Monthly Archive: May 2002

Multiple TCP implementations could allow remote attackers to cause a denial of service (bandwidth and CPU exhaustion) by setting the maximum segment size (MSS) to a very small number and requesting large amounts of...

Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 allows local or remote attackers to cause a denial of service (crash) via (1) creating an ASP program that uses Scripting.FileSystemObject to open a file...

Directory traversal vulnerability in Un-CGI 1.9 and earlier allows remote attackers to execute arbitrary code via a .. (dot dot) in an HTML form. Date published : 2002-05-03 http://www.securityfocus.com/bid/3056 http://archives.neohapsis.com/archives/bugtraq/2001-07/0287.html

Un-CGI 1.9 and earlier does not verify that a CGI script has the execution bits set before executing it, which allows remote attackers to execute arbitrary commands by directing Un-CGI to a document that...

PowerNet IX allows remote attackers to cause a denial of service via a port scan. Date published : 2002-05-03 http://www.securityfocus.com/bid/2992

Task Manager in Windows 2000 does not allow local users to end processes with uppercase letters named (1) winlogon.exe, (2) csrss.exe, (3) smss.exe and (4) services.exe via the Process tab which could allow local...

Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with Novell Directory Services (NDS) enabled allows remote attackers to enumerate user names, group names and other system information by accessing ndsobj.nlm. Date published :...

GroupWise WebAccess 5.5 with directory indexing enabled allows a remote attacker to view arbitrary directory contents via an HTTP request with a lowercase "get". Date published : 2002-05-03 http://www.securityfocus.com/bid/3188 http://www.securityfocus.com/archive/1/204875

The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 allows remote attackers to read arbitrary files and list directories on a client system by opening a URL that redirects the browser to the...

The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers to cause a denial of service (crash) via a certain malformed packet, which causes Ethereal to allocate memory incorrectly, possibly due to zero-length...

Phorum 3.3.2 allows remote attackers to determine the email addresses of the 10 most active users via a direct HTTP request to the stats.php program, which does not require authentication. Date published : 2002-05-03...

Buffer overflows in CFS daemon (cfsd) before 1.3.3-8.1, and 1.4x before 1.4.1-5, allow remote attackers to cause a denial of service and possibly execute arbitrary code. Date published : 2002-05-03 http://www.securityfocus.com/bid/4219 http://www.debian.org/security/2002/dsa-116

HP Procurve Switch 4000M running firmware C.08.22 and C.09.09 allows remote attackers to cause a denial of service via a port scan of the management IP address, which disables the telnet service. Date published...

Tiny Personal Firewall (TPF) 2.0.15, under certain configurations, will pop up an alert to the system even when the screen is locked, which could allow an attacker with physical access to the machine to...