LocalWEB2000 2.1.0 web server allows remote attackers to bypass access restrictions for restricted files via a URL that contains the "/./" directory. Date published : 2003-04-02 http://www.securityfocus.com/bid/4820 http://online.securityfocus.com/archive/1/274020
The default configuration of NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to determine the path of the web root via a direct request to com.newatlanta.servletexec.JSP10Servlet without a filename, which leaks the pathname in an...
The web interface (WebUI) of NetScreen ScreenOS before 2.6.1r8, and certain 2.8.x and 3.0.x versions before 3.0.3r1, allows remote attackers to cause a denial of service (crash) via a long user name. Date published...
Buffer overflow in Qpopper (popper) 4.0.4 and earlier allows local users to cause a denial of service and possibly execute arbitrary code via a long bulldir argument in the user’s .qpopper-options configuration file. Date...
scoadmin for Caldera/SCO OpenServer 5.0.5 and 5.0.6 allows local users to overwrite arbitrary files via a symlink attack on temporary files, as demonstrated using log files. Date published : 2003-04-02 http://www.securityfocus.com/bid/4875 http://marc.info/?l=bugtraq&m=99057164129869&w=2
Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivileged users to obtain the names of files whose access is restricted to the root group. Date published : 2003-04-02 http://www.securityfocus.com/bid/5487 http://www.debian.org/security/2002/dsa-154
Vulnerability in l2tpd 0.67 allows remote attackers to overwrite the vendor field via a long value in an attribute/value pair, possibly via a buffer overflow. Date published : 2003-04-02 http://www.debian.org/security/2002/dsa-152
l2tpd 0.67 does not initialize the random number generator, which allows remote attackers to hijack sessions. Date published : 2003-04-02 http://www.securityfocus.com/bid/5451
xinetd 2.3.4 leaks file descriptors for the signal pipe to services that are launched by xinetd, which could allow those services to cause a denial of service via the pipe. Date published : 2003-04-02...
The LoadText method in the spreadsheet component in Microsoft Office Web Components (OWC) 2000 and 2002 allows remote attackers to read arbitrary files through Internet Explorer via a URL that redirects to the target...
Buffer overflow in the OpenDataSource function of the Jet engine on Microsoft SQL Server 2000 allows remote attackers to execute arbitrary code. Date published : 2003-04-02 http://www.securityfocus.com/bid/5057 http://marc.info/?l=bugtraq&m=102450188620081&w=2
SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote attackers to cause a denial of service (crash) via certain debug requests that are not properly handled by the debugging feature. Date published...
Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a packet with a zero-length payload. Date published : 2003-04-02 http://www.securityfocus.com/bid/5440 http://www.kb.cert.org/vuls/id/287771
Format string vulnerability in ISDN Point to Point Protocol (PPP) daemon (ipppd) in the ISDN4Linux (i4l) package allows local users to gain root privileges via format strings in the device name command line argument,...