|
Our Security Alert
Page 2002
Here you will find
recent security alerts indexed by date.
For
2001 go here... |
| June
19, 2002 |
Apache
Web Server Chunk Handling Vulnerability
A vulnerability exists in Apache Web servers that
can lead to arbitrary code execution on the vulnerable system. |
| June
18, 2002 |
Cisco
Cable Modem Termination System Authentication Bypass Vulnerability
A vulnerability exists in Cisco Systems' uBR7200
series and uBR7100 series Universal Broadband Routers that lets an
attacker download unauthorized configuration files to cable modems. |
| June
14, 2002 |
Buffer
Overrun in Microsoft IIS 5.0 and 4.0 HTR
A buffer overrun condition exists in IIS 5.0 and
4.0 that can lead to remote compromise of the affected system. |
| June
14, 2002 |
Unchecked
Buffer in Microsoft RAS Phonebook
A buffer overrun condition exists in Microsoft’s
RAS phonebook implementation that can compromise the affected system. |
| June
14, 2002 |
Multiple
Vulnerabilities in Microsoft SQLXML for SQL Server 2000
Two new vulnerabilities exist in SQLXML. |
| June
12, 2002 |
Unchecked
Buffer in Microsoft Gopher Protocol Handler
A buffer overrun condition exists in Microsoft’s
implementation of the gopher protocol in IE, Proxy 2.0 and ISA Server
2000 that can lead to remote compromise of the affected system. |
| June
10, 2002 |
Unchecked
Buffer in ASP.NET Component of Microsoft .NET 1.0
A vulnerability exists in the ASP.NET component of
the Microsoft .NET Framework 1.0 that can result in a Denial of Service
(DoS) condition or execution of arbitrary code on the vulnerable system. |
| June
7, 2002 |
Multiple
Vulnerabilities in Yahoo! Instant Messenger
Multiple vulnerabilities exist in Yahoo! Messenger
that can lead to remote compromise of the affected system. |
|
June 6, 2002 |
Denial
of Service in ISC BIND 9
A Denial of Service (DoS) condition exists in
Internet Software Consortium’s BIND DNS software.
|
|
May 30, 2002 |
Buffer
Overrun Vulnerability in Macromedia JRun Server 3.0/3.1
A buffer overrun condition exists in Macromedia’s
JRun Server 3.1 and 3.0.
|
|
May 30, 2002 |
Denial
of Service in Exchange 2000 Server
A Denial of Service (DoS) condition exists in
Exchange 2000. This vulnerability stems from a problem in the way Exchange
2000 handles certain malformed Request for Comments (RFC) message
attributes on received mail.
|
|
May 29, 2002 |
Unauthorized
File Disclosure in Deerfield WebSite Pro 3.1.11.0
A vulnerability exists in Deerfield’s WebSite Pro
3.1.11.0 that can disclose source-script code to an unauthorized user.
|
|
May 28, 2002 |
Authentication
Flaw in Windows Debugger
A vulnerability exists in the authentication
mechanism of the Win2K and NT 4.0 debugging facility that can let an
unauthorized program gain access to the debugger.
|
|
May 22, 2002 |
Buffer
Overflow in Ipswitch's IMail Server
A buffer overflow condition exists in the Lightweight
Directory Access Protocol (LDAP) component of Ipswitch's IMail server.
|
|
May 17, 2002 |
Authorization
Vulnerability in nCipher MSCAPI CSP Install Wizard 5.50
The nCipher MSCAPI CSP Install Wizard 5.50 wizard
incorrectly sets up the nCipher CSPs to use module protection for all keys
that the user subsequently creates.
|
|
May 17, 2002 |
Multiple
Vulnerabilities in Microsoft Internet Explorer
Six newly discovered vulnerabilities exist in IE 6.0,
5.5, and 5.01
|
|
May 9, 2002 |
Unchecked
Buffer in Microsoft MSN Messenger Chat ActiveX Control
A buffer overflow condition exists in Microsoft’s
MSN Messenger Chat control that can result in unauthorized code execution.
|
|
May 8, 2002 |
Buffer
Overflow in Macromedia's Flash Player 6.0 ActiveX Control
A buffer overflow condition exists in Macromedia’s
Flash Player 6.0 ActiveX Control.
|
|
May 2, 2002 |
Multiple
Vulnerabilities in BEA Weblogic
Multiple vulnerabilities exist in BEA WebLogic 6.1
SP2 for Windows 2000.
|
|
May 2, 2002 |
Denial
of Service in ISS RealSecure
A Denial of Service (DoS) condition exists in
Internet Security Systems’ RealSecure Network Sensor.
|
|
April 27, 2002 |
Automatic
Script Execution Vulnerability In Outlook 2002, 2000
A vulnerability exists in Microsoft Outlook 2002 and
Outlook 2000 that can let an attacker execute arbitrary script under the
user’s security context on the vulnerable computer.
|
|
April 22, 2002 |
Denial
of Service in Microsoft's Distributed Transaction Coordinator for Windows
2000
A Denial of Service (DoS) condition exists within
Microsoft’s distributed transaction coordinator (DTC) for Win2K.
|
|
April 19, 2002 |
Cross
Site Scripting Vulnerability in Microsoft WebBrowser Control
A universal cross-site scripting vulnerability exists
in Microsoft’s WebBrowser control that an attacker can exploit that can
result in elevated privileges.
|
|
April 19, 2002 |
Buffer
Overflow in Talentsoft Web+
A buffer overflow condition exists in Talentsoft’s
Web+ 5.0 and 4.6 that can cause code to execute on the vulnerable system
under the system-security context.
|
|
April 18, 2002 |
Unchecked
Buffer in Microsoft SQL 2000 and 7.0
An unchecked buffer exists in several of the extended
store procedures that Microsoft shipped with SQL Server 7.0 and SQL Server
2000.
|
|
April 10, 2002 |
Denial
of Service in Watchguard Firebox
A Denial of Service (DoS) condition exists within
Watchguard’s SOHO Firebox product.
|
|
April 10, 2002 |
Multiple
Vulnerabilities in Microsoft IIS
Multiple vulnerabilities exist in Microsoft’s IIS
that can result in server compromise or a Denial of Service (DoS)
condition.
|
|
April 5, 2002 |
Multiple
Vulnerabilities in Cisco Secure Access Control Server for Windows
Two vulnerabilities exist in Cisco Systems’ Secure
Access Control Server for Windows. The first vulnerability can lead to
arbitrary code execution on the server, and the second problem can lead to
information disclosure.
|
|
April 5, 2002 |
Buffer
Overrun in Microsoft Universal Naming Convention Provider Service
A buffer overrun vulnerability exists in the Multiple
Universal Naming Convention Provider (MUP) service.
|
|
March 29, 2002 |
|
Memory
Leak Vulnerability in Cisco Systems' CallManager 3.1
|
|
March 29, 2002 |
Script
Execution Vulnerabilities in Microsoft Internet Explorer
Two vulnerabilities exist in Internet Explorer (IE),
one of which can lead to script execution in the Local Computer Zone.
|
|
March 20, 2002 |
|
DoS
in Bitvise WinSSH for Windows 2000
|
|
March 14, 2002 |
|
Session
Authentication URL Exposed in Ipswitch IMail Server
|
|
March 8, 2002 |
Unchecked
Buffer in Microsoft Windows Shell
A vulnerability exists in Windows Shell that lets an
attacker arbitrarily execute code under the authorized user’s security
context.
|
|
March 6, 2002 |
Information
Disclosure Vulnerability in Microsoft Virtual Machine
A vulnerability exists in Microsoft Virtual Machine
build 3802 and earlier that can result in disclosing unauthorized
information.
|
|
March 1, 2002 |
Authentication
Vulnerability in SMTP of Microsoft Windows 2000 and Exchange Server 5.5
A vulnerability exists in the way that the SMTP
service handles a valid response from the OS's NT LAN Manager (NTLM)
authentication layer.
|
|
March 1, 2002 |
Denial
of Service in Microsoft's SMTP Service
A Denial of Service (DoS) condition exists in the
SMTP service of Windows XP Professional, Windows 2000, and Exchange 2000
Server 5.5.
|
|
February 28, 2002 |
Multiple
Vulnerabilities in PHP Scripting Language
Multiple vulnerabilities exist in the PHP scripting
language’s file upload code.
|
|
February 28, 2002 |
Information
Disclosure Vulnerability in Microsoft XML Core Services
A vulnerability exists in how the XMLHTTP control
applies IE security-zone settings.
|
|
February 22, 2002 |
Unchecked
Buffer in Commerce Server 2000 ISAPI Filter.
An unchecked buffer exists in the Internet Server API
(ISAPI) AuthFilter.
|
|
February 22, 2002 |
Information
Disclosure Vulnerability in Microsoft Internet Explorer
A vulnerability exists in IE that can lead to
information disclosure.
|
|
February 21, 2002 |
Unchecked
Buffer in Microsoft SQL Server 2000 and 7.0
An unchecked buffer in the handling of OLE database
provider names.
|
|
February 20, 2002 |
Buffer
Overrun In NetWin’s WebNEWS for Windows 2000 and NT 4.0
A buffer overrun vulnerability exists in NetWin’s
WebNEWS for Windows 2000 and NT 4.0 that could allow a potential attacker
to execute code under the same security context that IIS is running under
(Typically IUSR_MACHINENAME).
|
|
February 20, 2002 |
Denial
of Dervice (DoS) In Nombas ScriptEase Mini WebServer
A Denial of Dervice (DoS) condition exists in
Nombas’ ScriptEase Mini WebServer.
|
|
February 19, 2002 |
Authentication
Circumvention Vulnerability in BlueFace Falcon Web Server
An authentication circumvention vulnerability exists
in BlueFace’s Falcon Web Server for Windows.
|
|
February 19, 2002 |
Multiple
Vulnerabilities in Cooolsoft PowerFTP 2.10
Several vulnerabilities exist in Cooolsoft’s
PowerFTP 2.10 for Windows.
|
|
February 13, 2002 |
Multiple
Vulnerabilities in Microsoft Internet Explorer
Six new vulnerabilities have been discovered in
Microsoft Internet Explorer.
|
|
February 13, 2002 |
Access
Validation Vulnerability In Hewlett-Packard Advancestack J3210A
An access validation vulnerability exists in
Hewlett-Packard's (HP's) Advancestack J3210A Switching Hub.
|
|
February 13, 2002 |
Buffer
Overrun In Microsoft's SNMP Implementation
A buffer overrun vulnerability exists in Microsoft's
SNMP implementation.
|
|
February 8, 2002 |
Incorrect
Remote Registry Access to Microsoft Exchange 2000 Server
A vulnerability exists in Microsoft Exchange 2000
Server that lets an attacker gain remote access to the configuration
information on the server.
|
|
February 8, 2002 |
Buffer
Overflow in Microsoft Telnet
A buffer overrun vulnerability exists in Microsoft
Telnet that lets an attacker execute arbitrary code on the vulnerable
system.
|
|
February 7, 2002 |
Information
Disclosure In Texis CGI Software
An information disclosure vulnerability exists in
Thunderstone Software’s Texis CGI software.
|
|
February 7, 2002 |
Remote
Compromise Vulnerability in Oracle 8 and 9
A remotely exploiable vulnerability exists in
Oracle’s Database server versions 8 and 9 for Windows 2000 and Windows
NT 4.0.
|
|
February 1, 2002 |
Privilege
Escalation Vulnerability in Windows 2000/NT Domains
A vulnerability exists in Windows 2000 and Windows NT
4.0 domains that lets an attacker gain administrative access to computers
in a trusting domain.
|
|
January 29, 2002 |
Denial
of Service in Snort
A remote Denial of Service (DoS) condition exists in
the open-source Intrusion Detection System (IDS) Snort.
|
|
January 25, 2002 |
Arbitrary
Execution Vulnerability in PHP 4.0
A vulnerability exists in PHP 4.0 for Windows using
Apache Web Server 2.0. By exploiting PHP's ability to view files residing
outside the normal HTML root directory.
|
|
January 25, 2002 |
FTP
Bounce Vulnerability in SpoonFTP
A vulnerability exists in Pi-Soft’s SpoonFTP that
can result in an attacker being able to bounce a connection through the
vulnerable server and attack a third-party host.
|
|
January 15, 2002 |
File
Deletion Vulnerability in RaidenFTPD for Windows
A vulnerability exists in Raiden FTPD 2.2 that lets
an attacker delete any file on the system located in the root directory
(c:\, d:\, etc.).
|
|
January 15, 2002 |
Weak
Protection of Credentials in MiraMail 1.4 for Windows
A vulnerability exists in Nevrona MiraMail 1.4
because the system stores all account information and variables that it
uses in .ini files in plain text.
|
|
January 15, 2002 |
Denial
of Service in ZBServer Pro 1.5 for Windows
A Denial of Service (DoS) condition exists in
ZBServer Pro 1.5.
|
|
January 11, 2002 |
Disclosure
Vulnerability in Netscape Web Publisher
A vulnerability exists in a Netscape Enterprise’s
Web Publishing that lets an attacker use brute force to access user names
and passwords.
|
|
January 11, 2002 |
Multiple
Vulnerabilities in Cisco SN 5420 Storage Router
Three new vulnerabilities exist in the Cisco SN 5420
Storage Router software.
|
|
January 10, 2002 |
Cross
Site Scripting Vulnerability in DeleGate Proxy Server
A cross-site scripting vulnerability exists in
DeleGate Proxy server that results in automatic JavaScript code execution.
|
|
January 10, 2002 |
Denial
of Service in BEA Weblogic Server
A Denial of Service (DoS) condition exists in BEA
Weblogic Server 6.1.
|
|
January 9, 2002 |
File
Disclosure Vulnerability in AOLserver
Because of a vulnerability in AOLserver 3.4.2 for
Windows, an attacker can gain read access of known files residing on an
AOLserver host.
|
|
January 9, 2002 |
Buffer
Overflow in America Online Instant Messenger
A buffer overflow exists in AOL Instant Messenger
(AIM) that an attacker can use to remotely execute commands on the
vulnerable system.
|
|
January 9, 2002 |
Directory
Traversal Vulnerability in EFTP
A vulnerability exists in Encrypted File Transfer
Protocol 2.0.8.346
|
|
January 2, 2002 |
Multiple
Vulnerabilities in Microsoft SQL Server 2000 and 7.0
Multiple vulnerabilities exist in Microsoft SQL
Server 2000 and 7.0.
|
|
