Computer Security

Search:Vulnerability:20.08.2002
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Proxy error messages crossite scripting
updated since 27.10.2000
Published:20.08.2002
Source:VULN-DEV
SecurityVulns ID:668
Type:client
Level:6/10
Description:In error message URL is not escaped, it makes it possible to inject javascript into URL.
Affected:SQUID : squid 2.4
 W3C : Jigsaw 2.2
 CERN : CERN HTTPD 3.0
Original documentdocumentTAKAGI, Hiromitsu, W3C Jigsaw Proxy Server: Cross-Site Scripting Vulnerability (REPOST) (20.08.2002)
 documentTAKAGI, Hiromitsu, CERN Proxy Server: Cross-Site Scripting Vulnerability (16.08.2002)
 document3APA3A, Re: Squid doesn't quote urls in error messages. (27.10.2000)
 documentLincoln Yeoh, Squid doesn't quote urls in error messages. (27.10.2000)
Discuss:Read or add your comments to this news (0 comments)

Windows Apache directory traversal
updated since 12.08.2002
Published:20.08.2002
Source:BUGTRAQ
SecurityVulns ID:2222
Type:remote
Level:5/10
Description:It's possible to leave web rot folder by using backslash.
Affected:APACHE : Apache 2.0
Original documentdocumentAuriemma Luigi, Apache 2.0.39 directory traversal and path disclosure bug (20.08.2002)
 documentAPACHE, Apache 2.0 vulnerability affects non-Unix platforms (12.08.2002)
Discuss:Read or add your comments to this news (0 comments)

Format string bug in WebEasyMail
Published:20.08.2002
Source:BUGTRAQ
SecurityVulns ID:2235
Type:remote
Level:5/10
Description:Format string bug in SMTP command parsing.
Affected:WINWEBMAIL : WebEasyMail 3.4
Original documentdocumentStan Bubrouski, Advisory: DoS in WebEasyMail +more possible? (20.08.2002)
Discuss:Read or add your comments to this news (0 comments)

Multiple bugs in Kerio Mail Server
Published:20.08.2002
Source:BUGTRAQ
SecurityVulns ID:2236
Type:remote
Level:5/10
Affected:KERIO : Kerio Mail Server 5.0
Original documentdocumentAbraham Lincoln, Kerio Mail Server Multiple Security Vulnerabilities (20.08.2002)
Discuss:Read or add your comments to this news (0 comments)

Novell NetBasic multiple bugs
Published:20.08.2002
Source:BUGTRAQ
SecurityVulns ID:2238
Type:remote
Level:6/10
Description:Buffer overflow, directory traversal.
Affected:NOVELL : Netware 5.1
 NOVELL : Netware 6.0
Original documentdocumentNOVELL, NOVL-2002-2963297 - NetBasic Buffer Overflow + Scripting Vulnerability (20.08.2002)
Discuss:Read or add your comments to this news (0 comments)

Multiple bugs in ActiveX components
updated since 20.08.2002
Published:14.08.2003
Source:BUGTRAQ
SecurityVulns ID:2234
Type:client
Level:7/10
Description:Local files access in applet com.ms.xml.dso.XMLDSO.class and XMLHTTPConnection ActiveX, buffer overflow in xweb.ocx ActiveX (Microsoft DirectX Files Viewer), TSAC and File Transfer Manager (FTM) ActiveX.
Affected:MICROSOFT : Internet Explorer 6.0
 MICROSOFT : Visual Studio 6.0
Original documentdocumenttrihuynh_(at)_zeeup.com, Microsoft MCWNDX.OCX ActiveX buffer overflow (14.08.2003)
 documentLorenzo Hernandez Garcia-Hierro, NBActiveX Sure ActiveX Big Vulnerability (18.11.2002)
 documentjelmer, LEVERAGING CROSS-PROTOCOL SCRIPTING IN MSIE (12.09.2002)
 documentL0PHT, Microsoft Terminal Server Client Buffer Overrun (A082802-1) (31.08.2002)
 documentMICROSOFT, Security Bulletin MS02-048: Flaw in Certificate Enrollment Control Could Allow Deletion of Digital Certificates (Q323172) (29.08.2002)
 documentMICROSOFT, Security Bulletin MS02-046: Buffer Overrun in TSAC ActiveX Control Could Allow Code Execution (Q327521) (23.08.2002)
 documentAndrew G. Tereschenko, Repost: Buffer overflow in Microsoft DirectX Files Viewer xweb.ocx (<2,0,16,15) ActiveX sample (20.08.2002)
Discuss:Read or add your comments to this news (0 comments)

PostgreSQL buffer overflows
updated since 20.08.2002
Published:31.10.2003
Source:BUGTRAQ
SecurityVulns ID:2237
Type:local
Level:6/10
Description:Multiple buffer overflow in different SQL functions.
Affected:POSTGRESQL : postgresql 7.2
 POSTGRESQL : PostgreSQL 7.3
Original documentdocumentOPENPKG, [OpenPKG-SA-2003.047] OpenPKG Security Advisory (postgresql) (31.10.2003)
 documentDaniel Ahlberg, GLSA: PostgreSQL (26.08.2002)
 documentSir Mordred The Traitor, @(#)Mordred Labs advisory 0x0003: Buffer overflow in PostgreSQL (21.08.2002)
 documentSir Mordred The Traitor, @(#)Mordred Labs advisory 0x0004: Multiple buffer overflows in PostgreSQL. (21.08.2002)
 documentSir Mordred The Traitor, @(#) Mordred Labs advisory 0x0001: Buffer overflow in PostgreSQL (20.08.2002)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru