Multiple buffer overflows in man-db 2.4.1 and earlier, when installed setuid, allow local users to gain privileges via (1) MANDATORY_MANPATH, MANPATH_MAP, and MANDB_MAP arguments to add_to_dirlist in manp.c, (2) a long pathname to ult_src...
Integer signedness error in the decode_fh function of nfs3xdr.c in Linux kernel before 2.4.21 allows remote attackers to cause a denial of service (kernel panic) via a negative size value within XDR data of...
Format string vulnerability in ePO service for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request with format strings in the computerlist parameter, which are...
Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm allows remote attackers to insert web script via a URL that is fed into the form’s action parameter. Date published : 2003-08-01 http://www.securityfocus.com/bid/8231 http://marc.info/?l=bugtraq&m=105880349328877&w=2
Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 through 1.3.4 allows remote attackers to insert arbitrary web script via the searchstring parameter. Date published : 2003-08-01 http://www.securityfocus.com/archive/1/330676 http://marc.info/?l=bugtraq&m=106252092421469&w=2
Multiple buffer overflows in xtokkaetama 1.0 allow local users to gain privileges via a long (1) -display command line argument or (2) XTOKKAETAMADIR environment variable. Date published : 2003-08-01 http://www.securityfocus.com/bid/8312 http://www.debian.org/security/2003/dsa-356
Directory traversal vulnerability in ePO agent for McAfee ePolicy Orchestrator 3.0 allows remote attackers to read arbitrary files via a certain HTTP request. Date published : 2003-08-01 http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp
Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris 2.6 through 9 allows local users to gain root privileges via a long LD_PRELOAD environment variable. Date published : 2003-08-01 http://marc.info/?l=bugtraq&m=105951760418667&w=2 http://www.idefense.com/advisory/07.29.03.txt
sup 1.8 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files. Date published : 2003-08-01 http://www.debian.org/security/2003/dsa-353
Heap-based buffer overflow in the name services daemon (nsd) in SGI IRIX 6.5.x through 6.5.21f, and possibly earlier versions, allows attackers to gain root privileges via the AUTH_UNIX gid list. Date published : 2003-08-01...
Off-by-one error in the fb_realpath() function, as derived from the realpath function in BSD, may allow attackers to execute arbitrary code, as demonstrated in wu-ftpd 2.5.0 through 2.6.2 via commands that cause pathnames of...
KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication credentials from URLs of the "user:password@host" form in the HTTP-Referer header, which could allow remote web sites to steal the credentials for pages...
Heap-based buffer overflow in ePO agent for McAfee ePolicy Orchestrator 2.0, 2.5, and 2.5.1 allows remote attackers to execute arbitrary code via a POST request containing long parameters. Date published : 2003-08-01 http://www.atstake.com/research/advisories/2003/a073103-1.txt http://www.nai.com/us/promos/mcafee/epo_vulnerabilities.asp
The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 through 3.0 allows attackers to execute arbitrary code via a series of steps that (1) obtain the database administrator username and encrypted password in...