DoS and forced user addition to ICQ updated since 23.08.2001
Published:		16.04.2002
Source:		BUGTRAQ
SecurityVulns ID:		1422
Type:		client
Level:		5/10
Description:		ICQ register appllication/x-icq MIME type (.uin) for files. This files allows to add user to contact list without notice. It's also possible to cause DoS against ICQ via .hpf files.

Affected:

MIRABILIS : ICQ 2001a

Original document		silentsupporter_(at)_poczta.onet.pl, Possible vulnerabilities of ICQ files opened in IE or OE (16.04.2002)
		AreS, Hexyn / Securax Advisory #22 - ICQ Forced Auto-Add Users (23.08.2001)

Discuss:

Read or add your comments to this news (0 comments)

Cleartext password access via SNMP in Nortel CVX
Published:		16.04.2002
Source:		BUGTRAQ
SecurityVulns ID:		1933
Type:		remote
Level:		5/10
Description:		It's possible to retrive users list with passwords via default community public.

Affected:

NORTEL : CVX 1800

Original document

Michael Rawls, Nortel CVX 1800s will dump all local user names and passwords via SNMP (16.04.2002)

Discuss:

Read or add your comments to this news (0 comments)

Irix XFS DoS
Published:		16.04.2002
Source:		BUGTRAQ
SecurityVulns ID:		1934
Type:		local
Level:		5/10
Description:		It's possible to create file to cause error in processing application.

Affected:

SGI : IRIX 6.5

Original document

SGI, IRIX XFS filesystem denial of service attack (16.04.2002)

Discuss:

Read or add your comments to this news (0 comments)

FTP bounce attack through Raptor Firewall
Published:		16.04.2002
Source:		BUGTRAQ
SecurityVulns ID:		1935
Type:		remote
Level:		5/10
Description:		It;s possible to make FTP server behind firewall to connect to any IP and TCP port in internal network, since PORT command with internal adress doesn't processed correctly.

Affected:

AXENT : Raptor Firewall 6.5

Original document

Roy Hills, Raptor Firewall FTP Bounce vulnerability (16.04.2002)

Discuss:

Read or add your comments to this news (0 comments)

Buffer overflow in Microsoft Office and Internet Explorer under MacOS updated since 16.04.2002
Published:		17.04.2002
Source:		BUGTRAQ
SecurityVulns ID:		1931
Type:		client
Level:		5/10
Description:		Buffer overflow on long file:// URL.

Affected:		MICROSOFT : Internet Explorer 5.1 for Macintosh
		MICROSOFT : Office 2001

Original document		Matt Conover, w00w00 on Microsoft IE/Office for Mac OS (17.04.2002)
		MICROSOFT, Security Bulletin MS02-019: Unchecked Buffer in Internet Explorer and Office for Mac Can Cause Code to Execute (Q321309) (17.04.2002)
		SECURITEAM, [NT] Microsoft IE/Office for Mac OS Buffer Overflow Vulnerability (16.04.2002)

Discuss:

Read or add your comments to this news (0 comments)

CGI bugs updated since 16.04.2002
Published:		20.04.2002
Source:		BUGTRAQ
SecurityVulns ID:		1932
Type:		remote
Level:		5/10

Affected:		SNITZ : Snitz Forums 2000
		WBB : wbboard 1.1
		X-DEV : x-dev.de Guestbook
		X-DEV : xNewsletter
		CGI : FileSeek2.cgi
		POSTBOARD : PostBoard 2.0
		MICROSOFT : CodeBrws.asp
		CGI : Sgdynamo
		CGI : Myannuaire 1.0
		CGI : phpAnyvote 1.0
		CGI : DiSi-Poll 0.9
		CGI : PVote 1.5

Original document		acemi, Snitz Forums 2000 remote SQL query manipulation vulnerability (20.04.2002)
		acemi, Snitz Forums 2000 remote SQL query manipulation vulnerability (20.04.2002)
		Daniel Nyström, [[ TH 026 Inc. ]] SA #1 - Multiple vulnerabilities in PVote 1.5 (18.04.2002)
		frog frog, Smalls holes on 5 products #1 (18.04.2002)
		H D Moore, Microsoft IIS 5.0 CodeBrws.asp Source Disclosure (17.04.2002)
		gcsb, Multiple Vulnerabilities in PostBoard (17.04.2002)
		N|ghtHawk, FileSeek cgi script advisory (17.04.2002)
		Florian Hobelsberger / BlueScreen, Several x-dev.de Guestbook and xNewsletter Vulnerabilities ( www.x-dev.de ) (16.04.2002)
		SeazoN, wbboard 1.1.1 Cross Site Scripting Vulnerability (16.04.2002)

Discuss:

Read or add your comments to this news (0 comments)