Monthly Archive: February 2001

Multiple buffer overflows in splitvt before 1.6.5 allow local users to execute arbitrary commands. Date published : 2001-02-14 http://www.securityfocus.com/bid/2210 http://marc.info/?l=bugtraq&m=97958269320974&w=2

Veritas Backup agent on Linux allows remote attackers to cause a denial of service by establishing a connection without sending any data, which causes the process to hang. Date published : 2001-02-14 http://www.securityfocus.com/bid/2204 http://marc.info/?l=bugtraq&m=97958921407182&w=2

Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers to read source code for parsed pages via a malformed URL that uses the lead-byte of a double-byte character. Date published :...

The presence of the Distributed GL Daemon (dgld) service on port 5232 on SGI IRIX systems allows remote attackers to identify the target host as an SGI system. Date published : 2001-02-02 http://www.kb.cert.org/vuls/id/28027

Two Sun security certificates have been compromised, which could allow attackers to insert malicious code such as applets and make it appear that it is signed by Sun. Date published : 2001-02-02 http://www.cert.org/advisories/CA-2000-19.html http://sunsolve.Sun.COM/pub-cgi/retrieve.pl?doctype=coll&doc=secbull/198&type=0&nav=sec.sba

MDaemon Pro 3.5.1 and earlier allows local users to bypass the "lock server" security setting by pressing the Cancel button at the password prompt, then pressing the enter key. Date published : 2001-02-02 http://www.securityfocus.com/bid/2115...

CoffeeCup Direct and Free FTP clients uses weak encryption to store passwords in the FTPServers.ini file, which could allow attackers to easily decrypt the passwords. Date published : 2001-02-02 http://www.securityfocus.com/bid/2107 https://exchange.xforce.ibmcloud.com/vulnerabilities/5744

"Multiple Users" Control Panel in Mac OS 9 allows Normal users to gain Owner privileges by removing the Users & Groups Data File, which effectively removes the Owner password and allows the Normal user...

Vulnerability in fetchmail 5.5.0-2 and earlier in the AUTHENTICATE GSSAPI command. Date published : 2001-02-02 http://www.redhat.com/support/errata/RHBA-2000-106.html http://www.turbolinux.com/pipermail/tl-security-announce/2000-December/000027.html

Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote attackers to execute arbitrary commands via a long URL that begins with a ".." string. Date published : 2001-02-02 http://www.securityfocus.com/bid/2138 http://archives.neohapsis.com/archives/bugtraq/2000-12/0331.html

The Web interface for Infinite Interchange 3.6.1 allows remote attackers to cause a denial of service (application crash) via a large POST request. Date published : 2001-02-02 http://www.securityfocus.com/bid/2140 http://www.securityfocus.com/archive/1/152403

Vulnerability in telnetd in FreeBSD 1.5 allows local users to gain root privileges by modifying critical environmental variables that affect the behavior of telnetd. Date published : 2001-02-02 ftp://ftp.NetBSD.ORG/pub/NetBSD/misc/security/advisories/NetBSD-SA2000-017.txt.asc

common.inc.php in phpWebLog 0.4.2 does not properly initialize the $CONF array, which inadvertently sets the password to a single character, allowing remote attackers to easily guess the SiteKey and gain administrative privileges to phpWebLog....

itetris/xitetris 1.6.2 and earlier trusts the PATH environmental variable to find and execute the gunzip program, which allows local users to gain root privileges by changing their PATH so that it points to a...