[CLOSE] OSVDB ID : 60280 - Disclosed: 2002-11-20

Description:

(Description Provided by CVE) : Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote authenticated users to cause a denial of service in the management interface via a stream of zero (null) bytes sent via UDP to a running service.

[CLOSE] OSVDB ID : 4351 - Disclosed: 2002-11-19

Description:

(Description Provided by CVE) : Netscape Communicator 4.x allows attackers to use a link to steal a user's preferences, including potentially sensitive information such as URL history, e-mail address, and possibly the e-mail password, by redefining the user_pref() function and accessing the prefs.js file, which is stored in a directory with a predictable name.

[CLOSE] OSVDB ID : 14523 - Disclosed: 2002-11-19

Description:

(Description Provided by CVE) : importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows the web administrator to execute arbitrary commands via shell metacharacters in the dir parameter, and possibly allows remote attackers to exploit this vulnerability via a separate XSS issue (CVE-2002-1315).

[CLOSE] OSVDB ID : 45903 - Disclosed: 2002-11-19

Description:

A buffer overflow exists in Tftpd32. tftpd fails to validate filename arguments resulting in a stack overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 7101 - Disclosed: 2002-11-19

Description:

(Description Provided by CVE) : openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information.

[CLOSE] OSVDB ID : 9220 - Disclosed: 2002-11-19

Description:

Sun Microsystems Sun ONE/iPlanet Web Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the messages in the error log when viewed using the iPlanet Admin Console. This could allow a user to create a specially crafted error message that would execute arbitrary code on the iPlanet server at the privilege level of the administrator, leading to a loss of integrity.

[CLOSE] OSVDB ID : 14524 - Disclosed: 2002-11-19

Description:

(Description Provided by CVE) : importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows the web administrator to execute arbitrary commands via shell metacharacters in the dir parameter, and possibly allows remote attackers to exploit this vulnerability via a separate XSS issue (CVE-2002-1315).

[CLOSE] OSVDB ID : 31840 - Disclosed: 2002-11-19

Description:

(Description Provided by CVE) : The DNS resolver in unspecified versions of Fujitsu UXP/V, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.

[CLOSE] OSVDB ID : 31843 - Disclosed: 2002-11-19

Description:

(Description Provided by CVE) : The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.

[CLOSE] OSVDB ID : 60250 - Disclosed: 2002-11-19

Description:

(Description Provided by CVE) : Certain patches for QNX Neutrino realtime operating system (RTOS) 6.2.0 set insecure permissions for the files (1) /sbin/io-audio by OS Update Patch A, (2) /bin/shutdown, (3) /sbin/fs-pkg, and (4) phshutdown by QNX experimental patches, (5) cpim, (6) vpim, (7) phrelaycfg, and (8) columns, (9) othello, (10) peg, (11) solitaire, and (12) vpoker in the games pack 2.0.3, which allows local users to gain privileges by modifying the files before permissions are changed.

[CLOSE] OSVDB ID : 60278 - Disclosed: 2002-11-19

Description:

(Description Provided by CVE) : Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 and 6.2.0 allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name is a hex-encoded user ID.

[CLOSE] OSVDB ID : 60251 - Disclosed: 2002-11-19

Description:

(Description Provided by CVE) : Certain patches for QNX Neutrino realtime operating system (RTOS) 6.2.0 set insecure permissions for the files (1) /sbin/io-audio by OS Update Patch A, (2) /bin/shutdown, (3) /sbin/fs-pkg, and (4) phshutdown by QNX experimental patches, (5) cpim, (6) vpim, (7) phrelaycfg, and (8) columns, (9) othello, (10) peg, (11) solitaire, and (12) vpoker in the games pack 2.0.3, which allows local users to gain privileges by modifying the files before permissions are changed.

[CLOSE] OSVDB ID : 60252 - Disclosed: 2002-11-19

Description:

(Description Provided by CVE) : Certain patches for QNX Neutrino realtime operating system (RTOS) 6.2.0 set insecure permissions for the files (1) /sbin/io-audio by OS Update Patch A, (2) /bin/shutdown, (3) /sbin/fs-pkg, and (4) phshutdown by QNX experimental patches, (5) cpim, (6) vpim, (7) phrelaycfg, and (8) columns, (9) othello, (10) peg, (11) solitaire, and (12) vpoker in the games pack 2.0.3, which allows local users to gain privileges by modifying the files before permissions are changed.

[CLOSE] OSVDB ID : 16011 - Disclosed: 2002-11-18

Description:

(Description Provided by CVE) : dhcpcd DHCP client daemon 1.3.22 and earlier allows local users to execute arbitrary code via shell metacharacters that are fed from a dhcpd .info script into a .exe script.

[CLOSE] OSVDB ID : 16408 - Disclosed: 2002-11-18

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 2990 - Disclosed: 2002-11-18

Description:

Microsoft Internet Explorer may allow a remote attacker to execute script in a victim's "Local Computer" zone. This flaw is due to the dialogArguments object in an IFRAME which can be used to bypass security zone restrictions. By creating a malicious HTML document that uses the "showModalDialog" or "showModelessDialog" function, they can force the vulnerable system to open an IFRAME that bypasses security restrictions and executes script within the local security zone.

[CLOSE] OSVDB ID : 4297 - Disclosed: 2002-11-18

Description:

phpBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "highlight" variable upon submission to the "viewtopic.php" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 4865 - Disclosed: 2002-11-18

Description:

eTrust Antivirus may allow a local attacker to gain elevated privileges. The issue is due to the program not properly checking command line input. If an attacker supplies a specially crafted command line argument, they may be able to trick it into running an arbitrary program with SYSTEM privilegs.

[CLOSE] OSVDB ID : 14522 - Disclosed: 2002-11-18

Description:

(Description Provided by CVE) : nullmailer 1.00RC5 and earlier allows local users to cause a denial of service via an email to a local user that does not exist, which generates an error that causes nullmailer to stop sending mail to all users.

[CLOSE] OSVDB ID : 60277 - Disclosed: 2002-11-18

Description:

(Description Provided by CVE) : Gordano Messaging Server (GMS) Mail 8 (a.k.a. NTMail) only filters email messages for the first recipient, which allows remote attackers to bypass JUCE filters by sending a message to more than one user on the GMS server.

[CLOSE] OSVDB ID : 57701 - Disclosed: 2002-11-17

Description:

(Description Provided by CVE) : tftpd32 2.50 and 2.50.2 allows remote attackers to read or write arbitrary files via a full pathname in GET and PUT requests.

[CLOSE] OSVDB ID : 55342 - Disclosed: 2002-11-17

Description:

(Description Provided by CVE) : Buffer overflow in HTTP server in LiteServe 2.0, 2.0.1 and 2.0.2 allows remote attackers to cause a denial of service (hang) via a large number of percent characters (%) in an HTTP GET request.

[CLOSE] OSVDB ID : 41362 - Disclosed: 2002-11-17

Description:

(Description Provided by CVE) : MailEnable 1.5 015 through 1.5 018 allows remote attackers to cause a denial of service (crash) via a long USER string, possibly due to a buffer overflow.

[CLOSE] OSVDB ID : 59789 - Disclosed: 2002-11-16

Description:

(Description Provided by CVE) : Buffer overflow in the HttpGetRequest function in Zeroo HTTP server 1.5 allows remote attackers to execute arbitrary code via a long HTTP request.

[CLOSE] OSVDB ID : 60239 - Disclosed: 2002-11-16

Description:

(Description Provided by CVE) : The NBActiveX.ocx ActiveX control in NeoBook 4 allows remote attackers to install and execute arbitrary programs.

[CLOSE] OSVDB ID : 6639 - Disclosed: 2002-11-15

Description:

(Description Provided by CVE) : Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia ColdFusion 6.0 allows remote attackers to execute arbitrary via an HTTP GET request with a long .cfm file name.

[CLOSE] OSVDB ID : 6640 - Disclosed: 2002-11-15

Description:

(Description Provided by CVE) : Heap-based buffer overflow in the error-handling mechanism for the IIS ISAPI handler in Macromedia JRun 4.0 and earlier allows remote attackers to execute arbitrary via an HTTP GET request with a long .jsp file name.

[CLOSE] OSVDB ID : 14521 - Disclosed: 2002-11-15

Description:

(Description Provided by CVE) : Courier sqwebmail before 0.40.0 does not quickly drop privileges after startup in certain cases, which could allow local users to read arbitrary files.

[CLOSE] OSVDB ID : 14202 - Disclosed: 2002-11-14

Description:

(Description Provided by CVE) : Heap-based buffer overflow in Netscape and Mozilla allows remote attackers to execute arbitrary code via a jar: URL that references a malformed .jar file, which overflows a buffer during decompression.

[CLOSE] OSVDB ID : 59524 - Disclosed: 2002-11-14

Description:

(Description Provided by CVE) : Perception LiteServe 2.0 through 2.0.1 allows remote attackers to obtain the source code of CGI scripts via an HTTP request with a trailing dot (".").

[CLOSE] OSVDB ID : 60150 - Disclosed: 2002-11-14

Description:

(Description Provided by CVE) : Buffer overflow in IISPop email server 1.161 and 1.181 allows remote attackers to cause a denial of service (crash) via a long request to the POP3 port (TCP port 110).

[CLOSE] OSVDB ID : 59172 - Disclosed: 2002-11-13

Description:

(Description Provided by CVE) : Directory traversal vulnerability in KeyFocus web server 1.0.8 allows remote attackers to read arbitrary files for recognized MIME type files via "...", "....", ".....", and other multiple dot sequences.

[CLOSE] OSVDB ID : 53016 - Disclosed: 2002-11-13

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 59782 - Disclosed: 2002-11-13

Description:

(Description Provided by CVE) : IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain the path to the web root directory and other sensitive information, which is leaked in an error mesage when a request is made for a non-existent Java Server Page (JSP).

[CLOSE] OSVDB ID : 60174 - Disclosed: 2002-11-13

Description:

(Description Provided by CVE) : Multiple buffer overflows in Cyrus Sieve / libSieve 2.1.2 and earlier allow remote attackers to execute arbitrary code via (1) a long header name, (2) a long IMAP flag, or (3) a script that generates a large number of errors that overflow the resulting error string.

[CLOSE] OSVDB ID : 4299 - Disclosed: 2002-11-13

Description:

phpBB Advanced Quick Reply Mod contains a flaw that allows a remote attacker to include arbitrary files in URI requests. The issue is due to a flaw in the way the "quick_reply.php" script fails to validate input to the "phpbb_root_path" variable. If an attacker supplies an arbitrary file from a remote server, it will be processed by the vulnerable phpBB script.

[CLOSE] OSVDB ID : 41074 - Disclosed: 2002-11-13

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in quick_reply.php for phpBB Advanced Quick Reply Hack 1.0.0 and 1.1.0 allows remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter.

[CLOSE] OSVDB ID : 59841 - Disclosed: 2002-11-13

Description:

(Description Provided by CVE) : Buffer overflow in the httpdProcessRequest function in LibHTTPD 1.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP POST request.

[CLOSE] OSVDB ID : 60121 - Disclosed: 2002-11-13

Description:

(Description Provided by CVE) : Unspecified vulnerability in Internet Group Management Protocol (IGMP) of HP Tru64 4.0F through 5.1A allows remote attackers to cause a denial of service via unknown attack vectors. NOTE: this might be the same issue as CVE-2002-2185, but there are insufficient details to be certain.

[CLOSE] OSVDB ID : 60147 - Disclosed: 2002-11-13

Description:

(Description Provided by CVE) : Unspecified vulnerability in LDAP Module in System Authentication of Open Source Internet Solutions (OSIS) 5.4 running on Tru64 UNIX 4.0G and 4.0F allows remote attackers to gain access to arbitrary files or gain privileges via unknown attack vectors.