Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries. Date published : 2002-05-31 http://www.securityfocus.com/bid/4826 http://mail.python.org/pipermail/mailman-announce/2002-May/000042.html
Buffer overflow in Sun AnswerBook2 1.4 through 1.4.3 allows remote attackers to execute arbitrary code via a long filename argument to the gettransbitmap CGI program. Date published : 2002-05-21 http://www.securityfocus.com/bid/4784 http://marc.info/?l=bugtraq&m=102198846905064&w=2
Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local...
Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows remote attackers to execute arbitrary Javascript via a URL with the script in the HTNAME parameter. Date published : 2002-05-09 http://marc.info/?l=bugtraq&m=102107488402057&w=2 http://www.osvdb.org/3458
TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized database operations via a SQL injection attack on the id parameter. Date published : 2002-05-03 http://www.securityfocus.com/bid/2791 http://archives.neohapsis.com/archives/bugtraq/2001-05/0260.html
Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) allows local users to overwrite arbitrary files via a symlink attack on the temporary files (1) asagent.tmp or (2) inetd.tmp. Date published : 2002-05-03 http://www.securityfocus.com/bid/2741...
WSSecurity.pl in WebStore allows remote attackers to bypass authentication by providing the program with a filename that exists, which is made easier by (1) inserting a null character or (2) .. (dot dot). Date...
ws_mail.cgi in WebStore 400/400CS 4.14 allows remote authenticated WebStore administrators to execute arbitrary code via shell metacharacters in the kill parameter. Date published : 2002-05-03 http://www.securityfocus.com/bid/2861 http://archives.neohapsis.com/archives/bugtraq/2001-06/0142.html
The Beck GmbH IPC@Chip embedded web server installs the chipcfg.cgi program by default, which allows remote attackers to obtain sensitive network information via a request to the program. Date published : 2002-05-03 http://www.securityfocus.com/bid/2767 http://www.securityfocus.com/archive/1/186418
Beck GmbH IPC@Chip TelnetD service supports only one connection and does not disconnect a user who does not complete the login process, which allows remote attackers to lock out the administrator account by connecting...
Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect users from the service when bad passwords are entered, which makes it easier for remote attackers to conduct brute force password guessing attacks....
Beck IPC GmbH IPC@CHIP TelnetD server generates different responses when given valid and invalid login names, which allows remote attackers to determine accounts on the system. Date published : 2002-05-03 http://www.securityfocus.com/bid/2773 http://www.securityfocus.com/archive/1/186418
Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to cause a denial of service via a long HTTP request. Date published : 2002-05-03 http://www.securityfocus.com/bid/2774 http://www.securityfocus.com/archive/1/186418
CesarFTP 0.98b and earlier stores usernames and passwords in plaintext in the settings.ini file, which allows attackers to gain privileges. Date published : 2002-05-03 http://www.securityfocus.com/bid/2785 http://archives.neohapsis.com/archives/bugtraq/2001-05/0252.html