Monthly Archive: April 2003

Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to determine the existence of files on the client system via a LINK element in a Cascading Style Sheet (CSS) page that causes...

ColdFusion 5.0 and earlier on Windows systems allows remote attackers to determine the absolute pathname of .cfm or .dbm files via an HTTP request that contains an MS-DOS device name such as NUL, which...

Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Kerberos/AFS support and KerberosTgtPassing or AFSTokenPassing enabled, allows remote and local authenticated users to gain privileges. Date published : 2003-04-02 http://www.securityfocus.com/bid/4560 http://online.securityfocus.com/archive/1/268718

Memory leak in FreeBSD 4.5 and earlier allows remote attackers to cause a denial of service (memory exhaustion) via ICMP echo packets that trigger a bug in ip_output() in which the reference count for...

Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solaris 2.5.1 through 8 allows remote attackers to execute arbitrary code via format strings in a message that is not properly provided to the syslog...

Oracle Oracle9i database server 9.0.1.x allows local users to access restricted data via a SQL query using ANSI outer join syntax. Date published : 2003-04-02 http://www.securityfocus.com/bid/4523 http://archives.neohapsis.com/archives/bugtraq/2002-04/0175.html

Oracle 9i Application Server allows remote attackers to bypass access restrictions for configuration files via a direct request to the XSQL Servlet (XSQLServlet). Date published : 2003-04-02 http://www.securityfocus.com/bid/4298 http://marc.info/?l=bugtraq&m=101301813117562&w=2

Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) allows remote attackers to bypass authentication and execute arbitrary functions by using the TNS Listener to directly connect to the EXTPROC process. Date...

Cross-site scripting vulnerability in SunShop 2.5 and earlier allows remote attackers to gain administrative privileges to SunShop by injecting the script into fields during new customer registration. Date published : 2003-04-02 http://www.securityfocus.com/bid/4506 http://archives.neohapsis.com/archives/bugtraq/2002-04/0154.html

Cisco Aironet before 11.21 with Telnet enabled allows remote attackers to cause a denial of service (reboot) via a series of login attempts with invalid usernames and passwords. Date published : 2003-04-02 http://www.securityfocus.com/bid/4461 http://www.cisco.com/warp/public/707/Aironet-Telnet.shtml

Directory traversal vulnerability in Aprelium Abyss Web Server (abyssws) before 1.0.0.2 allows remote attackers to read files outside the web root, including the abyss.conf file, via URL-encoded .. (dot dot) sequences in the HTTP...

mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls...

Demarc PureSecure 1.05 allows remote attackers to gain administrative privileges via a SQL injection attack in a session ID that is stored in the s_key cookie. Date published : 2003-04-02 http://www.securityfocus.com/bid/4520 http://archives.neohapsis.com/archives/bugtraq/2002-04/0168.html

FTP proxy in Symantec Raptor Firewall 6.5.3 and Enterprise 7.0 rewrites an FTP server’s "FTP PORT" responses in a way that allows remote attackers to redirect FTP data connections to arbitrary ports, a variant...