SnapStream PVS 1.2a stores its passwords in plaintext in the file SSD.ini, which could allow a remote attacker to gain privileges on the server. Date published : 2002-03-15 http://www.securityfocus.com/bid/3101 http://archives.neohapsis.com/archives/bugtraq/2001-07/0606.html
RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches session IDs from failed login attempts, which could allow remote attackers to bypass SSL client authentication and gain access to...
SonicWALL SOHO uses easily predictable TCP sequence numbers, which allows remote attackers to spoof or hijack sessions. Date published : 2002-03-15 http://www.securityfocus.com/bid/3098 http://www.securityfocus.com/archive/1/199632
Check Point FireWall-1 3.0b through 4.1 for Solaris allows local users to overwrite arbitrary files via a symlink attack on temporary policy files that end in a .cpp extension, which are set world-writable. Date...
The Log Viewer function in the Check Point FireWall-1 GUI for Solaris 3.0b through 4.1 SP2 does not check for the existence of ‘.log’ files when saving files, which allows (1) remote authenticated users...
Cisco routers and switches running IOS 12.0 through 12.2.1 allows a remote attacker to cause a denial of service via a flood of UDP packets. Date published : 2002-03-15 http://www.securityfocus.com/bid/3096 http://www.securityfocus.com/archive/1/199558
NetOp School 1.5 allows local users to bypass access restrictions on the administration version by logging into the student version, closing the student version, then starting the administration version. Date published : 2002-03-15 http://www.securityfocus.com/bid/3321...
Buffer overflow in msgchk in Digital UNIX 4.0G and earlier allows local users to execute arbitrary code via a long command line argument. Date published : 2002-03-15 http://www.securityfocus.com/bid/3311 http://www.securityfocus.com/archive/1/213238
msgchk in Digital UNIX 4.0G and earlier allows a local user to read the first line of arbitrary files via a symlink attack on the .mh_profile file. Date published : 2002-03-15 http://www.securityfocus.com/bid/3320 http://www.securityfocus.com/archive/1/213238
The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 do not properly drop privileges, which could allow local users to gain privileges via the RCMD_CMD environment variable. Date published : 2002-03-15...
nss_postgresql 0.6.1 and before allows a remote attacker to execute arbitrary SQL queries by inserting SQL code into an HTTP request. Date published : 2002-03-15 http://www.securityfocus.com/bid/3315 http://www.securityfocus.com/archive/1/213331
The default configuration of the config.http.tunnel.allow_ports option on NetCache devices is set to +all, which allows remote attackers to connect to arbitrary ports on remote systems behind the device. Date published : 2002-03-15 http://www.securityfocus.com/bid/2990...
XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using gettimeofday() when compiled with the HasXdmXauth option, which allows remote attackers to gain unauthorized access to the X display via a brute force...
chuid 1.2 and earlier does not properly verify the ownership of files that will be changed, which allows remote attackers to change files owned by other users, such as root. Date published : 2002-03-15...