Monthly Archive: May 2002

Directory traversal vulnerability in CesarFTP 0.98b and earlier allows remote authenticated users (such as anonymous) to read arbitrary files via a GET with a filename that contains a …%5c (modified dot dot). Date published...

Linux CUPS before 1.1.6 does not securely handle temporary files, possibly due to a symlink vulnerability that could allow local users to overwrite files. Date published : 2002-05-03 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000384 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000386

Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers to execute arbitrary code. Date published : 2002-05-03 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000384 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000386

mandb in the man-db package before 2.3.16-3 allows local users to overwrite arbitrary files via the command line options (1) -u or (2) -c, which do not drop privileges and follow symlinks. Date published...

Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain root privileges via a long command line argument. Date published : 2002-05-03 http://archives.neohapsis.com/archives/bugtraq/2001-06/0133.html

Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain root privileges via a long command line argument. Date published : 2002-05-03 http://archives.neohapsis.com/archives/bugtraq/2001-06/0133.html

Eudora 5.1 allows remote attackers to execute arbitrary code when the "Use Microsoft Viewer" option is enabled and the "allow executables in HTML content" option is disabled, via an HTML email with a form...

Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow remote attackers to execute scripts when Active Scripting is disabled by including the scripts in XML stylesheets (XSL) that are referenced using...

cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not properly check the return value of a call to the pathexec_env function, which could cause the setstate utility to setuid to the UID...

Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via base-64 encoded data, which is not properly handled when...

Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via invalid encodings of BER OBJECT-IDENTIFIER values, as demonstrated by the PROTOS...

Network Associates PGP Keyserver 7.0 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via exceptional BER encodings (possibly buffer overflows), as demonstrated by the PROTOS LDAPv3 test...

Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial of service (hang) via exceptional BER encodings for the LDAP filter type field, as demonstrated by the PROTOS LDAPv3 test suite. Date published...

Vulnerabilities in Qualcomm Eudora WorldMail Server may allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, as demonstrated by the PROTOS LDAPv3 test suite. Date published : 2002-05-03...