Monthly Archive: March 2002

The #sinclude directive in Embedded Perl (ePerl) 2.2.14 and earlier allows a remote attacker to execute arbitrary code by modifying the ‘sinclude’ file to point to another file that contains a #include directive that...

split-logfile in Apache 1.3.20 allows remote attackers to overwrite arbitrary files that end in the .log extension via an HTTP request with a / (slash) in the Host: header. Date published : 2002-03-09 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000430...

Buffer overflow in Compaq Management Agents before 5.2, included in Compaq Web-enabled Management Software, allows local users to gain privileges. Date published : 2002-03-09 http://www.securityfocus.com/bid/3376 http://www.kb.cert.org/vuls/id/275979

Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript, aka the "Second Cookie Handling Vulnerability." Date published : 2002-03-09 http://www.securityfocus.com/bid/3546 https://docs.microsoft.com/en-us/security-updates/securitybulletins/2001/ms01-055

Internet Explorer 5.5 and 6.0 allows remote attackers to read and modify user cookies via Javascript in an about: URL, aka the "First Cookie Handling Vulnerability." Date published : 2002-03-09 http://www.securityfocus.com/bid/3513 http://www.securityfocus.com/archive/1/221612

Internet Explorer 5.1 for Macintosh on Mac OS X allows remote attackers to execute arbitrary commands by causing a BinHex or MacBinary file type to be downloaded, which causes the files to be executed...

Buffer overflow in Microsoft Windows Media Player 6.4 allows remote attackers to execute arbitrary code via a malformed Advanced Streaming Format (ASF) file. Date published : 2002-03-09 http://www.securityfocus.com/bid/3156 http://online.securityfocus.com/archive/1/202470

Vulnerability in (1) Microsoft Excel 2002 and earlier and (2) Microsoft PowerPoint 2002 and earlier allows attackers to bypass macro restrictions and execute arbitrary commands by modifying the data stream in the document. Date...

Format string vulnerability in ToolTalk database server rpc.ttdbserverd allows remote attackers to execute arbitrary commands via format string specifiers that are passed to the syslog function. Date published : 2002-03-09 http://www.securityfocus.com/bid/3382 ftp://stage.caldera.com/pub/security/openunix/CSSA-2001-SCO.28/CSSA-2001-SCO.28.txt

Citrix MetaFrame 1.8 Server with Service Pack 3, and XP Server Service Pack 1 and earlier, allows remote attackers to cause a denial of service (crash) via a large number of incomplete connections to...

NetBSD 1.5 and earlier and FreeBSD 4.3 and earlier allows a remote attacker to cause a denial of service by sending a large number of IP fragments to the machine, exhausting the mbuf pool....

Maximum Rumpus FTP Server 2.0.3 dev and before allows an attacker to cause a denial of service (crash) via a mkdir command that specifies a large number of sub-folders. Date published : 2002-03-09 http://www.securityfocus.com/bid/2864...

Buffer overflow in ptexec in the Sun Validation Test Suite 4.3 and earlier allows a local user to gain privileges via a long -o argument. Date published : 2002-03-09 http://www.securityfocus.com/bid/2898 http://www.securityfocus.com/archive/1/192667

Buffer overflow in w3m 0.2.1 and earlier allows a remote attacker to execute arbitrary code via a long base64 encoded MIME header. Date published : 2002-03-09 http://www.securityfocus.com/bid/2895 http://www.securityfocus.com/archive/1/192371