| OSVDB ID | Disclosure Date | Title |
|---|
|
86897
Description:
Oracle on Windows contains a flaw that may allow a remote denial of service. The issue is triggered when an error occurs in TNSLSNR80.EXE during the handling of malformed input, which will result in all available system resources becoming consumed. This will cause a loss of availability for the server.
|
2001-04-18
|
Oracle on Windows TNSLSNR80.EXE Malformed Input Parsing Remote DoS
|
|
1797
Description:
(Description Provided by CVE) : Rit Research Labs The Bat! 1.51 for Windows allows a remote attacker to cause a denial of service by sending an email to a user's account containing a carrage return <CR> that is not followed by a line feed <LF>.
|
2001-04-18
|
The Bat! End-of-Message Character Handling Remote DoS
|
|
11345
Description:
(Description Provided by CVE) : Buffer overflow in websync.exe in Cyberscheduler allows remote attackers to execute arbitrary commands via a long tzs (timezone) parameter.
|
2001-04-18
|
Cyberscheduler websync.exe Timezone Variable Parsing Remote Overflow
|
|
12991
Description:
(Description Provided by CVE) : kfm as included with KDE 1.x can allow a local attacker to gain additional privileges via a symlink attack in the kfm cache directory in /tmp.
|
2001-04-18
|
KDE kfm Cache Directory Symlink Arbitrary File Overwrite
|
|
7054
Description:
Timbuktu contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a local attacker enters the "About Timbuktu" menu, which provides access to the Apple menu and System Preferences. This flaw may lead to a loss of integrity.
|
2001-04-18
|
Motorola Timbuktu for Mac OS X System Preference Modification
|
|
7168
Description:
(Description Provided by CVE) : Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests.
|
2001-04-18
|
Microsoft Data Access Component Internet Publishing Provider WebDAV Security Zone Bypass
|
|
13900
Description:
iPlanet contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious user attempts to access the world readable /opt/SUNWics5/cal/bin/config/ics.conf file, which will disclose usernames and passwords for the NAS LDAP database resulting in a loss of confidentiality.
|
2001-04-18
|
iPlanet Calendar Server ics.conf Cleartext Admin Password Disclosure
|
|
19132
Description:
(Description Provided by CVE) : Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 allows local users in the "news" group to gain privileges via a long -c command line argument.
|
2001-04-18
|
INN innfeed -c Parameter Local Overflow
|
|
6664
Description:
GoAhead WebServer on Windows contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker requests the /aux directory (and likely other MS-DOS reserved names) which will result in a loss of availability for the web server.
|
2001-04-17
|
GoAhead WebServer /aux Directory Request Parsing Remote DoS
|
|
3781
Description:
AnalogX SimpleServer:WWW contains a flaw that allows a remote attacker to crash the service. The issue is due to improper checking of GET requests made to the server. If a remote user requests a URL with a conventional DOS device name such as "aux", they may crash the server.
|
2001-04-17
|
AnalogX SimpleServer:WWW /aux Directory Request Parsing Remote DoS
|
|
8684
Description:
(Description Provided by CVE) : FTP server in Solaris 8 and earlier allows local and remote attackers to cause a core dump in the root directory, possibly with world-readable permissions, by providing a valid username with an invalid password followed by a CWD ~ command, which could release sensitive information such as shadowed passwords, or fill the disk partition.
|
2001-04-17
|
Solaris FTP Forced Core Dump Information Disclosure
|
|
13870
Description:
(Description Provided by CVE) : Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient.
|
2001-04-17
|
Samba Printer Queue Query Symlink Arbitrary File Overwrite
|
|
13871
Description:
(Description Provided by CVE) : Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient.
|
2001-04-17
|
Samba smbclient more Symlink Arbitrary File Overwrite
|
|
13872
Description:
(Description Provided by CVE) : Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient.
|
2001-04-17
|
Samba smbclient mput Symlink Arbitrary File Overwrite
|
|
1805
Description:
gFTP contains a flaw that may allow a remote attacker to execute arbitrary code on a gftp user's system. The issue is triggered when an untrusted value is passed to a printf() function in the facility used by its client program to log FTP and HTTP responses. It is possible that the flaw may allow a remote attacker using a remote FTP server to execute arbitrary code on a gftp user's system resulting in a loss of integrity.
|
2001-04-17
|
gFTP Logging Facility Remote Format String
|
|
3085
Description:
Qualcomm Eudora contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker emails a message with a plaintext attachment containing the full path of a desired file on the victim's system. The file is sent to the attacker when the message is forwarded, resulting in a loss of confidentiality.
|
2001-04-17
|
Eudora Crafted Attachment Converted MIME Header Remote File Disclosure
|
|
5599
Description:
Viking Web Server contains a flaw that allows a remote attacker to request files outside of the web path. The issue is due to the program not properly sanitizing user input, specifically traversal style attacks (../../) can be accomplished by encoding the ../ using %2E%2E/.
|
2001-04-17
|
Viking Web Server Hexidecimal Encoded Arbitrary File Access
|
|
11640
Description:
(Description Provided by CVE) : Xitami 2.5d4 and earlier allows remote attackers to crash the server via an HTTP request to the /aux directory.
|
2001-04-17
|
Xitami Web Server /aux Request DoS
|
|
5704
Description:
iPlanet Web Server Enterprise Edition 4.1 and earlier contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker fills the Host: header with characters that will be automatically URL-encoded by iPlanet before response handlers are called, which can either: disclose the heap contents written by other server functions information resulting in a loss of confidentiality; or cause a server thread/process to crash resulting in a loss of availability.
|
2001-04-16
|
iPlanet Web Server Enterprise Edition URL-encoded Host: Information Disclosure
|
|
1789
Description:
(Description Provided by CVE) : Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type.
|
2001-04-16
|
Microsoft ISA Server Web Proxy Malformed HTTP Request Parsing Remote DoS
|
|
7858
Description:
Microsoft Internet Explorer contains a flaw related to the displaying of file extensions on links that may allow an attacker to trick a user into executing a potential dangerous file.
|
2001-04-16
|
Microsoft IE CLSID Alteration Arbitrary Command Execution
|
|
21047
Description:
Unknown / Incomplete
|
2001-04-16
|
Cerberus FTP Server Unspecified File Transfer Permission Weakness
|
|
803
Description:
(Description Provided by CVE) : Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an 802.1x frame on a Spanning Tree Protocol (STP) blocked port, which causes a network storm and a denial of service.
|
2001-04-16
|
Cisco Catalyst 5000 Series Frame STP Port Broadcast DoS
|
|
7145
Description:
Interchange contains a flaw that may allow a remote attacker to access arbitrary files in the catalog directory including plaintext sources to database tables. The issue is due to the do_view administrative script not properly authenticating before handling the request.
|
2001-04-16
|
Interchange do_view Unauthenticated File Read
|
|
7146
Description:
Interchange contains a flaw that may allow a remote attacker to overwrite files in the catalog directory. The issue is due to the page_save administrative script not properly authenticating before handling the request.
|
2001-04-16
|
Interchange page_save Unauthenticated File Overwrite
|
|
12208
Description:
(Description Provided by CVE) : BubbleMon 1.31 does not properly drop group privileges before executing programs, which allows local users to execute arbitrary commands with the kmem group id.
|
2001-04-16
|
BubbleMon kmem Privilege Local Escalation
|
|
5642
Description:
A local race condition exists in Exuberant Ctags. The software fails to properly set file permissions on temporary files. It may be possible for an attacker to use a symbolic link to the temporary file to overwrite any file on the system which could result in loss of integrity and/or availability.
|
2001-04-15
|
Exuberant Ctags Insecure Temporary File Creation
|
|
13863
Description:
(Description Provided by CVE) : ppd in Reliant Sinix allows local users to corrupt arbitrary files via a symlink attack in the /tmp/ppd.trace file.
|
2001-04-14
|
Reliant Sinix ppd ppd.trace Symlink Arbitrary File Corruption
|
|
5955
Description:
DansGuardian contains a flaw that may allow some pages or URLs to occasionally bypass the filter. No further details have been provided.
|
2001-04-14
|
DansGuardian URL Intermittent Filter Bypass
|
|
539
Description:
This host is running the 'Trend Micro Interscan Virus Wall 3.0.1'. This application is vulnerable to a remote buffer overflow. This overflow occurs in the 'catinfo' CGI program. By issuing a malformed request, an attacker can gain access to this host.
|
2001-04-13
|
Trend Micro InterScan VirusWall catinfo Overflow
|
|
7657
Description:
A local overflow exists in OpenServer. The cancel command fails to validate user-supplied input resulting in a buffer overflow. With a specially crafted request consisting of a long character string, an attacker can cause arbitrary code execution resulting in a loss of integrity.
|
2001-04-13
|
SCO OpenServer /usr/bin/cancel Local Overflow
|
|
9677
Description:
(Description Provided by CVE) : IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a denial of service by directly calling the macro.d2w macro with a long string of %0a characters.
|
2001-04-13
|
IBM WebSphere/NetCommerce3 macro.d2w Macro Parsing Remote DoS
|
|
13841
Description:
A remote overflow exists in Netscape SmartDownload. sdph20.dll included with SmartDownload fails to correctly check the length of the URL of the file to download resulting in a buffer overflow. With a specially crafted request with a URL whose length is greater than 256 characters, an attacker can cause arbitrary code execution on the victim's computer resulting in a loss of integrity.
|
2001-04-13
|
Netscape SmartDownload Long URL Parsing Overflow
|
|
13876
Description:
(Description Provided by CVE) : content.pl script in NCM Content Management System allows remote attackers to read arbitrary contents of the content database by inserting SQL characters into the id parameter.
|
2001-04-13
|
NCM Content Management System content.pl id Parameter Arbitrary File Access
|
|
607
Description:
This host is running the 'Trend Micro Interscan VirusWall' software. This software package is designed to scan for virus activity in Internet traffic. The web management interface included with this product does not properly authenticate users. An attacker could make changes to the configuration, and could remove the virus protection on the network.
|
2001-04-13
|
Trend Micro InterScan VirusWall /interscan/cgi-bin/FtpSave.dll Unauthenticated Remote Configuration Manipulation
|
|
1794
Description:
QVT/Net contains a flaw that allows a remote attacker to access arbitrary fles and directories outside of the web path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the FTP command.
|
2001-04-13
|
QVT/Net FTP Server Arbitrary File/Directory Access
|
|
4050
Description:
QVT/Term contains a flaw that allows a remote attacker to access arbitrary fles and directories outside of the web path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the FTP command.
|
2001-04-13
|
QVT/Term FTP Server Arbitrary File/Directory Access
|
|
7650
Description:
A local overflow exists in OpenServer. The lp command fails to validate user-supplied input resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
|
2001-04-13
|
SCO OpenServer lp Local Overflow
|
|
7651
Description:
A local overflow exists in OpenServer. The tput command fails to validate user-supplied input resulting in a buffer overflow. With a specially crafted request consisting of a long string argument, an attacker can cause arbitrary code execution resulting in a loss of integrity.
|
2001-04-13
|
SCO OpenServer tput Local Overflow
|
|
7652
Description:
A local overflow exists in OpenServer. The rmail command fails to validate user-supplied input resulting in a buffer overflow. With a specially crafted request consisting of a very long character string, an attacker can cause arbitrary code execution resulting in a loss of integrity.
|
2001-04-13
|
SCO OpenServer rmail Local Overflow
|
