Monthly Archive: May 2003

iisPROTECT 2.1 and 2.2 allows remote attackers to bypass authentication via an HTTP request containing URL-encoded characters. Date published : 2003-05-23 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=25

The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier versions, modifies the first two letters of a filename extension after performing a security check, which allows remote attackers to bypass authentication via...

SQL injection vulnerability in ttForum allows remote attackers to execute arbitrary SQL and gain ttForum Administrator privileges via the Ignorelist-Textfield argument in the Preferences page. Date published : 2003-05-22 http://marc.info/?l=bugtraq&m=105345273210334&w=2

Buffer overflow in unknown versions of Maelstrom allows local users to execute arbitrary code via a long -player command line argument. Date published : 2003-05-22 http://marc.info/?l=bugtraq&m=105344891005369&w=2 http://www.securitytracker.com/id?1008832

CesarFTP 0.99g stores user names and passwords in plaintext in the settings.ini file, which could allow local users to gain privileges. Date published : 2003-05-22 http://marc.info/?l=bugtraq&m=105344578100315&w=2 http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0074.html

EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later versions, allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via a CTCP request from a large...

Integer overflow in parse_decode_path() of slocate may allow attackers to execute arbitrary code via a LOCATE_PATH with a large number of ":" (colon) characters, whose count is used in a call to malloc. Date...

Buffer overflow in Maelstrom 3.0.6, 3.0.5, and earlier allows local users to execute arbitrary code via a long -server command line argument. Date published : 2003-05-22 http://marc.info/?l=bugtraq&m=105337792703887&w=2 http://marc.info/?l=bugtraq&m=105344501331344&w=2

Buffer overflows in EPIC IRC Client (EPIC4) 1.0.1 allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via long replies that are not properly handled by...

Multiple buffer overflows in ircII 20020912 allows remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via responses that are not properly fed to the my_strcat function...

Integer overflow in BitchX IRC client 1.0-0c19 and earlier allows remote malicious IRC servers to cause a denial of service (crash). Date published : 2003-05-22 http://www.debian.org/security/2003/dsa-306 http://security.debian.org/pool/updates/main/i/ircii-pana/ircii-pana_1.0-0c16-2.1.diff.gz

Multiple buffer overflows in BitchX IRC client 1.0-0c19 and earlier allow remote malicious IRC servers to cause a denial of service (crash) and possibly execute arbitrary code via long hostnames, nicknames, or channel names,...

header.php in ttCMS 2.3 and earlier allows remote attackers to inject arbitrary PHP code by setting the ttcms_user_admin parameter to "1" and modifying the admin_root parameter to point to a URL that contains a...

Buffer overflow in the IMAP server (IMAPMax) for SmartMax MailMax 5.0.10.8 and earlier allows remote authenticated users to execute arbitrary code via a long SELECT command. Date published : 2003-05-22 http://marc.info/?l=bugtraq&m=105319299407291&w=2 http://archives.neohapsis.com/archives/vulnwatch/2003-q2/0072.html