Monthly Archive: June 2000

Cisco Catalyst 5.4.x allows a user to gain access to the "enable" mode without a password. Date published : 2000-06-02 http://www.securityfocus.com/bid/1122 http://www.cisco.com/warp/public/707/catos-enable-bypass-pub.shtml

Buffer overflow in the dvwssr.dll DLL in Microsoft Visual Interdev 1.0 allows users to cause a denial of service or execute commands, aka the "Link View Server-Side Component" vulnerability. Date published : 2000-06-02 http://www.securityfocus.com/bid/1109...

IIS 4.0 and 5.0 allows remote attackers to cause a denial of service by sending many URLs with a large number of escaped characters, aka the "Myriad Escaped Characters" Vulnerability. Date published : 2000-06-02...

IIS 4.0 and 5.0 does not properly perform ISAPI extension processing if a virtual directory is mapped to a UNC share, which allows remote attackers to read the source code of ASP and other...

Vulnerability in SGI IRIX objectserver daemon allows remote attackers to create user accounts. Date published : 2000-06-02 http://www.securityfocus.com/bid/1079 http://www.securityfocus.com/templates/archive.pike?list=1&msg=200003290852.aa27218@blaze.arl.mil

Buffer overflow in the huh program in the orville-write package allows local users to gain root privileges. Date published : 2000-06-02 http://www.securityfocus.com/bid/1070 ftp://ftp.FreeBSD.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00:10-orville-write.asc

The default configuration of Cobalt RaQ2 and RaQ3 as specified in access.conf allows remote attackers to view sensitive contents of a .htaccess file. Date published : 2000-06-02 http://www.securityfocus.com/bid/1083 http://www.securityfocus.com/templates/archive.pike?list=1&msg=20000330220757.28456.qmail@securityfocus.com

SuSE Linux IMAP server allows remote attackers to bypass IMAP authentication and gain privileges. Date published : 2000-06-02 http://archives.neohapsis.com/archives/vendor/2000-q1/0035.html

Microsoft TCP/IP Printing Services, aka Print Services for Unix, allows an attacker to cause a denial of service via a malformed TCP/IP print request. Date published : 2000-06-02 http://www.securityfocus.com/bid/1082 http://archives.neohapsis.com/archives/bugtraq/2000-03/0306.html

Linux kreatecd trusts a user-supplied path that is used to find the cdrecord program, allowing local users to gain root privileges. Date published : 2000-06-02 http://www.securityfocus.com/bid/1061 http://archives.neohapsis.com/archives/bugtraq/2000-03/0162.html

Buffer overflow in imwheel allows local users to gain root privileges via the imwheel-solo script and a long HOME environmental variable. Date published : 2000-06-02 http://www.securityfocus.com/bid/1060 http://archives.neohapsis.com/archives/bugtraq/2000-03/0168.html

gpm-root in the gpm package does not properly drop privileges, which allows local users to gain privileges by starting a utility from gpm-root. Date published : 2000-06-02 http://www.securityfocus.com/bid/1069 http://archives.neohapsis.com/archives/bugtraq/2000-03/0242.html

Microsoft Windows Media License Manager allows remote attackers to cause a denial of service by sending a malformed request that causes the manager to halt, aka the "Malformed Media License Request" Vulnerability. Date published...

IIS 4.0 allows attackers to cause a denial of service by requesting a large buffer in a POST or PUT command which consumes memory, aka the "Chunked Transfer Encoding Buffer Overflow Vulnerability." Date published...