Monthly Archive: April 2003

Buffer overflow in the administration service (CSAdmin) for Cisco Secure ACS before 3.1.2 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long user parameter to port...

gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attackers to cause a denial of service (crash) via (1) link or (2) title elements that contain multiple lines. Date published : 2003-04-26 http://marc.info/?l=bugtraq&m=105111327000755&w=2 http://www.debian.org/security/2003/dsa-294

gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the ticker title of a URI. Date published : 2003-04-26 http://marc.info/?l=bugtraq&m=105111327000755&w=2 http://www.debian.org/security/2003/dsa-294

Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check the Cascading Style Sheet input parameter for Modal dialogs, which allows remote attackers to read files on the local system via a web...

The file upload control in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to automatically upload files from the local system via a web page containing a script to upload the files....

Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to execute arbitrary code via an HTTP response containing long values in (1) Content-type and (2) Content-encoding fields. Date...

Buffer overflow in Windows Kernel allows local users to gain privileges by causing certain error messages to be passed to a debugger. Date published : 2003-04-26 http://www.securityfocus.com/bid/7370 http://www.kb.cert.org/vuls/id/446338

Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial of service (memory consumption) via a large number of rejected connections. Date published : 2003-04-16 http://marc.info/?l=bugtraq&m=105068673220605&w=2 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000782

Integer overflow in the TCP stream reassembly module (stream4) for Snort 2.0 and earlier allows remote attackers to execute arbitrary code via large sequence numbers in packets, which enable a heap-based buffer overflow. Date...

Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user tracking capability allows remote attackers to insert arbitrary Javascript via the clickTAG field. Date published : 2003-04-15 http://marc.info/?l=bugtraq&m=105033712615013&w=2 http://www.macromedia.com/support/flash/ts/documents/clicktag_security.htm

ps2epsi creates insecure temporary files when calling ghostscript, which allows local attackers to overwrite arbitrary files. Date published : 2003-04-15 http://www.debian.org/security/2003/dsa-286

KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execute arbitrary commands via (1) PostScript (PS) or (2) PDF files, related to missing -dPARANOIDSAFER and -dSAFER arguments when using the kghostview...

Buffer overflow in the call_trans2open function in trans2.c for Samba 2.2.x before 2.2.8a, 2.0.10 and earlier 2.0.x versions, and Samba-TNG before 0.3.2, allows remote attackers to execute arbitrary code. Date published : 2003-04-15 http://www.securityfocus.com/bid/7294...

Mac OS X before 10.2.5 allows guest users to modify the permissions of the DropBox folder and read unauthorized files. Date published : 2003-04-15 http://lists.apple.com/mhonarc/security-announce/msg00028.html