Directory traversal vulnerability in Search.cgi in Ikonboard ib219 and earlier allows remote attackers to overwrite files and gain privileges via .. (dot dot) sequences in the amembernamecookie cookie. Date published : 2001-11-22 http://www.securityfocus.com/bid/3486 http://marc.info/?l=bugtraq&m=100446445208739&w=2
Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows remote attackers to execute arbitrary code via (1) SNMP and (2) DMI. Date published : 2001-11-22 http://www.securityfocus.com/bid/3482 http://www.kb.cert.org/vuls/id/908611
ibillpm.pl in iBill password management system generates weak passwords based on a client’s MASTER_ACCOUNT, which allows remote attackers to modify account information in the .htpasswd file via brute force password guessing. Date published :...
Format string vulnerability in Network Solutions Rwhoisd 1.5.x allows remote attackers to execute arbitrary code via format string specifiers in the -soa command. Date published : 2001-11-22 http://marc.info/?l=bugtraq&m=100402652724815&w=2
Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly other versions, allows remote attackers to inject arbitrary HTML tags by specifying them in (1) search keywords embedded in HTTP referrer information, or (2) host names...
Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local users to overwrite arbitrary files, possibly via a symlink attack or incorrect file permissions in (1) the ORACLE_HOME/rdbms/log directory or (2) an alternate directory...
Unknown vulnerability in Oracle Label Security in Oracle 8.1.7 and 9.0.1, when audit functionality, SET_LABEL, or SQL*Predicate is being used, allows local users to gain additional access. Date published : 2001-11-22 http://www.securityfocus.com/bid/3465 http://marc.info/?l=bugtraq&m=100386756715645&w=2
A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a malicious webmaster to embed Javascript in a request for a .JSP file, which causes the Javascript to be inserted into an error message. Date...
Cerberus FTP server 1.0 – 1.5 allows remote attackers to cause a denial of service (crash) via a large number of "PASV" requests. Date published : 2001-11-22 http://www.securityfocus.com/bid/2976 http://archive.cert.uni-stuttgart.de/archive/bugtraq/2001/07/msg00070.html
Buffer overflows in CesarFTPD 0.98b allows remote attackers to execute arbitrary commands via long arguments to (1) HELP, (2) USER, (3) PASS, (4) PORT, (5) DELE, (6) REST, (7) RMD, or (8) MKD. Date...
Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 allows remote attackers to execute Javascript by inserting the Javascript into (1) a request for a .JSP file, or (2) a request to the...
The default configuration of DCShop 1.002 beta places sensitive files in the cgi-bin directory, which could allow remote attackers to read sensitive data via an HTTP GET request for (1) orders.txt or (2) auth_user_file.txt....
Buffer overflows in GazTek ghttpd 1.4 allows a remote attacker to execute arbitrary code via long arguments that are passed to (1) the Log function in util.c, or (2) serveconnection in protocol.c. Date published...
A buffer overflow the ‘s’ console command in MDBMS 0.99b9 and earlier allows remote attackers to execute arbitrary commands by sending the command a large amount of data. Date published : 2001-11-22 http://www.securityfocus.com/bid/2867 http://www.securityfocus.com/archive/1/190933