CGI bugs updated since 01.04.2003
Published:		05.04.2003
Source:		BUGTRAQ
SecurityVulns ID:		2706
Type:		remote
Level:		5/10

Affected:		PYTHON : Python 2.2
		IKONBOARD : Ikonboard 3.1
		PHPNUKE : PHP-Nuke 6.5
		PYTHON : python 2.3
		PHORUM : Phorum 3.4
		XOOPS : xoops 1.3
		DS : Viewpoint Server
		AUTOMATEDSHOPS : WebC 2.0
		AUTOMATEDSHOPS : WebC 5.0
		SAKKI : Sakki's guestbook 1.0

Original document		drG4njubas, Sakki's guestbook V.1.01 script injection vulnerability. (05.04.2003)
		Carl Livitt, Multiple vulnerabilities in AutomatedShops WebC shopping cart (05.04.2003)
		Nick Cleaton, IkonBoard v3.1.1: arbitrary command execution (05.04.2003)
		Ben Maynard, Viewpoint Server (05.04.2003)
		magistrat, Css in Xoops module glossary 1.3.x (05.04.2003)
		Peter "Stöckli", Phorum 3.4 Cross Site Scripting (05.04.2003)
		euronymous, XSS in Python Documentation Server (05.04.2003)
		lethalman_(at)_libero.it, PHP-Nuke block-Forums.php subject vulnerabilities (01.04.2003)

Files:		WebC 5.00x (possibly earlier) local exploit
		AutomatedShops WebC 2.011 -> 5.005 remote exploit
Discuss:		Read or add your comments to this news (0 comments)

Apache DoS updated since 05.04.2003
Published:		05.04.2003
Source:		BUGTRAQ
SecurityVulns ID:		2713
Type:		remote
Level:		6/10
Description:		Memory leak on request with large number of line feeds.

Affected:

APACHE : Apache 2.0

Original document		APACHE, [ANNOUNCE][SECURITY] Apache 2.0.47 released (10.07.2003)
		IDEFENSE, iDEFENSE Security Advisory 04.08.03: Denial of Service in Apache HTTP Server 2.x (09.04.2003)
		APACHE, [ANNOUNCE] Apache 2.0.45 Released (05.04.2003)

Files:		working apache <= 2.0.44 DoS exploit for linux.
		Test code for Apache 2.x Memory Leak
Discuss:		Read or add your comments to this news (0 comments)

AOL Server proxy API format string bug
Published:		05.04.2003
Source:		BUGTRAQ
SecurityVulns ID:		2714
Type:		library
Level:		5/10
Description:		Format string bug on syslog() call.

Affected:

AOL : AOLServer Proxy Daemon API 4.0

Original document

Kevin Finisterre, SRT2003-04-04-1106 - AOLServer Proxy Daemon API unformatted syslog() call (05.04.2003)

Discuss:

Read or add your comments to this news (0 comments)

Buffalo AirStation DoS
Published:		05.04.2003
Source:		BUGTRAQ
SecurityVulns ID:		2715
Type:		remote
Level:		5/10
Description:		Small packet flood causes station to hang.

Affected:

BUFFALO : AirStation G54

Original document

Pavel shpac, buffalo AirStation G54 - (WBR-G54 ) DoS (05.04.2003)

Discuss:

Read or add your comments to this news (0 comments)

Syscall timing attacks in multiple systems
Published:		05.04.2003
Source:		BUGTRAQ
SecurityVulns ID:		2717
Type:		local
Level:		5/10
Description:		By timing system calls it's possible to check file existance.

Original document

Andrew Griffiths, Syscall implementation could lead to whether or not a file exists (05.04.2003)

Files:		Syscall timing file testing utility
Discuss:		Read or add your comments to this news (0 comments)

Interbase buffer overflow
Published:		05.04.2003
Source:		BUGTRAQ
SecurityVulns ID:		2718
Type:		local
Level:		5/10
Description:		Buffer overflow on ISC_LOCK_ENV environment variable.

Affected:

BORLAND : InterBase 6.0

Original document

Kevin Finisterre, SRT2003-04-03-1300 - Interbase ISC_LOCK_ENV overflow (05.04.2003)

Discuss:

Read or add your comments to this news (0 comments)

passlogd buffer overflow
Published:		05.04.2003
Source:		BUGTRAQ
SecurityVulns ID:		2719
Type:		remote
Level:		5/10
Description:		Buffer overflow on syslog packets processing.

Affected:

PASSLOGD : passlogd 0.1

Original document

dong-h0un U, passlogd sniffer remote buffer overflow root exploit. (05.04.2003)

Files:		Remote Multiple Buffer Overflow vulnerability in passlogd sniffer.
Discuss:		Read or add your comments to this news (0 comments)

NetGear DoS updated since 11.10.2002
Published:		05.04.2003
Source:		BUGTRAQ
SecurityVulns ID:		2344
Type:		remote
Level:		5/10
Description:		Large number of connection attampts cause router to hang.

Affected:

NETGEAR : Netgear FM114P

Original document		Björn Stickler, Another security problem in Netgear FM114P ProSafe Wireless Router firmware (05.04.2003)
		Marc Ruef, TCP flood against NetGear FM114P (11.10.2002)

Discuss:

Read or add your comments to this news (0 comments)

Hyperion FTP Server multiple bugs updated since 05.04.2003
Published:		10.04.2003
Source:		BUGTRAQ
SecurityVulns ID:		2716
Type:		remote
Level:		5/10
Description:		Buffer overflow in mkdir, USER.

Affected:

MOLLENSOFT : Hyperion FTP Server 3.0

Original document		moran zavdi, Hyperion FTP server Remote DOS and unauthorised remote access. (10.04.2003)
		Rushjo_(at)_tripbit.org, TA-2003-03 Buffer Overflow Vulnerability in Hyperion FTP Server 3.0 (05.04.2003)

Files:		Denial of Service Attack for Mollensoft Hyperion FTP Server 3.0
Discuss:		Read or add your comments to this news (0 comments)

Progress multiple bugs updated since 05.04.2003
Published:		21.06.2003
Source:		BUGTRAQ
SecurityVulns ID:		2720
Type:		local
Level:		5/10
Description:		It's possible to read first line from any file with PROSTARTUP variable. Buffer overflow on DLC variable.

Affected:		PROGRESS : Progress 9.2
		PROGRESS : Progress 9.1

Original document		Kevin Finisterre, SRT2003-06-20-1232 - Progress 4GL Compiler datatype overflow (21.06.2003)
		Kevin Finisterre, SRT2003-06-13-1009 - Progress _dbagent -installdir dlopen() issue (14.06.2003)
		Kevin Finisterre, SRT2003-06-13-0945 - Progress PATH based dlopen() issue (14.06.2003)
		Kevin Finisterre, SRT2003-04-15-1029 - Progres BINPATHX overflow (16.04.2003)
		Kevin Finisterre, SRT2003-04-01-1231 - Progress DLC overflows (12.04.2003)
		Kevin Finisterre, SRT2003-04-02-1735 - Progress PROSTARTUP root owned file read (05.04.2003)

Discuss:

Read or add your comments to this news (0 comments)