Format string bug in Foundstone Fscan
Published:		20.04.2002
Source:		BUGTRAQ
SecurityVulns ID:		1952
Type:		client
Level:		6/10
Description:		Format string bug during server banner analisys.

Affected:

FOUNDSTONE : Fscan 1.12

Original document

Peter Gründl, KPMG-2002014: Foundstone Fscan Format String Bug (20.04.2002)

Discuss:

Read or add your comments to this news (0 comments)

CGI bugs updated since 25.03.2002
Published:		20.04.2002
Source:		BUGTRAQ
SecurityVulns ID:		1881
Type:		remote
Level:		5/10

Affected:		POSTNUKE : PostNuke 0.64
		JELSOFT : vBulletin 2.2
		WORKFORCEROI : Xpede 4.1
		WEBSIGHT : WebSight 0.1
		CGI : Alguest guestbook
		CGI : Instant Web Mail 0.59
		CGI : csSearch 2.3
		POSTNUKE : PostNuke 0.7

Original document		Cerberus Vulgaris, Xpede many vulnerabilities (20.04.2002)
		pokleyzz sakamaniaka, postnuke v 0.7.0.3 remote command execution (28.03.2002)
		Steve Gustin, CGIscript.net - csSearch.cgi - Remote Code Execution (up to 17,000 sites vulnerable) (27.03.2002)
		Ulf Harnhammar, Instant Web Mail additional POP3 commands and mail headers (26.03.2002)
		MOD, Cookie vulnerability in Alguest guestbook (PHP) (26.03.2002)
		Jens Liebchen, WebSight Directory System: cross-site-scripting bug (26.03.2002)
		frog frog, [IMG] tag vulnerability in vBulletin (26.03.2002)
		Matt, memberlist.php of vBulletin (25.03.2002)
		Scott, PostNuke Bugged (25.03.2002)
		gregory duchemin, Xpede passwords exposed (2 vuln.) (25.03.2002)

Discuss:

Read or add your comments to this news (0 comments)

CGI bugs updated since 16.04.2002
Published:		20.04.2002
Source:		BUGTRAQ
SecurityVulns ID:		1932
Type:		remote
Level:		5/10

Affected:		SNITZ : Snitz Forums 2000
		WBB : wbboard 1.1
		X-DEV : x-dev.de Guestbook
		X-DEV : xNewsletter
		CGI : FileSeek2.cgi
		POSTBOARD : PostBoard 2.0
		MICROSOFT : CodeBrws.asp
		CGI : Sgdynamo
		CGI : Myannuaire 1.0
		CGI : phpAnyvote 1.0
		CGI : DiSi-Poll 0.9
		CGI : PVote 1.5

Original document		acemi, Snitz Forums 2000 remote SQL query manipulation vulnerability (20.04.2002)
		acemi, Snitz Forums 2000 remote SQL query manipulation vulnerability (20.04.2002)
		Daniel Nyström, [[ TH 026 Inc. ]] SA #1 - Multiple vulnerabilities in PVote 1.5 (18.04.2002)
		frog frog, Smalls holes on 5 products #1 (18.04.2002)
		H D Moore, Microsoft IIS 5.0 CodeBrws.asp Source Disclosure (17.04.2002)
		gcsb, Multiple Vulnerabilities in PostBoard (17.04.2002)
		N|ghtHawk, FileSeek cgi script advisory (17.04.2002)
		Florian Hobelsberger / BlueScreen, Several x-dev.de Guestbook and xNewsletter Vulnerabilities ( www.x-dev.de ) (16.04.2002)
		SeazoN, wbboard 1.1.1 Cross Site Scripting Vulnerability (16.04.2002)

Discuss:

Read or add your comments to this news (0 comments)

Buffer overflow in OpenSSH updated since 20.04.2002
Published:		22.04.2002
Source:		BUGTRAQ
SecurityVulns ID:		1953
Type:		remote
Level:		9/10
Description:		GETSTRING macro in radix_to_creds function may cause buffer overflow.

Affected:		OPENSSH : OpenSSH 2.5
		OPENSSH : OpenSSH 2.9
		OPENSSH : OpenSSH 3.1
		OPENSSH : OpenSSH 2.2

Original document		Niels Provos, OpenSSH Security Advisory (adv.token) (22.04.2002)
		Marcell Fodor, OpenSSH 2.2.0 - 3.1.0 server contains a locally exploitable buffer overflow (20.04.2002)

Files:		OpenSSH 2.2.0 - 3.1.0 local buffer overflow exploit
		Local OpenSSH 2.2.0 - 3.1.0 Exploit from Marcell Fodor
Discuss:		Read or add your comments to this news (0 comments)