Monthly Archive: February 2000

Hotmail does not properly filter JavaScript code from a user’s mailbox, which allows a remote attacker to execute the code by using hexadecimal codes to specify the javascript: protocol, e.g. jAvascript. Date published :...

The W3C CERN httpd HTTP server allows remote attackers to determine the real pathnames of some commands via a request for a nonexistent URL. Date published : 2000-02-04 http://www.securityfocus.com/bid/936

The June 1999 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the awk command. Date published : 2000-02-04

The October 1998 version of the HP-UX aserver program allows local users to gain privileges by specifying an alternate PATH which aserver uses to find the ps and grep commands. Date published : 2000-02-04

PowerScripts PlusMail CGI program allows remote attackers to execute commands via a password file with improper permissions. Date published : 2000-02-04

IIS 4.0 allows a remote attacker to obtain the real pathname of the document root by requesting non-existent files with .ida or .idq extensions. Date published : 2000-02-04 http://marc.info/?l=bugtraq&m=94770020309953&w=2 http://marc.info/?l=bugtraq&m=94780058006791&w=2

The recover program in Solstice Backup allows local users to restore sensitive files. Date published : 2000-02-04

daynad program in Intel InBusiness E-mail Station does not require authentication, which allows remote attackers to modify its configuration, delete files, or read mail. Date published : 2000-02-04 http://marc.info/?l=bugtraq&m=94704437920965&w=2

CyberCash Merchant Connection Kit (MCK) allows local users to modify files via a symlink attack. Date published : 2000-02-04

WebSite Pro allows remote attackers to determine the real pathname of webdirectories via a malformed URL request. Date published : 2000-02-04

Internet Explorer 5 does not modify the security zone for a document that is being loaded into a window until after the document has been loaded, which could allow remote attackers to execute Javascript...

PHP3 with safe_mode enabled does not properly filter shell metacharacters from commands that are executed by popen, which could allow remote attackers to execute commands. Date published : 2000-02-04 http://www.securityfocus.com/bid/911

Network HotSync program in Handspring Visor does not have authentication, which allows remote attackers to retrieve email and files. Date published : 2000-02-04 http://www.securityfocus.com/bid/920 http://www.security-express.com/archives/bugtraq/2000-01/0085.html

Buffer overflow in Solaris chkperm command allows local users to gain root access via a long -n option. Date published : 2000-02-04 http://www.securityfocus.com/bid/918