Monthly Archive: April 2003

Instant Web Mail before 0.60 does not properly filter CR/LF sequences, which allows remote attackers to (1) execute arbitrary POP commands via the id parameter in message.php, or (2) modify certain mail message headers...

Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote attackers to execute arbitrary code via shell metacharacters in the host parameter. Date published : 2003-04-02 http://www.securityfocus.com/bid/4332 http://www.securityfocus.com/archive/1/263285

move_uploaded_file in PHP does not does not check for the base directory (open_basedir), which could allow remote attackers to upload files to unintended locations on the system. Date published : 2003-04-02 http://www.securityfocus.com/bid/4325 http://online.securityfocus.com/archive/1/262999

db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attackers to execute arbitrary code from remote servers via the phpbb_root_path parameter. Date published : 2003-04-02 http://www.securityfocus.com/bid/4380 http://archives.neohapsis.com/archives/bugtraq/2002-03/0221.html

Directory traversal vulnerability in Hosting Controller 1.4.1 and earlier allows remote attackers to read and modify arbitrary files and directories via a .. (dot dot) in arguments to (1) file_editor.asp, (2) folderactions.asp, or (3)...

home.php in ARSC (Really Simple Chat) 1.0.1 and earlier allows remote attackers to determine the full pathname of the web server via an invalid language in the arsc_language parameter, which leaks the pathname in...

bigsam_guestbook.php for Big Sam (Built-In Guestbook Stand-Alone Module) 1.1.08 and earlier allows remote attackers to cause a denial of service (CPU consumption) or obtain the absolute path of the web server via a displayBegin...

Qpopper (aka in.qpopper or popper) 4.0.3 and earlier allows remote attackers to cause a denial of service (CPU consumption) via a very large string, which causes an infinite loop. Date published : 2003-04-02 http://www.securityfocus.com/bid/4295...

filemanager_forms.php in PHProjekt 3.1 and 3.1a allows remote attackers to execute arbitrary PHP code by specifying the URL to the code in the lib_path parameter. Date published : 2003-04-02 http://www.securityfocus.com/bid/4284 http://www.securityfocus.com/archive/1/261676

Buffer overflow in dlvr_audit for Caldera OpenServer 5.0.5 and 5.0.6 allows local users to gain root privileges. Date published : 2003-04-02 http://www.securityfocus.com/bid/4273 ftp://stage.caldera.com/pub/security/openserver/CSSA-2002-SCO.8/CSSA-2002-SCO.8.txt

Directory traversal vulnerability in imlist.php for Php Imglist allows remote attackers to read arbitrary code via a .. (dot dot) in the cwd parameter. Date published : 2003-04-02 http://www.securityfocus.com/bid/4276 http://www.securityfocus.com/archive/1/261221

Smsd in SMS Server Tools (SMStools) before 1.4.8 allows remote attackers to execute arbitrary commands via shell metacharacters (backquotes) in message text, as described with the term "string format vulnerability" by some sources. Date...

Race condition in the recursive (1) directory deletion and (2) directory move in GNU File Utilities (fileutils) 4.1 and earlier allows local users to delete directories as the user running fileutils by moving a...

XTux allows remote attackers to cause a denial of service (CPU consumption) via random inputs in the initial connection. Date published : 2003-04-02 http://www.securityfocus.com/bid/4260 http://online.securityfocus.com/archive/1/260912