cups DoS Published: 09.06.2003 Source: BUGTRAQ SecurityVulns ID: 2888 Type: remote Level: 5/10 Description: DoS on incomplete header. Affected: CUPS : cups 1.1 Original document Sebastian Krahmer , SuSE Security Announcement: cups (SuSE-SA:2003:028) (09.06.2003 )
gzip znew symbolic links problem Published: 09.06.2003 Source: BUGTRAQ SecurityVulns ID: 2889 Type: local Level: 5/10 Description: Unsafe temporary files creation.
Original document DEBIAN , [SECURITY] [DSA-308-1] New gzip packages fix insecure temporary file creation (09.06.2003 )
Novell iChain buffer overflow Published: 09.06.2003 Source: BUGTRAQ SecurityVulns ID: 2890 Type: remote Level: 5/10 Affected: NOVELL : iChain 2.2 Original document NOVELL , NOVL-2003-2966205 - iChain 2.2 Field Patch 1a (09.06.2003 )
Novell Netware HTTPSTK DoS Published: 09.06.2003 Source: BUGTRAQ SecurityVulns ID: 2891 Type: library Level: 5/10 Description: Invelid processing for Keep-Alive packet.
Original document NOVELL , NOVL-2003-2966181 - HTTPSTK DOS (09.06.2003 )
SpeakFreely multiple bugs Published: 09.06.2003 Source: BUGTRAQ SecurityVulns ID: 2892 Type: remote Level: 6/10 Description: Multiple buffer overflows Affected: SPEAKFREE : Speak Freely 7.5 Original document fozzy_(at)_dmpfrance.com , Speak Freely <=7.5 multiple remote and local vulnerabilities (the Hackademy Audit) (09.06.2003 )
xaos privilege escalation Published: 09.06.2003 Source: BUGTRAQ SecurityVulns ID: 2893 Type: local Level: 5/10 Description: Program is installed as suid root. Affected: XAOS : xaos 3.0 Original document DEBIAN , [SECURITY] [DSA-310-1] New xaos packages fix improper setuid-root execution (09.06.2003 ) bazarr_(at)_ziplip.com , BAZARR LOCAL ROOT AGAIN. HI GUYS. DONT READ THIS (09.06.2003 )
Multiple bugs in FTP clients Published: 09.06.2003 Source: BUGTRAQ SecurityVulns ID: 2894 Type: client Level: 5/10 Description: Bugs during parsing FTP server data. Affected: CEDSOFT : FlashFXP SMARTFTP : SmartFTP 1.0 RHINO : FTP Voyager 10.0 LEAPFTP : LeapFTP 2.7 CVE: CVE-2007-0825 (FlashFXP 3.4.0 build 1145 allows remote servers to cause a denial of service (CPU consumption) via a response to a PWD command that contains a long string with deeply nested directory structure, possibly due to a buffer overflow.) CVE-2007-0790 (Heap-based buffer overflow in SmartFTP 2.0.1002 allows remote FTP servers to execute arbitrary code via a large banner. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.) CVE-2003-1319 (Multiple buffer overflows in SmartFTP 1.0.973, and other versions before 1.0.976, allow remote attackers to execute arbitrary code via (1) a long response to a PWD command, which triggers a stack-based overflow, and (2) a long line in a response to a file LIST command, which triggers a heap-based overflow.) Original document nesumin , [LeapFTP] "PASV" Reply Buffer Overflow Vulnerability (09.06.2003 ) nesumin , [FTP Voyager] File List Buffer Overflow Vulnerability (09.06.2003 ) nesumin , [SmartFTP] Two Buffer Overflow Vulnerabilities (09.06.2003 ) nesumin , [FlashFXP] Two Buffer Overflow Vulnerabilities (09.06.2003 )
Buffer overflow in zblast Published: 09.06.2003 Source: BUGTRAQ SecurityVulns ID: 2895 Type: local Level: 5/10 Description: Local overflow gives egid games. Affected: ZBLAST : zblast 1.2 Original document Vade 79 , linux)zblast/xzb[v1.2]: local buffer overflow. (games) (09.06.2003 )
Переполнение буфера в eterm (buffer overflow) Published: 09.06.2003 Source: BUGTRAQ SecurityVulns ID: 1680 Type: local Level: 6/10 Описание: Переполнение буфера при разборе переменных окружения. Affected: ETERM : eterm 0.9 Original document DEBIAN , [SECURITY] [DSA-309-1] New eterm packages fix buffer overflow (09.06.2003 ) Charles 'core' Stevenson , Eterm SGID utmp Buffer Overflow (Local) (14.01.2002 )
Multiple bugs in Apache Published: 09.06.2003 Source: BUGTRAQ SecurityVulns ID: 2858 Type: remote Level: 6/10 Description: Bugs causing remote DoS and under some specific conditions to code execution. Affected: APACHE : Apache 2.0 APACHE : mod_gzip 1.3 Original document Matthew Murphy , Apache 2.x APR Exploit Code (09.06.2003 ) Matthew Murphy , Mod_gzip Debug Mode Vulnerabilities (03.06.2003 ) IDEFENSE , Apache Portable Runtime Denial of Service and Arbitrary Code Execution Vulnerability (31.05.2003 ) APACHE , [SECURITY] [ANNOUNCE] Apache 2.0.46 released (29.05.2003 )
mail buffer overflow Published: 09.06.2003 Source: SECURITYFOCUS SecurityVulns ID: 2872 Type: client Level: 6/10 Description: Buffer overflow on parsing Cc: header in message. Affected: REDHAT : RedHat Linux 9.0 SLACKWARE : Slackware Linux 8.1 Original document D4rkGr3y , Re: Linux /bin/mail Carbon Copy Field Buffer Overrun Vulnerability (09.06.2003 )
Multiple Internet Explorer bugs Published: 09.06.2003 Source: BUGTRAQ SecurityVulns ID: 2875 Type: remote Level: 7/10 Description: New cumulativ update fixes buffer overflow and code execution. Affected: MICROSOFT : Internet Explorer 5.5 MICROSOFT : Internet Explorer 6.0 Original document Alumni , IE-object tag longtype exploit (09.06.2003 ) EEYE , Internet Explorer Object Type Property Overflow (05.06.2003 ) MICROSOFT , Microsoft Security Bulletin MS03-020: Cumulative Patch for Internet Explorer (818529) (05.06.2003 )
WWW&FTP Server directory traversal Published: 09.06.2003 Source: ZUDTEAM SecurityVulns ID: 2885 Type: remote Level: 5/10 Description: Directory traversal with /../ Affected: WWWFTP : WWW&FTP SERVER 6.3 Original document nimber , Vulnerability in WWW&FTP SERVER 6.3 (09.06.2003 )
Mini HTTP Server buffer overflow Published: 09.06.2003 Source: ZUDTEAM SecurityVulns ID: 2886 Type: remote Level: 5/10 Description: Buffer overflow on oversized URL. Affected: MINIHTTP : Mini HTTP Server 1.0 Original document nimber , Buffer overflow in Mini HTTP Server (09.06.2003 )
CGI bugs Published: 28.06.2003 Source: SecurityVulns ID: 2887 Type: remote Level: 5/10 Affected: POSTNUKE : PostNuke 0.7 PHPBB : phpBB 2.02 PVD : PVD access manager 2.0 CGI : vote.pl CGI : rear.pl MAXWEBPORTAL : Max Web Portal 1.30 PHPZEN : zenTrack 2.4 SYNKRON : Synkron.web 3 SPYKE : Spyke's PHP Board 2.1 PSOFT : H-Sphere 2.3 PLANETPOD : podboard 0.0 SPHERA : HostingDirector 3.0 PMACHINE : pMachine 2.1 XMBFORUM : XMB Forum 1.8 TUTOS : Tutos 1.1 DEERFIELD : VisNetic WebMail 5.8 GUESTBOOKHOST : GuestBookHost MOREGROUPWARE : Moregroupware 0.6 AWSD : WebBBS 5.12 Original document lavieangel_(at)_mydomain.com , WebBBS Guestbook : Cross Site Scripting (28.06.2003 ) François SORIN , [KSA-002] Multiple Vulnerabilities In Moregroupware (26.06.2003 ) Julien L. , GuestBookHost : Cross Site Scripting (25.06.2003 ) Rushjo_(at)_tripbit.org , TA-2003-06 php-form-misconfiguration in VisNetic WebMail v.5.8.6.6 (24.06.2003 ) silent needel , XSS Exploit In phpBB viewtopic.php (24.06.2003 ) François SORIN , [KSA-001] Multiple vulnerabilities in Tutos (23.06.2003 ) Knight Commander , Many XSS Vulnerabilities in XMB Forum. (23.06.2003 ) frog frog , pMachine (PHP) : Include() Security Hole (23.06.2003 ) Lorenzo Hernandez Garcia-Hierro , Sphera Hosting Director Control Panel Multiple Vulnerabilities: XSS-Session Hijacking-DoS/Buffer Overflow-Another User Accounts access (14.06.2003 ) idoru_(at)_VIDEOSOFT.NET.UY , Cross site scripting in Post-Nuke (14.06.2003 ) Mask_NBTA , podboard dev 0.0 Script Injection (14.06.2003 ) Lorenzo Hernandez Garcia-Hierro , PSOFT H-Sphere Cross Site Scripting Vulnerabilities (10.06.2003 ) Marc Bromm , Several bugs found in "Spyke's PHP Board" (10.06.2003 ) SecuriTeam , [NEWS] XSS Vulnerability in Synkron.web CMS (09.06.2003 ) farking_(at)_i-ownur.info , zenTrack Remote Command Execution Vulnerabilities (09.06.2003 ) JeiAr , Critical Vulnerabilities In Max Web Portal (09.06.2003 ) nimber , Ошибки в CGI (09.06.2003 )
