Search:Vulnerability:18.04.2002 - security vulnerabilities database

[EN] securityvulns.ru
no-pyccku

Unauthorized access to web administration in BackOffice
Published: 18.04.2002
Source: BUGTRAQ
SecurityVulns ID: 1946
Type: local
Level: 4/10
Description: Any local user (including web Guests) can perform some administration tasks.

Affected: MICROSOFT : Back Office Web Administrator 4.0
MICROSOFT : Back Office Web Administrator 4.5

Original document NGSSoftware Insight Security Research Advisory (NISR), Back Office Web Administrator Authentication Bypass (#NISR17042002A) (18.04.2002)

Discuss: Read or add your comments to this news (0 comments)

Format string and buffer overflow bugs in Posadis DNS Server
updated since 27.03.2002
Published: 18.04.2002
Source: BUGTRAQ
SecurityVulns ID: 1888
Type: remote
Level: 6/10
Description: Format string bug on logging without syslog facility.

Affected: POSADIS : Posadis DNS Server m5

Original document eSDee, bufferoverflow posadis m5pre2 (18.04.2002)

nick, Format String Bug in Posadis DNS Server (27.03.2002)

Files: local posadis m5pre1 format string exploit by eSDee
local posadis m5pre1 buffer overflow exploit by eSDee
Discuss: Read or add your comments to this news (0 comments)

SQL, PERL, HTML injection in IBM Informix Web DataBlade
updated since 12.04.2002
Published: 18.04.2002
Source: BUGTRAQ
SecurityVulns ID: 1927
Type: remote
Level: 7/10
Description: There are multiple ways for SQL query modification and to execute user-supplied perl file.

Affected: IBM : Web DataBlade 4.12

Original document Simon Lodal, IBM Informix Web DataBlade: Local root by design (18.04.2002)

Simon Lodal, IBM Informix Web DataBlade: Auto-decoding HTML entities (12.04.2002)

Simon Lodal, IBM Informix Web DataBlade: SQL injection (12.04.2002)

Discuss: Read or add your comments to this news (0 comments)

Source code retrival in Sambar
updated since 17.04.2002
Published: 18.04.2002
Source: SECURITEAM
SecurityVulns ID: 1944
Type: remote
Level: 5/10
Description: It's possible to get source code by adding space with NULL symbol to filename.

Original document Peter Gründl, KPMG-2002012: Sambar Webserver Serverside Fileparse Bypass (18.04.2002)

SECURITEAM, [NT] Sambar Webserver Serverside Fileparse Bypass (17.04.2002)

Discuss: Read or add your comments to this news (0 comments)

Windows 2000 Directory Service DoS
Published: 18.04.2002
Source: BUGTRAQ
SecurityVulns ID: 1947
Type: remote
Level: 6/10
Description: Flood to TCP/445 (microsoft-ds) port causes server to hang.

Affected: MICROSOFT : Windows 2000 Server
MICROSOFT : Windows 2000 Advanced Server
MICROSOFT : Windows 2000 Professional

Original document Peter Gründl, KPMG-2002011: Windows 2000 microsoft-ds Denial of Service (18.04.2002)

Files: Microsoft-ds xploit
Discuss: Read or add your comments to this news (0 comments)

Physical path leakage in ColdFusion
Published: 18.04.2002
Source: BUGTRAQ
SecurityVulns ID: 1949
Type: remote
Level: 3/10
Description: Error message on access attempt to DOS device contains physical path.

Affected: MACROMEDIA : ColdFusion 5.0

Original document Peter Gründl, KPMG-2002013: Coldfusion Path Disclosure (18.04.2002)

Discuss: Read or add your comments to this news (0 comments)