Monthly Archive: September 2003

Multiple heap-based buffer overflows in FTP Desktop client 3.5, and possibly earlier versions, allow remote malicious servers to execute arbitrary code via (1) a long FTP banner, (2) a long response to a USER...

The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allows remote attackers to execute arbitrary code via a MIDI file with a large "Track data size" value. Date published : 2003-09-12 http://marc.info/?l=bugtraq&m=106305643432112&w=2

Escapade Scripting Engine (ESP) allows remote attackers to obtain sensitive path information via a malformed request, which leaks the information in an error message, as demonstrated using the PAGE parameter. Date published : 2003-09-12...

Cross-site scripting (XSS) vulnerability in Escapade Scripting Engine (ESP) allows remote attackers to inject arbitrary script via the method parameter, as demonstrated using the PAGE parameter. Date published : 2003-09-12 http://marc.info/?l=bugtraq&m=106312344631197&w=2

Buffer overflow in (1) foxweb.dll and (2) foxweb.exe of Foxweb 2.5 allows remote attackers to execute arbitrary code via a long URL (PATH_INFO value). Date published : 2003-09-12 http://archives.neohapsis.com/archives/vulnwatch/2003-q3/0096.html

Buffer overflow in the get_msg_text of chan_sip.c in the Session Initiation Protocol (SIP) protocol implementation for Asterisk releases before August 15, 2003, allows remote attackers to execute arbitrary code via certain (1) MESSAGE or...

Blubster 2.5 allows remote attackers to cause a denial of service (crash) via a flood of connections to UDP port 701. Date published : 2003-09-12 http://www.securityfocus.com/bid/8482 http://www.securiteam.com/windowsntfocus/5RP0N15AUC.html

Integer signedness error in rfc2231_get_param from strings.c in PINE before 4.58 allows remote attackers to execute arbitrary code via an email that causes an out-of-bounds array access using a negative number. Date published :...

Buffer overflow in PINE before 4.58 allows remote attackers to execute arbitrary code via a malformed message/external-body MIME type. Date published : 2003-09-12 http://marc.info/?l=bugtraq&m=106322571805153&w=2 http://marc.info/?l=bugtraq&m=106329356702508&w=2

Heap-based buffer overflow in the Distributed Component Object Model (DCOM) interface in the RPCSS Service allows remote attackers to execute arbitrary code via a malformed DCERPC DCOM object activation request packet with modified length...

Unknown vulnerability in mah-jong 1.5.6 and earlier allows remote attackers to cause a denial of service (tight loop). Date published : 2003-09-12 http://www.debian.org/security/2003/dsa-378

Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers to execute arbitrary code. Date published : 2003-09-12 http://www.debian.org/security/2003/dsa-378

KisMAC before 0.05d trusts user-supplied variables when chown’ing files or directories, which allows local users to gain privileges via the $DRIVER_KEXT environment variable in (1) viha_driver.sh, (2) macjack_load.sh, (3) airojack_load.sh, (4) setuid_enable.sh, (5) setuid_disable.sh,...

KisMAC before 0.05d trusts user-supplied variables to load arbitrary kernels or kernel modules, which allows local users to gain privileges via the $DRIVER_KEXT environment variable as used in (1) viha_driver.sh, (2) macjack_load.sh, or (3)...