[CLOSE] OSVDB ID : 10741 - Disclosed: 2002-12-19

Description:

(Description Provided by CVE) : Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing negative arguments to be fed into memcpy() calls via HTTP requests with (1) a negative Content-Length value or (2) a negative length in a chunked transfer encoding.

[CLOSE] OSVDB ID : 10742 - Disclosed: 2002-12-19

Description:

A remote overflow exists in CUPS, which fails to check user-supplied input for printer attributes before being passed to the strncpy() function, resulting in a buffer overflow. With a specially crafted request, an attacker can cause stack corruption allowing them to crash the service or potentially execute arbitrary code.

[CLOSE] OSVDB ID : 10743 - Disclosed: 2002-12-19

Description:

CUPS contains a flaw that may allow a malicious user to execute arbitrary code. The issue is due to image-gif.c improperly handling zero width GIF images. By sending a specially crafted image with the chunk headers, a remote attacker can corrupt memory and execute arbitrary code, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 10744 - Disclosed: 2002-12-19

Description:

(Description Provided by CVE) : Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not properly check the return values of various file and socket operations, which could allow a remote attacker to cause a denial of service (resource exhaustion) by causing file descriptors to be assigned and not released, as demonstrated by fanta.

[CLOSE] OSVDB ID : 10745 - Disclosed: 2002-12-19

Description:

(Description Provided by CVE) : Multiple integer overflows in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allow remote attackers to execute arbitrary code via (1) the CUPSd HTTP interface, as demonstrated by vanilla-coke, and (2) the image handling code in CUPS filters, as demonstrated by mksun.

[CLOSE] OSVDB ID : 10746 - Disclosed: 2002-12-19

Description:

(Description Provided by CVE) : Multiple integer overflows in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allow remote attackers to execute arbitrary code via (1) the CUPSd HTTP interface, as demonstrated by vanilla-coke, and (2) the image handling code in CUPS filters, as demonstrated by mksun.

[CLOSE] OSVDB ID : 38025 - Disclosed: 2002-12-19

Description:

(Description Provided by CVE) : Cross-site scripting vulnerability (XSS) in editform.php for w-Agora 4.1.5 allows remote attackers to execute arbitrary web script via an arbitrary form field name containing the script, which is echoed back to the user when displaying the form.

[CLOSE] OSVDB ID : 60132 - Disclosed: 2002-12-19

Description:

(Description Provided by CVE) : Directory traversal vulnerability in Enceladus Server Suite 3.9 allows remote attackers to list arbitrary directories and possibly cause a denial of service via "@" (at) characters in a CD (CWD) command, such as (1) "@/....\", (2) "@@@/..c:\", or (3) "@/..@/..".

[CLOSE] OSVDB ID : 43293 - Disclosed: 2002-12-18

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 4319 - Disclosed: 2002-12-18

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 6654 - Disclosed: 2002-12-18

Description:

(Description Provided by CVE) : openwebmail_init in Open WebMail 1.81 and earlier allows local users attackers to execute arbitrary code via .. (dot dot) sequences in a login name, such as the name provided in the sessionid parameter for openwebmail-abook.pl, which is used to find a configuration file that specifies additional code to be executed.

[CLOSE] OSVDB ID : 7100 - Disclosed: 2002-12-18

Description:

(Description Provided by CVE) : openwebmail_init in Open WebMail 1.81 and earlier allows local users attackers to execute arbitrary code via .. (dot dot) sequences in a login name, such as the name provided in the sessionid parameter for openwebmail-abook.pl, which is used to find a configuration file that specifies additional code to be executed.

[CLOSE] OSVDB ID : 7663 - Disclosed: 2002-12-18

Description:

Cartman contains a flaw that may allow a malicious user to buy a product with an arbitrary price. The issue is due to insufficient checks on the price parameter. By submitting a specially crafted request, a remote attacker can purchase products with any price desired, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 9837 - Disclosed: 2002-12-18

Description:

A remote overflow exists in Winamp. The Artist ID3v2 tag fails to perform proper bounds checking resulting in a buffer overflow. By creating a malicious MP3 file, which would be loaded via the Media Library window, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 12027 - Disclosed: 2002-12-18

Description:

(Description Provided by CVE) : Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the Media Library window, allows remote attackers to execute arbitrary code via an MP3 file containing a long (1) Artist or (2) Album ID3v2 tag.

[CLOSE] OSVDB ID : 13413 - Disclosed: 2002-12-18

Description:

(Description Provided by CVE) : Buffer overflow in the Windows Shell function in Microsoft Windows XP allows remote attackers to execute arbitrary code via an .MP3 or .WMA audio file with a corrupt custom attribute, aka "Unchecked Buffer in Windows Shell Could Enable System Compromise."

[CLOSE] OSVDB ID : 59559 - Disclosed: 2002-12-18

Description:

(Description Provided by CVE) : Directory traversal vulnerability in TYPSoft FTP Server 0.99.8 allows local users to list the contents of arbitrary directories via a ... (dot dot dot) in the cd/CWD command.

[CLOSE] OSVDB ID : 13295 - Disclosed: 2002-12-17

Description:

GoAhead WebServer contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when prefixing an ASP filename with specific characters (/), (\), (%20) or (%00), which will disclose the source file code resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 6645 - Disclosed: 2002-12-17

Description:

(Description Provided by CVE) : Macromedia Flash Player before 6.0.65.0 allows remote attackers to execute arbitrary code via certain malformed data headers in Shockwave Flash file format (SWF) files, a different issue than CAN-2002-0846.

[CLOSE] OSVDB ID : 9590 - Disclosed: 2002-12-17

Description:

(Description Provided by CVE) : Linux kernel 2.2.x allows local users to cause a denial of service (crash) by using the mmap() function with a PROT_READ parameter to access non-readable memory pages through the /proc/pid/mem interface.

[CLOSE] OSVDB ID : 19181 - Disclosed: 2002-12-16

Description:

(Description Provided by CVE) : Buffer overflow in Melange Chat System 1.10 allows remote attackers to cause a denial of service (chat server crash) and possibly execute arbitrary code via the msgText buffer in the chat_InterpretData function, as demonstrated via a long Nick (nickname) request.

[CLOSE] OSVDB ID : 17757 - Disclosed: 2002-12-16

Description:

(Description Provided by CVE) : Memory leak in RealSecure Event Collector 6.5 allows attackers to cause a denial of service (memory consumption and crash).

[CLOSE] OSVDB ID : 8042 - Disclosed: 2002-12-16

Description:

(Description Provided by CVE) : Multiple SSH2 servers and clients do not properly handle packets or data elements with incorrect length specifiers, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.

[CLOSE] OSVDB ID : 8043 - Disclosed: 2002-12-16

Description:

(Description Provided by CVE) : Multiple SSH2 servers and clients do not properly handle lists with empty elements or strings, which may allow remote attackers to cause a denial of service or possibly execute arbitrary code, as demonstrated by the SSHredder SSH protocol test suite.

[CLOSE] OSVDB ID : 8044 - Disclosed: 2002-12-16

Description:

Multiple buffer overflows exist in multiple SSH implementations. Both servers and clients fail to validate large packets or fields resulting in a buffer overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 8045 - Disclosed: 2002-12-16

Description:

A remote overflow exists in SSH2. The SSH2 software fails to handle strings with null characters in the length field, resulting in a buffer overflow. By sending a specially-crafted packet with a string field containing null characters during SSH key exchange and initialization, a remote attacker could overflow a buffer and crash or execute arbitrary code on the system with privileges of the SSH process, resulting in a loss of confidentiality, integrity or availability.

[CLOSE] OSVDB ID : 2290 - Disclosed: 2002-12-16

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 18810 - Disclosed: 2002-12-16

Description:

LocalWEB2000 contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the file users.lst is accessed, which will disclose usernames and passwords used to access restricted directories resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 7431 - Disclosed: 2002-12-15

Description:

TikiWiki contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to cleartext passwords by selecting the 'users_users' table in mysql, which may lead to a loss of confidentiality.

[CLOSE] OSVDB ID : 52431 - Disclosed: 2002-12-15

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 7191 - Disclosed: 2002-12-14

Description:

libpng contains an overflow condition in the handling of PNG files. The issue is triggered as user-supplied input is not properly sanitized when handling row buffers. With a specially crafted PNG file, a context-dependent attacker can cause a buffer overflow to cause a denial of service or potentially execute arbitrary code.

[CLOSE] OSVDB ID : 41009 - Disclosed: 2002-12-14

Description:

MyPHPLinks contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'checksession.php' script not properly sanitizing user-supplied input to the 'idsession' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 4553 - Disclosed: 2002-12-12

Description:

(Description Provided by CVE) : Buffer overflows in the ApacheBench benchmark support program (ab.c) in Apache before 1.3.27, and Apache 2.x before 2.0.43, allow a malicious web server to cause a denial of service and possibly execute arbitrary code via a long response.

[CLOSE] OSVDB ID : 8885 - Disclosed: 2002-12-12

Description:

(Description Provided by CVE) : libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0.6, does not properly verify length fields for certain responses in the (1) read_rows or (2) read_one_row routines, which allows remote attackers to cause a denial of service and possibly execute arbitrary code.

[CLOSE] OSVDB ID : 6251 - Disclosed: 2002-12-12

Description:

(Description Provided by CVE) : Multiple buffer overflows in Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 allow remote attackers to cause a denial of service (service termination) via (1) malformed RealAudio (rad) packets that are not properly handled by the RealAudio Proxy, or (2) crafted packets to the statistics service (statsd).

[CLOSE] OSVDB ID : 6252 - Disclosed: 2002-12-12

Description:

(Description Provided by CVE) : Multiple buffer overflows in Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and 7.0, VelociRaptor 500/700/1000 and 1100/1200/1300, and Gateway Security 5110/5200/5300 allow remote attackers to cause a denial of service (service termination) via (1) malformed RealAudio (rad) packets that are not properly handled by the RealAudio Proxy, or (2) crafted packets to the statistics service (statsd).

[CLOSE] OSVDB ID : 7509 - Disclosed: 2002-12-12

Description:

Mambo Site Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when requesting the 'phpinfo.php' page, which will disclose sensitive system information resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 7510 - Disclosed: 2002-12-12

Description:

Mambo Site Server contains a flaw that may lead to an unauthorized information disclosure. This flaw exists because the application does not validate 'Itemid' variables upon submission to the 'index.php' script. Is is possible for a remote attacker to send a specially crafted request to the 'index.php' script which would cause an error message to be returned that reveals the installation path, resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 7511 - Disclosed: 2002-12-12

Description:

Mambo Site Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input upon submission to the 'search.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 7512 - Disclosed: 2002-12-12

Description:

Mambo Site Server contains a flaw that may allow a remote attacker to arbitrary lock user accounts. The issue is triggered when editing a victim's registration password to include special characters, which will lock the victim's account resulting in a loss of availability.