Monthly Archive: September 2004

The web management server for Red-M 1050 (Bluetooth Access Point) does not use session-based credentials to authenticate users, which allows attackers to connect to the server from the same IP address as a user...

The TFTP server for Red-M 1050 (Bluetooth Access Point) can not be disabled and makes it easier for remote attackers to crack the administration password via brute force methods. Date published : 2004-09-01 http://www.atstake.com/research/advisories/2002/a060502-1.txt...

Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module for Sun ONE Application Server before 6.5 allows remote attackers to execute arbitrary code via a long HTTP request URL. Date published : 2004-09-01...

Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows remote attackers to execute arbitrary code. Date published : 2004-09-01 http://www.securityfocus.com/bid/5406 http://online.securityfocus.com/advisories/4358

Buffer overflow in tcpdump 3.6.2 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via an NFS packet. Date published : 2004-09-01 http://www.securityfocus.com/bid/4890 http://marc.info/?l=bugtraq&m=102339541014226&w=2

Buffer overflow in Apple QuickTime 5.0 ActiveX component allows remote attackers to execute arbitrary code via a long pluginspage field. Date published : 2004-09-01 http://www.atstake.com/research/advisories/2002/a091002-1.txt http://www.securityfocus.com/bid/5685

Buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows remote attackers to execute arbitrary code via a long AddExternalApp request and a TLV type greater than 0x2711. Date published : 2004-09-01 http://www.securityfocus.com/bid/4677...

Unknown vulnerability in rpc.passwd in the nfs.sw.nis subsystem of SGI IRIX 6.5.15 and earlier allows local users to gain root privileges. Date published : 2004-09-01 http://www.securityfocus.com/bid/4939 http://www.kb.cert.org/vuls/id/430419

Buffer overflow in Essentia Web Server 2.1 allows remote attackers to cause a denial of service, and possibly execute arbitrary code, via a long URL. Date published : 2004-09-01 http://www.securityfocus.com/bid/4159 http://marc.info/?l=bugtraq&m=101440530023617&w=2

Falcon web server 2.0.0.1020 and earlier allows remote attackers to bypass authentication and read restricted files via an extra / (slash) in the requested URL. Date published : 2004-09-01 http://www.securityfocus.com/bid/4099 http://marc.info/?l=bugtraq&m=101363946626951&w=2

Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back...

Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to execute arbitrary code via malformed Content-Disposition and Content-Type header fields that cause the application for the spoofed file type to pass the file back...

Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to gain root privileges via a long -co (color database) command line argument. Date published : 2004-09-01 http://www.securityfocus.com/bid/4408 http://marc.info/?l=bugtraq&m=101776858410652&w=2

Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allows local users to execute arbitrary code via a long display command line option. Date published : 2004-09-01 http://www.securityfocus.com/bid/4633 http://online.securityfocus.com/archive/1/270149