[CLOSE] OSVDB ID : 17807 - Disclosed: 2001-08-25

Description:

(Description Provided by CVE) : Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to bypass filtering via URLs containing Unicode characters.

[CLOSE] OSVDB ID : 19894 - Disclosed: 2001-08-25

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 12485 - Disclosed: 2001-08-25

Description:

Qpopper contains a flaw that may allow a malicious user to get unauthorized information. The issue is due to different error messages being output when authentication attempts are made using valid and invalid usernames. When qpopper is used in conjunction with PAM, remote attackers can enumerate valid account usernames, resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 14144 - Disclosed: 2001-08-24

Description:

(Description Provided by CVE) : Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses weak encryption to store the user password in a registry key, which allows attackers who have access to the registry key to decrypt the password and gain privileges.

[CLOSE] OSVDB ID : 14145 - Disclosed: 2001-08-24

Description:

(Description Provided by CVE) : Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA does not encrypt sensitive files and relies solely on its password feature to restrict access, which allows an attacker to read the files using a different application.

[CLOSE] OSVDB ID : 14146 - Disclosed: 2001-08-24

Description:

(Description Provided by CVE) : Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses a small keyspace for device keys and does not impose a delay when an incorrect key is entered, which allows attackers to more quickly guess the key via a brute force attack.

[CLOSE] OSVDB ID : 63720 - Disclosed: 2001-08-24

Description:

(Description Provided by CVE) : NWFTPD.nlm before 5.01w in the FTP server in Novell NetWare allows remote attackers to cause a denial of service (abend) via an anonymous STOU command.

[CLOSE] OSVDB ID : 14818 - Disclosed: 2001-08-23

Description:

Adobe Acrobat for Linux contains a flaw in the libCoolType library. The issue is triggered when the application creates the AdobeFnt.lst file with insecure permissions. With a specially crafted request, a local attacker can manipulate arbitrary files.

[CLOSE] OSVDB ID : 8823 - Disclosed: 2001-08-23

Description:

(Description Provided by CVE) : Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows remote attackers to cause a denial of service via multiple connections to the router on the (1) HTTP or (2) telnet service, which causes the router to become unresponsive and stop forwarding packets.

[CLOSE] OSVDB ID : 11802 - Disclosed: 2001-08-23

Description:

(Description Provided by CVE) : Respondus 1.1.2 for WebCT uses weak encryption to remember usernames and passwords, which allows local users who can read the WEBCT.SVR file to decrypt the passwords and gain additional privileges.

[CLOSE] OSVDB ID : 14071 - Disclosed: 2001-08-23

Description:

(Description Provided by CVE) : UltraEdit uses weak encryption to record FTP passwords in the uedit32.ini file, which allows local users who can read the file to decrypt the passwords and gain privileges.

[CLOSE] OSVDB ID : 1936 - Disclosed: 2001-08-23

Description:

(Description Provided by CVE) : BSCW groupware system 3.3 through 4.0.2 beta allows remote attackers to read or modify arbitrary files by uploading and extracting a tar file with a symlink into the data-bag space.

[CLOSE] OSVDB ID : 1943 - Disclosed: 2001-08-23

Description:

(Description Provided by CVE) : Buffer overflow in uidadmin in Caldera Open Unix 8.0.0 and UnixWare 7 allows local users to gain root privileges via a long -S (scheme) command line argument.

[CLOSE] OSVDB ID : 8828 - Disclosed: 2001-08-23

Description:

(Description Provided by CVE) : Web-based configuration utility in Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap binds itself to port 80 even when web-based configuration services are disabled, which could leave the router open to attack.

[CLOSE] OSVDB ID : 11011 - Disclosed: 2001-08-23

Description:

(Description Provided by CVE) : Netbt.sys in Windows NT 4.0 allows remote malicious DNS servers to cause a denial of service (crash) by returning 0.0.0.0 as the IP address for a DNS host name lookup.

[CLOSE] OSVDB ID : 88586 - Disclosed: 2001-08-23

Description:

CuteFTP contains a flaw that is due to the program using what has been reported to be a insecure encoding for the sm.dat file which stores password information. This may allow a local attacker to more easily gain access to password information if the site manager password has not been set.

[CLOSE] OSVDB ID : 1939 - Disclosed: 2001-08-22

Description:

(Description Provided by CVE) : Buffer overflow in AOLserver 3.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via an HTTP request with a long Authorization header.

[CLOSE] OSVDB ID : 14711 - Disclosed: 2001-08-22

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 8605 - Disclosed: 2001-08-22

Description:

(Description Provided by CVE) : BadBlue Personal Edition v1.02 beta allows remote attackers to read source code for executable programs by appending a %00 (null byte) to the request.

[CLOSE] OSVDB ID : 8981 - Disclosed: 2001-08-22

Description:

Dynu FTP Server contains a flaw that allows a remote attacker to traverse directories outside of the web path. The issue is due to the program not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the CWD command.

[CLOSE] OSVDB ID : 14232 - Disclosed: 2001-08-22

Description:

A remote overflow exists in A-V Tronics: InetServ. The Webmail interface fails to verify the length of the 'Username' and 'Password' fields resulting in a buffer overflow. With a specially crafted request, an attacker can cause denial of service via network, execution of arbitrary code via network, or root access via network resulting in a loss of confidentiality, integrity, and availability.

[CLOSE] OSVDB ID : 5456 - Disclosed: 2001-08-21

Description:

Panda Antivirus Platinum contains a flaw that may allow a REMOTE denial of service. The issue is triggered when a malformed UPX packed exe examination occurs, and will result in loss of availability for the Antivirus Functionality.

[CLOSE] OSVDB ID : 14170 - Disclosed: 2001-08-21

Description:

BSD contains a flaw that may allow a local denial of service. The issue is triggered when a malicious user compiles and executes shell code that causes a bad system call, resulting in a reboot and loss of availability for the platform.

[CLOSE] OSVDB ID : 608 - Disclosed: 2001-08-21

Description:

This host is running the IrDa service. This service provides infrared-based connectivity to Windows hosts. A buffer overflow exists in the IrDa handling code in Windows 2000. An attacker can use this to shutdown the machine if they can physically locate themselves within a few feet of the server.

[CLOSE] OSVDB ID : 1938 - Disclosed: 2001-08-21

Description:

linprocfs on FreeBSD 4.3 and earlier does not properly restrict access to kernel memory, which allows one process with debugging rights on a privileged process to read restricted memory from that process.

[CLOSE] OSVDB ID : 8735 - Disclosed: 2001-08-21

Description:

(Description Provided by CVE) : ns6install installation script for Netscape 6.01 on Solaris, and other versions including 6.2.1 beta, allows local users to overwrite arbitrary files via a symlink attack.

[CLOSE] OSVDB ID : 8957 - Disclosed: 2001-08-21

Description:

(Description Provided by CVE) : Directory traversal vulnerability in WhitSoft Development SlimFTPd 2.2 allows an attacker to read arbitrary files and directories via a ... (modified dot dot) in the CD command.

[CLOSE] OSVDB ID : 14119 - Disclosed: 2001-08-21

Description:

Sage Software MAS 200 contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious user telnets to port 10000 on the server and then inputs ctrl-x 10 times, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 86902 - Disclosed: 2001-08-21

Description:

Apache contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an HTTP request without a trailing '/' character returns a 3xx redirect error code. This error code contains a 'location' response-header, which may allow a remote attacker to gain access to the server's internal address.

[CLOSE] OSVDB ID : 88585 - Disclosed: 2001-08-21

Description:

FreeBSD contains a flaw that may lead to an unauthorized information disclosure. The issue is due to an error in the procfs file system that allows processes that initially had debugging rights to an arbitrary process to retain these rights even if the targeted process has gained escalated privileges. This may allow a local attacker to access the targeted processes memory space and gain access to potentially sensitive information.

[CLOSE] OSVDB ID : 14174 - Disclosed: 2001-08-20

Description:

(Description Provided by CVE) : Intego FileGuard 4.0 uses weak encryption to store user information and passwords, which allows local users to gain privileges by decrypting the information, e.g., with the Disengage tool.

[CLOSE] OSVDB ID : 8958 - Disclosed: 2001-08-20

Description:

(Description Provided by CVE) : Directory traversal vulnerability in ASCII NT WinWrapper Professional allows remote attackers to read arbitrary files via a .. (dot dot) in the server request.

[CLOSE] OSVDB ID : 10816 - Disclosed: 2001-08-20

Description:

(Description Provided by CVE) : Lotus Domino SMTP server 4.63 through 5.08 allows remote attackers to cause a denial of service (CPU consumption) by forging an email message with the sender as bounce@[127.0.0.1] (localhost), which causes Domino to enter a mail loop.

[CLOSE] OSVDB ID : 14056 - Disclosed: 2001-08-20

Description:

(Description Provided by CVE) : Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on the UserID, which allows remote attackers to gain administrative privileges by calculating the value of the admin cookie (UserID 1), i.e. "0888888."

[CLOSE] OSVDB ID : 59413 - Disclosed: 2001-08-20

Description:

(Description Provided by CVE) : Directory traversal vulnerability in ACI 4d webserver allows remote attackers to read arbitrary files via a .. (dot dot) or drive letter (e.g., C:) in an HTTP request.

[CLOSE] OSVDB ID : 90027 - Disclosed: 2001-08-20

Description:

AlphaTCL contains a flaw that is due to ftpMenu handling weakly encoded or not encrypting FTP credentials. This may allow a context-dependent attacker to more easily access credential information.

[CLOSE] OSVDB ID : 1951 - Disclosed: 2001-08-19

Description:

Check Point FireWall-1 contains a flaw that may allow a malicious administrator to execute arbitrary code on the vulnerable system. The issue is due to a buffer overflow in the GUI log view utility which can be accessed by administrators. If an attacker with permissions to view logs via the GUI interface sends specially crafted data, they may be able to execute arbitrary commands with root privileges.

[CLOSE] OSVDB ID : 605 - Disclosed: 2001-08-17

Description:

Sendmail versions 8.10.0 through 8.11.5, and 8.12.0 betas, contain a signed integer overflow in the handling of large numbers passed to the '-d' command line parameter. Local attackers can execute arbitrary code with elevated privileges if sendmail is setuid/setgid (which it typically is).

[CLOSE] OSVDB ID : 1935 - Disclosed: 2001-08-17

Description:

(Description Provided by CVE) : glFTPD 1.23 allows remote attackers to cause a denial of service (CPU consumption) via a LIST command with an argument that contains a large number of * (asterisk) characters.

[CLOSE] OSVDB ID : 1937 - Disclosed: 2001-08-17

Description:

FreeBSD contains a flaw that may allow a malicious user to bypass a firewall. The issue is triggered when ipfw is used with the "me" identifier on a point to point interface. It is possible that the flaw may allow unintended access to the local system by a remote host resulting in a loss of integrity.