Cross-site scripting vulnerability in Proxomitron Naoko-4 BetaFour and earlier allows remote attackers to execute arbitrary script on other clients via an incorrect URL containing the malicious script, which is printed back in an error...
Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, compiles authentication information in cleartext into the libvpopmail.a library, which allows local users to obtain the MySQL username and password by inspecting the vpopmail...
Buffer overflows in Pileup before 1.2 allows local users to gain root privileges via (1) long command line arguments, or (2) a long callsign. Date published : 2002-02-02 http://www.securityfocus.com/bid/3086 http://archives.neohapsis.com/archives/bugtraq/2001-07/0512.html
Arkeia backup server 4.2.8-2 and earlier creates its database files with world-writable permissions, which could allow local users to overwrite the files or obtain sensitive information. Date published : 2002-02-02 http://www.securityfocus.com/bid/3085 http://archives.neohapsis.com/archives/bugtraq/2001-07/0521.html
SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote attackers to obtain sensitive information such as the physical path, file attributes, or portions of source code by directly calling sqlqhit.asp with a CiScope...
shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote attackers to execute arbitrary commands via shell metacharacters in the "page" parameter. Date published : 2002-02-02 http://www.securityfocus.com/bid/3308 http://www.securityfocus.com/archive/1/212827
Password Safe 1.7(1) leaves cleartext passwords in memory when a user copies the password to the clipboard and minimizes Password Safe with the "Clear the password when minimized" and "Lock password database on minimize...
UltraEdit uses weak encryption to record FTP passwords in the uedit32.ini file, which allows local users who can read the file to decrypt the passwords and gain privileges. Date published : 2002-02-02 http://marc.info/?l=bugtraq&m=99861651923668&w=2 http://www.eve-software.com/security/ueditpw.html
Buffer overflow in swverify in HP-UX 11.0, and possibly other programs, allows local users to gain privileges via a long command line argument. Date published : 2002-02-02 http://www.securityfocus.com/bid/3279 http://www.securityfocus.com/archive/1/211687
Vulnerability in HP Process Resource Manager (PRM) C.01.08.2 and earlier, as used by HP-UX Workload Manager (WLM), allows local users to gain root privileges via modified libraries or environment variables. Date published : 2002-02-02...
Buffer overflow vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. Date published : 2002-02-02 http://www.securityfocus.com/bid/3047 http://www.cert.org/advisories/CA-2001-18.html
Format string vulnerabilities in Oracle Internet Directory Server (LDAP) 2.1.1.x and 3.0.1 allow remote attackers to execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. Date published : 2002-02-02 http://www.securityfocus.com/bid/3048 http://www.cert.org/advisories/CA-2001-18.html
Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on the UserID, which allows remote attackers to gain administrative privileges by calculating the value of the admin cookie (UserID 1), i.e. "0888888." Date...
Directory traversal vulnerability in ACI 4d webserver allows remote attackers to read arbitrary files via a .. (dot dot) or drive letter (e.g., C:) in an HTTP request. Date published : 2002-02-02 http://www.securityfocus.com/bid/3209 http://www.securityfocus.com/archive/1/206102