Monthly Archive: August 2002

CVE-2001-1399

Certain operations in Linux kernel before 2.2.19 on the x86 architecture copy the wrong number of bytes, which might allow attackers to modify memory, aka "User access asm bug on x86." Date published :...

CVE-2001-1389

Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional variants until 2.3.3, may allow remote attackers to cause a denial of service or execute arbitrary code, primarily via buffer overflows or improper NULL termination....

CVE-2001-1388

iptables before 1.2.4 does not accurately convert rate limits that are specified on the command line, which could allow attackers or users to generate more or less traffic than intended by the administrator. Date...

CVE-2001-1387

iptables-save in iptables before 1.2.4 records the "–reject-with icmp-host-prohibited" rule as "–reject-with tcp-reset," which causes iptables to generate different responses than specified by the administrator, possibly leading to an information leak. Date published :...

CVE-2002-1089

rwcgi60 CGI program in Oracle Reports Server, by design, provides sensitive information such as the full pathname, which could enable remote attackers to use the information in additional attacks. Date published : 2002-08-31 http://www.securityfocus.com/bid/5262...

CVE-2002-1087

The scripts (1) createdir.php, (2) removedir.php and (3) uploadfile.php for ezContents 1.41 and earlier do not check credentials, which allows remote attackers to create or delete directories and upload files via a direct HTTP...