Monthly Archive: February 2000

MS Site Server 2.0 with IIS 4 can allow users to upload content, including ASP, to the target web site, thus allowing them to execute commands remotely. Date published : 2000-02-04 http://marc.info/?l=bugtraq&m=91763097004101&w=2

ControlIT v4.5 and earlier uses weak encryption to store usernames and passwords in an address book. Date published : 2000-02-04

Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution of Visual Basic programs to the IE client through the Word 97 template, which doesn’t warn the user that the template contains executable...

ControlIT 4.5 and earlier (aka Remotely Possible) has weak password encryption. Date published : 2000-02-04

Internet Explorer 4.01 allows remote attackers to read local files and spoof web pages via a "%01" character in an "about:" Javascript URL, which causes Internet Explorer to use the domain specified after the...

Jolt ICMP attack causes a denial of service in Windows 95 and Windows NT systems. Date published : 2000-02-04

Buffer overflow in mstm in HP-UX allows local users to gain root access. Date published : 2000-02-04

HP OpenView Omniback allows remote execution of commands as root via spoofing, and local users can gain root access via a symlink attack. Date published : 2000-02-04

Buffer overflow in Internet Explorer 4.0(1). Date published : 2000-02-04

Linux bdash game has a buffer overflow that allows local users to gain root access. Date published : 2000-02-04

Buffer overflow in xmcd 2.1 allows local users to gain access through a user resource setting. Date published : 2000-02-04

Buffer overflow in Linux su command gives root access to local users. Date published : 2000-02-04

Buffer overflow in HP-UX cstm program allows local users to gain root privileges. Date published : 2000-02-04

buffer overflow in HP xlock program. Date published : 2000-02-04