var-200106-0149
Vulnerability from variot
Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior versions allows remote attackers to execute arbitrary code via a long From: header. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. "The Bat!" is an MUA for Windows by Rit Research Labs. "The Bat!" is vulnerable to a remote denial of service attack. Email messages in which carriage return (CR) characters are not followed by a linefeed (LF) can cause "The Bat!" to incorrectly interpret the message's structure. This can lead "The Bat!" to read text in the message body as a response from the POP3 server. The current (corrupt) message will not be deleted from the server, and the mail download process will stop. As a result, the user will remain unable to receive new email messages from the affected POP3 account. -----BEGIN PGP SIGNED MESSAGE-----
Internet Security Systems Security Alert Summary May 10, 2001 Volume 6 Number 6
X-Force Vulnerability and Threat Database: http://xforce.iss.net/ To receive these Alert Summaries as well as other Alerts and Advisories, subscribe to the Internet Security Systems Alert mailing list at: http://xforce.iss.net/maillists/index.php
This summary can be found at: http://xforce.iss.net/alerts/vol-6_num-6.php
Contents: * 120 Reported Vulnerabilities * Risk Factor Key
Date Reported: 04/02/2001 Brief Description: The Bat! masked file type in email attachment could allow execution of code Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: The Bat! 1.49 and earlier Vulnerability: thebat-masked-file-type X-Force URL: http://xforce.iss.net/static/6324.php
Date Reported: 04/02/2001 Brief Description: PHP-Nuke could allow attackers to redirect ad banner URL links Risk Factor: Medium Attack Type: Network Based Platforms Affected: PHP-Nuke 4.4 and earlier Vulnerability: php-nuke-url-redirect X-Force URL: http://xforce.iss.net/static/6342.php
Date Reported: 04/03/2001 Brief Description: Orinoco RG-1000 Residential Gateway default SSID reveals WEP encryption key Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Orinoco Residential Gateway RG-1000 Vulnerability: orinoco-rg1000-wep-key X-Force URL: http://xforce.iss.net/static/6328.php
Date Reported: 04/03/2001 Brief Description: Navision Financials server denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Navision Financials 2.5 and 2.6 Vulnerability: navision-server-dos X-Force URL: http://xforce.iss.net/static/6318.php
Date Reported: 04/03/2001 Brief Description: uStorekeeper online shopping system allows remote file retrieval Risk Factor: Medium Attack Type: Network Based Platforms Affected: uStorekeeper 1.61 Vulnerability: ustorekeeper-retrieve-files X-Force URL: http://xforce.iss.net/static/6319.php
Date Reported: 04/03/2001 Brief Description: Resin server allows remote attackers to view Javabean files Risk Factor: Medium Attack Type: Network Based Platforms Affected: Resin 1.2.x, Resin 1.3b1 Vulnerability: resin-view-javabean X-Force URL: http://xforce.iss.net/static/6320.php
Date Reported: 04/03/2001 Brief Description: BPFTP could allow attackers to obtain login credentials Risk Factor: High Attack Type: Network Based Platforms Affected: BPFTP 2.0 Vulnerability: bpftp-obtain-credentials X-Force URL: http://xforce.iss.net/static/6330.php
Date Reported: 04/04/2001 Brief Description: Ntpd server readvar control message buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6, AIX 5.1, Slackware Linux 7.1, Engarde Secure Linux 1.0.1, Progeny Linux, SuSE Linux 7.1, ntpd 4.0.99k and earlier, FreeBSD 4.2-Stable, Mandrake Linux Corporate Server 1.0.1, Mandrake Linux 7.2, Trustix Secure Linux, Immunix Linux 7.0, NetBSD 1.5, SuSE Linux 7.0, Caldera OpenLinux eServer 2.3.1 Vulnerability: ntpd-remote-bo X-Force URL: http://xforce.iss.net/static/6321.php
Date Reported: 04/04/2001 Brief Description: Cisco CSS debug mode allows users to gain administrative access Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Cisco Content Services Switch 11050, Cisco Content Services Switch 11150, Cisco Content Services Switch 11800 Vulnerability: cisco-css-elevate-privileges X-Force URL: http://xforce.iss.net/static/6322.php
Date Reported: 04/04/2001 Brief Description: BEA Tuxedo may allow access to remote services Risk Factor: Medium Attack Type: Network Based Platforms Affected: BEA Tuxedo 7.1 Vulnerability: bea-tuxedo-remote-access X-Force URL: http://xforce.iss.net/static/6326.php
Date Reported: 04/05/2001 Brief Description: Ultimate Bulletin Board could allow attackers to bypass authentication Risk Factor: High Attack Type: Network Based Platforms Affected: Ultimate Bulletin Board 5.43, Ultimate Bulletin Board 5.4.7e Vulnerability: ultimatebb-bypass-authentication X-Force URL: http://xforce.iss.net/static/6339.php
Date Reported: 04/05/2001 Brief Description: BinTec X4000 NMAP denial of service Risk Factor: Low Attack Type: Network Based Platforms Affected: BinTec X4000 5.1.6P10 and prior, BinTec X1000, BinTec X1200 Vulnerability: bintec-x4000-nmap-dos X-Force URL: http://xforce.iss.net/static/6323.php
Date Reported: 04/05/2001 Brief Description: WatchGuard Firebox II kernel denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: WatchGuard Firebox II prior to 4.6 Vulnerability: firebox-kernel-dos X-Force URL: http://xforce.iss.net/static/6327.php
Date Reported: 04/06/2001 Brief Description: Cisco PIX denial of service due to multiple TACACS+ requests Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco PIX Firewall 5.1.4 Vulnerability: cisco-pix-tacacs-dos X-Force URL: http://xforce.iss.net/static/6353.php
Date Reported: 04/06/2001 Brief Description: Darren Reed's IP Filter allows attackers to access UDP and TCP ports Risk Factor: Medium Attack Type: Network Based Platforms Affected: IP Filter 3.4.16 Vulnerability: ipfilter-access-ports X-Force URL: http://xforce.iss.net/static/6331.php
Date Reported: 04/06/2001 Brief Description: Veritas NetBackup nc (netcat) command denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: NetBackup 3.2 Vulnerability: veritas-netbackup-nc-dos X-Force URL: http://xforce.iss.net/static/6329.php
Date Reported: 04/08/2001 Brief Description: PGP may allow malicious users to access authenticated split keys Risk Factor: Medium Attack Type: Host Based Platforms Affected: PGP 7.0 Vulnerability: nai-pgp-split-keys X-Force URL: http://xforce.iss.net/static/6341.php
Date Reported: 04/09/2001 Brief Description: Solaris kcms_configure command line buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7, Solaris 8 Vulnerability: solaris-kcms-command-bo X-Force URL: http://xforce.iss.net/static/6359.php
Date Reported: 04/09/2001 Brief Description: TalkBack CGI script could allow remote attackers to read files on the Web server Risk Factor: Medium Attack Type: Network Based Platforms Affected: TalkBack prior to 1.2 Vulnerability: talkback-cgi-read-files X-Force URL: http://xforce.iss.net/static/6340.php
Date Reported: 04/09/2001 Brief Description: Multiple FTP glob(3) implementation Risk Factor: Low Attack Type: Network Based Platforms Affected: FreeBSD 4.2, Solaris 8, IRIX 6.5.x, OpenBSD 2.8, HP-UX 11.00, NetBSD Vulnerability: ftp-glob-implementation X-Force URL: http://xforce.iss.net/static/6333.php
Date Reported: 04/09/2001 Brief Description: Pine mail client temp file symbolic link Risk Factor: Medium Attack Type: Host Based Platforms Affected: Pine prior to 4.33, Red Hat Linux 5.2, Red Hat Linux 6.2, Red Hat Linux 7.0 Vulnerability: pine-tmp-file-symlink X-Force URL: http://xforce.iss.net/static/6367.php
Date Reported: 04/09/2001 Brief Description: Multiple FTP glob(3) expansion Risk Factor: Low Attack Type: Network Based Platforms Affected: HP-UX 11.00, NetBSD, Solaris 8, IRIX 6.5.x, OpenBSD 2.8, FreeBSD 4.2, MIT Kerberos 5 Vulnerability: ftp-glob-expansion X-Force URL: http://xforce.iss.net/static/6332.php
Date Reported: 04/09/2001 Brief Description: Netscape embedded JavaScript in GIF file comments can be used to access remote data Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Netscape Communicator 4.76, Red Hat Linux 6.2, Debian Linux 2.2, Conectiva Linux, Red Hat Linux 7.0, Immunix Linux 6.2, Immunix Linux 7.0 Beta, Red Hat Linux 7.1 Vulnerability: netscape-javascript-access-data X-Force URL: http://xforce.iss.net/static/6344.php
Date Reported: 04/09/2001 Brief Description: STRIP generates weak passwords Risk Factor: Low Attack Type: Host Based Platforms Affected: STRIP 0.5 and earlier Vulnerability: strip-weak-passwords X-Force URL: http://xforce.iss.net/static/6362.php
Date Reported: 04/10/2001 Brief Description: Solaris Xsun HOME environment variable buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7 Vulnerability: solaris-xsun-home-bo X-Force URL: http://xforce.iss.net/static/6343.php
Date Reported: 04/10/2001 Brief Description: Compaq Presario Active X denial of service Risk Factor: Low Attack Type: Network Based Platforms Affected: Compaq Presario, Windows 98, Windows ME Vulnerability: compaq-activex-dos X-Force URL: http://xforce.iss.net/static/6355.php
Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems 'EXPERT' account Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-expert-account X-Force URL: http://xforce.iss.net/static/6354.php
Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems allow attacker on LAN to gain access using TFTP Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-tftp-lan-access X-Force URL: http://xforce.iss.net/static/6336.php
Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems allow attacker on WAN to gain access using TFTP Risk Factor: Low Attack Type: Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-tftp-wan-access X-Force URL: http://xforce.iss.net/static/6337.php
Date Reported: 04/10/2001 Brief Description: Oracle Application Server shared library (ndwfn4.so) buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: iPlanet Web Server 4.x, Oracle Application Server 4.0.8.2 Vulnerability: oracle-appserver-ndwfn4-bo X-Force URL: http://xforce.iss.net/static/6334.php
Date Reported: 04/10/2001 Brief Description: Alcatel ADSL modems use blank password by default Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Alcatel ADSL Network Termination Device 1000, Alcatel Speed Touch ADSL modem Home Vulnerability: alcatel-blank-password X-Force URL: http://xforce.iss.net/static/6335.php
Date Reported: 04/11/2001 Brief Description: Solaris dtsession buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7 Vulnerability: solaris-dtsession-bo X-Force URL: http://xforce.iss.net/static/6366.php
Date Reported: 04/11/2001 Brief Description: Solaris kcsSUNWIOsolf.so buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Solaris 7, Solaris 8 Vulnerability: solaris-kcssunwiosolf-bo X-Force URL: http://xforce.iss.net/static/6365.php
Date Reported: 04/11/2001 Brief Description: Lightwave ConsoleServer brute force password attack Risk Factor: High Attack Type: Network Based Platforms Affected: Lightwave ConsoleServer 3200 Vulnerability: lightwave-consoleserver-brute-force X-Force URL: http://xforce.iss.net/static/6345.php
Date Reported: 04/11/2001 Brief Description: nph-maillist allows user to execute code Risk Factor: Low Attack Type: Host Based Platforms Affected: Email List Generator 3.5 and earlier Vulnerability: nph-maillist-execute-code X-Force URL: http://xforce.iss.net/static/6363.php
Date Reported: 04/11/2001 Brief Description: Symantec Ghost Configuration Server denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Ghost 6.5 Vulnerability: ghost-configuration-server-dos X-Force URL: http://xforce.iss.net/static/6357.php
Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server DOS device denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-device-dos X-Force URL: http://xforce.iss.net/static/6348.php
Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server HTTP header denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-header-dos X-Force URL: http://xforce.iss.net/static/6347.php
Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server URL parsing denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-url-dos X-Force URL: http://xforce.iss.net/static/6351.php
Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server CORBA denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-corba-dos X-Force URL: http://xforce.iss.net/static/6350.php
Date Reported: 04/11/2001 Brief Description: Symantec Ghost database engine denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Ghost 6.5, Sybase Adaptive Server Database Engine 6.0.3.2747 Vulnerability: ghost-database-engine-dos X-Force URL: http://xforce.iss.net/static/6356.php
Date Reported: 04/11/2001 Brief Description: cfingerd daemon remote format string Risk Factor: Low Attack Type: Network Based Platforms Affected: Debian Linux 2.1, Debian Linux 2.2, cfingerd 1.4.3 and earlier Vulnerability: cfingerd-remote-format-string X-Force URL: http://xforce.iss.net/static/6364.php
Date Reported: 04/11/2001 Brief Description: Lotus Domino Web Server Unicode denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Lotus Domino R5 prior to 5.0.7 Vulnerability: lotus-domino-unicode-dos X-Force URL: http://xforce.iss.net/static/6349.php
Date Reported: 04/11/2001 Brief Description: Linux mkpasswd generates weak passwords Risk Factor: High Attack Type: Host Based Platforms Affected: Red Hat Linux 6.2, Red Hat Linux 7.0, mkpasswd Vulnerability: mkpasswd-weak-passwords X-Force URL: http://xforce.iss.net/static/6382.php
Date Reported: 04/12/2001 Brief Description: Solaris ipcs utility buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Solaris 7 Vulnerability: solaris-ipcs-bo X-Force URL: http://xforce.iss.net/static/6369.php
Date Reported: 04/12/2001 Brief Description: InterScan VirusWall ISADMIN service buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: Linux kernel , InterScan VirusWall 3.0.1 Vulnerability: interscan-viruswall-isadmin-bo X-Force URL: http://xforce.iss.net/static/6368.php
Date Reported: 04/12/2001 Brief Description: HylaFAX hfaxd format string Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: HylaFAX 4.1B3 and prior, SuSE Linux 6.x, SuSE Linux 7.0, Mandrake Linux 7.1, FreeBSD 3.5.1, Mandrake Linux 7.2, Mandrake Linux Corporate Server 1.0.1, FreeBSD 4.2, SuSE Linux 7.1 Vulnerability: hylafax-hfaxd-format-string X-Force URL: http://xforce.iss.net/static/6377.php
Date Reported: 04/12/2001 Brief Description: Cisco VPN 3000 Concentrators invalid IP Option denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco VPN 3000 Concentrators prior to 2.5.2 F Vulnerability: cisco-vpn-ip-dos X-Force URL: http://xforce.iss.net/static/6360.php
Date Reported: 04/13/2001 Brief Description: Net.Commerce package in IBM WebSphere reveals installation path Risk Factor: High Attack Type: Network Based Platforms Affected: IBM Websphere, Solaris 2.6, AIX 4.3.x, Solaris 7, Windows NT 4.0 Vulnerability: ibm-websphere-reveals-path X-Force URL: http://xforce.iss.net/static/6371.php
Date Reported: 04/13/2001 Brief Description: QPC ftpd buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: QVT/Term 5.0, QVT/Net 5.0 Vulnerability: qpc-ftpd-bo X-Force URL: http://xforce.iss.net/static/6376.php
Date Reported: 04/13/2001 Brief Description: QPC ftpd directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: QVT/Net 5.0, QVT/Term 5.0 Vulnerability: qpc-ftpd-directory-traversal X-Force URL: http://xforce.iss.net/static/6375.php
Date Reported: 04/13/2001 Brief Description: QPC popd buffer overflow Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: QVT/Net 5.0 Vulnerability: qpc-popd-bo X-Force URL: http://xforce.iss.net/static/6374.php
Date Reported: 04/13/2001 Brief Description: NCM Content Management System access database Risk Factor: Low Attack Type: Network Based Platforms Affected: NCM Content Management System Vulnerability: ncm-content-database-access X-Force URL: http://xforce.iss.net/static/6386.php
Date Reported: 04/13/2001 Brief Description: Netscape SmartDownload 'sdph20.dll' buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Netscape SmartDownload 1.3, Windows NT, Windows 95, Windows 98 Vulnerability: netscape-smartdownload-sdph20-bo X-Force URL: http://xforce.iss.net/static/6403.php
Date Reported: 04/13/2001 Brief Description: SCO OpenServer accept buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-accept-bo X-Force URL: http://xforce.iss.net/static/6404.php
Date Reported: 04/13/2001 Brief Description: SCO OpenServer cancel buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-cancel-bo X-Force URL: http://xforce.iss.net/static/6406.php
Date Reported: 04/13/2001 Brief Description: SCO OpenServer disable buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-disable-bo X-Force URL: http://xforce.iss.net/static/6407.php
Date Reported: 04/13/2001 Brief Description: SCO OpenServer enable buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-enable-bo X-Force URL: http://xforce.iss.net/static/6409.php
Date Reported: 04/13/2001 Brief Description: SCO OpenServer lp buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lp-bo X-Force URL: http://xforce.iss.net/static/6410.php
Date Reported: 04/13/2001 Brief Description: SCO OpenServer lpfilter buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lpfilter-bo X-Force URL: http://xforce.iss.net/static/6411.php
Date Reported: 04/13/2001 Brief Description: SCO OpenServer lpstat buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lpstat-bo X-Force URL: http://xforce.iss.net/static/6413.php
Date Reported: 04/13/2001 Brief Description: SCO OpenServer reject buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-reject-bo X-Force URL: http://xforce.iss.net/static/6414.php
Date Reported: 04/13/2001 Brief Description: SCO OpenServer rmail buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-rmail-bo X-Force URL: http://xforce.iss.net/static/6415.php
Date Reported: 04/13/2001 Brief Description: SCO OpenServer tput buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-tput-bo X-Force URL: http://xforce.iss.net/static/6416.php
Date Reported: 04/13/2001 Brief Description: IBM WebSphere CGI macro denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: IBM Websphere, Windows NT 4.0, Solaris 2.6, AIX 4.3.x, Solaris 7 Vulnerability: ibm-websphere-macro-dos X-Force URL: http://xforce.iss.net/static/6372.php
Date Reported: 04/13/2001 Brief Description: SCO OpenServer lpmove buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: SCO Openserver 5.0.0 to 5.0.6 Vulnerability: sco-openserver-lpmove-bo X-Force URL: http://xforce.iss.net/static/6412.php
Date Reported: 04/14/2001 Brief Description: Siemens Reliant Unix ppd -T symlink Risk Factor: Medium Attack Type: Host Based Platforms Affected: Reliant Unix 5.45, Reliant Unix 5.43, Reliant Unix 5.44 Vulnerability: reliant-unix-ppd-symlink X-Force URL: http://xforce.iss.net/static/6408.php
Date Reported: 04/15/2001 Brief Description: Linux Exuberant Ctags package symbolic link Risk Factor: Medium Attack Type: Host Based Platforms Affected: Debian Linux 2.2, exuberant-ctags Vulnerability: exuberant-ctags-symlink X-Force URL: http://xforce.iss.net/static/6388.php
Date Reported: 04/15/2001 Brief Description: processit.pl CGI could allow attackers to view sensitive information about the Web server Risk Factor: Medium Attack Type: Network Based Platforms Affected: processit.pl Vulnerability: processit-cgi-view-info X-Force URL: http://xforce.iss.net/static/6385.php
Date Reported: 04/16/2001 Brief Description: Microsoft ISA Server Web Proxy denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Microsoft ISA Server 2000 Vulnerability: isa-web-proxy-dos X-Force URL: http://xforce.iss.net/static/6383.php
Date Reported: 04/16/2001
Brief Description: Microsoft Internet Explorer altering CLSID
action allows malicious file execution
Risk Factor: Low
Attack Type: Host Based
Platforms Affected: Windows 2000, Internet Explorer 5.5, Windows 98
Vulnerability: ie-clsid-execute-files
X-Force URL: http://xforce.iss.net/static/6426.php
Date Reported: 04/16/2001 Brief Description: Cisco Catalyst 5000 series switch 802.1x denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Cisco Catalyst 5000 Series Vulnerability: cisco-catalyst-8021x-dos X-Force URL: http://xforce.iss.net/static/6379.php
Date Reported: 04/16/2001 Brief Description: BubbleMon allows users to gain elevated privileges Risk Factor: Low Attack Type: Host Based Platforms Affected: BubbleMon prior to 1.32, FreeBSD Vulnerability: bubblemon-elevate-privileges X-Force URL: http://xforce.iss.net/static/6378.php
Date Reported: 04/16/2001 Brief Description: DCForum CGI az= field directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: DCForum 2000 1.0 Vulnerability: dcforum-az-directory-traversal X-Force URL: http://xforce.iss.net/static/6391.php
Date Reported: 04/16/2001 Brief Description: DCForum CGI az= field allows attacker to upload files Risk Factor: Low Attack Type: Network Based Platforms Affected: DCForum 2000 1.0 Vulnerability: dcforum-az-file-upload X-Force URL: http://xforce.iss.net/static/6393.php
Date Reported: 04/16/2001 Brief Description: DCForum CGI az= field EXPR allows attacker to execute commands Risk Factor: Low Attack Type: Network Based Platforms Affected: DCForum 2000 1.0 Vulnerability: dcforum-az-expr X-Force URL: http://xforce.iss.net/static/6392.php
Date Reported: 04/16/2001 Brief Description: Linux NetFilter IPTables Risk Factor: Low Attack Type: Network Based Platforms Affected: Linux kernel 2.4, Red Hat Linux 7.1 Vulnerability: linux-netfilter-iptables X-Force URL: http://xforce.iss.net/static/6390.php
Date Reported: 04/17/2001 Brief Description: Xitami Web server denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Xitami Web server 2.4d7, Xitami Web server 2.5b4 Vulnerability: xitami-server-dos X-Force URL: http://xforce.iss.net/static/6389.php
Date Reported: 04/17/2001 Brief Description: Samba tmpfile symlink attack could allow elevated privileges Risk Factor: Low Attack Type: Host Based Platforms Affected: Trustix Secure Linux 1.2, Mandrake Linux 8.0, Progeny Linux, Caldera OpenLinux eBuilder, Trustix Secure Linux 1.01, Mandrake Linux Corporate Server 1.0.1, FreeBSD 4.2, Immunix Linux 7.0, Immunix Linux 6.2, Immunix Linux 7.0 Beta, Caldera OpenLinux eServer 2.3.1, Caldera OpenLinux eDesktop 2.4, FreeBSD 3.5.1 Vulnerability: samba-tmpfile-symlink X-Force URL: http://xforce.iss.net/static/6396.php
Date Reported: 04/17/2001 Brief Description: GoAhead WebServer "aux" denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: GoAhead Web Server 2.1, Windows 98, Windows ME Vulnerability: goahead-aux-dos X-Force URL: http://xforce.iss.net/static/6400.php
Date Reported: 04/17/2001 Brief Description: AnalogX SimpleServer:WWW "aux" denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: SimpleServer:WWW 1.03 to 1.08 Vulnerability: analogx-simpleserver-aux-dos X-Force URL: http://xforce.iss.net/static/6395.php
Date Reported: 04/17/2001 Brief Description: Viking Server hexadecimal URL encoded format directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Viking Server prior to 1.07-381 Vulnerability: viking-hex-directory-traversal X-Force URL: http://xforce.iss.net/static/6394.php
Date Reported: 04/17/2001 Brief Description: Solaris FTP server allows attacker to recover shadow file Risk Factor: Medium Attack Type: Host Based Platforms Affected: Solaris 2.6 Vulnerability: solaris-ftp-shadow-recovery X-Force URL: http://xforce.iss.net/static/6422.php
Date Reported: 04/18/2001 Brief Description: The Bat! pop3 denial of service Risk Factor: High Attack Type: Network Based Platforms Affected: The Bat! 1.51, Windows Vulnerability: thebat-pop3-dos X-Force URL: http://xforce.iss.net/static/6423.php
Date Reported: 04/18/2001 Brief Description: Eudora allows attacker to obtain files using plain text attachments Risk Factor: Medium Attack Type: Network Based Platforms Affected: Eudora 5.0.2 Vulnerability: eudora-plain-text-attachment X-Force URL: http://xforce.iss.net/static/6431.php
Date Reported: 04/18/2001 Brief Description: VMware vmware-mount.pl symlink Risk Factor: Medium Attack Type: Host Based Platforms Affected: VMware Vulnerability: vmware-mount-symlink X-Force URL: http://xforce.iss.net/static/6420.php
Date Reported: 04/18/2001 Brief Description: KFM tmpfile symbolic link could allow local attackers to overwrite files Risk Factor: Medium Attack Type: Host Based Platforms Affected: SuSE Linux 7.0, K File Manager (KFM) Vulnerability: kfm-tmpfile-symlink X-Force URL: http://xforce.iss.net/static/6428.php
Date Reported: 04/18/2001 Brief Description: CyberScheduler timezone remote buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: CyberScheduler, Mandrake Linux, Windows 2000, IIS 5.0, Solaris 8, SuSE Linux, Solaris 7, Slackware Linux, Red Hat Linux, IIS 4.0, Debian Linux, Solaris 2.5, Solaris 2.6, Caldera OpenLinux, Windows NT Vulnerability: cyberscheduler-timezone-bo X-Force URL: http://xforce.iss.net/static/6401.php
Date Reported: 04/18/2001 Brief Description: Microsoft Data Access Component Internet Publishing Provider allows WebDAV access Risk Factor: Medium Attack Type: Network Based Platforms Affected: Microsoft Data Access Component 8.103.2519.0, Windows 95, Windows NT 4.0, Windows 98, Windows 98 Second Edition, Windows 2000, Windows ME Vulnerability: ms-dacipp-webdav-access X-Force URL: http://xforce.iss.net/static/6405.php
Date Reported: 04/18/2001 Brief Description: Oracle tnslsnr80.exe denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Oracle 8.x, Windows NT 4.0 SP6, Solaris 8 Vulnerability: oracle-tnslsnr80-dos X-Force URL: http://xforce.iss.net/static/6427.php
Date Reported: 04/18/2001 Brief Description: innfeed -c flag buffer overflow Risk Factor: Low Attack Type: Host Based Platforms Affected: Red Hat Linux, Slackware Linux, Mandrake Linux, INN prior to 2.3.1 Vulnerability: innfeed-c-bo X-Force URL: http://xforce.iss.net/static/6398.php
Date Reported: 04/18/2001 Brief Description: iPlanet Calendar Server stores username and password in plaintext Risk Factor: Low Attack Type: Host Based Platforms Affected: iPlanet Calendar Server 5.0p2 Vulnerability: iplanet-calendar-plaintext-password X-Force URL: http://xforce.iss.net/static/6402.php
Date Reported: 04/18/2001 Brief Description: Linux NEdit symlink when printing Risk Factor: High Attack Type: Host Based Platforms Affected: SuSE Linux 6.3, SuSE Linux 6.4, Debian Linux 2.2, Mandrake Linux 7.1, Mandrake Linux 7.2, SuSE Linux 7.0, Mandrake Linux Corporate Server 1.0.1, SuSE Linux 7.1, Mandrake Linux 8.0 Vulnerability: nedit-print-symlink X-Force URL: http://xforce.iss.net/static/6424.php
Date Reported: 04/19/2001 Brief Description: CheckBO TCP buffer overflow Risk Factor: Medium Attack Type: Network Based Platforms Affected: CheckBO 1.56 and earlier Vulnerability: checkbo-tcp-bo X-Force URL: http://xforce.iss.net/static/6436.php
Date Reported: 04/19/2001 Brief Description: HP-UX pcltotiff uses insecure permissions Risk Factor: Medium Attack Type: Host Based Platforms Affected: HP-UX 10.01, HP-UX 10.10, HP-UX 10.20, HP-UX 10.26 Vulnerability: hp-pcltotiff-insecure-permissions X-Force URL: http://xforce.iss.net/static/6447.php
Date Reported: 04/19/2001 Brief Description: Netopia Timbuktu allows unauthorized system access Risk Factor: Low Attack Type: Host Based Platforms Affected: Timbuktu Pro, Macintosh OS X Vulnerability: netopia-timbuktu-gain-access X-Force URL: http://xforce.iss.net/static/6452.php
Date Reported: 04/20/2001 Brief Description: Cisco CBOS could allow attackers to gain privileged information Risk Factor: High Attack Type: Host Based / Network Based Platforms Affected: Cisco CBOS 2.4.1, Cisco CBOS 2.3.053 Vulnerability: cisco-cbos-gain-information X-Force URL: http://xforce.iss.net/static/6453.php
Date Reported: 04/20/2001 Brief Description: Internet Explorer 5.x allows active scripts using XML stylesheets Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Internet Explorer 5.x, Outlook Express 5.x Vulnerability: ie-xml-stylesheets-scripting X-Force URL: http://xforce.iss.net/static/6448.php
Date Reported: 04/20/2001 Brief Description: Linux gftp format string Risk Factor: Low Attack Type: Network Based Platforms Affected: gftp prior to 2.0.8, Mandrake Linux 8.0, Mandrake Linux Corporate Server 1.0.1, Immunix Linux 7.0, Red Hat Linux 7.1, Mandrake Linux 7.2, Immunix Linux 6.2, Immunix 7.0 beta, Red Hat Linux 6.2, Mandrake Linux 7.1, Red Hat Linux 7.0 Vulnerability: gftp-format-string X-Force URL: http://xforce.iss.net/static/6478.php
Date Reported: 04/20/2001 Brief Description: Novell BorderManager VPN client SYN requests denial of service Risk Factor: Medium Attack Type: Host Based / Network Based Platforms Affected: Novell BorderManager 3.5 Vulnerability: bordermanager-vpn-syn-dos X-Force URL: http://xforce.iss.net/static/6429.php
Date Reported: 04/20/2001 Brief Description: SAFT sendfiled could allow the execution of arbitrary code Risk Factor: Low Attack Type: Host Based Platforms Affected: Debian Linux 2.2, Progeny Linux, sendfile Vulnerability: saft-sendfiled-execute-code X-Force URL: http://xforce.iss.net/static/6430.php
Date Reported: 04/21/2001 Brief Description: Mercury MTA for Novell Netware buffer overflow Risk Factor: Medium Attack Type: Network Based Platforms Affected: Mercury MTA 1.47 and earlier, Novell NetWare Vulnerability: mercury-mta-bo X-Force URL: http://xforce.iss.net/static/6444.php
Date Reported: 04/21/2001 Brief Description: QNX allows attacker to read files on FAT partition Risk Factor: High Attack Type: Host Based / Network Based Platforms Affected: QNX 2.4 Vulnerability: qnx-fat-file-read X-Force URL: http://xforce.iss.net/static/6437.php
Date Reported: 04/23/2001 Brief Description: Viking Server "dot dot" (...) directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Viking Server 1.0.7 Vulnerability: viking-dot-directory-traversal X-Force URL: http://xforce.iss.net/static/6450.php
Date Reported: 04/24/2001 Brief Description: NetCruiser Web Server could reveal directory path Risk Factor: High Attack Type: Network Based Platforms Affected: NetCruiser Web Server 0.1.2.8 Vulnerability: netcruiser-server-path-disclosure X-Force URL: http://xforce.iss.net/static/6468.php
Date Reported: 04/24/2001 Brief Description: Perl Web Server directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Perl Web Server 0.3 and prior Vulnerability: perl-webserver-directory-traversal X-Force URL: http://xforce.iss.net/static/6451.php
Date Reported: 04/24/2001 Brief Description: Small HTTP Server /aux denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: Small HTTP Server 2.03 Vulnerability: small-http-aux-dos X-Force URL: http://xforce.iss.net/static/6446.php
Date Reported: 04/24/2001 Brief Description: IPSwitch IMail SMTP daemon mailing list handler buffer overflow Risk Factor: Low Attack Type: Network Based Platforms Affected: IPSwitch Imail 6.06 and earlier Vulnerability: ipswitch-imail-smtp-bo X-Force URL: http://xforce.iss.net/static/6445.php
Date Reported: 04/25/2001 Brief Description: MIT Kerberos 5 could allow attacker to gain root access by injecting base64-encoded data Risk Factor: Low Attack Type: Network Based Platforms Affected: MIT Kerberos 5 Vulnerability: kerberos-inject-base64-encode X-Force URL: http://xforce.iss.net/static/6454.php
Date Reported: 04/26/2001 Brief Description: IRIX netprint -n allows attacker to access shared library Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: IRIX 6.x Vulnerability: irix-netprint-shared-library X-Force URL: http://xforce.iss.net/static/6473.php
Date Reported: 04/26/2001 Brief Description: WebXQ "dot dot" directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: Windows, WebXQ 2.1.204 Vulnerability: webxq-dot-directory-traversal X-Force URL: http://xforce.iss.net/static/6466.php
Date Reported: 04/26/2001 Brief Description: RaidenFTPD "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Windows NT 4.0, Windows 2000, RaidenFTPD 2.1 Vulnerability: raidenftpd-dot-directory-traversal X-Force URL: http://xforce.iss.net/static/6455.php
Date Reported: 04/27/2001 Brief Description: PerlCal CGI cal_make.pl script directory traversal Risk Factor: High Attack Type: Network Based Platforms Affected: Unix, PerlCal 2.95 and prior Vulnerability: perlcal-calmake-directory-traversal X-Force URL: http://xforce.iss.net/static/6480.php
Date Reported: 04/28/2001 Brief Description: ICQ Web Front plugin denial of service Risk Factor: Medium Attack Type: Network Based Platforms Affected: ICQ Web Front, ICQ 2000b 3278 and earlier Vulnerability: icq-webfront-dos X-Force URL: http://xforce.iss.net/static/6474.php
Date Reported: 04/28/2001 Brief Description: Alex FTP Server "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: Alex's FTP Server 0.7 Vulnerability: alex-ftp-directory-traversal X-Force URL: http://xforce.iss.net/static/6475.php
Date Reported: 04/28/2001 Brief Description: BRS WebWeaver FTP path disclosure Risk Factor: High Attack Type: Network Based Platforms Affected: BRS WebWeaver 0.63 Vulnerability: webweaver-ftp-path-disclosure X-Force URL: http://xforce.iss.net/static/6477.php
Date Reported: 04/28/2001 Brief Description: BRS WebWeaver Web server "dot dot" directory traversal Risk Factor: Medium Attack Type: Network Based Platforms Affected: BRS WebWeaver 0.63 Vulnerability: webweaver-web-directory-traversal X-Force URL: http://xforce.iss.net/static/6476.php
Date Reported: 04/29/2001 Brief Description: Winamp AIP buffer overflow Risk Factor: Low Attack Type: Host Based / Network Based Platforms Affected: Winamp 2.6x and 2.7x Vulnerability: winamp-aip-bo X-Force URL: http://xforce.iss.net/static/6479.php
Date Reported: 04/29/2001 Brief Description: BearShare "dot dot" allows remote attacker to traverse directories and download any file Risk Factor: Medium Attack Type: Network Based Platforms Affected: BearShare 2.2.2 and prior, Windows 95, Windows 98, Windows ME Vulnerability: bearshare-dot-download-files X-Force URL: http://xforce.iss.net/static/6481.php
Date Reported: 05/01/2001 Brief Description: IIS 5.0 ISAPI extension buffer overflow Risk Factor: High Attack Type: Network Based Platforms Affected: IIS 5.0, Windows 2000 Server, Windows 2000 Advanced Server, Windows 2000 Datacenter Server Vulnerability: iis-isapi-bo X-Force URL: http://xforce.iss.net/static/6485.php
Risk Factor Key:
High Any vulnerability that provides an attacker with immediate
access into a machine, gains superuser access, or bypasses
a firewall. Example: A vulnerable Sendmail 8.6.5 version
that allows an intruder to execute commands on mail
server.
Medium Any vulnerability that provides information that has a
high potential of giving system access to an intruder.
Example: A misconfigured TFTP or vulnerable NIS server
that allows an intruder to get the password file that
could contain an account with a guessable password.
Low Any vulnerability that provides information that
potentially could lead to a compromise. Example: A
finger that allows an intruder to find out who is online
and potential accounts to attempt to crack passwords
via brute force methods.
About Internet Security Systems (ISS)
Internet Security Systems is a leading global provider of security management solutions for the Internet, protecting digital assets and ensuring safe and uninterrupted e-business. With its industry-leading intrusion detection and vulnerability assessment software, remote managed security services, and strategic consulting and education offerings, ISS is a trusted security provider to more than 8,000 customers worldwide including 21 of the 25 largest U.S. commercial banks and the top 10 U.S. telecommunications companies. Founded in 1994, ISS is headquartered in Atlanta, GA, with additional offices throughout North America and international operations in Asia, Australia, Europe, Latin America and the Middle East. For more information, visit the Internet Security Systems web site at www.iss.net or call 888-901-7477.
Copyright (c) 2001 by Internet Security Systems, Inc.
Permission is hereby granted for the redistribution of this Alert electronically. It is not to be edited in any way without express consent of the X-Force. If you wish to reprint the whole or any part of this Alert in any other medium excluding electronic medium, please e-mail xforce@iss.net for permission.
Disclaimer
The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties with regard to this information. In no event shall the author be liable for any damages whatsoever arising out of or in connection with the use or spread of this information. Any use of this information is at the user's own risk.
X-Force PGP Key available at: http://xforce.iss.net/sensitive.php as well as on MIT's PGP key server and PGP.com's key server.
Please send suggestions, updates, and comments to: X-Force xforce@iss.net of Internet Security Systems, Inc.
-----BEGIN PGP SIGNATURE----- Version: 2.6.3a Charset: noconv
iQCVAwUBOvrtmTRfJiV99eG9AQFRFwP+NhRj20kY5edBZBvSMBZKAOKEQGpJPPnD J/YCCB9TkzoWt65a7HR6c2MbimbnCo8YrhkjgFcvPmArCOFMS/68lhcStKd769PO rbojCoys8l1woaFDwzPnQeWVoNMen83sVvsiy7Bwk5Sm0cjM3gZC+X0vqG8EI59Y OAtrNiOkj7o= =kYl+ -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-200106-0149", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": null, "scope": null, "trust": 2.4, "vendor": "lotus", "version": null }, { "model": "imail", "scope": "lte", "trust": 1.0, "vendor": "ipswitch", "version": "6.06" }, { "model": null, "scope": null, "trust": 0.8, "vendor": "rit", "version": null }, { "model": "imail", "scope": "eq", "trust": 0.6, "vendor": "ipswitch", "version": "6.06" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.101" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.51" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.49" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.48" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.47" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.46" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.45" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.44" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.43" }, { "model": "research labs the bat! f", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.42" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.42" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.41" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.39" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.36" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.35" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.34" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.33" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.32" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.31" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.22" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.21" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.19" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.18" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.17" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.15" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.14" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.5" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.1" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.043" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.041" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.039" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.036" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.035" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.032" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.031" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.029" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.028" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.015" }, { "model": "research labs the bat!", "scope": "eq", "trust": 0.3, "vendor": "rit", "version": "1.011" }, { "model": "research labs the bat!", "scope": "ne", "trust": 0.3, "vendor": "rit", "version": "1.52" } ], "sources": [ { "db": "CERT/CC", "id": "VU#601312" }, { "db": "CERT/CC", "id": "VU#642760" }, { "db": "CERT/CC", "id": "VU#555464" }, { "db": "CERT/CC", "id": "VU#310816" }, { "db": "BID", "id": "2636" }, { "db": "CNNVD", "id": "CNNVD-200106-136" }, { "db": "NVD", "id": "CVE-2001-0494" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:a:ipswitch:imail:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndIncluding": "6.06", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2001-0494" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Reported to bugtraq by 3APA3A \u003c3APA3A@SECURITY.NNOV.RU\u003e on Wed, 18 Apr, 2001.", "sources": [ { "db": "BID", "id": "2636" } ], "trust": 0.3 }, "cve": "CVE-2001-0494", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-3312", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2001-0494", "trust": 1.0, "value": "HIGH" }, { "author": "CARNEGIE MELLON", "id": "VU#601312", "trust": 0.8, "value": "9.98" }, { "author": "CARNEGIE MELLON", "id": "VU#642760", "trust": 0.8, "value": "10.50" }, { "author": "CARNEGIE MELLON", "id": "VU#555464", "trust": 0.8, "value": "4.25" }, { "author": "CARNEGIE MELLON", "id": "VU#310816", "trust": 0.8, "value": "1.62" }, { "author": "CNNVD", "id": "CNNVD-200106-136", "trust": 0.6, "value": "HIGH" }, { "author": "VULHUB", "id": "VHN-3312", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "CERT/CC", "id": "VU#601312" }, { "db": "CERT/CC", "id": "VU#642760" }, { "db": "CERT/CC", "id": "VU#555464" }, { "db": "CERT/CC", "id": "VU#310816" }, { "db": "VULHUB", "id": "VHN-3312" }, { "db": "CNNVD", "id": "CNNVD-200106-136" }, { "db": "NVD", "id": "CVE-2001-0494" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Buffer overflow in IPSwitch IMail SMTP server 6.06 and possibly prior versions allows remote attackers to execute arbitrary code via a long From: header. The Lotus Domino Web Server contains a flaw that could be exploited to cause a denial of service. Due to a problem parsing carriage return/line feeds in RFC822 format mail messages, The Bat! mail client may permaturely detect the end of a mail message, causing an error to occur. This error may prevent the mail user from retrieving other mail messages until the message with the error is removed. \"The Bat!\" is an MUA for Windows by Rit Research Labs. \n\"The Bat!\" is vulnerable to a remote denial of service attack. Email messages in which carriage return (CR) characters are not followed by a linefeed (LF) can cause \"The Bat!\" to incorrectly interpret the message\u0027s structure. This can lead \"The Bat!\" to read text in the message body as a response from the POP3 server. The current (corrupt) message will not be deleted from the server, and the mail download process will stop. \nAs a result, the user will remain unable to receive new email messages from the affected POP3 account. -----BEGIN PGP SIGNED MESSAGE-----\n\nInternet Security Systems Security Alert Summary\nMay 10, 2001\nVolume 6 Number 6\n\nX-Force Vulnerability and Threat Database: http://xforce.iss.net/ To\nreceive these Alert Summaries as well as other Alerts and Advisories,\nsubscribe to the Internet Security Systems Alert mailing list at:\nhttp://xforce.iss.net/maillists/index.php\n\nThis summary can be found at:\nhttp://xforce.iss.net/alerts/vol-6_num-6.php\n\n_____\n\nContents:\n* 120 Reported Vulnerabilities\n* Risk Factor Key\n_____\n\n\nDate Reported: 04/02/2001\nBrief Description: The Bat! masked file type in email attachment\n could allow execution of code\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: The Bat! 1.49 and earlier\nVulnerability: thebat-masked-file-type\nX-Force URL: http://xforce.iss.net/static/6324.php\n\nDate Reported: 04/02/2001\nBrief Description: PHP-Nuke could allow attackers to redirect ad\n banner URL links\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: PHP-Nuke 4.4 and earlier\nVulnerability: php-nuke-url-redirect\nX-Force URL: http://xforce.iss.net/static/6342.php\n\nDate Reported: 04/03/2001\nBrief Description: Orinoco RG-1000 Residential Gateway default SSID\n reveals WEP encryption key\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: Orinoco Residential Gateway RG-1000\nVulnerability: orinoco-rg1000-wep-key\nX-Force URL: http://xforce.iss.net/static/6328.php\n\nDate Reported: 04/03/2001\nBrief Description: Navision Financials server denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Navision Financials 2.5 and 2.6\nVulnerability: navision-server-dos\nX-Force URL: http://xforce.iss.net/static/6318.php\n\nDate Reported: 04/03/2001\nBrief Description: uStorekeeper online shopping system allows\n remote file retrieval\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: uStorekeeper 1.61\nVulnerability: ustorekeeper-retrieve-files\nX-Force URL: http://xforce.iss.net/static/6319.php\n\nDate Reported: 04/03/2001\nBrief Description: Resin server allows remote attackers to view\n Javabean files\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Resin 1.2.x, Resin 1.3b1\nVulnerability: resin-view-javabean\nX-Force URL: http://xforce.iss.net/static/6320.php\n\nDate Reported: 04/03/2001\nBrief Description: BPFTP could allow attackers to obtain login\n credentials\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: BPFTP 2.0\nVulnerability: bpftp-obtain-credentials\nX-Force URL: http://xforce.iss.net/static/6330.php\n\nDate Reported: 04/04/2001\nBrief Description: Ntpd server readvar control message buffer\n overflow\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: SCO Openserver 5.0.0 to 5.0.6, AIX 5.1, \n Slackware Linux 7.1, Engarde Secure Linux 1.0.1,\n Progeny Linux, SuSE Linux 7.1, ntpd 4.0.99k and\n earlier, FreeBSD 4.2-Stable, Mandrake Linux\n Corporate Server 1.0.1, Mandrake Linux 7.2,\n Trustix Secure Linux, Immunix Linux 7.0, \n NetBSD 1.5, SuSE Linux 7.0, Caldera OpenLinux\n eServer 2.3.1\nVulnerability: ntpd-remote-bo\nX-Force URL: http://xforce.iss.net/static/6321.php\n\nDate Reported: 04/04/2001\nBrief Description: Cisco CSS debug mode allows users to gain\n administrative access\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: Cisco Content Services Switch 11050, Cisco \n Content Services Switch 11150, Cisco Content\n Services Switch 11800\nVulnerability: cisco-css-elevate-privileges\nX-Force URL: http://xforce.iss.net/static/6322.php\n\nDate Reported: 04/04/2001\nBrief Description: BEA Tuxedo may allow access to remote services\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: BEA Tuxedo 7.1\nVulnerability: bea-tuxedo-remote-access\nX-Force URL: http://xforce.iss.net/static/6326.php\n\nDate Reported: 04/05/2001\nBrief Description: Ultimate Bulletin Board could allow attackers to\n bypass authentication\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: Ultimate Bulletin Board 5.43, Ultimate Bulletin\n Board 5.4.7e\nVulnerability: ultimatebb-bypass-authentication\nX-Force URL: http://xforce.iss.net/static/6339.php\n\nDate Reported: 04/05/2001\nBrief Description: BinTec X4000 NMAP denial of service\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: BinTec X4000 5.1.6P10 and prior, BinTec X1000,\n BinTec X1200\nVulnerability: bintec-x4000-nmap-dos\nX-Force URL: http://xforce.iss.net/static/6323.php\n\nDate Reported: 04/05/2001\nBrief Description: WatchGuard Firebox II kernel denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: WatchGuard Firebox II prior to 4.6\nVulnerability: firebox-kernel-dos\nX-Force URL: http://xforce.iss.net/static/6327.php\n\nDate Reported: 04/06/2001\nBrief Description: Cisco PIX denial of service due to multiple \n TACACS+ requests\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Cisco PIX Firewall 5.1.4\nVulnerability: cisco-pix-tacacs-dos\nX-Force URL: http://xforce.iss.net/static/6353.php\n\nDate Reported: 04/06/2001\nBrief Description: Darren Reed\u0027s IP Filter allows attackers to\n access UDP and TCP ports\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: IP Filter 3.4.16\nVulnerability: ipfilter-access-ports\nX-Force URL: http://xforce.iss.net/static/6331.php\n\nDate Reported: 04/06/2001\nBrief Description: Veritas NetBackup nc (netcat) command denial of\n service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: NetBackup 3.2\nVulnerability: veritas-netbackup-nc-dos\nX-Force URL: http://xforce.iss.net/static/6329.php\n\nDate Reported: 04/08/2001\nBrief Description: PGP may allow malicious users to access\n authenticated split keys\nRisk Factor: Medium\nAttack Type: Host Based\nPlatforms Affected: PGP 7.0\nVulnerability: nai-pgp-split-keys\nX-Force URL: http://xforce.iss.net/static/6341.php\n\nDate Reported: 04/09/2001\nBrief Description: Solaris kcms_configure command line buffer\n overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Solaris 7, Solaris 8\nVulnerability: solaris-kcms-command-bo\nX-Force URL: http://xforce.iss.net/static/6359.php\n\nDate Reported: 04/09/2001\nBrief Description: TalkBack CGI script could allow remote attackers\n to read files on the Web server\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: TalkBack prior to 1.2\nVulnerability: talkback-cgi-read-files\nX-Force URL: http://xforce.iss.net/static/6340.php\n\nDate Reported: 04/09/2001\nBrief Description: Multiple FTP glob(3) implementation\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: FreeBSD 4.2, Solaris 8, IRIX 6.5.x, OpenBSD 2.8, \n HP-UX 11.00, NetBSD\nVulnerability: ftp-glob-implementation\nX-Force URL: http://xforce.iss.net/static/6333.php\n\nDate Reported: 04/09/2001\nBrief Description: Pine mail client temp file symbolic link\nRisk Factor: Medium\nAttack Type: Host Based\nPlatforms Affected: Pine prior to 4.33, Red Hat Linux 5.2, Red Hat\n Linux 6.2, Red Hat Linux 7.0\nVulnerability: pine-tmp-file-symlink\nX-Force URL: http://xforce.iss.net/static/6367.php\n\nDate Reported: 04/09/2001\nBrief Description: Multiple FTP glob(3) expansion\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: HP-UX 11.00, NetBSD, Solaris 8, IRIX 6.5.x,\n OpenBSD 2.8, FreeBSD 4.2, MIT Kerberos 5\nVulnerability: ftp-glob-expansion\nX-Force URL: http://xforce.iss.net/static/6332.php\n\nDate Reported: 04/09/2001\nBrief Description: Netscape embedded JavaScript in GIF file \n comments can be used to access remote data\nRisk Factor: Medium\nAttack Type: Host Based / Network Based\nPlatforms Affected: Netscape Communicator 4.76, Red Hat Linux 6.2,\n Debian Linux 2.2, Conectiva Linux, Red Hat Linux\n 7.0, Immunix Linux 6.2, Immunix Linux 7.0 Beta, \n Red Hat Linux 7.1\nVulnerability: netscape-javascript-access-data\nX-Force URL: http://xforce.iss.net/static/6344.php\n\nDate Reported: 04/09/2001\nBrief Description: STRIP generates weak passwords\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: STRIP 0.5 and earlier\nVulnerability: strip-weak-passwords\nX-Force URL: http://xforce.iss.net/static/6362.php\n\nDate Reported: 04/10/2001\nBrief Description: Solaris Xsun HOME environment variable buffer\n overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Solaris 7\nVulnerability: solaris-xsun-home-bo\nX-Force URL: http://xforce.iss.net/static/6343.php\n\nDate Reported: 04/10/2001\nBrief Description: Compaq Presario Active X denial of service\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: Compaq Presario, Windows 98, Windows ME\nVulnerability: compaq-activex-dos\nX-Force URL: http://xforce.iss.net/static/6355.php\n\nDate Reported: 04/10/2001\nBrief Description: Alcatel ADSL modems \u0027EXPERT\u0027 account\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: Alcatel ADSL Network Termination Device 1000,\n Alcatel Speed Touch ADSL modem Home\nVulnerability: alcatel-expert-account\nX-Force URL: http://xforce.iss.net/static/6354.php\n\nDate Reported: 04/10/2001\nBrief Description: Alcatel ADSL modems allow attacker on LAN to\n gain access using TFTP\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: Alcatel ADSL Network Termination Device 1000,\n Alcatel Speed Touch ADSL modem Home\nVulnerability: alcatel-tftp-lan-access\nX-Force URL: http://xforce.iss.net/static/6336.php\n\nDate Reported: 04/10/2001\nBrief Description: Alcatel ADSL modems allow attacker on WAN to\n gain access using TFTP\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: Alcatel ADSL Network Termination Device 1000,\n Alcatel Speed Touch ADSL modem Home\nVulnerability: alcatel-tftp-wan-access\nX-Force URL: http://xforce.iss.net/static/6337.php\n\nDate Reported: 04/10/2001\nBrief Description: Oracle Application Server shared library\n (ndwfn4.so) buffer overflow\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: iPlanet Web Server 4.x, Oracle Application\n Server 4.0.8.2\nVulnerability: oracle-appserver-ndwfn4-bo\nX-Force URL: http://xforce.iss.net/static/6334.php\n\nDate Reported: 04/10/2001\nBrief Description: Alcatel ADSL modems use blank password by\n default\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: Alcatel ADSL Network Termination Device 1000,\n Alcatel Speed Touch ADSL modem Home\nVulnerability: alcatel-blank-password\nX-Force URL: http://xforce.iss.net/static/6335.php\n\nDate Reported: 04/11/2001\nBrief Description: Solaris dtsession buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Solaris 7\nVulnerability: solaris-dtsession-bo\nX-Force URL: http://xforce.iss.net/static/6366.php\n\nDate Reported: 04/11/2001\nBrief Description: Solaris kcsSUNWIOsolf.so buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Solaris 7, Solaris 8\nVulnerability: solaris-kcssunwiosolf-bo\nX-Force URL: http://xforce.iss.net/static/6365.php\n\nDate Reported: 04/11/2001\nBrief Description: Lightwave ConsoleServer brute force password\n attack\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: Lightwave ConsoleServer 3200\nVulnerability: lightwave-consoleserver-brute-force\nX-Force URL: http://xforce.iss.net/static/6345.php\n\nDate Reported: 04/11/2001\nBrief Description: nph-maillist allows user to execute code\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Email List Generator 3.5 and earlier\nVulnerability: nph-maillist-execute-code\nX-Force URL: http://xforce.iss.net/static/6363.php\n\nDate Reported: 04/11/2001\nBrief Description: Symantec Ghost Configuration Server denial of\n service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Ghost 6.5\nVulnerability: ghost-configuration-server-dos\nX-Force URL: http://xforce.iss.net/static/6357.php\n\nDate Reported: 04/11/2001\nBrief Description: Lotus Domino Web Server DOS device denial of\n service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Lotus Domino R5 prior to 5.0.7\nVulnerability: lotus-domino-device-dos\nX-Force URL: http://xforce.iss.net/static/6348.php\n\nDate Reported: 04/11/2001\nBrief Description: Lotus Domino Web Server HTTP header denial of\n service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Lotus Domino R5 prior to 5.0.7\nVulnerability: lotus-domino-header-dos\nX-Force URL: http://xforce.iss.net/static/6347.php\n\nDate Reported: 04/11/2001\nBrief Description: Lotus Domino Web Server URL parsing denial of\n service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Lotus Domino R5 prior to 5.0.7\nVulnerability: lotus-domino-url-dos\nX-Force URL: http://xforce.iss.net/static/6351.php\n\nDate Reported: 04/11/2001\nBrief Description: Lotus Domino Web Server CORBA denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Lotus Domino R5 prior to 5.0.7\nVulnerability: lotus-domino-corba-dos\nX-Force URL: http://xforce.iss.net/static/6350.php\n\nDate Reported: 04/11/2001\nBrief Description: Symantec Ghost database engine denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Ghost 6.5, Sybase Adaptive Server Database\n Engine 6.0.3.2747\nVulnerability: ghost-database-engine-dos\nX-Force URL: http://xforce.iss.net/static/6356.php\n\nDate Reported: 04/11/2001\nBrief Description: cfingerd daemon remote format string\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: Debian Linux 2.1, Debian Linux 2.2, cfingerd\n 1.4.3 and earlier\nVulnerability: cfingerd-remote-format-string\nX-Force URL: http://xforce.iss.net/static/6364.php\n\nDate Reported: 04/11/2001\nBrief Description: Lotus Domino Web Server Unicode denial of\n service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Lotus Domino R5 prior to 5.0.7\nVulnerability: lotus-domino-unicode-dos\nX-Force URL: http://xforce.iss.net/static/6349.php\n\nDate Reported: 04/11/2001\nBrief Description: Linux mkpasswd generates weak passwords\nRisk Factor: High\nAttack Type: Host Based\nPlatforms Affected: Red Hat Linux 6.2, Red Hat Linux 7.0, mkpasswd \nVulnerability: mkpasswd-weak-passwords\nX-Force URL: http://xforce.iss.net/static/6382.php\n\nDate Reported: 04/12/2001\nBrief Description: Solaris ipcs utility buffer overflow\nRisk Factor: Medium\nAttack Type: Host Based / Network Based\nPlatforms Affected: Solaris 7\nVulnerability: solaris-ipcs-bo\nX-Force URL: http://xforce.iss.net/static/6369.php\n\nDate Reported: 04/12/2001\nBrief Description: InterScan VirusWall ISADMIN service buffer \n overflow\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: Linux kernel , InterScan VirusWall 3.0.1\nVulnerability: interscan-viruswall-isadmin-bo\nX-Force URL: http://xforce.iss.net/static/6368.php\n\nDate Reported: 04/12/2001\nBrief Description: HylaFAX hfaxd format string\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: HylaFAX 4.1B3 and prior, SuSE Linux 6.x, SuSE\n Linux 7.0, Mandrake Linux 7.1, FreeBSD 3.5.1,\n Mandrake Linux 7.2, Mandrake Linux Corporate\n Server 1.0.1, FreeBSD 4.2, SuSE Linux 7.1 \nVulnerability: hylafax-hfaxd-format-string\nX-Force URL: http://xforce.iss.net/static/6377.php\n\nDate Reported: 04/12/2001\nBrief Description: Cisco VPN 3000 Concentrators invalid IP Option\n denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Cisco VPN 3000 Concentrators prior to 2.5.2 F\nVulnerability: cisco-vpn-ip-dos\nX-Force URL: http://xforce.iss.net/static/6360.php\n\nDate Reported: 04/13/2001\nBrief Description: Net.Commerce package in IBM WebSphere reveals\n installation path\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: IBM Websphere, Solaris 2.6, AIX 4.3.x, Solaris\n 7, Windows NT 4.0\nVulnerability: ibm-websphere-reveals-path\nX-Force URL: http://xforce.iss.net/static/6371.php\n\nDate Reported: 04/13/2001\nBrief Description: QPC ftpd buffer overflow\nRisk Factor: Medium\nAttack Type: Host Based / Network Based\nPlatforms Affected: QVT/Term 5.0, QVT/Net 5.0\nVulnerability: qpc-ftpd-bo\nX-Force URL: http://xforce.iss.net/static/6376.php\n\nDate Reported: 04/13/2001\nBrief Description: QPC ftpd directory traversal\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: QVT/Net 5.0, QVT/Term 5.0\nVulnerability: qpc-ftpd-directory-traversal\nX-Force URL: http://xforce.iss.net/static/6375.php\n\nDate Reported: 04/13/2001\nBrief Description: QPC popd buffer overflow\nRisk Factor: Medium\nAttack Type: Host Based / Network Based\nPlatforms Affected: QVT/Net 5.0\nVulnerability: qpc-popd-bo\nX-Force URL: http://xforce.iss.net/static/6374.php\n\nDate Reported: 04/13/2001\nBrief Description: NCM Content Management System access database\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: NCM Content Management System\nVulnerability: ncm-content-database-access\nX-Force URL: http://xforce.iss.net/static/6386.php\n\nDate Reported: 04/13/2001\nBrief Description: Netscape SmartDownload \u0027sdph20.dll\u0027 buffer overflow\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: Netscape SmartDownload 1.3, Windows NT, Windows\n 95, Windows 98\nVulnerability: netscape-smartdownload-sdph20-bo\nX-Force URL: http://xforce.iss.net/static/6403.php\n\nDate Reported: 04/13/2001\nBrief Description: SCO OpenServer accept buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO Openserver 5.0.0 to 5.0.6\nVulnerability: sco-openserver-accept-bo\nX-Force URL: http://xforce.iss.net/static/6404.php\n\nDate Reported: 04/13/2001\nBrief Description: SCO OpenServer cancel buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO Openserver 5.0.0 to 5.0.6\nVulnerability: sco-openserver-cancel-bo\nX-Force URL: http://xforce.iss.net/static/6406.php\n\nDate Reported: 04/13/2001\nBrief Description: SCO OpenServer disable buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO Openserver 5.0.0 to 5.0.6\nVulnerability: sco-openserver-disable-bo\nX-Force URL: http://xforce.iss.net/static/6407.php\n\nDate Reported: 04/13/2001\nBrief Description: SCO OpenServer enable buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO Openserver 5.0.0 to 5.0.6\nVulnerability: sco-openserver-enable-bo\nX-Force URL: http://xforce.iss.net/static/6409.php\n\nDate Reported: 04/13/2001\nBrief Description: SCO OpenServer lp buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO Openserver 5.0.0 to 5.0.6\nVulnerability: sco-openserver-lp-bo\nX-Force URL: http://xforce.iss.net/static/6410.php\n\nDate Reported: 04/13/2001\nBrief Description: SCO OpenServer lpfilter buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO Openserver 5.0.0 to 5.0.6\nVulnerability: sco-openserver-lpfilter-bo\nX-Force URL: http://xforce.iss.net/static/6411.php\n\nDate Reported: 04/13/2001\nBrief Description: SCO OpenServer lpstat buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO Openserver 5.0.0 to 5.0.6\nVulnerability: sco-openserver-lpstat-bo\nX-Force URL: http://xforce.iss.net/static/6413.php\n\nDate Reported: 04/13/2001\nBrief Description: SCO OpenServer reject buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO Openserver 5.0.0 to 5.0.6\nVulnerability: sco-openserver-reject-bo\nX-Force URL: http://xforce.iss.net/static/6414.php\n\nDate Reported: 04/13/2001\nBrief Description: SCO OpenServer rmail buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO Openserver 5.0.0 to 5.0.6\nVulnerability: sco-openserver-rmail-bo\nX-Force URL: http://xforce.iss.net/static/6415.php\n\nDate Reported: 04/13/2001\nBrief Description: SCO OpenServer tput buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO Openserver 5.0.0 to 5.0.6\nVulnerability: sco-openserver-tput-bo\nX-Force URL: http://xforce.iss.net/static/6416.php\n\nDate Reported: 04/13/2001\nBrief Description: IBM WebSphere CGI macro denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: IBM Websphere, Windows NT 4.0, Solaris 2.6, AIX\n 4.3.x, Solaris 7\nVulnerability: ibm-websphere-macro-dos\nX-Force URL: http://xforce.iss.net/static/6372.php\n\nDate Reported: 04/13/2001\nBrief Description: SCO OpenServer lpmove buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: SCO Openserver 5.0.0 to 5.0.6\nVulnerability: sco-openserver-lpmove-bo\nX-Force URL: http://xforce.iss.net/static/6412.php\n\nDate Reported: 04/14/2001\nBrief Description: Siemens Reliant Unix ppd -T symlink\nRisk Factor: Medium\nAttack Type: Host Based\nPlatforms Affected: Reliant Unix 5.45, Reliant Unix 5.43, Reliant\n Unix 5.44\nVulnerability: reliant-unix-ppd-symlink\nX-Force URL: http://xforce.iss.net/static/6408.php\n\nDate Reported: 04/15/2001\nBrief Description: Linux Exuberant Ctags package symbolic link\nRisk Factor: Medium\nAttack Type: Host Based\nPlatforms Affected: Debian Linux 2.2, exuberant-ctags\nVulnerability: exuberant-ctags-symlink\nX-Force URL: http://xforce.iss.net/static/6388.php\n\nDate Reported: 04/15/2001\nBrief Description: processit.pl CGI could allow attackers to view\n sensitive information about the Web server\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: processit.pl\nVulnerability: processit-cgi-view-info\nX-Force URL: http://xforce.iss.net/static/6385.php\n\nDate Reported: 04/16/2001\nBrief Description: Microsoft ISA Server Web Proxy denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Microsoft ISA Server 2000\nVulnerability: isa-web-proxy-dos\nX-Force URL: http://xforce.iss.net/static/6383.php\n\nDate Reported: 04/16/2001\nBrief Description: Microsoft Internet Explorer altering CLSID\n action allows malicious file execution\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Windows 2000, Internet Explorer 5.5, Windows 98 \nVulnerability: ie-clsid-execute-files\nX-Force URL: http://xforce.iss.net/static/6426.php\n\nDate Reported: 04/16/2001\nBrief Description: Cisco Catalyst 5000 series switch 802.1x denial\n of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Cisco Catalyst 5000 Series\nVulnerability: cisco-catalyst-8021x-dos\nX-Force URL: http://xforce.iss.net/static/6379.php\n\nDate Reported: 04/16/2001\nBrief Description: BubbleMon allows users to gain elevated \n privileges\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: BubbleMon prior to 1.32, FreeBSD\nVulnerability: bubblemon-elevate-privileges\nX-Force URL: http://xforce.iss.net/static/6378.php\n\nDate Reported: 04/16/2001\nBrief Description: DCForum CGI az= field directory traversal\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: DCForum 2000 1.0\nVulnerability: dcforum-az-directory-traversal\nX-Force URL: http://xforce.iss.net/static/6391.php\n\nDate Reported: 04/16/2001\nBrief Description: DCForum CGI az= field allows attacker to upload\n files\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: DCForum 2000 1.0\nVulnerability: dcforum-az-file-upload\nX-Force URL: http://xforce.iss.net/static/6393.php\n\nDate Reported: 04/16/2001\nBrief Description: DCForum CGI az= field EXPR allows attacker to\n execute commands\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: DCForum 2000 1.0\nVulnerability: dcforum-az-expr\nX-Force URL: http://xforce.iss.net/static/6392.php\n\nDate Reported: 04/16/2001\nBrief Description: Linux NetFilter IPTables\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: Linux kernel 2.4, Red Hat Linux 7.1\nVulnerability: linux-netfilter-iptables\nX-Force URL: http://xforce.iss.net/static/6390.php\n\nDate Reported: 04/17/2001\nBrief Description: Xitami Web server denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Xitami Web server 2.4d7, Xitami Web server 2.5b4\nVulnerability: xitami-server-dos\nX-Force URL: http://xforce.iss.net/static/6389.php\n\nDate Reported: 04/17/2001\nBrief Description: Samba tmpfile symlink attack could allow\n elevated privileges\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Trustix Secure Linux 1.2, Mandrake Linux 8.0,\n Progeny Linux, Caldera OpenLinux eBuilder,\n Trustix Secure Linux 1.01, Mandrake Linux \n Corporate Server 1.0.1, FreeBSD 4.2, Immunix\n Linux 7.0, Immunix Linux 6.2, Immunix Linux 7.0\n Beta, Caldera OpenLinux eServer 2.3.1, Caldera\n OpenLinux eDesktop 2.4, FreeBSD 3.5.1\nVulnerability: samba-tmpfile-symlink\nX-Force URL: http://xforce.iss.net/static/6396.php\n\nDate Reported: 04/17/2001\nBrief Description: GoAhead WebServer \"aux\" denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: GoAhead Web Server 2.1, Windows 98, Windows ME\nVulnerability: goahead-aux-dos\nX-Force URL: http://xforce.iss.net/static/6400.php\n\nDate Reported: 04/17/2001\nBrief Description: AnalogX SimpleServer:WWW \"aux\" denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: SimpleServer:WWW 1.03 to 1.08\nVulnerability: analogx-simpleserver-aux-dos\nX-Force URL: http://xforce.iss.net/static/6395.php\n\nDate Reported: 04/17/2001\nBrief Description: Viking Server hexadecimal URL encoded format\n directory traversal\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Viking Server prior to 1.07-381\nVulnerability: viking-hex-directory-traversal\nX-Force URL: http://xforce.iss.net/static/6394.php\n\nDate Reported: 04/17/2001\nBrief Description: Solaris FTP server allows attacker to recover\n shadow file\nRisk Factor: Medium\nAttack Type: Host Based\nPlatforms Affected: Solaris 2.6\nVulnerability: solaris-ftp-shadow-recovery\nX-Force URL: http://xforce.iss.net/static/6422.php\n\nDate Reported: 04/18/2001\nBrief Description: The Bat! pop3 denial of service\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: The Bat! 1.51, Windows\nVulnerability: thebat-pop3-dos\nX-Force URL: http://xforce.iss.net/static/6423.php\n\nDate Reported: 04/18/2001\nBrief Description: Eudora allows attacker to obtain files using\n plain text attachments\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Eudora 5.0.2\nVulnerability: eudora-plain-text-attachment\nX-Force URL: http://xforce.iss.net/static/6431.php\n\nDate Reported: 04/18/2001\nBrief Description: VMware vmware-mount.pl symlink\nRisk Factor: Medium\nAttack Type: Host Based\nPlatforms Affected: VMware\nVulnerability: vmware-mount-symlink\nX-Force URL: http://xforce.iss.net/static/6420.php\n\nDate Reported: 04/18/2001\nBrief Description: KFM tmpfile symbolic link could allow local\n attackers to overwrite files\nRisk Factor: Medium\nAttack Type: Host Based\nPlatforms Affected: SuSE Linux 7.0, K File Manager (KFM)\nVulnerability: kfm-tmpfile-symlink\nX-Force URL: http://xforce.iss.net/static/6428.php\n\nDate Reported: 04/18/2001\nBrief Description: CyberScheduler timezone remote buffer overflow\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: CyberScheduler, Mandrake Linux, Windows 2000,\n IIS 5.0, Solaris 8, SuSE Linux, Solaris 7, \n Slackware Linux, Red Hat Linux, IIS 4.0, Debian\n Linux, Solaris 2.5, Solaris 2.6, Caldera \n OpenLinux, Windows NT\nVulnerability: cyberscheduler-timezone-bo\nX-Force URL: http://xforce.iss.net/static/6401.php\n\nDate Reported: 04/18/2001\nBrief Description: Microsoft Data Access Component Internet\n Publishing Provider allows WebDAV access\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Microsoft Data Access Component 8.103.2519.0,\n Windows 95, Windows NT 4.0, Windows 98, Windows\n 98 Second Edition, Windows 2000, Windows ME \nVulnerability: ms-dacipp-webdav-access\nX-Force URL: http://xforce.iss.net/static/6405.php\n\nDate Reported: 04/18/2001\nBrief Description: Oracle tnslsnr80.exe denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Oracle 8.x, Windows NT 4.0 SP6, Solaris 8\nVulnerability: oracle-tnslsnr80-dos\nX-Force URL: http://xforce.iss.net/static/6427.php\n\nDate Reported: 04/18/2001\nBrief Description: innfeed -c flag buffer overflow\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Red Hat Linux, Slackware Linux, Mandrake Linux,\n INN prior to 2.3.1\nVulnerability: innfeed-c-bo\nX-Force URL: http://xforce.iss.net/static/6398.php\n\nDate Reported: 04/18/2001\nBrief Description: iPlanet Calendar Server stores username and\n password in plaintext\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: iPlanet Calendar Server 5.0p2\nVulnerability: iplanet-calendar-plaintext-password\nX-Force URL: http://xforce.iss.net/static/6402.php\n\nDate Reported: 04/18/2001\nBrief Description: Linux NEdit symlink when printing\nRisk Factor: High\nAttack Type: Host Based\nPlatforms Affected: SuSE Linux 6.3, SuSE Linux 6.4, Debian Linux\n 2.2, Mandrake Linux 7.1, Mandrake Linux 7.2,\n SuSE Linux 7.0, Mandrake Linux Corporate Server\n 1.0.1, SuSE Linux 7.1, Mandrake Linux 8.0\nVulnerability: nedit-print-symlink\nX-Force URL: http://xforce.iss.net/static/6424.php\n\nDate Reported: 04/19/2001\nBrief Description: CheckBO TCP buffer overflow\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: CheckBO 1.56 and earlier\nVulnerability: checkbo-tcp-bo\nX-Force URL: http://xforce.iss.net/static/6436.php\n\nDate Reported: 04/19/2001\nBrief Description: HP-UX pcltotiff uses insecure permissions\nRisk Factor: Medium\nAttack Type: Host Based\nPlatforms Affected: HP-UX 10.01, HP-UX 10.10, HP-UX 10.20, \n HP-UX 10.26\nVulnerability: hp-pcltotiff-insecure-permissions\nX-Force URL: http://xforce.iss.net/static/6447.php\n\nDate Reported: 04/19/2001\nBrief Description: Netopia Timbuktu allows unauthorized system\n access\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Timbuktu Pro, Macintosh OS X\nVulnerability: netopia-timbuktu-gain-access\nX-Force URL: http://xforce.iss.net/static/6452.php\n\nDate Reported: 04/20/2001\nBrief Description: Cisco CBOS could allow attackers to gain \n privileged information\nRisk Factor: High\nAttack Type: Host Based / Network Based\nPlatforms Affected: Cisco CBOS 2.4.1, Cisco CBOS 2.3.053\nVulnerability: cisco-cbos-gain-information\nX-Force URL: http://xforce.iss.net/static/6453.php\n\nDate Reported: 04/20/2001\nBrief Description: Internet Explorer 5.x allows active scripts \n using XML stylesheets\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: Internet Explorer 5.x, Outlook Express 5.x\nVulnerability: ie-xml-stylesheets-scripting\nX-Force URL: http://xforce.iss.net/static/6448.php\n\nDate Reported: 04/20/2001\nBrief Description: Linux gftp format string\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: gftp prior to 2.0.8, Mandrake Linux 8.0, \n Mandrake Linux Corporate Server 1.0.1, Immunix\n Linux 7.0, Red Hat Linux 7.1, Mandrake Linux\n 7.2, Immunix Linux 6.2, Immunix 7.0 beta, \n Red Hat Linux 6.2, Mandrake Linux 7.1, Red Hat\n Linux 7.0\nVulnerability: gftp-format-string\nX-Force URL: http://xforce.iss.net/static/6478.php\n\nDate Reported: 04/20/2001\nBrief Description: Novell BorderManager VPN client SYN requests \n denial of service\nRisk Factor: Medium\nAttack Type: Host Based / Network Based\nPlatforms Affected: Novell BorderManager 3.5\nVulnerability: bordermanager-vpn-syn-dos\nX-Force URL: http://xforce.iss.net/static/6429.php\n\nDate Reported: 04/20/2001\nBrief Description: SAFT sendfiled could allow the execution of\n arbitrary code\nRisk Factor: Low\nAttack Type: Host Based\nPlatforms Affected: Debian Linux 2.2, Progeny Linux, sendfile\nVulnerability: saft-sendfiled-execute-code\nX-Force URL: http://xforce.iss.net/static/6430.php\n\nDate Reported: 04/21/2001\nBrief Description: Mercury MTA for Novell Netware buffer overflow\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Mercury MTA 1.47 and earlier, Novell NetWare\nVulnerability: mercury-mta-bo\nX-Force URL: http://xforce.iss.net/static/6444.php\n\nDate Reported: 04/21/2001\nBrief Description: QNX allows attacker to read files on FAT \n partition\nRisk Factor: High\nAttack Type: Host Based / Network Based\nPlatforms Affected: QNX 2.4\nVulnerability: qnx-fat-file-read\nX-Force URL: http://xforce.iss.net/static/6437.php\n\nDate Reported: 04/23/2001\nBrief Description: Viking Server \"dot dot\" (\\...\\) directory\n traversal\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Viking Server 1.0.7\nVulnerability: viking-dot-directory-traversal\nX-Force URL: http://xforce.iss.net/static/6450.php\n\nDate Reported: 04/24/2001\nBrief Description: NetCruiser Web Server could reveal directory\n path\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: NetCruiser Web Server 0.1.2.8\nVulnerability: netcruiser-server-path-disclosure\nX-Force URL: http://xforce.iss.net/static/6468.php\n\nDate Reported: 04/24/2001\nBrief Description: Perl Web Server directory traversal\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Perl Web Server 0.3 and prior\nVulnerability: perl-webserver-directory-traversal\nX-Force URL: http://xforce.iss.net/static/6451.php\n\nDate Reported: 04/24/2001\nBrief Description: Small HTTP Server /aux denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Small HTTP Server 2.03\nVulnerability: small-http-aux-dos\nX-Force URL: http://xforce.iss.net/static/6446.php\n\nDate Reported: 04/24/2001\nBrief Description: IPSwitch IMail SMTP daemon mailing list handler\n buffer overflow\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: IPSwitch Imail 6.06 and earlier\nVulnerability: ipswitch-imail-smtp-bo\nX-Force URL: http://xforce.iss.net/static/6445.php\n\nDate Reported: 04/25/2001\nBrief Description: MIT Kerberos 5 could allow attacker to gain root\n access by injecting base64-encoded data\nRisk Factor: Low\nAttack Type: Network Based\nPlatforms Affected: MIT Kerberos 5\nVulnerability: kerberos-inject-base64-encode\nX-Force URL: http://xforce.iss.net/static/6454.php\n\nDate Reported: 04/26/2001\nBrief Description: IRIX netprint -n allows attacker to access\n shared library\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: IRIX 6.x\nVulnerability: irix-netprint-shared-library\nX-Force URL: http://xforce.iss.net/static/6473.php\n\nDate Reported: 04/26/2001\nBrief Description: WebXQ \"dot dot\" directory traversal\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: Windows, WebXQ 2.1.204\nVulnerability: webxq-dot-directory-traversal\nX-Force URL: http://xforce.iss.net/static/6466.php\n\nDate Reported: 04/26/2001\nBrief Description: RaidenFTPD \"dot dot\" directory traversal\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Windows NT 4.0, Windows 2000, RaidenFTPD 2.1\nVulnerability: raidenftpd-dot-directory-traversal\nX-Force URL: http://xforce.iss.net/static/6455.php\n\nDate Reported: 04/27/2001\nBrief Description: PerlCal CGI cal_make.pl script directory\n traversal\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: Unix, PerlCal 2.95 and prior\nVulnerability: perlcal-calmake-directory-traversal\nX-Force URL: http://xforce.iss.net/static/6480.php\n\nDate Reported: 04/28/2001\nBrief Description: ICQ Web Front plugin denial of service\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: ICQ Web Front, ICQ 2000b 3278 and earlier\nVulnerability: icq-webfront-dos\nX-Force URL: http://xforce.iss.net/static/6474.php\n\nDate Reported: 04/28/2001\nBrief Description: Alex FTP Server \"dot dot\" directory traversal\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: Alex\u0027s FTP Server 0.7\nVulnerability: alex-ftp-directory-traversal\nX-Force URL: http://xforce.iss.net/static/6475.php\n\nDate Reported: 04/28/2001\nBrief Description: BRS WebWeaver FTP path disclosure\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: BRS WebWeaver 0.63\nVulnerability: webweaver-ftp-path-disclosure\nX-Force URL: http://xforce.iss.net/static/6477.php\n\nDate Reported: 04/28/2001\nBrief Description: BRS WebWeaver Web server \"dot dot\" directory\n traversal\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: BRS WebWeaver 0.63\nVulnerability: webweaver-web-directory-traversal\nX-Force URL: http://xforce.iss.net/static/6476.php\n\nDate Reported: 04/29/2001\nBrief Description: Winamp AIP buffer overflow\nRisk Factor: Low\nAttack Type: Host Based / Network Based\nPlatforms Affected: Winamp 2.6x and 2.7x\nVulnerability: winamp-aip-bo\nX-Force URL: http://xforce.iss.net/static/6479.php\n\nDate Reported: 04/29/2001\nBrief Description: BearShare \"dot dot\" allows remote attacker to traverse\n directories and download any file\nRisk Factor: Medium\nAttack Type: Network Based\nPlatforms Affected: BearShare 2.2.2 and prior, Windows 95, Windows\n 98, Windows ME\nVulnerability: bearshare-dot-download-files\nX-Force URL: http://xforce.iss.net/static/6481.php\n\nDate Reported: 05/01/2001\nBrief Description: IIS 5.0 ISAPI extension buffer overflow\nRisk Factor: High\nAttack Type: Network Based\nPlatforms Affected: IIS 5.0, Windows 2000 Server, Windows 2000\n Advanced Server, Windows 2000 Datacenter Server\nVulnerability: iis-isapi-bo\nX-Force URL: http://xforce.iss.net/static/6485.php\n\n_____\n\nRisk Factor Key:\n\n High Any vulnerability that provides an attacker with immediate\n access into a machine, gains superuser access, or bypasses\n a firewall. Example: A vulnerable Sendmail 8.6.5 version\n that allows an intruder to execute commands on mail\n server. \n Medium Any vulnerability that provides information that has a\n high potential of giving system access to an intruder. \n Example: A misconfigured TFTP or vulnerable NIS server\n that allows an intruder to get the password file that\n could contain an account with a guessable password. \n Low Any vulnerability that provides information that\n potentially could lead to a compromise. Example: A\n finger that allows an intruder to find out who is online\n and potential accounts to attempt to crack passwords\n via brute force methods. \n\n________\n\n\nAbout Internet Security Systems (ISS) \n\nInternet Security Systems is a leading global provider of security\nmanagement solutions for the Internet, protecting digital assets and\nensuring safe and uninterrupted e-business. With its industry-leading\nintrusion detection and vulnerability assessment software, remote managed\nsecurity services, and strategic consulting and education offerings, ISS\nis a trusted security provider to more than 8,000 customers worldwide\nincluding 21 of the 25 largest U.S. commercial banks and the top 10 U.S. \ntelecommunications companies. Founded in 1994, ISS is headquartered in\nAtlanta, GA, with additional offices throughout North America and\ninternational operations in Asia, Australia, Europe, Latin America and the\nMiddle East. For more information, visit the Internet Security Systems\nweb site at www.iss.net or call 888-901-7477. \n\nCopyright (c) 2001 by Internet Security Systems, Inc. \n\nPermission is hereby granted for the redistribution of this Alert\nelectronically. It is not to be edited in any way without express consent\nof the X-Force. If you wish to reprint the whole or any part of this Alert\nin any other medium excluding electronic medium, please e-mail\nxforce@iss.net for permission. \n\nDisclaimer\n\nThe information within this paper may change without notice. Use of this\ninformation constitutes acceptance for use in an AS IS condition. There\nare NO warranties with regard to this information. In no event shall the\nauthor be liable for any damages whatsoever arising out of or in\nconnection with the use or spread of this information. Any use of this\ninformation is at the user\u0027s own risk. \n\n\n\nX-Force PGP Key available at: http://xforce.iss.net/sensitive.php as \nwell as on MIT\u0027s PGP key server and PGP.com\u0027s key server. \n\nPlease send suggestions, updates, and comments to: X-Force xforce@iss.net\nof Internet Security Systems, Inc. \n\n-----BEGIN PGP SIGNATURE-----\nVersion: 2.6.3a\nCharset: noconv\n\niQCVAwUBOvrtmTRfJiV99eG9AQFRFwP+NhRj20kY5edBZBvSMBZKAOKEQGpJPPnD\nJ/YCCB9TkzoWt65a7HR6c2MbimbnCo8YrhkjgFcvPmArCOFMS/68lhcStKd769PO\nrbojCoys8l1woaFDwzPnQeWVoNMen83sVvsiy7Bwk5Sm0cjM3gZC+X0vqG8EI59Y\nOAtrNiOkj7o=\n=kYl+\n-----END PGP SIGNATURE-----\n\n", "sources": [ { "db": "NVD", "id": "CVE-2001-0494" }, { "db": "CERT/CC", "id": "VU#601312" }, { "db": "CERT/CC", "id": "VU#642760" }, { "db": "CERT/CC", "id": "VU#555464" }, { "db": "CERT/CC", "id": "VU#310816" }, { "db": "BID", "id": "2636" }, { "db": "VULHUB", "id": "VHN-3312" }, { "db": "PACKETSTORM", "id": "24836" } ], "trust": 4.23 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "OSVDB", "id": "5610", "trust": 1.7 }, { "db": "NVD", "id": "CVE-2001-0494", "trust": 1.7 }, { "db": "BID", "id": "2636", "trust": 1.1 }, { "db": "XF", "id": "6347", "trust": 0.9 }, { "db": "XF", "id": "6351", "trust": 0.9 }, { "db": "XF", "id": "6350", "trust": 0.9 }, { "db": "XF", "id": "6423", "trust": 0.9 }, { "db": "BID", "id": "2565", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#601312", "trust": 0.8 }, { "db": "BID", "id": "2598", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#642760", "trust": 0.8 }, { "db": "BID", "id": "2599", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#555464", "trust": 0.8 }, { "db": "CERT/CC", "id": "VU#310816", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-200106-136", "trust": 0.7 }, { "db": "XF", "id": "6445", "trust": 0.7 }, { "db": "BUGTRAQ", "id": "20010424 IPSWITCH IMAIL 6.06 SMTP REMOTE SYSTEM ACCESS VULNERABILITY", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-3312", "trust": 0.1 }, { "db": "XF", "id": "6382", "trust": 0.1 }, { "db": "XF", "id": "6475", "trust": 0.1 }, { "db": "XF", "id": "6343", "trust": 0.1 }, { "db": "XF", "id": "6386", "trust": 0.1 }, { "db": "XF", "id": "6328", "trust": 0.1 }, { "db": "XF", "id": "6333", "trust": 0.1 }, { "db": "XF", "id": "6334", "trust": 0.1 }, { "db": "XF", "id": "6376", "trust": 0.1 }, { "db": "XF", "id": "6345", "trust": 0.1 }, { "db": "XF", "id": "6422", "trust": 0.1 }, { "db": "XF", "id": "6322", "trust": 0.1 }, { "db": "XF", "id": "6378", "trust": 0.1 }, { "db": "XF", "id": "6342", "trust": 0.1 }, { "db": "XF", "id": "6453", "trust": 0.1 }, { "db": "XF", "id": "6405", "trust": 0.1 }, { "db": "XF", "id": "6321", "trust": 0.1 }, { "db": "XF", "id": "6377", "trust": 0.1 }, { "db": "XF", "id": "6428", "trust": 0.1 }, { "db": "XF", "id": "6450", "trust": 0.1 }, { "db": "XF", "id": "6332", "trust": 0.1 }, { "db": "XF", "id": "6410", "trust": 0.1 }, { "db": "XF", "id": "6478", "trust": 0.1 }, { "db": "XF", "id": "6359", "trust": 0.1 }, { "db": "XF", "id": "6485", "trust": 0.1 }, { "db": "XF", "id": "6414", "trust": 0.1 }, { "db": "XF", "id": "6371", "trust": 0.1 }, { "db": "XF", "id": "6477", "trust": 0.1 }, { "db": "XF", "id": "6395", "trust": 0.1 }, { "db": "XF", "id": "6394", "trust": 0.1 }, { "db": "XF", "id": "6353", "trust": 0.1 }, { "db": "XF", "id": "6466", "trust": 0.1 }, { "db": "XF", "id": "6481", "trust": 0.1 }, { "db": "XF", "id": "6329", "trust": 0.1 }, { "db": "XF", "id": "6372", "trust": 0.1 }, { "db": "XF", "id": "6348", "trust": 0.1 }, { "db": "XF", "id": "6437", "trust": 0.1 }, { "db": "XF", "id": "6367", "trust": 0.1 }, { "db": "XF", "id": "6411", "trust": 0.1 }, { "db": "XF", "id": "6452", "trust": 0.1 }, { "db": "XF", "id": "6354", "trust": 0.1 }, { "db": "XF", "id": "6344", "trust": 0.1 }, { "db": "XF", "id": "6356", "trust": 0.1 }, { "db": "XF", "id": "6420", "trust": 0.1 }, { "db": "XF", "id": "6424", "trust": 0.1 }, { "db": "XF", "id": "6365", "trust": 0.1 }, { "db": "XF", "id": "6415", "trust": 0.1 }, { "db": "XF", "id": "6416", "trust": 0.1 }, { "db": "XF", "id": "6412", "trust": 0.1 }, { "db": "XF", "id": "6391", "trust": 0.1 }, { "db": "XF", "id": "6447", "trust": 0.1 }, { "db": "XF", "id": "6362", "trust": 0.1 }, { "db": "XF", "id": "6408", "trust": 0.1 }, { "db": "XF", "id": "6331", "trust": 0.1 }, { "db": "XF", "id": "6431", "trust": 0.1 }, { "db": "XF", "id": "6479", "trust": 0.1 }, { "db": "XF", "id": "6429", "trust": 0.1 }, { "db": "XF", "id": "6392", "trust": 0.1 }, { "db": "XF", "id": "6396", "trust": 0.1 }, { "db": "XF", "id": "6480", "trust": 0.1 }, { "db": "XF", "id": "6468", "trust": 0.1 }, { "db": "XF", "id": "6366", "trust": 0.1 }, { "db": "XF", "id": "6327", "trust": 0.1 }, { "db": "XF", "id": "6474", "trust": 0.1 }, { "db": "XF", "id": "6319", "trust": 0.1 }, { "db": "XF", "id": "6403", "trust": 0.1 }, { "db": "XF", "id": "6413", "trust": 0.1 }, { "db": "XF", "id": "6388", "trust": 0.1 }, { "db": "XF", "id": "6363", "trust": 0.1 }, { "db": "XF", "id": "6454", "trust": 0.1 }, { "db": "XF", "id": "6364", "trust": 0.1 }, { "db": "XF", "id": "6400", "trust": 0.1 }, { "db": "XF", "id": "6339", "trust": 0.1 }, { "db": "XF", "id": "6455", "trust": 0.1 }, { "db": "XF", "id": "6341", "trust": 0.1 }, { "db": "XF", "id": "6318", "trust": 0.1 }, { "db": "XF", "id": "6436", "trust": 0.1 }, { "db": "XF", "id": "6448", "trust": 0.1 }, { "db": "XF", "id": "6320", "trust": 0.1 }, { "db": "XF", "id": "6385", "trust": 0.1 }, { "db": "XF", "id": "6379", "trust": 0.1 }, { "db": "XF", "id": "6402", "trust": 0.1 }, { "db": "XF", "id": "6426", "trust": 0.1 }, { "db": "XF", "id": "6323", "trust": 0.1 }, { "db": "XF", "id": "6369", "trust": 0.1 }, { "db": "XF", "id": "6336", "trust": 0.1 }, { "db": "XF", "id": "6427", "trust": 0.1 }, { "db": "XF", "id": "6446", "trust": 0.1 }, { "db": "XF", "id": "6349", "trust": 0.1 }, { "db": "XF", "id": "6368", "trust": 0.1 }, { "db": "XF", "id": "6389", "trust": 0.1 }, { "db": "XF", "id": "6357", "trust": 0.1 }, { "db": "XF", "id": "6476", "trust": 0.1 }, { "db": "XF", "id": "6401", "trust": 0.1 }, { "db": "XF", "id": "6326", "trust": 0.1 }, { "db": "XF", "id": "6340", "trust": 0.1 }, { "db": "XF", "id": "6337", "trust": 0.1 }, { "db": "XF", "id": "6473", "trust": 0.1 }, { "db": "XF", "id": "6375", "trust": 0.1 }, { "db": "XF", "id": "6409", "trust": 0.1 }, { "db": "XF", "id": "6390", "trust": 0.1 }, { "db": "XF", "id": "6335", "trust": 0.1 }, { "db": "XF", "id": "6393", "trust": 0.1 }, { "db": "XF", "id": "6324", "trust": 0.1 }, { "db": "XF", "id": "6404", "trust": 0.1 }, { "db": "XF", "id": "6360", "trust": 0.1 }, { "db": "XF", "id": "6398", "trust": 0.1 }, { "db": "XF", "id": "6430", "trust": 0.1 }, { "db": "XF", "id": "6406", "trust": 0.1 }, { "db": "XF", "id": "6444", "trust": 0.1 }, { "db": "XF", "id": "6330", "trust": 0.1 }, { "db": "XF", "id": "6355", "trust": 0.1 }, { "db": "XF", "id": "6407", "trust": 0.1 }, { "db": "XF", "id": "6374", "trust": 0.1 }, { "db": "XF", "id": "6383", "trust": 0.1 }, { "db": "XF", "id": "6451", "trust": 0.1 }, { "db": "PACKETSTORM", "id": "24836", "trust": 0.1 } ], "sources": [ { "db": "CERT/CC", "id": "VU#601312" }, { "db": "CERT/CC", "id": "VU#642760" }, { "db": "CERT/CC", "id": "VU#555464" }, { "db": "CERT/CC", "id": "VU#310816" }, { "db": "VULHUB", "id": "VHN-3312" }, { "db": "BID", "id": "2636" }, { "db": "PACKETSTORM", "id": "24836" }, { "db": "CNNVD", "id": "CNNVD-200106-136" }, { "db": "NVD", "id": "CVE-2001-0494" } ] }, "id": "VAR-200106-0149", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-3312" } ], "trust": 0.01 }, "last_update_date": "2024-07-23T21:31:18.052000Z", "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-Other", "trust": 1.0 } ], "sources": [ { "db": "NVD", "id": "CVE-2001-0494" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.4, "url": "http://www.securityfocus.com/advisories/3208" }, { "trust": 1.7, "url": "http://archives.neohapsis.com/archives/bugtraq/2001-04/0433.html" }, { "trust": 1.7, "url": "http://ipswitch.com/support/imail/news.html" }, { "trust": 1.7, "url": "http://www.osvdb.org/5610" }, { "trust": 1.6, "url": "http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c?openview\u0026start=3.111\u0026count=30\u0026expand=3.126#3.126" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/6445" }, { "trust": 0.9, "url": "http://xforce.iss.net/static/6347.php" }, { "trust": 0.9, "url": "http://xforce.iss.net/static/6351.php" }, { "trust": 0.9, "url": "http://xforce.iss.net/static/6350.php" }, { "trust": 0.9, "url": "http://xforce.iss.net/static/6423.php" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/2565" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/2598" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/2599" }, { "trust": 0.8, "url": "http://www.notes.net/r5fixlist.nsf/a8f0ffda1fc76c8985256752006aba6c/59719a1dd92c03e385256a4d0073766b?opendocument" }, { "trust": 0.8, "url": "http://www.securityfocus.com/bid/2636" }, { "trust": 0.8, "url": "http://www.ritlabs.com/the_bat/index.html" }, { "trust": 0.8, "url": "http://www.security.nnov.ru/search/news.asp?binid=1136" }, { "trust": 0.7, "url": "http://xforce.iss.net/static/6445.php" }, { "trust": 0.3, "url": "http://www.thebat.net" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6323.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6330.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6392.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6444.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6455.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6468.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6452.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6327.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6395.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6485.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6402.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6362.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6366.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6336.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6451.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6334.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6406.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6427.php" }, { "trust": 0.1, "url": "https://www.iss.net" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6343.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6326.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6319.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6344.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6398.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6428.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6353.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6356.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6390.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6450.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6446.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6368.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6332.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6359.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6376.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6354.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6378.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6374.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6394.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6383.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6411.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6414.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6481.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6349.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6365.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6382.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6403.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6324.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6329.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6437.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6388.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6415.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6424.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6342.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6337.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6357.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6348.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/alerts/vol-6_num-6.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6407.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6379.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6389.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6436.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6466.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6412.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6448.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6400.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6318.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6478.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6454.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6372.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6420.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6335.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6345.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6479.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6355.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6321.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6364.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6476.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6393.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6391.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6341.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6371.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6429.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6369.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6405.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6431.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6422.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6410.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6360.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6401.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6413.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6474.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6477.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6385.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6473.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6328.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6377.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6416.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6339.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6367.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6453.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6375.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/maillists/index.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6475.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6430.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6340.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6396.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6426.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6331.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6386.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/sensitive.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6333.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6480.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6409.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6447.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6404.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6320.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6408.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6322.php" }, { "trust": 0.1, "url": "http://xforce.iss.net/static/6363.php" } ], "sources": [ { "db": "CERT/CC", "id": "VU#601312" }, { "db": "CERT/CC", "id": "VU#642760" }, { "db": "CERT/CC", "id": "VU#555464" }, { "db": "CERT/CC", "id": "VU#310816" }, { "db": "VULHUB", "id": "VHN-3312" }, { "db": "BID", "id": "2636" }, { "db": "PACKETSTORM", "id": "24836" }, { "db": "CNNVD", "id": "CNNVD-200106-136" }, { "db": "NVD", "id": "CVE-2001-0494" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "CERT/CC", "id": "VU#601312" }, { "db": "CERT/CC", "id": "VU#642760" }, { "db": "CERT/CC", "id": "VU#555464" }, { "db": "CERT/CC", "id": "VU#310816" }, { "db": "VULHUB", "id": "VHN-3312" }, { "db": "BID", "id": "2636" }, { "db": "PACKETSTORM", "id": "24836" }, { "db": "CNNVD", "id": "CNNVD-200106-136" }, { "db": "NVD", "id": "CVE-2001-0494" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2001-07-12T00:00:00", "db": "CERT/CC", "id": "VU#601312" }, { "date": "2001-07-12T00:00:00", "db": "CERT/CC", "id": "VU#642760" }, { "date": "2001-07-12T00:00:00", "db": "CERT/CC", "id": "VU#555464" }, { "date": "2001-06-01T00:00:00", "db": "CERT/CC", "id": "VU#310816" }, { "date": "2001-06-27T00:00:00", "db": "VULHUB", "id": "VHN-3312" }, { "date": "2001-04-18T00:00:00", "db": "BID", "id": "2636" }, { "date": "2001-05-16T01:07:09", "db": "PACKETSTORM", "id": "24836" }, { "date": "2001-06-27T00:00:00", "db": "CNNVD", "id": "CNNVD-200106-136" }, { "date": "2001-06-27T04:00:00", "db": "NVD", "id": "CVE-2001-0494" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2001-07-17T00:00:00", "db": "CERT/CC", "id": "VU#601312" }, { "date": "2001-07-17T00:00:00", "db": "CERT/CC", "id": "VU#642760" }, { "date": "2001-07-17T00:00:00", "db": "CERT/CC", "id": "VU#555464" }, { "date": "2001-08-30T00:00:00", "db": "CERT/CC", "id": "VU#310816" }, { "date": "2017-10-10T00:00:00", "db": "VULHUB", "id": "VHN-3312" }, { "date": "2001-04-18T00:00:00", "db": "BID", "id": "2636" }, { "date": "2005-05-02T00:00:00", "db": "CNNVD", "id": "CNNVD-200106-136" }, { "date": "2017-10-10T01:29:45.267000", "db": "NVD", "id": "CVE-2001-0494" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "PACKETSTORM", "id": "24836" }, { "db": "CNNVD", "id": "CNNVD-200106-136" } ], "trust": 0.7 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Lotus Domino vulnerable to DoS via crafted HTTP header requests", "sources": [ { "db": "CERT/CC", "id": "VU#601312" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "buffer overflow", "sources": [ { "db": "CNNVD", "id": "CNNVD-200106-136" } ], "trust": 0.6 } }
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.