|
Feb 21 2002
|
(Debian Issues Fix) GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
|
|
Feb 21 2002
|
Lil' HTTP Server Discloses Files in Password Protected Directories on the Web Server to Remote Users
|
|
Feb 20 2002
|
(A User Reports that JServ is Vulnerable, Not GNUJSP) Re: GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
|
|
Feb 19 2002
|
GNUJSP Java Server Pages Implementation Discloses Web Files and Source Code to Remote Users and Bypasses Apache Access Control Restrictions
|
|
Feb 17 2002
|
Phusion Web Server Has Multiple Flaws That Let Remote Users View Files, Crash the Server, and Execute Commands and Code to Gain System Level Access
|
|
Feb 14 2002
|
Add2it Mailman Mailing List Manager Input Validation Flaw Lets Remote Users Execute Arbitrary Commands and Write Arbitrary Files on the System
|
|
Feb 13 2002
|
Falcon Web Server URL Parsing Bug Discloses Files in Protected Directories to Remote Users Without Requiring Authentication
|
|
Feb 13 2002
|
(Debian Issues Fix) Faq-O-Matic FAQ Management Application Allows Cross-Site Scripting Attacks
|
|
Feb 12 2002
|
GNU Ada Compiler (GNAT) Temporary File Symlink Flaw May Let Local Users Gain Elevated Privileges on the System
|
|
Feb 12 2002
|
Microsoft Internet Explorer (IE) Web Browser Has New Frame Domain Verification Bug That Lets Remote Users Obtain Files from Another User's Local File System
|
|
Feb 12 2002
|
(Vendor Issues Fix) Re: Microsoft Internet Explorer GetObject() Active Scripting Bug Lets Remote Code Access Files on the PC
|
|
Feb 11 2002
|
SYBEX e-trainer Training Software Discloses Files on the System to Remote Users When Training Software is in Use
|
|
Feb 11 2002
|
CoolSoft's PowerFTP Server Discloses FTP Account Passwords to Local and Remote Users
|
|
Feb 10 2002
|
CGINews Web-based News Management Application Discloses Files on the System to Remote Users
|
|
Feb 10 2002
|
MSN Messenger Instant Messaging System Discloses Contact List Contents From Inactive Accounts to Remote Users
|
|
Feb 10 2002
|
AtheOS Operating System chroot() Function Lets Local Users Break Out and Access Files Outside of the Chroot Jail
|
|
Feb 10 2002
|
InstantServer's MiniPortal FTP Server Has Multiple Flaws That Allow Remote Users to Execute Arbitrary Code and View Files on the Server
|
|
Feb 8 2002
|
Faq-O-Matic FAQ Management Application Allows Cross-Site Scripting Attacks
|
|
Feb 8 2002
|
(Vendor Has a Fix) Re: Microsoft ASP.NET Web Application Framework Allows Cross Site Scritping Attacks and Discloses Path Information to Remote Users
|
|
Feb 7 2002
|
Opera Web Browser Allows Cross-site Scripting Attacks Via Non-HTTP Servers
|
|
Feb 7 2002
|
eshare Expressions Web Site Software Discloses Files on the Hard Drive to Remote Users
|
|
Feb 7 2002
|
Microsoft Internet Explorer Web Browser Allows Cross-site Scripting Attacks Via Non-HTTP Servers
|
|
Feb 7 2002
|
(Vendor Issues Fix) Re: CacheFlow CacheOS Discloses Some Cache Contents to Remote Users
|
|
Feb 6 2002
|
WWWeBBB Web-based Bulletin Board Discloses Files on the System to Remote Users
|
|
Feb 6 2002
|
Oracle Application Server OracleJSP Flaw Discloses JSP Source Code Contents to Remote Users
|
|
Feb 6 2002
|
(Vendor Provides Fix) Re: Lucent VitalNet Performance Management Software Gives Remote Users Access Without Requiring Authentication
|
|
Feb 6 2002
|
(HP Issues Fix) Netscape Web Browser Cookie Processing Bug May Let Remote Web Sites Steal a User's Cookies for Any Domain
|
|
Feb 5 2002
|
(A User Provides a Workaround) Re: NETGEAR Router Allows Cross Site Scripting Attacks, Possibly Allowing a Remote User to Gain Access to the Router
|
|
Feb 5 2002
|
NETGEAR Router Allows Cross Site Scripting Attacks, Possibly Allowing a Remote User to Gain Access to the Router
|
|
Feb 5 2002
|
Windows Messenger (aka MSN Messenger) Instant Messaging Client Discloses Display Name and Contacts to Remote Users
|
|
Feb 5 2002
|
MRTG-Config-Generator (mrtg.cgi) Input Validation Flaw Discloses Portions of Files Located on the System to Remote Users
|
|
Feb 5 2002
|
Microsoft ASP.NET Web Application Framework Allows Cross Site Scritping Attacks and Discloses Path Information to Remote Users
|
|
Feb 4 2002
|
Portix-PHP Web Portal Software Discloses Files to Remote Users and Lets Remote Users Gain Administrator Access on the Portal Application
|
|
Feb 1 2002
|
Microsoft Site Server Commerce Edition Discloses Potentially Sensitive Administration Information and Source Code to Remote Users With Valid Accounts and Discloses User Passwords from the LDAP Directory to Anonymous Remote Users
|
|
Jan 29 2002
|
(Vendor Provides Clarification Regarding Original Report) Re: Agora.cgi Commerce Package Input Filtering Flaw Allows Cross-Site Scripting Attacks
|
|
Jan 29 2002
|
SGI IRIX O2 Video Workstation Allows Remote Users to View the Screen Display on the System
|
|
Jan 29 2002
|
(Vendor Issues Patch) Re: Agora.cgi Commerce Package Input Filtering Flaw Allows Cross-Site Scripting Attacks
|
|
Jan 28 2002
|
Xinet's 'xkas' AppleShare Administration Tool Discloses Any Local File Contents to Local Users
|
|
Jan 25 2002
|
ICEshop E-commerce Software Directory Traversal Flaw Discloses Files on the Server to Remote Users
|
|
Jan 24 2002
|
Plumtree Corporate Portal Allows Cross-Site Scripting Attacks, Letting Remote Users Steal Cookies
|
|
Jan 24 2002
|
Tarantella Enterprise Server 'ttawebtop.cgi' Bug Discloses Files and Directories to Remote Users
|
|
Jan 24 2002
|
(Red Hat Issues Fix) Linux ICMP Stack Implementation Discloses Previously Allocated Server Memory Contents to Remote Users
|
|
Jan 24 2002
|
W3Perl Web Server Statistics Package Allows a Remote User to Cause Arbitrary Javascript to Be Executed When the Package is Used
|
|
Jan 22 2002
|
Linux ICMP Stack Implementation Discloses Previously Allocated Server Memory Contents to Remote Users
|
|
Jan 22 2002
|
Netscape Web Browser Cookie Processing Bug May Let Remote Web Sites Steal a User's Cookies for Any Domain
|
|
Jan 22 2002
|
Mozilla Web Browser Cookie Processing Bug May Let Remote Web Sites Steal a User's Cookies for Any Domain
|
|
Jan 22 2002
|
Citrix NFuse Web Publishing Server Discloses List of Published Applications to Remote Users
|
|
Jan 22 2002
|
Comprehensive Web Programming API (CwpApi) May Disclose Files Located Outside of the Web Root Directory to Remote Users
|
|
Jan 21 2002
|
(Debian Issues Revised Fix) Icecast Audio Broadcasting Server Discloses MP3 Files Located Anywhere on the Installed Drive to Remote Users and Can Be Crashed Remotely
|
|
Jan 21 2002
|
CGI Online Worldweb Shopping (COWS) E-Commerce System Discloses User Information and Order Data to Remote Users and Also Permits Cross-site Scripting Attacks
|
|
Jan 21 2002
|
PGP Wipe Disk Wiping Utility Fails to Remove the Contents of Alternate Data Streams on NTFS Drives
|
|
Jan 21 2002
|
East-Tec Eraser 2000 Disk Wiping Program Does Not Remove Alternate Data Stream Contents from NTFS Hard Disks
|
|
Jan 21 2002
|
SecureClean Disk Wiping Application Fails to Remove Alternate Data Stream Contents from NTFS Drives
|
|
Jan 21 2002
|
Eraser Disk Wiping Utility Fails to Remove Data Stored in Alternate Data Streams from NTFS Hard Drives
|
|
Jan 21 2002
|
BCWipe Disk Wiping Utility Fails to Erase Alternate Data Streams from NTFS Drives
|
|
Jan 18 2002
|
Lucent VitalNet Performance Management Software Gives Remote Users Access Without Requiring Authentication
|
|
Jan 18 2002
|
Hellbent Java-based Web Server May Disclose Configuration Information to Remote Users In Certain Situations
|
|
Jan 18 2002
|
Conectiva Linux MySQL Distribution May Allow Local Users to Obtain Sensitive Information
|
|
Jan 17 2002
|
BadBlue Server and File Sharing Software Bugs Let Remote Users Read Files, Execute Commands, and Consume Available Resources on the Server
|
|
Jan 17 2002
|
Beep2 Tone Generator for UNIX/Linux Operating Systems Allows Local Users to View Files on the System with Root Privileges
|
|
Jan 17 2002
|
Mailidx Perl-based Mailbox Front End Allows Remote Users to Execute SQL Commands on the Underlying SQL Server
|
|
Jan 16 2002
|
HP/UX Release of Sendmail May Disclose Unauthorized Information to E-mail Users Under Certain Conditions
|
|
Jan 16 2002
|
KDE 'efax' Component of 'kdeutils' Lets Local Users View the Contents of Files on the System with Root Level Privileges
|
|
Jan 15 2002
|
Python Language Implementation on Microsoft Windows Allows a Remote Server to Access Files on a Web Surfing User's PC
|
|
Jan 15 2002
|
(Red Hat Issues Fix) Multiple Bugs in the Bugzilla Bug Tracking System Let Remote Users Access Other User Accounts, Conduct Cross-Site Scripting Attacks, and Execute Arbitrary SQL Commands on the Server
|
|
Jan 15 2002
|
Palm Desktop Software for Mac OS X Allows Local Users to View Backup Folders and Files
|
|
Jan 15 2002
|
Microsoft Internet Explorer (IE) Default Configuration Allows HTML-based Scripts to Access Your Windows Clipboard Contents
|
|
Jan 14 2002
|
Web Server 4D/eCommerce Discloses Files Located Anywhere on the Server to Remote Users
|
|
Jan 11 2002
|
(Fix is Available) Re: EServ Web Server Discloses Password-Protected Files and Directories to Remote Users
|
|
Jan 11 2002
|
Address.com Hosted E-mail Service Bug Lets Remote Users Take Over Another User's E-mail Account and View the Previous User's Stored E-mail Messages
|
|
Jan 10 2002
|
Legato NetWorker Configuration Error Lets Any NetWorker Server Backup or Restore a Host Running the NetWorker Client
|
|
Jan 10 2002
|
VTun Tunneling Software Cryptographic Implementation Flaws May Allow Remote Users to Modify or Replay Packets, Learn of Patterns in the Plain Text, and Guess Certain User Passwords
|
|
Jan 10 2002
|
MiraMail Messaging Systems Discloses Sensitive Configuration Data (Including Passwords) to Local Users and Allows Local Users to Modify the Configuration
|
|
Jan 10 2002
|
Tinc VPN Tunneling Software Lacks Packet Authentication Allowing Remote Users to Modify and Replay Tunnel Packets and Possibly Determine the Plain Text Contents
|
|
Jan 10 2002
|
Dino's Webserver Directory Traversal Flaw Lets Remote Users Obtain Files Located Anywhere on the Server
|
