Monthly Archive: July 2003

The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attackers to cause a denial of service (crash), and local attackers to use the DoS to hijack the epmapper pipe to gain...

Windows Media Player (WMP) 7 and 8, as running on Internet Explorer and possibly other Microsoft products that process HTML, allows remote attackers to bypass zone restrictions and access or execute arbitrary files via...

Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier versions allows local users to overwrite arbitrary files via a symlink attack on temporary files that are created in directories with group-writable or world-writable permissions....

Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x before 2.16.3 and 2.17.x before 2.17.4 allow remote attackers to insert arbitrary HTML or web script via (1) multiple default German and Russian HTML templates or...

Cisco IOS 12.2 and earlier generates a "% Login invalid" message instead of prompting for a password when an invalid username is provided, which allows remote attackers to identify valid usernames on the system...

The web server for Cisco Aironet AP1x00 Series Wireless devices running certain versions of IOS 12.2 allow remote attackers to cause a denial of service (reload) via a malformed URL. Date published : 2003-07-29...

Unknown vulnerability in the Virtual File System (VFS) capability for phpGroupWare 0.9.16preRC and versions before 0.9.14.004 with unknown implications, related to the VFS path being under the web document root. Date published : 2003-07-25...

Unknown vulnerability in display of Merge before 5.3.23a in UnixWare 7.1.x allows local users to gain root privileges. Date published : 2003-07-25 http://marc.info/?l=bugtraq&m=105889063714201&w=2

FDclone 2.00a, and other versions before 2.02a, creates temporary directories with predictable names and uses them if they already exist, which allows local users to read or modify files of other fdclone users by...

Buffer overflow in WiTango Application Server and Tango 2000 allows remote attackers to execute arbitrary code via a long cookie to Witango_UserReference. Date published : 2003-07-25 http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0038.html

X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a (1) FS_QueryXExtents8 or (2) FS_QueryXBitmaps8 packet, and possibly other types of...

Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause a denial of service (traffic block) by sending a particular sequence of IPv4 packets to an interface on the device, causing the...

Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 and 6.0 allows remote attackers to cause a denial of service (ABEND) via a long input string. Date published : 2003-07-25 http://marc.info/?l=bugtraq&m=105897724931665&w=2 http://marc.info/?l=bugtraq&m=105897561229347&w=2

Linux 2.4.x allows remote attackers to spoof the bridge Forwarding table via forged packets whose source addresses are the same as the target. Date published : 2003-07-25 http://www.debian.org/security/2004/dsa-358 http://www.debian.org/security/2004/dsa-423