Monthly Archive: March 2001

newsdesk.cgi in News Desk 1.2 allows remote attackers to read arbitrary files via shell metacharacters. Date published : 2001-03-09 http://archives.neohapsis.com/archives/bugtraq/2001-01/0042.html

Directory traversal vulnerability in newsdesk.cgi in News Desk 1.2 allows remote attackers to read arbitrary files via a .. in the "t" parameter. Date published : 2001-03-09 http://www.securityfocus.com/bid/2172 http://archives.neohapsis.com/archives/bugtraq/2001-01/0042.html

Chili!Soft ASP for Linux before 3.6 does not properly set group privileges when running in inherited mode, which could allow attackers to gain privileges via malicious scripts. Date published : 2001-03-09 http://archives.neohapsis.com/archives/bugtraq/2001-02/0112.html

Directory traversal vulnerability in GoAhead web server 2.1 and earlier allows remote attackers to read arbitrary files via a .. attack in an HTTP GET request. Date published : 2001-03-09 http://archives.neohapsis.com/archives/bugtraq/2001-02/0022.html http://freecode.com/projects/embedthis-goahead-webserver/releases/343539

Buffer overflow in BiblioWeb web server 2.0 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a long HTTP GET request. Date published : 2001-03-09 http://archives.neohapsis.com/archives/bugtraq/2001-02/0075.html

Directory traversal vulnerability in BiblioWeb web server 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) or … attack in an HTTP GET request. Date published : 2001-03-09 http://archives.neohapsis.com/archives/bugtraq/2001-02/0075.html

fortran math component in Infobot 0.44.5.3 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters. Date published : 2001-03-09 http://www.securityfocus.com/bid/2349 http://archives.neohapsis.com/archives/bugtraq/2001-02/0127.html

Muscat Empower CGI program allows remote attackers to obtain the absolute pathname of the server via an invalid request in the DB parameter. Date published : 2001-03-09 http://www.securityfocus.com/bid/2374 http://archives.neohapsis.com/archives/bugtraq/2001-02/0216.html

Buffer overflow in wwwwais allows remote attackers to execute arbitrary commands via a long QUERY_STRING (HTTP GET request). Date published : 2001-03-09 http://marc.info/?l=bugtraq&m=97984174724339&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/5980

Buffer overflow in ja-elvis and ko-helvis ports of elvis allow local users to gain root privileges. Date published : 2001-03-09 http://archives.neohapsis.com/archives/freebsd/2001-02/0082.html

Directory traversal vulnerability in PALS Library System pals-cgi program allows remote attackers to read arbitrary files via a .. (dot dot) in the documentName parameter. Date published : 2001-03-09 http://www.securityfocus.com/bid/2372 http://archives.neohapsis.com/archives/bugtraq/2001-02/0220.html

PALS Library System pals-cgi program allows remote attackers to execute arbitrary commands via shell metacharacters in the documentName parameter. Date published : 2001-03-09 http://www.securityfocus.com/bid/2372 http://archives.neohapsis.com/archives/bugtraq/2001-02/0220.html

Way-board CGI program allows remote attackers to read arbitrary files by specifying the filename in the db parameter and terminating the filename with a null byte. Date published : 2001-03-09 http://www.securityfocus.com/bid/2370 http://archives.neohapsis.com/archives/bugtraq/2001-02/0212.html

Buffer overflow in pi program in PlanetIntra 2.5 allows remote attackers to execute arbitrary commands. Date published : 2001-03-09 http://archives.neohapsis.com/archives/bugtraq/2001-01/0421.html https://exchange.xforce.ibmcloud.com/vulnerabilities/6002