Sax2 Network Intrusion Detection System

A professional intrusion detection and protection system (NIDS) which excels at real-time packet capture, 24/7 network monitor, advanced protocol analysis and automatic expert detection.  

Name: CVE-2001-0001

Description:
cookiedecode function in PHP-Nuke 4.4 allows users to bypass authentication and gain access to other user accounts by extracting the authentication information from a cookie. Status: Entry
Reference: BUGTRAQ:20010213 RFP2101: RFPlutonium to fuel your PHP-Nuke
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0257.html
Reference: XF:php-nuke-elevate-privileges(6183)
Reference: URL:http://xforce.iss.net/static/6183.php

Description:
Internet Explorer 5.5 and earlier allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs. Status: Entry
Reference: MS:MS01-015
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-015.asp
Reference: BUGTRAQ:20001120 IE 5.x/Outlook allows executing arbitrary programs using .chm files and temporary internet files folder
Reference: MISC:http://www.guninski.com/chmtempmain.html
Reference: BID:2456
Reference: URL:http://www.securityfocus.com/bid/2456
Reference: OSVDB:7823
Reference: URL:http://www.osvdb.org/7823
Reference: OVAL:oval:org.mitre.oval:def:920
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:920
Reference: XF:ie-chm-execute-files(5567)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5567

Description:
Web Extender Client (WEC) in Microsoft Office 2000, Windows 2000, and Windows Me does not properly process Internet Explorer security settings for NTLM authentication, which allows attackers to obtain NTLM credentials and possibly obtain the password, aka the "Web Client NTLM Authentication" vulnerability. Status: Entry
Reference: MS:MS01-001
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-001.asp
Reference: XF:wec-ntlm-authentication
Reference: URL:http://xforce.iss.net/static/5920.php
Reference: BID:2199
Reference: URL:http://www.securityfocus.com/bid/2199

Description:
IIS 5.0 and 4.0 allows remote attackers to read the source code for executable web server programs by appending "%3F+.htr" to the requested URL, which causes the files to be parsed by the .HTR ISAPI extension, aka a variant of the "File Fragment Reading via .HTR" vulnerability. Status: Entry
Reference: BUGTRAQ:20010108 IIS 5.0 allows viewing files using %3F+.htr
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97897954625305&w=2
Reference: MS:MS01-004
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-004.asp
Reference: BID:2313
Reference: URL:http://www.securityfocus.com/bid/2313
Reference: XF:iis-read-files(5903)
Reference: URL:http://xforce.iss.net/static/5903.php

Description:
Buffer overflow in the parsing mechanism of the file loader in Microsoft PowerPoint 2000 allows attackers to execute arbitrary commands. Status: Entry
Reference: ATSTAKE:A012301-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a012301-1.txt
Reference: MS:MS01-002
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-002.asp
Reference: XF:powerpoint-execute-code(5996)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5996

Description:
The Winsock2ProtocolCatalogMutex mutex in Windows NT 4.0 has inappropriate Everyone/Full Control permissions, which allows local users to modify the permissions to "No Access" and disable Winsock network connectivity to cause a denial of service, aka the "Winsock Mutex" vulnerability. Status: Entry
Reference: BUGTRAQ:20010126 ntsecurity.nu advisory: Winsock Mutex Vulnerability in Windows NT 4.0 SP6 and below
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98075221915234&w=2
Reference: MS:MS01-003
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-003.asp
Reference: XF:winnt-mutex-dos(6006)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6006

Description:
Buffer overflow in NetScreen Firewall WebUI allows remote attackers to cause a denial of service via a long URL request to the web administration interface. Status: Entry
Reference: BUGTRAQ:20010109 NSFOCUS SA2001-01: NetScreen Firewall WebUI Buffer Overflow vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/155149
Reference: BID:2176
Reference: URL:http://www.securityfocus.com/bid/2176
Reference: XF:netscreen-webui-bo(5908)
Reference: URL:http://xforce.iss.net/static/5908.php
Reference: OSVDB:1707
Reference: URL:http://www.osvdb.org/1707

Description:
Backdoor account in Interbase database server allows remote attackers to overwrite arbitrary files using stored procedures. Status: Entry
Reference: CERT:CA-2001-01
Reference: URL:http://www.cert.org/advisories/CA-2001-01.html
Reference: BID:2192
Reference: URL:http://www.securityfocus.com/bid/2192
Reference: XF:interbase-backdoor-account(5911)
Reference: URL:http://xforce.iss.net/static/5911.php

Description:
Directory traversal vulnerability in Lotus Domino 5.0.5 web server allows remote attackers to read arbitrary files via a .. attack. Status: Entry
Reference: BUGTRAQ:20010105 Lotus Domino 5.0.5 Web Server vulnerability - reading files outside the web root
Reference: URL:http://www.securityfocus.com/archive/1/154537
Reference: BUGTRAQ:20010109 bugtraq id 2173 Lotus Domino Server
Reference: URL:http://www.securityfocus.com/archive/1/155124
Reference: BID:2173
Reference: URL:http://www.securityfocus.com/bid/2173
Reference: XF:lotus-domino-directory-traversal(5899)
Reference: URL:http://xforce.iss.net/static/5899.php
Reference: OSVDB:1703
Reference: URL:http://www.osvdb.org/1703

Description:
Buffer overflow in transaction signature (TSIG) handling code in BIND 8 allows remote attackers to gain root privileges. Status: Entry
Reference: NAI:20010129 Vulnerabilities in BIND 4 and 8
Reference: URL:http://www.nai.com/research/covert/advisories/047.asp
Reference: CERT:CA-2001-02
Reference: URL:http://www.cert.org/advisories/CA-2001-02.html
Reference: IBM:ERS-SVA-E01-2001:002.1
Reference: DEBIAN:DSA-026
Reference: URL:http://www.debian.org/security/2001/dsa-026
Reference: MANDRAKE:MDKSA-2001-017
Reference: REDHAT:RHSA-2001:007
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-007.html
Reference: CONECTIVA:000377
Reference: FREEBSD:FreeBSD-SA-01:18
Reference: XF:bind-tsig-bo
Reference: BID:2302
Reference: URL:http://www.securityfocus.com/bid/2302

Description:
Buffer overflow in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges. Status: Entry
Reference: NAI:20010129 Vulnerabilities in BIND 4 and 8
Reference: URL:http://www.nai.com/research/covert/advisories/047.asp
Reference: CERT:CA-2001-02
Reference: URL:http://www.cert.org/advisories/CA-2001-02.html
Reference: IBM:ERS-SVA-E01-2001:002.1
Reference: MANDRAKE:MDKSA-2001-017
Reference: REDHAT:RHSA-2001:007
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-007.html
Reference: CONECTIVA:000377
Reference: FREEBSD:FreeBSD-SA-01:18
Reference: XF:bind-complain-bo
Reference: BID:2307
Reference: URL:http://www.securityfocus.com/bid/2307

Description:
BIND 4 and BIND 8 allow remote attackers to access sensitive information such as environment variables. Status: Entry
Reference: NAI:20010129 Vulnerabilities in BIND 4 and 8
Reference: URL:http://www.nai.com/research/covert/advisories/047.asp
Reference: CERT:CA-2001-02
Reference: URL:http://www.cert.org/advisories/CA-2001-02.html
Reference: DEBIAN:DSA-026
Reference: URL:http://www.debian.org/security/2001/dsa-026
Reference: IBM:ERS-SVA-E01-2001:002.1
Reference: MANDRAKE:MDKSA-2001-017
Reference: REDHAT:RHSA-2001:007
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-007.html
Reference: CONECTIVA:000377
Reference: FREEBSD:FreeBSD-SA-01:18
Reference: XF:bind-inverse-query-disclosure
Reference: BID:2321
Reference: URL:http://www.securityfocus.com/bid/2321

Description:
Format string vulnerability in nslookupComplain function in BIND 4 allows remote attackers to gain root privileges. Status: Entry
Reference: NAI:20010129 Vulnerabilities in BIND 4 and 8
Reference: URL:http://www.nai.com/research/covert/advisories/047.asp
Reference: CERT:CA-2001-02
Reference: URL:http://www.cert.org/advisories/CA-2001-02.html
Reference: IBM:ERS-SVA-E01-2001:002.1
Reference: MANDRAKE:MDKSA-2001-017
Reference: REDHAT:RHSA-2001:007
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-007.html
Reference: CONECTIVA:000377
Reference: FREEBSD:FreeBSD-SA-01:18
Reference: XF:bind-complain-format-string
Reference: BID:2309
Reference: URL:http://www.securityfocus.com/bid/2309

Description:
Remote Data Protocol (RDP) in Windows 2000 Terminal Service does not properly handle certain malformed packets, which allows remote attackers to cause a denial of service, aka the "Invalid RDP Data" vulnerability. Status: Entry
Reference: MS:MS01-006
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-006.asp
Reference: XF:win2k-rdp-dos
Reference: BID:2326
Reference: URL:http://www.securityfocus.com/bid/2326

Description:
Network Dynamic Data Exchange (DDE) in Windows 2000 allows local users to gain SYSTEM privileges via a "WM_COPYDATA" message to an invisible window that is running with the privileges of the WINLOGON process. Status: Entry
Reference: ATSTAKE:A020501-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a020501-1.txt
Reference: MS:MS01-007
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-007.asp
Reference: BID:2341
Reference: URL:http://www.securityfocus.com/bid/2341
Reference: XF:win-dde-elevate-privileges(6062)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6062

Description:
NTLM Security Support Provider (NTLMSSP) service does not properly check the function number in an LPC request, which could allow local users to gain administrator level access. Status: Entry
Reference: BINDVIEW:20010207 Local promotion vulnerability in NT4's NTLM Security Support Provider
Reference: URL:http://razor.bindview.com/publish/advisories/adv_NTLMSSP.html
Reference: MS:MS01-008
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-008.asp
Reference: BID:2348
Reference: URL:http://www.securityfocus.com/bid/2348
Reference: XF:ntlm-ssp-elevate-privileges(6076)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6076

Description:
Memory leak in PPTP server in Windows NT 4.0 allows remote attackers to cause a denial of service via a malformed data packet, aka the "Malformed PPTP Packet Stream" vulnerability. Status: Entry
Reference: MS:MS01-009
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-009.asp
Reference: BID:2368
Reference: URL:http://www.securityfocus.com/bid/2368
Reference: XF:winnt-pptp-dos(6103)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6103

Description:
Windows 2000 domain controller in Windows 2000 Server, Advanced Server, or Datacenter Server allows remote attackers to cause a denial of service via a flood of malformed service requests. Status: Entry
Reference: VULN-DEV:20001202 UDP Ping-pong in Win2k
Reference: URL:http://online.securityfocus.com/archive/82/148411
Reference: MS:MS01-011
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-011.asp
Reference: XF:win2k-domain-controller-dos(6136)
Reference: URL:http://xforce.iss.net/static/6136.php
Reference: CIAC:L-049
Reference: URL:http://www.ciac.org/ciac/bulletins/l-049.shtml

Description:
Directory traversal vulnerability in Arrowpoint (aka Cisco Content Services, or CSS) allows local unprivileged users to read arbitrary files via a .. (dot dot) attack. Status: Entry
Reference: ATSTAKE:A013101-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a013101-1.txt
Reference: CISCO:20010131 Cisco Content Services Switch Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/arrowpoint-cli-filesystem-pub.shtml
Reference: XF:cisco-ccs-file-access(6031)
Reference: URL:http://xforce.iss.net/static/6031.php
Reference: BID:2331
Reference: URL:http://www.securityfocus.com/bid/2331
Reference: OSVDB:1757
Reference: URL:http://www.osvdb.org/1757

Description:
MailMan Webmail 3.0.25 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the alternate_template parameter. Status: Entry
Reference: BUGTRAQ:20001206 (SRADV00005) Remote command execution vulnerabilities in MailMan Webmail
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0057.html
Reference: CONFIRM:http://www.endymion.com/products/mailman/history.htm
Reference: BID:2063
Reference: URL:http://www.securityfocus.com/bid/2063
Reference: XF:mailman-alternate-templates
Reference: URL:http://xforce.iss.net/static/5649.php

Description:
rp-pppoe PPPoE client allows remote attackers to cause a denial of service via the Clamp MSS option and a TCP packet with a zero-length TCP option. Status: Entry
Reference: BUGTRAQ:20001211 DoS vulnerability in rp-pppoe versions <= 2.4
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0134.html
Reference: CONECTIVA:CLA-2000:357
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000357
Reference: MANDRAKE:MDKSA-2000:084
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-084.php3
Reference: REDHAT:RHSA-2000:130
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-130.html
Reference: BID:2098
Reference: URL:http://www.securityfocus.com/bid/2098
Reference: XF:rppppoe-zero-length-dos
Reference: URL:http://xforce.iss.net/static/5727.php

Description:
Buffer overflow in the HTML parsing code in oops WWW proxy server 1.5.2 and earlier allows remote attackers to execute arbitrary commands via a large number of " (quotation) characters. Status: Entry
Reference: BUGTRAQ:20001211 [pkc] remote heap buffer overflow in oops
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0127.html
Reference: FREEBSD:FreeBSD-SA-00:79
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2000-12/0418.html
Reference: BID:2099
Reference: URL:http://www.securityfocus.com/bid/2099
Reference: XF:oops-ftputils-bo
Reference: URL:http://xforce.iss.net/static/5725.php

Description:
KTH Kerberos IV allows local users to change the configuration of a Kerberos server running at an elevated privilege by specifying an alternate directory using with the KRBCONFDIR environmental variable, which allows the user to gain additional privileges. Status: Entry
Reference: BUGTRAQ:20001208 Vulnerabilities in KTH Kerberos IV
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html
Reference: BUGTRAQ:20001210 KTH upgrade and FIX
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html
Reference: XF:kerberos4-user-config
Reference: URL:http://xforce.iss.net/static/5738.php

Description:
KTH Kerberos IV allows local users to specify an alternate proxy using the krb4_proxy variable, which allows the user to generate false proxy responses and possibly gain privileges. Status: Entry
Reference: BUGTRAQ:20001208 Vulnerabilities in KTH Kerberos IV
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html
Reference: BUGTRAQ:20001210 KTH upgrade and FIX
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html
Reference: XF:kerberos4-arbitrary-proxy
Reference: URL:http://xforce.iss.net/static/5733.php

Description:
Buffer overflow in the kdc_reply_cipher function in KTH Kerberos IV allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long authentication request. Status: Entry
Reference: BUGTRAQ:20001208 Vulnerabilities in KTH Kerberos IV
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html
Reference: BUGTRAQ:20001210 KTH upgrade and FIX
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html
Reference: BUGTRAQ:20010130 Buffer overflow in old ssh-1.2.2x-afs-kerberosv4 patches
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0511.html
Reference: XF:kerberos4-auth-packet-overflow
Reference: URL:http://xforce.iss.net/static/5734.php

Description:
KTH Kerberos IV allows local users to overwrite arbitrary files via a symlink attack on a ticket file. Status: Entry
Reference: BUGTRAQ:20001208 Vulnerabilities in KTH Kerberos IV
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0093.html
Reference: BUGTRAQ:20001210 KTH upgrade and FIX
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0105.html
Reference: REDHAT:RHSA-2001:025
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-025.html
Reference: XF:kerberos4-tmpfile-dos
Reference: URL:http://xforce.iss.net/static/5754.php

Description:
IPSwitch IMail 6.0.5 allows remote attackers to cause a denial of service using the SMTP AUTH command by sending a base64-encoded user password whose length is between 80 and 136 bytes. Status: Entry
Reference: BUGTRAQ:20001206 DoS by SMTP AUTH command in IPSwitch IMail server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0071.html
Reference: BID:2083
Reference: URL:http://www.securityfocus.com/bid/2083
Reference: CONFIRM:http://www.ipswitch.com/Support/IMail/news.html
Reference: XF:imail-smtp-auth-dos
Reference: URL:http://xforce.iss.net/static/5674.php

Description:
APC UPS daemon, apcupsd, saves its process ID in a world-writable file, which allows local users to kill an arbitrary process by specifying the target process ID in the apcupsd.pid file. Status: Entry
Reference: BUGTRAQ:20001206 apcupsd 3.7.2 Denial of Service
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0066.html
Reference: MANDRAKE:MDKSA-2000:077
Reference: URL:http://www.linux-mandrake.com/en/security/MDKSA-2000-077.php3
Reference: BID:2070
Reference: URL:http://www.securityfocus.com/bid/2070
Reference: XF:apc-apcupsd-dos
Reference: URL:http://xforce.iss.net/static/5654.php

Description:
Memory leak in Cisco Catalyst 4000, 5000, and 6000 series switches allows remote attackers to cause a denial of service via a series of failed telnet authentication attempts. Status: Entry
Reference: CISCO:20001206 Cisco Catalyst Memory Leak Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/catalyst-memleak-pub.shtml
Reference: BID:2072
Reference: URL:http://www.securityfocus.com/bid/2072
Reference: XF:cisco-catalyst-telnet-dos
Reference: URL:http://xforce.iss.net/static/5656.php
Reference: OSVDB:801
Reference: URL:http://www.osvdb.org/801

Description:
PHP 3.x (PHP3) on Apache 1.3.6 allows remote attackers to read arbitrary files via a modified .. (dot dot) attack containing "%5c" (encoded backslash) sequences. Status: Entry
Reference: BUGTRAQ:20001206 CHINANSL Security Advisory(CSA-200011)
Reference: URL:http://www.securityfocus.com/archive/1/149210
Reference: BID:2060
Reference: URL:http://www.securityfocus.com/bid/2060
Reference: XF:apache-php-disclose-files
Reference: URL:http://xforce.iss.net/static/5659.php

Description:
phpGroupWare before 0.9.7 allows remote attackers to execute arbitrary PHP commands by specifying a malicious include file in the phpgw_info parameter of the phpgw.inc.php program. Status: Entry
Reference: BUGTRAQ:20001206 (SRADV00006) Remote command execution vulnerabilities in phpGroupWare
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0053.html
Reference: MISC:http://sourceforge.net/project/shownotes.php?release_id=17604
Reference: BID:2069
Reference: URL:http://www.securityfocus.com/bid/2069
Reference: XF:phpgroupware-include-files
Reference: URL:http://xforce.iss.net/static/5650.php
Reference: OSVDB:1682
Reference: URL:http://www.osvdb.org/1682

Description:
Buffer overflow in BitchX IRC client allows remote attackers to cause a denial of service and possibly execute arbitrary commands via an IP address that resolves to a long DNS hostname or domain name. Status: Entry
Reference: BUGTRAQ:20001207 BitchX DNS Overflow Patch
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0081.html
Reference: BUGTRAQ:20001207 bitchx/ircd DNS overflow demonstration
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0086.html
Reference: REDHAT:RHSA-2000:126
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-126.html
Reference: MANDRAKE:MDKSA-2000:079
Reference: URL:http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-079.php3
Reference: FREEBSD:FreeBSD-SA-00:78
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:78.bitchx.v1.1.asc
Reference: CONECTIVA:CLA-2000:364
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000364
Reference: BID:2087
Reference: URL:http://www.securityfocus.com/bid/2087
Reference: XF:irc-bitchx-dns-bo
Reference: URL:http://xforce.iss.net/static/5701.php

Description:
One-byte buffer overflow in replydirname function in BSD-based ftpd allows remote attackers to gain root privileges. Status: Entry
Reference: OPENBSD:20001218
Reference: URL:http://www.openbsd.org/advisories/ftpd_replydirname.txt
Reference: NETBSD:NetBSD-SA2000-018
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-018.txt.asc
Reference: BUGTRAQ:20001218 Trustix Security Advisory - ed, tcsh, and ftpd-BSD
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0275.html
Reference: BID:2124
Reference: URL:http://www.securityfocus.com/bid/2124
Reference: XF:bsd-ftpd-replydirname-bo
Reference: URL:http://xforce.iss.net/static/5776.php

Description:
Directory traversal vulnerability in FTP Serv-U before 2.5i allows remote attackers to escape the FTP root and read arbitrary files by appending a string such as "/..%20." to a CD command, a variant of a .. (dot dot) attack. Status: Entry
Reference: BUGTRAQ:20001205 Serv-U FTP directory traversal vunerability (all versions)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97604119024280&w=2
Reference: BUGTRAQ:20001205 (no subject)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0043.html
Reference: BID:2052
Reference: URL:http://www.securityfocus.com/bid/2052
Reference: XF:ftp-servu-homedir-travers
Reference: URL:http://xforce.iss.net/static/5639.php
Reference: OSVDB:464
Reference: URL:http://www.osvdb.org/464

Description:
CBOS 2.4.1 and earlier in Cisco 600 routers allows remote attackers to cause a denial of service via a slow stream of TCP SYN packets. Status: Entry
Reference: CISCO:20001204 Multiple Vulnerabilities in CBOS
Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple.shtml
Reference: XF:cisco-cbos-syn-packets
Reference: URL:http://xforce.iss.net/static/5627.php

Description:
The Cisco Web Management interface in routers running CBOS 2.4.1 and earlier does not log invalid logins, which allows remote attackers to guess passwords without detection. Status: Entry
Reference: CISCO:20001204 Multiple Vulnerabilities in CBOS
Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple.shtml
Reference: XF:cisco-cbos-invalid-login
Reference: URL:http://xforce.iss.net/static/5628.php

Description:
Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a large ICMP echo (ping) packet. Status: Entry
Reference: CISCO:20001204 Multiple Vulnerabilities in CBOS
Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple.shtml
Reference: XF:cisco-cbos-icmp-echo
Reference: URL:http://xforce.iss.net/static/5629.php

Description:
The Web interface to Cisco 600 routers running CBOS 2.4.1 and earlier allow remote attackers to cause a denial of service via a URL that does not end in a space character. Status: Entry
Reference: CISCO:20001204 Multiple Vulnerabilities in CBOS
Reference: URL:http://www.cisco.com/warp/public/707/CBOS-multiple.shtml
Reference: XF:cisco-cbos-web-access
Reference: URL:http://xforce.iss.net/static/5626.php
Reference: OSVDB:460
Reference: URL:http://www.osvdb.org/460

Description:
patchadd in Solaris allows local users to overwrite arbitrary files via a symlink attack. Status: Entry
Reference: BUGTRAQ:20001218 Solaris patchadd(1) (3) symlink vulnerabilty
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97720205217707&w=2
Reference: BID:2127
Reference: URL:http://www.securityfocus.com/bid/2127
Reference: XF:solaris-patchadd-symlink
Reference: URL:http://xforce.iss.net/static/5789.php

Description:
Format string vulnerability in stunnel 3.8 and earlier allows attackers to execute arbitrary commands via a malformed ident username. Status: Entry
Reference: BUGTRAQ:20001218 Stunnel format bug
Reference: URL:http://www.securityfocus.com/archive/1/151719
Reference: REDHAT:RHSA-2000:129
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-129.html
Reference: CONECTIVA:CLA-2000:363
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000363
Reference: BUGTRAQ:20001209 Trustix Security Advisory - stunnel
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0337.html
Reference: DEBIAN:DSA-009
Reference: URL:http://www.debian.org/security/2001/dsa-009
Reference: FREEBSD:FreeBSD-SA-01:05
Reference: XF:stunnel-format-logfile
Reference: URL:http://xforce.iss.net/static/5807.php
Reference: BID:2128
Reference: URL:http://www.securityfocus.com/bid/2128

Description:
procfs in FreeBSD and possibly other operating systems does not properly restrict access to per-process mem and ctl files, which allows local users to gain root privileges by forking a child process and executing a privileged process from the child, while the parent retains access to the child's address space. Status: Entry
Reference: FREEBSD:FreeBSD-SA-00:77
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:77.procfs.v1.1.asc
Reference: BID:2130
Reference: URL:http://www.securityfocus.com/bid/2130
Reference: XF:procfs-elevate-privileges(6106)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6106
Reference: OSVDB:1697
Reference: URL:http://www.osvdb.org/1697

Description:
procfs in FreeBSD and possibly other operating systems allows local users to cause a denial of service by calling mmap on the process' own mem file, which causes the kernel to hang. Status: Entry
Reference: FREEBSD:FreeBSD-SA-00:77
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:77.procfs.v1.1.asc
Reference: BID:2131
Reference: URL:http://www.securityfocus.com/bid/2131
Reference: XF:procfs-mmap-dos(6107)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6107
Reference: OSVDB:1698
Reference: URL:http://www.osvdb.org/1698
Reference: OSVDB:6082
Reference: URL:http://www.osvdb.org/6082

Description:
procfs in FreeBSD and possibly other operating systems allows local users to bypass access control restrictions for a jail environment and gain additional privileges. Status: Entry
Reference: FREEBSD:FreeBSD-SA-00:77
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:77.procfs.v1.1.asc
Reference: BID:2132
Reference: URL:http://www.securityfocus.com/bid/2132
Reference: XF:procfs-access-control-bo(6108)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6108
Reference: OSVDB:1691
Reference: URL:http://www.osvdb.org/1691

Description:
Secure Locate (slocate) allows local users to corrupt memory via a malformed database file that specifies an offset value that accesses memory outside of the intended buffer. Status: Entry
Reference: BUGTRAQ:20001126 [MSY] S(ecure)Locate heap corruption vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-11/0356.html
Reference: DEBIAN:DSA-005-1
Reference: URL:http://www.debian.org/security/2000/20001217a
Reference: DEBIAN:20001217a
Reference: MANDRAKE:MDKSA-2000:085
Reference: URL:http://www.linux-mandrake.com/en/security/2000/MDKSA-2000-085.php3
Reference: REDHAT:RHSA-2000:128
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-128.html
Reference: CONECTIVA:CLA-2001:369
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000369
Reference: TURBO:TLSA2001002-1
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2001-February/000144.html
Reference: XF:slocate-heap-execute-code(5594)
Reference: URL:http://xforce.iss.net/static/5594.php
Reference: BID:2004
Reference: URL:http://www.securityfocus.com/bid/2004

Description:
dialog before 0.9a-20000118-3bis in Debian GNU/Linux allows local users to overwrite arbitrary files via a symlink attack. Status: Entry
Reference: DEBIAN:DSA-008-1
Reference: URL:http://www.debian.org/security/2000/20001225
Reference: BID:2151
Reference: URL:http://www.securityfocus.com/bid/2151
Reference: XF:dialog-symlink
Reference: URL:http://xforce.iss.net/static/5809.php

Description:
gpg (aka GnuPG) 1.0.4 and other versions does not properly verify detached signatures, which allows attackers to modify the contents of a file without detection. Status: Entry
Reference: REDHAT:RHSA-2000:131
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-131.html
Reference: MANDRAKE:MDKSA-2000-087
Reference: URL:http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3
Reference: DEBIAN:DSA-010-1
Reference: URL:http://www.debian.org/security/2000/20001225b
Reference: XF:gnupg-detached-sig-modify
Reference: URL:http://xforce.iss.net/static/5802.php
Reference: CONECTIVA:CLA-2000:368
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000368
Reference: BID:2141
Reference: URL:http://www.securityfocus.com/bid/2141
Reference: BUGTRAQ:20001220 Trustix Security Advisory - gnupg, ftpd-BSD
Reference: URL:http://www.securityfocus.com/archive/1/152197
Reference: OSVDB:1699
Reference: URL:http://www.osvdb.org/1699

Description:
gpg (aka GnuPG) 1.0.4 and other versions imports both public and private keys from public key servers without notifying the user about the private keys, which could allow an attacker to break the web of trust. Status: Entry
Reference: REDHAT:RHSA-2000:131
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-131.html
Reference: MANDRAKE:MDKSA-2000-087
Reference: URL:http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-087.php3
Reference: DEBIAN:DSA-010-1
Reference: URL:http://www.debian.org/security/2000/20001225b
Reference: CONECTIVA:CLA-2000:368
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000368
Reference: BUGTRAQ:20001220 Trustix Security Advisory - gnupg, ftpd-BSD
Reference: URL:http://www.securityfocus.com/archive/1/152197
Reference: BID:2153
Reference: URL:http://www.securityfocus.com/bid/2153
Reference: XF:gnupg-reveal-private
Reference: URL:http://xforce.iss.net/static/5803.php
Reference: OSVDB:1702
Reference: URL:http://www.osvdb.org/1702

Description:
The clustmon service in Sun Cluster 2.x does not require authentication, which allows remote attackers to obtain sensitive information such as system logs and cluster configurations. Status: Entry
Reference: BUGTRAQ:20001212 Two Holes in Sun Cluster 2.x
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0180.html
Reference: XF:clustmon-no-authentication(6123)
Reference: URL:http://xforce.iss.net/static/6123.php

Description:
in.mond in Sun Cluster 2.x allows local users to read arbitrary files via a symlink attack on the status file of a host running HA-NFS. Status: Entry
Reference: BUGTRAQ:20001212 Two Holes in Sun Cluster 2.x
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0180.html
Reference: XF:ha-nfs-symlink(6125)
Reference: URL:http://xforce.iss.net/static/6125.php
Reference: OSVDB:6437
Reference: URL:http://www.osvdb.org/6437

Description:
Cisco Catalyst 6000, 5000, or 4000 switches allow remote attackers to cause a denial of service by connecting to the SSH service with a non-SSH client, which generates a protocol mismatch error. Status: Entry
Reference: CISCO:20001213 Cisco Catalyst SSH Protocol Mismatch Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/catalyst-ssh-protocolmismatch-pub.shtml
Reference: BID:2117
Reference: URL:http://www.securityfocus.com/bid/2117
Reference: XF:cisco-catalyst-ssh-mismatch
Reference: URL:http://xforce.iss.net/static/5760.php

Description:
swinit in nCipher does not properly disable the Operator Card Set recovery feature even when explicitly disabled by the user, which could allow attackers to gain access to application keys. Status: Entry
Reference: BUGTRAQ:20001212 nCipher Security Advisory: Operator Cards unexpectedly recoverable
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0152.html
Reference: CONFIRM:http://active.ncipher.com/updates/advisory.txt
Reference: XF:ncipher-recover-operator-cards(5999)
Reference: URL:http://xforce.iss.net/static/5999.php
Reference: OSVDB:4849
Reference: URL:http://www.osvdb.org/4849

Description:
Windows Media Unicast Service in Windows Media Services 4.0 and 4.1 does not properly shut down some types of connections, producing a memory leak that allows remote attackers to cause a denial of service via a series of severed connections, aka the "Severed Windows Media Server Connection" vulnerability. Status: Entry
Reference: MS:MS00-097
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-097.asp
Reference: MSKB:Q281256
Reference: URL:http://support.microsoft.com/default.aspx?scid=kb;[LN];Q281256
Reference: XF:mediaservices-dropped-connection-dos
Reference: URL:http://xforce.iss.net/static/5785.php

Description:
Buffer overflow in Kermit communications software in HP-UX 11.0 and earlier allows local users to cause a denial of service and possibly execute arbitrary commands. Status: Entry
Reference: HP:HPSBUX0012-135
Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0083.html
Reference: BID:2170
Reference: URL:http://www.securityfocus.com/bid/2170
Reference: XF:hpux-kermit-bo
Reference: URL:http://xforce.iss.net/static/5793.php

Description:
Internet Explorer 5.0 through 5.5 allows remote attackers to read arbitrary files from the client via the INPUT TYPE element in an HTML form, aka the "File Upload via Form" vulnerability. Status: Entry
Reference: MS:MS00-093
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-093.asp
Reference: XF:ie-form-file-upload
Reference: URL:http://xforce.iss.net/static/5615.php

Description:
The Print Templates feature in Internet Explorer 5.5 executes arbitrary custom print templates without prompting the user, which could allow an attacker to execute arbitrary ActiveX controls, aka the "Browser Print Template" vulnerability. Status: Entry
Reference: MS:MS00-093
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-093.asp
Reference: BID:2046
Reference: URL:http://www.securityfocus.com/bid/2046
Reference: XF:ie-print-template(5614)
Reference: URL:http://xforce.iss.net/static/5614.php

Description:
The ActiveX control for invoking a scriptlet in Internet Explorer 5.0 through 5.5 renders arbitrary file types instead of HTML, which allows an attacker to read arbitrary files, aka a variant of the "Scriptlet Rendering" vulnerability. Status: Entry
Reference: MS:MS00-093
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-093.asp
Reference: XF:ie-scriptlet-rendering-read-files(6085)
Reference: URL:http://xforce.iss.net/static/6085.php
Reference: OSVDB:7820
Reference: URL:http://www.osvdb.org/7820

Description:
A function in Internet Explorer 5.0 through 5.5 does not properly verify the domain of a frame within a browser window, which allows a remote attacker to read client files, aka a new variant of the "Frame Domain Verification" vulnerability. Status: Entry
Reference: MS:MS00-093
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-093.asp
Reference: XF:ie-frame-verification-read-files(6086)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6086
Reference: OSVDB:7817
Reference: URL:http://www.osvdb.org/7817

Description:
Buffer overflow in kdc_reply_cipher of libkrb (Kerberos 4 authentication library) in NetBSD 1.5 and FreeBSD 4.2 and earlier, as used in Kerberised applications such as telnetd and login, allows local users to gain root privileges. Status: Entry
Reference: NETBSD:NetBSD-SA2000-017
Reference: URL:ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-017.txt.asc
Reference: FREEBSD:FreeBSD-SA-01:25
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:25.kerberosIV.asc
Reference: XF:kerberos4-auth-packet-overflow(5734)
Reference: URL:http://xforce.iss.net/static/5734.php

Description:
catman in Solaris 2.7 and 2.8 allows local users to overwrite arbitrary files via a symlink attack on the sman_PID temporary file. Status: Entry
Reference: BUGTRAQ:20001218 Catman file clobbering vulnerability Solaris 2.x
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0313.html
Reference: SUNBUG:4392144
Reference: XF:solaris-catman-symlink(5788)
Reference: URL:http://xforce.iss.net/static/5788.php
Reference: OSVDB:6024
Reference: URL:http://www.osvdb.org/6024

Description:
FrontPage Server Extensions (FPSE) in IIS 4.0 and 5.0 allows remote attackers to cause a denial of service via a malformed form, aka the "Malformed Web Form Submission" vulnerability. Status: Entry
Reference: MS:MS00-100
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS00-100.asp
Reference: XF:iis-web-form-submit
Reference: URL:http://xforce.iss.net/static/5823.php

Description:
bsguest.cgi guestbook script allows remote attackers to execute arbitrary commands via shell metacharacters in the email address. Status: Entry
Reference: BUGTRAQ:20001221 BS Scripts Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0390.html
Reference: MISC:http://www.stanback.net/
Reference: XF:bsguest-cgi-execute-commands
Reference: URL:http://xforce.iss.net/static/5796.php

Description:
bslist.cgi mailing list script allows remote attackers to execute arbitrary commands via shell metacharacters in the email address. Status: Entry
Reference: BUGTRAQ:20001221 BS Scripts Vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0390.html
Reference: MISC:http://www.stanback.net/
Reference: XF:bslist-cgi-execute-commands
Reference: URL:http://xforce.iss.net/static/5797.php

Description:
Vulnerability in top in HP-UX 11.04 and earlier allows local users to overwrite files owned by the "sys" group. Status: Entry
Reference: HP:HPSBUX0012-134
Reference: URL:http://archives.neohapsis.com/archives/hp/2000-q4/0079.html
Reference: XF:hp-top-sys-files
Reference: URL:http://xforce.iss.net/static/5773.php

Description:
Vulnerability in inetd server in HP-UX 11.04 and earlier allows attackers to cause a denial of service when the "swait" state is used by a server. Status: Entry
Reference: HP:HPSBUX0101-136
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0009.html
Reference: XF:hp-inetd-swait-dos(5904)
Reference: URL:http://xforce.iss.net/static/5904.php

Description:
PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested. Status: Entry
Reference: BUGTRAQ:20010112 PHP Security Advisory - Apache Module bugs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97957961212852
Reference: MANDRAKE:MDKSA-2001:013
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-013.php3
Reference: CONECTIVA:CLA-2001:373
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000373
Reference: DEBIAN:DSA-020
Reference: URL:http://www.debian.org/security/2001/dsa-020
Reference: REDHAT:RHSA-2000:136
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-136.html
Reference: XF:php-htaccess-unauth-access(5940)
Reference: URL:http://xforce.iss.net/static/5940.php
Reference: BID:2206
Reference: URL:http://www.securityfocus.com/bid/2206

Description:
rctab in SuSE 7.0 and earlier allows local users to create or overwrite arbitrary files via a symlink attack on the rctmp temporary file. Status: Entry
Reference: BUGTRAQ:20010113 Serious security flaw in SuSE rctab
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0226.html
Reference: BUGTRAQ:20010117 Re: Serious security flaw in SuSE rctab
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0272.html
Reference: BID:2207
Reference: URL:http://www.securityfocus.com/bid/2207
Reference: XF:rctab-elevate-privileges(5945)
Reference: URL:http://xforce.iss.net/static/5945.php

Description:
Buffer overflow in jaZip Zip/Jaz drive manager allows local users to gain root privileges via a long DISPLAY environmental variable. Status: Entry
Reference: BUGTRAQ:20010114 Vulnerability in jaZip.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0228.html
Reference: DEBIAN:DSA-017
Reference: URL:http://www.debian.org/security/2001/dsa-017
Reference: XF:jazip-display-bo(5942)
Reference: URL:http://xforce.iss.net/static/5942.php
Reference: BID:2209
Reference: URL:http://www.securityfocus.com/bid/2209

Description:
Format string vulnerability in splitvt before 1.6.5 allows local users to execute arbitrary commands via the -rcfile command line argument. Status: Entry
Reference: BUGTRAQ:20010114 [MSY] Multiple vulnerabilities in splitvt
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97958269320974&w=2
Reference: DEBIAN:DSA-014-1
Reference: URL:http://www.debian.org/security/2001/dsa-014
Reference: XF:splitvt-perserc-format-string(5948)
Reference: URL:http://xforce.iss.net/static/5948.php
Reference: BID:2210
Reference: URL:http://www.securityfocus.com/bid/2210

Description:
Buffer overflow in arp command in Solaris 7 and earlier allows local users to execute arbitrary commands via a long -f parameter. Status: Entry
Reference: BUGTRAQ:20010111 Solaris Arp Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97934312727101&w=2
Reference: BUGTRAQ:20010112 arp exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97957435729702&w=2
Reference: SUN:00200
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/200&type=0&nav=sec.sba
Reference: XF:solaris-arp-bo(5928)
Reference: URL:http://xforce.iss.net/static/5928.php
Reference: BID:2193
Reference: URL:http://www.securityfocus.com/bid/2193

Description:
gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink attack. Status: Entry
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2
Reference: MANDRAKE:MDKSA-2001:006
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-006.php3
Reference: BID:2188
Reference: URL:http://www.securityfocus.com/bid/2188
Reference: XF:linux-gpm-symlink(5917)
Reference: URL:http://xforce.iss.net/static/5917.php

Description:
sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack. Status: Entry
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2
Reference: IMMUNIX:IMNX-2000-70-028-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2000-70-028-01
Reference: MANDRAKE:MDKSA-2001:008-1
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-008.php3
Reference: REDHAT:RHSA-2001:116
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-116.html
Reference: CERT-VN:VU#579928
Reference: URL:http://www.kb.cert.org/vuls/id/579928
Reference: XF:linux-diffutils-sdiff-symlink(5914)
Reference: URL:http://xforce.iss.net/static/5914.php
Reference: BID:2191
Reference: URL:http://www.securityfocus.com/bid/2191

Description:
rdist 6.1.5 allows local users to overwrite arbitrary files via a symlink attack. Status: Entry
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2
Reference: MANDRAKE:MDKSA-2001-005
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-005.php3
Reference: BID:2195
Reference: URL:http://www.securityfocus.com/bid/2195
Reference: XF:rdist-symlink(5925)
Reference: URL:http://xforce.iss.net/static/5925.php

Description:
getty_ps 2.0.7j allows local users to overwrite arbitrary files via a symlink attack. Status: Entry
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2
Reference: MANDRAKE:MDKSA-2001:004
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-004.php3
Reference: BID:2194
Reference: URL:http://www.securityfocus.com/bid/2194
Reference: XF:gettyps-symlink(5924)
Reference: URL:http://xforce.iss.net/static/5924.php

Description:
useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack. Status: Entry
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2
Reference: MANDRAKE:MDKSA-2001:007
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-007.php3
Reference: BID:2196
Reference: URL:http://www.securityfocus.com/bid/2196
Reference: XF:shadow-utils-useradd-symlink(5927)
Reference: URL:http://xforce.iss.net/static/5927.php

Description:
ImageCast Control Center 4.1.0 allows remote attackers to cause a denial of service (resource exhaustion or system crash) via a long string to port 12002. Status: Entry
Reference: BUGTRAQ:20010108 def-2001-01: ImageCast IC3 Control Center DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0071.html
Reference: XF:storagesoft-imagecast-dos(5901)
Reference: URL:http://xforce.iss.net/static/5901.php
Reference: BID:2174
Reference: URL:http://www.securityfocus.com/bid/2174

Description:
Kernel leak in AfpaCache module of the Fast Response Cache Accelerator (FRCA) component of IBM HTTP Server 1.3.x and Websphere 3.52 allows remote attackers to cause a denial of service via a series of malformed HTTP requests that generate a "bad request" error. Status: Entry
Reference: BUGTRAQ:20010108 def-2001-02: IBM Websphere 3.52 Kernel Leak DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0079.html
Reference: BUGTRAQ:20010307 def-2001-02: IBM HTTP Server Kernel Leak DoS (re-release)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0061.html
Reference: CONFIRM:http://www-4.ibm.com/software/webservers/security.html
Reference: BID:2175
Reference: URL:http://www.securityfocus.com/bid/2175
Reference: XF:ibm-websphere-dos(5900)
Reference: URL:http://xforce.iss.net/static/5900.php

Description:
Directory traversal vulnerability in eXtropia bbs_forum.cgi 1.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the file parameter. Status: Entry
Reference: BUGTRAQ:20010107 Cgisecurity.com Advisory #3.1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97905792214999&w=2
Reference: CONFIRM:http://www.extropia.com/hacks/bbs_security.html
Reference: BID:2177
Reference: URL:http://www.securityfocus.com/bid/2177
Reference: XF:http-cgi-bbs-forum(5906)
Reference: URL:http://xforce.iss.net/static/5906.php
Reference: OSVDB:3546
Reference: URL:http://www.osvdb.org/3546

Description:
Buffer overflow in exrecover in Solaris 2.6 and earlier possibly allows local users to gain privileges via a long command line argument. Status: Entry
Reference: BUGTRAQ:20010109 Solaris /usr/lib/exrecover buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97908386502156&w=2
Reference: SUNBUG:4161925
Reference: XF:solaris-exrecover-bo(5913)
Reference: URL:http://xforce.iss.net/static/5913.php
Reference: BID:2179
Reference: URL:http://www.securityfocus.com/bid/2179

Description:
exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exmhErrorMsg temporary file. Status: Entry
Reference: BUGTRAQ:20001231 Advisory: exmh symlink vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97846489313059&w=2
Reference: BUGTRAQ:20010112 exmh security vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97958594330100&w=2
Reference: CONFIRM:http://www.beedub.com/exmh/symlink.html
Reference: FREEBSD:FreeBSD-SA-01:17
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-01/0543.html
Reference: MANDRAKE:MDKSA-2001:015
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-015.php3
Reference: DEBIAN:DSA-022
Reference: URL:http://www.debian.org/security/2001/dsa-022
Reference: XF:exmh-error-symlink
Reference: URL:http://xforce.iss.net/static/5829.php

Description:
Oracle XSQL servlet 1.0.3.0 and earlier allows remote attackers to execute arbitrary Java code by redirecting the XSQL server to another source via the xml-stylesheet parameter in the xslt stylesheet. Status: Entry
Reference: BUGTRAQ:20010109 Oracle XSQL servlet and xml-stylesheet allow executing java on the web server
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97906670012796&w=2
Reference: BUGTRAQ:20010123 Patch for Potential Vulnerability in Oracle XSQL Servlet
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98027700625521&w=2
Reference: XF:oracle-xsql-execute-code(5905)
Reference: URL:http://xforce.iss.net/static/5905.php

Description:
Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges. Status: Entry
Reference: MANDRAKE:MDKSA-2000-083
Reference: URL:http://www.linux-mandrake.com/en/updates/2000/MDKSA-2000-083.php3
Reference: CONECTIVA:CLA-2000:365
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000365
Reference: REDHAT:RHSA-2000:127
Reference: URL:http://www.redhat.com/support/errata/RHSA-2000-127.html
Reference: DEBIAN:DSA-006-1
Reference: URL:http://www.debian.org/security/2000/20001219
Reference: FREEBSD:FreeBSD-SA-01:06
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:06.zope.asc
Reference: XF:zope-calculate-roles
Reference: URL:http://xforce.iss.net/static/5777.php
Reference: OSVDB:6284
Reference: URL:http://www.osvdb.org/6284

Description:
Buffer overflow in Tinyproxy HTTP proxy 1.3.3 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long connect request. Status: Entry
Reference: BUGTRAQ:20010117 [pkc] remote heap overflow in tinyproxy
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97975486527750&w=2
Reference: DEBIAN:DSA-018
Reference: URL:http://www.debian.org/security/2001/dsa-018
Reference: FREEBSD:FreeBSD-SA-01:15
Reference: BID:2217
Reference: URL:http://www.securityfocus.com/bid/2217
Reference: XF:tinyproxy-remote-bo(5954)
Reference: URL:http://xforce.iss.net/static/5954.php

Description:
Buffer overflow in HTML parser of the Lotus R5 Domino Server before 5.06, and Domino Client before 5.05, allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed font size specifier. Status: Entry
Reference: MISC:http://service1.symantec.com/sarc/sarc.nsf/info/html/Lotus.Domino.Denial.of.Service.Malformed.HTML.Email.html
Reference: XF:lotus-html-bo(6207)
Reference: URL:http://xforce.iss.net/static/6207.php

Description:
Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed. Status: Entry
Reference: BUGTRAQ:20001220 ProFTPD 1.2.0 Memory leakage - denial of service
Reference: URL:http://www.securityfocus.com/archive/1/152206
Reference: BUGTRAQ:20010109 Memory leakage in ProFTPd leads to remote DoS (SIZE FTP); (Exploit Code)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0122.html
Reference: BUGTRAQ:20010110 Re: Memory leakage in ProFTPd leads to remote DoS (SIZE FTP); (Exploit Code)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0132.html
Reference: MANDRAKE:MDKSA-2001:021
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-021.php3
Reference: DEBIAN:DSA-029
Reference: URL:http://www.debian.org/security/2001/dsa-029
Reference: CONECTIVA:CLA-2001:380
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000380
Reference: BUGTRAQ:20010213 Trustix Security Advisory - proftpd, kernel
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html
Reference: XF:proftpd-size-memory-leak
Reference: URL:http://xforce.iss.net/static/5801.php

Description:
Windows Media Player 7 allows remote attackers to execute malicious Java applets in Internet Explorer clients by enclosing the applet in a skin file named skin.wmz, then referencing that skin in the codebase parameter to an applet tag, aka the Windows Media Player Skins File Download" vulnerability. Status: Entry
Reference: BUGTRAQ:20010115 Windows Media Player 7 and IE java vulnerability - executing arbitrary programs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97958100816503&w=2
Reference: MS:MS01-010
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-010.asp
Reference: XF:win-mediaplayer-arbitrary-code(5937)
Reference: URL:http://xforce.iss.net/static/5937.php
Reference: BID:2203
Reference: URL:http://www.securityfocus.com/bid/2203

Description:
privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack. Status: Entry
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2
Reference: MANDRAKE:MDKSA-2001-001
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-001.php3
Reference: DEBIAN:DSA-016
Reference: URL:http://www.debian.org/security/2001/dsa-016
Reference: BID:2189
Reference: URL:http://www.securityfocus.com/bid/2189
Reference: XF:linux-wuftpd-privatepw-symlink(5915)
Reference: URL:http://xforce.iss.net/static/5915.php

Description:
inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations. Status: Entry
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2
Reference: MANDRAKE:MDKSA-2001:010
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-010.php3
Reference: CALDERA:CSSA-2001-001.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-001.0.txt
Reference: XF:linux-inn-symlink(5916)
Reference: URL:http://xforce.iss.net/static/5916.php
Reference: BID:2190
Reference: URL:http://www.securityfocus.com/bid/2190

Description:
arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations. Status: Entry
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2
Reference: MANDRAKE:MDKSA-2001:002
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-002.php3
Reference: XF:tcpdump-arpwatch-symlink(5922)
Reference: URL:http://xforce.iss.net/static/5922.php
Reference: BID:2183
Reference: URL:http://www.securityfocus.com/bid/2183

Description:
mgetty 1.1.22 allows local users to overwrite arbitrary files via a symlink attack in some configurations. Status: Entry
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2
Reference: MANDRAKE:MDKSA-2001:009
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-009.php3
Reference: DEBIAN:DSA-011
Reference: URL:http://www.debian.org/security/2001/dsa-011
Reference: CALDERA:CSSA-2001-002.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-002.0.txt
Reference: REDHAT:RHSA-2001:050
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-050.html
Reference: BID:2187
Reference: URL:http://www.securityfocus.com/bid/2187
Reference: XF:linux-mgetty-symlink(5918)
Reference: URL:http://xforce.iss.net/static/5918.php

Description:
squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations. Status: Entry
Reference: BUGTRAQ:20010112 Trustix Security Advisory - diffutils squid
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0212.html
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2
Reference: MANDRAKE:MDKSA-2001:003
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-003.php3
Reference: DEBIAN:DSA-019
Reference: URL:http://www.debian.org/security/2001/dsa-019
Reference: XF:squid-email-symlink(5921)
Reference: URL:http://xforce.iss.net/static/5921.php
Reference: BID:2184
Reference: URL:http://www.securityfocus.com/bid/2184

Description:
vpop3d program in linuxconf 1.23r and earlier allows local users to overwrite arbitrary files via a symlink attack. Status: Entry
Reference: BUGTRAQ:20010110 Immunix OS Security update for lots of temp file problems
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916374410647&w=2
Reference: MANDRAKE:MDKSA-2001:011
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-011.php3
Reference: BID:2186
Reference: URL:http://www.securityfocus.com/bid/2186
Reference: XF:linuxconf-vpop3d-symlink(5923)
Reference: URL:http://xforce.iss.net/static/5923.php

Description:
CORE SDI SSH1 CRC-32 compensation attack detector allows remote attackers to execute arbitrary commands on an SSH server or client via an integer overflow. Status: Entry
Reference: BINDVIEW:20010208 Remote vulnerability in SSH daemon crc32 compensation attack detector
Reference: URL:http://razor.bindview.com/publish/advisories/adv_ssh1crc.html
Reference: BUGTRAQ:20010208 [CORE SDI ADVISORY] SSH1 CRC-32 compensation attack detector
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98168366406903&w=2
Reference: BUGTRAQ:20011122 Secure Computing SafeWord uses vulnerable ssh server
Reference: CERT:CA-2001-35
Reference: URL:http://www.cert.org/advisories/CA-2001-35.html
Reference: BID:2347
Reference: URL:http://www.securityfocus.com/bid/2347
Reference: OSVDB:503
Reference: URL:http://www.osvdb.org/503
Reference: OSVDB:795
Reference: URL:http://www.osvdb.org/795
Reference: XF:ssh-deattack-overwrite-memory(6083)
Reference: URL:http://xforce.iss.net/static/6083.php

Description:
Buffer overflow in Windows 2000 event viewer snap-in allows attackers to execute arbitrary commands via a malformed field that is improperly handled during the detailed view of event records. Status: Entry
Reference: MS:MS01-013
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-013.asp

Description:
The WMP ActiveX Control in Windows Media Player 7 allows remote attackers to execute commands in Internet Explorer via javascript URLs, a variant of the "Frame Domain Verification" vulnerability. Status: Entry
Reference: BUGTRAQ:20010101 Windows Media Player 7 and IE vulnerability - executing arbitrary programs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0000.html
Reference: MS:MS01-015
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-015.asp
Reference: XF:media-player-execute-commands(6227)
Reference: URL:http://xforce.iss.net/static/6227.php

Description:
Windows Scripting Host in Internet Explorer 5.5 and earlier allows remote attackers to read arbitrary files via the GetObject Javascript function and the htmlfile ActiveX object. Status: Entry
Reference: BUGTRAQ:20000926 IE 5.5/Outlook Express security vulnerability - GetObject() expose user's files
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-09/0305.html
Reference: NTBUGTRAQ:20000926 IE 5.5/Outlook Express security vulnerability - GetObject() expose user's files
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=96999020527583&w=2
Reference: MS:MS01-015
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-015.asp
Reference: BID:1718
Reference: URL:http://www.securityfocus.com/bid/1718
Reference: XF:ie-getobject-expose-files(5293)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5293

Description:
Internet Explorer 5.5 and earlier executes Telnet sessions using command line arguments that are specified by the web site, which could allow remote attackers to execute arbitrary commands if the IE client is using the Telnet client provided in Services for Unix (SFU) 2.0, which creates session transcripts. Status: Entry
Reference: BUGTRAQ:20010313 Internet Explorer and Services for Unix 2.0 Telnet Client
Reference: MS:MS01-015
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-015.asp
Reference: BID:2463
Reference: URL:http://www.securityfocus.com/bid/2463
Reference: OSVDB:7816
Reference: URL:http://www.osvdb.org/7816
Reference: XF:ie-telnet-execute-commands(6230)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6230

Description:
IIS 5.0 allows remote attackers to cause a denial of service via a series of malformed WebDAV requests. Status: Entry
Reference: MS:MS01-016
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-016.asp
Reference: XF:iis-webdav-dos(6205)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6205
Reference: OVAL:oval:org.mitre.oval:def:90
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:90

Description:
The password protection option for the Compressed Folders feature in Plus! for Windows 98 and Windows Me writes password information to a file, which allows local users to recover the passwords and read the compressed folders. Status: Entry
Reference: MS:MS01-019
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-019.asp

Description:
Buffer overflow in VB-TSQL debugger object (vbsdicli.exe) in Visual Studio 6.0 Enterprise Edition allows remote attackers to execute arbitrary commands. Status: Entry
Reference: BINDVIEW:20010327 Remote buffer overflow in DCOM VB T-SQL debugger
Reference: URL:http://razor.bindview.com/publish/advisories/adv_vbtsql.html
Reference: MS:MS01-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-018.asp

Description:
HTML e-mail feature in Internet Explorer 5.5 and earlier allows attackers to execute attachments by setting an unusual MIME type for the attachment, which Internet Explorer does not process correctly. Status: Entry
Reference: BUGTRAQ:20010330 Incorrect MIME Header Can Cause IE to Execute E-mail Attachment
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98596775905044&w=2
Reference: MS:MS01-020
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-020.asp
Reference: CERT:CA-2001-06
Reference: URL:http://www.cert.org/advisories/CA-2001-06.html
Reference: CIAC:L-066
Reference: URL:http://www.ciac.org/ciac/bulletins/l-066.shtml
Reference: BID:2524
Reference: URL:http://www.securityfocus.com/bid/2524
Reference: OSVDB:7806
Reference: URL:http://www.osvdb.org/7806
Reference: OVAL:oval:org.mitre.oval:def:141
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:141
Reference: SECTRACK:1001197
Reference: URL:http://securitytracker.com/id?1001197
Reference: XF:ie-mime-execute-code(6306)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6306

Description:
Format string vulnerability in VShell SSH gateway 1.0.1 and earlier allows remote attackers to execute arbitrary commands via a user name that contains format string specifiers. Status: Entry
Reference: ATSTAKE:A021601-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a021601-1.txt
Reference: CONFIRM:http://www.vandyke.com/products/vshell/security102.html

Description:
VShell SSH gateway 1.0.1 and earlier has a default port forwarding rule of 0.0.0.0/0.0.0.0, which could allow local users conduct arbitrary port forwarding to other systems. Status: Entry
Reference: ATSTAKE:A021601-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a021601-1.txt
Reference: CONFIRM:http://www.vandyke.com/products/vshell/security102.html
Reference: XF:vshell-port-forwarding-rule(6148)
Reference: URL:http://xforce.iss.net/static/6148.php
Reference: BID:2402
Reference: URL:http://www.securityfocus.com/bid/2402

Description:
Debugging utility in the backdoor mode of Palm OS 3.5.2 and earlier allows attackers with physical access to a Palm device to bypass access restrictions and obtain passwords, even if the system lockout mechanism is enabled. Status: Entry
Reference: ATSTAKE:A030101-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a030101-1.txt
Reference: XF:palm-debug-bypass-password(6196)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6196

Description:
Buffer overflow in Netscape Directory Server 4.12 and earlier allows remote attackers to cause a denial of service or execute arbitrary commands via a malformed recipient field. Status: Entry
Reference: ATSTAKE:A030701-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a030701-1.txt
Reference: XF:netscape-directory-server-bo(6233)
Reference: URL:http://xforce.iss.net/static/6233.php

Description:
Buffer overflow in ximp40 shared library in Solaris 7 and Solaris 8 allows local users to gain privileges via a long "arg0" (process name) argument. Status: Entry
Reference: BUGTRAQ:20010131 [SPSadvisory#40]Solaris7/8 ximp40 shared library buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0517.html
Reference: SUNBUG:4409148
Reference: XF:solaris-ximp40-bo
Reference: URL:http://xforce.iss.net/static/6039.php
Reference: BID:2322
Reference: URL:http://www.securityfocus.com/bid/2322

Description:
Macromedia Shockwave Flash plugin version 8 and earlier allows remote attackers to cause a denial of service via malformed tag length specifiers in a SWF file. Status: Entry
Reference: BUGTRAQ:20001229 Shockwave Flash buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0491.html
Reference: XF:shockwave-flash-swf-bo
Reference: URL:http://xforce.iss.net/static/5826.php

Description:
When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib. Status: Entry
Reference: MANDRAKE:MDKSA-2001:012
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-012.php3?dis=7.2
Reference: SUSE:SuSE-SA:2001:01
Reference: URL:http://www.novell.com/linux/security/advisories/2001_001_glibc_txt.html
Reference: CALDERA:CSSA-2001-007
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-007.0.txt
Reference: REDHAT:RHSA-2001:002
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-002.html
Reference: DEBIAN:DSA-039
Reference: URL:http://www.debian.org/security/2001/dsa-039
Reference: TURBO:TLSA2000021-2
Reference: URL:http://archives.neohapsis.com/archives/linux/turbolinux/2001-q1/0004.html
Reference: BUGTRAQ:20010121 Trustix Security Advisory - glibc
Reference: URL:http://www.securityfocus.com/archive/1/157650
Reference: BID:2223
Reference: URL:http://www.securityfocus.com/bid/2223
Reference: XF:linux-glibc-preload-overwrite
Reference: URL:http://xforce.iss.net/static/5971.php

Description:
glibc 2.1.9x and earlier does not properly clear the RESOLV_HOST_CONF, HOSTALIASES, or RES_OPTIONS environmental variables when executing setuid/setgid programs, which could allow local users to read arbitrary files. Status: Entry
Reference: BUGTRAQ:20010110 Glibc Local Root Exploit
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0131.html
Reference: BUGTRAQ:20010110 [slackware-security] glibc 2.2 local vulnerability on setuid binaries
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0186.html
Reference: REDHAT:RHSA-2001:001
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-001.html
Reference: BID:2181
Reference: URL:http://www.securityfocus.com/bid/2181
Reference: XF:linux-glibc-read-files
Reference: URL:http://xforce.iss.net/static/5907.php

Description:
Buffer overflow in Trend Micro Virus Buster 2001 8.00 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a large "To" address. Status: Entry
Reference: BUGTRAQ:20010130 Security hole in Virus Buster 2001
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0500.html
Reference: XF:virusbuster-mua-bo(6034)
Reference: URL:http://xforce.iss.net/static/6034.php
Reference: OSVDB:6138
Reference: URL:http://www.osvdb.org/6138

Description:
The caching module in Netscape Fasttrack Server 4.1 allows remote attackers to cause a denial of service (resource exhaustion) by requesting a large number of non-existent URLs. Status: Entry
Reference: BUGTRAQ:20010122 def-2001-05: Netscape Fasttrack Server Caching DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98021351718874&w=2
Reference: BUGTRAQ:20010124 iPlanet FastTrack/Enterprise 4.1 DoS clarifications
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98035833331446&w=2
Reference: BID:2273
Reference: URL:http://www.securityfocus.com/bid/2273
Reference: XF:netscape-fasttrack-cache-dos(5985)
Reference: URL:http://xforce.iss.net/static/5985.php

Description:
The setuid doroot program in Voyant Sonata 3.x executes arbitrary command line arguments, which allows local users to gain root privileges. Status: Entry
Reference: BUGTRAQ:20001218 More Sonata Conferencing software vulnerabilities.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2000-12/0278.html
Reference: BID:2125
Reference: URL:http://www.securityfocus.com/bid/2125
Reference: XF:sonata-command-execute(5787)
Reference: URL:http://xforce.iss.net/static/5787.php

Description:
kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges. Status: Entry
Reference: MANDRAKE:MDKSA-2001:018
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-018.php3?dis=7.2
Reference: CALDERA:CSSA-2001-005.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-005.0.txt
Reference: SUSE:SuSE-SA:2001:02
Reference: URL:http://www.novell.com/linux/security/advisories/2001_002_kdesu_txt.html
Reference: XF:kde2-kdesu-retrieve-passwords
Reference: URL:http://xforce.iss.net/static/5995.php

Description:
Allaire JRun 3.0 allows remote attackers to list contents of the WEB-INF directory, and the web.xml file in the WEB-INF directory, via a malformed URL that contains a "." Status: Entry
Reference: ALLAIRE:ASB01-02
Reference: URL:http://www.allaire.com/handlers/index.cfm?ID=19546&Method=Full
Reference: XF:jrun-webinf-file-retrieval
Reference: URL:http://xforce.iss.net/static/6008.php

Description:
FireWall-1 4.1 with a limited-IP license allows remote attackers to cause a denial of service by sending a large number of spoofed IP packets with various source addresses to the inside interface, which floods the console with warning messages and consumes CPU resources. Status: Entry
Reference: BUGTRAQ:20010117 Licensing Firewall-1 DoS Attack
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0298.html
Reference: XF:fw1-limited-license-dos
Reference: URL:http://xforce.iss.net/static/5966.php
Reference: BID:2238
Reference: URL:http://www.securityfocus.com/bid/2238
Reference: OSVDB:1733
Reference: URL:http://www.osvdb.org/1733

Description:
ipfw and ip6fw in FreeBSD 4.2 and earlier allows remote attackers to bypass access restrictions by setting the ECE flag in a TCP packet, which makes the packet appear to be part of an established connection. Status: Entry
Reference: BUGTRAQ:20010125 ecepass - proof of concept code for FreeBSD ipfw bypass
Reference: URL:http://www.security-express.com/archives/bugtraq/2001-01/0424.html
Reference: FREEBSD:FreeBSD-SA-01:08
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:08.ipfw.asc
Reference: CIAC:L-029
Reference: URL:http://www.ciac.org/ciac/bulletins/l-029.shtml
Reference: BID:2293
Reference: URL:http://www.securityfocus.com/bid/2293
Reference: OSVDB:1743
Reference: URL:http://www.osvdb.org/1743
Reference: XF:ipfw-bypass-firewall(5998)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5998

Description:
Netopia R9100 router version 4.6 allows authenticated users to cause a denial of service by using the router's telnet program to connect to the router's IP address, which causes a crash. Status: Entry
Reference: BUGTRAQ:20010123 Make The Netopia R9100 Router To Crash
Reference: URL:http://www.securityfocus.com/archive/1/157952
Reference: BID:2287
Reference: URL:http://www.securityfocus.com/bid/2287
Reference: XF:netopia-telnet-dos
Reference: URL:http://xforce.iss.net/static/6001.php

Description:
Format string vulnerability in wu-ftp 2.6.1 and earlier, when running with debug mode enabled, allows remote attackers to execute arbitrary commands via a malformed argument that is recorded in a PASV port assignment. Status: Entry
Reference: DEBIAN:DSA-016
Reference: URL:http://www.debian.org/security/2001/dsa-016
Reference: CONFIRM:ftp://ftp.wu-ftpd.org/pub/wu-ftpd/patches/apply_to_current/missing_format_strings.patch
Reference: CONECTIVA:CLA-2001:443
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000443
Reference: BID:2296
Reference: URL:http://www.securityfocus.com/bid/2296
Reference: XF:wuftp-debug-format-string
Reference: URL:http://xforce.iss.net/static/6020.php

Description:
Directory traversal vulnerability in LocalWEB2000 HTTP server allows remote attackers to read arbitrary commands via a .. (dot dot) attack in an HTTP GET request. Status: Entry
Reference: BUGTRAQ:20010119 LocalWEB2000 Directory Traversal Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0346.html
Reference: BID:2268
Reference: URL:http://www.securityfocus.com/bid/2268
Reference: XF:localweb2k-directory-traversal
Reference: URL:http://xforce.iss.net/static/5982.php

Description:
Buffer overflow in /usr/bin/cu in Solaris 2.8 and earlier, and possibly other operating systems, allows local users to gain privileges by executing cu with a long program name (arg0). Status: Entry
Reference: BUGTRAQ:20010117 Solaris /usr/bin/cu Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97983943716311&w=2
Reference: BUGTRAQ:20010123 Solaris /usr/bin/cu Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98028642319440&w=2
Reference: SUNBUG:4406722
Reference: XF:cu-argv-bo(6224)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6224

Description:
gnuserv before 3.12, as shipped with XEmacs, does not properly check the specified length of an X Windows MIT-MAGIC-COOKIE cookie, which allows remote attackers to execute arbitrary commands via a buffer overflow, or brute force authentication by using a short cookie length. Status: Entry
Reference: BUGTRAQ:20010202 Remote vulnerability in gnuserv/XEmacs
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0030.html
Reference: REDHAT:RHSA-2001:010
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-010.html
Reference: REDHAT:RHSA-2001:011
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-011.html
Reference: MANDRAKE:MDKSA-2001:019
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-019.php3
Reference: XF:gnuserv-tcp-cookie-overflow(6056)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6056

Description:
Format string vulnerability in man in some Linux distributions allows local users to gain privileges via a malformed -l parameter. Status: Entry
Reference: BUGTRAQ:20010131 SuSe / Debian man package format string vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98096782126481&w=2
Reference: DEBIAN:DSA-028
Reference: URL:http://www.debian.org/security/2001/dsa-028
Reference: BID:2327
Reference: URL:http://www.securityfocus.com/bid/2327
Reference: XF:man-i-format-string(6059)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6059

Description:
Buffer overflow in httpGets function in CUPS 1.1.5 allows remote attackers to execute arbitrary commands via a long input line. Status: Entry
Reference: MANDRAKE:MDKSA-2001:020-1
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-020.php3
Reference: XF:cups-httpgets-dos(6043)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6043
Reference: OSVDB:6064
Reference: URL:http://www.osvdb.org/6064

Description:
sash before 3.4-4 in Debian GNU/Linux does not properly clone /etc/shadow, which makes it world-readable and could allow local users to gain privileges via password cracking. Status: Entry
Reference: DEBIAN:DSA-015
Reference: URL:http://www.debian.org/security/2001/dsa-015
Reference: XF:linux-sash-shadow-readable
Reference: URL:http://xforce.iss.net/static/5994.php

Description:
inetd ident server in FreeBSD 4.x and earlier does not properly set group permissions, which allows remote attackers to read the first 16 bytes of files that are accessible by the wheel group. Status: Entry
Reference: FREEBSD:FreeBSD-SA-01:11
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:11.inetd.v1.1.asc
Reference: BID:2324
Reference: URL:http://www.securityfocus.com/bid/2324
Reference: XF:inetd-ident-read-files(6052)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6052
Reference: OSVDB:1753
Reference: URL:http://www.osvdb.org/1753

Description:
Format string vulnerability in print_client in icecast 1.3.8beta2 and earlier allows remote attackers to execute arbitrary commands. Status: Entry
Reference: BUGTRAQ:20010121 [pkc] format bugs in icecast 1.3.8b2 and prior
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0348.html
Reference: CONECTIVA:CLA-2001:374
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000374
Reference: REDHAT:RHSA-2001:004
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-004.html
Reference: XF:icecast-format-string
Reference: URL:http://xforce.iss.net/static/5978.php
Reference: BID:2264
Reference: URL:http://www.securityfocus.com/bid/2264

Description:
Watchguard Firebox II firewall allows users with read-only access to gain read-write access, and administrative privileges, by accessing a file that contains hashed passphrases, and using the hashes during authentication. Status: Entry
Reference: BUGTRAQ:20010120 Watchguard Firewall Elevated Privilege Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0342.html
Reference: BID:2284
Reference: URL:http://www.securityfocus.com/bid/2284
Reference: XF:watchguard-firebox-obtain-passphrase
Reference: URL:http://xforce.iss.net/static/5979.php

Description:
Watchguard Firebox II allows remote attackers to cause a denial of service by establishing multiple connections and sending malformed PPTP packets. Status: Entry
Reference: BUGTRAQ:20010214 def-2001-07: Watchguard Firebox II PPTP DoS
Reference: URL:http://www.securityfocus.com/archive/1/162965
Reference: BID:2369
Reference: URL:http://www.securityfocus.com/bid/2369
Reference: XF:firebox-pptp-dos(6109)
Reference: URL:http://xforce.iss.net/static/6109.php

Description:
Buffer overflow in bing allows remote attackers to execute arbitrary commands via a long hostname, which is copied to a small buffer after a reverse DNS lookup using the gethostbyaddr function. Status: Entry
Reference: BUGTRAQ:20010119 Buffer overflow in bing
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0330.html
Reference: XF:linux-bing-bo
Reference: URL:http://xforce.iss.net/static/6036.php
Reference: BID:2279
Reference: URL:http://www.securityfocus.com/bid/2279

Description:
ROADS search.pl program allows remote attackers to read arbitrary files by specifying the file name in the form parameter and terminating the filename with a null byte. Status: Entry
Reference: BUGTRAQ:20010212 ROADS search system "show files" Vulnerability with "null bite" bug
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0213.html
Reference: CONFIRM:http://www.roads.lut.ac.uk/lists/open-roads/2001/02/0001.html
Reference: XF:roads-search-view-files(6097)
Reference: URL:http://xforce.iss.net/static/6097.php
Reference: BID:2371
Reference: URL:http://www.securityfocus.com/bid/2371

Description:
Format string vulnerability in mars_nwe 0.99.pl19 allows remote attackers to execute arbitrary commands. Status: Entry
Reference: BUGTRAQ:20010126 format string vulnerability in mars_nwe 0.99pl19
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0456.html
Reference: FREEBSD:FreeBSD-SA-01:20
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-02/0081.html
Reference: XF:mars-nwe-format-string(6019)
Reference: URL:http://xforce.iss.net/static/6019.php

Description:
Vulnerability in Support Tools Manager (xstm,cstm,stm) in HP-UX 11.11 and earlier allows local users to cause a denial of service. Status: Entry
Reference: HP:HPSBUX0101-137
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0016.html
Reference: XF:hp-stm-dos
Reference: URL:http://xforce.iss.net/static/5957.php
Reference: BID:2239
Reference: URL:http://www.securityfocus.com/bid/2239
Reference: OSVDB:6991
Reference: URL:http://www.osvdb.org/6991
Reference: OSVDB:7029
Reference: URL:http://www.osvdb.org/7029
Reference: OSVDB:7030
Reference: URL:http://www.osvdb.org/7030

Description:
Buffer overflow in ja-xklock 2.7.1 and earlier allows local users to gain root privileges. Status: Entry
Reference: FREEBSD:FreeBSD-SA-01:19
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-02/0079.html
Reference: XF:ja-xklock-bo(6073)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6073

Description:
webmin 0.84 and earlier allows local users to overwrite and create arbitrary files via a symlink attack. Status: Entry
Reference: MANDRAKE:MDKSA-2001-016
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-016.php3
Reference: CALDERA:CSSA-2001-004.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-004.0.txt
Reference: XF:linux-webmin-tmpfiles
Reference: URL:http://xforce.iss.net/static/6011.php

Description:
Buffer overflow in dc20ctrl before 0.4_1 in FreeBSD, and possibly other operating systems, allows local users to gain privileges. Status: Entry
Reference: FREEBSD:FreeBSD-SA-01:22
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-02/0083.html
Reference: XF:dc20ctrl-port-bo(6077)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6077
Reference: OSVDB:6081
Reference: URL:http://www.osvdb.org/6081

Description:
Buffer overflow in micq client 0.4.6 and earlier allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long Description field. Status: Entry
Reference: BUGTRAQ:20010124 patch Re: [PkC] Advisory #003: micq-0.4.6 remote buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0395.html
Reference: BUGTRAQ:20010118 [PkC] Advisory #003: micq-0.4.6 remote buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0307.html
Reference: DEBIAN:DSA-012
Reference: URL:http://www.debian.org/security/2001/dsa-012
Reference: FREEBSD:FreeBSD-SA-01:14
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:14.micq.asc
Reference: REDHAT:RHSA-2001:005
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-005.html
Reference: XF:micq-sprintf-remote-bo(5962)
Reference: URL:http://xforce.iss.net/static/5962.php

Description:
NewsDaemon before 0.21b allows remote attackers to execute arbitrary SQL queries and gain privileges via a malformed user_username parameter. Status: Entry
Reference: BUGTRAQ:20010126 NewsDaemon remote administrator access
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0460.html
Reference: CONFIRM:http://sourceforge.net/forum/forum.php?forum_id=60570
Reference: XF:newsdaemon-gain-admin-access
Reference: URL:http://xforce.iss.net/static/6010.php

Description:
Vulnerability in crontab allows local users to read crontab files of other users by replacing the temporary file that is being edited while crontab is running. Status: Entry
Reference: DEBIAN:DSA-024
Reference: URL:http://www.debian.org/security/2001/dsa-024
Reference: FREEBSD:FreeBSD-SA-01:09
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:09.crontab.v1.1.asc
Reference: BID:2332
Reference: URL:http://www.securityfocus.com/bid/2332
Reference: XF:crontab-read-files(6225)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6225

Description:
Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows remote attackers to execute arbitrary commands via a long "indication" event. Status: Entry
Reference: BUGTRAQ:20010314 Solaris /usr/lib/dmi/snmpXdmid vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98462536724454&w=2
Reference: CERT:CA-2001-05
Reference: URL:http://www.cert.org/advisories/CA-2001-05.html
Reference: CIAC:L-065
Reference: URL:http://www.ciac.org/ciac/bulletins/l-065.shtml
Reference: SUN:00207
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/207
Reference: XF:solaris-snmpxdmid-bo(6245)
Reference: URL:http://xforce.iss.net/static/6245.php
Reference: BID:2417
Reference: URL:http://www.securityfocus.com/bid/2417

Description:
Memory leak in Microsoft 2000 domain controller allows remote attackers to cause a denial of service by repeatedly connecting to the Kerberos service and then disconnecting without sending any data. Status: Entry
Reference: BUGTRAQ:20010509 def-2001-24: Windows 2000 Kerberos DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98942093221908&w=2
Reference: MS:MS01-024
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-024.asp
Reference: CIAC:L-079
Reference: URL:http://ciac.llnl.gov/ciac/bulletins/l-079.shtml
Reference: XF:win2k-kerberos-dos(6506)
Reference: URL:http://xforce.iss.net/static/6506.php
Reference: BID:2707
Reference: URL:http://www.securityfocus.com/bid/2707

Description:
Microsoft Data Access Component Internet Publishing Provider 8.103.2519.0 and earlier allows remote attackers to bypass Security Zone restrictions via WebDAV requests. Status: Entry
Reference: MS:MS01-022
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-022.asp
Reference: CIAC:L-074
Reference: URL:http://www.ciac.org/ciac/bulletins/l-074.shtml
Reference: XF:ms-dacipp-webdav-access(6405)
Reference: URL:http://xforce.iss.net/static/6405.php

Description:
Microsoft Internet Security and Acceleration (ISA) Server 2000 Web Proxy allows remote attackers to cause a denial of service via a long web request with a specific type. Status: Entry
Reference: BUGTRAQ:20010416 [SX-20010320-2] - Microsoft ISA Server Denial of Service
Reference: URL:http://www.securityfocus.com/archive/1/176912
Reference: BUGTRAQ:20010427 Microsoft ISA Server Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/179986
Reference: BUGTRAQ:20010417 [SX-20010320-2b] - Followup re. Microsoft ISA Server Denial of Service
Reference: URL:http://www.securityfocus.com/archive/1/177160
Reference: MS:MS01-021
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-021.asp
Reference: CIAC:L-073
Reference: URL:http://www.ciac.org/ciac/bulletins/l-073.shtml
Reference: BID:2600
Reference: URL:http://www.securityfocus.com/bid/2600
Reference: XF:isa-web-proxy-dos(6383)
Reference: URL:http://xforce.iss.net/static/6383.php

Description:
Microsoft Word before Word 2002 allows attackers to automatically execute macros without warning the user via a Rich Text Format (RTF) document that links to a template with the embedded macro. Status: Entry
Reference: MS:MS01-028
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-028.asp
Reference: XF:word-rtf-macro-execution(6571)
Reference: URL:http://xforce.iss.net/static/6571.php
Reference: BID:2753
Reference: URL:http://www.securityfocus.com/bid/2753

Description:
Buffer overflow in Internet Printing ISAPI extension in Windows 2000 allows remote attackers to gain root privileges via a long print request that is passed to the extension through IIS 5.0. Status: Entry
Reference: BUGTRAQ:20010501 Windows 2000 IIS 5.0 Remote buffer overflow vulnerability (Remote SYSTEM Level Access)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98874912915948&w=2
Reference: MS:MS01-023
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-023.asp
Reference: CERT:CA-2001-10
Reference: URL:http://www.cert.org/advisories/CA-2001-10.html
Reference: BID:2674
Reference: URL:http://www.securityfocus.com/bid/2674
Reference: XF:iis-isapi-printer-bo(6485)
Reference: URL:http://xforce.iss.net/static/6485.php
Reference: OSVDB:3323
Reference: URL:http://www.osvdb.org/3323
Reference: OVAL:oval:org.mitre.oval:def:1068
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1068

Description:
Windows Media Player 7 and earlier stores Internet shortcuts in a user's Temporary Files folder with a fixed filename instead of in the Internet Explorer cache, which causes the HTML in those shortcuts to run in the Local Computer Zone instead of the Internet Zone, which allows remote attackers to read certain files. Status: Entry
Reference: MS:MS01-029
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-029.asp
Reference: XF:mediaplayer-html-shortcut(6584)
Reference: URL:http://xforce.iss.net/static/6584.php
Reference: BID:2765
Reference: URL:http://www.securityfocus.com/bid/2765

Description:
Buffer overflow in Microsoft Index Server 2.0 allows remote attackers to execute arbitrary commands via a long search parameter. Status: Entry
Reference: MS:MS01-025
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-025.asp
Reference: BID:2709
Reference: URL:http://www.securityfocus.com/bid/2709
Reference: XF:winnt-indexserver-search-bo(6517)
Reference: URL:http://xforce.iss.net/static/6517.php

Description:
Microsoft Index Server 2.0 in Windows NT 4.0, and Indexing Service in Windows 2000, allows remote attackers to read server-side include files via a malformed search request, aka a new variant of the "Malformed Hit-Highlighting" vulnerability. Status: Entry
Reference: MS:MS01-025
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-025.asp
Reference: XF:win-indexserver-view-files(6518)
Reference: URL:http://xforce.iss.net/static/6518.php

Description:
iPlanet (formerly Netscape) Enterprise Server 4.1 allows remote attackers to cause a denial of service via a long HTTP GET request that contains many "/../" (dot dot) sequences. Status: Entry
Reference: BUGTRAQ:20010122 def-2001-04: Netscape Enterprise Server Dot-DoS
Reference: URL:http://www.securityfocus.com/archive/1/157641
Reference: BUGTRAQ:20010124 iPlanet FastTrack/Enterprise 4.1 DoS clarifications
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98035833331446&w=2
Reference: BID:2282
Reference: URL:http://www.securityfocus.com/bid/2282
Reference: XF:netscape-enterprise-dot-dos
Reference: URL:http://xforce.iss.net/static/5983.php

Description:
ssh-keygen in ssh 1.2.27 - 1.2.30 with Secure-RPC can allow local attackers to recover a SUN-DES-1 magic phrase generated by another user, which the attacker can use to decrypt that user's private key file. Status: Entry
Reference: BUGTRAQ:20010116 Bug in SSH1 secure-RPC support can expose users' private keys
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0262.html
Reference: CONFIRM:http://www.ssh.com/products/ssh/patches/secureRPCvulnerability.html
Reference: BID:2222
Reference: URL:http://www.securityfocus.com/bid/2222
Reference: XF:ssh-rpc-private-key
Reference: URL:http://xforce.iss.net/static/5963.php

Description:
Buffer overflow in Lotus Domino Mail Server 5.0.5 and earlier allows a remote attacker to crash the server or execute arbitrary code via a long "RCPT TO" command. Status: Entry
Reference: BUGTRAQ:20010123 [SAFER] Security Bulletin 010123.EXP.1.10
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-01/0360.html
Reference: XF:lotus-domino-smtp-bo
Reference: URL:http://xforce.iss.net/static/5993.php
Reference: BID:2283
Reference: URL:http://www.securityfocus.com/bid/2283
Reference: OSVDB:3321
Reference: URL:http://www.osvdb.org/3321

Description:
ASCII Armor parser in Windows PGP 7.0.3 and earlier allows attackers to create files in arbitrary locations via a malformed ASCII armored file. Status: Entry
Reference: ATSTAKE:A040901-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a040901-1.txt
Reference: XF:pgp-armor-code-execution(6643)
Reference: URL:http://xforce.iss.net/static/6643.php
Reference: BID:2556
Reference: URL:http://www.securityfocus.com/bid/2556
Reference: OSVDB:1782
Reference: URL:http://www.osvdb.org/1782

Description:
Vulnerability in Software Distributor SD-UX in HP-UX 11.0 and earlier allows local users to gain privileges. Status: Entry
Reference: HP:HPSBUX0102-143
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0069.html
Reference: OSVDB:6033
Reference: URL:http://www.osvdb.org/6033

Description:
NM debug in HP MPE/iX 6.5 and earlier does not properly handle breakpoints, which allows local users to gain privileges. Status: Entry
Reference: HP:HPSBMP0102-008
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0050.html
Reference: XF:hp-nmdebug-gain-privileges(6226)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6226
Reference: OSVDB:6032
Reference: URL:http://www.osvdb.org/6032

Description:
The i386_set_ldt system call in NetBSD 1.5 and earlier, and OpenBSD 2.8 and earlier, when the USER_LDT kernel option is enabled, does not validate a call gate target, which allows local users to gain root privileges by creating a segment call gate in the Local Descriptor Table (LDT) with a target that specifies an arbitrary kernel address. Status: Entry
Reference: CALDERA:CSSA-2001-SCO.35
Reference: URL:http://archives.neohapsis.com/archives/linux/caldera/2001-q4/0014.html
Reference: NETBSD:NetBSD-SA:2001-002
Reference: URL:http://archives.neohapsis.com/archives/netbsd/2001-q1/0093.html
Reference: BUGTRAQ:20010219 Re: your mail
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0353.html
Reference: OPENBSD:20010302 The USER_LDT kernel option allows an attacker to gain access to privileged areas of kernel memory.
Reference: URL:http://www.openbsd.org/errata.html#userldt
Reference: CERT-VN:VU#358960
Reference: URL:http://www.kb.cert.org/vuls/id/358960
Reference: BID:2739
Reference: URL:http://www.securityfocus.com/bid/2739
Reference: OSVDB:6141
Reference: URL:http://www.osvdb.org/6141
Reference: XF:user-ldt-validation(6222)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6222

Description:
pam_ldap authentication module in Solaris 8 allows remote attackers to bypass authentication via a NULL password. Status: Entry
Reference: BUGTRAQ:20010217 Solaris 8 pam_ldap.so.1 module broken
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0344.html
Reference: SUNBUG:4384816
Reference: XF:solaris-pamldap-bypass-authentication(6440)
Reference: URL:http://xforce.iss.net/static/6440.php
Reference: OSVDB:6030
Reference: URL:http://www.osvdb.org/6030

Description:
kicq IRC client 1.0.0, and possibly later versions, allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. Status: Entry
Reference: BUGTRAQ:20010214 Security hole in kicq
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0276.html
Reference: BUGTRAQ:20010303 Re: Security hole in kicq
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0536.html
Reference: XF:kicq-execute-commands(6112)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6112

Description:
ext.dll in BadBlue 1.02.07 Personal Edition web server allows remote attackers to determine the physical path of the server by directly calling ext.dll without any arguments, which produces an error message that contains the path. Status: Entry
Reference: BUGTRAQ:20010217 BadBlue Web Server Ext.dll Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98263019502565&w=2
Reference: CONFIRM:http://www.badblue.com/p010219.htm
Reference: BID:2390
Reference: URL:http://www.securityfocus.com/bid/2390
Reference: XF:badblue-ext-reveal-path(6130)
Reference: URL:http://xforce.iss.net/static/6130.php

Description:
Vulnerability in linkeditor in HP MPE/iX 6.5 and earlier allows local users to gain privileges. Status: Entry
Reference: HP:HPSBMP0102-009
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0050.html
Reference: XF:hp-linkeditor-gain-privileges(6223)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6223

Description:
Buffer overflow in sudo earlier than 1.6.3p6 allows local users to gain root privileges. Status: Entry
Reference: BUGTRAQ:20010222 Sudo version 1.6.3p6 now available (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0414.html
Reference: MANDRAKE:MDKSA-2001:024
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-024.php3
Reference: DEBIAN:DSA-031
Reference: URL:http://www.debian.org/security/2001/dsa-031
Reference: CONECTIVA:CLA-2001:381
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000381
Reference: REDHAT:RHSA-2001:018
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-018.html
Reference: REDHAT:RHSA-2001:019
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-019.html
Reference: BUGTRAQ:20010225 [slackware-security] buffer overflow in sudo fixed
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0437.html
Reference: BUGTRAQ:20010226 Trustix Security Advisory - sudo
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0427.html

Description:
Buffer overflow in MERCUR SMTP server 3.30 allows remote attackers to execute arbitrary commands via a long EXPN command. Status: Entry
Reference: BUGTRAQ:20010223 Mercur Mailserver 3.3 buffer overflow with EXPN
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0413.html
Reference: XF:mercur-expn-bo(6149)
Reference: URL:http://xforce.iss.net/static/6149.php
Reference: OSVDB:6027
Reference: URL:http://www.osvdb.org/6027

Description:
Buffer overflow in IPSEC authentication mechanism for OpenBSD 2.8 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a malformed Authentication header (AH) IPv4 option. Status: Entry
Reference: OPENBSD:20010302 Insufficient checks in the IPSEC AH IPv4 option handling code can lead to a buffer overrun in the kernel.
Reference: URL:http://www.openbsd.org/errata.html#ipsec_ah
Reference: OSVDB:6026
Reference: URL:http://www.osvdb.org/6026

Description:
VERITAS Cluster Server (VCS) 1.3.0 on Solaris allows local users to cause a denial of service (system panic) via the -L option to the lltstat command. Status: Entry
Reference: BUGTRAQ:20010302 Option to VERITAS Cluster Server (VCS) lltstat command will panic system.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0528.html
Reference: CONFIRM:http://seer.support.veritas.com/docs/234326.htm
Reference: OSVDB:6025
Reference: URL:http://www.osvdb.org/6025

Description:
Cisco switches and routers running IOS 12.1 and earlier produce predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections. Status: Entry
Reference: CISCO:20010228 Cisco IOS Software TCP Initial Sequence Number Randomization Improvements
Reference: URL:http://www.cisco.com/warp/public/707/ios-tcp-isn-random-pub.shtml

Description:
Joe text editor 2.8 searches the current working directory (CWD) for the .joerc configuration file, which could allow local users to gain privileges of other users by placing a Trojan Horse .joerc file into a directory, then waiting for users to execute joe from that directory. Status: Entry
Reference: BUGTRAQ:20010228 Joe's Own Editor File Handling Error
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0490.html
Reference: MANDRAKE:MDKSA-2001:026
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-026.php3
Reference: DEBIAN:DSA-041
Reference: URL:http://www.debian.org/security/2001/dsa-041
Reference: REDHAT:RHSA-2001:024
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-024.html

Description:
Vulnerability in Mailman 2.0.1 and earlier allows list administrators to obtain user passwords. Status: Entry
Reference: BUGTRAQ:20010306 [Mailman-Announce] ANNOUNCE Mailman 2.0.2 (important privacy patch)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0031.html

Description:
Directory traversal vulnerability in War FTP 1.67.04 allows remote attackers to list directory contents and possibly read files via a "dir *./../.." command. Status: Entry
Reference: BUGTRAQ:20010306 Warftp 1.67b04 Directory Traversal
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98390925726814&w=2
Reference: CONFIRM:http://support.jgaa.com/?cmd=ShowArticle&ID=31
Reference: BID:2444
Reference: URL:http://www.securityfocus.com/bid/2444
Reference: OSVDB:874
Reference: URL:http://www.osvdb.org/874

Description:
Buffer overflow in Voyager web administration server for Nokia IP440 allows local users to cause a denial of service, and possibly execute arbitrary commands, via a long URL. Status: Entry
Reference: BUGTRAQ:20001127 Nokia firewalls
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97535202912588&w=2
Reference: BUGTRAQ:20001205 Nokia firewalls - Response from Nokia
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97603879517777&w=2
Reference: XF:nokia-ip440-bo(5640)
Reference: URL:http://xforce.iss.net/xforce/xfdb/5640
Reference: BID:2054
Reference: URL:http://www.securityfocus.com/bid/2054
Reference: OSVDB:6020
Reference: URL:http://www.osvdb.org/6020

Description:
Buffer overflow in Analog before 4.16 allows remote attackers to execute arbitrary commands by using the ALIAS command to construct large strings. Status: Entry
Reference: BUGTRAQ:20010213 Security advisory for analog
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0264.html
Reference: CONFIRM:http://www.analog.cx/security2.html
Reference: REDHAT:RHSA-2001:017
Reference: URL:http://archives.neohapsis.com/archives/linux/redhat/2001-q1/0056.html
Reference: DEBIAN:DSA-033
Reference: URL:http://www.debian.org/security/2001/dsa-033
Reference: BID:2377
Reference: URL:http://www.securityfocus.com/bid/2377
Reference: XF:analog-alias-bo(6105)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6105
Reference: OSVDB:1762
Reference: URL:http://www.osvdb.org/1762

Description:
inetd in Red Hat 6.2 does not properly close sockets for internal services such as chargen, daytime, echo, etc., which allows remote attackers to cause a denial of service via a series of connections to the internal services. Status: Entry
Reference: REDHAT:RHSA-2001:006
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-006.html
Reference: XF:inetd-internal-socket-dos(6380)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6380

Description:
sort in FreeBSD 4.1.1 and earlier, and possibly other operating systems, uses predictable temporary file names and does not properly handle when the temporary file already exists, which causes sort to crash and possibly impacts security-sensitive scripts. Status: Entry
Reference: FREEBSD:FreeBSD-SA-01:13
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:13.sort.asc
Reference: BID:3960
Reference: URL:http://www.securityfocus.com/bid/3960
Reference: XF:sort-temp-file-abort
Reference: URL:http://xforce.iss.net/static/6038.php

Description:
Vulnerability in OmniBackII A.03.50 in HP 11.x and earlier allows attackers to gain unauthorized access to an OmniBack client. Status: Entry
Reference: HP:HPSBUX0102-142
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0102-142
Reference: HPBUG:PHSS_22914
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0022.html
Reference: HPBUG:PHSS_22915
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0023.html
Reference: XF:omniback-unauthorized-access(6434)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6434

Description:
Linux kernel 2.4 and 2.2 allows local users to read kernel memory and possibly gain privileges via a negative argument to the sysctl call. Status: Entry
Reference: REDHAT:RHSA-2001:013
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-013.html
Reference: CALDERA:CSSA-2001-009
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-009.0.txt
Reference: BUGTRAQ:20010213 Trustix Security Advisory - proftpd, kernel
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html
Reference: BID:2364
Reference: URL:http://www.securityfocus.com/bid/2364
Reference: OSVDB:6017
Reference: URL:http://www.osvdb.org/6017
Reference: XF:linux-sysctl-read-memory(6079)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6079

Description:
Race condition in ptrace in Linux kernel 2.4 and 2.2 allows local users to gain privileges by using ptrace to track and modify a running setuid process. Status: Entry
Reference: BUGTRAQ:20010213 Trustix Security Advisory - proftpd, kernel
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0267.html
Reference: REDHAT:RHSA-2001:013
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-013.html
Reference: CALDERA:CSSA-2001-009
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-009.0.txt
Reference: XF:linux-ptrace-modify-process(6080)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6080

Description:
Format string vulnerability in ProFTPD 1.2.0rc2 may allow attackers to execute arbitrary commands by shutting down the FTP server while using a malformed working directory (cwd). Status: Entry
Reference: BUGTRAQ:20010110 proftpd 1.2.0rc2 -- example of bad coding
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=97916525715657&w=2
Reference: BUGTRAQ:20010206 Response to ProFTPD issues
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0117.html
Reference: MANDRAKE:MDKSA-2001:021
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-021.php3
Reference: DEBIAN:DSA-029
Reference: URL:http://www.debian.org/security/2001/dsa-029
Reference: CONECTIVA:CLA-2001:380
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000380
Reference: XF:proftpd-format-string(6433)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6433

Description:
orderdspc.d2w macro in IBM Net.Commerce 3.x allows remote attackers to execute arbitrary SQL queries by inserting them into the order_rn option of the report capability. Status: Entry
Reference: BUGTRAQ:20010205 IBM NetCommerce Security
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0072.html
Reference: CONFIRM:http://www-4.ibm.com/software/webservers/commerce/netcomletter.html
Reference: BID:2350
Reference: URL:http://www.securityfocus.com/bid/2350
Reference: XF:ibm-netcommerce-reveal-information(6067)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6067

Description:
opendir.php script in PHP-Nuke allows remote attackers to read arbitrary files by specifying the filename as an argument to the requesturl parameter. Status: Entry
Reference: BUGTRAQ:20010212 Fwd: Re: phpnuke, security problem...
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0214.html
Reference: XF:phpnuke-opendir-read-files(6512)
Reference: URL:http://xforce.iss.net/static/6512.php

Description:
Oracle Java Virtual Machine (JVM ) for Oracle 8.1.7 and Oracle Application Server 9iAS Release 1.0.2.0.1 allows remote attackers to read arbitrary files via the .jsp and .sqljsp file extensions when the server is configured to use the <<ALL FILES>> FilePermission. Status: Entry
Reference: BUGTRAQ:20010212 Solution for Potential Vunerability in Granting FilePermission to Oracle Java Virtual Machine
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0255.html
Reference: XF:oracle-jvm-file-permissions(6438)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6438
Reference: OSVDB:5706
Reference: URL:http://www.osvdb.org/5706

Description:
iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to retrieve sensitive data from memory allocation pools, or cause a denial of service, via a URL-encoded Host: header in the HTTP request, which reveals memory in the Location: header that is returned by the server. Status: Entry
Reference: ATSTAKE:A041601-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a041601-1.txt
Reference: CONFIRM:http://www.iplanet.com/products/iplanet_web_enterprise/iwsalert4.16.html
Reference: CERT-VN:VU#276767
Reference: URL:http://www.kb.cert.org/vuls/id/276767
Reference: OSVDB:5704
Reference: URL:http://www.osvdb.org/5704

Description:
Bugzilla 2.10 allows remote attackers to access sensitive information, including the database username and password, via an HTTP request for the globals.pl file, which is normally returned by the web server without being executed. Status: Entry
Reference: ATSTAKE:A043001-1
Reference: URL:http://www.atstake.com/research/advisories/2001/a043001-1.txt
Reference: BID:2671
Reference: URL:http://www.securityfocus.com/bid/2671
Reference: XF:bugzilla-gobalpl-gain-information(6489)
Reference: URL:http://xforce.iss.net/static/6489.php

Description:
Buffer overflow in Embedded Support Partner (ESP) daemon (rpc.espd) in IRIX 6.5.8 and earlier allows remote attackers to execute arbitrary commands. Status: Entry
Reference: ISS:20010509 Remote Buffer Overflow Vulnerability in IRIX Embedded Support Partner Infrastructure
Reference: URL:http://xforce.iss.net/alerts/advise76.php
Reference: SGI:20010501-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20010501-01-P
Reference: CERT-VN:VU#258632
Reference: URL:http://www.kb.cert.org/vuls/id/258632
Reference: BID:2714
Reference: URL:http://www.securityfocus.com/bid/2714
Reference: OSVDB:1822
Reference: URL:http://www.osvdb.org/1822
Reference: XF:irix-espd-bo(6502)
Reference: URL:http://xforce.iss.net/static/6502.php

Description:
Directory traversal vulnerability in IIS 5.0 and earlier allows remote attackers to execute arbitrary commands by encoding .. (dot dot) and "\" characters twice. Status: Entry
Reference: BUGTRAQ:20010515 NSFOCUS SA2001-02 : Microsoft IIS CGI Filename Decode Error Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98992056521300&w=2
Reference: MS:MS01-026
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-026.asp
Reference: CERT:CA-2001-12
Reference: URL:http://www.cert.org/advisories/CA-2001-12.html
Reference: XF:iis-url-decoding(6534)
Reference: URL:http://xforce.iss.net/static/6534.php
Reference: BID:2708
Reference: URL:http://www.securityfocus.com/bid/2708
Reference: OVAL:oval:org.mitre.oval:def:1018
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1018
Reference: OVAL:oval:org.mitre.oval:def:1051
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1051
Reference: OVAL:oval:org.mitre.oval:def:37
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:37
Reference: OVAL:oval:org.mitre.oval:def:78
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:78

Description:
FTP service in IIS 5.0 and earlier allows remote attackers to cause a denial of service via a wildcard sequence that generates a long string when it is expanded. Status: Entry
Reference: MS:MS01-026
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-026.asp
Reference: XF:iis-ftp-wildcard-dos(6535)
Reference: URL:http://xforce.iss.net/static/6535.php

Description:
FTP service in IIS 5.0 and earlier allows remote attackers to enumerate Guest accounts in trusted domains by preceding the username with a special sequence of characters. Status: Entry
Reference: MS:MS01-026
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-026.asp
Reference: XF:iis-ftp-domain-authentication(6545)
Reference: URL:http://xforce.iss.net/static/6545.php
Reference: BID:2719
Reference: URL:http://www.securityfocus.com/bid/2719

Description:
The Microsoft MS00-060 patch for IIS 5.0 and earlier introduces an error which allows attackers to cause a denial of service via a malformed request. Status: Entry
Reference: MS:MS01-026
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-026.asp
Reference: XF:iis-crosssitescripting-patch-dos(6858)
Reference: URL:http://xforce.iss.net/static/6858.php
Reference: OSVDB:5693
Reference: URL:http://www.osvdb.org/5693

Description:
Internet Explorer 5.5 and earlier does not properly validate digital certificates when Certificate Revocation List (CRL) checking is enabled, which could allow remote attackers to spoof trusted web sites, aka the "Server certificate validation vulnerability." Status: Entry
Reference: MS:MS01-027
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-027.asp
Reference: CIAC:L-087
Reference: URL:http://www.ciac.org/ciac/bulletins/l-087.shtml
Reference: XF:ie-crl-certificate-spoofing(6555)
Reference: URL:http://xforce.iss.net/static/6555.php
Reference: BID:2735
Reference: URL:http://www.securityfocus.com/bid/2735

Description:
Internet Explorer 5.5 and earlier allows remote attackers to display a URL in the address bar that is different than the URL that is actually being displayed, which could be used in web site spoofing attacks, aka the "Web page spoofing vulnerability." Status: Entry
Reference: MS:MS01-027
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-027.asp
Reference: CIAC:L-087
Reference: URL:http://www.ciac.org/ciac/bulletins/l-087.shtml
Reference: XF:ie-html-url-spoofing(6556)
Reference: URL:http://xforce.iss.net/static/6556.php
Reference: BID:2737
Reference: URL:http://www.securityfocus.com/bid/2737
Reference: OSVDB:5694
Reference: URL:http://www.osvdb.org/5694
Reference: OVAL:oval:org.mitre.oval:def:1096
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1096

Description:
An interaction between the Outlook Web Access (OWA) service in Microsoft Exchange 2000 Server and Internet Explorer allows attackers to execute malicious script code against a user's mailbox via a message attachment that contains HTML code, which is executed automatically. Status: Entry
Reference: MS:MS01-030
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-030.asp
Reference: CIAC:L-091
Reference: URL:http://www.ciac.org/ciac/bulletins/l-091.shtml
Reference: XF:exchange-owa-script-execution(6652)
Reference: URL:http://xforce.iss.net/static/6652.php

Description:
Buffer overflow in Microsoft Visual Studio RAD Support sub-component of FrontPage Server Extensions allows remote attackers to execute arbitrary commands via a long registration request (URL) to fp30reg.dll. Status: Entry
Reference: BUGTRAQ:20010625 NSFOCUS SA2001-03 : Microsoft FrontPage 2000 Server Extensions Buffer Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99348216322147&w=2
Reference: MS:MS01-035
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-035.asp
Reference: BID:2906
Reference: URL:http://www.securityfocus.com/bid/2906
Reference: XF:frontpage-ext-rad-bo(6730)
Reference: URL:http://xforce.iss.net/static/6730.php
Reference: OSVDB:577
Reference: URL:http://www.osvdb.org/577

Description:
An SQL query method in Microsoft SQL Server 2000 Gold and 7.0 using Mixed Mode allows local database users to gain privileges by reusing a cached connection of the sa administrator account. Status: Entry
Reference: MS:MS01-032
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-032.asp
Reference: CIAC:L-095
Reference: URL:http://www.ciac.org/ciac/bulletins/l-095.shtml
Reference: XF:mssql-cached-connection-access(6684)
Reference: URL:http://xforce.iss.net/static/6684.php
Reference: OVAL:oval:org.mitre.oval:def:71
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:71

Description:
Microsoft Windows 2000 telnet service allows attackers to prevent idle Telnet sessions from timing out, causing a denial of service by creating a large number of idle sessions. Status: Entry
Reference: MS:MS01-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp
Reference: BID:2843
Reference: URL:http://www.securityfocus.com/bid/2843
Reference: XF:win2k-telnet-idle-sessions-dos(6667)
Reference: URL:http://xforce.iss.net/static/6667.php

Description:
Handle leak in Microsoft Windows 2000 telnet service allows attackers to cause a denial of service by starting a large number of sessions and terminating them. Status: Entry
Reference: MS:MS01-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp
Reference: XF:win2k-telnet-handle-leak-dos(6668)
Reference: URL:http://xforce.iss.net/static/6668.php

Description:
Information disclosure vulnerability in Microsoft Windows 2000 telnet service allows remote attackers to determine the existence of user accounts such as Guest, or log in to the server without specifying the domain name, via a malformed userid. Status: Entry
Reference: MS:MS01-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp
Reference: CIAC:L-092
Reference: URL:http://www.ciac.org/ciac/bulletins/l-092.shtml
Reference: BID:2847
Reference: URL:http://www.securityfocus.com/bid/2847
Reference: XF:win2k-telnet-domain-authentication(6665)
Reference: URL:http://xforce.iss.net/static/6665.php
Reference: OSVDB:5686
Reference: URL:http://www.osvdb.org/5686

Description:
Microsoft Windows 2000 telnet service allows attackers to cause a denial of service (crash) via a long logon command that contains a backspace. Status: Entry
Reference: BUGTRAQ:20050511 Microsoft Windows 2000 Telnet server vulnerability
Reference: BINDVIEW:20010608 Range checking fault condition in Microsoft Windows 2000 Telnet server
Reference: URL:http://razor.bindview.com/publish/advisories/adv_mstelnet.html
Reference: MS:MS01-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp
Reference: CIAC:L-092
Reference: URL:http://www.ciac.org/ciac/bulletins/l-092.shtml
Reference: BID:2838
Reference: XF:win2k-telnet-username-dos(6666)
Reference: URL:http://xforce.iss.net/static/6666.php

Description:
Microsoft Windows 2000 telnet service allows a local user to make a certain system call that allows the user to terminate a Telnet session and cause a denial of service. Status: Entry
Reference: MS:MS01-031
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-031.asp
Reference: CIAC:L-092
Reference: URL:http://www.ciac.org/ciac/bulletins/l-092.shtml
Reference: XF:win2k-telnet-system-call-dos(6669)
Reference: URL:http://xforce.iss.net/static/6669.php
Reference: BID:2846
Reference: URL:http://www.securityfocus.com/bid/2846

Description:
Buffer overflow in the line printer daemon (in.lpd) for Solaris 8 and earlier allows local and remote attackers to gain root privileges via a "transfer job" routine. Status: Entry
Reference: ISS:20010619 Remote Buffer Overflow Vulnerability in Solaris Print Protocol Daemon
Reference: URL:http://xforce.iss.net/alerts/advise80.php
Reference: SUN:00206
Reference: URL:http://sunsolve.sun.com/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/206
Reference: CERT:CA-2001-15
Reference: URL:http://www.cert.org/advisories/CA-2001-15.html
Reference: XF:solaris-lpd-bo(6718)
Reference: URL:http://xforce.iss.net/static/6718.php
Reference: BID:2894
Reference: URL:http://www.securityfocus.com/bid/2894

Description:
Implementations of SSH version 1.5, including (1) OpenSSH up to version 2.3.0, (2) AppGate, and (3) ssh-1 up to version 1.2.31, in certain configurations, allow a remote attacker to decrypt and/or alter traffic via a "Bleichenbacher attack" on PKCS#1 version 1.5. Status: Entry
Reference: BUGTRAQ:20010207 [CORE SDI ADVISORY] SSH1 session key recovery vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98158450021686&w=2
Reference: CIAC:L-047
Reference: URL:http://www.ciac.org/ciac/bulletins/l-047.shtml
Reference: FREEBSD:FreeBSD-SA-01:24
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:24.ssh.asc
Reference: DEBIAN:DSA-023
Reference: URL:http://www.debian.org/security/2001/dsa-023
Reference: DEBIAN:DSA-027
Reference: URL:http://www.debian.org/security/2001/dsa-027
Reference: DEBIAN:DSA-086
Reference: URL:http://www.debian.org/security/2001/dsa-086
Reference: CISCO:20010627 Multiple SSH Vulnerabilities
Reference: SUSE:SuSE-SA:2001:04
Reference: URL:http://www.novell.com/linux/security/advisories/adv004_ssh.html
Reference: XF:ssh-session-key-recovery(6082)
Reference: URL:http://xforce.iss.net/static/6082.php
Reference: BID:2344
Reference: URL:http://www.securityfocus.com/bid/2344
Reference: OSVDB:2116
Reference: URL:http://www.osvdb.org/2116

Description:
SSH Communications Security sshd 2.4 for Windows allows remote attackers to create a denial of service via a large number of simultaneous connections. Status: Entry
Reference: BUGTRAQ:20010315 Remote DoS attack against SSH Secure Shell for Windows Servers
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98467799732241&w=2
Reference: BID:2477
Reference: URL:http://www.securityfocus.com/bid/2477
Reference: XF:ssh-ssheloop-dos(6241)
Reference: URL:http://xforce.iss.net/static/6241.php

Description:
Eudora before 5.1 allows a remote attacker to execute arbitrary code, when the 'Use Microsoft Viewer' and 'allow executables in HTML content' options are enabled, via an HTML email message containing Javascript, with ActiveX controls and malicious code within IMG tags. Status: Entry
Reference: BUGTRAQ:20010318 feeble.you!dora.exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98503741910995&w=2
Reference: XF:eudora-html-execute-code(6262)
Reference: URL:http://xforce.iss.net/static/6262.php
Reference: BID:2490
Reference: URL:http://www.securityfocus.com/bid/2490

Description:
saposcol in SAP R/3 Web Application Server Demo before 1.5 trusts the PATH environmental variable to find and execute the expand program, which allows local users to obtain root access by modifying the PATH to point to a Trojan horse expand program. Status: Entry
Reference: BUGTRAQ:20010429 SAP R/3 Web Application Server Demo for Linux: root exploit
Reference: URL:http://www.securityfocus.com/archive/1/180498
Reference: CONFIRM:ftp://ftp.sap.com/pub/linuxlab/saptools/README.saposcol
Reference: BID:2662
Reference: URL:http://www.securityfocus.com/bid/2662
Reference: XF:linux-sap-execute-code(6487)
Reference: URL:http://xforce.iss.net/static/6487.php

Description:
Directory traversal vulnerability in BearShare 2.2.2 and earlier allows a remote attacker to read certain files via a URL containing a series of . characters, a variation of the .. (dot dot) attack. Status: Entry
Reference: BUGTRAQ:20010430 A Serious Security Vulnerability Found in BearShare (Directory Traversal)
Reference: URL:http://www.securityfocus.com/archive/1/180644
Reference: BID:2672
Reference: URL:http://www.securityfocus.com/bid/2672
Reference: XF:bearshare-dot-download-files(6481)
Reference: URL:http://xforce.iss.net/static/6481.php
Reference: OSVDB:1810
Reference: URL:http://www.osvdb.org/1810

Description:
Race condition in the UFS and EXT2FS file systems in FreeBSD 4.2 and earlier, and possibly other operating systems, makes deleted data available to user processes before it is zeroed out, which allows a local user to access otherwise restricted information. Status: Entry
Reference: FREEBSD:FreeBSD-SA-01:30
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-03/0403.html
Reference: XF:ufs-ext2fs-data-disclosure(6268)
Reference: URL:http://xforce.iss.net/static/6268.php
Reference: OSVDB:5682
Reference: URL:http://www.osvdb.org/5682

Description:
The default configuration of the Dr. Watson program in Windows NT and Windows 2000 generates user.dmp crash dump files with world-readable permissions, which could allow a local user to gain access to sensitive information. Status: Entry
Reference: BUGTRAQ:20010323 NT crash dump files insecure by default
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0336.html
Reference: BID:2501
Reference: URL:http://www.securityfocus.com/bid/2501
Reference: XF:win-userdmp-insecure-permission(6275)
Reference: URL:http://xforce.iss.net/static/6275.php
Reference: OSVDB:5683
Reference: URL:http://www.osvdb.org/5683

Description:
Cisco PIX Firewall 515 and 520 with 5.1.4 OS running aaa authentication to a TACACS+ server allows remote attackers to cause a denial of service via a large number of authentication requests. Status: Entry
Reference: BUGTRAQ:20010406 PIX Firewall 5.1 DoS Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98658271707833&w=2
Reference: CISCO:20011003 Cisco PIX Firewall Authentication Denial of Service Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/pixfirewall-authen-flood-pub.shtml
Reference: XF:cisco-pix-tacacs-dos(6353)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6353
Reference: BID:2551
Reference: URL:http://www.securityfocus.com/bid/2551

Description:
Infradig Inframail prior to 3.98a allows a remote attacker to create a denial of service via a malformed POST request which includes a space followed by a large string. Status: Entry
Reference: BUGTRAQ:20010328 Inframail Denial of Service Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0428.html
Reference: XF:inframail-post-dos(6297)
Reference: URL:http://xforce.iss.net/static/6297.php
Reference: OSVDB:5685
Reference: URL:http://www.osvdb.org/5685

Description:
readline prior to 4.1, in OpenBSD 2.8 and earlier, creates history files with insecure permissions, which allows a local attacker to recover potentially sensitive information via readline history files. Status: Entry
Reference: CONFIRM:ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.8/common/024_readline.patch
Reference: XF:bsd-readline-permissions(6586)
Reference: URL:http://xforce.iss.net/static/6586.php
Reference: OSVDB:5680
Reference: URL:http://www.osvdb.org/5680

Description:
Vulnerability in the newgrp program included with HP9000 servers running HP-UX 11.11 allows a local attacker to obtain higher access rights. Status: Entry
Reference: HP:HPSBUX0103-147
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q1/0101.html
Reference: CERT-VN:VU#249224
Reference: URL:http://www.kb.cert.org/vuls/id/249224
Reference: XF:hp-newgrp-additional-privileges(6282)
Reference: URL:http://xforce.iss.net/static/6282.php
Reference: OSVDB:5681
Reference: URL:http://www.osvdb.org/5681

Description:
banners.php in PHP-Nuke 4.4 and earlier allows remote attackers to modify banner ad URLs by directly calling the Change operation, which does not require authentication. Status: Entry
Reference: BUGTRAQ:20010401 Php-nuke exploit...
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0017.html
Reference: CONFIRM:http://phpnuke.org/download.php?dcategory=Fixes
Reference: XF:php-nuke-url-redirect(6342)
Reference: URL:http://xforce.iss.net/static/6342.php
Reference: BID:2544
Reference: URL:http://www.securityfocus.com/bid/2544

Description:
AnalogX SimpleServer:WWW 1.08 allows remote attackers to cause a denial of service via an HTTP request to the /aux directory. Status: Entry
Reference: BUGTRAQ:20010417 Advisory for SimpleServer:WWW (analogX)
Reference: URL:http://www.securityfocus.com/archive/1/177156
Reference: BID:2608
Reference: URL:http://www.securityfocus.com/bid/2608
Reference: XF:analogx-simpleserver-aux-dos(6395)
Reference: URL:http://xforce.iss.net/static/6395.php
Reference: OSVDB:3781
Reference: URL:http://www.osvdb.org/3781

Description:
Format string vulnerability in hfaxd in HylaFAX before 4.1.b2_2 allows local users to gain privileges via the -q command line argument. Status: Entry
Reference: BUGTRAQ:20010412 HylaFAX vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/175963
Reference: BUGTRAQ:20010415 **SECURITY ADVISORY** - HylaFAX format string vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0236.html
Reference: FREEBSD:FreeBSD-SA-01:34
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-04/0606.html
Reference: SUSE:SuSE-SA:2001:15
Reference: URL:http://lists.suse.com/archives/suse-security-announce/2001-Apr/0005.html
Reference: MANDRAKE:MDKSA-2001:041
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-041.php3
Reference: BID:2574
Reference: URL:http://www.securityfocus.com/bid/2574
Reference: XF:hylafax-hfaxd-format-string(6377)
Reference: URL:http://xforce.iss.net/static/6377.php
Reference: OSVDB:5679
Reference: URL:http://www.osvdb.org/5679

Description:
time server daemon timed allows remote attackers to cause a denial of service via malformed packets. Status: Entry
Reference: FREEBSD:FreeBSD-SA-01:28
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:28.timed.asc
Reference: MANDRAKE:MDKSA-2001:034
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-034.php3
Reference: SUSE:SuSE-SA:2001:07
Reference: URL:http://www.novell.com/linux/security/advisories/2001_007_nkitserv.html
Reference: XF:timed-remote-dos(6228)
Reference: URL:http://xforce.iss.net/static/6228.php

Description:
Remote manager service in Website Pro 3.0.37 allows remote attackers to cause a denial of service via a series of malformed HTTP requests to the /dyn directory. Status: Entry
Reference: BUGTRAQ:20010328 def-2001-15: Website Pro Remote Manager DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0425.html
Reference: XF:website-pro-remote-dos(6295)
Reference: URL:http://xforce.iss.net/static/6295.php
Reference: OSVDB:5669
Reference: URL:http://www.osvdb.org/5669

Description:
IPFilter 3.4.16 and earlier does not include sufficient session information in its cache, which allows remote attackers to bypass access restrictions by sending fragmented packets to a restricted port after sending unfragmented packets to an unrestricted port. Status: Entry
Reference: BUGTRAQ:20010408 A fragmentation attack against IP Filter
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98679734015538&w=2
Reference: FREEBSD:FreeBSD-SA-01:32
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-04/0338.html
Reference: XF:ipfilter-access-ports(6331)
Reference: URL:http://xforce.iss.net/static/6331.php

Description:
ip_conntrack_ftp in the IPTables firewall for Linux 2.4 allows remote attackers to bypass access restrictions for an FTP server via a PORT command that lists an arbitrary IP address and port number, which is added to the RELATED table and allowed by the firewall. Status: Entry
Reference: BUGTRAQ:20010416 Tempest Security Techonologies -- Adivsory #01/2001 -- Linux IPTables
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0271.html
Reference: REDHAT:RHSA-2001:052
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-052.html
Reference: REDHAT:RHSA-2001:084
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-084.html
Reference: MANDRAKE:MDKSA-2001:071
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-071.php3
Reference: BID:2602
Reference: URL:http://www.securityfocus.com/bid/2602
Reference: XF:linux-netfilter-iptables(6390)
Reference: URL:http://xforce.iss.net/static/6390.php

Description:
Directory traversal vulnerability in MySQL before 3.23.36 allows local users to modify arbitrary files and gain privileges by creating a database whose name starts with .. (dot dot). Status: Entry
Reference: BUGTRAQ:20010318 potential vulnerability of mysqld running with root privileges (can be used as good DoS or r00t expoloit)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0237.html
Reference: BUGTRAQ:20010327 MySQL 3.23.36 is relased (fwd)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0396.html
Reference: XF:mysql-dot-directory-traversal(6617)
Reference: URL:http://xforce.iss.net/static/6617.php
Reference: BID:2522
Reference: URL:http://www.securityfocus.com/bid/2522

Description:
vim (aka gvim) processes VIM control codes that are embedded in a file, which could allow attackers to execute arbitrary commands when another user opens a file containing malicious VIM control codes. Status: Entry
Reference: MANDRAKE:MDKSA-2001:035
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-035.php3
Reference: REDHAT:RHSA-2001:008
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-008.html
Reference: SUSE:SuSE-SA:2001:12
Reference: URL:http://www.novell.com/linux/security/advisories/2001_012_vim.html
Reference: CALDERA:CSSA-2001-014.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-014.0.txt
Reference: BUGTRAQ:20010329 Immunix OS Security update for vim
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98593106111968&w=2
Reference: BID:2510
Reference: URL:http://www.securityfocus.com/bid/2510
Reference: XF:vim-elevate-privileges(6259)
Reference: URL:http://xforce.iss.net/static/6259.php

Description:
vim (aka gvim) allows local users to modify files being edited by other users via a symlink attack on the backup and swap files, when the victim is editing the file in a world writable directory. Status: Entry
Reference: SUSE:SuSE-SA:2001:12
Reference: URL:http://www.novell.com/linux/security/advisories/2001_012_vim.html
Reference: CALDERA:CSSA-2001-014.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-014.0.txt
Reference: XF:vim-tmp-symlink(6628)
Reference: URL:http://xforce.iss.net/static/6628.php

Description:
Cisco Content Services (CSS) switch products 11800 and earlier, aka Arrowpoint, allows local users to gain privileges by entering debug mode. Status: Entry
Reference: CISCO:20010404 Cisco Content Services Switch User Account Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/arrowpoint-useraccnt-debug-pub.shtml
Reference: BID:2559
Reference: URL:http://www.securityfocus.com/bid/2559
Reference: XF:cisco-css-elevate-privileges(6322)
Reference: URL:http://xforce.iss.net/static/6322.php
Reference: OSVDB:1784
Reference: URL:http://www.osvdb.org/1784

Description:
BinTec X4000 Access router, and possibly other versions, allows remote attackers to cause a denial of service via a SYN port scan, which causes the router to hang. Status: Entry
Reference: BUGTRAQ:20010404 BinTec X4000 Access Router DoS Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98644414226344&w=2
Reference: BUGTRAQ:20010406 X4000 DoS: Details and workaround
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98659862317070&w=2
Reference: BUGTRAQ:20010410 BinTec Router DoS: Workaround and Details
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0145.html
Reference: BUGTRAQ:20010409 BINTEC X1200
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98697054804197&w=2
Reference: XF:bintec-x4000-nmap-dos(6323)
Reference: URL:http://xforce.iss.net/static/6323.php

Description:
Buffer overflow in ntpd ntp daemon 4.0.99k and earlier (aka xntpd and xntp3) allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long readvar argument. Status: Entry
Reference: BUGTRAQ:20010404 ntpd =< 4.0.99k remote buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98642418618512&w=2
Reference: BUGTRAQ:20010405 Re: ntpd =< 4.0.99k remote buffer overflow]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98654963328381&w=2
Reference: REDHAT:RHSA-2001:045
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-045.html
Reference: CALDERA:CSSA-2001-013
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-013.0.txt
Reference: MANDRAKE:MDKSA-2001:036
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-036.php3
Reference: DEBIAN:DSA-045
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98651866104663&w=2
Reference: NETBSD:NetBSD-SA2001-004
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/misc/security/advisories/NetBSD-SA2001-004.txt.asc
Reference: SUSE:SuSE-SA:2001:10
Reference: URL:http://lists.suse.com/archives/suse-security-announce/2001-Apr/0000.html
Reference: CONECTIVA:CLA-2001:392
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000392
Reference: FREEBSD:FreeBSD-SA-01:31
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:31.ntpd.asc
Reference: SCO:SSE073
Reference: URL:ftp://ftp.sco.com/SSE/sse073.ltr
Reference: SCO:SSE074
Reference: URL:ftp://ftp.sco.com/SSE/sse074.ltr
Reference: BUGTRAQ:20010408 [slackware-security] buffer overflow fix for NTP
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98679815917014&w=2
Reference: BUGTRAQ:20010409 PROGENY-SA-2001-02: ntpd remote buffer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684202610470&w=2
Reference: BUGTRAQ:20010409 ntpd - new Debian 2.2 (potato) version is also vulnerable
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98684532921941&w=2
Reference: BUGTRAQ:20010406 Immunix OS Security update for ntp and xntp3
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98659782815613&w=2
Reference: BUGTRAQ:20010409 ntp-4.99k23.tar.gz is available
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98683952401753&w=2
Reference: BUGTRAQ:20010418 IBM MSS Outside Advisory Redistribution: IBM AIX: Buffer Overflow Vulnerability in (x)ntp
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0314.html
Reference: BUGTRAQ:20010409 [ESA-20010409-01] xntp buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0127.html
Reference: BUGTRAQ:20010413 PROGENY-SA-2001-02A: [UPDATE] ntpd remote buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0225.html
Reference: BID:2540
Reference: URL:http://www.securityfocus.com/bid/2540
Reference: OSVDB:805
Reference: URL:http://www.osvdb.org/805
Reference: OVAL:oval:org.mitre.oval:def:3831
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3831
Reference: XF:ntpd-remote-bo(6321)
Reference: URL:http://xforce.iss.net/static/6321.php

Description:
sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools. Status: Entry
Reference: DEBIAN:DSA-038
Reference: URL:http://www.debian.org/security/2001/dsa-038
Reference: REDHAT:RHSA-2001:027
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-027.html
Reference: BUGTRAQ:20010316 Immunix OS Security update for sgml-tools
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98477491130367&w=2
Reference: MANDRAKE:MDKSA-2001:030
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-030.php3
Reference: CONECTIVA:CLA-2001:390
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000390
Reference: XF:sgmltools-symlink
Reference: URL:http://xforce.iss.net/static/6201.php
Reference: SUSE:SuSE-SA:2001:16
Reference: URL:http://www.novell.com/linux/security/advisories/2001_016_sgmltool_txt.html
Reference: BID:2683
Reference: URL:http://www.securityfocus.com/bid/2683
Reference: BID:2506
Reference: URL:http://www.securityfocus.com/bid/2506

Description:
Buffer overflow in Xsun in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable. Status: Entry
Reference: BUGTRAQ:20010410 Solaris Xsun buffer overflow vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0158.html
Reference: SUNBUG:4356377
Reference: SUNBUG:4425845
Reference: SUNBUG:4440161
Reference: BID:2561
Reference: URL:http://www.securityfocus.com/bid/2561
Reference: OVAL:oval:org.mitre.oval:def:555
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:555
Reference: XF:solaris-xsun-home-bo(6343)
Reference: URL:http://xforce.iss.net/static/6343.php

Description:
Buffer overflow in ipcs in Solaris 7 x86 allows local users to execute arbitrary code via a long TZ (timezone) environmental variable, a different vulnerability than CAN-2002-0093. Status: Entry
Reference: BUGTRAQ:20010412 Solaris ipcs vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0217.html
Reference: BID:2581
Reference: URL:http://www.securityfocus.com/bid/2581
Reference: XF:solaris-ipcs-bo(6369)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6369

Description:
Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via a flood of invalid login requests to (1) the SSL service, or (2) the telnet service, which do not properly disconnect the user after several failed login attempts. Status: Entry
Reference: CISCO:20010328 VPN3000 Concentrator TELNET Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-telnet-vuln-pub.shtml
Reference: XF:cisco-vpn-telnet-dos(6298)
Reference: URL:http://xforce.iss.net/static/6298.php
Reference: OSVDB:5643
Reference: URL:http://www.osvdb.org/5643

Description:
Cisco VPN 3000 series concentrators before 2.5.2(F) allow remote attackers to cause a denial of service via an IP packet with an invalid IP option. Status: Entry
Reference: CISCO:20010412 VPN 3000 Concentrator IP Options Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/vpn3k-ipoptions-vuln-pub.shtml
Reference: BID:2573
Reference: URL:http://www.securityfocus.com/bid/2573
Reference: XF:cisco-vpn-ip-dos(6360)
Reference: URL:http://xforce.iss.net/static/6360.php
Reference: OSVDB:1786
Reference: URL:http://www.osvdb.org/1786

Description:
Cisco Catalyst 5000 series switches 6.1(2) and earlier will forward an 802.1x frame on a Spanning Tree Protocol (STP) blocked port, which causes a network storm and a denial of service. Status: Entry
Reference: CISCO:20010416 Catalyst 5000 Series 802.1x Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/cat5k-8021x-vuln-pub.shtml
Reference: CIAC:L-072
Reference: URL:http://www.ciac.org/ciac/bulletins/l-072.shtml
Reference: BID:2604
Reference: URL:http://www.securityfocus.com/bid/2604
Reference: XF:cisco-catalyst-8021x-dos(6379)
Reference: URL:http://xforce.iss.net/static/6379.php

Description:
Vulnerability in exuberant-ctags before 3.2.4-0.1 insecurely creates temporary files. Status: Entry
Reference: DEBIAN:DSA-046
Reference: URL:http://archives.neohapsis.com/archives/vendor/2001-q2/0005.html
Reference: XF:exuberant-ctags-symlink(6388)
Reference: URL:http://xforce.iss.net/static/6388.php
Reference: OSVDB:5642
Reference: URL:http://www.osvdb.org/5642

Description:
The LogDataListToFile ActiveX function used in (1) Knowledge Center and (2) Back web components of Compaq Presario computers allows remote attackers to modify arbitrary files and cause a denial of service. Status: Entry
Reference: COMPAQ:SSRT0716
Reference: URL:http://ftp.support.compaq.com/patches/.new/html/SSRT0716-01.shtml
Reference: XF:compaq-activex-dos(6355)
Reference: URL:http://xforce.iss.net/static/6355.php

Description:
licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. Status: Entry
Reference: CONECTIVA:CLA-2001:389
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000389
Reference: MANDRAKE:MDKSA-2001:032
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-032.php3
Reference: FREEBSD:FreeBSD-SA-01:35
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-04/0607.html
Reference: REDHAT:RHSA-2001:022
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-022.html
Reference: REDHAT:RHSA-2001:023
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-023.html
Reference: XF:licq-url-execute-commands(6261)
Reference: URL:http://xforce.iss.net/static/6261.php
Reference: OSVDB:5641
Reference: URL:http://www.osvdb.org/5641

Description:
Buffer overflow in logging functions of licq before 1.0.3 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands. Status: Entry
Reference: CONECTIVA:CLA-2001:389
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000389
Reference: MANDRAKE:MDKSA-2001:032
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-032.php3
Reference: FREEBSD:FreeBSD-SA-01:35
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-04/0607.html
Reference: REDHAT:RHSA-2001:022
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-022.html
Reference: REDHAT:RHSA-2001:023
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-023.html
Reference: XF:licq-logging-bo(6645)
Reference: URL:http://xforce.iss.net/static/6645.php
Reference: OSVDB:5601
Reference: URL:http://www.osvdb.org/5601

Description:
Buffer overflow in Mercury MTA POP3 server for NetWare 1.48 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long APOP command. Status: Entry
Reference: BUGTRAQ:20010421 Mercury for NetWare POP3 server vulnerable to remote buffer overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0378.html
Reference: BUGTRAQ:20010424 Re: Mercury for NetWare POP3 server vulnerable to remote buffer overflow
Reference: URL:http://online.securityfocus.com/archive/1/179217
Reference: BID:2641
Reference: URL:http://www.securityfocus.com/bid/2641
Reference: XF:mercury-mta-bo(6444)
Reference: URL:http://www.iss.net/security_center/static/6444.php

Description:
Cisco CBOS 2.3.0.053 sends output of the "sh nat" (aka "show nat") command to the terminal of the next user who attempts to connect to the router via telnet, which could allow that user to obtain sensitive information. Status: Entry
Reference: BUGTRAQ:20010420 Bug in Cisco CBOS v2.3.0.053
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0380.html
Reference: XF:cisco-cbos-gain-information(6453)
Reference: URL:http://xforce.iss.net/static/6453.php
Reference: BID:2635
Reference: URL:http://www.securityfocus.com/bid/2635
Reference: OSVDB:1796
Reference: URL:http://www.osvdb.org/1796

Description:
Buffer overflow in WinZip 8.0 allows attackers to execute arbitrary commands via a long file name that is processed by the /zipandemail command line option. Status: Entry
Reference: BUGTRAQ:20010302 def-2001-09: Winzip32 zipandemail Buffer Overflow
Reference: URL:http://www.securityfocus.com/archive/1/166211
Reference: XF:winzip-zipandemail-bo(6191)
Reference: URL:http://xforce.iss.net/static/6191.php

Description:
Cisco Aironet 340 Series wireless bridge before 8.55 does not properly disable access to the web interface, which allows remote attackers to modify its configuration. Status: Entry
Reference: CISCO:20010307 Access to the Cisco Aironet 340 Series Wireless Bridge via Web Interface
Reference: URL:http://www.cisco.com/warp/public/707/Aironet340-pub.shtml
Reference: XF:cisco-aironet-web-access(6200)
Reference: URL:http://xforce.iss.net/static/6200.php
Reference: OSVDB:5597
Reference: URL:http://www.osvdb.org/5597

Description:
postinst installation script for Proftpd in Debian 2.2 does not properly change the "run as uid/gid root" configuration when the user enables anonymous access, which causes the server to run at a higher privilege than intended. Status: Entry
Reference: DEBIAN:DSA-032
Reference: URL:http://www.debian.org/security/2001/dsa-032
Reference: XF:proftpd-postinst-root(6208)
Reference: URL:http://xforce.iss.net/static/6208.php

Description:
man2html before 1.5-22 allows remote attackers to cause a denial of service (memory exhaustion). Status: Entry
Reference: DEBIAN:DSA-035
Reference: URL:http://www.debian.org/security/2001/dsa-035
Reference: XF:man2html-remote-dos(6211)
Reference: URL:http://xforce.iss.net/static/6211.php
Reference: OSVDB:5631
Reference: URL:http://www.osvdb.org/5631

Description:
template.cgi in Free On-Line Dictionary of Computing (FOLDOC) allows remote attackers to read files and execute commands via shell metacharacters in the argument to template.cgi. Status: Entry
Reference: BUGTRAQ:20010309 Cgisecurity.com advisory #4 The Free On-line Dictionary of Computing
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0109.html
Reference: CONFIRM:http://wombat.doc.ic.ac.uk/foldoc/index.html
Reference: XF:foldoc-cgi-execute-commands
Reference: URL:http://xforce.iss.net/static/6217.php
Reference: OSVDB:5591
Reference: URL:http://www.osvdb.org/5591

Description:
Directory traversal vulnerability in Perl web server 0.3 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. Status: Entry
Reference: BUGTRAQ:20010424 Advisory for perl webserver
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0426.html
Reference: XF:perl-webserver-directory-traversal(6451)
Reference: URL:http://xforce.iss.net/static/6451.php
Reference: BID:2648
Reference: URL:http://www.securityfocus.com/bid/2648

Description:
Directory traversal vulnerability in cal_make.pl in PerlCal allows remote attackers to read arbitrary files via a .. (dot dot) in the p0 parameter. Status: Entry
Reference: BUGTRAQ:20010427 PerlCal (CGI) show files vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0506.html
Reference: CONFIRM:http://www.perlcal.com/calendar/docs/bugs.txt
Reference: BID:2663
Reference: URL:http://www.securityfocus.com/bid/2663
Reference: XF:perlcal-calmake-directory-traversal(6480)
Reference: URL:http://xforce.iss.net/static/6480.php

Description:
TurboTax saves passwords in a temporary file when a user imports investment tax information from a financial institution, which could allow local users to obtain sensitive information. Status: Entry
Reference: BUGTRAQ:20010405
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98653594732053&w=2
Reference: CONFIRM:http://www.turbotax.com/atr/update/
Reference: XF:turbotax-save-passwords(6622)
Reference: URL:http://xforce.iss.net/static/6622.php

Description:
Directory traversal vulnerability in RobTex Viking Web server before 1.07-381 allows remote attackers to read arbitrary files via a \... (modified dot dot) in an HTTP URL request. Status: Entry
Reference: BUGTRAQ:20010423 Vulnerability in Viking Web Server
Reference: URL:http://www.securityfocus.com/archive/1/178935
Reference: CONFIRM:http://www.robtex.com/files/viking/beta/chglog.txt
Reference: BID:2643
Reference: URL:http://www.securityfocus.com/bid/2643
Reference: XF:viking-dot-directory-traversal(6450)
Reference: URL:http://xforce.iss.net/static/6450.php

Description:
rwho daemon rwhod in FreeBSD 4.2 and earlier, and possibly other operating systems, allows remote attackers to cause a denial of service via malformed packets with a short length. Status: Entry
Reference: FREEBSD:FreeBSD-SA-01:29
Reference: URL:http://archives.neohapsis.com/archives/freebsd/2001-03/0163.html
Reference: BID:2473
Reference: URL:http://www.securityfocus.com/bid/2473
Reference: XF:rwhod-remote-dos(6229)
Reference: URL:http://xforce.iss.net/static/6229.php

Description:
Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands. Status: Entry
Reference: MANDRAKE:MDKSA-2001-031
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-031.php3
Reference: REDHAT:RHSA-2001:029
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-029.html
Reference: BUGTRAQ:20010315 Immunix OS Security update for mutt
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98473109630421&w=2
Reference: CONECTIVA:CLA-2001:385
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000385
Reference: BUGTRAQ:20010320 Trustix Security Advisory - mutt
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0246.html
Reference: XF:mutt-imap-format-string(6235)
Reference: URL:http://xforce.iss.net/static/6235.php
Reference: OSVDB:5615
Reference: URL:http://www.osvdb.org/5615

Description:
Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/glxmemory file. Status: Entry
Reference: MANDRAKE:MDKSA-2001:029
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-029.php3
Reference: XF:mesa-utahglx-symlink(6231)
Reference: URL:http://xforce.iss.net/static/6231.php

Description:
index.php in Jelsoft vBulletin does not properly initialize a PHP variable that is used to store template information, which allows remote attackers to execute arbitrary PHP code via special characters in the templatecache parameter. Status: Entry
Reference: BUGTRAQ:20010315 vBulletin allows arbitrary code execution
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0180.html
Reference: BID:2474
Reference: URL:http://www.securityfocus.com/bid/2474
Reference: CONFIRM:http://www.vbulletin.com/forum/showthread.php?s=b20af207b5b908ecf7a4ecf56fbe3cd3&threadid=10839
Reference: XF:vbulletin-php-elevate-privileges(6237)
Reference: URL:http://xforce.iss.net/static/6237.php

Description:
Vulnerability in rpmdrake in Mandrake Linux 8.0 related to insecure temporary file handling. Status: Entry
Reference: MANDRAKE:MDKSA-2001:043
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-043.php3
Reference: XF:linux-rpmdrake-temp-file(6494)
Reference: URL:http://xforce.iss.net/static/6494.php
Reference: OSVDB:5612
Reference: URL:http://www.osvdb.org/5612

Description:
Configuration error in Argus PitBull LX allows root users to bypass specified access control restrictions and cause a denial of service or execute arbitrary commands by modifying kernel variables such as MaxFiles, MaxInodes, and ModProbePath in /proc/sys via calls to sysctl. Status: Entry
Reference: BUGTRAQ:20010330 Serious Pitbull LX Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0475.html
Reference: XF:pitbull-lx-modify-kernel(6623)
Reference: URL:http://xforce.iss.net/static/6623.php

Description:
Unknown vulnerability in netprint in IRIX 6.2, and possibly other versions, allows local users with lp privileges attacker to execute arbitrary commands via the -n option. Status: Entry
Reference: BUGTRAQ:20010426 IRIX /usr/lib/print/netprint local root symbols exploit.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0475.html
Reference: BUGTRAQ:20010427 Re: IRIX /usr/lib/print/netprint local root symbols exploit.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0502.html
Reference: SGI:20010701-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20010701-01-P
Reference: BID:2656
Reference: URL:http://www.securityfocus.com/bid/2656
Reference: OSVDB:8571
Reference: URL:http://www.osvdb.org/8571
Reference: XF:irix-netprint-shared-library(6473)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6473

Description:
Remote attackers can cause a denial of service in Novell BorderManager 3.6 and earlier by sending TCP SYN flood to port 353. Status: Entry
Reference: VULN-DEV:20010402 (no subject)
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0020.html
Reference: BUGTRAQ:20010420 Novell BorderManager 3.5 VPN Denial of Service
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98779821207867&w=2
Reference: CONFIRM:http://support.novell.com/cgi-bin/search/searchtid.cgi?/2959062.htm
Reference: BUGTRAQ:20010429 Proof of concept DoS against novell border manager enterprise
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98865027328391&w=2
Reference: BUGTRAQ:20010501 Re: Proof of concept DoS against novell border manager enterprise edition 3.5
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0000.html
Reference: BID:2623
Reference: URL:http://www.securityfocus.com/bid/2623
Reference: XF:bordermanager-vpn-syn-dos(6429)
Reference: URL:http://xforce.iss.net/static/6429.php

Description:
AIX SNMP server snmpd allows remote attackers to cause a denial of service via a RST during the TCP connection. Status: Entry
Reference: AIXAPAR:IY17630
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY17630&apar=only
Reference: XF:aix-snmpd-rst-dos(6996)
Reference: URL:http://www.iss.net/security_center/static/6996.php
Reference: OSVDB:5611
Reference: URL:http://www.osvdb.org/5611

Description:
pcltotiff in HP-UX 10.x has unnecessary set group id permissions, which allows local users to cause a denial of service. Status: Entry
Reference: HP:HPSBUX0104-149
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0104-149
Reference: BID:2646
Reference: URL:http://www.securityfocus.com/bid/2646
Reference: XF:hp-pcltotiff-insecure-permissions(6447)
Reference: URL:http://xforce.iss.net/static/6447.php
Reference: OSVDB:2188
Reference: URL:http://www.osvdb.org/2188

Description:
Format string vulnerability in gftp prior to 2.0.8 allows remote malicious FTP servers to execute arbitrary commands. Status: Entry
Reference: VULN-DEV:20010417 gftp exploitable?
Reference: URL:http://archives.neohapsis.com/archives/vuln-dev/2001-q2/0231.html
Reference: REDHAT:RHSA-2001:053
Reference: URL:http://archives.neohapsis.com/archives/linux/redhat/2001-q2/0043.html
Reference: MANDRAKE:MDKSA-2001-044
Reference: DEBIAN:DSA-057
Reference: URL:http://www.debian.org/security/2001/dsa-057
Reference: BID:2657
Reference: URL:http://www.securityfocus.com/bid/2657
Reference: XF:gftp-format-string(6478)
Reference: URL:http://xforce.iss.net/static/6478.php
Reference: OSVDB:1805
Reference: URL:http://www.osvdb.org/1805

Description:
Small HTTP server 2.03 allows remote attackers to cause a denial of service via a URL that contains an MS-DOS device name such as aux. Status: Entry
Reference: BUGTRAQ:20010424 Advisory for Small HTTP Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0428.html
Reference: CONFIRM:http://home.lanck.net/mf/srv/index.htm
Reference: BID:2649
Reference: URL:http://www.securityfocus.com/bid/2649
Reference: XF:small-http-aux-dos(6446)
Reference: URL:http://xforce.iss.net/static/6446.php

Description:
Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior versions allows remote attackers to execute arbitrary code via a long From: header. Status: Entry
Reference: BUGTRAQ:20010424 IPSwitch IMail 6.06 SMTP Remote System Access Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0433.html
Reference: CONFIRM:http://ipswitch.com/Support/IMail/news.html
Reference: XF:ipswitch-imail-smtp-bo(6445)
Reference: URL:http://xforce.iss.net/static/6445.php
Reference: OSVDB:5610
Reference: URL:http://www.osvdb.org/5610

Description:
Directory traversal in DataWizard WebXQ server 1.204 allows remote attackers to view files outside of the web root via a .. (dot dot) attack. Status: Entry
Reference: BUGTRAQ:20010426 Vulnerability in WebXQ Server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0490.html
Reference: BID:2660
Reference: URL:http://www.securityfocus.com/bid/2660
Reference: XF:webxq-dot-directory-traversal(6466)
Reference: URL:http://xforce.iss.net/static/6466.php
Reference: OSVDB:1799
Reference: URL:http://www.osvdb.org/1799

Description:
dnskeygen in BIND 8.2.4 and earlier, and dnssec-keygen in BIND 9.1.2 and earlier, set insecure permissions for a HMAC-MD5 shared secret key file used for DNS Transactional Signatures (TSIG), which allows attackers to obtain the keys and perform dynamic DNS updates. Status: Entry
Reference: ISS:20010611 BIND Inadvertent Local Exposure of HMAC-MD5 (TSIG) Keys
Reference: URL:http://xforce.iss.net/alerts/advise78.php
Reference: XF:bind-local-key-exposure(6694)
Reference: URL:http://xforce.iss.net/static/6694.php
Reference: OSVDB:5609
Reference: URL:http://www.osvdb.org/5609

Description:
Buffer overflow in ISAPI extension (idq.dll) in Index Server 2.0 and Indexing Service 2000 in IIS 6.0 beta and earlier allows remote attackers to execute arbitrary commands via a long argument to Internet Data Administration (.ida) and Internet Data Query (.idq) files such as default.ida, as commonly exploited by Code Red. Status: Entry
Reference: BUGTRAQ:20010618 All versions of Microsoft Internet Information Services, Remote buffer overflow (SYSTEM Level Access)
Reference: URL:http://www.securityfocus.com/archive/1/191873
Reference: MS:MS01-033
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-033.asp
Reference: CERT:CA-2001-13
Reference: URL:http://www.cert.org/advisories/CA-2001-13.html
Reference: BID:2880
Reference: URL:http://www.securityfocus.com/bid/2880
Reference: XF:iis-isapi-idq-bo(6705)
Reference: URL:http://www.iss.net/security_center/static/6705.php
Reference: CIAC:L-098
Reference: URL:http://www.ciac.org/ciac/bulletins/l-098.shtml
Reference: OVAL:oval:org.mitre.oval:def:197
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:197

Description:
Microsoft Word 2002 and earlier allows attackers to automatically execute macros without warning the user by embedding the macros in a manner that escapes detection by the security scanner. Status: Entry
Reference: BUGTRAQ:20010622 Fwd: Microsoft Word macro vulnerability advisory MS01-034
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99325144322224&w=2
Reference: MS:MS01-034
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-034.asp
Reference: BID:2876
Reference: URL:http://www.securityfocus.com/bid/2876
Reference: XF:msword-macro-bypass-security(6732)
Reference: URL:http://xforce.iss.net/static/6732.php

Description:
Running Windows 2000 LDAP Server over SSL, a function does not properly check the permissions of a user request when the directory principal is a domain user and the data attribute is the domain password, which allows local users to modify the login password of other users. Status: Entry
Reference: MS:MS01-036
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-036.asp
Reference: CIAC:L-101
Reference: URL:http://www.ciac.org/ciac/bulletins/l-101.shtml
Reference: XF:win2k-ldap-change-passwords(6745)
Reference: URL:http://xforce.iss.net/static/6745.php
Reference: BID:2929
Reference: URL:http://www.securityfocus.com/bid/2929

Description:
Microsoft NetMeeting 3.01 with Remote Desktop Sharing enabled allows remote attackers to cause a denial of service via a malformed string to the NetMeeting service port, aka a variant of the "NetMeeting Desktop Sharing" vulnerability. Status: Entry
Reference: MS:MS00-077
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms00-077.asp
Reference: XF:netmeeting-desktop-sharing-dos(5368)
Reference: URL:http://www.iss.net/security_center/static/5368.php
Reference: OSVDB:5608
Reference: URL:http://www.osvdb.org/5608

Description:
Vulnerability in authentication process for SMTP service in Microsoft Windows 2000 allows remote attackers to use incorrect credentials to gain privileges and conduct activites such as mail relaying. Status: Entry
Reference: MS:MS01-037
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-037.asp
Reference: XF:win2k-smtp-mail-relay(6803)
Reference: URL:http://xforce.iss.net/static/6803.php
Reference: BID:2988
Reference: URL:http://www.securityfocus.com/bid/2988
Reference: CIAC:L-107
Reference: URL:http://www.ciac.org/ciac/bulletins/l-107.shtml
Reference: CERT-VN:VU#435963
Reference: URL:http://www.kb.cert.org/vuls/id/435963

Description:
Buffer overflow in ssinc.dll in IIS 5.0 and 4.0 allows local users to gain system privileges via a Server-Side Includes (SSI) directive for a long filename, which triggers the overflow when the directory name is added, aka the "SSI privilege elevation" vulnerability. Status: Entry
Reference: BUGTRAQ:20010817 NSFOCUS SA2001-06 : Microsoft IIS ssinc.dll Buffer Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99802093532233&w=2
Reference: BUGTRAQ:20011127 IIS Server Side Include Buffer overflow exploit code
Reference: URL:http://online.securityfocus.com/archive/1/242541
Reference: MS:MS01-044
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-044.asp
Reference: CIAC:L-132
Reference: URL:http://www.ciac.org/ciac/bulletins/l-132.shtml
Reference: BID:3190
Reference: URL:http://www.securityfocus.com/bid/3190
Reference: XF:iis-ssi-directive-bo(6984)
Reference: URL:http://xforce.iss.net/static/6984.php

Description:
IIS 5.0 uses relative paths to find system files that will run in-process, which allows local users to gain privileges via a Trojan horse file, aka the "System file listing privilege elevation" vulnerability. Status: Entry
Reference: BUGTRAQ:20010816 ENTERCEPT SECURITY ALERT: Privilege Escalation Vulnerability in Microsoft IIS
Reference: URL:http://online.securityfocus.com/archive/1/205069
Reference: MS:MS01-044
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-044.asp
Reference: XF:iis-relative-path-privilege-elevation(6985)
Reference: URL:http://xforce.iss.net/static/6985.php
Reference: CIAC:L-132
Reference: URL:http://www.ciac.org/ciac/bulletins/l-132.shtml
Reference: OSVDB:5607
Reference: URL:http://www.osvdb.org/5607
Reference: OVAL:oval:org.mitre.oval:def:909
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:909
Reference: OVAL:oval:org.mitre.oval:def:912
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:912

Description:
Vulnerability in IIS 5.0 allows remote attackers to cause a denial of service (restart) via a long, invalid WebDAV request. Status: Entry
Reference: BUGTRAQ:20010506 IIS 5.0 PROPFIND DOS #2
Reference: URL:http://online.securityfocus.com/archive/1/182579
Reference: MS:MS01-044
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-044.asp
Reference: XF:iis-webdav-long-request-dos(6982)
Reference: URL:http://www.iss.net/security_center/static/6982.php
Reference: BID:2690
Reference: URL:http://www.securityfocus.com/bid/2690
Reference: OSVDB:5606
Reference: URL:http://www.osvdb.org/5606
Reference: OSVDB:5633
Reference: URL:http://www.osvdb.org/5633

Description:
Oracle listener process on Windows NT redirects connection requests to another port and creates a separate thread to process the request, which allows remote attackers to cause a denial of service by repeatedly connecting to the Oracle listener but not connecting to the redirected port. Status: Entry
Reference: ISS:20010619 Oracle Redirect Denial of Service
Reference: URL:http://xforce.iss.net/alerts/advise81.php
Reference: CERT-VN:VU#105259
Reference: URL:http://www.kb.cert.org/vuls/id/105259
Reference: XF:oracle-listener-redirect-dos(6717)
Reference: URL:http://xforce.iss.net/static/6717.php
Reference: OSVDB:5600
Reference: URL:http://www.osvdb.org/5600

Description:
SNMP service in Atmel 802.11b VNET-B Access Point 1.3 and earlier, as used in Netgear ME102 and Linksys WAP11, accepts arbitrary community strings with requested MIB modifications, which allows remote attackers to obtain sensitive information such as WEP keys, cause a denial of service, or gain access to the network. Status: Entry
Reference: ISS:20010620 Multiple Vendor 802.11b Access Point SNMP authentication flaw
Reference: URL:http://xforce.iss.net/alerts/advise83.php
Reference: XF:atmel-vnetb-ap-snmp-security(6576)
Reference: URL:http://xforce.iss.net/static/6576.php
Reference: BID:2896
Reference: URL:http://www.securityfocus.com/bid/2896

Description:
Oracle listener in Oracle 8i on Solaris allows remote attackers to cause a denial of service via a malformed connection packet with a maximum transport data size that is set to 0. Status: Entry
Reference: ISS:20010515 Multiple Oracle Listener Denial of Service Vulnerabilities
Reference: URL:http://xforce.iss.net/alerts/advise82.php
Reference: CONFIRM:http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf
Reference: XF:oracle-listener-data-transport-dos(6715)
Reference: URL:http://xforce.iss.net/static/6715.php
Reference: OSVDB:5590
Reference: URL:http://www.osvdb.org/5590

Description:
Oracle listener before Oracle 9i allows attackers to cause a denial of service by repeatedly sending the first portion of a fragmented Oracle command without sending the remainder of the command, which causes the listener to hang. Status: Entry
Reference: ISS:20010515 Multiple Oracle Listener Denial of Service Vulnerabilities
Reference: URL:http://xforce.iss.net/alerts/advise82.php
Reference: CONFIRM:http://otn.oracle.com/deploy/security/alerts.htm
Reference: XF:oracle-listener-fragmentation-dos(6716)
Reference: URL:http://xforce.iss.net/static/6716.php

Description:
Format string vulnerability in Gnu Privacy Guard (aka GnuPG or gpg) 1.05 and earlier can allow an attacker to gain privileges via format strings in the original filename that is stored in an encrypted file. Status: Entry
Reference: BUGTRAQ:20010529 [synnergy] - GnuPG remote format string vulnerability
Reference: BUGTRAQ:20010601 The GnuPG format string bug (was: TSLSA-2001-0009 - GnuPG)
Reference: URL:http://online.securityfocus.com/archive/1/188218
Reference: CONFIRM:http://www.gnupg.org/whatsnew.html#rn20010529
Reference: MANDRAKE:MDKSA-2001:053
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-053.php3
Reference: CONECTIVA:CLA-2001:399
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000399
Reference: DEBIAN:DSA-061
Reference: URL:http://www.debian.org/security/2001/dsa-061
Reference: IMMUNIX:IMNX-2001-70-023-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-023-01
Reference: REDHAT:RHSA-2001:073
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-073.html
Reference: CALDERA:CSSA-2001-020.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-020.0.txt
Reference: SUSE:SuSE-SA:2001:020
Reference: URL:http://www.novell.com/linux/security/advisories/2001_020_gpg_txt.html
Reference: TURBO:TLSA2001028
Reference: URL:http://www.turbolinux.com/pipermail/tl-security-announce/2001-June/000439.html
Reference: CERT-VN:VU#403051
Reference: URL:http://www.kb.cert.org/vuls/id/403051
Reference: BID:2797
Reference: URL:http://www.securityfocus.com/bid/2797
Reference: OSVDB:1845
Reference: URL:http://www.osvdb.org/1845
Reference: XF:gnupg-tty-format-string(6642)
Reference: URL:http://xforce.iss.net/static/6642.php

Description:
Buffer overflow in dsh in dqs 3.2.7 in SuSE Linux 7.0 and earlier, and possibly other operating systems, allows local users to gain privileges via a long first command line argument. Status: Entry
Reference: BUGTRAQ:20010519 dqs 3.2.7 local root exploit.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0193.html
Reference: BUGTRAQ:20010519 Re: dqs 3.2.7 local root exploit.
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0195.html
Reference: XF:dqs-dsh-bo(6577)
Reference: URL:http://xforce.iss.net/static/6577.php
Reference: BID:2749
Reference: URL:http://www.securityfocus.com/bid/2749

Description:
Buffer overflow in the Xview library as used by mailtool in Solaris 8 and earlier allows a local attacker to gain privileges via the OPENWINHOME environment variable. Status: Entry
Reference: BUGTRAQ:20010528 [synnergy] - Solaris mailtool(1) buffer overflow vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0258.html
Reference: SUNBUG:4458476
Reference: XF:solaris-mailtool-openwinhome-bo(6626)
Reference: URL:http://xforce.iss.net/static/6626.php

Description:
DCScripts DCForum versions 2000 and earlier allow a remote attacker to gain additional privileges by inserting pipe symbols (|) and newlines into the last name in the registration form, which will create an extra entry in the registration database. Status: Entry
Reference: BUGTRAQ:20010515 DCForum Password File Manipukation Vulnerability (qDefense Advisory Number QDAV-5-2000-2)
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0122.html
Reference: CONFIRM:http://www.dcscripts.com/dcforum/dcfNews/167.html
Reference: XF:dcforum-cgi-admin-access(6538)
Reference: URL:http://xforce.iss.net/static/6538.php
Reference: BID:2728
Reference: URL:http://www.securityfocus.com/bid/2728
Reference: OSVDB:480
Reference: URL:http://www.osvdb.org/480

Description:
Oracle E-Business Suite Release 11i Applications Desktop Integrator (ADI) version 7.x includes a debug version of FNDPUB11I.DLL, which logs the APPS schema password in cleartext in a debug file, which allows local users to obtain the password and gain privileges. Status: Entry
Reference: BUGTRAQ:20010507 Oracle's ADI 7.1.1.10.1 Major security hole
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0044.html
Reference: BUGTRAQ:20010522 Vulnerability in Oracle E-Business Suite Release 11i Applications Desktop Integrator
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0223.html
Reference: BID:2694
Reference: URL:http://www.securityfocus.com/bid/2694
Reference: XF:oracle-adi-plaintext-passwords(6501)
Reference: URL:http://xforce.iss.net/static/6501.php

Description:
OpenSSH version 2.9 and earlier, with X forwarding enabled, allows a local attacker to delete any file named 'cookies' via a symlink attack. Status: Entry
Reference: BUGTRAQ:20010604 SSH allows deletion of other users files...
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0322.html
Reference: BUGTRAQ:20010604 Re: SSH allows deletion of other users files...
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0007.html
Reference: BUGTRAQ:20010605 OpenSSH_2.5.2p2 RH7.0 <- version info
Reference: URL:http://online.securityfocus.com/archive/1/188737
Reference: NETBSD:NetBSD-SA2001-010
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-010.txt.asc
Reference: CALDERA:CSSA-2001-023.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-023.0.txt
Reference: CERT-VN:VU#655259
Reference: URL:http://www.kb.cert.org/vuls/id/655259
Reference: OPENBSD:20010612
Reference: URL:http://www.openbsd.org/errata29.html
Reference: IMMUNIX:IMNX-2001-70-034-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-034-01
Reference: CONECTIVA:CLA-2001:431
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000431
Reference: BID:2825
Reference: URL:http://www.securityfocus.com/bid/2825
Reference: XF:openssh-symlink-file-deletion(6676)
Reference: URL:http://xforce.iss.net/static/6676.php
Reference: OSVDB:1853
Reference: URL:http://www.osvdb.org/1853

Description:
Spearhead NetGAP 200 and 300 before build 78 allow a remote attacker to bypass file blocking and content inspection via specially encoded URLs which include '%' characters. Status: Entry
Reference: BUGTRAQ:20010528 Vulnerability discovered in SpearHead NetGap
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0256.html
Reference: BUGTRAQ:20010607 SpearHead Security NetGAP
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-06/0047.html
Reference: BID:2798
Reference: URL:http://www.securityfocus.com/bid/2798
Reference: XF:netgap-unicode-bypass-filter(6625)
Reference: URL:http://xforce.iss.net/static/6625.php

Description:
Buffer overflow in libi18n library in IBM AIX 5.1 and 4.3.x allows local users to gain root privileges via a long LANG environmental variable. Status: Entry
Reference: IBM:MSS-OAR-E01-2001:271.1
Reference: URL:http://www-1.ibm.com/services/continuity/recover1.nsf/advisories/85256A3400529A8685256A8D00804A37/$file/oar271.txt
Reference: XF:aix-libi18n-lang-bo(6863)
Reference: URL:http://xforce.iss.net/static/6863.php
Reference: CIAC:L-123
Reference: URL:http://www.ciac.org/ciac/bulletins/l-123.shtml
Reference: OSVDB:5585
Reference: URL:http://www.osvdb.org/5585

Description:
HTTP server for Cisco IOS 11.3 to 12.2 allows attackers to bypass authentication and execute arbitrary commands, when local authorization is being used, by specifying a high access level in the URL. Status: Entry
Reference: CISCO:20010627 IOS HTTP authorization vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html
Reference: BUGTRAQ:20010629 Re: Cisco Security Advisory: IOS HTTP authorization vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/4.3.2.7.2.20010629095801.0c3e6a70@brussels.cisco.com
Reference: BUGTRAQ:20010702 Cisco IOS HTTP Configuration Exploit
Reference: URL:http://www.securityfocus.com/archive/1/1601227034.20010702112207@olympos.org
Reference: BUGTRAQ:20010702 Cisco device HTTP exploit...
Reference: URL:http://www.securityfocus.com/archive/1/Pine.LNX.3.96.1010702134611.22995B-100000@Lib-Vai.lib.asu.edu
Reference: BUGTRAQ:20010702 ios-http-auth.sh
Reference: URL:http://www.securityfocus.com/archive/1/20010703011650.60515.qmail@web14910.mail.yahoo.com
Reference: CERT:CA-2001-14
Reference: URL:http://www.cert.org/advisories/CA-2001-14.html
Reference: CIAC:L-106
Reference: URL:http://www.ciac.org/ciac/bulletins/l-106.shtml
Reference: BID:2936
Reference: URL:http://www.securityfocus.com/bid/2936
Reference: OSVDB:578
Reference: URL:http://www.osvdb.org/578
Reference: XF:cisco-ios-admin-access(6749)
Reference: URL:http://xforce.iss.net/static/6749.php

Description:
Microsoft Outlook View ActiveX Control in Microsoft Outlook 2002 and earlier allows remote attackers to execute arbitrary commands via a malicious HTML e-mail message or web page. Status: Entry
Reference: BUGTRAQ:20010712 MS Office XP - the more money I give to Microsoft, the more vulnerable my Windows computers are
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99496431214078&w=2
Reference: NTBUGTRAQ:20010712 Vulnerability in IE/Outlook ActiveX control
Reference: URL:http://www.ntbugtraq.com/default.asp?pid=36&sid=1&A2=ind0107&L=ntbugtraq&F=P&S=&P=862
Reference: MS:MS01-038
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-038.asp
Reference: CIAC:L-113
Reference: URL:http://www.ciac.org/ciac/bulletins/l-113.shtml
Reference: CERT-VN:VU#131569
Reference: URL:http://www.kb.cert.org/vuls/id/131569
Reference: XF:outlook-activex-view-control(6831)
Reference: URL:http://xforce.iss.net/static/6831.php
Reference: BID:3025
Reference: URL:http://www.securityfocus.com/bid/3025

Description:
Memory leak in Terminal servers in Windows NT and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed Remote Desktop Protocol (RDP) requests to port 3389. Status: Entry
Reference: MS:MS01-040
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-040.asp
Reference: BID:3099
Reference: URL:http://www.securityfocus.com/bid/3099
Reference: XF:win-terminal-rdp-dos(6912)
Reference: URL:http://xforce.iss.net/static/6912.php

Description:
Buffer overflow in Microsoft Windows Media Player 7.1 and earlier allows remote attackers to execute arbitrary commands via a malformed Windows Media Station (.NSC) file. Status: Entry
Reference: BUGTRAQ:20010527 Microsoft Windows Media Player Buffer Overflow Vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/187001
Reference: MS:MS01-042
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-042.asp
Reference: XF:mediaplayer-nsc-bo(6907)
Reference: URL:http://xforce.iss.net/static/6907.php
Reference: BID:3105
Reference: URL:http://www.securityfocus.com/bid/3105

Description:
Memory leak in NNTP service in Windows NT 4.0 and Windows 2000 allows remote attackers to cause a denial of service (memory exhaustion) via a large number of malformed posts. Status: Entry
Reference: MS:MS01-043
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-043.asp
Reference: XF:win-nntp-dos(6977)
Reference: URL:http://xforce.iss.net/static/6977.php
Reference: BID:3183
Reference: URL:http://www.securityfocus.com/bid/3183
Reference: OVAL:oval:org.mitre.oval:def:334
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:334

Description:
IIS 5.0 allows local users to cause a denial of service (hang) via by installing content that produces a certain invalid MIME Content-Type header, which corrupts the File Type table. Status: Entry
Reference: MS:MS01-044
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-044.asp
Reference: CIAC:L-132
Reference: URL:http://www.ciac.org/ciac/bulletins/l-132.shtml
Reference: XF:iis-invalid-mime-header-dos(6983)
Reference: URL:http://xforce.iss.net/static/6983.php
Reference: BID:3195
Reference: URL:http://www.securityfocus.com/bid/3195

Description:
IIS 4.0 with URL redirection enabled allows remote attackers to cause a denial of service (crash) via a malformed request that specifies a length that is different than the actual length. Status: Entry
Reference: MS:MS01-044
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms01-044.asp
Reference: XF:iis-url-redirection-dos(6981)
Reference: URL:http://xforce.iss.net/static/6981.php
Reference: CIAC:L-132
Reference: URL:http://www.ciac.org/ciac/bulletins/l-132.shtml
Reference: OSVDB:5736
Reference: URL:http://www.osvdb.org/5736

Description:
Memory leak in H.323 Gatekeeper Service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows remote attackers to cause a denial of service (resource exhaustion) via a large amount of malformed H.323 data. Status: Entry
Reference: MS:MS01-045
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-045.asp
Reference: XF:isa-h323-gatekeeper-dos(6989)
Reference: URL:http://xforce.iss.net/static/6989.php
Reference: BID:3196
Reference: URL:http://www.securityfocus.com/bid/3196

Description:
Memory leak in the proxy service in Microsoft Internet Security and Acceleration (ISA) Server 2000 allows local attackers to cause a denial of service (resource exhaustion). Status: Entry
Reference: MS:MS01-045
Reference: URL:http://www.microsoft.com/technet/security/bulletin/MS01-045.asp
Reference: XF:isa-proxy-memory-leak-dos(6990)
Reference: URL:http://xforce.iss.net/static/6990.php
Reference: BID:3197
Reference: URL:http://www.securityfocus.com/bid/3197

Description:
Buffer overflow in dtmail in Solaris 2.6 and 7 allows local users to gain privileges via the MAIL environment variable. Status: Entry
Reference: BUGTRAQ:20010724 NSFOCUS SA2001-04 : Solaris dtmail Buffer Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=99598918914068&w=2
Reference: XF:solaris-dtmail-bo(6879)
Reference: URL:http://xforce.iss.net/static/6879.php
Reference: BID:3081
Reference: URL:http://www.securityfocus.com/bid/3081

Description:
Symantec LiveUpdate 1.5 stores proxy passwords in cleartext in a registry key, which could allow local users to obtain the passwords. Status: Entry
Reference: CERT-VN:VU#814187
Reference: URL:http://www.kb.cert.org/vuls/id/814187
Reference: CONFIRM:http://www.sarc.com/avcenter/security/Content/2001_07_20.html
Reference: XF:liveupdate-obtain-proxy-password(7013)
Reference: URL:http://xforce.iss.net/static/7013.php

Description:
wu-ftpd 2.6.1 allows remote attackers to execute arbitrary commands via a "~{" argument to commands such as CWD, which is not properly handled by the glob function (ftpglob). Status: Entry
Reference: VULN-DEV:20010430 some ftpd implementations mishandle CWD ~{
Reference: URL:http://www.securityfocus.com/archive/82/180823
Reference: BUGTRAQ:20011128 CORE-20011001: Wu-FTP glob heap corruption vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=100700363414799&w=2
Reference: ISS:20011129 WU-FTPD Heap Corruption Vulnerability
Reference: CERT:CA-2001-33
Reference: URL:http://www.cert.org/advisories/CA-2001-33.html
Reference: CERT-VN:VU#886083
Reference: URL:http://www.kb.cert.org/vuls/id/886083
Reference: CALDERA:CSSA-2001-041.0
Reference: URL:http://www.caldera.com/support/security/advisories/CSSA-2001-041.0.txt
Reference: CALDERA:CSSA-2001-SCO.36
Reference: CALDERA:CSSA-2002-SCO.1
Reference: CONECTIVA:CLA-2001:442
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000442
Reference: DEBIAN:DSA-087
Reference: URL:http://www.debian.org/security/2001/dsa-087
Reference: HP:HPSBUX0107-162
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBUX0107-162
Reference: IMMUNIX:IMNX-2001-70-036-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-036-01
Reference: MANDRAKE:MDKSA-2001:090
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-090.php3
Reference: REDHAT:RHSA-2001:157
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-157.html
Reference: SUSE:SuSE-SA:2001:043
Reference: URL:http://www.novell.com/linux/security/advisories/2001_043_wuftpd_txt.html
Reference: BID:3581
Reference: URL:http://www.securityfocus.com/bid/3581
Reference: XF:wuftp-glob-heap-corruption(7611)
Reference: URL:http://xforce.iss.net/xforce/xfdb/7611

Description:
SSH Secure Shell 3.0.0 on Unix systems does not properly perform password authentication to the sshd2 daemon, which allows local users to gain access to accounts with short password fields, such as locked accounts that use "NP" in the password field. Status: Entry
Reference: BUGTRAQ:20010720 URGENT SECURITY ADVISORY FOR SSH SECURE SHELL 3.0.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-07/0486.html
Reference: CONFIRM:http://www.ssh.com/products/ssh/exploit.cfm
Reference: CERT-VN:VU#737451
Reference: URL:http://www.kb.cert.org/vuls/id/737451
Reference: CIAC:L-121
Reference: URL:http://www.ciac.org/ciac/bulletins/l-121.shtml
Reference: BID:3078
Reference: URL:http://www.securityfocus.com/bid/3078
Reference: XF:ssh-password-length-unauth-access(6868)
Reference: URL:http://xforce.iss.net/xforce/xfdb/6868
Reference: OSVDB:586
Reference: URL:http://www.osvdb.org/586

Description:
Buffer overflow in BSD-based telnetd telnet daemon on various operating systems allows remote attackers to execute arbitrary commands via a set of options including AYT (Are You There), which is not properly handled by the telrcv function. Status: Entry
Reference: BUGTRAQ:20010718 multiple vendor telnet daemon vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/197804
Reference: BUGTRAQ:20010725 Telnetd AYT overflow scanner
Reference: URL:http://online.securityfocus.com/archive/1/199496
Reference: BUGTRAQ:20010810 ADV/EXP: netkit <=0.17 in.telnetd remote buffer overflow
Reference: URL:http://online.securityfocus.com/archive/1/203000
Reference: BUGTRAQ:20010725 SCO - Telnetd AYT overflow ?
Reference: URL:http://online.securityfocus.com/archive/1/199541
Reference: CERT:CA-2001-21
Reference: URL:http://www.cert.org/advisories/CA-2001-21.html
Reference: CIAC:L-131
Reference: URL:http://www.ciac.org/ciac/bulletins/l-131.shtml
Reference: CALDERA:CSSA-2001-030.0
Reference: URL:http://www.calderasystems.com/support/security/advisories/CSSA-2001-030.0.txt
Reference: CALDERA:CSSA-2001-SCO.10
Reference: URL:ftp://stage.caldera.com/pub/security/openserver/CSSA-2001-SCO.10/CSSA-2001-SCO.10.txt
Reference: CISCO:20020129 Cisco CatOS Telnet Buffer Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/catos-telrcv-vuln-pub.shtml
Reference: COMPAQ:SSRT0745U
Reference: URL:http://ftp.support.compaq.com/patches/.new/html/SSRT0745U.shtml
Reference: CONECTIVA:CLA-2001:413
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000413
Reference: DEBIAN:DSA-070
Reference: URL:http://www.debian.org/security/2001/dsa-070
Reference: DEBIAN:DSA-075
Reference: URL:http://www.debian.org/security/2001/dsa-075
Reference: FREEBSD:FreeBSD-SA-01:49
Reference: URL:ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-01:49.telnetd.asc
Reference: HP:HPSBUX0110-172
Reference: URL:http://archives.neohapsis.com/archives/hp/2001-q4/0014.html
Reference: IBM:MSS-OAR-E01-2001:298
Reference: URL:http://online.securityfocus.com/advisories/3476
Reference: MANDRAKE:MDKSA-2001:068
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-068.php3
Reference: NETBSD:NetBSD-SA2001-012
Reference: URL:ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2001-012.txt.asc
Reference: SGI:20010801-01-P
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20010801-01-P
Reference: REDHAT:RHSA-2001:099
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-099.html
Reference: REDHAT:RHSA-2001:100
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-100.html
Reference: SUSE:SuSE-SA:2001:029
Reference: URL:http://www.novell.com/linux/security/advisories/2001_029_nkitb_txt.html
Reference: BID:3064
Reference: URL:http://www.securityfocus.com/bid/3064
Reference: OSVDB:809
Reference: URL:http://www.osvdb.org/809
Reference: XF:telnetd-option-telrcv-bo(6875)
Reference: URL:http://xforce.iss.net/static/6875.php

Description:
T. Hauck Jana Webserver 2.01 beta 1 and earlier allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name (i.e. GET /aux HTTP/1.0). Status: Entry
Reference: BUGTRAQ:20010507 Advisory for Jana server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0086.html
Reference: XF:jana-server-device-dos(6521)
Reference: URL:http://xforce.iss.net/static/6521.php
Reference: BID:2704
Reference: URL:http://www.securityfocus.com/bid/2704
Reference: OSVDB:1817
Reference: URL:http://www.osvdb.org/1817

Description:
crontab in Vixie cron 3.0.1 and earlier does not properly drop privileges after the failed parsing of a modification operation, which could allow a local attacker to gain additional privileges when an editor is called to correct the error. Status: Entry
Reference: BUGTRAQ:20010507 Vixie cron vulnerability
Reference: URL:http://www.securityfocus.com/archive/1/183029
Reference: DEBIAN:DSA-054
Reference: URL:http://www.debian.org/security/2001/dsa-054
Reference: MANDRAKE:MDKSA-2001:050
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-050.php3
Reference: SUSE:SuSE-SA:2001:17
Reference: URL:http://www.novell.com/linux/security/advisories/2001_017_cron_txt.html
Reference: BID:2687
Reference: URL:http://www.securityfocus.com/bid/2687
Reference: XF:vixie-cron-gain-privileges(6508)
Reference: URL:http://xforce.iss.net/static/6508.php

Description:
Buffer overflow in Vixie cron 3.0.1-56 and earlier could allow a local attacker to gain additional privileges via a long username (> 20 characters). Status: Entry
Reference: BUGTRAQ:20010210 vixie cron possible local root compromise
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0197.html
Reference: AIXAPAR:IY17048
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY17048&apar=only
Reference: AIXAPAR:IY17261
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY17261&apar=only
Reference: MANDRAKE:MDKSA-2001:022
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-022.php3
Reference: REDHAT:RHSA-2001:014
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-014.html
Reference: BUGTRAQ:20010220 Immunix OS Security update for vixie-cron
Reference: URL:http://archives.neohapsis.com/archives/linux/immunix/2001-q1/0066.html
Reference: XF:vixie-crontab-bo(6098)
Reference: URL:http://xforce.iss.net/static/6098.php
Reference: OSVDB:5583
Reference: URL:http://www.osvdb.org/5583

Description:
ElectroSystems Engineering Inc. ElectroComm 2.0 and earlier allows a remote attacker to create a denial of service via large (> 160000 character) strings sent to port 23. Status: Entry
Reference: BUGTRAQ:20010507 Advisory for Electrocomm 2.0
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0049.html
Reference: XF:electrocomm-telnet-dos(6514)
Reference: URL:http://xforce.iss.net/static/6514.php
Reference: BID:2706
Reference: URL:http://www.securityfocus.com/bid/2706

Description:
APC Web/SNMP Management Card prior to Firmware 310 only supports one telnet connection, which allows a remote attacker to create a denial of service via repeated failed logon attempts which temporarily locks the card. Status: Entry
Reference: BUGTRAQ:20010225 APC web/snmp/telnet management card dos
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0436.html
Reference: MISC:ftp://ftp.apcftp.com/hardware/webcard/firmware/sy/v310/install.txt
Reference: XF:apc-telnet-dos(6199)
Reference: URL:http://xforce.iss.net/static/6199.php
Reference: BID:2430
Reference: URL:http://www.securityfocus.com/bid/2430

Description:
Buffer overflow in mailx in Solaris 8 and earlier allows a local attacker to gain additional privileges via a long '-F' command line option. Status: Entry
Reference: BUGTRAQ:20010502 Solaris mailx Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0016.html
Reference: BUGTRAQ:20010511 Solaris /usr/bin/mailx exploit (SPARC)
Reference: URL:http://online.securityfocus.com/archive/1/184210
Reference: SUNBUG:4452732
Reference: XF:solaris-mailx-f-bo(8246)
Reference: URL:http://xforce.iss.net/static/8246.php
Reference: CERT-VN:VU#446864
Reference: URL:http://www.kb.cert.org/vuls/id/446864
Reference: BID:2610
Reference: URL:http://www.securityfocus.com/bid/2610

Description:
Digital Creations Zope 2.3.2 and earlier allows a local attacker to gain additional privileges via the changing of ZClass permission mappings for objects and methods in the ZClass. Status: Entry
Reference: CONFIRM:http://www.zope.org/Products/Zope/Hotfix_2001-05-01/security_alert
Reference: DEBIAN:DSA-055
Reference: URL:http://www.debian.org/security/2001/dsa-055
Reference: MANDRAKE:MDKSA-2001:049
Reference: URL:http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-049.php3
Reference: REDHAT:RHSA-2001:065
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-065.html
Reference: CONECTIVA:CLA-2001:407
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000407
Reference: XF:zope-zclass-gain-privileges(6958)
Reference: URL:http://xforce.iss.net/static/6958.php

Description:
lsfs in AIX 4.x allows a local user to gain additional privileges by creating Trojan horse programs named (1) grep or (2) lslv in a certain directory that is under the user's control, which cause lsfs to access the programs in that directory. Status: Entry
Reference: AIXAPAR:IY16909
Reference: URL:http://archives.neohapsis.com/archives/aix/2001-q2/0000.html
Reference: XF:aix-lsfs-path(7007)
Reference: URL:http://xforce.iss.net/static/7007.php
Reference: CERT-VN:VU#123651
Reference: URL:http://www.kb.cert.org/vuls/id/123651
Reference: OSVDB:5582
Reference: URL:http://www.osvdb.org/5582

Description:
Directory traversal vulnerability in MP3Mystic prior to 1.04b3 allows a remote attacker to download arbitrary files via a '..' (dot dot) in the URL. Status: Entry
Reference: BUGTRAQ:20010507 Advisory for MP3Mystic
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0046.html
Reference: CONFIRM:http://mp3mystic.com/mp3mystic/news.phtml
Reference: XF:mp3mystic-dot-directory-traversal(6504)
Reference: URL:http://xforce.iss.net/static/6504.php
Reference: BID:2699
Reference: URL:http://www.securityfocus.com/bid/2699
Reference: OSVDB:1815
Reference: URL:http://www.osvdb.org/1815

Description:
Gordano NTMail 6.0.3c allows a remote attacker to create a denial of service via a long (>= 255 characters) URL request to port 8000 or port 9000. Status: Entry
Reference: BUGTRAQ:20010320 def-2001-13: NTMail Web Services DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0248.html
Reference: BID:2494
Reference: URL:http://www.securityfocus.com/bid/2494
Reference: XF:ntmail-long-url-dos(6249)
Reference: URL:http://xforce.iss.net/static/6249.php

Description:
TrendMicro ScanMail for Exchange 3.5 Evaluation allows a local attacker to recover the administrative credentials for ScanMail via a combination of unprotected registry keys and weakly encrypted passwords. Status: Entry
Reference: BUGTRAQ:20010330 STAT Security Advisory: Trend Micro's ScanMail for Exchange store s passwords in registry unprotected
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2001-q1/0049.html
Reference: XF:scanmail-reveals-credentials(6311)
Reference: URL:http://xforce.iss.net/static/6311.php
Reference: OSVDB:5581
Reference: URL:http://www.osvdb.org/5581

Description:
NetScreen ScreenOS prior to 2.5r6 on the NetScreen-10 and Netscreen-100 can allow a local attacker to bypass the DMZ 'denial' policy via specific traffic patterns. Status: Entry
Reference: BUGTRAQ:20010326 Netscreen: DMZ Network Receives Some "Denied" Traffic
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0375.html
Reference: BID:2523
Reference: URL:http://www.securityfocus.com/bid/2523
Reference: XF:netscreen-screenos-bypass-firewall(6317)
Reference: URL:http://xforce.iss.net/static/6317.php
Reference: OSVDB:1780
Reference: URL:http://www.osvdb.org/1780

Description:
Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0). Status: Entry
Reference: BUGTRAQ:20010403 Re: Tomcat may reveal script source code by URL trickery
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0031.html
Reference: HP:HPSBTL0112-004
Reference: URL:http://www1.itrc.hp.com/service/cki/docDisplay.do?docId=HPSBTL0112-004
Reference: XF:jakarta-tomcat-jsp-source(6971)
Reference: URL:http://xforce.iss.net/static/6971.php
Reference: OSVDB:5580
Reference: URL:http://www.osvdb.org/5580

Description:
Directory traversal vulnerability in Oracle JSP 1.0.x through 1.1.1 and Oracle 8.1.7 iAS Release 1.0.2 can allow a remote attacker to read or execute arbitrary .jsp files via a '..' (dot dot) attack. Status: Entry
Reference: WIN2KSEC:20010122 Oracle JSP/SQLJS handlers allow viewing files and executing JSP outside the web root
Reference: BUGTRAQ:20010212 Patch for Potential Vulnerability in the execution of JSPs outside doc_root
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-02/0239.html
Reference: BID:2286
Reference: URL:http://www.securityfocus.com/bid/2286
Reference: XF:oracle-handlers-directory-traversal(5986)
Reference: URL:http://xforce.iss.net/static/5986.php

Description:
Ananconda Partners Clipper 3.3 and earlier allows a remote attacker to read arbitrary files via a '..' (dot dot) attack in the template parameter. Status: Entry
Reference: BUGTRAQ:20010327 advisory
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-03/0395.html
Reference: MISC:http://anacondapartners.com/cgi-local/apexec.pl?template=ap_releasenotestemplate.html&f1=ap_af_updates_menu&f2=ap_af_releasenotes_clip
Reference: BID:2512
Reference: URL:http://www.securityfocus.com/bid/2512
Reference: XF:anaconda-clipper-directory-traversal(6286)
Reference: URL:http://xforce.iss.net/static/6286.php

Description:
kcms_configure as included with Solaris 7 and 8 allows a local attacker to gain additional privileges via a buffer overflow in a command line argument. Status: Entry
Reference: BUGTRAQ:20010409 Solaris kcms_configure vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0140.html
Reference: SUNBUG:4199722
Reference: BID:2558
Reference: URL:http://www.securityfocus.com/bid/2558
Reference: XF:solaris-kcms-command-bo(6359)
Reference: URL:http://xforce.iss.net/static/6359.php
Reference: OVAL:oval:org.mitre.oval:def:65
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:65
Reference: OVAL:oval:org.mitre.oval:def:7
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:7

Description:
Buffer overflow in the kcsSUNWIOsolf.so library in Solaris 7 and 8 allows local attackers to execute arbitrary commands via the KCMS_PROFILES environment variable, e.g. as demonstrated using the kcms_configure program. Status: Entry
Reference: BUGTRAQ:20010411 [LSD] Solaris kcsSUNWIOsolf.so and dtsession vulnerabilities
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-04/0203.html
Reference: SUNBUG:4415570
Reference: XF:solaris-kcssunwiosolf-bo(6365)
Reference: URL:http://xforce.iss.net/static/6365.php
Reference: BID:2605
Reference: URL:http://www.securityfocus.com/bid/2605

Description:
Netscape Communicator before 4.77 allows remote attackers to execute arbitrary Javascript via a GIF image whose comment contains the Javascript. Status: Entry
Reference: BUGTRAQ:20010409 Netscape 4.76 gif comment flaw
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=98685237415117&w=2
Reference: DEBIAN:DSA-051
Reference: URL:http://www.debian.org/security/2001/dsa-051
Reference: CONECTIVA:CLA-2001:393
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000393
Reference: REDHAT:RHSA-2001:046
Reference: URL:http://www.redhat.com/support/errata/RHSA-2001-046.html
Reference: XF:netscape-javascript-access-data(6344)
Reference: URL:http://xforce.iss.net/static/6344.php
Reference: BID:2637
Reference: URL:http://www.securityfocus.com/bid/2637
Reference: IMMUNIX:IMNX-2001-70-014-01
Reference: URL:http://download.immunix.org/ImmunixOS/7.0/updates/IMNX-2001-70-014-01
Reference: OSVDB:5579
Reference: URL:http://www.osvdb.org/5579

Description:
Becky! 2.00.05 and earlier can allow a remote attacker to gain additional privileges via a buffer overflow attack on long messages without newline characters. Status: Entry
Reference: BUGTRAQ:20010514 Becky! 2.00.05 Buffer Overflow
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0089.html
Reference: BID:2723
Reference: URL:http://www.securityfocus.com/bid/2723
Reference: XF:becky-mail-message-bo(6531)
Reference: URL:http://xforce.iss.net/static/6531.php

Description:
McAfee Remote Desktop 3.0 and earlier allows remote attackers to cause a denial of service (crash) via a large number of packets to port 5045. Status: Entry
Reference: BUGTRAQ:20010516 Remote Desktop DoS
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0158.html
Reference: XF:remote-desktop-dos(6547)
Reference: URL:http://xforce.iss.net/static/6547.php
Reference: BID:2726
Reference: URL:http://www.securityfocus.com/bid/2726
Reference: OSVDB:6288
Reference: URL:http://www.osvdb.org/6288

Description:
Omnicron Technologies OmniHTTPD Professional 2.08 and earlier allows a remote attacker to create a denial of service via a long POST URL request. Status: Entry
Reference: BUGTRAQ:20010515 OmniHTTPd Pro Denial of Service Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0131.html
Reference: XF:omnihttpd-post-dos(6540)
Reference: URL:http://xforce.iss.net/static/6540.php
Reference: BID:2730
Reference: URL:http://www.securityfocus.com/bid/2730

Description:
Directory traversal vulnerability in Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a remote attacker to read arbitrary files via a specially crafted URL which includes variations of a '..' (dot dot) attack such as '...' or '....'. Status: Entry
Reference: BUGTRAQ:20010525 Advisory for Freestyle Chat server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0241.html
Reference: BID:2776
Reference: URL:http://www.securityfocus.com/bid/2776
Reference: XF:freestyle-chat-directory-traversal(6601)
Reference: URL:http://xforce.iss.net/static/6601.php
Reference: OSVDB:1841
Reference: URL:http://www.osvdb.org/1841

Description:
Faust Informatics Freestyle Chat server prior to 4.1 SR3 allows a remote attacker to create a denial of service via a URL request which includes a MS-DOS device name (e.g., GET /aux HTTP/1.0). Status: Entry
Reference: BUGTRAQ:20010525 Advisory for Freestyle Chat server
Reference: URL:http://archives.neohapsis.com/archives/bugtraq/2001-05/0241.html
Reference: BID:2777
Reference: URL:http://www.securityfocus.com/bid/2777
Reference: XF:freestyle-chat-device-dos(6602)
Reference: URL:http://xforce.iss.net/static/6602.php

Description:
The FTP server on Cisco Content Service 11000 series switches (CSS) before WebNS 4.01B23s and WebNS 4.10B13s allows an attacker who is an FTP user to read and write arbitrary files via GET or PUT commands. Status: Entry
Reference: CISCO:20010517 Cisco Content Service Switch 11000 Series FTP Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/arrowpoint-ftp-pub.shtml
Reference: CIAC:L-085
Reference: URL:http://www.ciac.org/ciac/bulletins/l-085.shtml
Reference: XF:cisco-css-ftp-commands(6557)
Reference: URL:http://xforce.iss.net/static/6557.php
Reference: BID:2745
Reference: URL:http://www.securityfocus.com/bid/2745
Reference: OSVDB:1834
Reference: URL:http://www.osvdb.org/1834

Description:
The web management service on Cisco Content Service series 11000 switches (CSS) before WebNS 4.01B29s or WebNS 4.10B17s allows a remote attacker to gain additional privileges by directly requesting the web management URL instead of navigating through the interface. Status: Entry
Reference: CISCO:20010531 Cisco Content Service Switch 11000 Series Web Management Vulnerability
Reference: URL:http://www.cisco.com/warp/public/707/arrowpoint-webmgmt-vuln-pub.shtml
Reference: XF:cisco-css-web-management(6631)
Reference: URL:http://xforce.iss.net/static/6631.php
Reference: BID:2806
Reference: URL:http://www.securityfocus.com/bid/2806
Reference: OSVDB:1848
Reference: URL:http://www.osvdb.org/1848