| OSVDB ID | Disclosure Date | Title |
|---|
|
6159
Description:
(Description Provided by CVE) : Trend Micro InterScan VirusWall for Windows NT allows remote attackers to make configuration changes by directly calling certain CGI programs, which do not restrict access.
|
2001-05-31
|
Trend Micro InterScan VirusWall Web Interface Direct Request Remote Configuration Manipulation
|
|
5544
Description:
ACME Laboratories' Java class Acme.Serve.Serve contains a flaw that allows a remote attacker to traverse outside of the web path. The issue is due to the server not properly sanitizing user input, specifically crafted URI requests using multiple slahses (////). With such a request, an attacker can force the server to access arbitrary files or force a directory index listing.
|
2001-05-31
|
Acme.Serve URI Encoded Traversal Arbitrary File Access
|
|
1848
Description:
WebNS contains a flaw that may allow a malicious user to gain access to administrative privileges. The issue is triggered when an attackers navigates directly to the web management URL, instead of navigating through the interface. It is possible that the flaw may allow administrative control of the device resulting in a loss of confidentiality, integrity, and/or availability.
|
2001-05-31
|
Cisco CSS Web Management Authentication Bypass
|
|
6170
Description:
A remote overflow exists in Trend Micro InterScan VirusWall. The FtpSaveCSP.dll file fails to validate bounds checking resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
|
2001-05-31
|
Trend Micro Interscan VirusWall FtpSaveCSP.dll Overflow
|
|
6171
Description:
A remote overflow exists in Trend Micro InterScan VirusWall. The FtpSaveCVP.dll file fails to validate bounds checking resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
|
2001-05-31
|
Trend Micro Interscan VirusWall FtpSaveCVP.dll Overflow
|
|
11683
Description:
Unknown / Incomplete
|
2001-05-30
|
Roxen Web Server Traversal Arbitrary File Access
|
|
11730
Description:
Unknown / Incomplete
|
2001-05-30
|
ftpcopy Multiple File Descriptor Leak
|
|
5587
Description:
(Description Provided by CVE) : Buffer overflow in the Xview library as used by mailtool in Solaris 8 and earlier allows a local attacker to gain privileges via the OPENWINHOME environment variable.
|
2001-05-30
|
Solaris mailtool Xview Library OPENWINHOME Variable Privilege Escalation
|
|
1845
Description:
GnuPG contains a flaw that may allow a malicious user to execute arbitrary code in the context of a user decrypting a given file. The issue is triggered when the attacker sends the victim a GPG message with a crafted filename, exploiting a format string vulnerability in the tty_printf() function. It is possible that the flaw may allow execution of code in the context of the target user, resulting in a loss of integrity.
|
2001-05-30
|
GnuPG tty_printf() Format String
|
|
13971
Description:
(Description Provided by CVE) : Buffer overflow in SpoonFTP 1.0.0.12 allows remote attacker to execute arbitrary code via a long argument to the commands (1) CWD or (2) LIST.
|
2001-05-30
|
SpoonFTP Multiple Command Remote Overflow
|
|
7560
Description:
NetBSD on Hitachi Super-H Architecture contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the "process_write_regs" kernel routine, which is used by the procfs and ptrace(2) facilities, fails to validate user-supplied Status Register contents, allowing a malicious user to execute code with elevated privileges. This flaw may lead to a loss of integrity.
|
2001-05-29
|
NetBSD Hitachi Super-H Architecture (sh3) process_write_regs Privilege Elevation
|
|
7561
Description:
NetBSD on Hitachi Super-H Architecture contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the "sigreturn" system call fails to validate user-supplied Status Register contents, allowing a malicious user to execute code with elevated privileges. This flaw may lead to a loss of integrity.
|
2001-05-29
|
NetBSD Hitachi Super-H Architecture (sh3) sigreturn() Privilege Elevation
|
|
8344
Description:
Eudora contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is triggered when the 'Use Microsoft Viewer' option is enabled and the 'allow executables in HTML content' option is disabled. It is possible that the flaw may allow a remote attacker to create a specially crafted HTML email with a form that is activated from an image that the attacker spoofs as a link, which causes the user to execute the arbitrary code embedded in the attachment resulting in a loss of integrity.
|
2001-05-29
|
Eudora Attachment Arbitrary Code Execution
|
|
1847
Description:
Multiple BSD operating systems contain a flaw that may allow a remote denial of service. The issue is triggered when a malicious attacker transmits a large number of fragmented IPv4 datagrams to fill the mbuf pool on a target system, which will prevent network traffic processing. This will result in a loss of availability for the platform.
|
2001-05-29
|
Multiple BSD IP Fragment mbuf Pool DoS
|
|
9541
Description:
board-tnk contains a flaw that may lead to an unauthorized information disclosure. The problem is that the program sets administrator passwords in plaintext in the cookies, which may potentially disclose sensitive information resulting in a loss of confidentiality.
|
2001-05-29
|
board-tnk Cookie Cleartext Password Disclosure
|
|
8982
Description:
CesarFTP contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the program not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the GET command.
|
2001-05-28
|
CesarFTP GET Modified Triple Dot Traversal Arbitrary File Access
|
|
1846
Description:
(Description Provided by CVE) : Spearhead NetGAP 200 and 300 before build 78 allow a remote attacker to bypass file blocking and content inspection via specially encoded URLs which include '%' characters.
|
2001-05-28
|
NetGap Escaped And Encoded URL Filtering Bypass
|
|
10161
Description:
TWIG contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the id parameter in the schedule.edit.inc.php3 script is not verified properly and will allow an attacker to inject or manipulate SQL queries.
|
2001-05-28
|
TWIG schedule.edit.inc.php3 id Parameter SQL Injection
|
|
10162
Description:
TWIG Webmail contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the id variable in the "personal.groups.inc.php3" module is not verified properly and will allow an attacker to inject or manipulate SQL queries.
|
2001-05-28
|
TWIG personal.groups.inc.php3 id Parameter SQL Injection
|
|
12056
Description:
(Description Provided by CVE) : CesarFTP 0.98b and earlier stores usernames and passwords in plaintext in the settings.ini file, which allows attackers to gain privileges.
|
2001-05-28
|
CesarFTP settings.ini Authentication Credential Cleartext Disclosure
|
|
5540
Description:
A remote overflow exists in GuildFTPd. The SITE command fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request to the SITE command containing more than 261 bytes, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.
|
2001-05-27
|
GuildFTPd Long SITE Command Overflow
|
|
563
Description:
(Description Provided by CVE) : Directory traversal vulnerability in cosmicpro.cgi in Cosmicperl Directory Pro 2.0 allows remote attacker to gain sensitive information via a .. (dot dot) in the SHOW parameter.
|
2001-05-27
|
Cosmicperl Directory Pro directorypro.cgi show Parameter Traversal Arbitrary File Access
|
|
13974
Description:
(Description Provided by CVE) : Specter IDS version 4.5 and 5.0 allows a remote attacker to cause a denial of service (CPU exhaustion) via a port scan, which causes the server to consume CPU while preparing alerts.
|
2001-05-27
|
Specter IDS Port Scan CPU Exhaustion DoS
|
|
13975
Description:
(Description Provided by CVE) : Format string vulnerability in XChat 1.2.x allows remote attackers to execute arbitrary code via a malformed nickname.
|
2001-05-27
|
XChat Malformed nickname Remote Format String
|
|
11857
Description:
(Description Provided by CVE) : OmniHTTPd 2.0.8 and earlier allow remote attackers to obtain source code via a GET request with the URL-encoded symbol for a space (%20).
|
2001-05-26
|
OmniHTTPd Encoded Space GET Request Source Code Disclosure
|
|
11856
Description:
(Description Provided by CVE) : Omnicron OmniHTTPd 2.0.8 allows remote attackers to cause a denial of service (memory exhaustion) via a series of requests for PHP scripts.
|
2001-05-26
|
OmniHTTPd PHP Script Request Flood DoS
|
|
13967
Description:
(Description Provided by CVE) : GuildFTPd 0.9.7 stores user names and passwords in plaintext in the default.usr file, which allows local users to gain privileges as other FTP users by reading the file.
|
2001-05-26
|
GuildFTPd default.usr Authentication Credentials Local Disclosure
|
|
13970
Description:
(Description Provided by CVE) : Buffer overflow in DynFX MailServer version 2.10 allows remote attackers to conduct a denial of service via a long username to the POP3 service.
|
2001-05-26
|
DynFX MailServer POP3 Long Username Remote Overflow
|
|
1842
Description:
(Description Provided by CVE) : Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name (e.g., GET /aux HTTP/1.0).
|
2001-05-25
|
Faust Informatics Freestyle Chat MS-DOS Device Name DoS
|
|
1843
Description:
InoculateIT contains a flaw that allows a malicious local user overwrite arbitrary files on the system. The issue is due to the inocucmd utility using a static file name for a temporary file. If a local user creates a symlink from the static file name (/tmp/ftpdownload.log) to an arbitrary file on the system, InoculateIT will follow the link and overwrite the arbitrary file.
|
2001-05-25
|
InoculateIT ftpdownload.log Symbolic Link File Overwriting
|
|
8846
Description:
Beck's IPC GmbH IPC@Chip Telnet Service contains a flaw that may lead to an unauthorized password exposure. The issue is due to the service not enforcing a limit of consecutive invalid login attempts and delaying the next login prompt, which may allow a remote attacker to more easily conduct brute force attacks against a user's account.
|
2001-05-24
|
BecK IPC GmbH IPC@Chip Telnet Service Brute Force Weakness
|
|
8847
Description:
Beck's IPC GmbH IPC@Chip Telnet Service contains a flaw that may allow a remote denial of service. The issue is triggered due to the application allowing only one session at a time and failing to disconnect that session after an unsuccessful login, which may allow a remote attacker to connect to the Telnet service indefinitely and prevent access for any other legitimate users resulting in a loss of availability.
|
2001-05-24
|
Beck IPC GmbH IPC@Chip TelnetD Service Single Connection DoS
|
|
13963
Description:
Beck's IPC GmbH IPC@Chip Web Server contains a flaw that may lead to an unauthorized information disclosure. The issue may allow an attacker to view arbitrary files in the root directory via a direct request, which will disclose potentially sensitive information, such user accounts and passwords, to a remote attacker.
|
2001-05-24
|
Beck IPC GmbH IPC@Chip Embedded-Webserver Server Root Arbitrary File Access
|
|
14266
Description:
It has been reported that Beck's IPC GmbH IPC@Chip Web Server contains a flaw that may allow a remote denial of service. The issue is triggered when the program fails to properly handle overly long HTTP GET requests. This may allow a remote attacker to temporarily cause the server to stop responding, resulting in a loss of availability.
|
2001-05-24
|
Beck IPC GmbH IPC@Chip Web Server Long HTTP Request DoS
|
|
14267
Description:
Beck IPC GmbH IPC@Chip Telnet Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the server sends a different response when provided an invalid versus a valid username, which may allow a remote attacker to enumerate user accounts resulting in a loss of confidentiality.
|
2001-05-24
|
Beck IPC GmbH IPC@Chip TelnetD Server Error Message Account Enumeration
|
|
14268
Description:
Beck IPC GmbH IPC@Chip Web Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by sending a direct request to the the 'chipcfg.cgi' script, which will disclose network configuration settings to a remote attacker resulting in a loss of confidentiality.
|
2001-05-24
|
Beck IPC GmbH IPC@Chip Web Server chipcfg.cgi Direct Request Information Disclosure
|
|
19109
Description:
By default, Beck IPC GmbH's IPC@Chip FTP Server installs with a default password of 'anonymous' or 'ftp' which is publicly known and documented. This allows attackers to trivially access the program or system and gain privileged access.
|
2001-05-24
|
Beck IPC GmbH IPC@Chip FTP Server Default Password
|
|
19110
Description:
By default, Beck's IPC GmbH IPC@Chip Telnet Server installs with a default password of 'tel' which is publicly known and documented. This allows attackers to trivially access the program or system and gain privileged access.
|
2001-05-24
|
Beck IPC GmbH IPC@Chip Telnet Server Default Password
|
|
13437
Description:
(Description Provided by CVE) : Windows 2000 allows local users to cause a denial of service and possibly gain privileges by setting a hardware breakpoint that is handled using global debug registers, which could cause other processes to terminate due to an exception, and allow hijacking of resources such as named pipes.
|
2001-05-24
|
Microsoft Windows 2000 Debug Register Local Privilege Escalation
|
|
800
Description:
Cisco IOS contains a flaw that may allow a remote denial of service. The issue is triggered when a port scanner attempts to connect to specific port ranges (100-3999, 5100-5999, 7100-7999 and 10100-10999), and will result in loss of availability for the platform.
|
2001-05-24
|
Cisco IOS Port Scan Remote DoS
|
