7023 matches found
ION Script 1.4 - Remote File Disclosure
source: https://www.securityfocus.com/bid/6091/info A vulnerability has been discovered in ION Script. By sending a malicious HTTP request to a webserver running the vulnerable ION Script package, it is possible for a remote attacker to disclose arbitrary webserver readable files. As webservers a...
Microsoft Internet Explorer 5/6 - Unauthorized Document Object Model Access
source: https://www.securityfocus.com/bid/5963/info Microsoft Internet Explorer MSIE is prone to a vulnerability that may enable a frame or iframe to gain unauthorized access to the Document Object Model DOM of other frames/iframes in a different domain. This is possible because MSIE does not...
phpLinkat 0.1 - Multiple Cross-Site Scripting Vulnerabilities
phpLinkat 0.1 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/5890/info Reportedly, phpLinkat is prone to cross site scripting attacks. An attacker may exploit this vulnerability by enticing a victim user to follow a malicious link containing HTML and...
iDEFENSE Security Advisory 10.03.2002: Apache 1.3.x shared memory scoreboard vulnerabilities
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 iDEFENSE Security Advisory 10.03.2002 Apache 1.3.x shared memory scoreboard vulnerabilities 16:00 GMT, October 3, 2002 I. BACKGROUND The Apache Software Foundation's HTTP Server is an effort to develop and maintain an open-source HTTP server for moder...
[SECURITY] [DSA-136-3] Multiple OpenSSL problems (update)
Package : openssl094 Problem type : multiple remote exploits Debian-specific: no CVE : CAN-2002-0655 CAN-2002-0656 CAN-2002-0657 CAN-2002-0659 There was an error in the original openssl094 packages, resulting in an incomplete fix. This error has been corrected in 0.9.4-6.potato.2 and...
DSA-136-3 openssl - multiple remote exploits
Bulletin has no description...
[SECURITY] [DSA-136-2] Multiple OpenSSL problems (update)
Package : openssl094, openssl095, openssl Problem type : multiple remote exploits Debian-specific: no CVE : CAN-2002-0655 CAN-2002-0656 CAN-2002-0657 CAN-2002-0659 Note: this advisory is an update to DSA-136-1, issued 30 Jul 2002. It includes ASN1 updates in the woody packages, plus the potato...
DSA-136-2 openssl - multiple remote exploits
Bulletin has no description...
Buffer overflow in afd
Buffer overflow on long path in suid utils...
Happy Labor Day from Snosoft
For your reading pleasure I have attached some of the communication between myself and CERT regarding the issues recently released at: ftp://ftp1.support.compaq.com/public/unix/v5.1/T64V51B19-C0136901-15143-ES-20020817.txt We are in the process of making our formal advisories out of these...
More Vulnerabilities with Pingtel xpressa SIP-based IP phones
The Sys-Security Group Security Advisory "More Vulnerabilities with Pingtel xpressa SIP-based IP Phones" Release Date: 08/20/2002 Affected Platforms: Pingtel xpressa SIP IP phones model PX-1 with software version 2.0.1 and below; Pingtel instant xpressa softphones with software version 2.0.1 and...
CVE-2002-0770
Quake 2 Q2 server 3.20 and 3.21 allows remote attackers to obtain sensitive server cvar variables, obtain directory listings, and execute Q2 server admin commands via a client that does not expand "$" macros, which causes the server to expand the macros and leak the information, as demonstrated...
CVE-2002-0429
The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 and earlier on x86 systems allow local users to kill arbitrary processes via a a binary compatibility interface lcall...
CVE-2002-0805
Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, 1 creates new directories with world-writable permissions, and 2 creates the params file with world-writable permissions, which allows local users to modify the files and execute code...
[SECURITY] [DSA-136-1] Multiple OpenSSL problems
Package : openssl Problem type : multiple remote exploits Debian-specific: no CVE : CAN-2002-0655 CAN-2002-0656 CAN-2002-0657 CAN-2002-0659 The OpenSSL development team has announced that a security audit by A.L. Digital Ltd and The Bunker, under the DARPA CHATS program, has revealed remotely...
DSA-136-1 openssl - multiple remote exploits
Bulletin has no description...
DSA-136 openssl - multiple remote exploits
Bulletin has no description...
AOL Instant Messenger 4.x - Unauthorized Actions
AOL Instant Messenger 4.x - Unauthorized Actions source: https://www.securityfocus.com/bid/5246/info The AOL Instant Messenger client is prone to an issue which may allow maliciously crafted HTML to perform unauthorized actions such as adding entries to the buddy list on behalf of the user of a...
DLA-25-06-2002.txt
Digit-Labs Security Advisory http://www.digit-labs.org/ Advisory Name: IIS Administration Web Site redirect exploits Release Date: 25.June-2002 Application: Microsoft Internet Information Server 5.0 Platform: Windows 2000 Professional Severity: Low/Medium Authors: GoLLuM.no...
CVE-2002-0456
CVE-2002-0456 affects Eudora 5.1 and earlier. The issue arises because attachments are stored in a directory with a fixed name, which could enable attackers to exploit vulnerabilities in other software that rely on installing/reading files from directories with known pathnames. The provided docum...