The administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows remote attackers to cause a denial of service (crash) via an HTTP request without a Content-Length parameter. Date published : 2004-09-01 http://www.securityfocus.com/bid/5930 http://archives.neohapsis.com/archives/bugtraq/2002-10/0137.html
The administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows users to obtain usernames and plaintext passwords via a request to the userlist.asp program, which includes the passwords in a user editing form....
Cross-site scripting (XSS) vulnerability in msgError.asp for the administrative web interface (STEMWADM) for SurfControl SuperScout Email Filter allows remote attackers to insert arbitrary script or HTML via the Reason parameter. Date published : 2004-09-01...
MsmMask.exe in MondoSearch 4.4 allows remote attackers to obtain the source code of scripts via the mask parameter. Date published : 2004-09-01 http://www.securityfocus.com/bid/5941 http://archives.neohapsis.com/archives/bugtraq/2002-10/0147.html
Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) allows remote attackers to execute arbitrary code via a skin file (.wal) with a long include file tag. Date published : 2004-09-01 http://www.securityfocus.com/bid/5832...
Web Server 4D (WS4D) 3.6 stores passwords in plaintext in the Ws4d.4DD file, which allows attackers to gain privileges. Date published : 2004-09-01 http://www.securityfocus.com/bid/5803 http://archives.neohapsis.com/archives/vulnwatch/2002-q3/0128.html
The CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, does not properly close the SSH connection when a -N option is provided during authentication, which allows remote attackers to...
Format string vulnerability in the CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and RSSA Appliance 3.0.2, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format...
mv in IRIX 6.5 creates a directory with world-writable permissions while moving a directory, which could allow local users to modify files and directories. Date published : 2004-09-01 http://www.securityfocus.com/bid/5893 http://www.ciac.org/ciac/bulletins/n-004.shtml
fsr_efs in IRIX 6.5 allows local users to conduct unauthorized file activities via a symlink attack, possibly via the .fsrlast file. Date published : 2004-09-01 http://www.securityfocus.com/bid/5897 http://www.ciac.org/ciac/bulletins/n-004.shtml
rpcbind in SGI IRIX, when using the -w command line switch, allows local users to overwrite arbitrary files via a symlink attack. Date published : 2004-09-01 http://www.securityfocus.com/bid/5889 http://www.ciac.org/ciac/bulletins/n-004.shtml
gds_lock_mgr in Borland InterBase allows local users to overwrite files and gain privileges via a symlink attack on a "isc_init1.X" temporary file, as demonstrated by modifying the xinetdbd file. Date published : 2004-09-01 http://www.securityfocus.com/bid/5805...
The UCX POP server in HP TCP/IP services for OpenVMS 4.2 through 5.3 allows local users to truncate arbitrary files via the -logfile command line option, which overrides file system permissions because the server...
The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() function instead of srand(), which causes vncserver to generate weak cookies. Date published : 2004-09-01 http://www.securityfocus.com/bid/6905 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000640