Monthly Archive: March 2001

Directory traversal vulnerability in HIS Auktion 1.62 allows remote attackers to read arbitrary files via a .. (dot dot) in the menue parameter, and possibly execute commands via shell metacharacters. Date published : 2001-03-09...

Directory traversal vulnerability in WebSPIRS 3.1 allows remote attackers to read arbitrary files via a .. (dot dot) attack on the sp.nextform parameter. Date published : 2001-03-09 http://www.securityfocus.com/bid/2362 http://archives.neohapsis.com/archives/bugtraq/2001-02/0217.html

Directory traversal vulnerability in commerce.cgi CGI program allows remote attackers to read arbitrary files via a .. (dot dot) attack in the page parameter. Date published : 2001-03-09 http://www.securityfocus.com/bid/2361 http://www.securityfocus.com/archive/1/162259

Buffer overflow in Shoutcast Distributed Network Audio Server (DNAS) 1.7.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long description. Date published : 2001-03-09 http://archives.neohapsis.com/archives/bugtraq/2001-01/0305.html https://exchange.xforce.ibmcloud.com/vulnerabilities/5965

MicroFocus Cobol 4.1, with the AppTrack feature enabled, installs the mfaslmf directory and the nolicense file with insecure permissions, which allows local users to gain privileges by modifying files. Date published : 2001-03-09 http://www.securityfocus.com/bid/2359...

Directory traversal vulnerability in Soft Lite ServerWorx 3.00 allows remote attackers to read arbitrary files by inserting a .. (dot dot) or … into the requested pathname of an HTTP GET request. Date published...

Directory traversal vulnerability in AOLserver 3.2 and earlier allows remote attackers to read arbitrary files by inserting "…" into the requested pathname, a modified .. (dot dot) attack. Date published : 2001-03-09 http://www.securityfocus.com/bid/2343 http://marc.info/?l=bugtraq&m=98148759123258&w=2

Picserver web server allows remote attackers to read arbitrary files via a .. (dot dot) attack in an HTTP GET request. Date published : 2001-03-09 http://www.securityfocus.com/bid/2339 http://archives.neohapsis.com/archives/bugtraq/2001-02/0073.html

The Postaci frontend for PostgreSQL does not properly filter characters such as semicolons, which could allow remote attackers to execute arbitrary SQL queries via the deletecontact.php program. Date published : 2001-03-09 http://www.securityfocus.com/bid/2230 http://archives.neohapsis.com/archives/bugtraq/2001-01/0287.html

HSWeb 2.0 HTTP server allows remote attackers to obtain the physical path of the server via a request to the /cgi/ directory, which will list the path if directory browsing is enabled. Date published...

Directory traversal vulnerability in SEDUM HTTP Server 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) attack in the HTTP GET request. Date published : 2001-03-09 http://www.securityfocus.com/bid/2335 http://archives.neohapsis.com/archives/bugtraq/2001-02/0064.html

Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows remote attackers to execute arbitrary commands via a long HREF parameter in an EMBED tag. Date published : 2001-03-09 http://www.securityfocus.com/bid/2328 http://marc.info/?l=bugtraq&m=98096678523370&w=2

Buffer overflows in CTRLServer in XMail allows attackers to execute arbitrary commands via the cfgfileget or domaindel functions. Date published : 2001-03-09 http://archives.neohapsis.com/archives/bugtraq/2001-02/0047.html http://xmailserver.org/XMail-Readme.txt

GoodTech FTP server 3.0.1.2.1.0 and earlier allows remote attackers to cause a denial of service via a flood of connections to the server, which causes it to crash. Date published : 2001-03-09 http://www.securityfocus.com/bid/2270 http://archives.neohapsis.com/archives/bugtraq/2001-01/0350.html