Monthly Archive: July 2000

The CIFS Computer Browser service on Windows NT 4.0 allows a remote attacker to cause a denial of service by sending a large number of host announcement requests to the master browse tables, aka...

The Mixed Mode authentication capability in Microsoft SQL Server 7.0 stores the System Administrator (sa) account in plaintext in a log file which is readable by any user, aka the "SQL Server 7.0 Service...

Buffer overflow in MDaemon POP server allows remote attackers to cause a denial of service via a long user name. Date published : 2000-07-12 http://www.securityfocus.com/bid/1250 http://archives.neohapsis.com/archives/bugtraq/2000-05/0301.html

Buffer overflow in wconsole.dll in Rockliffe MailSite Management Agent allows remote attackers to execute arbitrary commands via a long query_string parameter in the HTTP GET request. Date published : 2000-07-12 http://www.securityfocus.com/bid/1244 http://archives.neohapsis.com/archives/bugtraq/2000-05/0286.html

The EMURL web-based email account software encodes predictable identifiers in user session URLs, which allows a remote attacker to access a user’s email account. Date published : 2000-07-12 http://www.securityfocus.com/bid/1203 http://archives.neohapsis.com/archives/bugtraq/2000-05/0160.html

The add.exe program in the Carello shopping cart software allows remote attackers to duplicate files on the server, which could allow the attacker to read source code for web scripts such as .ASP files....

Buffer overflow in CProxy 3.3 allows remote users to cause a denial of service via a long HTTP request. Date published : 2000-07-12 http://www.securityfocus.com/bid/1213 http://www.securityfocus.com/templates/archive.pike?list=1&msg=007d01bfbf48$e44f0e40$01dc11ac@peopletel.org

NetProwler 3.0 allows remote attackers to cause a denial of service by sending malformed IP packets that trigger NetProwler’s Man-in-the-Middle signature. Date published : 2000-07-12 http://www.securityfocus.com/bid/1225 http://marc.info/?l=bugtraq&m=95878603510835&w=2

The KDE kscd program does not drop privileges when executing a program specified in a user’s SHELL environmental variable, which allows the user to gain privileges by specifying an alternate program to execute. Date...

Buffer overflow in ksu in Kerberos 5 allows local users to gain root privileges. Date published : 2000-07-12 http://www.securityfocus.com/bid/1220 http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html

Buffer overflow in krshd in Kerberos 5 allows remote attackers to gain root privileges. Date published : 2000-07-12 http://www.securityfocus.com/bid/1220 http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html

Buffer overflow in krb425_conv_principal function in Kerberos 5 allows remote attackers to gain root privileges. Date published : 2000-07-12 http://www.securityfocus.com/bid/1220 http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html

Buffer overflow in krb_rd_req function in Kerberos 4 and 5 allows remote attackers to gain root privileges. Date published : 2000-07-12 http://www.securityfocus.com/bid/1220 http://archives.neohapsis.com/archives/bugtraq/2000-05/0184.html

Buffer overflow in FreeBSD libmytinfo library allows local users to execute commands via a long TERMCAP environmental variable. Date published : 2000-07-12 http://www.securityfocus.com/bid/1185 ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-00%3A17.libmytinfo.asc