Monthly Archive: January 2001

Compaq Easy Access Keyboard software 1.3 does not properly disable access to custom buttons when the screen is locked, which could allow an attacker to gain privileges or execute programs without authorization. Date published...

CGI Script Center News Update 1.1 does not properly validate the original news administration password during a password change operation, which allows remote attackers to modify the password without knowing the original password. Date...

Buffer overflow in bftp daemon (bftpd) 1.0.11 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long USER command. Date published : 2001-01-22 http://www.securityfocus.com/bid/1858 http://archives.neohapsis.com/archives/bugtraq/2000-10/0397.html

The CiWebHitsFile component in Microsoft Indexing Services for Windows 2000 allows remote attackers to conduct a cross site scripting (CSS) attack via a CiRestriction parameter in a .htw request, aka the "Indexing Services Cross...

Kootenay Web KW Whois 1.0 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "whois" parameter. Date published : 2001-01-22 http://www.securityfocus.com/bid/1883 http://archives.neohapsis.com/archives/bugtraq/2000-10/0420.html

Samba Web Administration Tool (SWAT) in Samba 2.0.7 supplies a different error message when a valid username is provided versus an invalid name, which allows remote attackers to identify valid users on the server....

Samba Web Administration Tool (SWAT) in Samba 2.0.7 does not log login attempts in which the username is correct but the password is wrong, which allows remote attackers to conduct brute force password guessing...

Samba Web Administration Tool (SWAT) in Samba 2.0.7 installs the cgi.log logging file with world readable permissions, which allows local users to read sensitive information such as user names and passwords. Date published :...

Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows local users to overwrite arbitrary files via a symlink attack on the cgi.log file. Date published : 2001-01-22 http://www.securityfocus.com/bid/1872 http://archives.neohapsis.com/archives/bugtraq/2000-10/0430.html

Glint in Red Hat Linux 5.2 allows local users to overwrite arbitrary files and cause a denial of service via a symlink attack. Date published : 2001-01-22 http://www.securityfocus.com/bid/1703 http://www.redhat.com/support/errata/RHSA-2000-062.html

The Input Method Editor (IME) in the Simplified Chinese version of Windows 2000 does not disable access to privileged functionality that should normally be restricted, which allows local users to gain privileges, aka the...

MAILsweeper for SMTP 3.x does not properly handle corrupt CDA documents in a ZIP file and hangs, which allows remote attackers to cause a denial of service. Date published : 2001-01-22 http://archives.neohapsis.com/archives/ntbugtraq/2000-q3/0181.html https://exchange.xforce.ibmcloud.com/vulnerabilities/5641

Pegasus Mail 3.12 allows remote attackers to read arbitrary files via an embedded URL that calls the mailto: protocol with a -F switch. Date published : 2001-01-22 http://www.securityfocus.com/bid/1738 http://archives.neohapsis.com/archives/bugtraq/2000-10/0039.html

Microsoft Windows Media Player 7 allows attackers to cause a denial of service in RTF-enabled email clients via an embedded OCX control that is not closed properly, aka the "OCX Attachment" vulnerability. Date published...