[CLOSE] OSVDB ID : 1958 - Disclosed: 2001-09-30

Description:

(Description Provided by CVE) : Buffer overflow in Compaq Management Agents before 5.2, included in Compaq Web-enabled Management Software, allows local users to gain privileges.

[CLOSE] OSVDB ID : 9788 - Disclosed: 2001-09-29

Description:

AmTote International homebet contains a flaw that may lead to an unauthorized information disclosure. The problem is that the 'homebet.log' file in the /homebet directory is world-readable, which may allow a local attacker to obtain account information and PIN numbers resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 20236 - Disclosed: 2001-09-29

Description:

(Description Provided by CVE) : AmTote International homebet program returns different error messages when invalid account numbers and PIN codes are provided, which allows remote attackers to determine the existence of valid account numbers via a brute force attack.

[CLOSE] OSVDB ID : 5552 - Disclosed: 2001-09-28

Description:

(Description Provided by CVE) : split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header.

[CLOSE] OSVDB ID : 5408 - Disclosed: 2001-09-27

Description:

OpenSSH contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when OpenSSH's "echo simulation" traffic analysis countermeasure sends an additional echo packet after the password and carriage return is entered, which will disclose that the echo simulation countermeasure is in use, resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 8665 - Disclosed: 2001-09-27

Description:

Meteor FTP contains a flaw that allows a remote attacker to access arbitrary files. The issue is due to the program not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'ls' and 'cd' commands.

[CLOSE] OSVDB ID : 14230 - Disclosed: 2001-09-27

Description:

(Description Provided by CVE) : Alexis 2.0 and 2.1 in COM2001 InternetPBX stores voicemail passwords in plain text in the com2001.ini file, which could allow local users to make long distance calls as other users.

[CLOSE] OSVDB ID : 14231 - Disclosed: 2001-09-27

Description:

(Description Provided by CVE) : Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX sends username and voice mail passwords in the clear via a Java applet that sends the information to port 8888 of the server, which could allow remote attackers to steal the passwords via sniffing.

[CLOSE] OSVDB ID : 5470 - Disclosed: 2001-09-26

Description:

A buffer overflow exists in IBM AIX muxatmd daemon. The program fails to validate input resulting in a buffer overflow. With a specially crafted request, an attacker can cause core dumps and possibly execute code resulting in a loss of confidentiality and/or integrity.

[CLOSE] OSVDB ID : 17961 - Disclosed: 2001-09-26

Description:

(Description Provided by CVE) : Buffer overflow in portmir for AIX 4.3.0 allows local users to corrupt lock files and gain root privileges via the echo_error routine.

[CLOSE] OSVDB ID : 17960 - Disclosed: 2001-09-26

Description:

(Description Provided by CVE) : Buffer overflow in nslookup for AIX 4.3 allows local users to execute arbitrary code via a long hostname command line argument.

[CLOSE] OSVDB ID : 17959 - Disclosed: 2001-09-26

Description:

(Description Provided by CVE) : Buffer overflow in the lex routines of nslookup for AIX 4.3 may allow attackers to cause a core dump and possibly execute arbitrary code via "long input strings."

[CLOSE] OSVDB ID : 642 - Disclosed: 2001-09-26

Description:

In OpenSSH versions 2.5 to 2.9, it is possible to circumvent source address based ACLs if multiple different types of cryptographic keys are used for authentication and the 'from=' option is used to restrict access by IP address. An attacker can use the ACL settings on the second key for access via either key, and perhaps gain access to this host from an unapproved IP address. Note: Valid login credentials such as a username and password are still required.

[CLOSE] OSVDB ID : 6058 - Disclosed: 2001-09-26

Description:

3COM HomeConnect Cable Modem contains a flaw that may allow a remote denial of service. The issue is triggered when sending a specially crafted HTTP request containing more than 100 characters, and will result in loss of availability for the modem.

[CLOSE] OSVDB ID : 90028 - Disclosed: 2001-09-26

Description:

Libxml2 contains a flaw in SAX.c that may allow a denial of service. The issue is triggered when handling an undefined namespace. This may allow a context-dependent attacker to crash the program.

[CLOSE] OSVDB ID : 1957 - Disclosed: 2001-09-26

Description:

Exchange contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends a very complex request which consumes all available CPU resources, and will result in loss of availability for the platform.

[CLOSE] OSVDB ID : 11686 - Disclosed: 2001-09-25

Description:

Roxen Web Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an authentication request is made via LDAP, which disables .htaccess-based permissions on directories and/or files. After this request, full access is granted on all entries in .htaccess files to all users, resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 45232 - Disclosed: 2001-09-25

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 11313 - Disclosed: 2001-09-25

Description:

(Description Provided by CVE) : Compaq TruCluster 1.5 allows remote attackers to cause a denial of service via a port scan from a system that does not have a DNS PTR record, which causes the cluster to enter a "split-brain" state.

[CLOSE] OSVDB ID : 13909 - Disclosed: 2001-09-25

Description:

(Description Provided by CVE) : Buffer overflow in ftpd in QPC QVT/Net 5.0 and QVT/Term 5.0 allows a remote attacker to cause a denial of service via a long (1) username or (2) password.

[CLOSE] OSVDB ID : 43761 - Disclosed: 2001-09-25

Description:

(Description Provided by CVE) : CardBoard 2.4 greeting card CGI by Michael Barretto allows remote attackers to execute arbitrary commands via shell metacharacters in the recipient field.

[CLOSE] OSVDB ID : 59792 - Disclosed: 2001-09-24

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 59791 - Disclosed: 2001-09-24

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 643 - Disclosed: 2001-09-24

Description:

(Description Provided by CVE) : admin.php in PHP-Nuke 5.2 and earlier, except 5.0RC1, does not check login credentials for upload operations, which allows remote attackers to copy and upload arbitrary files and read the PHP-Nuke configuration file by directly calling admin.php with an upload parameter and specifying the file to copy.

[CLOSE] OSVDB ID : 1954 - Disclosed: 2001-09-24

Description:

(Description Provided by CVE) : IBM HACMP 4.4 allows remote attackers to cause a denial of service via a completed TCP connection to HACMP ports (e.g., using a port scan) that does not send additional data, which causes a failure in snmpd.

[CLOSE] OSVDB ID : 1956 - Disclosed: 2001-09-24

Description:

(Description Provided by CVE) : Binary decoding feature of slrn 0.9 and earlier allows remote attackers to execute commands via shell scripts that are inserted into a news post.

[CLOSE] OSVDB ID : 14814 - Disclosed: 2001-09-23

Description:

(Description Provided by CVE) : Format string vulnerability in Hylafax on FreeBSD allows local users to execute arbitrary code via format specifiers in the -h hostname argument for (1) faxrm or (2) faxalter.

[CLOSE] OSVDB ID : 14815 - Disclosed: 2001-09-23

Description:

(Description Provided by CVE) : Format string vulnerability in Hylafax on FreeBSD allows local users to execute arbitrary code via format specifiers in the -h hostname argument for (1) faxrm or (2) faxalter.

[CLOSE] OSVDB ID : 20286 - Disclosed: 2001-09-21

Description:

(Description Provided by CVE) : Buffer overflow in ftpd in IBM AIX 4.3 and 5.1 allows attackers to gain privileges.

[CLOSE] OSVDB ID : 639 - Disclosed: 2001-09-21

Description:

This host is running the Squid Proxy server. This server is vulnerable to a denial of service attack. This prevents users from accessing the web. An attacker can use this to create a denial of service condition.

[CLOSE] OSVDB ID : 1953 - Disclosed: 2001-09-21

Description:

SpoonFTP contains a flaw that allows a remote attacker to access directories outside of the web path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the FTP command line.

[CLOSE] OSVDB ID : 1955 - Disclosed: 2001-09-21

Description:

PGP Keyserver contains a flaw that allows a remote user to access administrative features without authentication. The flaw is due to the server not validating input to the "page_size" variable in the "console.exe" script. This may allow an attacker to manipulate administrative features and configuration options.

[CLOSE] OSVDB ID : 4193 - Disclosed: 2001-09-21

Description:

PGP Keyserver contains a flaw that allows a remote user to access administrative features without authentication. The flaw is due to the server not validating input to the "action" variable in the "cs.exe" script. This may allow an attacker to manipulate administrative features and configuration options.

[CLOSE] OSVDB ID : 14116 - Disclosed: 2001-09-21

Description:

(Description Provided by CVE) : Xcache 2.1 allows remote attackers to determine the absolute path of web server documents by requesting a URL that is not cached by Xcache, which returns the full pathname in the Content-PageName header.

[CLOSE] OSVDB ID : 6073 - Disclosed: 2001-09-20

Description:

OpenSSH on FreeBSD platforms contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the user sets welcome or copyright file parameters to system-sensitive files in their login.conf, which will disclose the contents of those files to that user, resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 10304 - Disclosed: 2001-09-20

Description:

(Description Provided by CVE) : Buffer overflow in client for Half-Life 1.1.0.8 and earlier allows malicious remote servers to execute arbitrary code via a long console command.

[CLOSE] OSVDB ID : 10818 - Disclosed: 2001-09-20

Description:

(Description Provided by CVE) : Lotus Domino web server 5.08 allows remote attackers to determine the internal IP address of the server when NAT is enabled via a GET request that contains a long sequence of / (slash) characters.

[CLOSE] OSVDB ID : 19096 - Disclosed: 2001-09-19

Description:

(Description Provided by CVE) : The default configuration of Lotus Domino server 5.0.8 includes system information (version, operating system, and build date) in the HTTP headers of replies, which allows remote attackers to obtain sensitive information.

[CLOSE] OSVDB ID : 5492 - Disclosed: 2001-09-19

Description:

IBM's WebSphere Application Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the server issues cookies in a predictable manner, allowing trivial brute force guessing of arbitrary user sessions, resulting in a loss of confidentiality and integrity.

[CLOSE] OSVDB ID : 5536 - Disclosed: 2001-09-18

Description:

OpenSSH contains a flaw that may allow a malicious user to bypass access restrictions imposed through the command= keyword for restricted keypairs using authorized_keys2. The issue is triggered when a user logging in via a restricted keypair uses the sftp subsystem to execute commands on the affected server, potentially including file retrieval, replacement, deletion, or permission and ownership alteration. It is possible that the flaw may allow a bypass of the original access restrictions, resulting in a loss of confidentiality, integrity, and/or availability.