Monthly Archive: August 2002

Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine 7.0.2.1480 allows remote attackers to cause a denial of service (crash) via a long malformed request to TCP port 2500, possibly triggering a buffer overflow. Date...

BadBlue server allows remote attackers to cause a denial of service (crash) via an HTTP GET request without a URI. Date published : 2002-08-31 http://www.securityfocus.com/bid/5187 http://archives.neohapsis.com/archives/bugtraq/2002-07/0082.html

BadBlue server stores passwords in plaintext in the ext.ini file, which could allow local and possibly remote attackers to gain privileges. Date published : 2002-08-31 http://www.securityfocus.com/bid/5228 http://archives.neohapsis.com/archives/bugtraq/2002-07/0143.html

BadBlue server allows remote attackers to read restricted files, such as EXT.INI, via an HTTP request that contains a hex-encoded null byte. Date published : 2002-08-31 http://www.securityfocus.com/bid/5226 http://archives.neohapsis.com/archives/bugtraq/2002-07/0143.html

The library feature for Adobe Content Server 3.0 allows a remote attacker to check out an eBook even when the maximum number of loans is exceeded by accessing the "Add to bookbag" feature when...

The library feature for Adobe Content Server 3.0 allows a remote attacker to check out an eBook for an arbitrary length of time via a modified loanMin parameter to download.asp. Date published : 2002-08-31...

The library feature for Adobe Content Server 3.0 does not verify if a customer has already checked out an eBook, which allows remote attackers to cause a denial of service (resource exhaustion) by checking...

Adobe eBook Reader 2.1 and 2.2 allows a user to copy eBooks to other systems by using the backup feature, capturing the encryption Challenge, and using the appropriate hash function to generate the activation...

Adobe eBook Reader allows a user to bypass restrictions for copy, print, lend, and give operations by backing up key data files, performing the operations, and restoring the original data files. Date published :...

Buffer overflow in web server for Tivoli Management Framework (TMF) ManagedNode 3.6.x through 3.7.1 allows remote attackers to cause a denial of service or execute arbitrary code via a long HTTP GET request. Date...

Buffer overflow in web server for Tivoli Management Framework (TMF) Endpoint 3.6.x through 3.7.1, before Fixpack 2, allows remote attackers to cause a denial of service or execute arbitrary code via a long HTTP...

Lotus Domino R4 allows remote attackers to bypass access restrictions for files in the web root via an HTTP request appended with a "?" character, which is treated as a wildcard character and bypasses...

Cross-site scripting vulnerability in PowerBASIC pbcgi.cgi, as included in Lil’ HTTP web server, allows remote attackers to execute arbitrary web script in other web browsers via the (1) "Name" or (2) "E-mail" parameters. Date...

Cross-site scripting vulnerability in PowerBASIC urlcount.cgi, as included in Lil’ HTTP web server, allows remote attackers to execute arbitrary web script in other web browsers via a request to urlcount.cgi that contains the script,...