(Description Provided by CVE) : Cisco routers 9.17 and earlier allow remote attackers to bypass security restrictions via certain IP source routed packets that should normally be denied using the "no ip source-route" command.
Major BBS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a designated Forum Op attaches an arbitrary file to his forum, which will disclose the contents of the file resulting in a loss of confidentiality.
Major BBS contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a designated LibOp attaches an arbitrary file to his file library, which will disclose the contents of the file resulting in a loss of confidentiality.
Major BBS contains a flaw that may allow an arbitrary user to access restricted menu trees on the system. The issue is due to the "go" command not requiring admin authentication. Menu trees can be accessed via a command such as "go /sysop" and their presence discovered via "/find a" (which will list all menus with the letter 'a' in them).
Major BBS contains a flaw that may allow a designated Forum Op to bypass the credit system used for file download access. The issue is due to the ability of a Forum Op to set the value of a message post to an arbitrary amount. By changing the value to -32000, posting a message and then deleting the same message, the Forum Op can obtain as many credits as s/he wants. This violates the file credit system that controls file transfer ratios allowing for unlimited file downloads.
Renegade BBS contains a flaw that may allow an unprivileged user to access arbitrary file content. The issue is due to the BBS software allowing system commands to be executed during user/SYSOP chat. The chat routines do not properly validate which user types the commands allowing the user to type the command and display the content of any file on the system.
The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO
warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright
holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.