Directory traversal vulnerability in InstantServers MiniPortal 1.1.5 and earlier allows remote authenticated users to read arbitrary files via a … (modified dot dot) in the GET command. Date published : 2002-05-03 http://www.securityfocus.com/bid/4075 http://marc.info/?l=bugtraq&m=101329397901071&w=2
Buffer overflow in InstantServers MiniPortal 1.1.5 and earlier allows remote attackers to execute arbitrary code via a long login name, which is not properly handled by the logging utility. Date published : 2002-05-03 http://www.securityfocus.com/bid/4073...
InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges. Date published...
Merak Mail IceWarp Web Mail uses a static identifier as a user session ID that does not change across sessions, which could allow remote attackers with access to the ID to gain privileges as...
Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6)...
The telnet port in Arescom NetDSL 1000 router allows remote attackers to cause a denial of service via a series of connections with long strings, which causes a large number of login failures and...
The default configuration of Arescom NetDSL 800 does not require authentication, which allows remote attackers to cause a denial of service or reconfigure the router. Date published : 2002-05-03 http://www.securityfocus.com/bid/4066 http://marc.info/?l=bugtraq&m=101323620111951&w=2
ICQ 2001b Build 3659 allows remote attackers to cause a denial of service (crash) via a malformed picture that contains large height and width values, which causes the crash when viewed in Userdetails. Date...
PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly...
Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote web servers to execute arbitrary code via a response containing a long Content-Type MIME header. Date published : 2002-05-03 http://www.securityfocus.com/bid/4064 http://marc.info/?l=bugtraq&m=101320742616105&w=2
PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123,...
wmtv 0.6.5 and earlier allows local users to modify arbitrary files via a symlink attack on a configuration file. Date published : 2002-05-03 http://www.securityfocus.com/bid/4052 http://www.debian.org/security/2002/dsa-108
Buffer overflows in wmtv 0.6.5 and earlier may allow local users to gain privileges. Date published : 2002-05-03 http://www.securityfocus.com/bid/4054 http://www.debian.org/security/2002/dsa-108
Lotus Domino server 5.0.8 with NoBanner enabled allows remote attackers to (1) determine the physical path of the server via a request for a nonexistent file with a .pl (Perl) extension, which leaks the...