Monthly Archive: July 2001

Ben Spink CrushFTP FTP Server 2.1.6 and earlier allows a local attacker to access arbitrary files via a ‘..’ (dot dot) attack, or variations, in (1) GET, (2) CD, (3) NLST, (4) SIZE, (5)...

Spytech Spynet Chat Server 6.5 allows a remote attacker to create a denial of service (crash) via a large number of connections to port 6387. Date published : 2001-07-27 http://www.securityfocus.com/bid/2701 http://archives.neohapsis.com/archives/bugtraq/2001-05/0051.html

Hughes Technologies Virtual DNS (VDNS) Server 1.0 allows a remote attacker to create a denial of service by connecting to port 6070, sending some data, and closing the connection. Date published : 2001-07-27 http://archives.neohapsis.com/archives/bugtraq/2001-05/0050.html

lpadmin in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first argument to the command. Date published : 2001-07-27 http://archives.neohapsis.com/archives/bugtraq/2001-03/0421.html http://security-archive.merton.ox.ac.uk/bugtraq-200104/0221.html

Buffer overflow in lpforms in SCO OpenServer 5.0-5.0.6 can allow a local attacker to gain additional privileges via a long first argument to the lpforms command. Date published : 2001-07-27 http://archives.neohapsis.com/archives/bugtraq/2001-03/0416.html http://security-archive.merton.ox.ac.uk/bugtraq-200104/0221.html

recon in SCO OpenServer 5.0 through 5.0.6 can allow a local attacker to gain additional privileges via a buffer overflow attack in the first command line argument. Date published : 2001-07-27 http://archives.neohapsis.com/archives/bugtraq/2001-03/0410.html http://security-archive.merton.ox.ac.uk/bugtraq-200104/0221.html

lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a local attacker to gain additional privileges via a buffer overflow attack in the ‘-u’ command line parameter. Date published : 2001-07-27 http://archives.neohapsis.com/archives/bugtraq/2001-03/0407.html http://security-archive.merton.ox.ac.uk/bugtraq-200104/0221.html

Buffer overflow in lpshut in SCO OpenServer 5.0.6 can allow a local attacker to gain additional privileges via a long first argument to lpshut. Date published : 2001-07-27 http://archives.neohapsis.com/archives/bugtraq/2001-03/0404.html http://security-archive.merton.ox.ac.uk/bugtraq-200104/0221.html

The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and other packages have various weaknesses which can allow a remote attacker to obtain the following information via sniffing: (1) password lengths...

Directory traversal vulnerability in the web server for (1) Elron Internet Manager (IM) Message Inspector and (2) Anti-Virus before 3.0.4 allows remote attackers to read arbitrary files via a .. (dot dot) in the...

minicom 1.83.1 and earlier allows a local attacker to gain additional privileges via numerous format string attacks. Date published : 2001-07-27 http://www.securityfocus.com/archive/1/181922 http://marc.info/?l=bugtraq&m=99014300904714&w=2

Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the method return values related to the classes (1) ObjectManager, (2) PropertyManager, and (3) PropertySheet. Date published : 2001-07-27 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000382 http://www.zope.org/Products/Zope/Products/Zope/Products/Zope/Hotfix_2001-02-23

Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker (Zope user) with through-the-web scripting capabilities to alter ZClasses class attributes. Date published : 2001-07-27 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000382 http://www.zope.org/Products/Zope/Products/Zope/Products/Zope/Hotfix_2001-02-23

Cisco Catalyst 2900XL switch allows a remote attacker to create a denial of service via an empty UDP packet sent to port 161 (SNMP) when SNMP is disabled. Date published : 2001-07-27 http://archives.neohapsis.com/archives/bugtraq/2001-05/0040.html https://exchange.xforce.ibmcloud.com/vulnerabilities/6515