[CLOSE] OSVDB ID : 579 - Disclosed: 2001-06-30

Description:

(Description Provided by CVE) : PHP 4.0.5 through 4.1.0 in safe mode does not properly cleanse the 5th parameter to the mail() function, which allows local users and possibly remote attackers to execute arbitrary commands via shell metacharacters.

[CLOSE] OSVDB ID : 1885 - Disclosed: 2001-06-30

Description:

(Description Provided by CVE) : Citrix Nfuse 1.51 allows remote attackers to obtain the absolute path of the web root via a malformed request to launch.asp that does not provide the session field.

[CLOSE] OSVDB ID : 650 - Disclosed: 2001-06-30

Description:

A remote overflow exists in the cgiemail cgicso. The script fails to verify input resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code resulting in a loss of integrity.

[CLOSE] OSVDB ID : 12057 - Disclosed: 2001-06-30

Description:

(Description Provided by CVE) : Buffer overflows in CesarFTPD 0.98b allows remote attackers to execute arbitrary commands via long arguments to (1) HELP, (2) USER, (3) PASS, (4) PORT, (5) DELE, (6) REST, (7) RMD, or (8) MKD.

[CLOSE] OSVDB ID : 56515 - Disclosed: 2001-06-29

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 8033 - Disclosed: 2001-06-29

Description:

(Description Provided by CVE) : PowerNet IX allows remote attackers to cause a denial of service via a port scan.

[CLOSE] OSVDB ID : 12124 - Disclosed: 2001-06-29

Description:

(Description Provided by CVE) : Buffer overflow in internal string handling routines of xinetd before 2.1.8.8 allows remote attackers to execute arbitrary commands via a length argument of zero or less, which disables the length check.

[CLOSE] OSVDB ID : 12403 - Disclosed: 2001-06-29

Description:

(Description Provided by CVE) : vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts via a request for an ASP script that ends with a URL-encoded space character (%20).

[CLOSE] OSVDB ID : 12404 - Disclosed: 2001-06-29

Description:

(Description Provided by CVE) : vWebServer 1.2.0 allows remote attackers to cause a denial of service via a URL that contains MS-DOS device names.

[CLOSE] OSVDB ID : 12405 - Disclosed: 2001-06-29

Description:

(Description Provided by CVE) : vWebServer 1.2.0 allows remote attackers to cause a denial of service (hang) via a small number of long URL requests, possibly due to a buffer overflow.

[CLOSE] OSVDB ID : 88643 - Disclosed: 2001-06-29

Description:

CylantSecure contains a flaw in the Kernel module. The issue is may allow a local attacker to escape monitoring and perform a syscall rerouting outside the system's infrastructure. This may allow the attacker to execute arbitrary local programs.

[CLOSE] OSVDB ID : 19754 - Disclosed: 2001-06-28

Description:

A remote overflow exists in MacOS. The 'Personal Web Sharing' control panel fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing an overly long password, a remote attacker can cause the system to freeze resulting in a loss of availability.

[CLOSE] OSVDB ID : 5542 - Disclosed: 2001-06-28

Description:

(Description Provided by CVE) : Buffer overflow in Linux xinetd 2.1.8.9pre11-1 and earlier may allow remote attackers to execute arbitrary code via a long ident response, which is not properly handled by the svc_logprint function.

[CLOSE] OSVDB ID : 584 - Disclosed: 2001-06-28

Description:

McAfee ASaP VirusScan agent contains a flaw that allows a remote attacker to view arbitrary files outside of the web path. The issue is due to the built in web server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the URI.

[CLOSE] OSVDB ID : 5585 - Disclosed: 2001-06-28

Description:

A local buffer overflow exists in IBM AIX library libi18n. The library function _GETLAYOUTINITFUNC fails to validate the length of the LANG environment variable resulting in a buffer overflow. With a specially crafted request, an attacker can gain root privileges resulting in a loss of confidentiality and/or integrity.

[CLOSE] OSVDB ID : 6172 - Disclosed: 2001-06-28

Description:

A remote overflow exists in Trend Micro InterScan VirusWall. The HttpSaveCVP.dll file fails to validate bounds checking resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 6173 - Disclosed: 2001-06-28

Description:

A remote overflow exists in Trend Micro InterScan VirusWall. The HttpSaveCSP.dll file fails to validate bounds checking resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 6178 - Disclosed: 2001-06-28

Description:

(Description Provided by CVE) : Buffer overflow in smtpscan.dll for Trend Micro InterScan VirusWall 3.51 for Windows NT has allows remote attackers to execute arbitrary code via a certain configuration parameter.

[CLOSE] OSVDB ID : 578 - Disclosed: 2001-06-27

Description:

IOS contains a flaw that may allow a malicious user to bypass authentication. The issue is triggered when an attacker sends a specially crafted URL to the HTTP server. It is possible that the flaw may allow an attacker to gain administrative privileges resulting in a loss of confidentiality, integrity, and/or availability.

[CLOSE] OSVDB ID : 9427 - Disclosed: 2001-06-27

Description:

A buffer overflow exists in Oracle. The TNS Listener fails to validate passed to the STATUS, PING, SERVICES, TRC_FILE, SAVE_CONFIG and RELOAD commands resulting in a stack overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 12326 - Disclosed: 2001-06-27

Description:

Active Classifieds contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue occurs because several subroutines in admin.cgi do not check for valid user authentication before processing input. This flaw may lead to execution of arbitrary code causing a loss of integrity.

[CLOSE] OSVDB ID : 45904 - Disclosed: 2001-06-27

Description:

(Description Provided by CVE) : Buffer overflow in the LDAP naming services library (libsldap) in Sun Solaris 8 allows local users to execute arbitrary code via a long LDAP_OPTIONS environment variable to a privileged program that uses libsldap.

[CLOSE] OSVDB ID : 3561 - Disclosed: 2001-06-27

Description:

Cisco IOS, CatOS and WebNS contain a flaw that may lead to an unauthorized information disclosure. The issue is triggered by the disclosure of password length by SSH protocol, which will disclose information of value in a brute force attack resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 9323 - Disclosed: 2001-06-27

Description:

(Description Provided by CVE) : Buffer overflow in uucp utilities in UnixWare 7 allows local users to execute arbitrary code via long command line arguments to (1) uucp, (2) uux, (3) bnuconvert, (4) uucico, (5) uuxcmd, or (6) uuxqt.

[CLOSE] OSVDB ID : 9324 - Disclosed: 2001-06-27

Description:

(Description Provided by CVE) : Buffer overflow in uucp utilities in UnixWare 7 allows local users to execute arbitrary code via long command line arguments to (1) uucp, (2) uux, (3) bnuconvert, (4) uucico, (5) uuxcmd, or (6) uuxqt.

[CLOSE] OSVDB ID : 9325 - Disclosed: 2001-06-27

Description:

(Description Provided by CVE) : Buffer overflow in uucp utilities in UnixWare 7 allows local users to execute arbitrary code via long command line arguments to (1) uucp, (2) uux, (3) bnuconvert, (4) uucico, (5) uuxcmd, or (6) uuxqt.

[CLOSE] OSVDB ID : 9326 - Disclosed: 2001-06-27

Description:

(Description Provided by CVE) : Buffer overflow in uucp utilities in UnixWare 7 allows local users to execute arbitrary code via long command line arguments to (1) uucp, (2) uux, (3) bnuconvert, (4) uucico, (5) uuxcmd, or (6) uuxqt.

[CLOSE] OSVDB ID : 9327 - Disclosed: 2001-06-27

Description:

(Description Provided by CVE) : Buffer overflow in uucp utilities in UnixWare 7 allows local users to execute arbitrary code via long command line arguments to (1) uucp, (2) uux, (3) bnuconvert, (4) uucico, (5) uuxcmd, or (6) uuxqt.

[CLOSE] OSVDB ID : 9328 - Disclosed: 2001-06-27

Description:

(Description Provided by CVE) : Buffer overflow in uucp utilities in UnixWare 7 allows local users to execute arbitrary code via long command line arguments to (1) uucp, (2) uux, (3) bnuconvert, (4) uucico, (5) uuxcmd, or (6) uuxqt.

[CLOSE] OSVDB ID : 9426 - Disclosed: 2001-06-27

Description:

(Description Provided by CVE) : Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle 8i 8.1.7 and earlier allows remote attackers to cause a denial of service via a malformed SQLNet connection request with a large offset in the header extension.

[CLOSE] OSVDB ID : 19241 - Disclosed: 2001-06-27

Description:

(Description Provided by CVE) : Buffer overflow in cron in Caldera UnixWare 7 allows local users to execute arbitrary code via a command line argument.

[CLOSE] OSVDB ID : 59511 - Disclosed: 2001-06-27

Description:

(Description Provided by CVE) : Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX 11.0 and 11.11, when configured as a print server, allows local users to overwrite arbitrary files by modifying certain resources.

[CLOSE] OSVDB ID : 88704 - Disclosed: 2001-06-27

Description:

The Linux Kernel contains a flaw that may lead to unauthorized privileges being gained. The issue is due to the procfs mem file (/proc/$$/mem) insecurely handling user access. By reading from 'mem' via close()ing fd 0, open()ing it with /proc/<current_pid>/mem, and then using lseek(), a local attacker can read arbitrary memory offsets in a running process. This may disclose sensitive information including passwords that can be used to gain privileges.

[CLOSE] OSVDB ID : 1883 - Disclosed: 2001-06-26

Description:

Icecast contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the URI.

[CLOSE] OSVDB ID : 7040 - Disclosed: 2001-06-26

Description:

Mac OS X contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to encrypted passwords using the nidump command, which may lead to a loss of confidentiality.

[CLOSE] OSVDB ID : 1882 - Disclosed: 2001-06-26

Description:

It was reported that early/beta versions of Mac OS X created each user's Desktop folder with world-readable and world-writable permissions by default. After further testing by the security community, this was demonstrated to be untrue.

[CLOSE] OSVDB ID : 11621 - Disclosed: 2001-06-26

Description:

(Description Provided by CVE) : gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers to execute arbitrary commands via certain characters in the help_file parameter.

[CLOSE] OSVDB ID : 14260 - Disclosed: 2001-06-26

Description:

(Description Provided by CVE) : cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not properly check the return value of a call to the pathexec_env function, which could cause the setstate utility to setuid to the UID environment variable and allow local users to gain privileges.

[CLOSE] OSVDB ID : 14261 - Disclosed: 2001-06-26

Description:

(Description Provided by CVE) : cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not properly check the return value of a call to the pathexec_env function, which could cause the setstate utility to setuid to the UID environment variable and allow local users to gain privileges.

[CLOSE] OSVDB ID : 577 - Disclosed: 2001-06-25

Description:

Microsoft Front Page Server Extensions (FPSE), included in IIS Web Server, contain a flaw that may allow a remote attacker to execute arbitrary code. The issue is due to a sub-component in FPSE called Visual Studio Remote Application Deployment (RAD) which allows Visual InterDev users to register and un-register programming components on the IIS server. The sub-component contains an unchecked buffer that may allow an attacker to execute arbitrary code with IUSR_Machine privileges.