[CLOSE] OSVDB ID : 4974 - Disclosed: 2002-11-22

Description:

ImageFolio contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user input upon submission to the "nph-build.cgi" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 90033 - Disclosed: 2002-11-22

Description:

Libxml2 contains a flaw in the xmlNewGlobalState function in threads.c that may allow a denial of service. The issue is due to an unspecified initialization error, which may allow a context-dependent attacker to crash the program.

[CLOSE] OSVDB ID : 15411 - Disclosed: 2002-11-22

Description:

(Description Provided by CVE) : Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a back door telnet server that was intended for development but not removed before distribution, which allows remote attackers to gain administrative privileges.

[CLOSE] OSVDB ID : 4605 - Disclosed: 2002-11-22

Description:

(Description Provided by CVE) : Rational ClearCase 4.1, 2002.05, and possibly other versions allows remote attackers to cause a denial of service (crash) via certain packets to port 371, e.g. via nmap.

[CLOSE] OSVDB ID : 59170 - Disclosed: 2002-11-21

Description:

(Description Provided by CVE) : Directory traversal vulnerability in Zeroo web server 1.5 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL GET request.

[CLOSE] OSVDB ID : 2969 - Disclosed: 2002-11-21

Description:

Microsoft Virtual Machine (VM) may allow remote attackers to bypass security checks and execute arbitrary code. This flaw is due to the ByteCode Verifier component and the fact it does not check for the presence of certain malicious code when a Java applet is loaded. This can be exploited by placing the macicious code in an HTML document and luring a vulnerable machine to load it via Internet Explorer or a mail reader.

[CLOSE] OSVDB ID : 3280 - Disclosed: 2002-11-21

Description:

vBulletin contains a flaw that allows a remote Cross Site Scripting attack. This flaw exists because the application does not validate URI parameters upon submission to the memberlist.php script. This could allow a user to send a specially crafted request that would execute arbitrary code on the server leading to a loss of integrity.

[CLOSE] OSVDB ID : 4725 - Disclosed: 2002-11-21

Description:

(Description Provided by CVE) : Symantec Java! JIT (Just-In-Time) Compiler for Netscape Communicator 4.0 through 4.8 allows remote attackers to execute arbitrary Java commands via an applet that uses a jump call, which is not correctly compiled by the JIT compiler.

[CLOSE] OSVDB ID : 13417 - Disclosed: 2002-11-21

Description:

Microsoft Java Virtual Machine allows untrusted Java applets to access COM (Component Object Model) objects. An attack may be able to compromise a vulnerable system by including a malicious Java applet that will execute arbitrary code via COM. Normally only trusted Java applets should be able to access COM objects.

[CLOSE] OSVDB ID : 60353 - Disclosed: 2002-11-21

Description:

(Description Provided by CVE) : Netscape Communicator 4.0 through 4.79 allows remote attackers to bypass JVM security and execute arbitrary Java code via an applet that loads user-supplied Java classes.

[CLOSE] OSVDB ID : 4347 - Disclosed: 2002-11-20

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 4348 - Disclosed: 2002-11-20

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 4349 - Disclosed: 2002-11-20

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 4350 - Disclosed: 2002-11-20

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 14502 - Disclosed: 2002-11-20

Description:

(Description Provided by CVE) : Heap-based buffer overflow in the Remote Data Services (RDS) component of Microsoft Data Access Components (MDAC) 2.1 through 2.6, and Internet Explorer 5.01 through 6.0, allows remote attackers to execute code via a malformed HTTP request to the Data Stub.

[CLOSE] OSVDB ID : 7844 - Disclosed: 2002-11-20

Description:

(Description Provided by CVE) : Internet Explorer 5.01 through 6.0 allows remote attackers to identify the path to the Temporary Internet Files folder and obtain user information such as cookies via certain uses of the OBJECT tag, which are not subjected to the proper security checks, aka "Temporary Internet Files folders Name Reading."

[CLOSE] OSVDB ID : 7846 - Disclosed: 2002-11-20

Description:

(Description Provided by CVE) : Internet Explorer 5.01 through 6.0 does not properly check certain parameters of a PNG file when opening it, which allows remote attackers to cause a denial of service (crash) by triggering a heap-based buffer overflow using invalid length codes during decompression, aka "Malformed PNG Image File Failure."

[CLOSE] OSVDB ID : 14525 - Disclosed: 2002-11-20

Description:

(Description Provided by CVE) : Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an encrypted password that causes the overflow during decryption in which a DOS codepage string is converted to a little-endian UCS2 unicode string.

[CLOSE] OSVDB ID : 20754 - Disclosed: 2002-11-20

Description:

NetBSD contains a flaw that may allow a malicious attacker to corrupt state tables in intermediate firewall devices via the STAT command in ftpd. The issue is triggered when a filename that contains "\n[0-9]" is specified. It is possible that the flaw may result in a loss of integrity and/or availability.

[CLOSE] OSVDB ID : 35876 - Disclosed: 2002-11-20

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 35877 - Disclosed: 2002-11-20

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 60069 - Disclosed: 2002-11-20

Description:

(Description Provided by CVE) : Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not delete the duplicate ISAKMP SAs for a user's VPN session, which allows local users to hijack a session via a man-in-the-middle attack.

[CLOSE] OSVDB ID : 60070 - Disclosed: 2002-11-20

Description:

(Description Provided by CVE) : Buffer overflow in Cisco PIX Firewall 5.2.x to 5.2.8, 6.0.x to 6.0.3, 6.1.x to 6.1.3, and 6.2.x to 6.2.1 allows remote attackers to cause a denial of service via HTTP traffic authentication using (1) TACACS+ or (2) RADIUS.

[CLOSE] OSVDB ID : 60223 - Disclosed: 2002-11-20

Description:

(Description Provided by CVE) : syslogd on OpenBSD 2.9 through 3.2 does not change the source IP address of syslog packets when the machine's IP addressed is changed without rebooting, e.g. via ifconfig, which can cause incorrect information to be sent to the syslog server.

[CLOSE] OSVDB ID : 60253 - Disclosed: 2002-11-20

Description:

(Description Provided by CVE) : Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properly handle when accepting a non-global certificate authority (CA) certificate from a site and establishing a subsequent HTTPS connection, which allows remote attackers to cause a denial of service (crash).

[CLOSE] OSVDB ID : 60280 - Disclosed: 2002-11-20

Description:

(Description Provided by CVE) : Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote authenticated users to cause a denial of service in the management interface via a stream of zero (null) bytes sent via UDP to a running service.

[CLOSE] OSVDB ID : 4351 - Disclosed: 2002-11-19

Description:

(Description Provided by CVE) : Netscape Communicator 4.x allows attackers to use a link to steal a user's preferences, including potentially sensitive information such as URL history, e-mail address, and possibly the e-mail password, by redefining the user_pref() function and accessing the prefs.js file, which is stored in a directory with a predictable name.

[CLOSE] OSVDB ID : 14523 - Disclosed: 2002-11-19

Description:

(Description Provided by CVE) : importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows the web administrator to execute arbitrary commands via shell metacharacters in the dir parameter, and possibly allows remote attackers to exploit this vulnerability via a separate XSS issue (CVE-2002-1315).

[CLOSE] OSVDB ID : 45903 - Disclosed: 2002-11-19

Description:

A buffer overflow exists in Tftpd32. tftpd fails to validate filename arguments resulting in a stack overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 7101 - Disclosed: 2002-11-19

Description:

(Description Provided by CVE) : openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive information in error messages and generates different responses whether a user exists or not, which allows remote attackers to identify valid usernames via brute force attacks and obtain certain configuration and version information.

[CLOSE] OSVDB ID : 9220 - Disclosed: 2002-11-19

Description:

Sun Microsystems Sun ONE/iPlanet Web Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the messages in the error log when viewed using the iPlanet Admin Console. This could allow a user to create a specially crafted error message that would execute arbitrary code on the iPlanet server at the privilege level of the administrator, leading to a loss of integrity.

[CLOSE] OSVDB ID : 14524 - Disclosed: 2002-11-19

Description:

(Description Provided by CVE) : importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, allows the web administrator to execute arbitrary commands via shell metacharacters in the dir parameter, and possibly allows remote attackers to exploit this vulnerability via a separate XSS issue (CVE-2002-1315).

[CLOSE] OSVDB ID : 31840 - Disclosed: 2002-11-19

Description:

(Description Provided by CVE) : The DNS resolver in unspecified versions of Fujitsu UXP/V, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.

[CLOSE] OSVDB ID : 31843 - Disclosed: 2002-11-19

Description:

(Description Provided by CVE) : The DNS resolver in unspecified versions of Infoblox DNS One, when resolving recursive DNS queries for arbitrary hosts, allows remote attackers to conduct DNS cache poisoning via a birthday attack that uses a large number of open queries for the same resource record (RR) combined with spoofed responses, which increases the possibility of successfully spoofing a response in a way that is more efficient than brute force methods.

[CLOSE] OSVDB ID : 60250 - Disclosed: 2002-11-19

Description:

(Description Provided by CVE) : Certain patches for QNX Neutrino realtime operating system (RTOS) 6.2.0 set insecure permissions for the files (1) /sbin/io-audio by OS Update Patch A, (2) /bin/shutdown, (3) /sbin/fs-pkg, and (4) phshutdown by QNX experimental patches, (5) cpim, (6) vpim, (7) phrelaycfg, and (8) columns, (9) othello, (10) peg, (11) solitaire, and (12) vpoker in the games pack 2.0.3, which allows local users to gain privileges by modifying the files before permissions are changed.

[CLOSE] OSVDB ID : 60278 - Disclosed: 2002-11-19

Description:

(Description Provided by CVE) : Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 and 6.2.0 allows attackers to read user clipboard information via a direct request to the 1.TEXT file in a directory whose name is a hex-encoded user ID.

[CLOSE] OSVDB ID : 60251 - Disclosed: 2002-11-19

Description:

(Description Provided by CVE) : Certain patches for QNX Neutrino realtime operating system (RTOS) 6.2.0 set insecure permissions for the files (1) /sbin/io-audio by OS Update Patch A, (2) /bin/shutdown, (3) /sbin/fs-pkg, and (4) phshutdown by QNX experimental patches, (5) cpim, (6) vpim, (7) phrelaycfg, and (8) columns, (9) othello, (10) peg, (11) solitaire, and (12) vpoker in the games pack 2.0.3, which allows local users to gain privileges by modifying the files before permissions are changed.

[CLOSE] OSVDB ID : 60252 - Disclosed: 2002-11-19

Description:

(Description Provided by CVE) : Certain patches for QNX Neutrino realtime operating system (RTOS) 6.2.0 set insecure permissions for the files (1) /sbin/io-audio by OS Update Patch A, (2) /bin/shutdown, (3) /sbin/fs-pkg, and (4) phshutdown by QNX experimental patches, (5) cpim, (6) vpim, (7) phrelaycfg, and (8) columns, (9) othello, (10) peg, (11) solitaire, and (12) vpoker in the games pack 2.0.3, which allows local users to gain privileges by modifying the files before permissions are changed.

[CLOSE] OSVDB ID : 16011 - Disclosed: 2002-11-18

Description:

(Description Provided by CVE) : dhcpcd DHCP client daemon 1.3.22 and earlier allows local users to execute arbitrary code via shell metacharacters that are fed from a dhcpd .info script into a .exe script.

[CLOSE] OSVDB ID : 16408 - Disclosed: 2002-11-18

Description:

Unknown / Incomplete