 |
|
|
|
| Multiple bugs in XFree86 | | Published: |  | 04.10.2002 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 2323 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | User's directory in search path for shared libraries for suid applications, shared memory acces via MIT-SHM. |
| Affected: |  | XFREE : XFree86 4.2 |
| Original document |  | CONNECTIVA, [CLA-2002:529] Conectiva Linux Security Announcement - XFree86 (04.10.2002) |
| Multiple bugs in Apache scoreboard | | Published: | | 04.10.2002 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 2324 | | Type: | | local | | Level: | | 6/10 | | Description: | | Any euid Apache process can DoS system by launching large number of child process and sending SIGUSR1 to any process as root. Buffer overflow in ab. |
| Affected: | | APACHE : Apache 1.3 |
| Original document | | IDEFENSE, iDEFENSE Security Advisory 10.03.2002: Apache 1.3.x shared memory scoreboard vulnerabilities (04.10.2002) |
| Symbolic links in python | | Published: | | 04.10.2002 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 2325 | | Type: | | local | | Level: | | 5/10 | | Description: | | os.py execvpe method creates temporary file insecurely. |
| Affected: | | PYTHON : Python 2.2 |
| Original document | | Daniel Ahlberg, GLSA: python (04.10.2002) |
| SSL protection bypass in Ximian Evolution | | Published: | | 04.10.2002 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 2326 | | Type: | | m-i-t-m | | Level: | | 5/10 | | Description: | | Insufficient certificate check on restored connection. |
| Affected: | | XIMAN : Evolution 1.0 |
| Original document | | Veit Wahlich, SSL certificate validation problems in Ximian Evolution (04.10.2002) |
| Microsoft Windows XP weak permissions | | Published: | | 04.10.2002 | | Source: | | COBALT | | SecurityVulns ID: | | 2328 | | Type: | | local | | Level: | | 5/10 | | Description: | | Weak permissions for restore information allow to view and change sensitive data, including SAM. |
| Affected: | | MICROSOFT : Windows XP |
| Original document | | Makoto Shiotsuki, WinXP Pro(Gold) Insecure System Restore File Permissions (04.10.2002) |
CGI bugs
updated since 28.09.2002 | | Published: | | 04.10.2002 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 2295 | | Type: | | remote | | Level: | | 5/10 |
| Affected: | | POSTNUKE : PostNuke 0.64 | | | | PHPMYNEWSLETTER : phpMyNewsletter 0.6 | | | | POSTNUKE : PostNuke 0.7 | | | | PACIFIC : Carello 1.3 | | | | PHPWEBSITE : phpWebSite 0.8 | | | | JAWMAIL : jawmail 1.0 | | | | XOOPS : Xoops RC3.0 | | | | PHPNUKE : PHP-Nuke 6.0 | | | | CGI : Invision Board | | | | NPDS : NPDS 4.8 | | | | DACODE : daCode 1.2 | | | | DRUPAL : Drupal 4.0 | | | | NULLOGIC : Null Webmail 0.6 | | | | MYNEWSGROUPS : MyNewsGroups :) 0.4 | | | | MYSIMPLENEWS : MySimpleNews 1.0 | | | | TIGHTPRICES : TightAuction 3.0 | | | | LEVILLAGE : PY-Membres 3.1 | | | | UPBPB : upb PB 1.0 | | | | MIDICART : MidiCart 1.0 | | | | PPHLOGGER : Pphlogger 2.0 | | | | PPHLOGGER : Pphlogger 2.2 | | | | PHPLINKAT : phpLinkat 0.1 |
| Original document | | Sp.IC, phpLinkat XSS Security Bug (04.10.2002) |
| | | frog frog, phpMyNewsletter (04.10.2002) |
| | | Pistone, The Books Module for the PostNuke CMS XSS Vulnerability (04.10.2002) |
| | | frog frog, Multiple Web Security Holes (03.10.2002) |
| | | Matt Moore, wp-02-0012: Carello 1.3 Remote File Execution (Updated 1/10/2002) (03.10.2002) |
| | | frog frog, MySimpleNews (PHP) (03.10.2002) |
| | | Sp.IC, phpWebSite XSS Vulnerability (03.10.2002) |
| | | Ulf Harnhammar, MyNewsGroups :) XSS patch (01.10.2002) |
| | | Pedro Inacio, PHP-Nuke x.x AND PostNuke SQL Injection (30.09.2002) |
| | | Pedro Inacio, PHP-Nuke x.x SQL Injection (30.09.2002) |
| | | DownBload, IIL Advisory: Format String bug in Null Webmail (0.6.3) (28.09.2002) |
| | | das_(at)_hush.com, ECHU Alert #2: IMG Attack in the news : 6 CMS vulnerables (28.09.2002) |
| | | Gossi The Dog , Information Disclosure with Invision Board installation (fwd) (28.09.2002) |
| | | Mark Grimes , PHPNUKE 6 XSS Vulnerabilities (28.09.2002) |
| | | das_(at)_hush.com, Xoops RC3 script injection vulnerability (28.09.2002) |
| | | Ulf Harnhammar, JAWmail XSS (28.09.2002) |
| | | tim vandermeersch, PHP source injection in phpWebSite (28.09.2002) |
Ikonboard crossite scripting
updated since 04.10.2002 | | Published: | | 09.12.2002 | | Source: | | 3APA3A | | SecurityVulns ID: | | 2327 | | Type: | | remote | | Level: | | 5/10 | | Description: | | [IMG]javascript:alert(document.cookie).gif[/IMG],
Photo/javascript:alert(document.cookie) URL, Photo, X-Forwarded-For scripting. |
|
|
|
|
|
| |
|
| |
