Cross-site scripting vulnerability in eXtreme message board (XMB) 1.6x and earlier allows remote attackers to execute script as other XMB users by inserting the script into an IMG tag. Date published : 2002-05-03 http://www.securityfocus.com/bid/4167...
fasttrack p2p, as used in (1) KaZaA, (2) grokster, and (3) morpheus allows remote attackers to spoof other users by modifying the username and network information in the message header. Date published : 2002-05-03...
fasttrack p2p, as used in (1) KaZaA before 1.5, (2) grokster, and (3) morpheus allows remote attackers to cause a denial of service (memory exhaustion) via a series of client-to-client messages, which pops up...
Directory traversal vulnerability in Essentia Web Server 2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in a URL. Date published : 2002-05-03 http://www.securityfocus.com/bid/4160 http://marc.info/?l=bugtraq&m=101439734827908&w=2
Vulnerability in webtop in UnixWare 7.1.1 and Open UNIX 8.0.0 allows local and possibly remote attackers to gain root privileges via shell metacharacters in the -c argument for (1) in scoadminreg.cgi or (2) service_action.cgi....
Netwin WebNews 1.1k CGI program includes several default usernames and cleartext passwords that cannot be deleted by the administrator, which allows remote attackers to gain privileges via the username/password combinations (1) testweb/newstest, (2) alwn3845/imaptest,...
admin.asp in AdMentor 2.11 allows remote attackers to bypass authentication and gain privileges via a SQL injection attack on the Login and Password arguments. Date published : 2002-05-03 http://www.securityfocus.com/bid/4152 http://marc.info/?l=bugtraq&m=101430885516675&w=2
Directory traversal vulnerability in ans.pl in Avenger’s News System (ANS) 2.11 and earlier allows remote attackers to determine the existence of arbitrary files or execute any Perl program on the system via a .....
ans.pl in Avenger’s News System (ANS) 2.11 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the p (plugin) parameter. Date published : 2002-05-03 http://www.securityfocus.com/bid/4149 http://marc.info/?l=bugtraq&m=101430868616112&w=2
Zero One Tech (ZOT) P100s print server does not properly disable the SNMP service or change the default password, which could leave the server open to attack without the administrator’s knowledge. Date published :...
Lil HTTP Server 2.1 allows remote attackers to read password-protected files via a /./ in the HTTP request. Date published : 2002-05-03 http://www.securityfocus.com/bid/4153 http://marc.info/?l=bugtraq&m=101432338000591&w=2
GroupWise 6, when using LDAP authentication and when Post Office has a blank username and password, allows attackers to gain privileges of other users by logging in without a password. Date published : 2002-05-03...
Citrix NFuse 1.6 allows remote attackers to bypass authentication and obtain sensitive information by directly calling launch.asp with invalid NFUSE_USER and NFUSE_PASSWORD parameters. Date published : 2002-05-03 http://www.securityfocus.com/bid/4142 http://marc.info/?l=bugtraq&m=101424947801895&w=2
ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a denial of service (crash) via certain HTTP GET requests containing (1) a %2e%2e (encoded dot-dot), (2) several /../ (dot dot) sequences, (3) a missing...