Monthly Archive: March 2002

Buffer overflow in BNC IRC proxy allows remote attackers to gain privileges. Date published : 2002-03-09 http://www.securityfocus.com/bid/1927 http://www.securityfocus.com/archive/1/11711

wwwboard allows a remote attacker to delete message board articles via a malformed argument. Date published : 2002-03-09 http://www.securityfocus.com/bid/1795

BMC Patrol allows any remote attacker to flood its UDP port, causing a denial of service. Date published : 2002-03-09 http://www.securityfocus.com/bid/1879 http://www.securityfocus.com/archive/1/13204

Memory leak in SNMP agent in Windows NT 4.0 before SP5 allows remote attackers to conduct a denial of service (memory exhaustion) via a large number of queries. Date published : 2002-03-09 http://support.microsoft.com/support/kb/articles/q196/2/70.asp https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A952

BMC Patrol allows remote attackers to gain access to an agent by spoofing frames. Date published : 2002-03-09 http://www.securityfocus.com/archive/1/13204 http://www.iss.net/security_center/static/2075.php

SLMail 3.1 and 3.2 allows local users to access any file in the NTFS file system when the Remote Administration Service (RAS) is enabled by setting a user’s Finger File to point to the...

Windows NT allows remote attackers to list all users in a domain by obtaining the domain SID with the LsaQueryInformationPolicy policy function via a null session and using the SID to list the users....

PSCOErrPage.htm in Netscape PublishingXpert 2.5 before SP2 allows remote attackers to read arbitrary files by specifying the target file in the errPagePath parameter. Date published : 2002-03-09 http://docs.iplanet.com/docs/manuals/pubx/2.5.2_Relnotes.html http://packetstormsecurity.org/0004-exploits/ooo1.txt

telnet daemon (telnetd) from the Linux netkit package before netkit-telnet-0.16 allows remote attackers to bypass authentication when telnetd is running with the -L command line option. Date published : 2002-03-09 http://www.caldera.com/support/security/advisories/CSSA-2000-008.0.txt https://exchange.xforce.ibmcloud.com/vulnerabilities/4225

imwheel-solo in imwheel package allows local users to modify arbitrary files via a symlink attack from the .imwheelrc file. Date published : 2002-03-09 http://marc.info/?l=bugtraq&m=95984116811100&w=2 http://www.redhat.com/support/errata/RHSA-2000-016.html

Telnet Service for Windows 2000 Professional does not properly terminate incomplete connection attempts, which allows remote attackers to cause a denial of service by connecting to the server and not providing any input. Date...

Directory traversal vulnerability in Winsock FTPd (WFTPD) 3.00 and 2.41 with the "Restrict to home directory" option enabled allows local users to escape the home directory via a "/../" string, a variation of the...

Some telnet clients allow remote telnet servers to request environment variables from the client that may contain sensitive information, or remote web servers to obtain the information via a telnet: URL. Date published :...

A default ECL in Lotus Notes before 5.02 allows remote attackers to execute arbitrary commands by attaching a malicious program in an email message that is automatically executed when the user opens the email....