[CLOSE] OSVDB ID : 59809 - Disclosed: 2003-01-31

Description:

(Description Provided by CVE) : Secure Internet Live Conferencing (SILC) 0.9.11 and 0.9.12 stores passwords and sessions in plaintext in memory, which could allow local users to obtain sensitive information.

[CLOSE] OSVDB ID : 60272 - Disclosed: 2003-01-31

Description:

(Description Provided by CVE) : SpamProbe 0.8a allows remote attackers to cause a denial of service (crash) via HTML e-mail with newline characters within an href tag, which is not properly handled by certain regular expressions.

[CLOSE] OSVDB ID : 20143 - Disclosed: 2003-01-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 7117 - Disclosed: 2003-01-30

Description:

A remote overflow exists in Windows. The RPC Locator service fails to validate search requests resulting in a stack overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 3592 - Disclosed: 2003-01-29

Description:

dotProject contains a flaw that allows a remote attacker to include arbitrary files. The issue is due to numerous scripts that call the classdefs/date.php script without defining or restricting the $root_dir variable. This allows an attacker to set the variable to an arbitrary server/path/file name which may include malicious commands that would be executed on the vulnerable server.

[CLOSE] OSVDB ID : 13809 - Disclosed: 2003-01-29

Description:

(Description Provided by CVE) : Format string vulnerability in mpmain.c for plpnfsd of the plptools package allows remote attackers to execute arbitrary code via the functions (1) debuglog, (2) errorlog, and (3) infolog.

[CLOSE] OSVDB ID : 34670 - Disclosed: 2003-01-29

Description:

WU-FTPD contains a flaw that may allow a remote attacker to cause a Denial of Service condition. The issue occurs when WU-FTPD is compiled on certain unspecified operating systems that limit non-connected socket binds to the same local address. In such a situation, a remote attacker can exhaust the connection resources preventing further legitimate connections.

[CLOSE] OSVDB ID : 19786 - Disclosed: 2003-01-28

Description:

(Description Provided by CVE) : X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and JRE 1.4.0 through 1.4.0_01, (2) JSSE before 1.0.3, (3) Java Plug-in SDK and JRE 1.3.0 through 1.4.1, and (4) Java Web Start 1.0 through 1.2 incorrectly calls the isClientTrusted method when determining server trust, which results in improper validation of digital certificate and allows remote attackers to (1) falsely authenticate peers for SSL or (2) incorrectly validate signed JAR files.

[CLOSE] OSVDB ID : 4887 - Disclosed: 2003-01-28

Description:

(Description Provided by CVE) : Unknown vulnerability in the chk_trans.c of the libkrb5 library for MIT Kerberos V5 before 1.2.5 allows users from one realm to impersonate users in other realms that have the same inter-realm keys.

[CLOSE] OSVDB ID : 20090 - Disclosed: 2003-01-28

Description:

(Description Provided by CVE) : BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passwords in plaintext when a keystore is used to store a private key or trust certificate authorities, which allows local users to gain access.

[CLOSE] OSVDB ID : 4879 - Disclosed: 2003-01-28

Description:

MIT Kerberos Key Distribution Center (KDC) contains a flaw that may allow a remote attacker to crash the service and possibly execute arbitrary code. The issue is due to format string flaws in the logging routines and Kerberos principal name specifiers of the KDC. If an attacker provides a specially crafted request, they can crash the service or execute arbitrary code with the same privilege the server runs under.

[CLOSE] OSVDB ID : 4896 - Disclosed: 2003-01-28

Description:

A remote overflow exists in MIT Kerberos 5. The ASN.1 decoder fails to properly sanitize user suplied input resulting in heap corruption. If an attacker sends a specially crafted packet with a negative length value, they may cause the services to crash resulting in a loss of availability.

[CLOSE] OSVDB ID : 4898 - Disclosed: 2003-01-28

Description:

Various FTP clients contain a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered due to an input validation error in the ftp client when handling filenames. By sending a specially crafted filename beginning with a pipe character ("|") a malicous user could execute arbitrary code resulting in a loss of integrity.

[CLOSE] OSVDB ID : 7685 - Disclosed: 2003-01-28

Description:

(Description Provided by CVE) : SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.

[CLOSE] OSVDB ID : 7686 - Disclosed: 2003-01-28

Description:

AbsoluteTelnet SSH2 Client contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to plaintext passwords stored in memory when a search of memery is performed, which may lead to a loss of confidentiality.

[CLOSE] OSVDB ID : 7687 - Disclosed: 2003-01-28

Description:

(Description Provided by CVE) : PuTTY 0.53b and earlier does not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.

[CLOSE] OSVDB ID : 7688 - Disclosed: 2003-01-28

Description:

(Description Provided by CVE) : SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2.1.2 and 2.0.4, and (3) Entunnel 1.0.2 and earlier, do not clear logon credentials from memory, including plaintext passwords, which could allow attackers with access to memory to steal the SSH credentials.

[CLOSE] OSVDB ID : 58669 - Disclosed: 2003-01-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 60386 - Disclosed: 2003-01-28

Description:

(Description Provided by CVE) : Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, when using in-memory session replication or replicated stateful session beans, causes the same buffer to be provided to two users, which could allow one user to see session data that was intended for another user.

[CLOSE] OSVDB ID : 91765 - Disclosed: 2003-01-28

Description:

dpkg contains a flaw when handling the -b argument as the program creates temporary files insecurely. It is possible for a local attacker to use a symlink attack against the dpkg-source file to cause the program to unexpectedly overwrite an arbitrary file.

[CLOSE] OSVDB ID : 15143 - Disclosed: 2003-01-27

Description:

(Description Provided by CVE) : Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 through 9 allows remote attackers to cause a denial of service (temporary FTP server hang), which affects other active mode FTP clients.

[CLOSE] OSVDB ID : 15142 - Disclosed: 2003-01-27

Description:

(Description Provided by CVE) : A race condition in the at command for Solaris 2.6 through 9 allows local users to delete arbitrary files via the -r argument with .. (dot dot) sequences in the job name, then modifying the directory structure after at checks permissions to delete the file and before the deletion actually takes place.

[CLOSE] OSVDB ID : 58499 - Disclosed: 2003-01-27

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Nuked-Klan 1.2b allow remote attackers to inject arbitrary HTML or web script via (1) the Author field in the Guestbook module, (2) the Titre or Pseudo fields in the Forum module, or (3) "La Tribune Libre" in the Shoutbox module.

[CLOSE] OSVDB ID : 58500 - Disclosed: 2003-01-27

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Nuked-Klan 1.2b allow remote attackers to inject arbitrary HTML or web script via (1) the Author field in the Guestbook module, (2) the Titre or Pseudo fields in the Forum module, or (3) "La Tribune Libre" in the Shoutbox module.

[CLOSE] OSVDB ID : 58501 - Disclosed: 2003-01-27

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Nuked-Klan 1.2b allow remote attackers to inject arbitrary HTML or web script via (1) the Author field in the Guestbook module, (2) the Titre or Pseudo fields in the Forum module, or (3) "La Tribune Libre" in the Shoutbox module.

[CLOSE] OSVDB ID : 4820 - Disclosed: 2003-01-27

Description:

ThWboard contains a flaw that may allow arbitrary data to be deleted. The issue is due to a flaw in the pm.php script. No further details have been provided.

[CLOSE] OSVDB ID : 4821 - Disclosed: 2003-01-27

Description:

ThWboard contains a flaw that may allow arbitrary data to be deleted. The issue is due to a flaw in the postops.php script. No further details have been provided.

[CLOSE] OSVDB ID : 13487 - Disclosed: 2003-01-27

Description:

(Description Provided by CVE) : Buffer overflows in noffle news server 1.0.1 and earlier allow remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code.

[CLOSE] OSVDB ID : 14559 - Disclosed: 2003-01-27

Description:

(Description Provided by CVE) : Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code (1) via a long attachment filename that is not properly handled by the hypermail executable, or (2) by connecting to the mail CGI program from an IP address that reverse-resolves to a long hostname.

[CLOSE] OSVDB ID : 14560 - Disclosed: 2003-01-27

Description:

(Description Provided by CVE) : Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote attackers to cause a denial of service and possibly execute arbitrary code (1) via a long attachment filename that is not properly handled by the hypermail executable, or (2) by connecting to the mail CGI program from an IP address that reverse-resolves to a long hostname.

[CLOSE] OSVDB ID : 40806 - Disclosed: 2003-01-27

Description:

(Description Provided by CVE) : PHP remote file inclusion vulnerability in nukebrowser.php in Nukebrowser 2.1 to 2.5 allows remote attackers to execute arbitrary PHP code via the filhead parameter.

[CLOSE] OSVDB ID : 59615 - Disclosed: 2003-01-27

Description:

(Description Provided by CVE) : ProxyView has a default administrator password of Administrator for Embedded Windows NT, which allows remote attackers to gain access.

[CLOSE] OSVDB ID : 3593 - Disclosed: 2003-01-26

Description:

dotProject contains a flaw that allows a remote attacker to read arbitrary files. The issue is due to the core.php script calling the classdefs/date.php script without defining or restricting the $root_dir variable. This allows an attacker to set the variable to an arbitrary file or directory, terminate the request with %00, and have the file displayed.

[CLOSE] OSVDB ID : 9203 - Disclosed: 2003-01-25

Description:

Jakarta Tomcat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple variables in examples applications. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 9204 - Disclosed: 2003-01-25

Description:

Jakarta Tomcat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple variables in "ROOT" application. No further description is available. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 12231 - Disclosed: 2003-01-25

Description:

Jakarta Tomcat contains a flaw that may lead to an unauthorized information disclosure. The issue is due to an error when using trusted privileges to process the web.xml file. This flaw may allow a remote attacker to use web.xml to read arbitrary files in the web server, resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 12232 - Disclosed: 2003-01-25

Description:

(Description Provided by CVE) : Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.

[CLOSE] OSVDB ID : 59446 - Disclosed: 2003-01-25

Description:

FTLS.org Guestbook contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'comment', 'name', or 'title' parameters upon submission to the 'guestbook.cgi' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 53674 - Disclosed: 2003-01-24

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 56290 - Disclosed: 2003-01-24

Description:

(Description Provided by CVE) : Directory traversal vulnerability in edittag.cgi in EditTag 1.1 allows remote attackers to read arbitrary files via a "%2F.." (encoded slash dot dot) in the file parameter.