Monthly Archive: March 2002

Buffer overflow in Progress database 8.3D and 9.1C allows local users to execute arbitrary code via long entries in files that are specified by the (1) PROMSGS or (2) PROTERMCAP environment variables. Date published...

Buffer overflow in Progress database 8.3D and 9.1C could allow a local user to execute arbitrary code via (1) _proapsv, (2) _mprosrv, (3) _mprshut, (4) orarx, (5) sqlcpp, (6) _probrkr, (7) _sqlschema and (8)...

Symantec LiveUpdate 1.4 through 1.6, and possibly later versions, allows remote attackers to cause a denial of service (flood) via DNS spoofing of the update.symantec.com site. Date published : 2002-03-15 http://www.securityfocus.com/bid/3413 http://www.securityfocus.com/archive/1/218717

Symantec LiveUpdate before 1.6 does not use cryptography to ensure the integrity of download files, which allows remote attackers to execute arbitrary code via DNS spoofing of the update.symantec.com site. Date published : 2002-03-15...

rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to cause a denial of service (core dump) via a malformed RPC portmap requests, possibly related to a buffer overflow. Date published : 2002-03-15...

Vulnerability in Network Node Manager (NNM) 6.2 and earlier in HP OpenView allows a local user to execute arbitrary code, possibly via a buffer overflow in a long hostname or object ID. Date published...

Windows NT 4.0 SP 6a allows a local user with write access to winnt/system32 to cause a denial of service (crash in lsass.exe) by running the NT4ALL exploit program in ‘SPECIAL’ mode. Date published...

Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote attackers to (1) read or delete arbitrary files, or (2) overwrite ColdFusion Server templates. Date published : 2002-03-15 http://www.securityfocus.com/bid/3018 http://www.securityfocus.com/archive/1/196452

generate.cgi in SIX-webboard 2.01 and before allows remote attackers to read arbitrary files via a dot dot (..) in the content parameter. Date published : 2002-03-15 http://www.securityfocus.com/bid/3175 http://www.securityfocus.com/archive/1/204053

book.cgi in NetCode NC Book 0.2b allows remote attackers to execute arbitrary commands via shell metacharacters in the "current" parameter. Date published : 2002-03-15 http://www.securityfocus.com/bid/3178 http://www.securityfocus.com/archive/1/204094

Buffer overflow in EFTP 2.0.7.337 allows remote attackers to execute arbitrary code by uploading a .lnk file containing a large number of characters. Date published : 2002-03-15 http://www.securityfocus.com/bid/3330 http://www.securityfocus.com/archive/1/213647

EFTP 2.0.7.337 stores user passwords in plaintext in the eftp2users.dat file. Date published : 2002-03-15 http://www.securityfocus.com/bid/3332 http://www.securityfocus.com/archive/1/213647

EFTP 2.0.7.337 allows remote attackers to obtain NETBIOS credentials by requesting information on a file that is in a network share, which causes the server to send the credentials to the host that owns...

Directory traversal vulnerability in EFTP 2.0.7.337 allows remote authenticated users to reveal directory contents via a .. (dot dot) in the (1) LIST, (2) QUOTE SIZE, and (3) QUOTE MDTM commands. Date published :...