Weekly Vulnerabilities Reports > March 31 to April 6, 2003

Overview

107 new vulnerabilities reported during this period, including 8 critical vulnerabilities and 35 high severity vulnerabilities. This weekly summary report vulnerabilities in 99 products from 75 vendors including Cisco, IBM, Mozilla, SUN, and Cerulean Studios. Vulnerabilities are notably categorized as .

  • 81 reported vulnerabilities are remotely exploitables.
  • 107 reported vulnerabilities are exploitable by an anonymous user.
  • Cisco has the most reported vulnerabilities, with 8 reported vulnerabilities.
  • HP has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

8 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-04-02 CVE-2003-0178 IBM Buffer Overflow vulnerability in IBM Lotus Domino web Server 6.0

Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 allow remote attackers to cause a denial of service or execute arbitrary code via (1) the s_ViewName option in the PresetFields parameter for iNotes, (2) the Foldername option in the PresetFields parameter for iNotes, or (3) a long Host header, which is inserted into a long Location header and used during a redirect operation.

10.0
2003-04-02 CVE-2003-0161 Sendmail
Compaq
HP
SUN
The prescan() function in the address parser (parseaddr.c) in Sendmail before 8.12.9 does not properly handle certain conversions from char and int types, which can cause a length check to be disabled when Sendmail misinterprets an input value as a special "NOCHAR" control value, allowing attackers to cause a denial of service and possibly execute arbitrary code via a buffer overflow attack using messages, a different vulnerability than CVE-2002-1337.
10.0
2003-04-02 CVE-2002-1520 Rapidstream
Watchguard
The CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, does not properly close the SSH connection when a -N option is provided during authentication, which allows remote attackers to access CLI with administrator privileges.
10.0
2003-04-02 CVE-2002-1519 Rapidstream
Watchguard
Format string vulnerability in the CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the password parameter.
10.0
2003-03-31 CVE-2003-0085 Samba
HP
Buffer Overflow vulnerability in Samba SMB/CIFS Packet Assembling

Buffer overflow in the SMB/CIFS packet fragment re-assembly code for SMB daemon (smbd) in Samba before 2.2.8, and Samba-TNG before 0.3.1, allows remote attackers to execute arbitrary code.

10.0
2003-03-31 CVE-2002-1560 Martin Bauer Unspecified vulnerability in Martin Bauer Gbook 1.4

index.php in gBook 1.4 allows remote attackers to bypass authentication and gain administrative privileges by setting the login parameter to true.

10.0
2003-03-31 CVE-2002-1558 Cisco Unspecified vulnerability in Cisco Optical Networking Systems Software

Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for the VxWorks Operating System in the TCC, TCC+ and XTC that cannot be changed or disabled, which allows remote attackers to gain privileges by connecting to the account via Telnet.

10.0
2003-03-31 CVE-2002-1537 Phpbb Group Unspecified vulnerability in PHPbb Group PHPbb 2.0.0

admin_ug_auth.php in phpBB 2.0.0 allows local users to gain administrator privileges by directly calling admin_ug_auth.php with modifed form fields such as "u".

10.0

35 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-04-02 CVE-2003-0179 IBM Buffer Overflow vulnerability in IBM Lotus Domino web Server and Lotus Notes Client

Buffer overflow in the COM Object Control Handler for Lotus Domino 6.0.1 and earlier allows remote attackers to execute arbitrary code via multiple attack vectors, as demonstrated using the InitializeUsingNotesUserName method in the iNotes ActiveX control.

7.5
2003-04-02 CVE-2003-0172 PHP Buffer Overflow vulnerability in PHP 4.3.1

Buffer overflow in openlog function for PHP 4.3.1 on Windows operating system, and possibly other OSes, allows remote attackers to cause a crash and possibly execute arbitrary code via a long filename argument.

7.5
2003-04-02 CVE-2003-0168 Apple Unspecified vulnerability in Apple Quicktime 5.0/6.0

Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows allows remote attackers to execute arbitrary code via a long QuickTime URL.

7.5
2003-04-02 CVE-2003-0167 Mutt Remote Folder Buffer Overflow vulnerability in Mutt IMAP

Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 and earlier, allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder, a different vulnerability than CVE-2003-0140.

7.5
2003-04-02 CVE-2003-0166 PHP Unspecified vulnerability in PHP

Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions.

7.5
2003-04-02 CVE-2003-0162 Ecartis Unspecified vulnerability in Ecartis 1.0.0Snapshot20021013

Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote attackers to reset passwords of other users and gain privileges by modifying hidden form fields in the HTML page.

7.5
2003-04-02 CVE-2003-0159 Ethereal Group Unspecified vulnerability in Ethereal Group Ethereal

Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.

7.5
2003-04-02 CVE-2003-0152 Mozilla Remote Command Execution vulnerability in Mozilla Bonsai 1.3

Unknown vulnerability in bonsai Mozilla CVS query tool allows remote attackers to execute arbitrary commands as the www-data user.

7.5
2003-04-02 CVE-2003-0106 Symantec Unspecified vulnerability in Symantec Enterprise Firewall 7.0

The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy users to bypass pattern matching for blocked URLs via requests that are URL-encoded with escapes, Unicode, or UTF-8.

7.5
2003-04-02 CVE-2002-1524 Nullsoft Buffer Overflow vulnerability in Nullsoft Winamp 3.0

Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execute arbitrary code via a skin file (.wal) with a long include file tag.

7.5
2003-04-02 CVE-2002-1505 Woltlab SQL Injection vulnerability in Woltlab Burning Board 2.0Beta3/2.0Beta4/2.0Beta5

SQL injection vulnerability in board.php for WoltLab Burning Board (wBB) 2.0 RC 1 and earlier allows remote attackers to modify the database and possibly gain privileges via the boardid parameter.

7.5
2003-04-02 CVE-2002-1499 Factosystem SQL Injection vulnerability in Factosystem Weblog 0.9B/1.0Beta/1.1Beta

Multiple SQL injection vulnerabilities in FactoSystem CMS allows remote attackers to perform unauthorized database actions via (1) the authornumber parameter in author.asp, (2) the discussblurbid parameter in discuss.asp, (3) the name parameter in holdcomment.asp, and (4) the email parameter in holdcomment.asp.

7.5
2003-04-02 CVE-2002-1496 Nulllogic Remote Heap Overflow vulnerability in Null HTTPd

Heap-based buffer overflow in Null HTTP Server 0.5.0 and earlier allows remote attackers to execute arbitrary code via a negative value in the Content-Length HTTP header.

7.5
2003-04-02 CVE-2002-1489 Planetdns Buffer Overflow vulnerability in Planetdns Planetweb

Buffer overflow in PlanetDNS PlanetWeb 1.14 and earlier allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long URL or (2) a request with a long method name.

7.5
2003-04-02 CVE-2002-1486 Cerulean Studios Buffer Overflow vulnerability in Cerulean Studios Trillian 0.725/0.73/0.74

Multiple buffer overflows in the IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service and possibly execute arbitrary code via (1) a large response from the server, (2) a JOIN with a long channel name, (3) a long "raw 221" message, (4) a PRIVMSG with a long nickname, or (5) a long response from an IDENT server.

7.5
2003-03-31 CVE-2003-0146 Netpbm Buffer Overflow vulnerability in Multiple Netpbm

Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly other versions, may allow remote attackers to cause a denial of service or execute arbitrary code via "maths overflow errors" such as (1) integer signedness errors or (2) integer overflows, which lead to buffer overflows.

7.5
2003-03-31 CVE-2003-0109 Microsoft Buffer Overflow vulnerability in Microsoft Windows 2000 and Windows 2000 Terminal Services

Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4.0 Terminal Server Edition, Windows 2000, and Windows XP allows remote attackers to execute arbitrary code, as demonstrated via a WebDAV request to IIS 5.0.

7.5
2003-03-31 CVE-2003-0080 Gnome Unspecified vulnerability in Gnome Gnome-Lokkit 0.5021

The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not include any rules in the FORWARD chain, which could allow attackers to bypass intended access restrictions if packet forwarding is enabled.

7.5
2003-03-31 CVE-2002-1553 Cisco Unspecified vulnerability in Cisco Optical Networking Systems Software

Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote attackers to modify the system configuration and delete files by establishing an FTP connection to the TCC, TCC+ or XTC using a username and password that does not exist.

7.5
2003-03-31 CVE-2002-1552 Novell Unspecified vulnerability in Novell Edirectory

Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows users with expired passwords to gain inappropriate permissions when logging in from Remote Manager.

7.5
2003-03-31 CVE-2002-1549 Light Httpd Buffer Overflow vulnerability in Light Httpd Light Httpd 0.1

Buffer overflow in Light HTTPd (lhttpd) 0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request.

7.5
2003-03-31 CVE-2002-1546 BRS Unspecified vulnerability in BRS Webweaver 1.0.1

BRS WebWeaver Web Server 1.01 allows remote attackers to bypass password protections for files and directories via an HTTP request containing a "/./" sequence.

7.5
2003-03-31 CVE-2002-1541 Working Resources INC Unspecified vulnerability in Working Resources Inc. Badblue 1.7.0

BadBlue 1.7 allows remote attackers to bypass password protections for directories and files via an HTTP request containing an extra / (slash).

7.5
2003-03-31 CVE-2002-1536 Hans Persson Remote Command Execution vulnerability in Hans Persson Molly 0.5

Molly IRC bot 0.5 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the $host variable for nslookup.pl, (2) the $to, $from, or $message variables in pop.pl, (3) the $words or $text variables in sms.pl, or (4) the $server or $printer variables in hpled.pl.

7.5
2003-04-02 CVE-2003-0092 SUN Buffer Overflow vulnerability in SUN Solaris and Sunos

Heap-based buffer overflow in dtsession for Solaris 2.5.1 through Solaris 9 allows local users to gain root privileges via a long HOME environment variable.

7.2
2003-04-02 CVE-2003-0091 SUN Unspecified vulnerability in SUN Solaris and Sunos

Stack-based buffer overflow in the bsd_queue() function for lpq on Solaris 2.6 and 7 allows local users to gain root privilege.

7.2
2003-04-02 CVE-2002-1514 Borland Software Unspecified vulnerability in Borland Software Interbase

gds_lock_mgr in Borland InterBase allows local users to overwrite files and gain privileges via a symlink attack on a "isc_init1.X" temporary file, as demonstrated by modifying the xinetdbd file.

7.2
2003-04-02 CVE-2002-1506 Jacques Gelinas Local Environment Variable Buffer Overflow vulnerability in Linuxconf

Buffer overflow in Linuxconf before 1.28r4 allows local users to execute arbitrary code via a long LINUXCONF_LANG environment variable, which overflows an error string that is generated.

7.2
2003-04-02 CVE-2002-1503 AFD Local Buffer Overflow vulnerability in Multiple AFD Working Directory

Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and earlier allows local users to gain privileges via a long MON_WORK_DIR environment variable or -w (workdir) argument to (1) afd, (2) afdcmd, (3) afd_ctrl, (4) init_afd, (5) mafd, (6) mon_ctrl, (7) show_olog, or (8) udc.

7.2
2003-04-02 CVE-2002-1500 Netbsd Buffer Overflow vulnerability in NetBSD IPv4 Multicast Tools

Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD 1.4.x through 1.6 allows local users to gain privileges by executing the programs after filling the file descriptor tables, which produces file descriptors larger than FD_SETSIZE, which are not checked by FD_SET().

7.2
2003-04-02 CVE-2002-1492 Cisco Buffer Overrun vulnerability in Cisco VPN 5000 Client 5.2.6/5.2.7

Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, and VPN 5000 Client before 5.2.8 for Solaris, allow local users to gain root privileges via (1) close_tunnel and (2) open_tunnel.

7.2
2003-03-31 CVE-2003-0144 Lprold
BSD
Freebsd
Openbsd
Local Buffer Overflow vulnerability in Multiple Vendor LPRM

Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.

7.2
2003-03-31 CVE-2003-0127 Linux Unspecified vulnerability in Linux Kernel

The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel.

7.2
2003-03-31 CVE-2002-1548 IBM Local Security vulnerability in IBM AIX and Autofs

Unknown vulnerability in autofs on AIX 4.3.0, when using executable maps, allows attackers to execute arbitrary commands as root, possibly related to "string handling around how the executable map is called."

7.2
2003-03-31 CVE-2002-1540 Symantec Unspecified vulnerability in Symantec Norton Antivirus Corporate7.5/Corporate7.51/Corporate7.6

The client for Symantec Norton AntiVirus Corporate Edition 7.5.x before 7.5.1 Build 62 and 7.6.x before 7.6.1 Build 35a runs winhlp32 with raised privileges, which allows local users to gain privileges by using certain features of winhlp32.

7.2

59 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-04-02 CVE-2003-0154 Mozilla Cross-Site Scripting vulnerability in Mozilla Bonsai 1.3

Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244.

6.8
2003-03-31 CVE-2002-1544 Cooolsoft Directory Traversal vulnerability in Cooolsoft Personal FTP Server 2.24

Directory traversal vulnerability in CooolSoft Personal FTP Server 2.24 allows remote attackers to read or modify arbitrary files via ..

6.4
2003-04-02 CVE-2002-1512 Tolis Group Unspecified vulnerability in Tolis Group BRU 17.0

xbru in BRU Workstation 17.0 allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the xbru_dscheck.dd temporary file.

6.2
2003-04-02 CVE-2003-0160 Squirrelmail Unspecified vulnerability in Squirrelmail

Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser.

5.8
2003-03-31 CVE-2002-1533 Jetty Cross-Site Scripting vulnerability in Jetty 4.1.0Rc4

Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine allows remote attackers to insert arbitrary HTML or script via an HTTP request to a .jsp file whose name contains the malicious script and some encoded linefeed characters (%0a).

5.8
2003-04-02 CVE-2003-0141 Realnetworks Unspecified vulnerability in Realnetworks products

The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length.

5.1
2003-04-02 CVE-2003-0181 IBM Denial Of Service vulnerability in IBM Lotus Domino web Server 6.0

Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via a "Fictionary Value Field POST request" as demonstrated using the s_Validation form with a long, unknown parameter name.

5.0
2003-04-02 CVE-2003-0180 IBM Denial Of Service vulnerability in IBM Lotus Domino web Server 6.0

Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via an incomplete POST request, as demonstrated using the h_PageUI form.

5.0
2003-04-02 CVE-2003-0155 Mozilla Unspecified vulnerability in Mozilla Bonsai 1.3

bonsai Mozilla CVS query tool allows remote attackers to gain access to the parameters page without authentication.

5.0
2003-04-02 CVE-2003-0153 Mozilla Path Disclosure vulnerability in Mozilla Bonsai 1.3

bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog.cgi, (2) cvsview2.cgi, or (3) multidiff.cgi.

5.0
2003-04-02 CVE-2003-0083 Apache Unspecified vulnerability in Apache Http Server

Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not filter terminal escape sequences from its access logs, which could make it easier for attackers to insert those sequences into terminal emulators containing vulnerabilities related to escape sequences, a different vulnerability than CVE-2003-0020.

5.0
2003-04-02 CVE-2003-0082 MIT Buffer Underrun vulnerability in MIT Kerberos 5 Principal Name

The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun").

5.0
2003-04-02 CVE-2003-0072 MIT Buffer Overflow vulnerability in MIT Kerberos 5 Principal Name

The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka "array overrun").

5.0
2003-04-02 CVE-2002-1561 Microsoft Denial of Service vulnerability in Microsoft Windows RPC Service

The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference.

5.0
2003-04-02 CVE-2002-1528 Mondosoft Unspecified vulnerability in Mondosoft Mondosearch 4.4

MsmMask.exe in MondoSearch 4.4 allows remote attackers to obtain the source code of scripts via the mask parameter.

5.0
2003-04-02 CVE-2002-1527 Emumail Path Disclosure vulnerability in Emumail EMU Webmail 5.0

emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine the full pathname for emumail.cgi via a malformed string containing script, which generates a regular expression matching error that includes the pathname in the resulting error message.

5.0
2003-04-02 CVE-2002-1525 Astaware
SUN
Directory Traversal vulnerability in Sun ONE Starter Kit / ASTAware SearchDisc Search Engine

Directory traversal vulnerability in ASTAware SearchDisk engine for Sun ONE Starter Kit 2.0 allows remote attackers to read arbitrary files via a ..

5.0
2003-04-02 CVE-2002-1523 Daniel Arenz Directory Traversal vulnerability in Daniel Arenz Mini Server 2.1.6

Directory traversal vulnerability in Daniel Arenz Mini Server 2.1.6 allows remote attackers to read arbitrary files via (1) ../ (dot-dot slash) or (2) ..\ (dot-dot backslash) sequences.

5.0
2003-04-02 CVE-2002-1522 Cooolsoft Remote Denial Of Service vulnerability in Cooolsoft PowerFTP Server

Buffer overflow in PowerFTP FTP server 2.24, and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long USER argument.

5.0
2003-04-02 CVE-2002-1515 Coolforum Unspecified vulnerability in Coolforum 0.5Beta

Directory traversal vulnerability in avatar.php in CoolForum 0.5 beta allows remote attackers to read arbitrary files via ..

5.0
2003-04-02 CVE-2002-1507 Epic Games Denial-Of-Service vulnerability in Epic Games Unreal Tournament Server 2003

Unreal Tournament 2003 (ut2003) clients and servers allow remote attackers to cause a denial of service via malformed messages containing a small number of characters to UDP ports 7778 or 10777.

5.0
2003-04-02 CVE-2002-1504 Radiobird Software Directory Traversal vulnerability in Radiobird Software Webserver 4 Everyone 1.22

Directory traversal vulnerability in WebServer 4 Everyone 1.22 allows remote attackers to read arbitrary files via "..\" (dot-dot backslash) sequences in a URL.

5.0
2003-04-02 CVE-2002-1501 Enterasys Denial Of Service vulnerability in Enterasys SSR8000 SmartSwitch Port Scan

The MPS functionality in Enterasys SSR8000 (Smart Switch Router) before firmware 8.3.0.10 allows remote attackers to cause a denial of service (crash) via multiple port scans to ports 15077 and 15078.

5.0
2003-04-02 CVE-2002-1498 Trevor LEE Directory Traversal vulnerability in SWServer

Directory traversal vulnerability in SWServer 2.2 and earlier allows remote attackers to read arbitrary files via a URL containing ..

5.0
2003-04-02 CVE-2002-1491 Cisco Unspecified vulnerability in Cisco VPN 5000 Client 5.1.2/5.2.1

The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most recently used login password in plaintext when saving "Default Connection" settings, which could allow local users to gain privileges.

5.0
2003-04-02 CVE-2002-1488 Cerulean Studios Denial Of Service vulnerability in Cerulean Studios Trillian 0.74

The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) via a PART message with (1) a missing channel or (2) a channel that the Trillian user is not in.

5.0
2003-04-02 CVE-2002-1487 Cerulean Studios Denial Of Service vulnerability in Cerulean Studios Trillian 0.74

The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) by sending the raw messages (1) 206, (2) 211, (3) 213, (4) 214, (5) 215, (6) 217, (7) 218, (8) 243, (9) 302, (10) 317, (11) 324, (12) 332, (13) 333, (14) 352, and (15) 367.

5.0
2003-04-02 CVE-2002-1485 Cerulean Studios Remote Denial Of Service vulnerability in Cerulean Studios Trillian 0.73/0.74

The AIM component of Trillian 0.73 and 0.74 allows remote attackers to cause a denial of service (crash) via certain strings such as "P > O < C".

5.0
2003-03-31 CVE-2003-0147 Openpkg
Openssl
Stunnel
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal).
5.0
2003-03-31 CVE-2003-0145 LBL Denial-Of-Service vulnerability in tcpdump

Unknown vulnerability in tcpdump before 3.7.2 related to an inability to "Handle unknown RADIUS attributes properly," allows remote attackers to cause a denial of service (infinite loop), a different vulnerability than CAN-2003-0093.

5.0
2003-03-31 CVE-2002-1559 Research Systems INC Remote File Disclosure vulnerability in Research Systems Inc. ION Script 1.4

Directory traversal vulnerability in ion-p.exe (aka ion-p) allows remote attackers to read arbitrary files via (1) C: (drive letter) or (2) ..

5.0
2003-03-31 CVE-2002-1557 Cisco Denial of Service vulnerability in Cisco ONS15454/ONS15327 Optical Transport Platforms HTTP Request

Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset to TCC, TCC+, TCCi or XTC) via a malformed HTTP request that does not contain a leading / (slash) character.

5.0
2003-03-31 CVE-2002-1556 Cisco Denial Of Service vulnerability in Cisco ONS15454/ONS15327 Optical Transport Platforms CORBA IOR

Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset) via an HTTP request to the TCC, TCC+ or XTC, in which the request contains an invalid CORBA Interoperable Object Reference (IOR).

5.0
2003-03-31 CVE-2002-1555 Cisco Unspecified vulnerability in Cisco Optical Networking Systems Software

Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a "public" SNMP community string that cannot be changed, which allows remote attackers to obtain sensitive information.

5.0
2003-03-31 CVE-2002-1547 Juniper Unspecified vulnerability in Juniper Netscreen Screenos

Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers to cause a denial of service via a malformed SSH packet to the Secure Command Shell (SCS) management interface, as demonstrated via certain CRC32 exploits, a different vulnerability than CVE-2001-0144.

5.0
2003-03-31 CVE-2002-1545 Cooolsoft Remote Security vulnerability in Cooolsoft Personal FTP Server 2.24

CooolSoft Personal FTP Server 2.24 allows remote attackers to obtain the absolute pathname of the FTP root via a PWD command, which includes the full path in the response.

5.0
2003-03-31 CVE-2002-1542 Solarwinds Unspecified vulnerability in Solarwinds Tftp Server 5.0.55Standard

SolarWinds TFTP server 5.0.55 and earlier allows remote attackers to cause a denial of service (crash) via a large UDP datagram, possibly triggering a buffer overflow.

5.0
2003-03-31 CVE-2002-1539 ALT N Buffer Overflow vulnerability in Alt-N MDaemon POP Server

Buffer overflow in MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service via long (1) DELE or (2) UIDL arguments.

5.0
2003-03-31 CVE-2002-1538 Acuma Unspecified vulnerability in Acuma Acusend 4.0

Acuma Acusend 4, and possibly earlier versions, allows remote authenticated users to read the reports of other users by inferring the full URL, whose name is easily predictable.

5.0
2003-03-31 CVE-2002-1535 Symantec Information Disclosure vulnerability in Symantec Enterprise Firewall and Raptor Firewall

Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall 6.5.2 allows remote attackers to identify IP addresses of hosts on the internal network via a CONNECT request, which generates different error messages if the host is present.

5.0
2003-03-31 CVE-2002-1534 Macromedia Unspecified vulnerability in Macromedia Flash Player

Macromedia Flash Player allows remote attackers to read arbitrary files via XML script in a .swf file that is hosted on a remote SMB share.

5.0
2003-03-31 CVE-2002-1532 Surfcontrol Unspecified vulnerability in Surfcontrol Superscout Email Filter 3.5/3.5.1/4.0

The administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows remote attackers to cause a denial of service (resource exhaustion) via a GET request without the terminating /r/n/r/n (CRLF) sequence, which causes the interface to wait for the sequence and blocks other users from accessing it.

5.0
2003-03-31 CVE-2002-1531 Surfcontrol Unspecified vulnerability in Surfcontrol Superscout Email Filter 3.5/3.5.1/4.0

The administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows remote attackers to cause a denial of service (crash) via an HTTP request without a Content-Length parameter.

5.0
2003-03-31 CVE-2002-1530 Surfcontrol Unspecified vulnerability in Surfcontrol Superscout Email Filter 3.5/3.5.1/4.0

The administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows users to obtain usernames and plaintext passwords via a request to the userlist.asp program, which includes the passwords in a user editing form.

5.0
2003-04-02 CVE-2003-0165 Gnome Unspecified vulnerability in Gnome EOG

Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display.

4.6
2003-04-02 CVE-2002-1517 SGI Unspecified vulnerability in SGI Freeware and Irix

fsr_efs in IRIX 6.5 allows local users to conduct unauthorized file activities via a symlink attack, possibly via the .fsrlast file.

4.6
2003-04-02 CVE-2002-1516 SGI Unspecified vulnerability in SGI Irix

rpcbind in SGI IRIX, when using the -w command line switch, allows local users to overwrite arbitrary files via a symlink attack.

4.6
2003-04-02 CVE-2002-1513 Compaq Unspecified vulnerability in Compaq Tcp-Ip Services

The UCX POP server in HP TCP/IP services for OpenVMS 4.2 through 5.3 allows local users to truncate arbitrary files via the -logfile command line option, which overrides file system permissions because the server runs with the SYSPRV and BYPASS privileges.

4.6
2003-04-02 CVE-2002-0030 Adobe Unspecified vulnerability in Adobe Acrobat and Acrobat Reader

The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of executable code for a plug-in, which can allow attackers to execute arbitrary code in certified mode by making the plug-in appear to be signed by Adobe.

4.6
2003-03-31 CVE-2002-1554 Cisco Unspecified vulnerability in Cisco Optical Networking Systems Software

Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames and passwords in cleartext in the image database for the TCC, TCC+ or XTC, which could allow attackers to gain privileges by obtaining the passwords from the image database or a backup.

4.6
2003-03-31 CVE-2002-1551 IBM Denial-Of-Service vulnerability in IBM AIX

Buffer overflow in nslookup in IBM AIX may allow attackers to cause a denial of service or execute arbitrary code.

4.6
2003-03-31 CVE-2002-1550 IBM Unspecified vulnerability in IBM AIX

dump_smutil.sh in IBM AIX allows local users to overwrite arbitrary files via a symlink attack on temporary files.

4.6
2003-03-31 CVE-2002-1543 Netbsd Local Buffer Overflow vulnerability in NetBSD Trek

Buffer overflow in trek on NetBSD 1.5 through 1.5.3 allows local users to gain privileges via long keyboard input.

4.6
2003-04-02 CVE-2002-1526 Emumail Unspecified vulnerability in Emumail EMU Webmail 5.0

Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU Webmail 5.0 allows remote attackers to inject arbitrary HTML or script via the email address field.

4.3
2003-04-02 CVE-2002-1497 Nulllogic Cross-Site Scripting vulnerability in NullLogic Null HTTPd Error Page

Cross-site scripting (XSS) vulnerability in Null HTTP Server 0.5.0 and earlier allows remote attackers to insert arbitrary HTML into a "404 Not Found" response.

4.3
2003-04-02 CVE-2002-1495 Rudi Benkovic Unspecified vulnerability in Rudi Benkovic Jawmail 1.0/1.0.1/1.0Rc1

Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows remote attackers to insert arbitrary script or HTML via (1) attached file names in the Read Mail feature, (2) text/html mails that are displayed in a pop-up window, and (3) certain malicious attributes within otherwise safe tags, such as onMouseOver.

4.3
2003-04-02 CVE-2002-1494 Aestiva Cross-Site Scripting vulnerability in Aestiva Html OS 2.4

Cross-site scripting (XSS) vulnerabilities in Aestiva HTML/OS allows remote attackers to insert arbitrary HTML or script by inserting the script after a trailing / character, which inserts the script into the resulting error message.

4.3
2003-04-02 CVE-2002-1493 Lycos HTML Injection vulnerability in Lycos HTMLGear guestGear CSS

Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook allows remote attackers to inject arbitrary script via (1) STYLE attributes or (2) SRC attributes in an IMG tag.

4.3
2003-03-31 CVE-2002-1529 Surfcontrol Cross-Site Scripting vulnerability in Surfcontrol Superscout Email Filter 3.5/3.5.1/4.0

Cross-site scripting (XSS) vulnerability in msgError.asp for the administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows remote attackers to insert arbitrary script or HTML via the Reason parameter.

4.3

5 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2003-04-02 CVE-2002-1518 SGI Unspecified vulnerability in SGI Irix

mv in IRIX 6.5 creates a directory with world-writable permissions while moving a directory, which could allow local users to modify files and directories.

3.6
2003-04-02 CVE-2002-1521 MDG Computer Services Unspecified vulnerability in MDG Computer Services web Server 4D 3.6

Web Server 4D (WS4D) 3.6 stores passwords in plaintext in the Ws4d.4DD file, which allows attackers to gain privileges.

2.1
2003-04-02 CVE-2002-1502 Dave Brul File Corruption vulnerability in Xbreaky 0.0.3/0.0.4

Symbolic link vulnerability in xbreaky before 0.5.5 allows local users to overwrite arbitrary files via a symlink from the user's .breakyhighscores file to the target file.

2.1
2003-04-02 CVE-2002-1490 Netbsd Buffer Overflow vulnerability in NetBSD Repeated TIOSCTTY IOCTL

NetBSD 1.4 through 1.6 beta allows local users to cause a denial of service (kernel panic) via a series of calls to the TIOCSCTTY ioctl, which causes an integer overflow in a structure counter and sets the counter to zero, which frees memory that is still in use by other processes.

2.1
2003-03-31 CVE-2003-0086 Samba Unspecified vulnerability in Samba

The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown.

1.2