(Description Provided by CVE) : Remote Data Protocol (RDP) in Windows 2000 Terminal Service does not properly handle certain malformed packets, which allows remote attackers to cause a denial of service, aka the "Invalid RDP Data" vulnerability.
Cisco WebNS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker uses specific input, which is not validated, to gain information about the directory structure or to read files.
(Description Provided by CVE) : Arrowpoint (aka Cisco Content Services, or CSS) allows local users to cause a denial of service via a long argument to the "show script," "clear script," "show archive," "clear archive," "show log," or "clear log" commands.
(Description Provided by CVE) : Buffer overflow in qDecoder library 5.08 and earlier, as used in CrazyWWWBoard, CrazySearch, and other CGI programs, allows remote attackers to execute arbitrary commands via a long MIME Content-Type header.
Trend Micro's Virus Buster contains a flaw that may allow a remote denial of service. The issue is triggered when scanning a received email with "To" headers containing overly long strings, which could result in a crash of the system.
FreeBSD contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when inetd incorrectly sets group privileges on child processes, and when an ident request is received, the process is assigned privileges of the wheel (root group), which will disclose the first 16 bytes of any wheel-accessible file resulting in a loss of confidentiality.
FreeBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the periodic program uses insecure temporary file names in the /tmp directory. A malicious user could use this vulnerability to create a symbolic link in the /tmp directory to corrupt any file on the system. This flaw may lead to a loss of integrity.
(Description Provided by CVE) : sort in FreeBSD 4.1.1 and earlier, and possibly other operating systems, uses predictable temporary file names and does not properly handle when the temporary file already exists, which causes sort to crash and possibly impacts security-sensitive scripts.
A remote overflow exists in AT&T WinVNC server. The HTTP component fails to use bounds resulting in a stack overflow. With a specially crafted request, an attacker can execute code remotely resulting in a loss of confidentiality, integrity and availability.
A buffer overflow exists in WinVNC. The client fails to validate rfbConnFailed packets resulting in a buffer overflow. With a specially crafted packet, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.
(Description Provided by CVE) : MySQL before 3.23.31 allows users with a MySQL account to use the SHOW GRANTS command to obtain the encrypted administrator password from the mysql.user table and possibly gain privileges via password cracking.
(Description Provided by CVE) : Directory traversal vulnerability in hsx.cgi program in iWeb Hyperseek 2000 allows remote attackers to read arbitrary files and directories via a .. (dot dot) attack in the show parameter.
(Description Provided by CVE) : Borderware Firewall Server 6.1.2 allows remote attackers to cause a denial of service via a ping to the broadcast address of the public network on which the server is placed, which causes the server to continuously send pings (echo requests) to the network.
(Description Provided by CVE) : inetd in Red Hat 6.2 does not properly close sockets for internal services such as chargen, daytime, echo, etc., which allows remote attackers to cause a denial of service via a series of connections to the internal services.
mIRC contains a flaw that may allow a malicious user to bypass lock protection. The issue is triggered by modifying the registry to disable the lock. It is possible that the flaw may allow unauthorized execution of the program resulting in a loss of integrity.
(Description Provided by CVE) : Buffer overflow in www.tol module in America Online (AOL) 5.0 may allow remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long URL in a link.
(Description Provided by CVE) : IBM WebSphere plugin for Netscape Enterprise server allows remote attackers to read source code for JSP files via an HTTP request that contains a host header that references a host that is not in WebSphere's host aliases list, which will bypass WebSphere processing.
(Description Provided by CVE) : The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex" vulnerability.
(Description Provided by CVE) : The Web Publishing feature in Netscape Enterprise Server 4.x and earlier allows remote attackers to list arbitrary directories under the web server root via the INDEX command.
FreeBSD and Mac OS X contain a flaw that may allow a malicious user to bypass a firewall. The issue is triggered when TCP packets with the ECE flag set are treated as being part of an already established TCP connection. It is possible that the flaw may allow a malicious user to bypass certain ipfw rules resulting in a loss of integrity.
The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO
warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright
holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.