[CLOSE] OSVDB ID : 7881 - Disclosed: 2002-11-08

Description:

(Description Provided by CVE) : The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read and modify the contents of the Clipboard via an applet that accesses the (1) ClipBoardGetText and (2) ClipBoardSetText methods of the INativeServices class.

[CLOSE] OSVDB ID : 7882 - Disclosed: 2002-11-08

Description:

(Description Provided by CVE) : The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read arbitrary local files and network shares via an applet tag with a codebase set to a "file://%00" (null character) URL.

[CLOSE] OSVDB ID : 7883 - Disclosed: 2002-11-08

Description:

(Description Provided by CVE) : The Microsoft Java implementation, as used in Internet Explorer, provides a public load0() method for the CabCracker class (com.ms.vm.loader.CabCracker), which allows remote attackers to bypass the security checks that are performed by the load() method.

[CLOSE] OSVDB ID : 7884 - Disclosed: 2002-11-08

Description:

(Description Provided by CVE) : The Microsoft Java implementation, as used in Internet Explorer, can provide HTML object references to applets via Javascript, which allows remote attackers to cause a denial of service (crash due to illegal memory accesses) and possibly conduct other unauthorized activities via an applet that uses those references to access proprietary Microsoft methods.

[CLOSE] OSVDB ID : 7885 - Disclosed: 2002-11-08

Description:

(Description Provided by CVE) : The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to cause a denial of service (crash) and possibly conduct other unauthorized activities via applet tags in HTML that bypass Java class restrictions (such as private constructors) by providing the class name in the code parameter, aka "Incomplete Java Object Instantiation Vulnerability."

[CLOSE] OSVDB ID : 7886 - Disclosed: 2002-11-08

Description:

(Description Provided by CVE) : The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as used in Internet Explorer, allows remote attackers to extend the Standard Security Manager (SSM) class (com.ms.security.StandardSecurityManager) and bypass intended StandardSecurityManager restrictions by modifying the (1) deniedDefinitionPackages or (2) deniedAccessPackages settings, causing a denial of service by adding Java applets to the list of applets that are prevented from running.

[CLOSE] OSVDB ID : 7896 - Disclosed: 2002-11-08

Description:

(Description Provided by CVE) : The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to steal cookies and execute script in a different security context via a URL that contains a colon in the domain portion, which is not properly parsed and loads an applet from a malicious site within the security context of the site that is being visited by the user.

[CLOSE] OSVDB ID : 9902 - Disclosed: 2002-11-08

Description:

PostNuke News Module contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "topic" variable upon submission to the index.php script of the News module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 13412 - Disclosed: 2002-11-08

Description:

(Description Provided by CVE) : Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remote attackers to determine a local user's username via a Java applet that accesses the user.dir system property, aka "User.dir Exposure Vulnerability."

[CLOSE] OSVDB ID : 13418 - Disclosed: 2002-11-08

Description:

(Description Provided by CVE) : Two vulnerabilities in Microsoft Virtual Machine (VM) up to and including build 5.0.3805, as used in Internet Explorer and other applications, allow remote attackers to read files via a Java applet with a spoofed location in the CODEBASE parameter in the APPLET tag, possibly due to a parsing error.

[CLOSE] OSVDB ID : 14439 - Disclosed: 2002-11-08

Description:

(Description Provided by CVE) : Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 allows remote attackers to cause a denial of service and possibly execute arbitrary code.

[CLOSE] OSVDB ID : 14514 - Disclosed: 2002-11-08

Description:

(Description Provided by CVE) : Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote attackers to bypass access restrictions for files via an HTTP request with a sequence of multiple / (slash) characters such as http://www.example.com///file/.

[CLOSE] OSVDB ID : 19947 - Disclosed: 2002-11-08

Description:

Zeus Admin Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the section variable upon submission to the index.fcgi script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 24537 - Disclosed: 2002-11-07

Description:

(Description Provided by CVE) : Unspecified "security vulnerability" in Baby FTP Server versions before November 7, 2002 has unknown impact and attack vectors.

[CLOSE] OSVDB ID : 6948 - Disclosed: 2002-11-07

Description:

(Description Provided by CVE) : Pine 4.44 and earlier allows remote attackers to cause a denial of service (core dump and failed restart) via an email message with a From header that contains a large number of quotation marks (").

[CLOSE] OSVDB ID : 8356 - Disclosed: 2002-11-07

Description:

(Description Provided by CVE) : Buffer overflow in Window Maker (wmaker) 0.80.0 and earlier may allow remote attackers to execute arbitrary code via a certain image file that is not properly handled when Window Maker uses width and height information to allocate a buffer.

[CLOSE] OSVDB ID : 9227 - Disclosed: 2002-11-07

Description:

(Description Provided by CVE) : An incomplete fix for a cross-site scripting (XSS) vulnerability in SquirrelMail 1.2.8 calls the strip_tags function on the PHP_SELF value but does not save the result back to that variable, leaving it open to cross-site scripting attacks.

[CLOSE] OSVDB ID : 59185 - Disclosed: 2002-11-07

Description:

Perception LiteServe contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate encoded hostnames and query string parameters upon submission to the dir script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 59186 - Disclosed: 2002-11-07

Description:

LiteServe contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate URL encoding in general and the 'dir' script allows for the injection of parametrized values. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 60115 - Disclosed: 2002-11-07

Description:

(Description Provided by CVE) : Lotus Domino 5.0.9a and earlier, even when configured with the 'DominoNoBanner=1' option, allows remote attackers to obtain potential sensitive information such as the version via a request for a non-existent .nsf database, which leaks the version in the HTTP banner.

[CLOSE] OSVDB ID : 60116 - Disclosed: 2002-11-07

Description:

(Description Provided by CVE) : ArtsCore Studios CuteCast Forum 1.2 stores passwords in plaintext under the web document root, which allows remote attackers to obtain the passwords via an HTTP request to a .user file.

[CLOSE] OSVDB ID : 62108 - Disclosed: 2002-11-07

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 4792 - Disclosed: 2002-11-06

Description:

(Description Provided by CVE) : The Mail::Mailer Perl module in the perl-MailTools package 1.47 and earlier uses mailx as the default mailer, which allows remote attackers to execute arbitrary commands by inserting them into the mail body, which is then processed by mailx.

[CLOSE] OSVDB ID : 3322 - Disclosed: 2002-11-06

Description:

Apache with mod_php contains a flaw that may allow a malicious user to take control of the HTTP server. The issue is triggered when an attacker is able to execute external programs. It is possible that the flaw may allow hijacking of the HTTP server resulting in a loss of confidentiality, integrity, and/or availability.

[CLOSE] OSVDB ID : 4232 - Disclosed: 2002-11-06

Description:

Apache Cocoon contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the user name variable in the /samples/protected/login module is not verified properly and will allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 9589 - Disclosed: 2002-11-06

Description:

(Description Provided by CVE) : The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 systems, allows local users to cause a denial of service (hang) via the emulation mode, which does not properly clear TF and NT EFLAGs.

[CLOSE] OSVDB ID : 11870 - Disclosed: 2002-11-06

Description:

(Description Provided by CVE) : Maped in LuxMan 0.41 uses the user-provided search path to find and execute the gzip program, which allows local users to modify /dev/mem and gain privileges via a modified PATH environment variable that points to a Trojan horse gzip program.

[CLOSE] OSVDB ID : 60005 - Disclosed: 2002-11-06

Description:

(Description Provided by CVE) : The timer implementation in QNX RTOS 6.1.0 allows local users to cause a denial of service (hang) and possibly execute arbitrary code by creating multiple timers with a 1-ms tick.

[CLOSE] OSVDB ID : 60111 - Disclosed: 2002-11-06

Description:

(Description Provided by CVE) : Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the source code of .JSP files via Unicode encoded character values in a URL.

[CLOSE] OSVDB ID : 60112 - Disclosed: 2002-11-06

Description:

(Description Provided by CVE) : Unknown "file disclosure" vulnerability in Macromedia JRun 3.0, 3.1, and 4.0, related to a log file or jrun.ini, with unknown impact.

[CLOSE] OSVDB ID : 60113 - Disclosed: 2002-11-06

Description:

(Description Provided by CVE) : OpenBSD before 3.2 allows local users to cause a denial of service (kernel crash) via a call to getrlimit(2) with invalid arguments, possibly due to an integer signedness error.

[CLOSE] OSVDB ID : 60105 - Disclosed: 2002-11-06

Description:

(Description Provided by CVE) : Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections while validating user folder access rights, which allows remote attackers to cause a denial of service (no new connections) via a series of MKD commands.

[CLOSE] OSVDB ID : 2183 - Disclosed: 2002-11-05

Description:

Safe.pm contains a flaw that could allow a local or remote attacker execute code outside of Safe.pm's restricted environment called a compartment. If the compartment has been accessed at least once, an attacker could change the the mask of the compartment to access code outside of the compartment.

[CLOSE] OSVDB ID : 6066 - Disclosed: 2002-11-05

Description:

Conectiva linuxconf contains a flaw that may allow a remote attacker to send e-mail without authenticating (ie: "spam"). The problem is that linuxconf utility generates the sendmail configuration file (sendmail.cf) with options that configures sendmail to run as an open mail relay.

[CLOSE] OSVDB ID : 4452 - Disclosed: 2002-11-05

Description:

SnortCenter contains a flaw that may allow a local user to gain access to sensitive configuration information. The issue is due to a flaw in the program's creation of temporary files done with world readable/writeable permissions. A local user can read these files to gain information such as configuration optoins, usernames and passwords.

[CLOSE] OSVDB ID : 4586 - Disclosed: 2002-11-05

Description:

SnortCenter contains a flaw that may allow a local attacker to overwrite arbitrary files. The issue is due to the program creating temporary files with predictable names. If an attacker creates a symlink anticipating the file creation, they may be able to overwrite arbitrary files.

[CLOSE] OSVDB ID : 7997 - Disclosed: 2002-11-05

Description:

A local overflow exists in IBM AIX. The nslookup utility fails to validate input resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code, but not with escalated privileges. Impact is low risk.

[CLOSE] OSVDB ID : 11366 - Disclosed: 2002-11-05

Description:

(Description Provided by CVE) : Unknown vulnerability in Cluster Interconnect for HP TruCluster Server 5.0A, 5.1, and 5.1A may allow local and remote attackers to cause a denial of service.

[CLOSE] OSVDB ID : 11863 - Disclosed: 2002-11-05

Description:

(Description Provided by CVE) : cnd.c in mgetty 1.1.28 and earlier does not properly filter non-printable characters and quotes, which may allow remote attackers to execute arbitrary commands via shell metacharacters in (1) caller ID or (2) caller name strings.

[CLOSE] OSVDB ID : 14552 - Disclosed: 2002-11-05

Description:

(Description Provided by CVE) : Unknown vulnerability in autofs on AIX 4.3.0, when using executable maps, allows attackers to execute arbitrary commands as root, possibly related to "string handling around how the executable map is called."