Monthly Archive: June 2000

FileMaker Pro 5 Web Companion allows remote attackers to send anonymous or forged email. Date published : 2000-06-15 http://www.filemaker.com/support/webcompanion.html http://www.blueworld.com/blueworld/news/05.01.00-FM5_Security.html

FileMaker Pro 5 Web Companion allows remote attackers to bypass Field-Level database security restrictions via the XML publishing or email capabilities. Date published : 2000-06-15 http://www.filemaker.com/support/webcompanion.html http://www.blueworld.com/blueworld/news/05.01.00-FM5_Security.html

NetStructure 7110 and 7180 have undocumented accounts (servnow, root, and wizard) whose passwords are easily guessable from the NetStructure’s MAC address, which could allow remote attackers to gain root access. Date published : 2000-06-15...

The file transfer component of AOL Instant Messenger (AIM) reveals the physical path of the transferred file to the remote recipient. Date published : 2000-06-15 http://www.securityfocus.com/bid/1180 http://www.securityfocus.com/templates/archive.pike?list=1&msg=002401bfb918$7310d5a0$1ef084ce@karemor.com

The Remote Data Service (RDS) DataFactory component of Microsoft Data Access Components (MDAC) in IIS 3.x and 4.x exposes unsafe methods, which allows remote attackers to execute arbitrary commands. Date published : 2000-06-02 https://www.securityfocus.com/bid/529...

Sendmail allows local users to reinitialize the aliases database via the newaliases command, then cause a denial of service by interrupting Sendmail. Date published : 2000-06-02 http://www.securityfocus.com/bid/857

Buffer overflow in IIS 4.0 allows remote attackers to cause a denial of service via a malformed request for files with .HTR, .IDC, or .STM extensions. Date published : 2000-06-02 http://www.ciac.org/ciac/bulletins/j-048.shtml

Buffer overflow in UnixWare xauto program allows local users to gain root privilege. Date published : 2000-06-02 http://www.securityfocus.com/bid/848

Buffer overflow in CommuniGatePro via a long string to the HTTP configuration port. Date published : 2000-06-02 http://www.securityfocus.com/bid/860 http://marc.info/?l=bugtraq&m=94426440413027&w=2

UnixWare programs that dump core allow a local user to modify files via a symlink attack on the ./core.pid file. Date published : 2000-06-02 http://www.securityfocus.com/bid/851 http://www.securityfocus.com/templates/archive.pike?list=1&msg=19991203020720.13115.qmail@nwcst289.netaddress.usa.net

Solaris arp allows local users to read files via the -f parameter, which lists lines in the file that do not parse properly. Date published : 2000-06-02 http://www.securityfocus.com/bid/837

login in Slackware 7.0 allows remote attackers to identify valid users on the system by reporting an encryption error when an account is locked or does not exist. Date published : 2000-06-02

Ultimate Bulletin Board stores data files in the cgi-bin directory, allowing remote attackers to view the data if an error occurs when the HTTP server attempts to execute the file. Date published : 2000-06-02...

Symantec Mail-Gear 1.0 web interface server allows remote users to read arbitrary files via a .. (dot dot) attack. Date published : 2000-06-02 http://www.securityfocus.com/bid/827 http://www.securityfocus.com/templates/archive.pike?list=1&msg=NCBBKFKDOLAGKIAPMILPCEAFCBAA.labs@ussrback.com