Monthly Archive: May 2001

Buffer overflow in shared library ndwfn4.so for iPlanet Web Server (iWS) 4.1, when used as a web listener for Oracle application server 4.0.8.2, allows remote attackers to execute arbitrary commands via a long HTTP...

content.pl script in NCM Content Management System allows remote attackers to read arbitrary contents of the content database by inserting SQL characters into the id parameter. Date published : 2001-05-24 http://www.securityfocus.com/bid/2584 http://archives.neohapsis.com/archives/bugtraq/2001-04/0223.html

Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files via a symlink attack on new ticket files. Date published : 2001-05-24 http://archives.neohapsis.com/archives/bugtraq/2001-03/0078.html http://www.redhat.com/support/errata/RHSA-2001-025.html

REDIPlus program, REDI.exe, stores passwords and user names in cleartext in the StartLog.txt log file, which allows local users to gain access to other accounts. Date published : 2001-05-24 http://www.securityfocus.com/bid/2495 http://archives.neohapsis.com/archives/bugtraq/2001-03/0275.html

Reliant Unix 5.44 and earlier allows remote attackers to cause a denial of service via an ICMP port unreachable packet, which causes Reliant to drop all connections to the source address of the packet....

Buffer overflow in Trend Micro Virus Buster 2001 8.02 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long "From" header. Date published : 2001-05-24 http://marc.info/?l=bugtraq&m=98593642520755&w=2

Samba before 2.2.0 allows local attackers to overwrite arbitrary files via a symlink attack using (1) a printer queue query, (2) the more command in smbclient, or (3) the mput command in smbclient. Date...

Directory traversal vulnerability in JavaServer Web Dev Kit (JSWDK) 1.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP request to the WEB-INF directory. Date published : 2001-05-24...

/opt/JSparm/bin/perfmon program in Solaris allows local users to create arbitrary files as root via the Logging File option in the GUI. Date published : 2001-05-24 http://archives.neohapsis.com/archives/bugtraq/2001-03/0326.html https://exchange.xforce.ibmcloud.com/vulnerabilities/6267

Buffer overflow in tip in Solaris 8 and earlier allows local users to execute arbitrary commands via a long HOME environmental variable. Date published : 2001-05-24 http://www.securityfocus.com/bid/2475 http://archives.neohapsis.com/archives/bugtraq/2001-03/0394.html

nph-maillist.pl allows remote attackers to execute arbitrary commands via shell metacharacters ("`") in the email address. Date published : 2001-05-24 http://www.securityfocus.com/bid/2563 http://www.securityfocus.com/archive/1/175506

Caucho Resin 1.3b1 and earlier allows remote attackers to read source code for Javabean files by inserting a .jsp before the WEB-INF specifier in an HTTP request. Date published : 2001-05-24 http://www.securityfocus.com/bid/2533 http://marc.info/?l=bugtraq&m=98633597813833&w=2

The BAT! mail client allows remote attackers to bypass user warnings of an executable attachment and execute arbitrary commands via an attachment whose file name contains many spaces, which also causes the BAT! to...

Buffer overflow in Silent Runner Collector (SRC) 1.6.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary commands, via a long SMTP HELO command. Date published : 2001-05-24 http://archives.neohapsis.com/archives/bugtraq/2001-03/0454.html