Monthly Archive: February 2002

Web-based configuration utility in Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap binds itself to port 80 even when web-based configuration services are disabled, which could leave the router open to attack. Date...

Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows remote attackers to cause a denial of service via multiple connections to the router on the (1) HTTP or (2) telnet service, which causes...

Vulnerability in lsmcode in unknown versions of AIX, possibly related to a usage error. Date published : 2002-02-02 http://archives.neohapsis.com/archives/aix/2001-q3/0003.html

phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute arbitrary commands by inserting them into (1) the strCopyTableOK argument in tbl_copy.php, or (2) the strRenameTableOK argument in tbl_rename.php. Date published : 2002-02-02 http://www.securityfocus.com/bid/3121 http://www.securityfocus.com/archive/1/200596

The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote attackers to bypass access control (specified by the -restrict argument) and steal a license via a client request that includes the name of...

The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote attackers to cause a denial of service (resource exhaustion) by connecting to port 16286 and not disconnecting, which prevents users from making license...

Empris PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. Date published : 2002-02-02 http://www.securityfocus.com/bid/3391 http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html

Dark Hart Portal (darkportal) PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. Date published : 2002-02-02 http://www.securityfocus.com/bid/3390 http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html

CCCSoftware CCC PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. Date published : 2002-02-02 http://www.securityfocus.com/bid/3389 http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html

Race condition in OpenBSD VFS allows local users to cause a denial of service (kernel panic) by (1) creating a pipe in one thread and causing another thread to set one of the file...

Directory traversal vulnerability in basilix.php3 in Basilix Webmail 1.0.3beta and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the request_id[DUMMY] parameter. Date published : 2002-02-02 http://www.securityfocus.com/bid/2995 http://archives.neohapsis.com/archives/bugtraq/2001-07/0114.html

Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class and *.inc files under the document root and does not restrict access, which could allows remote attackers to obtain sensitive information such as MySQL passwords...

Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary files and directories by uploading a .lnk (link) file that points to the target file. Date published : 2002-02-02 http://www.securityfocus.com/bid/2960 http://www.securityfocus.com/archive/1/194443

oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to overwrite arbitrary files via a symlink attack on an Oracle log trace (.trc) file that is created in an alternate home directory...