|
Jan 9 2002
|
EServ Web Server Discloses Password-Protected Files and Directories to Remote Users
|
|
Jan 9 2002
|
(Fix is Available) Re: Linksys Cable/DSL Routers Disclose Information to Remote Users via SNMP Traps
|
|
Jan 9 2002
|
PGP Outlook Plug-in May Automatically and Silently Store Certain Messages to Disk in Decrypted Form
|
|
Jan 8 2002
|
CacheFlow CacheOS Discloses Some Cache Contents to Remote Users
|
|
Jan 8 2002
|
(A User Provides Some Details) Re: Linksys Cable/DSL Routers Disclose Information to Remote Users via SNMP Traps
|
|
Jan 7 2002
|
FAQManager Perl-based FAQ Page Management Software Discloses Files on the Server to Remote Users
|
|
Jan 7 2002
|
Linksys Cable/DSL Routers Disclose Information to Remote Users via SNMP Traps
|
|
Jan 6 2002
|
AOLserver for Windows Discloses Password-Protected Files to Remote Users
|
|
Jan 6 2002
|
Multiple Bugs in the Bugzilla Bug Tracking System Let Remote Users Access Other User Accounts, Conduct Cross-Site Scripting Attacks, and Execute Arbitrary SQL Commands on the Server
|
|
Jan 5 2002
|
(HP Issues Fix for HP Secure OS for Linux) Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
|
|
Jan 5 2002
|
TCL File Server May Disclose Files to Remote Users
|
|
Jan 5 2002
|
'Tasked' PHP-based Task List Application Permission Flaw Lets Valid Users View Other User's Tasks
|
|
Jan 5 2002
|
(FreeBSD Issues Fix For mod_auth_pgsql) Several 3rd Party Apache Authentication Modules Allow Remote Users to Execute Arbitrary Code to Gain Access to the System or Execute Stored Procedures to Obtain Arbitrary Database Information
|
|
Jan 4 2002
|
PHP.EXE Windows CGI for Apache Web Server May Let Remote Users View Files on the Server Due to Configuration Error
|
|
Jan 2 2002
|
Microsoft Internet Explorer GetObject() Active Scripting Bug Lets Remote Code Access Files on the PC
|
|
Dec 31 2001
|
Zml.cgi Markup Language Processor Discloses Files on the Server to Remote Users
|
|
Dec 31 2001
|
Lastlines.cgi Log File Viewing CGI Script Lets Remote Users View Files and Execute Commands on the Server
|
|
Dec 30 2001
|
(Vendor Indicates That Fix Has Been Available for Several Months) Re: PGP Plug-in For Microsoft Outlook May Fail to Encrypt E-mail in Certain Situations
|
|
Dec 29 2001
|
Cherokee Web Server Discloses Any File Located on the Web Server to Remote Users
|
|
Dec 29 2001
|
PHP Rocket Add-in for FrontPage Discloses Files on the Server to Remote Users
|
|
Dec 28 2001
|
Vim Text Editor Backup File Configuration Errors May Let Remote Users View the Source Code of Web Scripts That Have Been Edited With the VIM Editor
|
|
Dec 28 2001
|
DeleGate Proxy Server Allows Cross-Site Scripting Attacks
|
|
Dec 27 2001
|
(Centra Issues Fix) Re: CentraOne Training and Collaboration Software Discloses Passwords to Local Users
|
|
Dec 27 2001
|
Lynx Web Browser SSL Security Flaw Lets Remote Users Conduct Man-in-the-Middle Attacks to Access Sensitive Information
|
|
Dec 27 2001
|
KDE Konqueror Web Browser SSL Security Flaw Lets Remote Users Conduct Man-in-the-Middle Attacks to Access Sensitive Information
|
|
Dec 24 2001
|
PHP-Nuke 'friend.php' Module Allows Cross-Site Scripting Attacks
|
|
Dec 24 2001
|
DMOZGateway Add-on for PHP-Nuke Allows Cross-Site Scripting Attacks
|
|
Dec 24 2001
|
PHP IMessenger Module Allows Cross Site-Scripting Attacks and May Disclose Cookies to Remote Users
|
|
Dec 23 2001
|
PGP Plug-in For Microsoft Outlook May Fail to Encrypt E-mail in Certain Situations
|
|
Dec 23 2001
|
Microsoft Internet Explorer Web Browser SSL Security Flaw Lets Remote Users Conduct Man-in-the-Middle Attacks to Access Sensitive Information
|
|
Dec 22 2001
|
Microsoft Excel Password Protection Flaw Lets Local Users Obtain Contents of Password-Protect Cells
|
|
Dec 22 2001
|
Plesk Server Administrator (PSA) Discloses PHP Source Code to Remote Users
|
|
Dec 20 2001
|
(A User Reports That a Fix is Available) Re: Novell NetWare Enterprise Web Server Discloses the Contents of Any File to Remote Users, Including the Console Password
|
|
Dec 20 2001
|
Microsoft Internet Explorer (IE) Web Browser 'document.open()' Scripting Flaw Lets Remote Users Steal Cookies, Read Local Files, and Spoof Web Sites
|
|
Dec 20 2001
|
Oracle iAS Application Server 'MODPLSQL' Component Discloses Files to Remote Users, Can Be Crashed By Remote Users, and Lets Remote Users Execute Arbitrary Code on the Server
|
|
Dec 19 2001
|
(HP Issues Notice for HP Secure OS for Linux) Ghostscript Postscript Interpreter Lets Local Users Read Files on the System
|
|
Dec 19 2001
|
Novell NetWare Enterprise Web Server Discloses the Contents of Any File to Remote Users, Including the Console Password
|
|
Dec 19 2001
|
Data Wizard Technologies FtpXQ FTP Server Default Configuration Lets Remote Users Access the C:\ Drive
|
|
Dec 19 2001
|
Allen Keul's Aktivate E-commerce System Allows Cross-Site Scripting Attacks
|
|
Dec 18 2001
|
Agora.cgi Commerce Package Input Filtering Flaw Allows Cross-Site Scripting Attacks
|
|
Dec 17 2001
|
Webmin Management Tool Lets Valid Remote Users View and Edit Files on the Web Server
|
|
Dec 17 2001
|
(FreeBSD Issues Fix) ht://Dig Search Engine Software Has Remote Denial of Service and Local Information Disclosure Bugs in htsearch
|
|
Dec 17 2001
|
CentraOne Training and Collaboration Software Discloses Passwords to Local Users
|
|
Dec 15 2001
|
Microsoft Internet Explorer Version 6 Lets Remote Scripts Access and Send Local Files
|
|
Dec 14 2001
|
Html2Wml Conversion Tool Allows Remote Users to View Files on the System
|
|
Dec 13 2001
|
EFTP File Transfer Server Discloses All Directory Contents to Remote Users With Accounts on the Server
|
|
Dec 13 2001
|
Citrix ICA Client for Windows Allows Remote Malicious Code to Execute on a User's PC Without Warning
|
|
Dec 13 2001
|
(Vendor Issues Patch) Re: Platform Computing's Platform LSF Load Sharing Application Contains Multiple Flaws, Disclosing Files to Local Users, Giving Local Users Root Access, and Crashing When Remote Users Send Malformed Packets
|
|
Dec 12 2001
|
(HP Issues Fix for HP Secure OS for Linux) Tomcat Java Server Fails to Apply Security Constraints to URLs in a Certain Format, Giving Remote Users Unauthorized Access
|
|
Dec 12 2001
|
GFI Software's Mail essentials Content Security Gateway May Fail to Remove Some 'bcc:' Addresses from the SMTP Header
|
|
Dec 11 2001
|
(Vendor Cannot Reproduce Claim) Re: Microsoft Windows 2000 RunAs Utility May Disclose Sensitive Information to Local Users
|
|
Dec 8 2001
|
(Vendor Responds) Re: Platform Computing's Platform LSF Load Sharing Application Contains Multiple Flaws, Disclosing Files to Local Users, Giving Local Users Root Access, and Crashing When Remote Users Send Malformed Packets
|
|
Dec 7 2001
|
(Red Hat Issues Fix for Red Hat Secure Web Server) Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
|
|
Dec 7 2001
|
(Vendor Issues Patch) Re: Allaire's JRun Java Server Discloses JSP Source Code to Remote Users When Used As a Connector With Commercial Web Servers
|
|
Dec 7 2001
|
(Vendor Issues Patch) Re: Allaire JRun Java Server Discloses Web Server Directory Contents to Remote Users Requesting URLs Containing '%3f.jsp'
|
|
Dec 5 2001
|
Platform Computing's Platform LSF Load Sharing Application Contains Multiple Flaws, Disclosing Files to Local Users, Giving Local Users Root Access, and Crashing When Remote Users Send Malformed Packets
|
|
Dec 5 2001
|
(ValiCert Issues Fix) Re: ValiCert Enterprise Validation Authority Has Multiple Vulnerabilities That Allow Remote Users to Obtain SYSTEM Level Access to the Administration Server
|
|
Dec 5 2001
|
(Debian Issues Fix) Icecast Audio Broadcasting Server Discloses MP3 Files Located Anywhere on the Installed Drive to Remote Users and Can Be Crashed Remotely
|
|
Dec 5 2001
|
(Red Hat Issues Fix) Apache Web Server May Disclose Directory Contents Even If an Index.html File is Present in the Directory
|
|
Dec 4 2001
|
ValiCert Enterprise Validation Authority Has Multiple Vulnerabilities That Allow Remote Users to Obtain SYSTEM Level Access to the Administration Server
|
|
Nov 30 2001
|
(Red Hat Issues Fix) OpenSSH's Sftp-server Subsystem Lets Authorized Remote Users with Restricted Keypairs Obtain Additional Access on the Server
|
|
Nov 30 2001
|
WoltLabs Burning Board PHP-based Forum Discloses the Web Root Directory Locatoin
|
|
Nov 29 2001
|
CoolSoft's PowerFTP Server Discloses Any File on the System to Remote Users and Can Be Crashed By Remote Users
|
|
Nov 29 2001
|
(Mandrake Issues Fix for Single Network Firewall) Apache Web Server May Display Directory Index Listings Even if Directory Listings Are Disabled
|
|
Nov 29 2001
|
(Some Details Are Provided) Re: Allaire's JRun Java Server Discloses JSP Source Code to Remote Users When Used As a Connector With Commercial Web Servers
|
|
Nov 28 2001
|
(Caldera Issues Fix) Horde Internet Messaging Program (IMP) Cross-Site Scripting Flaw Lets Remote Users Steal Session Cookies and Hijack E-mail Sessions
|
|
Nov 28 2001
|
Allaire's JRun Java Server Discloses JSP Source Code to Remote Users When Used As a Connector With Commercial Web Servers
|
|
Nov 28 2001
|
Allaire JRun Java Server Discloses Web Server Directory Contents to Remote Users Requesting URLs Containing '%3f.jsp'
|
|
Nov 26 2001
|
Microsoft Internet Explorer ActiveX Flaw Permits Remote Malicious HTML Code Containing an 'htmlfile' or 'htmlfile_FullWindowEmbed' Object to Access Local Files and Potentially Execute Commands
|
|
Nov 23 2001
|
Informix Database May Disclose Files on the System to Remote Users
|
|
Nov 21 2001
|
High-bandwidth Digital Content Protection (HDCP) System Feasibly Allows A User to Decrypt Data and Clone Devices
|
|
Nov 20 2001
|
(SGI Describes Workaround) Re: Sendmail Security Holes Let Local Users Obtain Elevated Privileges on the System, Access the E-mail Queue, and Cause Information Loss
|
|
Nov 18 2001
|
Gallery Web Photo Gallery Software for PHPNuke Discloses Files on the Server to Remote Users
|
|
Nov 16 2001
|
(Conectiva Issues Fix) Re: Horde Internet Messaging Program (IMP) Cross-Site Scripting Flaw Lets Remote Users Steal Session Cookies and Hijack E-mail Sessions
|
|
Nov 16 2001
|
(A User Provides Additional Details) Re: Opera Web Browser May Disclose Web Pages, Cookies, and Links from a Separate Domain to a Remote Server Running Malicious Javascript Code
|
