Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow remote attackers to execute script via (1) the admin login page, or (2) the Pipermail index summaries. Date published : 2002-05-31 http://www.securityfocus.com/bid/4826 http://mail.python.org/pipermail/mailman-announce/2002-May/000042.html
Monthly Archive: May 2002
Cross-site scripting vulnerability in Internet Explorer 6.0 allows remote attackers to execute scripts in the Local Computer zone via a URL that exploits a local HTML resource file, aka the "Cross-Site Scripting in Local...
TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized database operations via a SQL injection attack on the id parameter. Date published : 2002-05-03 http://www.securityfocus.com/bid/2791 http://archives.neohapsis.com/archives/bugtraq/2001-05/0260.html
WSSecurity.pl in WebStore allows remote attackers to bypass authentication by providing the program with a filename that exists, which is made easier by (1) inserting a null character or (2) .. (dot dot). Date...
ws_mail.cgi in WebStore 400/400CS 4.14 allows remote authenticated WebStore administrators to execute arbitrary code via shell metacharacters in the kill parameter. Date published : 2002-05-03 http://www.securityfocus.com/bid/2861 http://archives.neohapsis.com/archives/bugtraq/2001-06/0142.html
The Beck GmbH [email protected] embedded web server installs the chipcfg.cgi program by default, which allows remote attackers to obtain sensitive network information via a request to the program. Date published : 2002-05-03 http://www.securityfocus.com/bid/2767 http://www.securityfocus.com/archive/1/186418
CesarFTP 0.98b and earlier stores usernames and passwords in plaintext in the settings.ini file, which allows attackers to gain privileges. Date published : 2002-05-03 http://www.securityfocus.com/bid/2785 http://archives.neohapsis.com/archives/bugtraq/2001-05/0252.html