[CLOSE] OSVDB ID : 11946 - Disclosed: 2002-04-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 2069 - Disclosed: 2002-04-30

Description:

The /usr/etc/pmcd daemon contains a flaw that may allow a remote denial of service. The issue is triggered when certain unknown parameters are sent to it. This will make it grow in size and consume all system memory and will result in loss of availability for the system.

[CLOSE] OSVDB ID : 8004 - Disclosed: 2002-04-30

Description:

A local overflow exists in IBM AIX. The namerslv command fails to validate input parameters properly resulting in a buffer overflow. With a specially crafted request, an attacker can cause segmentation faults. The namerslv utility is not SUID and does not result in privilege escalation or loss of confidentiality, integrity, or availability.

[CLOSE] OSVDB ID : 8005 - Disclosed: 2002-04-30

Description:

A local overflow exists in IBM AIX. The mail/mailx command fails to validate input resulting in a possible buffer overflow. With a specially crafted request, an attacker can cause arbitrary command execution. The mail/mailx utility is not SUID and thus does not result in privilege escalation nor loss of confidentiality and/or integrity.

[CLOSE] OSVDB ID : 778 - Disclosed: 2002-04-30

Description:

A format string vulnerability exists in Solaris's rpc.rwalld daemon. When the wall command cannot be executed, there is a format string vulnerability in the message which should be generated to the syslog function. If the attacker is able to force this message to be called, with a specially crafted request the attacker can cause remote execution of arbitrary code, resulting in a loss of confidentiality, integrity, and/or availability.

[CLOSE] OSVDB ID : 4695 - Disclosed: 2002-04-30

Description:

IRIX contains a flaw that may allow a local denial of service. The issue is triggered when the /dev/MAKEDEV script creates /dev/ipfilter with weak permissions (644), allowing a malicious user access the device in an undisclosed manner, resulting in loss of availability for the platform.

[CLOSE] OSVDB ID : 7142 - Disclosed: 2002-04-30

Description:

Interchange contains a flaw related to the Vend::Util::send_mail function and parsing unsafe email addresses. No further details have been provided.

[CLOSE] OSVDB ID : 8003 - Disclosed: 2002-04-30

Description:

A local overflow exists in IBM AIX. The uucp command fails to validate input file string parameters (-s parameter) resulting in a buffer overflow. With a specially crafted request longer than BUFSIZ, an attacker can cause segmentation faults resulting in a loss of integrity.

[CLOSE] OSVDB ID : 8007 - Disclosed: 2002-04-30

Description:

A local overflow exists in IBM AIX. The pioout command fails to validate input resulting in a possible buffer overflow. With a specially crafted request, an attacker can cause arbitrary command execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 8637 - Disclosed: 2002-04-30

Description:

CVSTrac contains a flaw related to the vxprintf() function in cgi.c that may allow an attacker to cause a precision overflow. No further details have been provided.

[CLOSE] OSVDB ID : 11361 - Disclosed: 2002-04-30

Description:

(Description Provided by CVE) : Vulnerability in FTPSRVR in HP MPE/iX 6.0 through 7.0 does not properly validate certain FTP commands, which allows attackers to gain privileges.

[CLOSE] OSVDB ID : 14199 - Disclosed: 2002-04-30

Description:

(Description Provided by CVE) : The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the file on the client, then reading the result using the responseText property.

[CLOSE] OSVDB ID : 14200 - Disclosed: 2002-04-30

Description:

(Description Provided by CVE) : Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long channel name in an IRC URI.

[CLOSE] OSVDB ID : 8711 - Disclosed: 2002-04-29

Description:

(Description Provided by CVE) : Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allows local users to execute arbitrary code via a long display command line option.

[CLOSE] OSVDB ID : 90030 - Disclosed: 2002-04-29

Description:

Libxml2 contains a flaw in trionan.c that may allow a denial of service. The issue is due to an unspecified error, which may crash the program. No further details have been provided.

[CLOSE] OSVDB ID : 8699 - Disclosed: 2002-04-29

Description:

(Description Provided by CVE) : cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a denial of service (crash) via an invalid procedure call in an RPC request.

[CLOSE] OSVDB ID : 8702 - Disclosed: 2002-04-29

Description:

(Description Provided by CVE) : Buffer overflow in admintool in Solaris 2.5 through 8 allows local users to gain root privileges via long arguments to (1) the -d command line option, or (2) the PRODVERS argument in the .cdtoc file.

[CLOSE] OSVDB ID : 10392 - Disclosed: 2002-04-29

Description:

(Description Provided by CVE) : Multiple CGI scripts in CIDER SHADOW 1.5 and 1.6 allows remote attackers to execute arbitrary commands via certain form fields.

[CLOSE] OSVDB ID : 10820 - Disclosed: 2002-04-29

Description:

(Description Provided by CVE) : Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux allows local users to gain root privileges via a long (1) Notes_ExecDirectory or (2) PATH environment variable.

[CLOSE] OSVDB ID : 10821 - Disclosed: 2002-04-29

Description:

(Description Provided by CVE) : Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux allows local users to gain root privileges via a long (1) Notes_ExecDirectory or (2) PATH environment variable.

[CLOSE] OSVDB ID : 17477 - Disclosed: 2002-04-29

Description:

(Description Provided by CVE) : Buffer overflow in the fscache_setup function of cachefsd in Solaris 2.6, 7, and 8 allows local users to gain root privileges via a long mount argument.

[CLOSE] OSVDB ID : 59723 - Disclosed: 2002-04-29

Description:

(Description Provided by CVE) : AtGuard 3.2 allows remote attackers to bypass firwall filters and execute prohibited programs by changing the filenames to permitted filenames.

[CLOSE] OSVDB ID : 5178 - Disclosed: 2002-04-28

Description:

Blahz-DNZ prior to 0.25 contains a flaw that may allow a malicious user to bypass authentication. The issue is triggered when a user bypasses the login page and accesses the application scripts directly. It is possible the flaw may allow improper access to the application, and a loss of integrity in the DNS records the application administers.

[CLOSE] OSVDB ID : 5176 - Disclosed: 2002-04-28

Description:

(Description Provided by CVE) : dnstools.php for DNSTools 2.0 beta 4 and earlier allows remote attackers to bypass authentication and gain privileges by setting the user_logged_in or user_dnstools_administrator parameters.

[CLOSE] OSVDB ID : 12011 - Disclosed: 2002-04-28

Description:

(Description Provided by CVE) : gPS before 1.1.0 does not properly follow the rgpsp connection source acceptation policy as specified in the rgpsp.conf file, which could allow unauthorized remote attackers to connect to rgpsp.

[CLOSE] OSVDB ID : 30676 - Disclosed: 2002-04-27

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in centre.php in Messagerie Locale as of 20061127 allows remote attackers to execute arbitrary PHP code via a URL in the page parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 9478 - Disclosed: 2002-04-27

Description:

(Description Provided by CVE) : The default installation of SAP R/3, when using Oracle and SQL*net V2 3.x, 4.x, and 6.10, allows remote attackers to obtain arbitrary, sensitive SAP data by directly connecting to the Oracle database and executing queries against the database, which is not password-protected.

[CLOSE] OSVDB ID : 59411 - Disclosed: 2002-04-27

Description:

(Description Provided by CVE) : isadmin.php in PhpWebGallery 1.0 allows remote attackers to gain administrative access via by setting the photo_login cookie to pseudo.

[CLOSE] OSVDB ID : 86916 - Disclosed: 2002-04-27

Description:

Messagerie contains a flaw that is triggered when input passed via the 'choix_membre_supp' parameter is not properly sanitized in the supp_membre.php script before returning it to the user. This may allow a remote attacker to delete arbitrary users.

[CLOSE] OSVDB ID : 86915 - Disclosed: 2002-04-27

Description:

AWStats contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input before returning it to the user. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 23593 - Disclosed: 2002-04-26

Description:

(Description Provided by CVE) : Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote attackers to cause a denial of service (crash) via an x-header that causes snprintf overwrite the FFGET_FILE variable with a (null) byte.

[CLOSE] OSVDB ID : 43292 - Disclosed: 2002-04-26

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 8103 - Disclosed: 2002-04-26

Description:

(Description Provided by CVE) : PHP-Survey 20000615 and earlier stores the global.inc file under the web root, which allows remote attackers to obtain sensitive information, including database credentials, if .inc files are not preprocessed by the server.

[CLOSE] OSVDB ID : 12025 - Disclosed: 2002-04-26

Description:

(Description Provided by CVE) : Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in the title field of an ID3v2 tag.

[CLOSE] OSVDB ID : 7985 - Disclosed: 2002-04-25

Description:

PunBB contains a undefined flaw, which could lead to a security threat. No further details have been provided.

[CLOSE] OSVDB ID : 86914 - Disclosed: 2002-04-25

Description:

Ultimate PHP Board (UPB) contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via image tags before returning it to the user. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 16384 - Disclosed: 2002-04-25

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 59531 - Disclosed: 2002-04-25

Description:

(Description Provided by CVE) : PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for authentication, which allows remote attackers to bypass authentication for scripts via a request to a .php file with "sms" in the URL, which is included in the PATH_INFO portion of the $PHP_SELF variable, as demonstrated using "mail_send.php/sms".

[CLOSE] OSVDB ID : 59563 - Disclosed: 2002-04-25

Description:

(Description Provided by CVE) : Microsoft Baseline Security Analyzer (MBSA) 1.0 stores security scans in a known location C:\Documents and Settings\username\SecurityScans in plaintext, which could allow remote attackers to obtain sensitive information about the system via malicious active content such as ActiveX controls or Java.

[CLOSE] OSVDB ID : 59933 - Disclosed: 2002-04-25

Description:

(Description Provided by CVE) : BIOS D845BG, D845HV, D845PT and D845WN on Intel motherboards does not properly restrict access to configuration information when BIOS passwords are enabled, which could allow local users to change the default boot device via the F8 key.