Weekly Vulnerabilities Reports > March 31 to April 6, 2003
Overview
104 new vulnerabilities reported during this period, including 8 critical vulnerabilities and 33 high severity vulnerabilities. This weekly summary report vulnerabilities in 97 products from 73 vendors including Cisco, IBM, Mozilla, SUN, and Cerulean Studios. Vulnerabilities are notably categorized as .
- 78 reported vulnerabilities are remotely exploitables.
- 104 reported vulnerabilities are exploitable by an anonymous user.
- Cisco has the most reported vulnerabilities, with 8 reported vulnerabilities.
- HP has the most reported critical vulnerabilities, with 2 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
8 Critical Vulnerabilities
33 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2003-04-02 | CVE-2003-0179 | IBM | Buffer Overflow vulnerability in IBM Lotus Domino web Server and Lotus Notes Client Buffer overflow in the COM Object Control Handler for Lotus Domino 6.0.1 and earlier allows remote attackers to execute arbitrary code via multiple attack vectors, as demonstrated using the InitializeUsingNotesUserName method in the iNotes ActiveX control. | 7.5 |
2003-04-02 | CVE-2003-0172 | PHP | Buffer Overflow vulnerability in PHP 4.3.1 Buffer overflow in openlog function for PHP 4.3.1 on Windows operating system, and possibly other OSes, allows remote attackers to cause a crash and possibly execute arbitrary code via a long filename argument. | 7.5 |
2003-04-02 | CVE-2003-0168 | Apple | Unspecified vulnerability in Apple Quicktime 5.0/6.0 Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows allows remote attackers to execute arbitrary code via a long QuickTime URL. | 7.5 |
2003-04-02 | CVE-2003-0167 | Mutt | Remote Folder Buffer Overflow vulnerability in Mutt IMAP Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1.3.28 and earlier, and Balsa 1.2.4 and earlier, allow a remote malicious IMAP server to cause a denial of service (crash) and possibly execute arbitrary code via a specially crafted mail folder, a different vulnerability than CVE-2003-0140. | 7.5 |
2003-04-02 | CVE-2003-0166 | PHP | Unspecified vulnerability in PHP Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions. | 7.5 |
2003-04-02 | CVE-2003-0162 | Ecartis | Unspecified vulnerability in Ecartis 1.0.0Snapshot20021013 Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote attackers to reset passwords of other users and gain privileges by modifying hidden form fields in the HTML page. | 7.5 |
2003-04-02 | CVE-2003-0152 | Mozilla | Remote Command Execution vulnerability in Mozilla Bonsai 1.3 Unknown vulnerability in bonsai Mozilla CVS query tool allows remote attackers to execute arbitrary commands as the www-data user. | 7.5 |
2003-04-02 | CVE-2003-0106 | Symantec | Unspecified vulnerability in Symantec Enterprise Firewall 7.0 The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy users to bypass pattern matching for blocked URLs via requests that are URL-encoded with escapes, Unicode, or UTF-8. | 7.5 |
2003-04-02 | CVE-2002-1524 | Nullsoft | Buffer Overflow vulnerability in Nullsoft Winamp 3.0 Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execute arbitrary code via a skin file (.wal) with a long include file tag. | 7.5 |
2003-04-02 | CVE-2002-1505 | Woltlab | SQL Injection vulnerability in Woltlab Burning Board 2.0Beta3/2.0Beta4/2.0Beta5 SQL injection vulnerability in board.php for WoltLab Burning Board (wBB) 2.0 RC 1 and earlier allows remote attackers to modify the database and possibly gain privileges via the boardid parameter. | 7.5 |
2003-04-02 | CVE-2002-1499 | Factosystem | SQL Injection vulnerability in Factosystem Weblog 0.9B/1.0Beta/1.1Beta Multiple SQL injection vulnerabilities in FactoSystem CMS allows remote attackers to perform unauthorized database actions via (1) the authornumber parameter in author.asp, (2) the discussblurbid parameter in discuss.asp, (3) the name parameter in holdcomment.asp, and (4) the email parameter in holdcomment.asp. | 7.5 |
2003-04-02 | CVE-2002-1496 | Nulllogic | Remote Heap Overflow vulnerability in Null HTTPd Heap-based buffer overflow in Null HTTP Server 0.5.0 and earlier allows remote attackers to execute arbitrary code via a negative value in the Content-Length HTTP header. | 7.5 |
2003-04-02 | CVE-2002-1489 | Planetdns | Buffer Overflow vulnerability in Planetdns Planetweb Buffer overflow in PlanetDNS PlanetWeb 1.14 and earlier allows remote attackers to execute arbitrary code via (1) an HTTP GET request with a long URL or (2) a request with a long method name. | 7.5 |
2003-04-02 | CVE-2002-1486 | Cerulean Studios | Buffer Overflow vulnerability in Cerulean Studios Trillian 0.725/0.73/0.74 Multiple buffer overflows in the IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service and possibly execute arbitrary code via (1) a large response from the server, (2) a JOIN with a long channel name, (3) a long "raw 221" message, (4) a PRIVMSG with a long nickname, or (5) a long response from an IDENT server. | 7.5 |
2003-03-31 | CVE-2003-0146 | Netpbm | Buffer Overflow vulnerability in Multiple Netpbm Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly other versions, may allow remote attackers to cause a denial of service or execute arbitrary code via "maths overflow errors" such as (1) integer signedness errors or (2) integer overflows, which lead to buffer overflows. | 7.5 |
2003-03-31 | CVE-2003-0080 | Gnome | Unspecified vulnerability in Gnome Gnome-Lokkit 0.5021 The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not include any rules in the FORWARD chain, which could allow attackers to bypass intended access restrictions if packet forwarding is enabled. | 7.5 |
2003-03-31 | CVE-2002-1553 | Cisco | Unspecified vulnerability in Cisco Optical Networking Systems Software Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote attackers to modify the system configuration and delete files by establishing an FTP connection to the TCC, TCC+ or XTC using a username and password that does not exist. | 7.5 |
2003-03-31 | CVE-2002-1552 | Novell | Unspecified vulnerability in Novell Edirectory Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows users with expired passwords to gain inappropriate permissions when logging in from Remote Manager. | 7.5 |
2003-03-31 | CVE-2002-1549 | Light Httpd | Buffer Overflow vulnerability in Light Httpd Light Httpd 0.1 Buffer overflow in Light HTTPd (lhttpd) 0.1 allows remote attackers to execute arbitrary code via a long HTTP GET request. | 7.5 |
2003-03-31 | CVE-2002-1546 | BRS | Unspecified vulnerability in BRS Webweaver 1.0.1 BRS WebWeaver Web Server 1.01 allows remote attackers to bypass password protections for files and directories via an HTTP request containing a "/./" sequence. | 7.5 |
2003-03-31 | CVE-2002-1541 | Working Resources INC | Unspecified vulnerability in Working Resources Inc. Badblue 1.7.0 BadBlue 1.7 allows remote attackers to bypass password protections for directories and files via an HTTP request containing an extra / (slash). | 7.5 |
2003-03-31 | CVE-2002-1536 | Hans Persson | Remote Command Execution vulnerability in Hans Persson Molly 0.5 Molly IRC bot 0.5 allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the $host variable for nslookup.pl, (2) the $to, $from, or $message variables in pop.pl, (3) the $words or $text variables in sms.pl, or (4) the $server or $printer variables in hpled.pl. | 7.5 |
2003-04-02 | CVE-2003-0092 | SUN | Buffer Overflow vulnerability in SUN Solaris and Sunos Heap-based buffer overflow in dtsession for Solaris 2.5.1 through Solaris 9 allows local users to gain root privileges via a long HOME environment variable. | 7.2 |
2003-04-02 | CVE-2003-0091 | SUN | Unspecified vulnerability in SUN Solaris and Sunos Stack-based buffer overflow in the bsd_queue() function for lpq on Solaris 2.6 and 7 allows local users to gain root privilege. | 7.2 |
2003-04-02 | CVE-2002-1514 | Borland Software | Unspecified vulnerability in Borland Software Interbase gds_lock_mgr in Borland InterBase allows local users to overwrite files and gain privileges via a symlink attack on a "isc_init1.X" temporary file, as demonstrated by modifying the xinetdbd file. | 7.2 |
2003-04-02 | CVE-2002-1506 | Jacques Gelinas | Local Environment Variable Buffer Overflow vulnerability in Linuxconf Buffer overflow in Linuxconf before 1.28r4 allows local users to execute arbitrary code via a long LINUXCONF_LANG environment variable, which overflows an error string that is generated. | 7.2 |
2003-04-02 | CVE-2002-1503 | AFD | Local Buffer Overflow vulnerability in Multiple AFD Working Directory Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and earlier allows local users to gain privileges via a long MON_WORK_DIR environment variable or -w (workdir) argument to (1) afd, (2) afdcmd, (3) afd_ctrl, (4) init_afd, (5) mafd, (6) mon_ctrl, (7) show_olog, or (8) udc. | 7.2 |
2003-04-02 | CVE-2002-1500 | Netbsd | Buffer Overflow vulnerability in NetBSD IPv4 Multicast Tools Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD 1.4.x through 1.6 allows local users to gain privileges by executing the programs after filling the file descriptor tables, which produces file descriptors larger than FD_SETSIZE, which are not checked by FD_SET(). | 7.2 |
2003-04-02 | CVE-2002-1492 | Cisco | Buffer Overrun vulnerability in Cisco VPN 5000 Client 5.2.6/5.2.7 Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, and VPN 5000 Client before 5.2.8 for Solaris, allow local users to gain root privileges via (1) close_tunnel and (2) open_tunnel. | 7.2 |
2003-03-31 | CVE-2003-0144 | Lprold BSD Freebsd Openbsd | Local Buffer Overflow vulnerability in Multiple Vendor LPRM Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name. | 7.2 |
2003-03-31 | CVE-2003-0127 | Linux | Unspecified vulnerability in Linux Kernel The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4.x before 2.4.21, allows local users to gain root privileges by using ptrace to attach to a child process that is spawned by the kernel. | 7.2 |
2003-03-31 | CVE-2002-1548 | IBM | Local Security vulnerability in IBM AIX and Autofs Unknown vulnerability in autofs on AIX 4.3.0, when using executable maps, allows attackers to execute arbitrary commands as root, possibly related to "string handling around how the executable map is called." | 7.2 |
2003-03-31 | CVE-2002-1540 | Symantec | Unspecified vulnerability in Symantec Norton Antivirus Corporate7.5/Corporate7.51/Corporate7.6 The client for Symantec Norton AntiVirus Corporate Edition 7.5.x before 7.5.1 Build 62 and 7.6.x before 7.6.1 Build 35a runs winhlp32 with raised privileges, which allows local users to gain privileges by using certain features of winhlp32. | 7.2 |
58 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2003-04-02 | CVE-2003-0154 | Mozilla | Cross-Site Scripting vulnerability in Mozilla Bonsai 1.3 Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query tool allow remote attackers to execute arbitrary web script via (1) the file, root, or rev parameters to cvslog.cgi, (2) the file or root parameters to cvsblame.cgi, (3) various parameters to cvsquery.cgi, (4) the person parameter to showcheckins.cgi, (5) the module parameter to cvsqueryform.cgi, and (6) possibly other attack vectors as identified by Mozilla bug #146244. | 6.8 |
2003-03-31 | CVE-2002-1544 | Cooolsoft | Directory Traversal vulnerability in Cooolsoft Personal FTP Server 2.24 Directory traversal vulnerability in CooolSoft Personal FTP Server 2.24 allows remote attackers to read or modify arbitrary files via .. | 6.4 |
2003-04-02 | CVE-2002-1512 | Tolis Group | Unspecified vulnerability in Tolis Group BRU 17.0 xbru in BRU Workstation 17.0 allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the xbru_dscheck.dd temporary file. | 6.2 |
2003-04-02 | CVE-2003-0160 | Squirrelmail | Unspecified vulnerability in Squirrelmail Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail before 1.2.11 allow remote attackers to inject arbitrary HTML code and steal information from a client's web browser. | 5.8 |
2003-03-31 | CVE-2002-1533 | Jetty | Cross-Site Scripting vulnerability in Jetty 4.1.0Rc4 Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine allows remote attackers to insert arbitrary HTML or script via an HTTP request to a .jsp file whose name contains the malicious script and some encoded linefeed characters (%0a). | 5.8 |
2003-04-02 | CVE-2003-0141 | Realnetworks | Unspecified vulnerability in Realnetworks products The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, RealPlayer 8/RealPlayer Plus 8 6.0.9.584, and other versions allows remote attackers to corrupt the heap and overwrite arbitrary memory via a PNG graphic file format containing compressed data using fixed trees that contain the length values 286-287, which are treated as a very large length. | 5.1 |
2003-04-02 | CVE-2003-0181 | IBM | Denial Of Service vulnerability in IBM Lotus Domino web Server 6.0 Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via a "Fictionary Value Field POST request" as demonstrated using the s_Validation form with a long, unknown parameter name. | 5.0 |
2003-04-02 | CVE-2003-0180 | IBM | Denial Of Service vulnerability in IBM Lotus Domino web Server 6.0 Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attackers to cause a denial of service via an incomplete POST request, as demonstrated using the h_PageUI form. | 5.0 |
2003-04-02 | CVE-2003-0155 | Mozilla | Unspecified vulnerability in Mozilla Bonsai 1.3 bonsai Mozilla CVS query tool allows remote attackers to gain access to the parameters page without authentication. | 5.0 |
2003-04-02 | CVE-2003-0153 | Mozilla | Path Disclosure vulnerability in Mozilla Bonsai 1.3 bonsai Mozilla CVS query tool leaks the absolute pathname of the tool in certain error messages generated by (1) cvslog.cgi, (2) cvsview2.cgi, or (3) multidiff.cgi. | 5.0 |
2003-04-02 | CVE-2003-0082 | MIT | Buffer Underrun vulnerability in MIT Kerberos 5 Principal Name The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes the KDC to corrupt its heap (aka "buffer underrun"). | 5.0 |
2003-04-02 | CVE-2003-0072 | MIT | Buffer Overflow vulnerability in MIT Kerberos 5 Principal Name The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earlier allows remote, authenticated attackers to cause a denial of service (crash) on KDCs within the same realm using a certain protocol request that causes an out-of-bounds read of an array (aka "array overrun"). | 5.0 |
2003-04-02 | CVE-2002-1561 | Microsoft | Denial of Service vulnerability in Microsoft Windows RPC Service The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allows remote attackers to cause a denial of service (disabled RPC service) via a malformed packet to the RPC Endpoint Mapper at TCP port 135, which triggers a null pointer dereference. | 5.0 |
2003-04-02 | CVE-2002-1528 | Mondosoft | Unspecified vulnerability in Mondosoft Mondosearch 4.4 MsmMask.exe in MondoSearch 4.4 allows remote attackers to obtain the source code of scripts via the mask parameter. | 5.0 |
2003-04-02 | CVE-2002-1527 | Emumail | Path Disclosure vulnerability in Emumail EMU Webmail 5.0 emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine the full pathname for emumail.cgi via a malformed string containing script, which generates a regular expression matching error that includes the pathname in the resulting error message. | 5.0 |
2003-04-02 | CVE-2002-1525 | Astaware SUN | Directory Traversal vulnerability in Sun ONE Starter Kit / ASTAware SearchDisc Search Engine Directory traversal vulnerability in ASTAware SearchDisk engine for Sun ONE Starter Kit 2.0 allows remote attackers to read arbitrary files via a .. | 5.0 |
2003-04-02 | CVE-2002-1523 | Daniel Arenz | Directory Traversal vulnerability in Daniel Arenz Mini Server 2.1.6 Directory traversal vulnerability in Daniel Arenz Mini Server 2.1.6 allows remote attackers to read arbitrary files via (1) ../ (dot-dot slash) or (2) ..\ (dot-dot backslash) sequences. | 5.0 |
2003-04-02 | CVE-2002-1522 | Cooolsoft | Remote Denial Of Service vulnerability in Cooolsoft PowerFTP Server Buffer overflow in PowerFTP FTP server 2.24, and possibly other versions, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long USER argument. | 5.0 |
2003-04-02 | CVE-2002-1515 | Coolforum | Unspecified vulnerability in Coolforum 0.5Beta Directory traversal vulnerability in avatar.php in CoolForum 0.5 beta allows remote attackers to read arbitrary files via .. | 5.0 |
2003-04-02 | CVE-2002-1507 | Epic Games | Denial-Of-Service vulnerability in Epic Games Unreal Tournament Server 2003 Unreal Tournament 2003 (ut2003) clients and servers allow remote attackers to cause a denial of service via malformed messages containing a small number of characters to UDP ports 7778 or 10777. | 5.0 |
2003-04-02 | CVE-2002-1504 | Radiobird Software | Directory Traversal vulnerability in Radiobird Software Webserver 4 Everyone 1.22 Directory traversal vulnerability in WebServer 4 Everyone 1.22 allows remote attackers to read arbitrary files via "..\" (dot-dot backslash) sequences in a URL. | 5.0 |
2003-04-02 | CVE-2002-1501 | Enterasys | Denial Of Service vulnerability in Enterasys SSR8000 SmartSwitch Port Scan The MPS functionality in Enterasys SSR8000 (Smart Switch Router) before firmware 8.3.0.10 allows remote attackers to cause a denial of service (crash) via multiple port scans to ports 15077 and 15078. | 5.0 |
2003-04-02 | CVE-2002-1498 | Trevor LEE | Directory Traversal vulnerability in SWServer Directory traversal vulnerability in SWServer 2.2 and earlier allows remote attackers to read arbitrary files via a URL containing .. | 5.0 |
2003-04-02 | CVE-2002-1491 | Cisco | Unspecified vulnerability in Cisco VPN 5000 Client 5.1.2/5.2.1 The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most recently used login password in plaintext when saving "Default Connection" settings, which could allow local users to gain privileges. | 5.0 |
2003-04-02 | CVE-2002-1488 | Cerulean Studios | Denial Of Service vulnerability in Cerulean Studios Trillian 0.74 The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) via a PART message with (1) a missing channel or (2) a channel that the Trillian user is not in. | 5.0 |
2003-04-02 | CVE-2002-1487 | Cerulean Studios | Denial Of Service vulnerability in Cerulean Studios Trillian 0.74 The IRC component of Trillian 0.73 and 0.74 allows remote malicious IRC servers to cause a denial of service (crash) by sending the raw messages (1) 206, (2) 211, (3) 213, (4) 214, (5) 215, (6) 217, (7) 218, (8) 243, (9) 302, (10) 317, (11) 324, (12) 332, (13) 333, (14) 352, and (15) 367. | 5.0 |
2003-04-02 | CVE-2002-1485 | Cerulean Studios | Remote Denial Of Service vulnerability in Cerulean Studios Trillian 0.73/0.74 The AIM component of Trillian 0.73 and 0.74 allows remote attackers to cause a denial of service (crash) via certain strings such as "P > O < C". | 5.0 |
2003-03-31 | CVE-2003-0147 | Openpkg Openssl Stunnel | OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server's private key by determining factors using timing differences on (1) the number of extra reductions during Montgomery reduction, and (2) the use of different integer multiplication algorithms ("Karatsuba" and normal). | 5.0 |
2003-03-31 | CVE-2003-0145 | LBL | Denial-Of-Service vulnerability in tcpdump Unknown vulnerability in tcpdump before 3.7.2 related to an inability to "Handle unknown RADIUS attributes properly," allows remote attackers to cause a denial of service (infinite loop), a different vulnerability than CAN-2003-0093. | 5.0 |
2003-03-31 | CVE-2002-1559 | Research Systems INC | Remote File Disclosure vulnerability in Research Systems Inc. ION Script 1.4 Directory traversal vulnerability in ion-p.exe (aka ion-p) allows remote attackers to read arbitrary files via (1) C: (drive letter) or (2) .. | 5.0 |
2003-03-31 | CVE-2002-1557 | Cisco | Denial of Service vulnerability in Cisco ONS15454/ONS15327 Optical Transport Platforms HTTP Request Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset to TCC, TCC+, TCCi or XTC) via a malformed HTTP request that does not contain a leading / (slash) character. | 5.0 |
2003-03-31 | CVE-2002-1556 | Cisco | Denial Of Service vulnerability in Cisco ONS15454/ONS15327 Optical Transport Platforms CORBA IOR Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to cause a denial of service (reset) via an HTTP request to the TCC, TCC+ or XTC, in which the request contains an invalid CORBA Interoperable Object Reference (IOR). | 5.0 |
2003-03-31 | CVE-2002-1555 | Cisco | Unspecified vulnerability in Cisco Optical Networking Systems Software Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a "public" SNMP community string that cannot be changed, which allows remote attackers to obtain sensitive information. | 5.0 |
2003-03-31 | CVE-2002-1547 | Juniper | Unspecified vulnerability in Juniper Netscreen Screenos Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers to cause a denial of service via a malformed SSH packet to the Secure Command Shell (SCS) management interface, as demonstrated via certain CRC32 exploits, a different vulnerability than CVE-2001-0144. | 5.0 |
2003-03-31 | CVE-2002-1545 | Cooolsoft | Remote Security vulnerability in Cooolsoft Personal FTP Server 2.24 CooolSoft Personal FTP Server 2.24 allows remote attackers to obtain the absolute pathname of the FTP root via a PWD command, which includes the full path in the response. | 5.0 |
2003-03-31 | CVE-2002-1542 | Solarwinds | Unspecified vulnerability in Solarwinds Tftp Server 5.0.55Standard SolarWinds TFTP server 5.0.55 and earlier allows remote attackers to cause a denial of service (crash) via a large UDP datagram, possibly triggering a buffer overflow. | 5.0 |
2003-03-31 | CVE-2002-1539 | ALT N | Buffer Overflow vulnerability in Alt-N MDaemon POP Server Buffer overflow in MDaemon POP server 6.0.7 and earlier allows remote authenticated users to cause a denial of service via long (1) DELE or (2) UIDL arguments. | 5.0 |
2003-03-31 | CVE-2002-1538 | Acuma | Unspecified vulnerability in Acuma Acusend 4.0 Acuma Acusend 4, and possibly earlier versions, allows remote authenticated users to read the reports of other users by inferring the full URL, whose name is easily predictable. | 5.0 |
2003-03-31 | CVE-2002-1535 | Symantec | Information Disclosure vulnerability in Symantec Enterprise Firewall and Raptor Firewall Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall 6.5.2 allows remote attackers to identify IP addresses of hosts on the internal network via a CONNECT request, which generates different error messages if the host is present. | 5.0 |
2003-03-31 | CVE-2002-1534 | Macromedia | Unspecified vulnerability in Macromedia Flash Player Macromedia Flash Player allows remote attackers to read arbitrary files via XML script in a .swf file that is hosted on a remote SMB share. | 5.0 |
2003-03-31 | CVE-2002-1532 | Surfcontrol | Unspecified vulnerability in Surfcontrol Superscout Email Filter 3.5/3.5.1/4.0 The administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows remote attackers to cause a denial of service (resource exhaustion) via a GET request without the terminating /r/n/r/n (CRLF) sequence, which causes the interface to wait for the sequence and blocks other users from accessing it. | 5.0 |
2003-03-31 | CVE-2002-1531 | Surfcontrol | Unspecified vulnerability in Surfcontrol Superscout Email Filter 3.5/3.5.1/4.0 The administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows remote attackers to cause a denial of service (crash) via an HTTP request without a Content-Length parameter. | 5.0 |
2003-03-31 | CVE-2002-1530 | Surfcontrol | Unspecified vulnerability in Surfcontrol Superscout Email Filter 3.5/3.5.1/4.0 The administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows users to obtain usernames and plaintext passwords via a request to the userlist.asp program, which includes the passwords in a user editing form. | 5.0 |
2003-04-02 | CVE-2003-0165 | Gnome | Unspecified vulnerability in Gnome EOG Format string vulnerability in Eye Of Gnome (EOG) allows attackers to execute arbitrary code via format string specifiers in a command line argument for the file to display. | 4.6 |
2003-04-02 | CVE-2002-1517 | SGI | Unspecified vulnerability in SGI Freeware and Irix fsr_efs in IRIX 6.5 allows local users to conduct unauthorized file activities via a symlink attack, possibly via the .fsrlast file. | 4.6 |
2003-04-02 | CVE-2002-1516 | SGI | Unspecified vulnerability in SGI Irix rpcbind in SGI IRIX, when using the -w command line switch, allows local users to overwrite arbitrary files via a symlink attack. | 4.6 |
2003-04-02 | CVE-2002-1513 | Compaq | Unspecified vulnerability in Compaq Tcp-Ip Services The UCX POP server in HP TCP/IP services for OpenVMS 4.2 through 5.3 allows local users to truncate arbitrary files via the -logfile command line option, which overrides file system permissions because the server runs with the SYSPRV and BYPASS privileges. | 4.6 |
2003-04-02 | CVE-2002-0030 | Adobe | Unspecified vulnerability in Adobe Acrobat and Acrobat Reader The digital signature mechanism for the Adobe Acrobat PDF viewer only verifies the PE header of executable code for a plug-in, which can allow attackers to execute arbitrary code in certified mode by making the plug-in appear to be signed by Adobe. | 4.6 |
2003-03-31 | CVE-2002-1554 | Cisco | Unspecified vulnerability in Cisco Optical Networking Systems Software Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames and passwords in cleartext in the image database for the TCC, TCC+ or XTC, which could allow attackers to gain privileges by obtaining the passwords from the image database or a backup. | 4.6 |
2003-03-31 | CVE-2002-1551 | IBM | Denial-Of-Service vulnerability in IBM AIX Buffer overflow in nslookup in IBM AIX may allow attackers to cause a denial of service or execute arbitrary code. | 4.6 |
2003-03-31 | CVE-2002-1550 | IBM | Unspecified vulnerability in IBM AIX dump_smutil.sh in IBM AIX allows local users to overwrite arbitrary files via a symlink attack on temporary files. | 4.6 |
2003-03-31 | CVE-2002-1543 | Netbsd | Local Buffer Overflow vulnerability in NetBSD Trek Buffer overflow in trek on NetBSD 1.5 through 1.5.3 allows local users to gain privileges via long keyboard input. | 4.6 |
2003-04-02 | CVE-2002-1526 | Emumail | Unspecified vulnerability in Emumail EMU Webmail 5.0 Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU Webmail 5.0 allows remote attackers to inject arbitrary HTML or script via the email address field. | 4.3 |
2003-04-02 | CVE-2002-1497 | Nulllogic | Cross-Site Scripting vulnerability in NullLogic Null HTTPd Error Page Cross-site scripting (XSS) vulnerability in Null HTTP Server 0.5.0 and earlier allows remote attackers to insert arbitrary HTML into a "404 Not Found" response. | 4.3 |
2003-04-02 | CVE-2002-1495 | Rudi Benkovic | Unspecified vulnerability in Rudi Benkovic Jawmail 1.0/1.0.1/1.0Rc1 Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows remote attackers to insert arbitrary script or HTML via (1) attached file names in the Read Mail feature, (2) text/html mails that are displayed in a pop-up window, and (3) certain malicious attributes within otherwise safe tags, such as onMouseOver. | 4.3 |
2003-04-02 | CVE-2002-1494 | Aestiva | Cross-Site Scripting vulnerability in Aestiva Html OS 2.4 Cross-site scripting (XSS) vulnerabilities in Aestiva HTML/OS allows remote attackers to insert arbitrary HTML or script by inserting the script after a trailing / character, which inserts the script into the resulting error message. | 4.3 |
2003-04-02 | CVE-2002-1493 | Lycos | HTML Injection vulnerability in Lycos HTMLGear guestGear CSS Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook allows remote attackers to inject arbitrary script via (1) STYLE attributes or (2) SRC attributes in an IMG tag. | 4.3 |
2003-03-31 | CVE-2002-1529 | Surfcontrol | Cross-Site Scripting vulnerability in Surfcontrol Superscout Email Filter 3.5/3.5.1/4.0 Cross-site scripting (XSS) vulnerability in msgError.asp for the administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows remote attackers to insert arbitrary script or HTML via the Reason parameter. | 4.3 |
5 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2003-04-02 | CVE-2002-1518 | SGI | Unspecified vulnerability in SGI Irix mv in IRIX 6.5 creates a directory with world-writable permissions while moving a directory, which could allow local users to modify files and directories. | 3.6 |
2003-04-02 | CVE-2002-1521 | MDG Computer Services | Unspecified vulnerability in MDG Computer Services web Server 4D 3.6 Web Server 4D (WS4D) 3.6 stores passwords in plaintext in the Ws4d.4DD file, which allows attackers to gain privileges. | 2.1 |
2003-04-02 | CVE-2002-1502 | Dave Brul | File Corruption vulnerability in Xbreaky 0.0.3/0.0.4 Symbolic link vulnerability in xbreaky before 0.5.5 allows local users to overwrite arbitrary files via a symlink from the user's .breakyhighscores file to the target file. | 2.1 |
2003-04-02 | CVE-2002-1490 | Netbsd | Buffer Overflow vulnerability in NetBSD Repeated TIOSCTTY IOCTL NetBSD 1.4 through 1.6 beta allows local users to cause a denial of service (kernel panic) via a series of calls to the TIOCSCTTY ioctl, which causes an integer overflow in a structure counter and sets the counter to zero, which frees memory that is still in use by other processes. | 2.1 |
2003-03-31 | CVE-2003-0086 | Samba | Unspecified vulnerability in Samba The code for writing reg files in Samba before 2.2.8 allows local users to overwrite arbitrary files via a race condition involving chown. | 1.2 |