|
Nov 29 2001
|
(A User Provides a Generic Patch) Re: WU-FTPD File Globbing Character Bug Allows Remote Users to Obtain Root-Level Privileges on the Server
|
|
Nov 29 2001
|
(Some Details Are Provided) Re: Allaire's JRun Java Server Discloses JSP Source Code to Remote Users When Used As a Connector With Commercial Web Servers
|
|
Nov 28 2001
|
GNU Mailman E-mail Archive Server Enables Cross-Site Scripting Attacks
|
|
Nov 28 2001
|
Allaire's JRun Java Server Discloses JSP Source Code to Remote Users When Used As a Connector With Commercial Web Servers
|
|
Nov 28 2001
|
Allaire's JRun Java Server May Issue Duplicate Session IDs in Certain Cases, Potentially Allowing a Remote User to Act as Another User
|
|
Nov 28 2001
|
Sendpage.pl CGI Script Lets Remote Users Execute Commands on the Web Server
|
|
Nov 28 2001
|
WU-FTPD File Globbing Character Bug Allows Remote Users to Obtain Root-Level Privileges on the Server
|
|
Nov 27 2001
|
LibGTop Utility Has Format String Flaws That Let Remote Users Execute Arbitrary Code on the Server
|
|
Nov 27 2001
|
Xitami Web Server Discloses Web Server Administrator Password to Local Users, Which Could Lead to Root Compromise
|
|
Nov 26 2001
|
Auto Nice Daemon (AND) Job Prioritization Utility Has Format String Bug That Lets Local Users Execute Code as Root and Obtain Root Level Privileges on the System
|
|
Nov 26 2001
|
iODBC Open DataBase Connectivity Library Buffer Overflow May Let Remote Users Execute Arbitrary Code When Used With a Web Server
|
|
Nov 25 2001
|
Oracle9iAS Web Cache Can Be Crashed By Remote Users Sending Malformed HTTP Content Length Header
|
|
Nov 23 2001
|
Post-Nuke Discloses Administrator Password in Authentication Cookie
|
|
Nov 23 2001
|
(Issue Has Been Fixed) Re: Linux 2.4 Kernel Denial of Service Condition Allows Non-privileged Local Users to Reboot the System
|
|
Nov 23 2001
|
Informix Database May Disclose Files on the System to Remote Users
|
|
Nov 23 2001
|
Jakarta Tomcat Java Server May Disclose the Server's Installation Path to Remote Users
|
|
Nov 22 2001
|
Yahoo Messenger Instant Messaging Client Uses Weak Authentication Allowing a Remote User to Gain Access to Another User's Account
|
|
Nov 22 2001
|
Linux 2.4 Kernel Denial of Service Condition Allows Non-privileged Local Users to Reboot the System
|
|
Nov 22 2001
|
Legato NetWorker Backup and Storage Software Uses Weak Authentication That Permits Spoofing and Allows a Remote User to Gain Administrative Access to the Application
|
|
Nov 22 2001
|
Rwhoisd Syslog Format String Bug Lets Remote Users Execute Arbitrary Code on the Server and Gain Access to the Server
|
|
Nov 22 2001
|
Pmake Utility Has Format String Bug and Buffer Overflow That Each Allow a Local User to Gain Root Access on an Affected Host
|
|
Nov 22 2001
|
PHP-Nuke Discloses Administrator Password in Authentication Cookie
|
|
Nov 21 2001
|
Finger.pl Script Input Validation Flaw Allows Remote Users to Execute Commands on the Server
|
|
Nov 21 2001
|
Thttpd Web Server Has a One Byte Buffer Overflow That Allows Remote Users to Execute Arbitrary Code
|
|
Nov 20 2001
|
Hypermail Web-based E-mail Archive Lets Remote Users Execute SSI Commands on the Server
|
|
Nov 20 2001
|
(Vendor Issues Fix) Re: OpenSSH 3.0 Denial of Service Condition May Allow Remote Users to Crash the sshd Daemon and KerberosV Configuration Error May Allow Remote Users to Partially Authenticate When Authentication Should Not Be Permitted
|
|
Nov 19 2001
|
Gzip File Compression Utility Buffer Overflow Used By Many FTP Servers Allows Remote Users to Execute Arbitrary Code on the FTP Server
|
|
Nov 18 2001
|
Gallery Web Photo Gallery Software for PHPNuke Discloses Files on the Server to Remote Users
|
|
Nov 16 2001
|
Network Tools Addon for PHPNuke Lets Remote Users Execute Arbitrary Commands on the Server
|
|
Nov 16 2001
|
OPIE One-time Password Software Discloses Information About Valid vs. Non-valid User Accounts
|
|
Nov 16 2001
|
(A User Provides Information About Recent OpenSSH Changes) Re: OpenSSH's S/Key Implementation Information Disclosure Flaw Provides Remote Users With Information About Valid User Accounts
|
|
Nov 16 2001
|
(A User Provides Additional Details) Re: Opera Web Browser May Disclose Web Pages, Cookies, and Links from a Separate Domain to a Remote Server Running Malicious Javascript Code
|
|
Nov 15 2001
|
Opera Web Browser May Disclose Web Pages, Cookies, and Links from a Separate Domain to a Remote Server Running Malicious Javascript Code
|
|
Nov 15 2001
|
(Vendor Issues Fix) Re: Postfix Mail Server Can Be Crashed By Remote Users Initiating Unsuccessful Sessions
|
|
Nov 15 2001
|
Postfix Mail Server Can Be Crashed By Remote Users Initiating Unsuccessful Sessions
|
|
Nov 14 2001
|
OpenSSH 3.0 Denial of Service Condition May Allow Remote Users to Crash the sshd Daemon and KerberosV Configuration Error May Allow Remote Users to Partially Authenticate When Authentication Should Not Be Permitted
|
|
Nov 13 2001
|
Radius Server Buffer Overflow May Allow Remote Users to Crash the Server
|
|
Nov 13 2001
|
mini_httpd Web Server Discloses Password-Protected and Non-Readable Files to Remote Users
|
|
Nov 13 2001
|
thttpd Web Server Discloses Password-Protected and Non-Readable Files to Remote Users in Certain Configurations
|
|
Nov 13 2001
|
(Lotus Provides Information on How to Use ACLs) Re: Lotus Domino Access Control List Configuration Error May Allow Remote Users to View Documents that an Administrator Believes are Protected
|
|
Nov 13 2001
|
(Lotus Responds) Re: Lotus Domino Web Server Default Navigation Protection Mechanisms Can Be Bypassed by Remote Users, Allowing Some Portions of the Database to be Viewed
|
|
Nov 13 2001
|
(Lotus Responds and Provides Recommendations) Re: Lotus Domino Web Administrator Template Access Control Flaw Lets Remote Users Gain Some Web Administrator Privileges
|
|
Nov 13 2001
|
Slash Code Authentication Weakness May Allow Remote Users to Brute-Force Guess New User Passwords in Certain Situations
|
|
Nov 13 2001
|
OpenSSH's S/Key Implementation Information Disclosure Flaw Provides Remote Users With Information About Valid User Accounts
|
|
Nov 10 2001
|
(Vendor Issues Fix) Re: Horde Internet Messaging Program (IMP) Cross-Site Scripting Flaw Lets Remote Users Steal Session Cookies and Hijack E-mail Sessions
|
|
Nov 9 2001
|
Horde Internet Messaging Program (IMP) Cross-Site Scripting Flaw Lets Remote Users Steal Session Cookies and Hijack E-mail Sessions
|
|
Nov 9 2001
|
Rational ClearCase Configuration Management Software Buffer Overflow in db_loader Lets Local Users Execute Arbitrary Code with Root Level Privileges
|
|
Nov 8 2001
|
(Additional Vulnerability Information is Provided) Re: PHP-Nuke Lets Remote Users Upload Files to the Server and Copy Files on the Server, Yielding User Level Access on the Server
|
|
Nov 2 2001
|
Linux Kernel TCP Syn Cookies Flaw Lets Remote Users Bypass Certain Firewall Rules to Access Protected Ports on the Server in Limited Cases
|
|
Nov 2 2001
|
Progress Database Format String Vulnerability Yields Root Privileges to Local Users
|
|
Nov 1 2001
|
Viralator Perl-based Virus Scanning Script Executes Arbitrary User-supplied Commands
|
|
Nov 1 2001
|
Cyrus Simple Authentication and Security Layer (SASL) Library Contains Format String Bug That May Allow Remote Users to Execute Arbitrary Code with Root Level Privileges
|
|
Nov 1 2001
|
(Engarde Issues Fix) Webalizer Log File Analyzer Cross-Site Scripting Hole Allows Remote Users to Cause Arbitrary But Trusted Code to Be Executed By Another User When Viewing Webalizer Reports
|
|
Nov 1 2001
|
e-Zone Media's FuseTalk Bulletin Board Input Validation Flaw Lets Remote Users Execute SQL Commands on the Server
|
|
Nov 1 2001
|
(A User Summarizes Domino Access Control Methods) Re: Lotus Domino Access Control List Configuration Error May Allow Remote Users to View Documents that an Administrator Believes are Protected
|
|
Oct 31 2001
|
(Oracle Issues Fix) Re: Oracle9iAS Web Cache Allows Remote Users to Execute Arbitrary Code or Cause the Caching Process to Exit or Hang
|
|
Oct 31 2001
|
(Oracle Issues Workaround) Re: Oracle Database Permission Configuration Error Lets Local Users Modify Database Files, Configuration Files, and Executables
|
|
Oct 31 2001
|
Lotus Domino Access Control List Configuration Error May Allow Remote Users to View Documents that an Administrator Believes are Protected
|
|
Oct 31 2001
|
Lotus Domino Web Server Default Navigation Protection Mechanisms Can Be Bypassed by Remote Users, Allowing Some Portions of the Database to be Viewed
|
|
Oct 31 2001
|
Lotus Domino Web Administrator Template Access Control Flaw Lets Remote Users Gain Some Web Administrator Privileges
|
|
Oct 31 2001
|
Web Crossing Discussion and Chat Software Uses Weak Session Authentication That Allows Remote Users to Hijack User Sessions
|
|
Oct 30 2001
|
Leoboard Bulletin Board Cookie Input Validation Flaw Lets Remote Users Write to Files on the System
|
|
Oct 30 2001
|
Ikonboard Bulletin Board Cookie Input Validation Flaw Lets Remote Users Write to Files on the System
|
|
Oct 30 2001
|
Seth Leonard's Post It! CGI Script Meta-Character Filtering Hole Lets Remote Users Execute Arbitrary Shell Commands on the Web Server
|
|
Oct 30 2001
|
Seth Leonard's Book of Guests CGI Script Meta-Character Filtering Hole Lets Remote Users Execute Arbitrary Shell Commands on the Web Server
|
|
Oct 29 2001
|
Ikonboard Bulletin Board Does Not Filter HTML IMG Tags for Javascript, Allowing Cross Site Scripting Attacks
|
|
Oct 29 2001
|
phpBB Bulletin Board Fails to Filter HTML Image Tags, Allowing Cross Site Scripting Attacks
|
|
Oct 27 2001
|
Ghostscript Postscript Interpreter Lets Local Users Read Files on the System
|
|
Oct 27 2001
|
(A Patch is Issued) Re: RWhoisd Start of Authority Format String Bug Lets Local Users Execute Code and Gain Elevated Privileges on the System
|
|
Oct 26 2001
|
Check Point FireWall-1/VPN-1 Management Functions Can Be Crashed By Remote Users Due to RDP Processing Flaw
|
|
Oct 26 2001
|
iBill Internet Commerce Billing System Uses Weak Authentication Method in the Default Configuration, Allowing Remote Users to Modify User Accounts on the System
|
|
Oct 25 2001
|
RWhoisd Start of Authority Format String Bug Lets Local Users Execute Code and Gain Elevated Privileges on the System
|
|
Oct 25 2001
|
Webalizer Log File Analyzer Cross-Site Scripting Hole Allows Remote Users to Cause Arbitrary But Trusted Code to Be Executed By Another User When Viewing Webalizer Reports
|
|
Oct 24 2001
|
Red Hat Package Manager (RPM) Archives May Execute Arbitrary Code With Printer (lp) Privileges When Queried, Allowing a Local User to Gain Elevated Privileges on the Host
|
|
Oct 24 2001
|
(Oracle Describes a Workaround) Re: Oracle Database otrcrep Component Buffer Overflow Lets Local Users Obtain Escalated Group and User Privileges
|
