Search:Vulnerability:17.04.2002
news
/
advisories
/
forum
/
software
/
advertising
/
search
/
exploits
[EN]
securityvulns.ru
no-pyccku
Cookie access via res:\\ and about:\\ in Microsoft Internet Explorer
updated since 20.10.2001
Published:
17.04.2002
Source:
BUGTRAQ
SecurityVulns ID:
1521
Type:
client
Level:
6
/10
Description:
It's possible to use about:\\ and res:\\ URl to execute javascript in context of any page and local machine.
Affected:
MICROSOFT
:
Internet Explorer 5.5
MICROSOFT
:
Internet Explorer 6.0
Original document
GreyMagic Software
,
Re: IE allows universal Cross Site Scripting (TL#002)
(
17.04.2002
)
Thor Larholm
,
IE allows universal Cross Site Scripting (TL#002)
(
17.04.2002
)
Marc Slemko
,
the other IE cookie stealing bug (MS01-055)
(
15.11.2001
)
Jouko Pynnonen
,
Microsoft IE cookies readable via about: URLS
(
09.11.2001
)
MICROSOFT
,
Security Bulletin MS01-055
(
09.11.2001
)
Clover Andrew
,
Minor IE vulnerability: about: URLs
(
20.10.2001
)
Discuss:
Read or add your comments to this news (0 comments)
Buffer overflo in TUX HTTPD and SYN Cookie protection bypass
updated since 05.11.2001
Published:
17.04.2002
Source:
BUGTRAQ
SecurityVulns ID:
1551
Type:
remote
Level:
6
/10
Description:
Buffer overflow on long HTTP HOST header. By using Syncookie it's possible to bypass packet filtering.
Affected:
LINUX
:
kernel 2.2
LINUX
:
kernel 2.4
REDHAT
:
TUX 2.1
FREEBSD
:
FreeBSD 4.5
Original document
FREEBSD
,
Security Advisory FreeBSD-SA-02:20.syncache
(
17.04.2002
)
REDHAT
,
[RHSA-2001:142-15] kernel 2.2 and 2.4: syncookie vulnerability
(
06.11.2001
)
Aiden ORawe
,
RH Linux Tux HTTPD DoS
(
05.11.2001
)
Discuss:
Read or add your comments to this news (0 comments)
Buffer overflow in Microsoft Office and Internet Explorer under MacOS
updated since 16.04.2002
Published:
17.04.2002
Source:
BUGTRAQ
SecurityVulns ID:
1931
Type:
client
Level:
5
/10
Description:
Buffer overflow on long file:// URL.
Affected:
MICROSOFT
:
Internet Explorer 5.1 for Macintosh
MICROSOFT
:
Office 2001
Original document
Matt Conover
,
w00w00 on Microsoft IE/Office for Mac OS
(
17.04.2002
)
MICROSOFT
,
Security Bulletin MS02-019: Unchecked Buffer in Internet Explorer and Office for Mac Can Cause Code to Execute (Q321309)
(
17.04.2002
)
SECURITEAM
,
[NT] Microsoft IE/Office for Mac OS Buffer Overflow Vulnerability
(
16.04.2002
)
Discuss:
Read or add your comments to this news (0 comments)
Directory traversal in AIM direct conect
Published:
17.04.2002
Source:
BUGTRAQ
SecurityVulns ID:
1936
Type:
remote
Level:
6
/10
Description:
During direct connect it's possible to send a file with a name containing "../"
Affected:
AOL
:
Instant Messenger 4.8
Original document
Noah Johnson
,
AIM's 'Direct Connection' feature could lead to arbitrary file creation
(
17.04.2002
)
Discuss:
Read or add your comments to this news (0 comments)
Format string bug in AOLServer DB API
Published:
17.04.2002
Source:
BUGTRAQ
SecurityVulns ID:
1937
Type:
library
Level:
5
/10
Description:
Format string bug in Ns_PdLog API call
Affected:
AOL
:
AOLserver 3.2
AOL
:
AOLserver 3.0
AOL
:
AOLserver 3.4
AOL
:
AOLserver 3.3
AOL
:
AOLserver 3.1
Original document
Benoît Roussel
,
[CERT-intexxia] AOLServer DB Proxy Daemon Format String Vulnerability
(
17.04.2002
)
Discuss:
Read or add your comments to this news (0 comments)
Protection bypass in snort
Published:
17.04.2002
Source:
BUGTRAQ
SecurityVulns ID:
1938
Type:
remote
Level:
5
/10
Description:
By using short packets it's possible to bypass attack signature protection.
Affected:
SNORT
:
snort 1.8
Files:
fragroute
Discuss:
Read or add your comments to this news (0 comments)
Protection bypass in Norton Personal Firewall
Published:
17.04.2002
Source:
BUGTRAQ
SecurityVulns ID:
1939
Type:
remote
Level:
5
/10
Description:
Few widespreaded attacks are not detected.
Affected:
SYMANTEC
:
Norton Personal Firewall 2002
Original document
Alfonso Fiore
,
Norton Personal Firewall 2002 vulnerable to SYN/FIN scan
(
17.04.2002
)
Discuss:
Read or add your comments to this news (0 comments)
Unauthorized access via OUTER JOIN in Oravle
Published:
17.04.2002
Source:
BUGTRAQ
SecurityVulns ID:
1940
Type:
local
Level:
6
/10
Description:
It's possible to access tables not granted to access.
Affected:
ORACLE
:
ORACLE 9.0
Original document
Pete Finnigan
,
ansi outer join syntax in Oracle allows access to any data
(
17.04.2002
)
Discuss:
Read or add your comments to this news (0 comments)
Weak file permissions in pipermail
Published:
17.04.2002
Source:
BUGTRAQ
SecurityVulns ID:
1941
Type:
local
Level:
5
/10
Description:
Local user can access any private maillist.
Affected:
PIPERMAIL
:
PIPERMAIL
Original document
H. Peter Anvin
,
Mailman/Pipermail private mailing list/local user vulnerability
(
17.04.2002
)
Discuss:
Read or add your comments to this news (0 comments)
Weak permissions in HP drivers for MacOS
Published:
17.04.2002
Source:
BUGTRAQ
SecurityVulns ID:
1942
Type:
local
Level:
5
/10
Description:
Some common files are writable.
Original document
Dr Andreas F Muller
,
Vulnerability in HP Photosmart/Deskjet Drivers for Mac OS X (root compromise)
(
17.04.2002
)
Discuss:
Read or add your comments to this news (0 comments)
SQL injection in Demark Pure Secure
Published:
17.04.2002
Source:
SECURITEAM
SecurityVulns ID:
1943
Type:
remote
Level:
5
/10
Affected:
DEMARC
:
PureSecure 1.05
Original document
SECURITEAM
,
[NEWS] Demarc PureSecure Allows Users to Bypass Login Restrictions
(
17.04.2002
)
Discuss:
Read or add your comments to this news (0 comments)
Buffer overflows in Compaq Tru64 Unix
Published:
17.04.2002
Source:
BUGTRAQ
SecurityVulns ID:
1945
Type:
local
Level:
6
/10
Description:
Buffer overflow in libc locale functions and -session switch of dtprintinfo.
Affected:
COMPAQ
:
Tru64 DIGITAL UNIX 5.1
COMPAQ
:
Tru64 DIGITAL UNIX 5.0
COMPAQ
:
Tru64 DIGITAL UNIX 4.0
Original document
SNS
,
[SNS Advisory No.51] Compaq Tru64 UNIX libc Buffer Overflow Vulnerability
(
17.04.2002
)
SNS
,
[SNS Advisory No.50] Compaq Tru64 UNIX dtprintinfo "-session" Buffer Overflow Vulnerability
(
17.04.2002
)
Discuss:
Read or add your comments to this news (0 comments)
Source code retrival in Sambar
updated since 17.04.2002
Published:
18.04.2002
Source:
SECURITEAM
SecurityVulns ID:
1944
Type:
remote
Level:
5
/10
Description:
It's possible to get source code by adding space with NULL symbol to filename.
Original document
Peter Gründl
,
KPMG-2002012: Sambar Webserver Serverside Fileparse Bypass
(
18.04.2002
)
SECURITEAM
,
[NT] Sambar Webserver Serverside Fileparse Bypass
(
17.04.2002
)
Discuss:
Read or add your comments to this news (0 comments)
About
|
Terms of use
|
Privacy Policy
©
SecurityVulns
,
3APA3A
, Vladimir Dubrovin
Enter your search terms
Web
securityvulns.com
Submit search form
