Monthly Archive: March 2002

iPlanet Web Server Enterprise Edition 4.1 and earlier allows remote attackers to retrieve sensitive data from memory allocation pools, or cause a denial of service, via a URL-encoded Host: header in the HTTP request,...

opendir.php script in PHP-Nuke allows remote attackers to read arbitrary files by specifying the filename as an argument to the requesturl parameter. Date published : 2002-03-09 http://archives.neohapsis.com/archives/bugtraq/2001-02/0214.html https://exchange.xforce.ibmcloud.com/vulnerabilities/6512

Buffer overflow in MERCUR SMTP server 3.30 allows remote attackers to execute arbitrary commands via a long EXPN command. Date published : 2002-03-09 http://archives.neohapsis.com/archives/bugtraq/2001-02/0413.html http://www.osvdb.org/6027

ext.dll in BadBlue 1.02.07 Personal Edition web server allows remote attackers to determine the physical path of the server by directly calling ext.dll without any arguments, which produces an error message that contains the...

pam_ldap authentication module in Solaris 8 allows remote attackers to bypass authentication via a NULL password. Date published : 2002-03-09 http://archives.neohapsis.com/archives/bugtraq/2001-02/0344.html http://www.osvdb.org/6030

ASCII Armor parser in Windows PGP 7.0.3 and earlier allows attackers to create files in arbitrary locations via a malformed ASCII armored file. Date published : 2002-03-09 http://www.atstake.com/research/advisories/2001/a040901-1.txt http://www.securityfocus.com/bid/2556

iPlanet (formerly Netscape) Enterprise Server 4.1 allows remote attackers to cause a denial of service via a long HTTP GET request that contains many "/../" (dot dot) sequences. Date published : 2002-03-09 http://www.securityfocus.com/bid/2282 http://www.securityfocus.com/archive/1/157641

Buffer overflow in Solaris snmpXdmid SNMP to DMI mapper daemon allows remote attackers to execute arbitrary commands via a long "indication" event. Date published : 2002-03-09 http://www.securityfocus.com/bid/2417 http://marc.info/?l=bugtraq&m=98462536724454&w=2

Watchguard Firebox II allows remote attackers to cause a denial of service by establishing multiple connections and sending malformed PPTP packets. Date published : 2002-03-09 http://www.securityfocus.com/bid/2369 http://www.securityfocus.com/archive/1/162965

VShell SSH gateway 1.0.1 and earlier has a default port forwarding rule of 0.0.0.0/0.0.0.0, which could allow local users to conduct arbitrary port forwarding to other systems. Date published : 2002-03-09 http://www.atstake.com/research/advisories/2001/a021601-1.txt http://www.securityfocus.com/bid/2402

Kernel leak in AfpaCache module of the Fast Response Cache Accelerator (FRCA) component of IBM HTTP Server 1.3.x and Websphere 3.52 allows remote attackers to cause a denial of service via a series of...

Buffer overflow in kdc_reply_cipher of libkrb (Kerberos 4 authentication library) in NetBSD 1.5 and FreeBSD 4.2 and earlier, as used in Kerberised applications such as telnetd and login, allows local users to gain root...

Windows 2000 domain controller in Windows 2000 Server, Advanced Server, or Datacenter Server allows remote attackers to cause a denial of service via a flood of malformed service requests. Date published : 2002-03-09 http://www.ciac.org/ciac/bulletins/l-049.shtml...

Buffer overflow in NetScreen Firewall WebUI allows remote attackers to cause a denial of service via a long URL request to the web administration interface. Date published : 2002-03-09 http://www.securityfocus.com/bid/2176 http://www.securityfocus.com/archive/1/155149