Monthly Archive: April 2001

Buffer overflow in QNX RTP 5.60 allows remote attackers to cause a denial of service and possibly execute arbitrary commands via a large number of arguments to the stat command. Date published : 2001-04-04...

Windows 98 and Windows 2000 Java clients allow remote attackers to cause a denial of service via a Java applet that opens a large number of UDP sockets, which prevents the host from establishing...

The ICMP path MTU (PMTU) discovery feature in various UNIX systems allows remote attackers to cause a denial of service by spoofing "ICMP Fragmentation needed but Don’t Fragment (DF) set" packets between two target...

MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, allows remote attackers to cause a denial of service (application crash) via a script that creates and deletes an object that is associated with...

bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote attackers to read arbitrary files and gain PHP administrator privileges by inserting a null character and .. (dot dot) sequences into a malformed username argument. Date...

The locking feature in mIRC 5.7 allows local users to bypass the password mechanism by modifying the LockOptions registry key. Date published : 2001-04-04 http://marc.info/?l=bugtraq&m=98053777917287&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/6013

Buffer overflow in www.tol module in America Online (AOL) 5.0 may allow remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long URL in a link. Date published...

Borderware Firewall Server 6.1.2 allows remote attackers to cause a denial of service via a ping to the broadcast address of the public network on which the server is placed, which causes the server...

IBM WebSphere plugin for Netscape Enterprise server allows remote attackers to read source code for JSP files via an HTTP request that contains a host header that references a host that is not in...

UploadServlet in Bajie HTTP JServer 0.78, and possibly other versions before 0.80, allows remote attackers to execute arbitrary commands by calling the servlet to upload a program, then using a … (modified ..) to...

Bajie HTTP JServer 0.78, and other versions before 0.80, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP request for a CGI program that does not exist. Date published :...

Directory traversal vulnerability in ITAfrica WEBactive HTTP Server 1.00 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL. Date published : 2001-04-04 http://www.securityfocus.com/bid/2386 http://archives.neohapsis.com/archives/bugtraq/2001-02/0332.html

Directory traversal vulnerability in store.cgi in Thinking Arts ES.One package allows remote attackers to read arbitrary files via a .. (dot dot) in the StartID parameter. Date published : 2001-04-04 http://www.securityfocus.com/bid/2385 http://archives.neohapsis.com/archives/bugtraq/2001-02/0324.html

Directory traversal vulnerability in Caucho Resin 1.2.2 allows remote attackers to read arbitrary files via a ".." (dot dot) in a URL request. Date published : 2001-04-04 http://www.securityfocus.com/bid/2384 http://marc.info/?l=bugtraq&m=98229372610440&w=2