Search:Vulnerability:03.05.2002 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Multiple local bugs in Lotus Domino
Published: 03.05.2002
Source: SECURITEAM
SecurityVulns ID: 1985
Type: local
Level: 6/10

Affected: LOTUS : Domino 5.0

Original document SECURITEAM, [NEWS] Lotus Domino Bindsock Notes_ExecDirectory Buffer Overflow Vulnerability (03.05.2002)

SECURITEAM, [NEWS] Lotus Domino Bindsock Arbitrary File Creation Vulnerability (03.05.2002)

SECURITEAM, [NEWS] Lotus Domino Bindsock PATH Buffer Overflow Vulnerability (03.05.2002)

Discuss: Read or add your comments to this news (0 comments)

Symbolic links in Nautilus
Published: 03.05.2002
Source: BUGTRAQ
SecurityVulns ID: 1986
Type: local
Level: 5/10

Affected: EAZEL : Nautilus 1.0

Original document Joe Testa, R7-0003: Nautilus Symlink Vulnerability (03.05.2002)

Discuss: Read or add your comments to this news (0 comments)

Unauthorized access to locked workstation via wireless Logitech keyboards
Published: 03.05.2002
Source: BUGTRAQ
SecurityVulns ID: 1987
Type: local
Level: 4/10
Description: Hot key still work for locked workstation.

Original document keyboardhacker_(at)_hotmail.com, Logitech Keyboard Insecurity (03.05.2002)

Discuss: Read or add your comments to this news (0 comments)

Snapgear Lite+ DoS
Published: 03.05.2002
Source: BUGTRAQ
SecurityVulns ID: 1988
Type: remote
Level: 5/10
Description: Multiple scenarios for DoS attacks.

Affected: SNAPGEAR : Snapgear Lite+ 1.5

Original document Peter Gründl, KPMG-2002017: Snapgear Lite+ Firewall Denial of Service (03.05.2002)

Discuss: Read or add your comments to this news (0 comments)

Multiple buffer overflow in 3COM 3CDaemon
Published: 03.05.2002
Source: BUGTRAQ
SecurityVulns ID: 1989
Type: remote
Level: 5/10

Affected: 3COM : 3CDaemon 2.0

Original document skyrim msh, 3CDaemon DoS exploit (03.05.2002)

Discuss: Read or add your comments to this news (0 comments)

Directory traversal in DocBook
Published: 03.05.2002
Source: BUGTRAQ
SecurityVulns ID: 1991
Type: local
Level: 4/10
Description: During conversion to HTML identifuers are used to form a filename without check for ../

Affected: DOCBOOK : docbook 0.6

Original document REDHAT, [RHSA-2002:062-08] Insecure DocBook stylesheet option (03.05.2002)

Discuss: Read or add your comments to this news (0 comments)

Buffer overflow and directory traversal in 4D webserver
updated since 15.01.2002
Published: 03.05.2002
Source: NTBUGTRAQ
SecurityVulns ID: 1688
Type: remote
Level: 5/10

Affected: MDG : Web Server 4D 3.5
MDG : ZBServer Pro 1.50
MDG : Web Server 4D 6.7

Original document Jonas Ländin, iXsecurity.20020404.4d_webserver.a (03.05.2002)

Tamer Sahin, Web Server 4D/eCommerce 3.5.3 DoS Vulnerability (15.01.2002)

Tamer Sahin, Web Server 4D/eCommerce 3.5.3 Directory Traversal Vulnerability (15.01.2002)

Discuss: Read or add your comments to this news (0 comments)

Multiple buffer overflows in Progress
updated since 06.10.2001
Published: 03.05.2002
Source: BUGTRAQ
SecurityVulns ID: 1497
Type: local
Level: 5/10
Description: Multiple buffer overflows, format string bugs, etc.

Affected: PROGRESS : Progress 9.2

Original document Kevin Finisterre, latest Progress patch has suid issues AGAIN. (03.05.2002)

Kevin Finisterre, Progress Software suid overflows again. (25.03.2002)

Kevin Finisterre, Progres Databse PROMSGS Format strings issue. (03.11.2001)

Kevin Finisterre, Progress TERM (protermcap) overflows and PROMSGS overflows (09.10.2001)

document Kevin Finisterre, Progress Database vulnerabilities (06.10.2001)

Files: Local overflows Progress Database server 8.x and 9.x Unix
Yet another Progress Database exploit (version ??)
13 local PoC root exploit programs for Progress Database
Discuss: Read or add your comments to this news (0 comments)

CGI bugs
Published: 03.05.2002
Source: BUGTRAQ
SecurityVulns ID: 1990
Type: remote
Level: 5/10

Affected: CGI : MyGuestbook 1.0
CGI : Spooky Login 2.5

Original document SECURITEAM, [NT] Spooky Login SQL Injection Vulnerability (03.05.2002)

SECURITEAM, [UNIX] SunShop Shopping Cart Security Vulnerability (03.05.2002)

BrainRawt ., Levcgi.coms MyGuestbook JavaScript Injection Vulnerability (03.05.2002)

Discuss: Read or add your comments to this news (0 comments)

JSP pages source code access
updated since 08.06.2000
Published: 03.05.2002
Source: NTBUGTRAQ
SecurityVulns ID: 257
Type: remote
Level: 6/10
Description: There are multiple ways to get a source code of JSP pages

Affected: UNIFY : eWave ServletExec 3.0
IBM : WebSphere 3.0.2
BEA : Weblogic Server 5.1
BEA : Weblogic Server 4.5
CAUCHO : Resin 1.2
IBM : IBM-HTTP-Server 1.0
IBM : VSE-HTTPD 01.04
ORACLE : WebLogic Server 6.1
ORACLE : Oracle 9iAS
GNU : GNUJSP 1.0

Original document Peter Gründl, KPMG-2002016: Bea Weblogic incorrect URL parsing issues (03.05.2002)

DEBIAN, [SECURITY] [DSA 114-1] New GNUJSP packages fix directory and script source disclosure (24.02.2002)

NGSSoftware Insight Security Research, JSP translation file access under Oracle 9iAS (06.02.2002)

document 'ken'@FTU, IBM AS/400 HTTP Server '/' attack (09.11.2001)

benjurry, RESIN ServletExec JSP Source Disclosure Vulnerability(IIS 5) (24.11.2000)

benjurry, RESIN ServletExec JSP Source Disclosure Vulnerability(Resin Web Server) (24.11.2000)

benjurry, RESIN ServletExec JSP Source Disclosure Vulnerability(Apache 1.3.6 Win2k)) (24.11.2000)

document Woch, Wojciech, Disclosure of JSP source code with ServletExec AS v3.0c + web instance (22.11.2000)

Foundstone Labs, Unify eWave ServletExec upload (01.11.2000)

Foundstone Labs, Unify eWave ServletExec DoS (31.10.2000)

Foundstone Labs, BEA's WebLogic *.jsp/*.jhtml remote command execution (02.08.2000)

document stuart.mcclure_(at)_FOUNDSTONE.COM, BEA's WebLogic force handlers show code vulnerability (01.08.2000)

Foundstone Labs, IBM WebSphere default servlet handler showcode vulnerability (25.07.2000)

stuart.mcclure_(at)_FOUNDSTONE.COM, BEA WebLogic JSP showcode vulnerability (13.06.2000)

document stuart.mcclure_(at)_FOUNDSTONE.COM, IBM WebSphere JSP showcode vulnerability (13.06.2000)

Russ, Potential vulnerability in Unify eWave ServletExec (08.06.2000)

Files: BugTraq ID: 1328
Discuss: Read or add your comments to this news (0 comments)

Format string bug in rwalld
Published: 03.05.2002
Source: CERT
SecurityVulns ID: 1979
Type: remote
Level: 8/10
Description: Formaqt string bug on syslog() call

Affected: SUN : Solaris 2.6
SUN : Solaris 8
SUN : Solaris 7

Original document GOBBLES_(at)_hushmail.com, Adivosry + Exploit for Remote Root Hole in Default Installation of Popular Commercial Operating System (03.05.2002)

CERT, Advisory CA-2002-10 Format String Vulnerability in rpc.rwalld (03.05.2002)

Discuss: Read or add your comments to this news (0 comments)

ISS RealSecure DHCP DoS
Published: 03.05.2002
Source: X-FORCE
SecurityVulns ID: 1980
Type: remote
Level: 5/10
Description: It's possible to reference NULL pointer by malcrafted DHCP packet.

Affected: ISS : RealSecure 6.5

Original document X-FORCE, ISS Advisory: Remote Denial of Service Vulnerability in RealSecure Network Sensor (03.05.2002)

Discuss: Read or add your comments to this news (0 comments)

Buffer overflow in Netscape/Mozilla
Published: 03.05.2002
Source: BUGTRAQ
SecurityVulns ID: 1981
Type: client
Level: 8/10
Description: Buffer overflow on irc:// URL parsing.

Affected: MOZILLA : Mozilla 0.9
MOZILLA : Mozilla 1.0
NETSCAPE : Netscape 6.2

Original document Thor Larholm, RE: Reading local files in Netscape 6 and Mozilla (GM#001-NS) (03.05.2002)

Discuss: Read or add your comments to this news (0 comments)

mod_python imported modules inderect calls
Published: 03.05.2002
Source: BUGTRAQ
SecurityVulns ID: 1983
Type: local
Level: 5/10
Description: It's possible to inderectly call unsafe function via imported module.

Affected: APACHE : mod_python 2.7

Original document REDHAT, [RHSA-2002:070-06] Updated mod_python packages available (03.05.2002)

Discuss: Read or add your comments to this news (0 comments)

Buffer overflow in Caldera OpenServer sar
updated since 03.05.2002
Published: 10.05.2002
Source: BUGTRAQ
SecurityVulns ID: 1984
Type: local
Level: 5/10
Description: Buffer overflow in -o command line option.

Affected: SCO : OpenServer 5.0

Original document Kevin Finisterre, Sar -o exploitation process info. (10.05.2002)

CALDERA, Security Update: [CSSA-2002-SCO.17] OpenServer 5.0.5 : sar -o buffer overflow (03.05.2002)

Discuss: Read or add your comments to this news (0 comments)

Buffer overflow in Macromedia Flash
updated since 03.05.2002
Published: 29.10.2002
Source: BUGTRAQ
SecurityVulns ID: 1982
Type: client
Level: 7/10
Description: Buffer overflow on oversized "movie" and "SWRemote" paramters for ActiveX component.

Affected: MACROMEDIA : Flash ActiveX 6

Original document 3APA3A, Multiple vulnerabilities in Macromedia Flash ActiveX (29.10.2002)

LOM, �� Macromedia Flash (28.10.2002)

EEYE, Macromedia Flash Activex Buffer overflow (03.05.2002)

Files: Macromedia Flash ActiveX buffer overflow proof of concept
Discuss: Read or add your comments to this news (0 comments)