Code injection in PHPGroupware updated since 07.12.2000
Published:		04.04.2002
Source:		BUGTRAQ
SecurityVulns ID:		805
Type:		remote
Level:		5/10
Description:		It's possible to inject PHP code and to modify SQL query.

Affected:

PHPGROUPWARE : phpGroupWare 0.9

Original document		Matthias Jordan, SQL injection in PHPGroupware (04.04.2002)
		SECUREREALITY, (SRADV00006) Remote command execution vulnerabilities in phpGroupWare (07.12.2000)

Discuss:

Read or add your comments to this news (0 comments)

Directory traversal and format string bug in Cisco Secure ACS
Published:		04.04.2002
Source:		BUGTRAQ
SecurityVulns ID:		1908
Type:		remote
Level:		6/10
Description:		Any html, htm, class, jpg, jpeg or gif files can be remotely accessed. Format string bug can lead to remote server compromise.

Affected:		CISCO : Secure ACS 3.0
		CISCO : Secure ACS 2.6

Original document		Patrik Karlsson, iXsecurity.20020314.csadmin_fmt.a (04.04.2002)
		CISCO, Security Advisory: Web interface vulnerabilities in ACS for Windows (04.04.2002)
		Patrik Karlsson, iXsecurity.20020316.csadmin_dir.a (04.04.2002)

Discuss:

Read or add your comments to this news (0 comments)

Directory traversal in Quik-Serv Web Server
Published:		04.04.2002
Source:		BUGTRAQ
SecurityVulns ID:		1909
Type:		remote
Level:		5/10

Affected:

QUIKSERV : Quik-Serv Web Server 1.1

Original document

a b, Quik-Serv Web Server v1.1B Arbitrary File Disclosure (04.04.2002)

Discuss:

Read or add your comments to this news (0 comments)

CGI bugs
Published:		04.04.2002
Source:		BUGTRAQ
SecurityVulns ID:		1910
Type:		remote
Level:		5/10

Affected:		GCF : Dynamic Guestbook 3.0
		CGI : emumail.cgi

Original document		acidneo_(at)_altern.org, emumail.cgi (04.04.2002)
		Florian Hobelsberger / BlueScreen, Dynamic Guestbook V3.0 Cross Site Scripting and Arbitrary Command Execution under certain circumstances (04.04.2002)

Discuss:

Read or add your comments to this news (0 comments)

Crossite scripting in jo!
Published:		04.04.2002
Source:		X-FORCE
SecurityVulns ID:		1912
Type:		remote
Level:		5/10

Affected:

TAGTRAUM : jo! 1.0

Files:		jo! Web server JSP error message cross-site scripting
Discuss:		Read or add your comments to this news (0 comments)

*BSD YP authentication privelege escalation
Published:		04.04.2002
Source:		X-FORCE
SecurityVulns ID:		1913
Type:		local
Level:		5/10

Affected:

OPENBSD : OpenBSD 3.0

Files:		BSD systems using YP with netgroups in the password database
Discuss:		Read or add your comments to this news (0 comments)

Unauthorized access in HP Praesidium Webproxy
Published:		04.04.2002
Source:		X-FORCE
SecurityVulns ID:		1914
Type:		remote
Level:		5/10

Affected:

HP : Praesidium Webproxy 1.0

Files:		HP Praesidium Webproxy could allow unauthorized remote access
Discuss:		Read or add your comments to this news (0 comments)

Buffer overflow in Windows NT/2000/XP updated since 04.04.2002
Published:		05.04.2002
Source:		NTBUGTRAQ
SecurityVulns ID:		1915
Type:		local
Level:		6/10
Description:		Buffer overflow on long request to MUP (Multiple UNC Provider)

Affected:		MICROSOFT : Windows NT 4.0 Workstation
		MICROSOFT : Windows NT 4.0 Server
		MICROSOFT : Windows 2000 Server
		MICROSOFT : Windows 2000 Professional
		MICROSOFT : Windows XP

Original document		MICROSOFT, Security Bulletin MS02-017 Q311967: Unchecked buffer in the Multiple UNC Provider Could Enable File Execution (05.04.2002)
		NSFOCUS, NSFOCUS SA2002-02 : Microsoft Windows MUP overlong request kernel overflow (04.04.2002)

Discuss:

Read or add your comments to this news (0 comments)

Crossite scripting in OpenKeyServer updated since 04.04.2002
Published:		22.04.2002
Source:		X-FORCE
SecurityVulns ID:		1911
Type:		remote
Level:		5/10

Affected:

VEREDIS : OpenKeyServer 1.2

Original document

Noam Rathaus, Keyservers Cross Site Scripting (When CSS Gets Dangerous) (22.04.2002)

Files:		OpenKeyServer Web interface cross-site scripting
Discuss:		Read or add your comments to this news (0 comments)