Monthly Archive: July 2001

CVE-2001-0633

Directory traversal vulnerability in Sun Chili!Soft ASP on multiple Unixes allows a remote attacker to read arbitrary files above the web root via a ‘..’ (dot dot) attack in the sample script ‘codebrws.asp’. Date...

CVE-2001-0632

Sun Chili!Soft 3.5.2 on Linux and 3.6 on AIX creates a default admin username and password in the default installation, which can allow a remote attacker to gain additional privileges. Date published : 2001-07-27...

CVE-2001-0623

sendfiled, as included with Simple Asynchronous File Transfer (SAFT), on various Linux systems does not properly drop privileges when sending notification emails, which allows local attackers to gain privileges. Date published : 2001-07-27 http://www.debian.org/security/2001/dsa-050...

CVE-2001-0620

iPlanet Calendar Server 5.0p2 and earlier allows a local attacker to gain access to the Netscape Admin Server (NAS) LDAP database and read arbitrary files by obtaining the cleartext administrator username and password from...

CVE-2001-0619

The Lucent Closed Network protocol can allow remote attackers to join Closed Network networks which they do not have access to. The ‘Network Name’ or SSID, which is used as a shared secret to...

CVE-2001-0618

Orinoco RG-1000 wireless Residential Gateway uses the last 5 digits of the ‘Network Name’ or SSID as the default Wired Equivalent Privacy (WEP) encryption key. Since the SSID occurs in the clear during communications,...

CVE-2001-0617

Allied Telesyn AT-AR220e cable/DSL router firmware 1.08a RC14 with the portmapper and the ‘Virtual Server’ enabled can allow a remote attacker to gain access to mapped services even though the single portmappings may be...

CVE-2001-0609

Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier allows a remote attacker to gain additional privileges via a malformed ident reply that is passed to the syslog function. Date published : 2001-07-27 http://www.securityfocus.com/bid/2576...

CVE-2001-0608

HP architected interface facility (AIF) as includes with MPE/iX 5.5 through 6.5 running on a HP3000 allows an attacker to gain additional privileges and gain access to databases via the AIF – AIFCHANGELOGON program....

CVE-2001-0607

asecure as included with HP-UX 10.01 through 11.00 can allow a local attacker to create a denial of service and gain additional privileges via unsafe permissions on the asecure program, a different vulnerability than...