Monthly Archive: March 2002

Sojourn search engine allows remote attackers to read arbitrary files via a .. (dot dot) attack. Date published : 2002-03-09 http://www.securityfocus.com/bid/1052 http://archives.neohapsis.com/archives/ntbugtraq/2000-q1/0201.html

IBM Network Station Manager NetStation allows local users to gain privileges via a symlink attack. Date published : 2002-03-09 http://www.securityfocus.com/bid/900 http://www.securityfocus.com/archive/1/39962

Trend Micro PC-Cillin does not restrict access to its internal proxy port, allowing remote attackers to conduct a denial of service. Date published : 2002-03-09 http://www.securityfocus.com/bid/1740

strace allows local users to read arbitrary files via memory mapped file names. Date published : 2002-03-09 http://online.securityfocus.com/archive/1/39831 https://exchange.xforce.ibmcloud.com/vulnerabilities/4554

diagrpt in AIX 4.3.x and 5.1 uses the DIAGDATADIR environment variable to find and execute certain programs, which allows local users to gain privileges by modifying the variable to point to a Trojan horse...

poprelayd script before 2.0 in Cobalt RaQ3 servers allows remote attackers to bypass authentication for relaying by causing a "POP login by user" string that includes the attacker’s IP address to be injected into...

Buffer overflow in AOLserver 3.0 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via an HTTP request with a long Authorization header. Date published : 2002-03-09 http://www.securityfocus.com/bid/3230 http://archives.neohapsis.com/archives/bugtraq/2001-08/0325.html

Buffer overflow in uidadmin in Caldera Open Unix 8.0.0 and UnixWare 7 allows local users to gain root privileges via a long -S (scheme) command line argument. Date published : 2002-03-09 http://www.securityfocus.com/bid/3244 ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.14/CSSA-2001-SCO.14.txt

IRC DCC helper in the ip_masq_irc IP masquerading module 2.2 allows remote attackers to bypass intended firewall restrictions by causing the target system to send a "DCC SEND" request to a malicious server which...

PHPAdsNew PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. Date published : 2002-03-09 http://www.securityfocus.com/bid/3392 http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html

Phorecast PHP script before 0.40 allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. Date published : 2002-03-09 http://www.securityfocus.com/bid/3388 http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html

AWOL PHP script allows remote attackers to include arbitrary files from remote web sites via an HTTP request that sets the includedir variable. Date published : 2002-03-09 http://www.securityfocus.com/bid/3387 http://archives.neohapsis.com/archives/bugtraq/2001-10/0012.html

Cisco SN 5420 Storage Router 1.1(3) and earlier allows remote attackers to cause a denial of service (reboot) via a series of connections to TCP port 8023. Date published : 2002-03-09 http://www.securityfocus.com/bid/3014 http://www.ciac.org/ciac/bulletins/l-112.shtml

Cisco SN 5420 Storage Router 1.1(3) and earlier allows local users to access a developer’s shell without a password and execute certain restricted commands without being logged. Date published : 2002-03-09 http://www.securityfocus.com/bid/3131 http://www.cisco.com/warp/public/707/SN-kernel-pub.html