| OSVDB ID | Disclosure Date | Title |
|---|
|
86896
Description:
Microsoft Internet Explorer contains a flaw that is triggered during the handling of a specially crafted script that contains the GetObject function and the MSScriptControl.ScriptControl ActiveX object. By specifying an arbitrary file using the absolute path, a remote attacker can gain access to any file readable by the web server.
|
2001-03-31
|
Microsoft IE MSScriptControl.ScriptControl GetObject Arbitrary File Access
|
|
5581
Description:
Trend Micro Virus Wall contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to administrative passwords by reading the registry keys. These passwords are stored using XOR encryption which is trivial to break.
|
2001-03-30
|
Trend Micro ScanMail for Microsoft Exchange Administrative Credential Disclosure
|
|
6139
Description:
Trend Micro's Virus Buster contains a flaw that may allow a remote attacker to crash the system or gain privileges. The issue is triggered when scanning a received email with "From" headers containing overly long strings, which would resulting in a buffer overflow. A remote attacker could execute arbitrary code resulting in a loss of integrity or crash the service resulting in a loss of availability.
|
2001-03-30
|
Trend Micro Virus Buster 2001 From Address Overflow
|
|
667
Description:
(Description Provided by CVE) : IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 allows remote attackers to read source code for .jsp files by appending a / to the requested URL.
|
2001-03-30
|
IBM Multiple HTTP Server Single Slash Source Code Disclosure
|
|
7806
Description:
(Description Provided by CVE) : HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly.
|
2001-03-30
|
Microsoft IE HTML E-mail Feature Unusual MIME Type Command Execution
|
|
59501
Description:
(Description Provided by CVE) : Internet Explorer 5.5 and earlier does not properly verify the domain of a frame within a browser window, which allows remote web site operators to read certain files on the client by sending information from a local frame to a frame in a different domain using MSScriptControl.ScriptControl and GetObject, aka a variant of the "Frame Domain Verification" vulnerability.
|
2001-03-30
|
Microsoft IE MSScriptControl.ScriptControl / GetObject Frame Domain Validation Bypass
|
|
85843
Description:
Shareplex contains a flaw that is triggered when a file is specified using a qview command. If the file does not contain qview commands, then the contents of the file will be displayed in an error message. This may allow a local attacker to gain access to arbitrary privileged files.
|
2001-03-30
|
Shareplex qview Arbitrary Privileged File Access
|
|
13866
Description:
(Description Provided by CVE) : Buffer overflow in Silent Runner Collector (SRC) 1.6.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long SMTP HELO command.
|
2001-03-29
|
SilentRunner Collector SMTP HELO Command Remote Overflow
|
|
62030
Description:
Unknown / Incomplete
|
2001-03-29
|
tnftpd Multiple Unspecified Overflows
|
|
5643
Description:
Cisco VPN 3000 series concentrators contain a flaw that may allow a remote denial of service. The issue is triggered when the SSL or regular telnet session does not disconnect after repeated failed attempts and the system keeps trying to interpret the incoming data causing a shortage of memory on the system resulting in a reboot, and will result in loss of availability for the service.
|
2001-03-28
|
Cisco VPN Concentrator Invalid Login DoS
|
|
5669
Description:
Deerfield WebSite Professional contains a flaw that may allow a remote attacker to cause a denial of service. The issue is triggered when multiple non-authenticated requests to the /dyn/ directory are made, and will result in loss of availability for the remote manager service.
|
2001-03-28
|
Deerfield Website Pro Remote Manager DoS
|
|
5685
Description:
Infradig Inframail contains a flaw that may allow a REMOTE denial of service. The issue is triggered when a POST request is issued followed by a space and at least 276 characters, and will result in loss of availability for the service.
|
2001-03-28
|
Infradig Inframail Malformed POST Request DoS
|
|
593
Description:
Unknown / Incomplete
|
2001-03-28
|
BEA WebLogic Hex Encoded Request JSP Source Disclosure
|
|
7293
Description:
Windows ME and Plus! contain a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plaintext passwords by reading the dynazip.log file, which may lead to a loss of confidentiality and/or integrity.
|
2001-03-28
|
Microsoft Plus! Compressed Folder Password Disclosure
|
|
7708
Description:
JavaServer Web Dev Kit contains a flaw that allows lead to an unauthorized information disclosure. The issue is due to the Javasever Web Dev Kit not properly sanitizing user input By sending a specifically crafted URL request with "dot dot" sequence(../../) via port 8080, a remote attacker can access unauthorized files, which leads to a loss of confidentiality.
|
2001-03-28
|
JavaServer Web Dev Kit Request Arbitrary File Access
|
|
533
Description:
(Description Provided by CVE) : Ananconda Partners Clipper 3.3 and earlier allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in the template parameter.
|
2001-03-27
|
Ananconda Partners Clipper anacondaclip.pl template Parameter Traversal Arbitrary File Access
|
|
7643
Description:
A local overflow exists in OpenServer. The lpshut command fails to validate user-supplied arguments resulting in a buffer overflow. With a specially crafted request of more than 6239 characteers, an attacker can cause arbitrary code execution resulting in a loss of integrity.
|
2001-03-27
|
SCO OpenServer lpshut First Argument Local Overflow
|
|
7644
Description:
A local overflow exists in OpenServer. The lpusers command fails to validate user-supplied arguments to the '-u' command-line parameter resulting in a buffer overflow. With a specially crafted request consisting of more than 670 characters, an attacker can cause arbitrary code execution resulting in a loss of integrity.
|
2001-03-27
|
SCO OpenServer lpusers -u Parameter Local Overflow
|
|
7645
Description:
A local overflow exists in OpenServer. The lpadmin command fails to validate user-supplied arguments resulting in a buffer overflow. With a specially crafted request of more than 6476 characters, an attacker can cause arbitrary code execution resulting in a loss of integrity.
|
2001-03-27
|
SCO OpenServer lpadmin First Argument Local Overflow
|
|
7646
Description:
A local overflow exists in OpenServer. The lpforms command fails to validate user-supplied arguments resulting in a buffer overflow. With a specially crafted request consisting of more than 6240 characters, an attacker can cause arbitrary code execution resulting in a loss of integrity.
|
2001-03-27
|
SCO OpenServer lpforms First Argument Local Overflow
|
|
7647
Description:
A local overflow exists in OpenServer. The recon command fails to validate user-supplied arguments resulting in a buffer overflow. With a specially crafted request consisting of more than 1315 characters, an attacker can cause arbitrary code execution resulting in a loss of integrity.
|
2001-03-27
|
SCO OpenServer recon First Argument Local Overflow
|
|
8682
Description:
(Description Provided by CVE) : Buffer overflow in tip in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable.
|
2001-03-27
|
Solaris tip HOME Environement Variable Local Overflow
|
|
1844
Description:
(Description Provided by CVE) : Webmin 0.84 and earlier does not properly clear the HTTP_AUTHORIZATION environment variable when the web server is restarted, which makes authentication information available to all CGI programs and allows local users to gain privileges.
|
2001-03-27
|
Webmin miniserv.pl Environment Variable Cleartext Password Local Disclosure
|
|
576
Description:
The WebLogic server contains a flaw which lists the contents of directories if certain strings are appended to requests. This could allow sensitive information to be disclosed to attackers.
|
2001-03-27
|
BEA WebLogic Encoded Request Forced Directory Listing
|
|
4411
Description:
SonicWALL TELE2/SOHO2 Firewalls are configured to use IKE pre-shared keys, but only allow 48 byte keylength instead of 128. This allows an attacker to more easily crack the keys and compromise the integrity of encrypted communication.
|
2001-03-27
|
SonicWALL TELE2/SOHO Firewall IKE Key Weakness
|
|
6766
Description:
(Description Provided by CVE) : Computer Associates CCC\Harvest 5.0 for Windows NT/2000 uses weak encryption for passwords, which allows a remote attacker to gain privileges on the application.
|
2001-03-27
|
CA CCC\Harvest Encryption Weakness
|
|
7648
Description:
A local overflow exists in OpenServer. The deliver command fails to validate user-supplied arguments resulting in a buffer overflow. With a specially crafted request consisting of more than 4085, an attacker can cause arbitrary code execution resulting in a loss of integrity.
|
2001-03-27
|
SCO OpenServer MMDF deliver First Argument Local Overflow
|
|
7649
Description:
A local overflow exists in OpenServer. The sendmail command fails to validate user-supplied arguments resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
|
2001-03-27
|
SCO OpenServer MMDF sendmail First Argument Local Overflow
|
|
11541
Description:
LAN SUITE 602Pro contains a flaw that may allow a malicious user to cause a denial of service. The issue is triggered when a user issues a GET request containg an MS-DOS device name. It is possible that the flaw may allow remote users to crash the service, resulting in a loss of availability.
|
2001-03-26
|
602Pro LAN SUITE MSDOS Device Name Request DoS
|
|
11542
Description:
(Description Provided by CVE) : Web configuration server in 602Pro LAN SUITE allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long HTTP request containing "%2e" (dot dot) characters.
|
2001-03-26
|
602Pro LAN SUITE Encoded Double Dot HTTP DoS
|
|
12009
Description:
(Description Provided by CVE) : Buffer overflow in gPS before 0.10.2 may allow local users to cause a denial of service (SIGSEGV) in rgpsp via long command lines.
|
2001-03-26
|
gPS Command Line Overflow DoS
|
|
5681
Description:
HP9000 servers running HP-UX contain a flaw that may allow a malicious user to gain access to unauthorized privileges. No further details are available.
|
2001-03-25
|
HP-UX newgrp Local Privilege Escalation
|
|
12045
Description:
(Description Provided by CVE) : IMAP server in Alt-N Technologies MDaemon 3.5.6 allows a local user to cause a denial of service (hang) via long (1) SELECT or (2) EXAMINE commands.
|
2001-03-25
|
MDaemon IMAP Server Multiple Command Local DoS
|
|
93240
Description:
MIT Kerberos 5 contains a flaw in the kpasswd service that may allow a remote denial of service. The issue is due to the program responding to all requests contacted via the UDP port. With a malformed spoofed packet sent to multiple machines running the vulnerable service, a remote attacker can cause a saturation of data and cause an exhaustion of system resources
|
2001-03-25
|
MIT Kerberos 5 kpasswd Service Spoofed Packet Remote DoS
|
|
4697
Description:
Symantec Raptor Firewall contains a flaw that may allow a remote attacker to bypass firewall policies. The issue is triggered when the "http.noproxy" rule is not set and clients are configured to use the nearest interface of the firewall as a proxy. It is possible that the flaw may allow a remote attacker to send HTTP requests to the firewall to access any system with TCP ports 79-99 and 200-65535 (except port 80) resulting in a loss of confidentiality.
|
2001-03-24
|
Symantec Raptor Firewall Access Arbitrary TCP Port via HTTP
|
|
17148
Description:
Unknown / Incomplete
|
2001-03-24
|
Sawmill Documentation Viewing Tab Arbitrary Script Injection
|
|
5683
Description:
Dr. Watson contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious user with access rights to a shared computer accesses the user.dmp file created by Dr. Watson to obtain username and password information about other system users, resulting in a loss of confidentiality.
|
2001-03-23
|
Dr. Watson user.dmp Information Disclosure
|
|
1780
Description:
NetScreen ScreenOS contains a flaw that allows remote traffic to bypass the "DMZ" ruleset potentially allowing malicious traffic to reach machines in the DMZ. Under the right circumstances, after specific traffic patterns occur for a significant amount of time, the NetScreen device may begin passing arbitrary packets (not all) to the DMZ rather than denying them.
|
2001-03-23
|
NetScreen ScreenOS DMZ Denial Policy Bypass
|
|
8683
Description:
(Description Provided by CVE) : /opt/JSparm/bin/perfmon program in Solaris allows local users to create arbitrary files as root via the Logging File option in the GUI.
|
2001-03-23
|
Junsoft JSparm File Logging Arbitrary File Overwrite
|
|
59932
Description:
Unknown / Incomplete
|
2001-03-22
|
perlbot.org Perlbot Message Saturation Remote DoS
|
