Monthly Archive: October 2001

Perception LiteServe 1.25 allows remote attackers to obtain source code of CGI scripts via URLs that contain MS-DOS conventions such as (1) upper case letters or (2) 8.3 file names. Date published : 2001-10-12...

Buffer overflow in A-FTP Anonymous FTP Server allows remote attackers to cause a denial of service via a long USER command. Date published : 2001-10-12 http://archives.neohapsis.com/archives/bugtraq/2001-06/0280.html

Trend Micro InterScan VirusWall for Windows NT allows remote attackers to make configuration changes by directly calling certain CGI programs, which do not restrict access. Date published : 2001-10-12 http://cert.uni-stuttgart.de/archive/bugtraq/2001/06/msg00006.html

Specter IDS version 4.5 and 5.0 allows a remote attacker to cause a denial of service (CPU exhaustion) via a port scan, which causes the server to consume CPU while preparing alerts. Date published...

Format string vulnerability in avpkeeper in Kaspersky KAV 3.5.135.2 for Sendmail allows remote attackers to cause a denial of service or possibly execute arbitrary code via a malformed mail message. Date published : 2001-10-12...

Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 allows remote attackers to obtain an absolute path for the server directory by viewing the Location header. Date published : 2001-10-12 http://www.securityfocus.com/bid/2881 http://archives.neohapsis.com/archives/bugtraq/2001-06/0228.html

Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 stores user passwords in plaintext in the pUser.Dat file. Date published : 2001-10-12 http://www.securityfocus.com/bid/2882 http://archives.neohapsis.com/archives/bugtraq/2001-06/0228.html

Directory traversal in Webpaging interface in Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 allows allows remote attackers to read arbitrary files via a .. (dot dot) attack. Date published : 2001-10-12 http://www.securityfocus.com/bid/2883...

Cisco TFTP server 1.1 allows remote attackers to read arbitrary files via a ..(dot dot) attack in the GET command. Date published : 2001-10-12 http://www.securityfocus.com/bid/2886 http://archives.neohapsis.com/archives/bugtraq/2001-06/0227.html

KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root privileges via a symlink attack on a user configuration file. Date published : 2001-10-12 http://archives.neohapsis.com/archives/bugtraq/2001-06/0302.html https://exchange.xforce.ibmcloud.com/vulnerabilities/6741

Buffer overflow in SpoonFTP 1.0.0.12 allows remote attackers to execute arbitrary code via a long argument to the commands (1) CWD or (2) LIST. Date published : 2001-10-12 http://archives.neohapsis.com/archives/bugtraq/2001-05/0296.html https://exchange.xforce.ibmcloud.com/vulnerabilities/6630

Directory traversal vulnerability in cosmicpro.cgi in Cosmicperl Directory Pro 2.0 allows remote attackers to gain sensitive information via a .. (dot dot) in the SHOW parameter. Date published : 2001-10-12 http://www.securityfocus.com/bid/2793 http://www.securityfocus.com/archive/1/187182

OmniHTTPd 2.0.8 and earlier allow remote attackers to obtain source code via a GET request with the URL-encoded symbol for a space (%20). Date published : 2001-10-12 http://archives.neohapsis.com/archives/bugtraq/2001-05/0248.html http://www.omnicron.ca/httpd/docs/release.html

Omnicron OmniHTTPd 2.0.8 allows remote attackers to cause a denial of service (memory exhaustion) via a series of requests for PHP scripts. Date published : 2001-10-12 http://www.securityfocus.com/bid/2783 http://archives.neohapsis.com/archives/bugtraq/2001-05/0248.html