Monthly Archive: April 2003

Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HORDE 1.2.7 allows remote attackers to execute arbitrary web script and steal cookies of other IMP/HORDE users via the script parameter. Date published : 2003-04-02...

uudecode, as available in the sharutils package before 4.2.1, does not check whether the filename of the uudecoded file is a pipe or symbolic link, which could allow attackers to overwrite files or execute...

nsd on SGI IRIX before 6.5.11 allows local users to overwrite arbitrary files and gain root privileges via a symlink attack on the nsd.dump file. Date published : 2003-04-02 http://www.securityfocus.com/bid/4655 ftp://patches.sgi.com/support/free/security/advisories/20020501-01-I

Buffer overflow in cpr for the eoe.sw.cpr SGI Checkpoint-Restart Software package on SGI IRIX 6.5.10 and earlier may allow local users to gain root privileges. Date published : 2003-04-02 http://www.securityfocus.com/bid/4644 http://www.osvdb.org/5359

/dev/ipfilter on SGI IRIX 6.5 is installed by /dev/MAKEDEV with insecure default permissions (644), which could allow a local user to cause a denial of service (traffic disruption). Date published : 2003-04-02 http://www.securityfocus.com/bid/4648 http://www.kb.cert.org/vuls/id/770891

IRISconsole 2.0 may allow users to log into the icadmin account with an incorrect password in some circumstances, which could allow users to gain privileges. Date published : 2003-04-02 http://www.securityfocus.com/bid/4588 http://www.kb.cert.org/vuls/id/498707

Zope 2.2.0 through 2.5.1 does not properly verify the access for objects with proxy roles, which could allow some users to access documents in violation of the intended configuration. Date published : 2003-04-02 http://www.securityfocus.com/bid/4229...

The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is installed with an insecure option enabled, which could allow users to overwrite files outside of the current directory from an untrusted...

Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 and 2.6 until March 12, 2002 distributions, allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via compressed...

Nautilus 1.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the .nautilus-metafile.xml metadata file. Date published : 2003-04-02 http://www.securityfocus.com/bid/4373 http://online.securityfocus.com/archive/1/270691/2002-04-29/2002-05-05/0

Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN Messenger 4.5 and 4.6, and Exchange Instant Messenger 4.5 and 4.6, allows remote attackers to execute arbitrary code via a long ResDLL...

Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 allows remote attackers to spoof the safety check for HTTP headers and cause a denial of service or execute arbitrary code via HTTP...

Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 and 5.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via long file names. Date published :...

Cross-site scripting vulnerability in Internet Information Server (IIS) 4.0, 5.0 and 5.1 allows remote attackers to execute arbitrary script as other users via an HTTP error page. Date published : 2003-04-02 http://www.securityfocus.com/bid/4486