HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a denial of service (crash) via an SNMP write request containing 85 characters, possibly triggering a buffer overflow. Date published : 2003-03-18 http://www.securityfocus.com/bid/5336 http://archives.neohapsis.com/archives/bugtraq/2002-07/0338.html
tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read arbitrary files via an absolute pathname in the file parameter. Date published : 2003-03-18 http://www.securityfocus.com/bid/5501 http://online.securityfocus.com/archive/1/288042
admbrowse.php in FUDforum before 2.2.0 allows remote attackers to create or delete files via URL-encoded pathnames in the cur and dest parameters. Date published : 2003-03-18 http://www.securityfocus.com/bid/5502 http://online.securityfocus.com/archive/1/288042
SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote attackers to perform unauthorized database operations via (1) report.php, (2) selmsg.php, and (3) showposts.php. Date published : 2003-03-18 http://www.securityfocus.com/bid/5500 http://online.securityfocus.com/archive/1/288042
The POP3 service for WebEasyMail 3.4.2.2 and earlier generates diffferent error messages for valid and invalid usernames during authentication, which makes it easier for remote attackers to conduct brute force attacks. Date published :...
Format string vulnerability in SMTP service for WebEasyMail 3.4.2.2 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format strings in SMTP requests. Date published...
Directory traversal vulnerability in update.dpgs in Duma Photo Gallery System (DPGS) 0.99.4 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the id parameter. Date published : 2003-03-18 http://www.securityfocus.com/bid/5081 http://archives.neohapsis.com/archives/bugtraq/2002-06/0265.html
Easy Guestbook CGI programs do not authenticate the administrator, which allows remote attackers to (1) delete entries via direct access of admin.cgi, or (2) reconfigure Guestbook via direct access of config.cgi. Date published :...
ptrace on HP-UX 11.00 through 11.11 allows local users to cause a denial of service (data page fault panic) via "an incorrect reference to thread register state." Date published : 2003-03-18 http://www.securityfocus.com/bid/5425 http://archives.neohapsis.com/archives/hp/2002-q3/0041.html
Unknown vulnerability or vulnerabilities in HP OpenView EMANATE 14.2 snmpModules allow the SNMP read-write community name to be exposed, related to (1) "’read-only’ community access," and/or (2) an easily guessable community name. Date published...
Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown impact, related to "Unexpected behavior." Date published : 2003-03-18 http://www.securityfocus.com/bid/5454 http://archives.neohapsis.com/archives/hp/2002-q3/0049.html
Format string vulnerability in McAfee Security ePolicy Orchestrator (ePO) 2.5.1 allows remote attackers to execute arbitrary code via an HTTP GET request with a URI containing format strings. Date published : 2003-03-18 http://www.atstake.com/research/advisories/2003/a031703-1.txt http://www.securityfocus.com/bid/7111
OpenSSL does not use RSA blinding by default, which allows local and remote attackers to obtain the server’s private key by determining factors using timing differences on (1) the number of extra reductions during...
Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly other versions, may allow remote attackers to cause a denial of service or execute arbitrary code via "maths overflow errors" such as (1) integer signedness...