| OSVDB ID | Disclosure Date | Title |
|---|
|
87437
Description:
Geeklog contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate input passed via stories or comment bodies by stripping out HTML elements. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2002-07-19
|
Geeklog Stories / Comment Body HTML Element XSS
|
|
7983
Description:
PunBB contains a flaw that may allow a remote attacker to modify arbitrary post subjects. No further details have been provided.
|
2002-07-18
|
PunBB Arbitrary Post Subject Modification
|
|
14488
Description:
(Description Provided by CVE) : Buffer overflow in the control service for MERCUR Mailserver 4.2 allows remote attackers to execute arbitrary code via a long password.
|
2002-07-18
|
MERCUR Mailserver Control Service Password Field Remote Overflow
|
|
9633
Description:
(Description Provided by CVE) : Unknown vulnerability in HP Instant Support Enterprise Edition (ISEE) product U2512A for HP-UX 11.00 and 11.11 may allow authenticated users access to access restricted files.
|
2002-07-18
|
HP-UX Instant Support Enterprise Edition Restricted File Access
|
|
59367
Description:
(Description Provided by CVE) : CRLF injection vulnerability in the "User Profile: Send Email" feature in Geeklog 1.35 and 1.3.5sr1 allows remote attackers to obtain e-mail addresses by injecting a CRLF into the Subject field and adding a BCC mail header.
|
2002-07-18
|
Geeklog User Message Feature CRLF SMTP Command Injection
|
|
8386
Description:
The Mozilla Web Browser contains a flaw that could allow a remote site to enumerate web sites visited by the user. This flaw exists because the eval() functions lacks sufficient access controls.
|
2002-07-17
|
Mozilla eval/with Javascript Cross Domain Variable Disclosure
|
|
18531
Description:
Linux dump contains a flaw that may allow a local denial of service. The issue is triggered when a malicious user uses 'dump' to execute a lock on the /etc/dumpdates file, and will result in loss of availability for the dump service.
|
2002-07-17
|
Linux dump flock() /etc/dumpdates Local DoS
|
|
6695
Description:
(Description Provided by CVE) : rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks.
|
2002-07-17
|
Oracle Reports Server /rwcgi60/showenv Remote Information Disclosure
|
|
9231
Description:
Macromedia Sitespring contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'et' parameter upon submission to the '500error.jsp' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2002-07-17
|
Macromedia Sitespring 500error.jsp et Parameter XSS
|
|
9982
Description:
The ZyXEL Prestige 642R router contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker send a TCP packet with the SYN and ACK flags set, and will result in loss of availability for the device short period of time.
|
2002-07-17
|
ZyXEL Prestige 642R Malformed TCP Packet DoS
|
|
4629
Description:
(Description Provided by CVE) : Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS device names in HTTP requests to (1) cause a denial of service using the "con" device, or (2) obtain the physical path of the server using two requests to the "aux" device.
|
2002-07-17
|
Jigsaw Webserver DOS device DoS
|
|
4628
Description:
(Description Provided by CVE) : Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS device names in HTTP requests to (1) cause a denial of service using the "con" device, or (2) obtain the physical path of the server using two requests to the "aux" device.
|
2002-07-17
|
Jigsaw Webserver Path Disclosure
|
|
5498
Description:
PHPWiki contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the pagename variable in the wiki module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2002-07-17
|
PostNuke Wiki Module pagename Parameter XSS
|
|
850
Description:
(Description Provided by CVE) : Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers to obtain server's root path via requests for MS-DOS device names such as lpt9.xtp.
|
2002-07-17
|
Caucho Resin MS-DOS Device Request Path Disclosure
|
|
59909
Description:
(Description Provided by CVE) : tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file.
|
2002-07-17
|
Multiple BSD tip acculog File Lock Local DoS
|
|
59910
Description:
(Description Provided by CVE) : tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file.
|
2002-07-17
|
SuSE Linux tip acculog File Lock Local DoS
|
|
60254
Description:
(Description Provided by CVE) : Winamp 2.65 through 3.0 stores skin files in a predictable file location, which allows remote attackers to execute arbitrary code via a URL reference to (1) wsz and (2) wal files that contain embedded code.
|
2002-07-17
|
Winamp wsz / wal File Predictable Skin Location Arbitrary Code Execution
|
|
87436
Description:
Python Pickle Module contains a flaw that is triggered when an error occurs during the unpickling of data. This may allow a context-dependent attacker to execute arbitrary system commands.
|
2002-07-17
|
Python Pickle Module Data Unpickling Arbitrary Command Execution
|
|
87435
Description:
Python Pickle Module contains a flaw that is triggered when an error occurs in the SmartCookie class during the handling of constructor data. This may allow a context-dependent attacker to execute arbitrary system commands.
|
2002-07-17
|
Python Pickle Module SmartCookie Class Constructor Data Handling Arbitrary Command Execution
|
|
6769
Description:
A remote overflow exists in Oddspot Song Requester. The Song Requester fails to check the length of multiple variables in the request.cgi script resulting in a buffer overflow. With a specially crafted request, an attacker can cause a DoS resulting in a loss of availability.
|
2002-07-16
|
Song Requester Winamp Plugin request.cgi Multiple Variable Overflow DoS
|
|
60062
Description:
(Description Provided by CVE) : Cross-site scripting vulnerability AOL Instant Messenger (AIM) 4.5 and 4.7 for MacOS and Windows allows remote attackers to conduct unauthorized activities, such as adding buddies and groups to a user's buddy list, via a URL with a META HTTP-EQUIV="refresh" tag to an aim: URL.
|
2002-07-16
|
AOL Instant Messenger (AIM) URL refresh Tag XSS
|
|
3955
Description:
MIT cgiemail contains a flaw that allows a remote attacker to send e-mail without authentication. The issue us due to the program not asking or requiring authentication credentials to send e-mail. If an attacker (or spammer) uses this, mail can be sent through the server and made to appear from the victim network.
|
2002-07-16
|
cgiemail Open E-Mail Relay
|
|
11365
Description:
(Description Provided by CVE) : Buffer overflow in ipcs for HP Tru64 UNIX 4.0f through 5.1a may allow attackers to execute arbitrary code, a different vulnerability than CVE-2001-0423.
|
2002-07-16
|
HP Tru64 UNIX ipcs Overflow
|
|
59762
Description:
(Description Provided by CVE) : Unknown vulnerability in inetd in HP Tru64 Unix 4.0f through 5.1a allows remote attackers to cause a denial of service via unknown attack vectors.
|
2002-07-16
|
HP Tru64 UNIX inetd Unspecified Remote DoS
|
|
88848
Description:
NetWin SurgeFTP contains a flaw that may lead to unauthorized disclosure of potentially sensitive information. The issue is due to the command line displaying login credentials. This may allow a local attacker to gain access to credential information via a process listing.
|
2002-07-16
|
NetWin SurgeFTP Command Line Process Listing Local Password Disclosure
|
|
16393
Description:
Unknown / Incomplete
|
2002-07-15
|
Mozilla Malformed .jar File Decompression Overflow
|
|
16392
Description:
Unknown / Incomplete
|
2002-07-15
|
Mozilla POP3 Response Overflow
|
|
4366
Description:
Symantec personal firewalls contain a flaw that may allow a remote attacker to execute arbitrary code. The issue is due to the HTTP proxy not sanitizing all forms of user input. If an attacker can trick a user into sending an overly long outgoing HTTP request through the proxy, they may be able to have their code executed by the user with elevated privileges. This scenario could be achieved by sending an e-mail with an HREF link or having the user visit a hostile web page.
|
2002-07-15
|
Symantec Personal Firewalls HTTP Proxy Remote Overflow
|
|
27088
Description:
(Description Provided by CVE) : Format string vulnerability in newsx NNTP client before 1.4.8 allows local users to execute arbitrary code via format string specifiers that are not properly handled in a call to the syslog function.
|
2002-07-15
|
newsx syslog Function Local Format String
|
|
5049
Description:
Cisco Secure ACS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'action' variables upon submission to 'setup.exe' handler. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2002-07-15
|
CiscoSecure ACS setup.exe action Parameter XSS
|
|
6767
Description:
(Description Provided by CVE) : Buffer overflow in web server for Tivoli Management Framework (TMF) Endpoint 3.6.x through 3.7.1, before Fixpack 2, allows remote attackers to cause a denial of service or execute arbitrary code via a long HTTP GET request.
|
2002-07-15
|
IBM Tivoli Management Framework Endpoint Web Server GET Request Remote Overflow
|
|
6768
Description:
(Description Provided by CVE) : Buffer overflow in web server for Tivoli Management Framework (TMF) ManagedNode 3.6.x through 3.7.1 allows remote attackers to cause a denial of service or execute arbitrary code via a long HTTP GET request.
|
2002-07-15
|
IBM Tivoli Management Framework ManagedNode Web Server GET Request Remote Overflow
|
|
10927
Description:
(Description Provided by CVE) : Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 before 3.0.3A allows remote attackers to cause a denial of service.
|
2002-07-15
|
Novell NetMail IMAP Agent Remote Overflow DoS
|
|
59363
Description:
123tkShop contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'function_describe_item1.inc.php' script not properly sanitizing user-supplied input to the unspecified parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.
|
2002-07-15
|
123tkShop function_describe_item1.inc.php Unspecified Parameter SQL Injection
|
|
59364
Description:
(Description Provided by CVE) : Directory traversal vulnerability in function_foot_1.inc.php for Thorsten Korner 123tkShop before 0.3.1 allows remote attackers to read arbitrary files via .. (dot dot) sequences terminated by a null character in the $designNo variable, which is part of an "include" function call.
|
2002-07-15
|
123tkShop function_foot_1.inc.php $designNo Parameter Traversal Arbitrary File Access
|
|
59275
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in FuseTalk 2.0 and 3.0 allows remote attackers to insert arbitrary HTML and web script.
|
2002-07-15
|
FuseTalk x.cfm X Parameter XSS
|
|
60241
Description:
(Description Provided by CVE) : Sun PC NetLink 1.0 through 1.2 does not properly set the access control list (ACL) for files and directories that use symbolic links and have been restored from backup, which could allow local or remote attackers to bypass intended access restrictions.
|
2002-07-15
|
Sun PC NetLink Backup Restored Symlink ACL Application Restriction Bypass
|
|
87434
Description:
ICQ contains a flaw that is triggered during the handling of a specially crafted SCM file. This may allow a remote attacker to manipulate arbitrary sound schemes.
|
2002-07-15
|
ICQ Crafted SCM File Remote Sound Scheme Manipulation
|
|
5848
Description:
(Description Provided by CVE) : Cross-site scripting vulnerability in Double Choco Latte (DCL) before 20020706 allows remote attackers to inject arbitrary HTML, including script, into web pages via the (1) Ticket# Find, (2) Priorities, (3) Severities, (4) Projects, (5) WO# Find, (6) Departments and (7) Users features.
|
2002-07-14
|
Double Choco Latte htmlspecialchars XSS
|
|
11330
Description:
Unknown / Incomplete
|
2002-07-12
|
ArGoSoft FTP Server User Password Asterisk Issue
|
