Monthly Archive: July 2005

Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3)

Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an...

The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP)...

The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example...

Unknown vulnerability in Java web start 1.0.1_01, 1.0.1, 1.0 and 1.0.1.01 (HP-UX 11.x only) allows attackers to gain access to restricted resources via unknown attack vectors. Date published : 2005-07-14 http://www.securityfocus.com/bid/4310 http://archives.neohapsis.com/archives/hp/2002-q1/0084.html

portmapper in Compaq Tru64 4.0G and 5.0A allows remote attackers to cause a denial of service via a flood of packets. Date published : 2005-07-14 http://ftp.support.compaq.com/patches/.new/html/SSRT-541.shtml

ypbind in Compaq Tru64 4.0F, 4.0G, 5.0A, 5.1 and 5.1A allows remote attackers to cause the process to core dump via certain network packets generated by nmap. Date published : 2005-07-14 http://ftp.support.compaq.com/patches/.new/html/SSRT-541.shtml

Buffer overflow in libc in Compaq Tru64 4.0F, 5.0, 5.1 and 5.1A allows attackers to execute arbitrary code via long (1) LANG and (2) LOCPATH environment variables. Date published : 2005-07-14 http://www.securityfocus.com/bid/4544 http://cert.uni-stuttgart.de/archive/bugtraq/2002/04/msg00219.html

jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. Date published : 2005-07-14 http://www.securityfocus.com/bid/3940 http://www.mandriva.com/security/advisories?name=MDKSA-2002:008

ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly use process privileges, which allows attackers to access data. Date published : 2005-07-14 http://www.securityfocus.com/bid/4184 http://ftp.support.compaq.com/patches/.new/html/SSRT0813.shtml

HP Praesidium Webproxy 1.0 running on HP-UX 11.04 VVOS could allow remote attackers to cause Webproxy to forward requests to the internal network via crafted HTTP requests. Date published : 2005-07-14 http://www.securityfocus.com/bid/4342 http://www.ciac.org/ciac/bulletins/m-061.shtml

Buffer overflow in rpc.cmsd in SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows remote attackers to execute arbitrary commands via a long parameter to rtable_create (procedure 21). Date published : 2005-07-14 http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-01/0129.html http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2002-01/0127.html

ZoneAlarm Pro 3.0 MailSafe allows remote attackers to bypass filtering and possibly execute arbitrary code via email attachments containing a trailing dot after the file extension. Date published : 2005-07-14 http://www.securityfocus.com/bid/4407 http://www.securityfocus.com/archive/1/265387

Cross-site scripting (XSS) vulnerability in PostNuke 0.71 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) name parameter in modules.php and (2) catid parameter in index.php. Date published...