a1disp.cgi program in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to execute commands via a specially crafted URL which includes shell metacharacters. Date published : 2001-07-27 http://www.securityfocus.com/bid/2705 http://archives.neohapsis.com/archives/bugtraq/2001-05/0047.html
Directory traversal vulnerability in Drummond Miles A1Stats prior to 1.6 allows a remote attacker to read arbitrary files via a ‘..’ (dot dot) attack in (1) a1disp2.cgi, (2) a1disp3.cgi, or (3) a1disp4.cgi. Date published...
T. Hauck Jana Webserver 1.46 and earlier allows a remote attacker to view arbitrary files via a ‘..’ (dot dot) attack which is URL encoded (%2e%2e). Date published : 2001-07-27 http://www.securityfocus.com/bid/2703 http://archives.neohapsis.com/archives/bugtraq/2001-05/0086.html
The Nirvana Editor (NEdit) 5.1.1 and earlier allows a local attacker to overwrite other users’ files via a symlink attack on (1) backup files or (2) temporary files used when nedit prints a file...
ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote attacker to read world-readable files via a .. (dot dot) attack through (1) the SITEWare Editor’s Desktop or (2) the template parameter in SWEditServlet. Date...
Multiple buffer overflows in RADIUS daemon radiusd in (1) Merit 3.6b and (2) Lucent 2.1-2 RADIUS allow remote attackers to cause a denial of service or execute arbitrary commands. Date published : 2001-07-27 http://www.securityfocus.com/bid/2989...
eEye SecureIIS versions 1.0.3 and earlier does not perform length checking on individual HTTP headers, which allows a remote attacker to send arbitrary length strings to IIS, contrary to an advertised feature of SecureIIS...
eEye SecureIIS versions 1.0.3 and earlier allows a remote attacker to bypass filtering of requests made to SecureIIS by escaping HTML characters within the request, which could allow a remote attacker to use restricted...
Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent HTML SCRIPT filtering via the UNICODE encoding of SCRIPT tags within the HTML document. Date published : 2001-07-27 http://archives.neohapsis.com/archives/bugtraq/2001-05/0285.html https://exchange.xforce.ibmcloud.com/vulnerabilities/6580
Aladdin eSafe Gateway versions 3.0 and earlier allows a remote attacker to circumvent filtering of SCRIPT tags by embedding the scripts within certain HTML tags including (1) onload in the BODY tag, (2) href...
Aladdin eSafe Gateway versions 2.x allows a remote attacker to circumvent HTML SCRIPT filtering via a special arrangement of HTML tags which includes SCRIPT tags embedded within other SCRIPT tags. Date published : 2001-07-27...
Oracle listener between Oracle 9i and Oracle 8.0 allows remote attackers to cause a denial of service via a malformed connection packet that contains an incorrect requester_version value that does not match an expected...
Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause a denial of service via a malformed connection packet with a large offset_to_data value. Date published : 2001-07-27 http://otn.oracle.com/deploy/security/pdf/net8_dos_alert.pdf http://xforce.iss.net/alerts/advise82.php
Buffer overflow in Transparent Network Substrate (TNS) Listener in Oracle 8i 8.1.7 and earlier allows remote attackers to gain privileges via a long argument to the commands (1) STATUS, (2) PING, (3) SERVICES, (4)...