Monthly Archive: February 2001

Sample runnable code snippets in ColdFusion Server 4.0 allow remote attackers to read files, conduct a denial of service, or use the server as a proxy for other HTTP calls. Date published : 2001-02-14...

Novell NetWare Transaction Tracking System (TTS) in Novell 4.11 and earlier allows remote attackers to cause a denial of service via a large number of requests. Date published : 2001-02-14 http://archives.neohapsis.com/archives/bugtraq/1999_2/0439.html https://exchange.xforce.ibmcloud.com/vulnerabilities/2184

Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed string to the listener port, aka NERP. Date published : 2001-02-14 http://archives.neohapsis.com/archives/bugtraq/1998_4/0764.html http://archives.neohapsis.com/archives/bugtraq/1999_1/0056.html

The ColdFusion CFCRYPT program for encrypting CFML templates has weak encryption, allowing attackers to decrypt the templates. Date published : 2001-02-14 http://www.allaire.com/handlers/index.cfm?ID=10969&Method=Full https://exchange.xforce.ibmcloud.com/vulnerabilities/2208

ptylogin in Unix systems allows users to perform a denial of service by locking out modems, dial out with that modem, or obtain passwords. Date published : 2001-02-14

cron in OpenBSD 2.5 allows local users to gain root privileges via an argv[] that is not NULL terminated, which is passed to cron’s fake popen function. Date published : 2001-02-14 http://www.openbsd.org/errata25.html#cron

The default installation of Ultraboard 2000 2.11 creates the Skins, Database, and Backups directories with world-writeable permissions, which could allow local users to modify sensitive information or possibly insert and execute CGI programs. Date...

Buffer overflow in cpqlogin.htm in web-enabled agents for various Compaq management software products such as Insight Manager and Management Agents allows remote attackers to execute arbitrary commands via a long user name. Date published...

The web administration interface for Interscan VirusWall 3.6.x and earlier does not use encryption, which could allow remote attackers to obtain the administrator password to sniff the administrator password via the setpasswd.cgi program or...

Interscan VirusWall 3.6.x and earlier follows symbolic links when uninstalling the product, which allows local users to overwrite arbitrary files via a symlink attack. Date published : 2001-02-14 http://www.securityfocus.com/bid/2213 http://archives.neohapsis.com/archives/bugtraq/2001-01/0235.html

htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local users to overwrite arbitrary files via a symlink attack. Date published : 2001-02-14 http://www.securityfocus.com/bid/2182 http://marc.info/?l=bugtraq&m=97916374410647&w=2

Buffer overflow in Olivier Debon Flash plugin (not the Macromedia plugin) allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long DefineSound tag. Date published : 2001-02-14...

statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite arbitrary files via the cgidir parameter. Date published : 2001-02-14 http://www.securityfocus.com/bid/2211 http://archives.neohapsis.com/archives/bugtraq/2001-01/0248.html

statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to execute arbitrary commands via the mostbrowsers parameter, whose value is used as part of a generated Perl script. Date published : 2001-02-14 http://www.securityfocus.com/bid/2211 http://archives.neohapsis.com/archives/bugtraq/2001-01/0248.html