28.02.2003 Detailed

6! ISMAIL buffer overflow   Buffer overflow in SMTP MAIL FROM: and RCPT TO: 6! Microsoft Window ME Help Center buffer overflow updated since 27.02.2003   Buffer overflow during hcp:// URL processing. 6! Buffer overflow in Mandrake printer drivers updated since 22.01.2003   Buffer overflows in different drivers.

CGI bugs updated since 25.02.2003

tcpdump ISAKMP DoS   Endless loop on malcrafted ISAKMP packet (UDP/500).

27.02.2003 Detailed

amx_mod format string bug   Format string bug in amx_say.

Battlefield 1942 DoS   By sending a specially crafted packet to the bf1942-server remote administration port, an attacker can cause the server to crash.

26.02.2003 Detailed

6! Multiple glftpd bugs   Directory traversal in messaging system, archive extraction, effective uid problem.   VERITAS Bare Metal Restore privelege escalation         Information leakage via key file duplication during nCipher import   generatekey utility creates temporary PEM file and fails to delete it.

Directory traversal in multiple FTP servers updated since 01.03.2001   It's possible to leave outside FTP root.

Clarkconnect information leakage   On the port TCP/10005 system information is leaked without authorization.

25.02.2003 Detailed

6! Multiple terminal emulators problems   By inserting secape sequences into terminal session (via log files, e-mail, etc) it's possible to force client into performing a set of operation, like sending control command to server, create a file, etc. 6! Multiple webmin bugs   Crossite scripting, session cookie hijacking. 6! Multiple bugs in Webmin/Usermin updated since 10.05.2002   Crossite scripting, session ID spoofing.

sircd buffer overflow   Buffer overflow on DNS resolution, default operator account of *!*@*

24.02.2003 Detailed

6! zlib gzprintf() buffer overflow   Buffer overflow if resulting string exceeds 4K buffer.   CGI bugs updated since 18.02.2003         Telindus weak password encryption updated since 30.12.2002   During configuration trnsmition password is sent on wire in weak encryption.

eject file information leakage   File existance in non-readable directory may be checked.

eSafe gateway and Check Point FW-1 protection bypass updated since 07.02.2003   Archives packed with lates RA version are not checked.

22.02.2003 Detailed

7! Launichng programs via OBJECT tag and scripting via cookies in Microsoft Internet Explorer updated since 17.01.2002   It's possible to launch any installed application using OBJECT tag 6! Multiple products SIP protocol implementation vulnerabilities   Multiple vulnerabilities in multiple products of multiple vendors.   Apache descriptor leakage   Few descriptors, including descriptor to log file are leaked on CGI application execution.

21.02.2003 Detailed

Red Hat shadow utils unauthorized mail access   User's mailbox created with adduser has rw permissions for primary group.   login_ldap unauthorized access   It's possible to obtain system acccess via anonymous LDAP access.

20.02.2003 Detailed

8! Symantec Norton Antivirus bufffer overflow   Buffer overflow on oversized filename inside archive.   Multiple game servers DDoS attacks updated since 22.01.2003   Large UDP response is sent in reply to short request withous session setup.

19.02.2003 Detailed

Apache mod_dav format string bug updated since 18.02.2003   ap_log_rerror() format string bug.

18.02.2003 Detailed

9! Multiple serious bugs in Lotus Domino updated since 18.02.2003   Bugs in server and client components, including remote buffer overflows. 7! PHP CGI unauthorized access   --enable-force-cgi-redirect option doesn't work. It allows remote file access and custom PHP code execution.   Netcharts XBRL Server information leakage   Information leakage from process memory on chunked encoding.

17.02.2003 Detailed

9! Real Server buffer overflow   Buffer overflow on RSTP protocol processing.

15.02.2003 Detailed

6! MacOS X TruBlueEnvironment privelege escalation   File in the user specified path is created.   CGI bugs updated since 11.02.2003

14.02.2003 Detailed

Lotus Domino Source code disclosue   Additional dot in URL allows page source code access.   HP-UX disable buffer overflow   Buffer overflow in -r option.   Abyss password bruteforcing   Unlimited number of password attempt on 9999 port with no logging.

12.02.2003 Detailed

CGI::Lite protection bypass   Not all dangerous shell characters are filtered by CGI::Lite::escape_dangerous_chars()   /search/index.cfm crossite scripting   /search/index.cfm allows insert HTML tags via search paramter.

11.02.2003 Detailed

w3m crossite scripting         NetGear wireless router unauthorized access   Web interface allows access to configuration file.   CryptoBuddy weak encryption   Multiple problems in cryptoalgorythms implementation.

nod32 buffer overflow   Buffer overflow on oversized path.

Microsoft Windows NT cmd.exe buffer overflow   Buffer overflow (Windows NT) or batch failure (Windows 2000) on oversized paths.

Far manager buffer overflow   Buffer overflow on oversized directory path.

eggdrop IRCBot proxy   Bot may be used as a proxy to any service.

08.02.2003 Detailed

6! HP-UX wall buffer overflow   Oversized message text causes buffer to overflow. 6! Multiple bugs in Unreal engine   It's possble to use game servers for DDoS, game session spoofing, integer type overflows, unreal:// URL handling problems. 6! Windows Maker buffer overflow   Buffer overflow on graphics processing.

Weak pkzip encryption   Weak PRNG open possibility for recovering encrypted text with known plain text attack with minimal amount of known text.

CGI bugs updated since 03.02.2003

01.02.2003 Detailed

6! Apache Tomcat multiple bugs   Multiple vulnerability allow directory browsing and source code disclosure.   Sygate personal firewall protection bypass   It's possible to access any listening UDP port.   3Ware 3DM DoS   Multiple bugs during valid requests proceeding.

Multiple bugs in Apache Tomcat updated since 31.05.2002   It's possible to obtain physical path and directory listing.

Weak password encryption in memory for multiple SSH2 clients updated since 30.01.2003   User's password stays in memory uinecnrypted.