Internet Security Systems
Date Reported: 04/03/2004
Brief Description: Encore Web Forum display.cgi command execution
Risk Factor: High
Attack Type: Network Based
Platforms: Any operating system Any version, Encore Web Forum Any version
Vulnerability: encore-display-command-execution
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15725
Date Reported: 04/05/2004
Brief Description: FTE Text Editor vfte buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Any operating system Any version, Debian Linux 3.0, FTE Text Editor any version
Vulnerability: ftetexteditor-vfte-bo
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15726
Date Reported: 04/05/2004
Brief Description: texutil symlink attack
Risk Factor: High
Attack Type: Host Based
Platforms: Linux Any version, textutil Any version, Unix Any version
Vulnerability: texutil-symlink-attack
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15728
Date Reported: 04/05/2004
Brief Description: YaST Online Update symlink attack
Risk Factor: High
Attack Type: Host Based
Platforms: SuSE Linux 8.2, SuSE Linux 9.0
Vulnerability: suse-you-symlink
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15731
Date Reported: 04/05/2004
Brief Description: monit Basic Authentication denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: monit 4.2 and earlier, monit 4.3 B2 and earlier, Unix Any version
Vulnerability: monit-basic-auth-dos
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15734
Date Reported: 04/05/2004
Brief Description: monit off-by-one buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: monit 4.2 and earlier, monit 4.3 B2 and earlier, Unix Any version
Vulnerability: monit-offbyone-bo
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15735
Date Reported: 04/05/2004
Brief Description: monit POST off-by-one buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: monit 4.2 and earlier, monit 4.3 B2 and earlier, Unix Any version
Vulnerability: monit-post-offbyone-bo
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15736
Date Reported: 04/02/2004
Brief Description: Citrix MetaFrame Password Manager First Time Use wizard information disclosure
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, Citrix MetaFrame Password Manager 2.0
Vulnerability: metaframe-wizard-info-disclosure
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15737
Date Reported: 04/05/2004
Brief Description: IGI 2 Covert Strike server rcon format string
Risk Factor: High
Attack Type: Network Based
Platforms: IGI 2 Covert Strike server 1.3 and earlier, Linux Any version, Windows Any version
Vulnerability: igi2covertstrike-rcon-format-string
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15742
Date Reported: 04/06/2004
Brief Description: F-Secure Backweb user interface allows elevated privileges
Risk Factor: High
Attack Type: Host Based
Platforms: F-Secure Backweb 6.31 and earlier, Linux Any version, Windows Any version
Vulnerability: fsecure-backweb-gain-privileges
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15745
Date Reported: 04/06/2004
Brief Description: Portage lockfile hardlink can be used to overwrite files
Risk Factor: Medium
Attack Type: Host Based
Platforms: Gentoo Linux Any version, Portage prior to 2.0.50- r3
Vulnerability: portage-lockfile-hardlink
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15754
Date Reported: 04/06/2004
Brief Description: sharutils shar utility buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms: Linux Any version, sharutils 4.2.1
Vulnerability: sharutils-shar-bo
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15759
Date Reported: 04/07/2004
Brief Description: CiscoWorks WLSE and Cisco HSE default password and username
Risk Factor: Medium
Attack Type: Network Based
Platforms: Cisco HSE 1.7, Cisco HSE 1.7.1, Cisco HSE 1.7.2,
Cisco HSE 1.7.3, CiscoWorks WLSE 2.0, CiscoWorks
WLSE 2.0.2, CiscoWorks WLSE 2.5
Vulnerability: cisco-default-password
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15773
Date Reported: 04/06/2004
Brief Description: RealPlayer and RealOne Player R3T buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Any operating system Any version, RealOne Player
Any version, RealPlayer 10 Beta (English),
RealPlayer 8.0, RealPlayer Enterprise Any version
Vulnerability: realplayer-r3t-bo
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15774
Date Reported: 04/07/2004
Brief Description: Racoon crypto_openssl.c bypass authentication
Risk Factor: Medium
Attack Type: Network Based
Platforms: FreeBSD 4.9, Gentoo Linux Any version, Mandrake Linux 10.0, Racoon Any version
Vulnerability: racoon-cryptoopenssl-auth-bypass
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15783
Date Reported: 04/07/2004
Brief Description: Solaris Sun Secure Shell Deamon allows log bypass
Risk Factor: Low
Attack Type: Network Based
Platforms: Solaris 9 SPARC, Solaris 9 x86
Vulnerability: solaris-sshd-log-bypass
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15784
Date Reported: 04/07/2004
Brief Description: NukeCalendar path disclosure
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, NukeCalendar 1.1.a
Vulnerability: nuke-calendar-path-disclosure
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15795
Date Reported: 04/08/2004
Brief Description: AzDGDatingLite index and view.php cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, AzDGDatingLite 2.1.1
Vulnerability: azdgdating-index-view-xss
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15796
Date Reported: 04/08/2004
Brief Description: Cisco 6500 and 7600 series VPNSM malformed IKE packet denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms: Cisco 6500 Any version, Cisco 7600 Any version,
Cisco IOS 12.2SXA, Cisco IOS 12.2SXB, Cisco IOS
12.2SY, Cisco IOS 12.2ZA
Vulnerability: cisco-vpnsm-ike-dos
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15797
Date Reported: 04/07/2004
Brief Description: NukeCalendar modules.php cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, NukeCalendar 1.1.a
Vulnerability: nuke-calendar-modulesphp-xss
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15798
Date Reported: 04/07/2004
Brief Description: NukeCalendar modules.php SQL injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, NukeCalendar 1.1.a
Vulnerability: nukecalendar-modulesphp-sql-injection
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15799
Date Reported: 04/08/2004
Brief Description: LCDproc parse_all_client_messages buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: LCDproc Any version, Linux Any version
Vulnerability: lcdproc-parseallclientmessages-bo
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15803
Date Reported: 04/08/2004
Brief Description: HP OpenView Operations and VantagePoint could allow administrative access
Risk Factor: High
Attack Type: Network Based
Platforms: HP OpenView Operations 6.x, HP OpenView Operations
7.x, HP OpenView VantagePoint 6.x, HP OpenView
VantagePoint 7.x, HP-UX 11.00, HP-UX 11.11
Vulnerability: hp-openview-gain-access
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15808
Date Reported: 04/08/2004
Brief Description: Sun Cluster Global File System denial of service
Risk Factor: Medium
Attack Type: Host Based
Platforms: Solaris 8, Solaris 9, Sun Cluster 3.0, Sun Cluster 3.1
Vulnerability: sun-cluster-file-dos
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15810
Date Reported: 04/08/2004
Brief Description: LCDproc test_func_func buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: LCDproc 0.4.1 and earlier, Linux Any version
Vulnerability: lcdproc-testfuncfunc-bo
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15814
Date Reported: 04/04/2004
Brief Description: Roger Wilco information disclosure
Risk Factor: Medium
Attack Type: Network Based
Platforms: BSD Any version, Linux Any version, Roger Wilco
Dedicated Server for Win32 0.30a and earlier, Roger
Wilco Graphical Server 1.4.1.6 & earlier, Windows Any version
Vulnerability: roger-wilco-obtain-information
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15816
Date Reported: 04/08/2004
Brief Description: LCDproc test_func_func function format string
Risk Factor: High
Attack Type: Network Based
Platforms: LCDproc 0.4.1 and earlier, Linux Any version
Vulnerability: lcdproc-testfuncfunc-format-string
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15817
Date Reported: 04/04/2004
Brief Description: Roger Wilco allows audio access
Risk Factor: Low
Attack Type: Network Based
Platforms: BSD Any version, Linux Any version, Roger Wilco
Dedicated Server for Win32 0.30a and earlier, Roger
Wilco Graphical Server 1.4.1.6 & earlier, Windows Any version
Vulnerability: roger-wilco-audio-access
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15819
Date Reported: 04/09/2004
Brief Description: Scorched 3D chat box format string attack
Risk Factor: High
Attack Type: Network Based
Platforms: Gentoo Linux Any version, Scorched 3D build 36.2 and prior
Vulnerability: scorched3d-chatbox-format-string
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15820
Date Reported: 04/09/2004
Brief Description: Open WebMail allows for unauthorized creation of directories
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Open WebMail 2.30 and earlier
Vulnerability: open-webmail-directory-creation
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15822
Date Reported: 04/09/2004
Brief Description: RSniff connection denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux Any version, RSniff 1.0
Vulnerability: rsniff-connection-dos
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15823
Date Reported: 04/09/2004
Brief Description: Crackalaka hash_strcmp denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Crackalaka 1.0.8, Linux Any version, Unix Any version
Vulnerability: crackalaka-hashstrcmp-dos
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15824