used in BIND 4.9.8 and ported to glibc 2.2.5 and earlier, allows remote malicious DNS servers to execute arbitrary code through a subroutine used by functions such as getnetbyname and getnetbyaddr.

7.5
2002-08-12 CVE-2002-0661 Apache Unspecified vulnerability in Apache Http Server

Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote attackers to read arbitrary files and execute commands via ..

7.5
2002-08-12 CVE-2002-0660 Greg Roelofs Unspecified vulnerability in Greg Roelofs Libpng and Libpng3

Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 1.2.1-1.1.woody.2 on Debian GNU/Linux 3.0, and other operating systems, may allow attackers to cause a denial of service and possibly execute arbitrary code, a different vulnerability than CVE-2002-0728.

7.5
2002-08-12 CVE-2002-0657 Openssl Buffer Overflow vulnerability in Openssl 0.9.7

Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos enabled, allows attackers to execute arbitrary code via a long master key.

7.5
2002-08-12 CVE-2002-0656 Openssl
Oracle
Apple
Buffer Overflow vulnerability in OpenSSL SSLv3 Session ID

Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allow remote attackers to execute arbitrary code via (1) a large client master key in SSL2 or (2) a large session ID in SSL3.

7.5
2002-08-12 CVE-2002-0655 Openssl
Oracle
Apple
Buffer Overflow vulnerability in OpenSSL ASCII Representation Of Integers

OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not properly handle ASCII representations of integers on 64 bit platforms, which could allow attackers to cause a denial of service and possibly execute arbitrary code.

7.5
2002-08-12 CVE-2002-0649 Microsoft Buffer Errors vulnerability in Microsoft Data Engine and SQL Server

Multiple buffer overflows in the Resolution Service for Microsoft SQL Server 2000 and Microsoft Desktop Engine 2000 (MSDE) allow remote attackers to cause a denial of service or execute arbitrary code via UDP packets to port 1434 in which (1) a 0x04 byte that causes the SQL Monitor thread to generate a long registry key name, or (2) a 0x08 byte with a long string causes heap corruption, as exploited by the Slammer/Sapphire worm.

7.5
2002-08-12 CVE-2002-0645 Microsoft Unspecified vulnerability in Microsoft Data Engine and SQL Server

SQL injection vulnerability in stored procedures for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 may allow authenticated users to execute arbitrary commands.

7.5
2002-08-12 CVE-2002-0644 Microsoft Unspecified vulnerability in Microsoft Data Engine and SQL Server

Buffer overflow in several Database Consistency Checkers (DBCCs) for Microsoft SQL Server 2000 and Microsoft Desktop Engine (MSDE) 2000 allows members of the db_owner and db_ddladmin roles to execute arbitrary code.

7.5
2002-08-12 CVE-2002-0619 Microsoft Unspecified vulnerability in Microsoft Office 2000/Xp

The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft Access is present on a system, allows remote attackers to execute Visual Basic (VBA) scripts within a mail merge document that is saved in HTML format, aka a "Variant of MS00-071, Word Mail Merge Vulnerability" (CVE-2000-0788).

7.5
2002-08-12 CVE-2002-0618 Microsoft Unspecified vulnerability in Microsoft Excel and Office

The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code in the Local Computer zone by embedding HTML scripts within an Excel workbook that contains an XSL stylesheet, aka "Excel XSL Stylesheet Script Execution".

7.5
2002-08-12 CVE-2002-0522 ASP Nuke Authentication Credentials User Account Compromise vulnerability in ASP-Nuke Plaintext Cookie

ASP-Nuke RC2 and earlier allows remote attackers to bypass authentication and gain privileges by modifying the "pseudo" cookie.

7.5
2002-08-12 CVE-2002-0520 ASP Nuke Unspecified vulnerability in Asp-Nuke RC1

Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke RC1 allows remote attackers to execute script as other ASP-Nuke users by embedding it within an IMG tag.

7.5
2002-08-12 CVE-2002-0511 Nscd Unspecified vulnerability in Nscd 2.2.4

The default configuration of Name Service Cache Daemon (nscd) in Caldera OpenLinux 3.1 and 3.1.1 uses cached PTR records instead of consulting the authoritative DNS server for the A record, which could make it easier for remote attackers to bypass applications that restrict access based on host names.

7.5
2002-08-12 CVE-2002-0504 Citrix Cross-Site Scripting vulnerability in Citrix Nfuse 1.5/1.51/1.6

Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier does not quote results from the getLastError method, which allows remote attackers to execute script in other clients via the NFuse_Application parameter to (1) launch.jsp or (2) launch.asp.

7.5
2002-08-12 CVE-2002-0494 Websight Directory System Cross-Site Scripting vulnerability in Websight Directory System Websight Directory System 0.1

Cross-site scripting vulnerability in WebSight Directory System 0.1 allows remote attackers to execute arbitrary Javascript and gain access to the WebSight administrator via a new link submission containing the script in a website name.

7.5
2002-08-12 CVE-2002-0493 Apache 7PK - Security Features vulnerability in Apache Tomcat

Apache Tomcat may be started without proper security settings if errors are encountered while reading the web.xml file, which could allow attackers to bypass intended restrictions.

7.5
2002-08-12 CVE-2002-0477 Macromedia Unspecified vulnerability in Macromedia Flash Player 5.0

Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote attackers to execute arbitrary programs via a .SWF file containing the "exec" FSCommand.

7.5
2002-08-12 CVE-2002-0453 Oblix Unspecified vulnerability in Oblix Netpoint 5.2

The account lockout capability in Oblix NetPoint 5.2 and earlier only locks out users once for the specified lockout period, which makes it easier for remote attackers to conduct brute force password guessing by waiting until the lockout period ends, then guessing passwords without being locked out again.

7.5
2002-08-12 CVE-2002-0452 Foundrynet Unspecified vulnerability in Foundrynet Serveriron

Foundry Networks ServerIron switches do not decode URIs when applying "url-map" rules, which could make it easier for attackers to cause the switch to forward traffic to a different server than intended and exploit vulnerabilities that would otherwise be inaccessible.

7.5
2002-08-12 CVE-2002-0451 Phpprojekt Remote File Include vulnerability in PHPprojekt 3.1/3.1A

filemanager_forms.php in PHProjekt 3.1 and 3.1a allows remote attackers to execute arbitrary PHP code by specifying the URL to the code in the lib_path parameter.

7.5
2002-08-12 CVE-2002-0428 Checkpoint Unspecified vulnerability in Checkpoint Check Point Vpn, Firewall-1 and Next Generation

Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows clients to bypass the "authentication timeout" by modifying the to_expire or expire values in the client's users.C configuration file.

7.5
2002-08-12 CVE-2002-0426 Linksys Unspecified vulnerability in Linksys Befvp41 1.01.04/1.39.64/1.40.1

VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router before 1.40.1 reduces the key lengths for keys that are supplied via manual key entry, which makes it easier for attackers to crack the keys.

7.5
2002-08-12 CVE-2002-0420 Claymore Systems INC Unspecified vulnerability in Claymore Systems INC Puretls 0.9B1

Vulnerability in PureTLS before 0.9b2 related to injection attacks, which could possibly allow remote attackers to corrupt or hijack user sessions.

7.5
2002-08-12 CVE-2002-0414 Freebsd
Netbsd
Openbsd
KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, and other operating systems, does not properly consult the Security Policy Database (SPD), which could cause a Security Gateway (SG) that does not use Encapsulating Security Payload (ESP) to forward forged IPv4 packets.
7.5
2002-08-12 CVE-2002-0413 Rebb Unspecified vulnerability in Rebb 1.0

Cross-site scripting vulnerability in ReBB allows remote attackers to execute arbitrary Javascript and steal cookies via an IMG tag whose URL includes the malicious script.

7.5
2002-08-12 CVE-2002-0412 Luca Deri Remote Format String vulnerability in Luca Deri Ntop 2.0

Format string vulnerability in TraceEvent function for ntop before 2.1 allows remote attackers to execute arbitrary code by causing format strings to be injected into calls to the syslog function, via (1) an HTTP GET request, (2) a user name in HTTP authentication, or (3) a password in HTTP authentication.

7.5
2002-08-12 CVE-2002-0411 Aeromail Unspecified vulnerability in Aeromail

Cross-site scripting vulnerability in message.php for AeroMail before 1.45 allows remote attackers to execute Javascript as an AeroMail user via an email message with the script in the Subject line.

7.5
2002-08-12 CVE-2002-0827 Caldera Local Privilege Escalation vulnerability in Caldera Openunix and Unixware

Vulnerability in pppd on UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to gain root privileges via (1) ppptalk or (2) ppp, a different vulnerability than CVE-2002-0824.

7.2
2002-08-12 CVE-2002-0820 Freebsd Local Security vulnerability in Freebsd 4.6

FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 after they have already been assigned to /dev/null when the descriptors reference procfs or linprocfs, which could allow local users to reuse the file descriptors in a setuid or setgid program to modify critical data and gain privileges.

7.2
2002-08-12 CVE-2002-0819 Artsd Local Security vulnerability in Artsd

Format string vulnerability in artsd, when called by artswrapper, allows local users to gain privileges via format strings in the -a argument, which results in an error message that is not properly handled in a call to the arts_fatal function.

7.2
2002-08-12 CVE-2002-0817 William Deich Unspecified vulnerability in William Deich Super

Format string vulnerability in super for Linux allows local users to gain root privileges via a long command line argument.

7.2
2002-08-12 CVE-2002-0816 Compaq Buffer Overflow vulnerability in Tru64 SU Command Line

Buffer overflow in su in Tru64 Unix 5.x allows local users to gain root privileges via a long username and argument.

7.2
2002-08-12 CVE-2002-0767 Richard Gooch Unspecified vulnerability in Richard Gooch Simpleinit 2.0.2

simpleinit on Linux systems does not close a read/write FIFO file descriptor before creating a child process, which allows the child process to cause simpleinit to execute arbitrary programs with root privileges.

7.2
2002-08-12 CVE-2002-0766 Openbsd Unspecified vulnerability in Openbsd 2.9/3.0/3.1

OpenBSD 2.9 through 3.1 allows local users to cause a denial of service (resource exhaustion) and gain root privileges by filling the kernel's file descriptor table and closing file descriptors 0, 1, or 2 before executing a privileged process, which is not properly handled when OpenBSD fails to open an alternate descriptor.

7.2
2002-08-12 CVE-2002-0762 Suse Unspecified vulnerability in Suse Linux 8.0

shadow package in SuSE 8.0 allows local users to destroy the /etc/passwd and /etc/shadow files or assign extra group privileges to some users by changing filesize limits before calling programs that modify the files.

7.2
2002-08-12 CVE-2002-0755 Freebsd Unspecified vulnerability in Freebsd 4.4/4.5

Kerberos 5 su (k5su) in FreeBSD 4.5 and earlier does not verify that a user is a member of the wheel group before granting superuser privileges, which could allow unauthorized users to execute commands as root.

7.2
2002-08-12 CVE-2002-0754 Freebsd
KTH
Privilege Escalation vulnerability in Kerberos 5 su

Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin system call to determine if the user running k5su is root, which could allow a root-initiated process to regain its privileges after it has dropped them.

7.2
2002-08-12 CVE-2002-0740 Slrn Development Team Buffer Overflow vulnerability in SLRNPull Spool Directory Command Line Parameter

Buffer overflow in slrnpull for the SLRN package, when installed setuid or setgid, allows local users to gain privileges via a long -d (SPOOLDIR) argument.

7.2
2002-08-12 CVE-2002-0532 Emumail Unspecified vulnerability in Emumail Emumail, Emumail RED HAT Linux and Emumail Unix

EMU Webmail allows local users to execute arbitrary programs via a ..

7.2
2002-08-12 CVE-2002-0526 INN Unspecified vulnerability in INN

Vulnerability in (1) inews or (2) rnews for INN 2.2.3 and earlier, related to insecure open() calls.

7.2
2002-08-12 CVE-2002-0517 Caldera Buffer Overflow vulnerability in Caldera Openunix and Unixware

Buffer overflow in X11 library (libX11) on Caldera Open UNIX 8.0.0, UnixWare 7.1.1, and possibly other operating systems, allows local users to gain root privileges via a long -xrm argument to programs such as (1) dtterm or (2) xterm.

7.2
2002-08-12 CVE-2002-0506 Redhat Buffer Overflow vulnerability in LibNewt Library

Buffer overflow in newt.c of newt windowing library (libnewt) 0.50.33 and earlier may allow attackers to cause a denial of service or execute arbitrary code in setuid programs that use libnewt.

7.2
2002-08-12 CVE-2002-0501 Posadis Unspecified vulnerability in Posadis M5Pre1

Format string vulnerability in log_print() function of Posadis DNS server before version m5pre2 allows local users and possibly remote attackers to execute arbitrary code via format strings that are inserted into logging messages.

7.2
2002-08-12 CVE-2002-0486 Workforceroi Weak Password Encryption vulnerability in Workforceroi Xpede 4.1/7.0

Intellisol Xpede 4.1 uses weak encryption to store authentication information in cookies, which could allow local users with access to the cookies to gain privileges.

7.2
2002-08-12 CVE-2002-0479 Gravity Storm Software Unspecified vulnerability in Gravity Storm Software Service Pack Manager 2000 6.0/6.1/6.3

Gravity Storm Service Pack Manager 2000 creates a hidden share (SPM2000c$) mapped to the C drive, which may allow local users to bypass access restrictions on certain directories in the C drive, such as system32, by accessing them through the hidden share.

7.2
2002-08-12 CVE-2002-0470 Phpnettoolpack Unspecified vulnerability in PHPnettoolpack 0.1

PHPNetToolpack 0.1 relies on its environment's PATH to find and execute the traceroute program, which could allow local users to gain privileges by inserting a Trojan horse program into the search path.

7.2
2002-08-12 CVE-2002-0469 Ecartis
Listar
Ecartis (formerly Listar) 1.0.0 in snapshot 20020125 and earlier does not properly drop privileges when Ecartis is installed setuid-root, "lock-to-user" is not set, and ecartis is called by certain MTA's, which could allow local users to gain privileges.
7.2
2002-08-12 CVE-2000-1208 Immunix
Netbsd
Openbsd
Redhat
Format string vulnerability in startprinting() function of printjob.c in BSD-based lpr lpd package may allow local users to gain privileges via an improper syslog call that uses format strings from the checkremote() call.
7.2
2002-08-12 CVE-2002-0813 Cisco Buffer Errors vulnerability in Cisco IOS 11.1/11.2/11.3

Heap-based buffer overflow in the TFTP server capability in Cisco IOS 11.1, 11.2, and 11.3 allows remote attackers to cause a denial of service (reset) or modify configuration via a long filename.

7.1

93 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2002-08-12 CVE-2002-0824 Freebsd Link Following vulnerability in Freebsd Point-To-Point Protocol Daemon

BSD pppd allows local users to change the permissions of arbitrary files via a symlink attack on a file that is specified as a tty device.

6.9
2002-08-12 CVE-2002-0812 HPE
Proxim
Information Exposure vulnerability in multiple products

Information leak in Compaq WL310, and the Orinoco Residential Gateway access point it is based on, uses a system identification string as a default SNMP read/write community string, which allows remote attackers to obtain and modify sensitive configuration information by querying for the identification string.

6.4
2002-08-12 CVE-2002-0772 Hosting Controller Directory Traversal vulnerability in Hosting Controller DSNManager

Directory traversal vulnerability in dsnmanager.asp for Hosting Controller allows remote attackers to read arbitrary files and directories via a ..

6.4
2002-08-12 CVE-2002-0771 Viewcvs Cross-Site Scripting vulnerability in ViewCVS

Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 allows remote attackers to inject script and steal cookies via the (1) cvsroot or (2) sortby parameters.

6.4
2002-08-12 CVE-2002-0769 Cisco Unspecified vulnerability in Cisco Ata-186

The web-based configuration interface for the Cisco ATA 186 Analog Telephone Adaptor allows remote attackers to bypass authentication via an HTTP POST request with a single byte, which allows the attackers to (1) obtain the password from the login screen, or (2) reconfigure the adaptor by modifying certain request parameters.

6.4
2002-08-12 CVE-2002-0737 Sambar Unspecified vulnerability in Sambar Server 5.1

Sambar web server before 5.2 beta 1 allows remote attackers to obtain source code of server-side scripts, or cause a denial of service (resource exhaustion) via DOS devices, using a URL that ends with a space and a null character.

6.4
2002-08-12 CVE-2002-0710 ROD Clark Unspecified vulnerability in ROD Clark Sendform.Cgi

Directory traversal vulnerability in sendform.cgi 1.44 and earlier allows remote attackers to read arbitrary files by specifying the desired files in the BlurbFilePath parameter.

6.4
2002-08-12 CVE-2002-0464 Hosting Controller Unspecified vulnerability in Hosting Controller Hosting Controller 1.4/1.4.1

Directory traversal vulnerability in Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files and directories via a ..

6.4
2002-08-12 CVE-2002-0462 BIG SAM Unspecified vulnerability in BIG SAM BIG SAM 1.1.08

bigsam_guestbook.php for Big Sam (Built-In Guestbook Stand-Alone Module) 1.1.08 and earlier allows remote attackers to cause a denial of service (CPU consumption) or obtain the absolute path of the web server via a displayBegin parameter with a very large number, which leaks the web path in an error message when PHP safe_mode is enabled, or consumes resources when safe_mode is not enabled.

6.4
2002-08-12 CVE-2002-0658 Ossp Privilege Escalation vulnerability in MM Shared Memory Library Temporary File

OSSP mm library (libmm) before 1.2.0 allows the local Apache user to gain privileges via temporary files, possibly via a symbolic link attack.

6.2
2002-08-12 CVE-2002-0638 Mandrakesoft
HP
Redhat
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.
6.2
2002-08-12 CVE-2002-0529 HP Unspecified vulnerability in HP Photosmart Print Driver 1.2.1

HP Photosmart printer driver for Mac OS X installs the hp_imaging_connectivity program and the hp_imaging_connectivity.app directory with world-writable permissions, which allows local users to gain privileges of other Photosmart users by replacing hp_imaging_connectivity with a Trojan horse.

6.2
2002-08-12 CVE-2002-0617 Microsoft Unspecified vulnerability in Microsoft Excel and Office

The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by creating a hyperlink on a drawing shape in a source workbook that points to a destination workbook containing an autoexecute macro, aka "Hyperlinked Excel Workbook Macro Bypass."

5.1
2002-08-12 CVE-2002-0616 Microsoft Unspecified vulnerability in Microsoft Excel and Office

The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows allows remote attackers to execute code by attaching an inline macro to an object within an Excel workbook, aka the "Excel Inline Macros Vulnerability."

5.1
2002-08-12 CVE-2002-0530 Novell Cross-Site Scripting vulnerability in Novell web Search 2.0.1

Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows remote attackers to execute arbitrary script as other Web Search users via the search parameter.

5.1
2002-08-12 CVE-2002-0521 ASP Nuke Cross-Site Scripting vulnerability in ASP-Nuke

Cross-site scripting vulnerabilities in ASP-Nuke RC2 and earlier allow remote attackers to execute script or gain privileges as other ASP-Nuke users via script in (1) the name parameter in downloads.asp, (2) the message parameter in Post.asp, or (3) a web site URL in profile.asp.

5.1
2002-08-12 CVE-2002-0481 Microsoft Unspecified vulnerability in Microsoft Outlook 2002

An interaction between Windows Media Player (WMP) and Outlook 2002 allows remote attackers to bypass Outlook security settings and execute Javascript via an IFRAME in an HTML email message that references .WMS (Windows Media Skin) or other WMP media files, whose onload handlers execute the player.LaunchURL() Javascript function.

5.1
2002-08-12 CVE-2002-0475 Phpbb Group Unspecified vulnerability in PHPbb Group PHPbb

Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within an IMG image tag while editing a message.

5.1
2002-08-12 CVE-2002-0474 Zeroforum Unspecified vulnerability in Zeroforum 1.0

Cross-site scripting vulnerability in ZeroForum allows remote attackers to execute arbitrary Javascript on web clients by embedding the script within IMG image tag.

5.1
2002-08-12 CVE-2002-0848 Cisco Unspecified vulnerability in Cisco VPN 5000 Concentrator Series Software

Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, and 5.2.23.0003 and earlier, when using RADIUS with a challenge type of Password Authentication Protocol (PAP) or Challenge, sends the user password in cleartext in a validation retry request, which could allow remote attackers to steal passwords via sniffing.

5.0
2002-08-12 CVE-2002-0830 Freebsd Denial Of Service vulnerability in Multiple Vendor BSD NFS Zero-Length RPC Message

Network File System (NFS) in FreeBSD 4.6.1 RELEASE-p7 and earlier, NetBSD 1.5.3 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service (hang) via an RPC message with a zero length payload, which causes NFS to reference a previous payload and enter an infinite loop.

5.0
2002-08-12 CVE-2002-0810 Mozilla Unspecified vulnerability in Mozilla Bugzilla 2.14/2.14.1/2.16

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error messages from the syncshadowdb command to the HTML output, which could leak sensitive information, including plaintext passwords, if syncshadowdb fails.

5.0
2002-08-12 CVE-2002-0803 Mozilla Unspecified vulnerability in Mozilla Bugzilla 2.14/2.14.1/2.16

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote attackers to display restricted products and components via a direct HTTP request to queryhelp.cgi.

5.0
2002-08-12 CVE-2002-0800 Working Resources INC Unspecified vulnerability in Working Resources Inc. Badblue 1.7.0

BadBlue 1.7.0 allows remote attackers to list the contents of directories via a URL with an encoded '%' character at the end.

5.0
2002-08-12 CVE-2002-0794 Freebsd Denial of Service vulnerability in Freebsd 4.5

The accept_filter mechanism in FreeBSD 4 through 4.5 does not properly remove entries from the incomplete listen queue when adding a syncache, which allows remote attackers to cause a denial of service (network service availability) via a large number of connection attempts, which fills the queue.

5.0
2002-08-12 CVE-2002-0792 Cisco Denial Of Service vulnerability in Cisco Content Service Switch HTTPS Post

The web management interface for Cisco Content Service Switch (CSS) 11000 switches allows remote attackers to cause a denial of service (soft reset) via (1) an HTTPS POST request, or (2) malformed XML data.

5.0
2002-08-12 CVE-2002-0791 Novell Denial Of Service vulnerability in Novell Netware 5.1/6.0

Novell Netware FTP server NWFTPD before 5.02r allows remote attackers to cause a denial of service (CPU consumption) via a connection to the server followed by a carriage return, and possibly other invalid commands with improper syntax or length.

5.0
2002-08-12 CVE-2002-0786 Critical Path Unspecified vulnerability in Critical Path Injoin Directory Server 4.0

iCon administrative web server for Critical Path inJoin Directory Server 4.0 allows authenticated inJoin administrators to read arbitrary files by specifying the target file in the LOG parameter.

5.0
2002-08-12 CVE-2002-0785 AOL Unspecified vulnerability in AOL Instant Messenger

AOL Instant Messenger (AIM) allows remote attackers to cause a denial of service (crash) via an "AddBuddy" link with the ScreenName parameter set to a large number of comma-separated values, possibly triggering a buffer overflow.

5.0
2002-08-12 CVE-2002-0784 Lysias Directory Traversal vulnerability in Lysias Lidik Webserver 0.7B

Directory traversal vulnerability in Lysias Lidik web server 0.7b allows remote attackers to list directories via an HTTP request with a ...

5.0
2002-08-12 CVE-2002-0782 Novell Denial of Service vulnerability in Novell Bordermanager 3.5

Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled allows remote attackers to cause a denial of service by filling the connection table with a large number of connection requests to hosts that do not have a specific route, which may be forwarded to the public interface.

5.0
2002-08-12 CVE-2002-0781 Novell Denial Of Service vulnerability in Novell Bordermanager 3.6

RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service via a GET request to port 9090 followed by a series of carriage returns, which causes proxy.nlm to ABEND.

5.0
2002-08-12 CVE-2002-0780 Novell Denial of Service vulnerability in Novell Bordermanager 3.6

IP/IPX gateway for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service via a connection to port 8225 with a large amount of random data, which causes ipipxgw.nlm to ABEND.

5.0
2002-08-12 CVE-2002-0779 Novell Denial Of Service vulnerability in Novell Bordermanager 3.6

FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote attackers to cause a denial of service (network connectivity loss) via a connection to port 21 with a large amount of random data.

5.0
2002-08-12 CVE-2002-0775 Hosting Controller Remote Security vulnerability in Hosting Controller

browse.asp in Hosting Controller allows remote attackers to view arbitrary directories by specifying the target pathname in the FilePath parameter.

5.0
2002-08-12 CVE-2002-0770 ID Software Remote Information Disclosure vulnerability in id Software Quake II Server 3.20/3.21

Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand "$" macros, which causes the server to expand the macros and leak the information, as demonstrated using "say $rcon_password."

5.0
2002-08-12 CVE-2002-0759 Bzip Unspecified vulnerability in Bzip Bzip2

bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, does not use the O_EXCL flag to create files during decompression and does not warn the user if an existing file would be overwritten, which could allow attackers to overwrite files via a bzip2 archive.

5.0
2002-08-12 CVE-2002-0752 Cgiscript NET Information Disclosure vulnerability in csMailto

CGIscript.net csMailto.cgi program exports feedback to a file that is accessible from the web document root, which could allow remote attackers to obtain sensitive information by directly accessing the file.

5.0
2002-08-12 CVE-2002-0750 Cgiscript NET Remote Security vulnerability in csMailto

CGIscript.net csMailto.cgi program allows remote attackers to read arbitrary files by specifying the target filename in the form-attachment field.

5.0
2002-08-12 CVE-2002-0748 National Instruments Denial of Service vulnerability in National Instruments Labview 5.1.1/6.0/6.1

LabVIEW Web Server 5.1.1 through 6.1 allows remote attackers to cause a denial of service (crash) via an HTTP GET request that ends in two newline characters, instead of the expected carriage return/newline combinations.

5.0
2002-08-12 CVE-2002-0741 Psychoid Denial Of Service vulnerability in Psychoid Psybnc 2.3

psyBNC 2.3 allows remote attackers to cause a denial of service (CPU consumption and resource exhaustion) by sending a PASS command with a long password argument and quickly killing the connection, which is not properly terminated by psyBNC.

5.0
2002-08-12 CVE-2002-0729 Microsoft Unspecified vulnerability in Microsoft SQL Server 2000

Microsoft SQL Server 2000 allows remote attackers to cause a denial of service via a malformed 0x08 packet that is missing a colon separator.

5.0
2002-08-12 CVE-2002-0728 Greg Roelofs Unspecified vulnerability in Greg Roelofs Libpng 1.0.14/1.2.4

Buffer overflow in the progressive reader for libpng 1.2.x before 1.2.4, and 1.0.x before 1.0.14, allows attackers to cause a denial of service (crash) via a PNG data stream that has more IDAT data than indicated by the IHDR chunk.

5.0
2002-08-12 CVE-2002-0659 Openssl
Oracle
Apple
Denial Of Service vulnerability in OpenSSL ASN.1 Parsing Error

The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, allows remote attackers to cause a denial of service via invalid encodings.

5.0
2002-08-12 CVE-2002-0650 Microsoft Denial of Service vulnerability in Microsoft SQL Server 2000

The keep-alive mechanism for Microsoft SQL Server 2000 allows remote attackers to cause a denial of service (bandwidth consumption) via a "ping" style packet to the Resolution Service (UDP port 1434) with a spoofed IP address of another SQL Server system, which causes the two servers to exchange packets in an infinite loop.

5.0
2002-08-12 CVE-2002-0534 Postboard Denial Of Service vulnerability in PostBoard BBCode

PostBoard 2.0.1 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags.

5.0
2002-08-12 CVE-2002-0533 Phpbb Group Unspecified vulnerability in PHPbb Group PHPbb

phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a denial of service (CPU consumption) and corrupt the database via null \0 characters within [code] tags.

5.0
2002-08-12 CVE-2002-0531 Emumail Unspecified vulnerability in Emumail Emumail, Emumail RED HAT Linux and Emumail Unix

Directory traversal vulnerability in emumail.cgi in EMU Webmail 4.5.x and 5.1.0 allows remote attackers to read arbitrary files or list arbitrary directories via a ..

5.0
2002-08-12 CVE-2002-0527 Watchguard Unspecified vulnerability in Watchguard Soho Firewall 5.0.28/5.0.29/5.0.31

Watchguard SOHO firewall before 5.0.35 allows remote attackers to cause a denial of service (crash and reboot) when SOHO forwards a packet with bad IP options.

5.0
2002-08-12 CVE-2002-0524 ASP Nuke Information Disclosure vulnerability in ASP-Nuke Forged Cookie

ASP-Nuke RC2 and earlier allows remote attackers to determine the absolute path of the server by (1) calling database-inc.asp with incorrect cookies, or (2) calling Post.asp with certain arguments, which leak the pathname in an error message.

5.0
2002-08-12 CVE-2002-0523 ASP Nuke Information Disclosure vulnerability in ASP-Nuke Forged Cookie

ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in users by submitting an invalid "pseudo" cookie.

5.0
2002-08-12 CVE-2002-0518 Freebsd Denial Of Service vulnerability in Freebsd 4.5

The SYN cache (syncache) and SYN cookie (syncookie) mechanism in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (crash) (1) via a SYN packet that is accepted using syncookies that causes a null pointer to be referenced for the socket's TCP options, or (2) by killing and restarting a process that listens on the same socket, which does not properly clear the old inpcb pointer on restart.

5.0
2002-08-12 CVE-2002-0515 Darren Reed Unspecified vulnerability in Darren Reed Ipfilter 3.4.25

IPFilter 3.4.25 and earlier sets a different TTL when a port is being filtered than when it is not being filtered, which allows remote attackers to identify filtered ports by comparing TTLs.

5.0
2002-08-12 CVE-2002-0514 Openbsd Unspecified vulnerability in Openbsd 3.0

PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the RST packet, which allows remote attackers to determine if a port is being filtered because the TTL is different than the default TTL.

5.0
2002-08-12 CVE-2002-0510 Linux Unspecified vulnerability in Linux Kernel

The UDP implementation in Linux 2.4.x kernels keeps the IP Identification field at 0 for all non-fragmented packets, which could allow remote attackers to determine that a target system is running Linux.

5.0
2002-08-12 CVE-2002-0509 Oracle Denial of Service vulnerability in Oracle 9i TNS

Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allows remote attackers to cause a denial of service (CPU consumption) via a single malformed TCP packet to port 1521.

5.0
2002-08-12 CVE-2002-0505 Cisco Denial of Service vulnerability in Cisco CallManager CTI Memory Leak

Memory leak in the Call Telephony Integration (CTI) Framework authentication for Cisco CallManager 3.0 and 3.1 before 3.1(3) allows remote attackers to cause a denial of service (crash and reload) via a series of authentication failures, e.g.

5.0
2002-08-12 CVE-2002-0503 Citrix Unspecified vulnerability in Citrix Nfuse 1.5

Directory traversal vulnerability in boilerplate.asp for Citrix NFuse 1.5 allows remote authenticated users to read arbitrary files via a ..

5.0
2002-08-12 CVE-2002-0502 Citrix Unspecified vulnerability in Citrix Nfuse 1.6

Citrix NFuse 1.6 may allow remote attackers to list applications without authentication by accessing the applist.asp page.

5.0
2002-08-12 CVE-2002-0500 Microsoft Unspecified vulnerability in Microsoft Internet Explorer

Internet Explorer 5.0 through 6.0 allows remote attackers to determine the existence of files on the client via an IMG tag with a dynsrc property that references the target file, which sets certain elements of the image object such as file size.

5.0
2002-08-12 CVE-2002-0496 Southwest Denial of Service vulnerability in Southwest 1.0.0

The HTTP server for SouthWest Talker server 1.0.0 allows remote attackers to cause a denial of service (server crash) via a malformed URL to port 5002.

5.0
2002-08-12 CVE-2002-0492 Dcscripts Remote Security vulnerability in Dcscripts Dcshop 1.002Beta

dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete arbitrary setup files via a null character in the database parameter.

5.0
2002-08-12 CVE-2002-0485 Symantec Unspecified vulnerability in Symantec Norton Antivirus

Norton Anti-Virus (NAV) allows remote attackers to bypass content filtering via attachments whose Content-Type and Content-Disposition headers are mixed upper and lower case, which is ignored by some mail clients.

5.0
2002-08-12 CVE-2002-0484 PHP Unspecified vulnerability in PHP

move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system.

5.0
2002-08-12 CVE-2002-0483 Francisco Burzi Unspecified vulnerability in Francisco Burzi PHP-Nuke

index.php for PHP-Nuke 5.4 and earlier allows remote attackers to determine the physical pathname of the web server when the file parameter is set to index.php, which triggers an error message that leaks the pathname.

5.0
2002-08-12 CVE-2002-0482 Newlog Directory Traversal vulnerability in NEWLOG NetSupport Manager 5.5/6.10

Directory traversal vulnerability in PCI Netsupport Manager before version 7, when running web extensions, allows remote attackers to read arbitrary files via a ..

5.0
2002-08-12 CVE-2002-0478 Foundrynet Unspecified vulnerability in Foundrynet Edgeiron 4802F

The default configuration of Foundry Networks EdgeIron 4802F allows remote attackers to modify sensitive information via arbitrary SNMP community strings.

5.0
2002-08-12 CVE-2002-0476 Macromedia Unspecified vulnerability in Macromedia Flash Player 5.0

Standalone Macromedia Flash Player 5.0 allows remote attackers to save arbitrary files and programs via a .SWF file containing the undocumented "save" FSCommand.

5.0
2002-08-12 CVE-2002-0472 Microsoft Unspecified vulnerability in Microsoft MSN Messenger 3.6

MSN Messenger Service 3.6, and possibly other versions, uses weak authentication when exchanging messages between clients, which allows remote attackers to spoof messages from other users.

5.0
2002-08-12 CVE-2002-0466 Hosting Controller Directory Traversal vulnerability in Hosting Controller Hosting Controller 1.4/1.4.1

Hosting Controller 1.4.1 and earlier allows remote attackers to browse arbitrary directories via a full C: style pathname in the filepath arguments to (1) Statsbrowse.asp, (2) servubrowse.asp, (3) browsedisk.asp, (4) browsewebalizerexe.asp, or (5) sqlbrowse.asp.

5.0
2002-08-12 CVE-2002-0463 Arsc Really Simple Chat Path Disclosure vulnerability in ARSC Really Simple Chat 1.0/1.0.1

home.php in ARSC (Really Simple Chat) 1.0.1 and earlier allows remote attackers to determine the full pathname of the web server via an invalid language in the arsc_language parameter, which leaks the pathname in an error message.

5.0
2002-08-12 CVE-2002-0461 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 5.0.1/5.5/6.0

Internet Explorer 5.01 through 6 allows remote attackers to cause a denial of service (application crash) via Javascript in a web page that calls location.replace on itself, causing a loop.

5.0
2002-08-12 CVE-2002-0460 Bitvise Unspecified vulnerability in Bitvise Winsshd 1.1

Bitvise WinSSHD before 2002-03-16 allows remote attackers to cause a denial of service (resource exhaustion) via a large number of incomplete connections that are not properly terminated, which are not properly freed by SSHd.

5.0
2002-08-12 CVE-2002-0456 Qualcomm Unspecified vulnerability in Qualcomm Eudora 5.1

Eudora 5.1 and earlier versions stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames.

5.0
2002-08-12 CVE-2002-0455 Incredimail Unspecified vulnerability in Incredimail Build1400185/Build560/Build618

IncrediMail stores attachments in a directory with a fixed name, which could make it easier for attackers to exploit vulnerabilities in other software that rely on installing and reading files from directories with known pathnames.

5.0
2002-08-12 CVE-2002-0454 Qualcomm Remote Denial of Service vulnerability in Qualcomm QPopper

Qpopper (aka in.qpopper or popper) 4.0.3 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a very large string, which causes an infinite loop.

5.0
2002-08-12 CVE-2002-0425 Khaled Mardam BEY Unspecified vulnerability in Khaled Mardam-Bey Mirc 6.0/6.01

mIRC DCC server protocol allows remote attackers to gain sensitive information such as alternate IRC nicknames via a "100 testing" message in a DCC connection request that cannot be ignored or canceled by the user, which may leak the alternate nickname in a response message.

5.0
2002-08-12 CVE-2002-0421 Microsoft Unspecified vulnerability in Microsoft Windows NT 4.0

IIS 4.0 allows local users to bypass the "User cannot change password" policy for Windows NT by directly calling .htr password changing programs in the /iisadmpwd directory, including (1) aexp2.htr, (2) aexp2b.htr, (3) aexp3.htr , or (4) aexp4.htr.

5.0
2002-08-12 CVE-2002-0419 Microsoft Information Exposure vulnerability in Microsoft products

Information leaks in IIS 4 through 5.1 allow remote attackers to obtain potentially sensitive information or more easily conduct brute force attacks via responses from the server in which (2) in certain configurations, the server IP address is provided as the realm for Basic authentication, which could reveal real IP addresses that were obscured by NAT, or (3) when NTLM authentication is used, the NetBIOS name of the server and its Windows NT domain are revealed in response to an Authorization request.

5.0
2002-08-12 CVE-2002-0418 Endymion Unspecified vulnerability in Endymion Sake Mail

Directory traversal vulnerability in the com.endymion.sake.servlet.mail.MailServlet servlet for Endymion SakeMail 1.0.36 and earlier allows remote attackers to read arbitrary files via a ..

5.0
2002-08-12 CVE-2002-0417 Endymion Unspecified vulnerability in Endymion Mailman Webmail

Directory traversal vulnerability in Endymion MailMan before 3.1 allows remote attackers to read arbitrary files via a ..

5.0
2002-08-12 CVE-2002-0849 Cisco Information Disclosure vulnerability in iSCSI Insecure Configuration File Permissions

Linux-iSCSI iSCSI implementation installs the iscsi.conf file with world-readable permissions on some operating systems, including Red Hat Linux Limbo Beta #1, which could allow local users to gain privileges by reading the cleartext CHAP password.

4.6
2002-08-12 CVE-2002-0844 Derek Price Local Buffer Overflow vulnerability in Derek Price Cvsd 1.11.2

Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD before 1.11.2 allows local users to execute arbitrary code.

4.6
2002-08-12 CVE-2002-0829 Freebsd Unspecified vulnerability in Freebsd

Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD 4.6.1 RELEASE-p4 and earlier allows local users to access arbitrary file contents within FFS to gain privileges by creating a file that is larger than allowed by the virtual memory system.

4.6
2002-08-12 CVE-2002-0805 Mozilla Unspecified vulnerability in Mozilla Bugzilla 2.14/2.14.1/2.16

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new directories with world-writable permissions, and (2) creates the params file with world-writable permissions, which allows local users to modify the files and execute code.

4.6
2002-08-12 CVE-2002-0793 QNX Unspecified vulnerability in QNX Rtos 4.25

Hard link and possibly symbolic link following vulnerabilities in QNX RTOS 4.25 (aka QNX4) allow local users to overwrite arbitrary files via (1) the -f argument to the monitor utility, (2) the -d argument to dumper, (3) the -c argument to crttrap, or (4) using the Watcom sample utility.

4.6
2002-08-12 CVE-2002-0512 Caldera Unspecified vulnerability in Caldera Openlinux Server and Openlinux Workstation

startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the LD_LIBRARY_PATH environment variable to include the current working directory, which could allow local users to gain privileges of other users running startkde via Trojan horse libraries.

4.6
2002-08-12 CVE-2002-0498 Etnus Privilege Escalation vulnerability in Etnus Totalview 5.0.04

Etnus TotalView 5.0.0-4 installs certain files with UID 5039 and GID 59, which could allow local users with that UID or GID to modify the files and gain privileges as other TotalView users.

4.6
2002-08-12 CVE-2002-0487 Workforceroi Unspecified vulnerability in Workforceroi Xpede 4.1/7.0

Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "session timeout" re-authentication capability, which could allow local users with access to gain privileges of other Xpede users by reading the password from the source file, e.g.

4.6
2002-08-12 CVE-2002-0468 Ecartis
Listar
Local Buffer Overflow vulnerability in Ecartis/Listar

Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot 20020427 and earlier allow local users to gain privileges via (1) a long command line argument, which is not properly handled in core.c, or possibly via bad uses of sprintf() in (2) moderate.c, (3) lcgi.c, (4) fileapi.c, (5) cookie.c, (6) codes.c, or other files.

4.6
2002-08-12 CVE-2002-0424 Efingerd Unspecified vulnerability in Efingerd 1.3/1.6.1

efingerd 1.61 and earlier, when configured without the -u option, executes .efingerd files as the efingerd user (typically "nobody"), which allows local users to gain privileges as the efingerd user by modifying their own .efingerd file and running finger.

4.6
2002-08-14 CVE-2002-1453 Mywebserver HTML Injection vulnerability in Mywebserver 1.0.2

Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows remote attackers to insert script and HTML via a long request followed by the malicious script, which is echoed back to the user in an error message.

4.3
2002-08-12 CVE-2002-1445 W3C Cross-Site Scripting vulnerability in W3C Cern Httpd 3.0

Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows remote attackers to execute script as other users via a link to a non-existent page whose name contains the script, which is inserted into the resulting error page.

4.3

16 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2002-08-12 CVE-2002-0430 SUN Authentication Bypass vulnerability in SUN Cobalt RAQ 2, Cobalt RAQ 3I and Cobalt RAQ 4

MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration interface allows local users to bypass authentication and overwrite arbitrary files via a symlink attack on a temporary file, followed by a request to MultiFileUpload.php.

3.7
2002-08-12 CVE-2002-0429 Linux Unspecified vulnerability in Linux Kernel 2.4.18

The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a a binary compatibility interface (lcall).

3.6
2002-08-15 CVE-2002-1444 Microsoft
Google
The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and 6.0, allows remote attackers to cause a denial of service (crash with an exception in oleaut32.dll) via malicious HTML, possibly related to small width and height parameters or an incorrect call to the Google.Search() function.
2.6
2002-08-12 CVE-2002-0422 Microsoft Information Exposure vulnerability in Microsoft Internet Information Services 5.0

IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to determine the internal IP address of the system (which may be obscured by NAT) via (1) a PROPFIND HTTP request with a blank Host header, which leaks the address in an HREF property in a 207 Multi-Status response, or (2) via the WRITE or MKCOL method, which leaks the IP in the Location server header.

2.6
2002-08-12 CVE-2002-0831 Freebsd Denial Of Service vulnerability in FreeBSD kqueue Kernel Panic

The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local users to cause a denial of service (kernel panic) via a pipe call in which one end is terminated and an EVFILT_WRITE filter is registered for the other end.

2.1
2002-08-12 CVE-2002-0806 Mozilla Unspecified vulnerability in Mozilla Bugzilla 2.14/2.14.1/2.16

Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authenticated users with editing privileges to delete other users by directly calling the editusers.cgi script with the "del" option.

2.1
2002-08-12 CVE-2002-0798 HP Denial Of Service vulnerability in HP-UX SD Data View

Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows local users to view obtain data views for files that cannot be directly read by the user, which reportedly can be used to cause a denial of service.

2.1
2002-08-12 CVE-2002-0795 Freebsd Unspecified vulnerability in Freebsd 4.5

The rc system startup script for FreeBSD 4 through 4.5 allows local users to delete arbitrary files via a symlink attack on X Windows lock files.

2.1
2002-08-12 CVE-2002-0790 IBM Local Security vulnerability in IBM AIX

clchkspuser and clpasswdremote in AIX expose an encrypted password in the cspoc.log file, which could allow local users to gain privileges.

2.1
2002-08-12 CVE-2002-0788 PGP Unspecified vulnerability in PGP Corporate Desktop, Freeware and Personal Security

An interaction between PGP 7.0.3 with the "wipe deleted files" option, when used on Windows Encrypted File System (EFS), creates a cleartext temporary files that cannot be wiped or deleted due to strong permissions, which could allow certain local users or attackers with physical access to obtain cleartext information.

2.1
2002-08-12 CVE-2002-0761 Bzip Symbolic Link Permissions vulnerability in bzip2 Archive Inherited

bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly systems, uses the permissions of symbolic links instead of the actual files when creating an archive, which could cause the files to be extracted with less restrictive permissions than intended.

2.1
2002-08-12 CVE-2002-0507 Microsoft
RSA
Improper Authentication vulnerability in multiple products

An interaction between Microsoft Outlook Web Access (OWA) with RSA SecurID allows local users to bypass the SecurID authentication for a previous user via several submissions of an OWA Authentication request with the proper OWA password for the previous user, which is eventually accepted by OWA.

2.1
2002-08-12 CVE-2002-0499 Linux Unspecified vulnerability in Linux Kernel

The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and earlier, truncates long pathnames without generating an error, which could allow local users to force programs to perform inappropriate operations on the wrong directories.

2.1
2002-08-12 CVE-2002-0497 MTR Buffer Overflow vulnerability in MTR 0.41

Buffer overflow in mtr 0.46 and earlier, when installed setuid root, allows local users to access a raw socket via a long MTR_OPTIONS environment variable.

2.1
2002-08-12 CVE-2002-0415 Realnetworks Directory Traversal vulnerability in Realnetworks Realplayer 6.0

Directory traversal vulnerability in the web server used in RealPlayer 6.0.7, and possibly other versions, may allow local users to read files that are accessible to RealPlayer via a ..

1.7
2002-08-12 CVE-2002-0760 Bzip Unspecified vulnerability in Bzip Bzip2

Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1, and possibly other operating systems, decompresses files with world-readable permissions before setting the permissions to what is specified in the bzip2 archive, which could allow local users to read the files as they are being decompressed.

1.2