Directory traversal vulnerability in edit_action.cgi of Webmin Directory 0.91 allows attackers to gain privileges via a ‘..’ (dot dot) in the argument. Date published : 2002-03-15 http://www.securityfocus.com/bid/3698 http://www.securityfocus.com/archive/1/245980
Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a default username and password for the servlet manager, which allows remote attackers to gain privileges. Date published : 2002-03-15 http://www.securityfocus.com/bid/3697 http://www.securityfocus.com/archive/1/245871
Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to cause a denial of service via malformed packets with (1) an IP length less than actual packet size, or (2) fragmented packets whose...
Citrix Independent Computing Architecture (ICA) Client for Windows 6.1 allows remote malicious web sites to execute arbitrary code via a .ICA file, which is downloaded and automatically executed by the client. Date published :...
WebSeal in IBM Tivoli SecureWay Policy Director 3.8 allows remote attackers to cause a denial of service (crash) via a URL that ends in %2e. Date published : 2002-03-15 http://www.securityfocus.com/bid/3685 http://www.securityfocus.com/archive/1/245283
The default PAM files included with passwd in Mandrake Linux 8.1 do not support MD5 passwords, which could result in a lower level of password security than intended. Date published : 2002-03-15 http://www.securityfocus.com/bid/3683 http://www.linux-mandrake.com/en/security/2001/MDKSA-2001-091.php3
IBM Websphere Application Server 3.5.3 and earlier stores a password in cleartext in the sas.server.props file, which allows local users to obtain the passwords via a JSP script. Date published : 2002-03-15 http://www.securityfocus.com/bid/3682 http://www.securityfocus.com/archive/1/245324
mailto.exe in Brian Dorricott MAILTO 1.0.9 and earlier allows remote attackers to send SPAM e-mail through remote servers by modifying the sendto, email, server, subject, and resulturl hidden form fields. Date published : 2002-03-15...
csvform.pl 0.1 allows remote attackers to execute arbitrary commands via metacharacters in the file parameter. Date published : 2002-03-15 http://www.securityfocus.com/bid/3668 http://online.securityfocus.com/archive/1/244908
wrshdsp.exe in Denicomp Winsock RSHD/NT 2.21.00 and earlier allows remote attackers to cause a denial of service (CPU consumption) via (1) in 2.20.00 and earlier, an invalid port number such as a negative number,...
Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows restricted shell users to bypass certain security checks and gain privileges. Date published : 2002-03-15 http://archives.neohapsis.com/archives/hp/2001-q3/0014.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5657
Dynamically Loadable Kernel Module (dlkm) static kernel symbol table in HP-UX 11.11 is not properly configured, which allows local users to gain privileges. Date published : 2002-03-15 http://ciac.llnl.gov/ciac/bulletins/l-115.shtml http://archives.neohapsis.com/archives/hp/2001-q3/0013.html
xman allows local users to gain privileges by modifying the MANPATH to point to a man page whose filename contains shell metacharacters. Date published : 2002-03-15 http://www.securityfocus.com/archive/1/197498
Buffer overflow in xman allows local users to gain privileges via a long MANPATH environment variable. Date published : 2002-03-15 http://www.securityfocus.com/bid/3030 http://archives.neohapsis.com/archives/bugtraq/2001-07/0234.html