Monthly Archive: June 2002

CVE-1999-1080

rmmount in SunOS 5.7 may mount file systems without the nosuid flag set, contrary to the documentation and its use in previous versions of SunOS, which could allow local users with physical access to...

CVE-2000-1193

Performance Metrics Collector Daemon (PMCD) in Performance Copilot in IRIX 6.x allows remote attackers to cause a denial of service (resource exhaustion) via an extremely long string to the PMCD port. Date published :...

CVE-2000-1166

Twig webmail system does not properly set the "vhosts" variable if it is not configured on the site, which allows remote attackers to insert arbitrary PHP (PHP3) code by specifying an alternate vhosts as...

CVE-2000-0087

Netscape Mail Notification (nsnotify) utility in Netscape Communicator uses IMAP without SSL, even if the user has set a preference for Communicator to use an SSL connection, allowing a remote attacker to sniff usernames...

CVE-2000-0072

Visual Casel (Vcasel) does not properly prevent users from executing files, which allows local users to use a relative pathname to specify an alternate file which has an approved name and possibly gain privileges....

CVE-2001-1345

bctool in Jetico BestCrypt 0.7 and earlier trusts the user-supplied PATH to find and execute an fsck utility program, which allows local users to gain privileges by modifying the PATH to point to a...

CVE-2001-1342

Apache before 1.3.20 on Windows and OS/2 systems allows remote attackers to cause a denial of service (GPF) via an HTTP request for a URI that contains a large number of / (slash) or...

CVE-2001-1322

xinetd 2.1.8 and earlier runs with a default umask of 0, which could allow local users to read or modify files that are created by an application that runs under xinetd but does not...