[CLOSE] OSVDB ID : 44123 - Disclosed: 2002-08-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 14440 - Disclosed: 2002-08-30

Description:

(Description Provided by CVE) : Preboot eXecution Environment (PXE) server allows remote attackers to cause a denial of service (crash) via certain DHCP packets from Voice-Over-IP (VOIP) phones.

[CLOSE] OSVDB ID : 3288 - Disclosed: 2002-08-30

Description:

Abyss Web Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker uses a specially crafted GET request, which will disclose file information outside the server directory resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 8645 - Disclosed: 2002-08-30

Description:

CVSTrac contains a flaw related to ticket titles containing a semi-colon (';') that may allow an attacker to execute arbitrary commands on the system. No further details have been provided.

[CLOSE] OSVDB ID : 10107 - Disclosed: 2002-08-30

Description:

FactoSystem contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'authornumber' parameter in the 'author.asp' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 10108 - Disclosed: 2002-08-30

Description:

FactoSystem contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'discussblurbid' parameter in the 'discuss.asp' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 10109 - Disclosed: 2002-08-30

Description:

FactoSystem contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'name' parameter in the 'holdcomment.asp' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 10110 - Disclosed: 2002-08-30

Description:

FactoSystem contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'email' parameter in the 'holdcomment.asp' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 59764 - Disclosed: 2002-08-30

Description:

(Description Provided by CVE) : Buffer overflow in gdam123 0.933 and 0.942 allows local users to execute arbitrary code via a long filename parameter.

[CLOSE] OSVDB ID : 16404 - Disclosed: 2002-08-29

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 60119 - Disclosed: 2002-08-29

Description:

(Description Provided by CVE) : The default --checksig setting in RPM Package Manager 4.0.4 checks that a package's signature is valid without listing who signed it, which can allow remote attackers to make it appear that a malicious package comes from a trusted source.

[CLOSE] OSVDB ID : 5124 - Disclosed: 2002-08-28

Description:

A Local overflow exists in Microsoft Terminal Services Advanced Client. The ActiveX Control fails to check for long server names resulting in a buffer overflow. With a specially crafted request, an attacker can cause code execution in the context of the user who has the Advanced Client on their system resulting in a loss of confidentiality and integrity.

[CLOSE] OSVDB ID : 43208 - Disclosed: 2002-08-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 8445 - Disclosed: 2002-08-28

Description:

(Description Provided by CVE) : Directory traversal vulnerability in SWServer 2.2 and earlier allows remote attackers to read arbitrary files via a URL containing .. sequences with "/" or "\" characters.

[CLOSE] OSVDB ID : 864 - Disclosed: 2002-08-28

Description:

(Description Provided by CVE) : Unknown vulnerability in the Certificate Enrollment ActiveX Control in Microsoft Windows 98, Windows 98 Second Edition, Windows Millennium, Windows NT 4.0, Windows 2000, and Windows XP allow remote attackers to delete digital certificates on a user's system via HTML.

[CLOSE] OSVDB ID : 6067 - Disclosed: 2002-08-28

Description:

linuxconf contains a flaw that may allow a malicious user to gain root privileges. The issue is triggered when passing 964 or more bytes of data to the LINUXCONF_LANG environmental variable overflowing a buffer. It is possible that the flaw may allow arbitrary command execution resulting in a loss of confidentiality and integrity.

[CLOSE] OSVDB ID : 8644 - Disclosed: 2002-08-28

Description:

CVSTrac contains a flaw related to invalid tickets that may allow an attacker to cause the application to crash. No further details have been provided.

[CLOSE] OSVDB ID : 9638 - Disclosed: 2002-08-28

Description:

Multiple buffer overflows exists in HP-UX. The LP subsystem is vulnerable to several unspecified overflows. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 11829 - Disclosed: 2002-08-28

Description:

(Description Provided by CVE) : Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add (also incorrectly identified as path_addr) for PostgreSQL 7.2.3 and earlier allow attackers to cause a denial of service and possibly execute arbitrary code, possibly as a result of an integer overflow.

[CLOSE] OSVDB ID : 11830 - Disclosed: 2002-08-28

Description:

(Description Provided by CVE) : Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add (also incorrectly identified as path_addr) for PostgreSQL 7.2.3 and earlier allow attackers to cause a denial of service and possibly execute arbitrary code, possibly as a result of an integer overflow.

[CLOSE] OSVDB ID : 11831 - Disclosed: 2002-08-28

Description:

(Description Provided by CVE) : Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add (also incorrectly identified as path_addr) for PostgreSQL 7.2.3 and earlier allow attackers to cause a denial of service and possibly execute arbitrary code, possibly as a result of an integer overflow.

[CLOSE] OSVDB ID : 14496 - Disclosed: 2002-08-28

Description:

(Description Provided by CVE) : os._execvpe from os.py in Python 2.2.1 and earlier creates temporary files with predictable names, which could allow local users to execute arbitrary code via a symlink attack.

[CLOSE] OSVDB ID : 59833 - Disclosed: 2002-08-28

Description:

ZMailer is prone to a remote buffer overflow condition, when using IPv6. The issue is triggerd by sending an overly long HELO command. With a specially crafted request, a remote attacker can gain access to the server or crash the server.

[CLOSE] OSVDB ID : 60117 - Disclosed: 2002-08-28

Description:

(Description Provided by CVE) : The default aide.conf file in Advanced Intrusion Detection Environment (AIDE) before 0.7_1 on FreeBSD before 2002-08-28 does not properly check subdirectories, which could allow local users to bypass detection.

[CLOSE] OSVDB ID : 60118 - Disclosed: 2002-08-28

Description:

(Description Provided by CVE) : The Printer Administration module for Webmin 0.990 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the printer name.

[CLOSE] OSVDB ID : 60126 - Disclosed: 2002-08-28

Description:

(Description Provided by CVE) : isakmpd/message.c in isakmpd in FreeBSD before isakmpd-20020403_1, and in OpenBSD 3.1, allows remote attackers to cause a denial of service (crash) by sending Internet Key Exchange (IKE) payloads out of sequence.

[CLOSE] OSVDB ID : 60228 - Disclosed: 2002-08-28

Description:

(Description Provided by CVE) : The RPC module in Webmin 0.21 through 0.99, when installed without root or admin privileges, allows remote attackers to read and write to arbitrary files and execute arbitrary commands via remote_foreign_require and remote_foreign_call requests.

[CLOSE] OSVDB ID : 60231 - Disclosed: 2002-08-28

Description:

(Description Provided by CVE) : VJE.VJE-RUN in HP-UX 11.00 adds bin to /etc/PATH, which could allow local users to gain privileges.

[CLOSE] OSVDB ID : 23655 - Disclosed: 2002-08-27

Description:

(Description Provided by CVE) : Signed integer overflow in the bttv_read function in the bttv driver (bttv-driver.c) in Linux kernel before 2.4.20 has unknown impact and attack vectors.

[CLOSE] OSVDB ID : 57277 - Disclosed: 2002-08-27

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 5033 - Disclosed: 2002-08-27

Description:

Gaim contains a flaw that may allow a malicious user to induce a Gaim client to process shell metacharacters. The issue is triggered when the 'Manual' browser command fails to validate user suplied input. It is possible that the flaw may allow remote command execution on the client system, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 5044 - Disclosed: 2002-08-27

Description:

SCO OpenUnix and UnixWare contain a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when SCO Xserver (Xsco) fails to properly drop privileges when invoking external commands. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 8643 - Disclosed: 2002-08-27

Description:

CVSTrac contains a flaw related to the chdir() function that may allow an attacker to escape the chroot jail. No further details have been provided.

[CLOSE] OSVDB ID : 59481 - Disclosed: 2002-08-27

Description:

(Description Provided by CVE) : The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify package signatures which could allow remote attackers to install trojan programs via DNS spoofing.

[CLOSE] OSVDB ID : 23656 - Disclosed: 2002-08-26

Description:

(Description Provided by CVE) : Unspecified vulnerability in the pcilynx ieee1394 firewire driver (pcilynx.c) in Linux kernel before 2.4.20 has unknown impact and attack vectors, related to "wrap handling."

[CLOSE] OSVDB ID : 16403 - Disclosed: 2002-08-26

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 4627 - Disclosed: 2002-08-26

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 10733 - Disclosed: 2002-08-26

Description:

(Description Provided by CVE) : Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure."

[CLOSE] OSVDB ID : 10734 - Disclosed: 2002-08-26

Description:

(Description Provided by CVE) : Microsoft Word and Excel allow remote attackers to steal sensitive information via certain field codes that insert the information when the document is returned to the attacker, as demonstrated in Word using (1) INCLUDETEXT or (2) INCLUDEPICTURE, aka "Flaw in Word Fields and Excel External Updates Could Lead to Information Disclosure."

[CLOSE] OSVDB ID : 59761 - Disclosed: 2002-08-26

Description:

(Description Provided by CVE) : Belkin F5D6130 Wireless Network Access Point running firmware AP14G8 allows remote attackers to cause a denial of service (connection loss) by sending several SNMP GetNextRequest requests.