Microsoft Internet Explorer (PPC version on Macintosh) contains a flaw that allows a remote attacker to overwrite arbitrary files with custom data. The flaw is due to IE not checking FORM ACTION content and accepting file:// arguments. INPUT NAME data specified in the FORM request is then written to the specified file, deleting whatever data is already present.
Microsoft IIS contains a flaw that allows a remote attacker to create arbitrary files or a denial of service on a remote server. The issue is due to the "newdsn.exe" CGI application not sanitizing arguments provided. If an attacker is able to create a file on the system, it can be leveraged for additional privileges.
SGI IRIX contains a flaw that may lead to an unauthorized information disclosure. The issue is due to the 'MachineInfo' CGI script, which will disclose sensitive system information resulting in a loss of confidentiality.
(Description Provided by CVE) : rpc.mountd on Linux, Ultrix, and possibly other operating systems, allows remote attackers to determine the existence of a file on the server by attempting to mount that file, which generates different error messages depending on whether the file exists or not.
(Description Provided by CVE) : Majordomo 1.94.3 and earlier allows remote attackers to execute arbitrary commands when the advertise or noadvertise directive is used in a configuration file, via shell metacharacters in the Reply-To header.
(Description Provided by CVE) : spaceball program in SpaceWare 7.3 v1.0 in IRIX 6.2 allows local users to gain root privileges by setting the HOSTNAME environmental variable to contain the commands to be executed.
(Description Provided by CVE) : sort creates temporary files and follows symbolic links, which allows local users to modify arbitrary files that are writable by the user running sort, as observed in updatedb and other programs that use sort.
NetKit bootparamd is prone to an overflow condition. The program fails to properly sanitize user-supplied input resulting in multiple unspecified buffer overflows. When handling a spoofed DNS packets, a remote attacker can potentially execute arbitrary code or cause a denial of service.
NetKit (netkit-rusers) is prone to an overflow condition. The rusers client fails to properly sanitize user-supplied input resulting in a buffer overflow. This may allow an attacker to execute arbitrary code or cause a denial of service.
(Description Provided by CVE) : Internet Explorer 3 records a history of all URL's that are visited by a user in DAT files located in the Temporary Internet Files and History folders, which are not cleared when the user selects the "Clear History" option, and are not visible when the user browses the folders because of tailored displays.
The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO
warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright
holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.