Auction Weaver Lite contains a flaw that allows a remote attacker to execute arbitrary commands. The issue is due to the auctionweaver.pl script not properly sanitizing input to the "formfield" variable. By manipulating the input provided to the variable, an attacker can provide arbitray commands that will be executed with the privilege of the web server.
(Description Provided by CVE) : Interactions between the CIFS Browser Protocol and NetBIOS as implemented in Microsoft Windows 95, 98, NT, and 2000 allow remote attackers to modify dynamic NetBIOS name cache entries via a spoofed Browse Frame Request in a unicast or UDP broadcast datagram.
(Description Provided by CVE) : news.cgi in GWScripts News Publisher does not properly authenticate requests to add an author to the author index, which allows remote attackers to add new authors by directly posting an HTTP request to the new.cgi program with an addAuthor parameter, and setting the Referer to the news.cgi program.
(Description Provided by CVE) : xpdf PDF viewer client earlier than 0.91 does not properly launch a web browser for embedded URL's, which allows an attacker to execute arbitrary commands via a URL that contains shell metacharacters.
(Description Provided by CVE) : The go-gnome Helix GNOME pre-installer allows local users to overwrite arbitrary files via a symlink attack on various files in /tmp, including uudecode, snarf, and some installer files.
MIT Kerberos contains a flaw that is triggered when an error occurs in the Key Distribution Center (KDC). This may allow a remote attacker to spoof a Ticket-Granting Ticket (TGT) and bypass authentication.
A local overflow exists in FreeBSD. The linux compatibility module fails to valid input resulting in a buffer overflow. With a specially crafted request, an attacker can cause cause values on the stack to be overwritten to gain root privileges resulting in a loss of integrity.
Viking Web Server is prone to an overflow condition. The RobTex Viking Server fails to properly check a long HTTP GET request and the HTTP Headers Host, Unless-Modified-Since, If-Modified-Since, and If-Range resulting in a buffer overflow. With a specially crafted request, an attacker can cause cause the server to either crash or execute arbitrary code resulting in a loss of integrity, and/or availability.
(Description Provided by CVE) : Microsoft Windows 2000 allows local users to cause a denial of service by corrupting the local security policy via malformed RPC traffic, aka the "Local Security Policy Corruption" vulnerability.
(Description Provided by CVE) : The web-based folder display capability in Microsoft Internet Explorer 5.5 on Windows 98 allows local users to insert Trojan horse programs by modifying the Folder.htt file and using the InvokeVerb method in the ShellDefView ActiveX control to specify a default execute option for the first file that is listed in the folder.
FreeBSD contains a flaw that may allow a local denial of service. The issue is triggered when the ELF image activator fails to perform sufficient sanity checks on the ELF image header, causing the CPU to enter a long in-kernel loop if a header is invalid or truncated, and will result in loss of availability for the platform.
Local overflows exists in brouted, a FreeBSD port. This dynamic routing daemon fails to validate input resulting in buffer overflows. With a specially crafted request, an attacker can obtain the privileges of kmem because brouted is incorrectly installed setgid kmem. A malicious user can then upgrade from the kmem privileges to root access by manipulating kernel memory resulting in a loss of integrity.
(Description Provided by CVE) : The faxrunq and faxrunqd in the mgetty package allows local users to create or modify arbitrary files via a symlink attack which creates a symlink in from /var/spool/fax/outgoing/.last_run to the target file.
Worm Web Server (httpd) contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious user exploits a buffer overflow by sending an overly long URL, and will result in loss of availability for the service.
(Description Provided by CVE) : The password protection feature of Microsoft Money can store the password in plaintext, which allows attackers with physical access to the system to obtain the password, aka the "Money Password" vulnerability.
worm httpd contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../).
PGP contains a flaw that may allow an unsigned additional decryption key (ADK) to expose the plaintext content of an encrypted message. If a remote attacker sends a PGP certificate with an arbitrary ADK, an unsuspecting user may inadvertantly reveal the plaintext content of a PGP encrypted message.
(Description Provided by CVE) : O'Reilly WebSite Pro 2.3.7 installs the uploader.exe program with execute permissions for all users, which allows remote attackers to create and execute arbitrary files by directly calling uploader.exe.
Account Manager Lite contains a flaw that may allow an attacker to carry out a privilege escalation attack. The issue is due to the amadmin.pl script not properly sanitizing user-supplied input. This may allow an attacker to grant or revoke privileges to users on secure portions of the target website.
(Description Provided by CVE) : Subscribe Me LITE does not properly authenticate attempts to change the administrator password, which allows remote attackers to gain privileges for the Account Manager by directly calling the subscribe.pl script with the setpwd parameter.
(Description Provided by CVE) : The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers determine the physical path of the server components by requesting an invalid URL whose name includes a standard DOS device name.
(Description Provided by CVE) : The shtml.exe component of Microsoft FrontPage 2000 Server Extensions 1.1 allows remote attackers to cause a denial of service in some components by requesting a URL whose name includes a standard DOS device name.
Auction Weaver contains a flaw that allows a remote attacker to access arbitrary files and directories outside of the web path. The issue is due to the 'auctionweaver.pl' script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'catdir' and 'fromfile' variables.
Internet Security Systems RealSecure intrusion detection software contains a flaw that allows a remote denial of service. The issue is caused when an attacker sends a specially crafted fragmented packets with the SYN flag set. When the sensor receives these, it will overflow a buffer and crash the sensor.
(Description Provided by CVE) : The administration module in Sun Java web server allows remote attackers to execute arbitrary commands by uploading Java code to the module and invoke the com.sun.server.http.pagecompile.jsp92.JspServlet by requesting a URL that begins with a /servlet/ tag.
(Description Provided by CVE) : Microsoft Virtual Machine (VM) in Internet Explorer 4.x and 5.x allows an unsigned applet to create and use ActiveX controls, which allows a remote attacker to bypass Internet Explorer's security settings and execute arbitrary commands via a malicious web page or email, aka the "Microsoft VM ActiveX Component" vulnerability.
The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO
warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright
holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.