Monthly Archive: August 2002

Cross-site scripting vulnerabilities in Blackboard 5 allow remote attackers to execute arbitrary web script via (1) the course_id parameter in a link to login.pl, (2) the CTID parameter in ProcessInfo.cgi, or (3) the Message...

ArGoSoft Mail Server 1.8.1.7 and earlier allows a webmail user to cause a denial of service (CPU consumption) by forwarding the email to the user while autoresponse is enabled, which creates an infinite loop....

Buffer overflow in MyWebServer 1.02 and earlier allows remote attackers to execute arbitrary code via a long HTTP GET request. Date published : 2002-08-31 http://www.securityfocus.com/bid/5184 http://archives.neohapsis.com/archives/bugtraq/2002-07/0073.html

Buffer overflows in AnalogX Proxy before 4.12 allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long HTTP request to TCP port 6588 or (2) a...

Multiple SQL injection vulnerabilities in CARE 2002 before beta 1.0.02 allow remote attackers to perform unauthorized database operations. Date published : 2002-08-31 http://www.securityfocus.com/bid/5219 http://archives.neohapsis.com/archives/bugtraq/2002-07/0128.html

Directory traversal vulnerability in cafenews.php for CARE 2002 before beta 1.0.02 allows remote attackers to read arbitrary files via .. (dot dot) sequences and null characters in the lang parameter, which is processed by...

Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 before 3.0.3A allows remote attackers to cause a denial of service. Date published : 2002-08-31 http://www.securityfocus.com/bid/5232 http://archives.neohapsis.com/archives/bugtraq/2002-07/0152.html

Multiple buffer overflows in Novell NetMail (NIMS) 3.0.3 before 3.0.3C allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) WebAdmin or (2) ModWeb. Date published : 2002-08-31...

SunPCi II VNC uses a weak authentication scheme, which allows remote attackers to obtain the VNC password by sniffing the random byte challenge, which is used as the key for encrypted communications. Date published...

Unknown vulnerability in HP Instant Support Enterprise Edition (ISEE) product U2512A for HP-UX 11.00 and 11.11 may allow authenticated users to access restricted files. Date published : 2002-08-31 http://www.securityfocus.com/bid/5267 http://archives.neohapsis.com/archives/hp/2002-q3/0023.html

Unknown vulnerability in IPV6 functionality for DCE daemons (1) dced or (2) rpcd on HP-UX 11.11 allows attackers to cause a denial of service (crash) via an attack that modifies internal data. Date published...

Buffer overflows in the cifslogin command for HP CIFS/9000 Client A.01.06 and earlier, based on the Sharity package, allows local users to gain root privileges via long (1) -U, (2) -D, (3) -P, (4)...

Buffer overflow in 4D web server 6.7.3 allow remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP request. Date published : 2002-08-31 http://www.securityfocus.com/bid/5045 http://archives.neohapsis.com/archives/bugtraq/2002-06/0208.html

SQL injection vulnerability in comment.php for GeekLog 1.3.5 and earlier allows remote attackers to obtain sensitive user information via the pid parameter. Date published : 2002-08-31 http://www.securityfocus.com/bid/4968 http://archives.neohapsis.com/archives/bugtraq/2002-06/0058.html