Minicom 1.82.1 and earlier on some Linux systems allows local users to create arbitrary files owned by the uucp user via a symlink attack. Date published : 2001-01-22 http://www.securityfocus.com/bid/1599 http://www.securityfocus.com/archive/1/77361
The CVS 1.10.8 client trusts pathnames that are provided by the CVS server, which allows the server to force the client to create arbitrary files. Date published : 2001-01-22 http://www.securityfocus.com/bid/1523 http://www.securityfocus.com/frames/?content=/templates/archive.pike%3Flist%3D1%26msg%3Dhvou2daoebb.fsf%40serein.m17n.org
The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the...
SmartFTP Daemon 0.2 allows a local user to access arbitrary files by uploading and specifying an alternate user configuration file via a .. (dot dot) attack. Date published : 2001-01-22 http://www.securityfocus.com/bid/1344 http://archives.neohapsis.com/archives/bugtraq/2000-06/0100.html
Tigris remote access server before 11.5.4.22 does not properly record Radius accounting information when a user fails the initial login authentication but subsequently succeeds. Date published : 2001-01-22 http://www.securityfocus.com/bid/1345 http://archives.neohapsis.com/archives/bugtraq/2000-06/0104.html
Buffer overflow in the logging feature of EServ 2.9.2 and earlier allows an attacker to execute arbitrary commands via a long MKD command. Date published : 2001-01-22 http://www.securityfocus.com/bid/1315 http://archives.neohapsis.com/archives/bugtraq/2000-06/0009.html
Unify eWave ServletExec allows a remote attacker to view source code of a JSP program by requesting a URL which provides the JSP extension in upper case. Date published : 2001-01-22 http://www.securityfocus.com/bid/1328 http://archives.neohapsis.com/archives/ntbugtraq/2000-q2/0250.html
Buffer overflow in ITHouse mail server 1.04 allows remote attackers to execute arbitrary commands via a long RCPT TO mail command. Date published : 2001-01-22 http://www.securityfocus.com/bid/1285 http://archives.neohapsis.com/archives/win2ksecadvice/2000-q2/0148.html
ATRIUM Cassandra NNTP Server 1.10 allows remote attackers to cause a denial of service via a long login name. Date published : 2001-01-22 http://www.securityfocus.com/bid/1156 http://marc.info/?l=ntbugtraq&m=95736106504870&w=2
fcheck allows local users to gain privileges by embedding shell metacharacters into file names that are processed by fcheck. Date published : 2001-01-22 http://www.securityfocus.com/bid/1086 http://archives.neohapsis.com/archives/bugtraq/current/0011.html
The Adtran MX2800 M13 Multiplexer allows remote attackers to cause a denial of service via a ping flood to the Ethernet interface, which causes the device to crash. Date published : 2001-01-22 http://www.securityfocus.com/bid/1129 http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.10004190908140.32750-100000@localhost.localdomain
The BizDB CGI script bizdb-search.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the dbname parameter. Date published : 2001-01-22 http://www.securityfocus.com/bid/1104 http://archives.neohapsis.com/archives/bugtraq/2000-04/0058.html
The default installation of IRIX Performance Copilot allows remote attackers to access sensitive system information via the pmcd daemon. Date published : 2001-01-22 http://www.securityfocus.com/bid/1106 http://archives.neohapsis.com/archives/bugtraq/2000-04/0056.html
The SalesLogix Eviewer allows remote attackers to cause a denial of service by accessing the URL for the slxweb.dll administration program, which does not authenticate the user. Date published : 2001-01-22 http://www.securityfocus.com/bid/1089 http://archives.neohapsis.com/archives/bugtraq/current/0006.html