Internet Security Systems
Date Reported: 12/02/2002
Brief Description: Linksys EtherFast Web management interface multiple
stack buffer overflows
Risk Factor: High
Attack Type: Network Based
Platforms: Linksys EtherFast BEFSR41 1.42.7, Linksys EtherFast
BEFSR11 1.42.7, Linksys EtherFast BEFSRU31 1.42.7,
Linksys EtherFast BEFW11S4 v2 1.42.7, Linksys
EtherFast BEFW11S4 v2 1.43, Linksys EtherFast
BEFW11S4 v2 1.43.3, Linksys EtherFast BEFSR41 1.43,
Linksys EtherFast BEFSR11 1.43, Linksys EtherFast
BEFSRU31 1.43, Linksys EtherFast BEFSR81 2.42.7.1,
Linksys EtherFast BEFN2PS4 1.42.7, Linksys
EtherFast BEFSX41 1.43, Linksys EtherFast BEFSX41
1.43.3, Linksys EtherFast BEFSX41 1.43.4, Linksys
EtherFast BEFVP41 1.40.2, Linksys EtherFast BEFVP41
1.40.3, Linksys EtherFast BEFSR41 1.43.3, Linksys
EtherFast BEFSR11 1.43.3, Linksys EtherFast
Vulnerability: linksys-etherfast-stack-bo
X-Force URL:
http://www.iss.net/security_center/static/10792.php
Date Reported: 12/02/2002
Brief Description: Linksys EtherFast Web management interface multiple
heap buffer overflows
Risk Factor: High
Attack Type: Network Based
Platforms: Linksys EtherFast BEFSR41 1.42.7, Linksys EtherFast
BEFSR11 1.42.7, Linksys EtherFast BEFSRU31 1.42.7,
Linksys EtherFast BEFW11S4 v2 1.42.7, Linksys
EtherFast BEFW11S4 v2 1.43, Linksys EtherFast
BEFW11S4 v2 1.43.3, Linksys EtherFast BEFSR41 1.43,
Linksys EtherFast BEFSR11 1.43, Linksys EtherFast
BEFSRU31 1.43, Linksys EtherFast BEFSR81 2.42.7.1,
Linksys EtherFast BEFN2PS4 1.42.7, Linksys
EtherFast BEFSX41 1.43, Linksys EtherFast BEFSX41
1.43.3, Linksys EtherFast BEFSX41 1.43.4, Linksys
EtherFast BEFVP41 1.40.2, Linksys EtherFast BEFVP41
1.40.3, Linksys EtherFast BEFSR41 1.43.3, Linksys
EtherFast BEFSR11 1.43.3, Linksys EtherFast
Vulnerability: linksys-etherfast-heap-bo
X-Force URL:
http://www.iss.net/security_center/static/10793.php
Date Reported: 12/02/2002
Brief Description: Canna irw_through() buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Red Hat Linux 7.1, Red Hat Linux 7.2, Red Hat Linux
7.3, Red Hat Linux 8.0, Canna 3.6 and earlier
Vulnerability: canna-irwthrough-bo
X-Force URL:
http://www.iss.net/security_center/static/10831.php
Date Reported: 12/02/2002
Brief Description: Canna improper user request validation
Risk Factor: Medium
Attack Type: Network Based
Platforms: Red Hat Linux 7.1, Red Hat Linux 7.2, Red Hat Linux
7.3, Red Hat Linux 8.0, Canna 3.6 and earlier
Vulnerability: canna-improper-request-validation
X-Force URL:
http://www.iss.net/security_center/static/10832.php
Date Reported: 12/04/2002
Brief Description: Netscape/iPlanet/Sun ONE Web Server log file script
execution
Risk Factor: High
Attack Type: Network Based
Platforms: Solaris Any version, Windows NT Any version,
Netscape Enterprise Server 4.1 SP11 and earlier,
Sun ONE Web Server 6.0 SP1 and earlier, iPlanet Web
Server, Enterprise Edition 4.1 SP11 and earlier
Vulnerability: netscape-enterprise-log-script
X-Force URL:
http://www.iss.net/security_center/static/10808.php
Date Reported: 12/05/2002
Brief Description: akfingerd remote connection denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux Any version, Unix Any version, akfingerd 0.5
Vulnerability: akfingerd-connect-dos
X-Force URL:
http://www.iss.net/security_center/static/10794.php
Date Reported: 12/05/2002
Brief Description: akfingerd .plan symlink denial of service
Risk Factor: Low
Attack Type: Host Based
Platforms: Linux Any version, Unix Any version, akfingerd 0.5
Vulnerability: akfingerd-plan-symlink-dos
X-Force URL:
http://www.iss.net/security_center/static/10795.php
Date Reported: 12/05/2002
Brief Description: akfingerd could allow an attacker to read local
files
Risk Factor: Medium
Attack Type: Host Based
Platforms: Linux Any version, Unix Any version, akfingerd 0.5
Vulnerability: akfingerd-read-files
X-Force URL:
http://www.iss.net/security_center/static/10796.php
Date Reported: 12/06/2002
Brief Description: OpenLDAP multiple buffer overflows
Risk Factor: High
Attack Type: Network Based
Platforms: SuSE Linux 7.1, SuSE Linux 7.2, SuSE Linux 7.3,
SuSE eMail Server III Any version, SuSE Linux
Connectivity Server Any version, SuSE Linux
Enterprise Server 7, SuSE Linux 8.0, SuSE Linux
Office Server Any version, SuSE eMail Server 3.1,
OpenLDAP 2.0.0 through 2.0.23
Vulnerability: openldap-multiple-bo
X-Force URL:
http://www.iss.net/security_center/static/10800.php
Date Reported: 12/06/2002
Brief Description: Gnuplot French documentation buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: SuSE Linux prior to 8.0, Gnuplot 3.7
Vulnerability: gnuplot-french-documentation-bo
X-Force URL:
http://www.iss.net/security_center/static/10801.php
Date Reported: 12/06/2002
Brief Description: UW IMAP (wu-imapd) authenticated user buffer
overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, Unix Any version, UW IMAP 2000c
and earlier
Vulnerability: wuimapd-authenticated-user-bo
X-Force URL:
http://www.iss.net/security_center/static/10803.php
Date Reported: 12/06/2002
Brief Description: XOOPS HTML attribute tags cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, XOOPS 1.3.5
Vulnerability: xoops-html-attribute-xss
X-Force URL:
http://www.iss.net/security_center/static/10806.php
Date Reported: 12/07/2002
Brief Description: vBulletin forum message cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, vBulletin 2.2.7, vBulletin 2.2.8
Vulnerability: vbulletin-forum-msg-xss
X-Force URL:
http://www.iss.net/security_center/static/10841.php
Date Reported: 12/09/2002
Brief Description: Ikonboard HTML tags photo URL cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, Ikonboard 3.1.1
Vulnerability: ikonboard-html-photo-xss
X-Force URL:
http://www.iss.net/security_center/static/10797.php
Date Reported: 12/09/2002
Brief Description: Ikonboard X-Forwarded-For: header cross-site
scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, Ikonboard 3.1.1
Vulnerability: ikonboard-xforwardedfor-header-xss
X-Force URL:
http://www.iss.net/security_center/static/10799.php
Date Reported: 12/09/2002
Brief Description: Cyrus-SASL library username buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms: Linux Any version, Unix Any version, Cyrus-SASL
2.1.9
Vulnerability: cyrus-sasl-username-bo
X-Force URL:
http://www.iss.net/security_center/static/10810.php
Date Reported: 12/09/2002
Brief Description: Cyrus-SASL library saslauthd daemon escape
character buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms: Linux Any version, Unix Any version, Cyrus-SASL
2.1.9
Vulnerability: cyrus-sasl-saslauthd-bo
X-Force URL:
http://www.iss.net/security_center/static/10811.php
Date Reported: 12/09/2002
Brief Description: Cyrus-SASL library log writer buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms: Linux Any version, Unix Any version, Cyrus-SASL
2.1.9
Vulnerability: cyrus-sasl-logwriter-bo
X-Force URL:
http://www.iss.net/security_center/static/10812.php
Date Reported: 12/10/2002
Brief Description: apt-www-proxy awp_log() function format string
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, apt-www-proxy 0.1
Vulnerability: apt-www-proxy-format-string
X-Force URL:
http://www.iss.net/security_center/static/10815.php
Date Reported: 12/10/2002
Brief Description: apt-www-proxy NULL client->get denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux Any version, apt-www-proxy 0.1
Vulnerability: apt-www-proxy-dos
X-Force URL:
http://www.iss.net/security_center/static/10816.php
Date Reported: 12/10/2002
Brief Description: wget utility malicious file name directory
traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms: Red Hat Linux 6.2, Debian Linux 2.2, Red Hat Linux
7.0, Red Hat Linux 7.1, Red Hat Linux 7.2, Red Hat
Linux 7.3, Debian Linux 3.0, Red Hat Linux 8.0, Red
Hat Advanced Server 2.1AS, wget prior to 1.8.2-4
Vulnerability: wget-ftp-filename-traversal
X-Force URL:
http://www.iss.net/security_center/static/10820.php
Date Reported: 12/10/2002
Brief Description: Multiple FTP client malicious file name directory
traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, FTP Any version
Vulnerability: ftp-client-filename-traversal
X-Force URL:
http://www.iss.net/security_center/static/10821.php
Date Reported: 12/11/2002
Brief Description: Cisco Catalyst Optical Service Module (OSM) Line
Card denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms: Cisco IOS prior to 10.3(2), Cisco Catalyst 6500 Any
version, Cisco IOS 12.1(8)E or later
Vulnerability: cisco-catalyst-osm-dos
X-Force URL:
http://www.iss.net/security_center/static/10823.php
Date Reported: 12/11/2002
Brief Description: Macromedia ColdFusion and JRun Web services SOAP
denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux Any version, Unix Any version, Windows NT Any
version, Windows 2000 Any version, ColdFusion MX
Any version, JRun 4.0
Vulnerability: coldfusion-jrun-soap-dos
X-Force URL:
http://www.iss.net/security_center/static/10826.php
Date Reported: 12/11/2002
Brief Description: VIM text file modelines could be used to execute
commands
Risk Factor: High
Attack Type: Host Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, VIM 6.0, VIM 6.1
Vulnerability: vim-modeline-command-execution
X-Force URL:
http://www.iss.net/security_center/static/10835.php
Date Reported: 12/12/2002
Brief Description: MySQL COM_TABLE_DUMP unsigned integer denial of
service
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, EnGarde
Secure Linux Community Edition, FreeBSD Any
version, MySQL 3.23.53a and earlier, MySQL 4.0.5a
and earlier
Vulnerability: mysql-comtabledump-dos
X-Force URL:
http://www.iss.net/security_center/static/10846.php
Date Reported: 12/12/2002
Brief Description: MySQL COM_CHANGE_USER command password
authentication bypass
Risk Factor: High
Attack Type: Host Based / Network Based
Platforms: Linux Any version, Windows Any version, FreeBSD Any
version, MySQL 3.23.53a and earlier, MySQL 4.0.5a
and earlier
Vulnerability: mysql-comchangeuser-password-bypass
X-Force URL:
http://www.iss.net/security_center/static/10847.php
Date Reported: 12/12/2002
Brief Description: MySQL COM_CHANGE_USER password buffer overflow
Risk Factor: High
Attack Type: Host Based / Network Based
Platforms: Linux Any version, Windows Any version, EnGarde
Secure Linux Community Edition, FreeBSD Any
version, MySQL 3.23.53a and earlier, MySQL 4.0.5a
and earlier
Vulnerability: mysql-comchangeuser-password-bo
X-Force URL:
http://www.iss.net/security_center/static/10848.php
Date Reported: 12/12/2002
Brief Description: MySQL libmysql client read_rows buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, EnGarde
Secure Linux Community Edition, FreeBSD Any
version, MySQL 3.23.53a and earlier, MySQL 4.0.5a
and earlier
Vulnerability: mysql-libmysqlclient-readrows-bo
X-Force URL:
http://www.iss.net/security_center/static/10849.php
Date Reported: 12/12/2002
Brief Description: MySQL libmysql client read_one_row buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, EnGarde
Secure Linux Community Edition, FreeBSD Any
version, MySQL 3.23.53a and earlier, MySQL 4.0.5a
and earlier
Vulnerability: mysql-libmysqlclient-readonerow-bo
X-Force URL:
http://www.iss.net/security_center/static/10850.php
Date Reported: 12/12/2002
Brief Description: wget long URL file name buffer overflow
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms: Debian Linux 2.2, Debian Linux 3.0, wget Any
version
Vulnerability: wget-url-filename-bo
X-Force URL:
http://www.iss.net/security_center/static/10851.php
Date Reported: 12/12/2002
Brief Description: Mambo Site Server phpinfo.php[/url] script could disclose
physical path
Risk Factor: Low
Attack Type: Network Based
Platforms: AIX Any version, Linux Any version, Solaris Any
version, Windows NT Any version, Windows 98,
Windows 2000 Any version, Mac OS X Any version,
Cobalt RaQ 4, FreeBSD Any version, Windows XP Any
version, Mambo Site Server 4.0.11
Vulnerability: mambo-phpinfo-disclose-path
X-Force URL:
http://www.iss.net/security_center/static/10853.php
Date Reported: 12/12/2002
Brief Description: Mambo Site Server search.php[/url] script cross-site
scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: AIX Any version, Linux Any version, Solaris Any
version, Windows NT Any version, Windows 98,
Windows 2000 Any version, Mac OS X Any version,
Cobalt RaQ 4, FreeBSD Any version, Windows XP Any
version, Mambo Site Server 4.0.11
Vulnerability: mambo-search-xss
X-Force URL:
http://www.iss.net/security_center/static/10854.php
Date Reported: 12/12/2002
Brief Description: Mambo Site Server special characters could lock
account
Risk Factor: Low
Attack Type: Host Based
Platforms: AIX Any version, Linux Any version, Solaris Any
version, Windows NT Any version, FreeBSD Any
version, Windows 98, Windows 2000 Any version, Mac
OS X Any version, Cobalt RaQ 4, Windows XP Any
version, Mambo Site Server 4.0.11
Vulnerability: mambo-character-account-locked
X-Force URL:
http://www.iss.net/security_center/static/10855.php
Date Reported: 12/12/2002
Brief Description: Mambo Site Server index.php[/url] script could disclose
physical path
Risk Factor: Low
Attack Type: Network Based
Platforms: AIX Any version, Linux Any version, Solaris Any
version, Windows NT Any version, FreeBSD Any
version, Windows 98, Windows 2000 Any version, Mac
OS X Any version, Cobalt RaQ 4, Windows XP Any
version, Mambo Site Server 4.0.11
Vulnerability: mambo-index-path-disclosure
X-Force URL:
http://www.iss.net/security_center/static/10856.php
Date Reported: 12/12/2002
Brief Description: Mambo Site Server default administrative password
and username
Risk Factor: High
Attack Type: Network Based
Platforms: AIX Any version, Linux Any version, Solaris Any
version, Windows NT Any version, FreeBSD Any
version, Windows 98, Windows 2000 Any version, Mac
OS X Any version, Cobalt RaQ 4, Windows XP Any
version, Mambo Site Server 4.0.11
Vulnerability: mambo-default-admin-password
X-Force URL:
http://www.iss.net/security_center/static/10857.php
Date Reported: 12/12/2002
Brief Description: Mambo Site Server could allow an attacker to gain
access to the backend database
Risk Factor: Medium
Attack Type: Network Based
Platforms: AIX Any version, Linux Any version, Solaris Any
version, Windows NT Any version, FreeBSD Any
version, Windows 98, Windows 2000 Any version, Mac
OS X Any version, Cobalt RaQ 4, Windows XP Any
version, Mambo Site Server 4.0.11
Vulnerability: mambo-phpmyadmin-gain-access
X-Force URL:
http://www.iss.net/security_center/static/10858.php
Date Reported: 12/12/2002
Brief Description: Mambo Site Server name field cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: AIX Any version, Linux Any version, Solaris Any
version, Windows NT Any version, FreeBSD Any
version, Windows 98, Windows 2000 Any version, Mac
OS X Any version, Cobalt RaQ 4, Windows XP Any
version, Mambo Site Server 4.0.11
Vulnerability: mambo-name-field-xss
X-Force URL:
http://www.iss.net/security_center/static/10859.php
Date Reported: 12/12/2002
Brief Description: Instant ASP (iASP) "dot dot" directory traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, Instant ASP (iASP) 1.0.9 and earlier
Vulnerability: iasp-dotdot-directory-traversal
X-Force URL:
http://www.iss.net/security_center/static/10860.php
Date Reported: 12/12/2002
Brief Description: Macromedia Flash Player malformed SWF header buffer
overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, Macromedia Flash Player prior to 6.0.65.0
Vulnerability: flash-swf-bo
X-Force URL:
http://www.iss.net/security_center/static/10861.php
Date Reported: 12/13/2002
Brief Description: Fetchmail address header heap buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, Unix Any version, Fetchmail
6.1.3 and earlier
Vulnerability: fetchmail-address-header-bo
X-Force URL:
http://www.iss.net/security_center/static/10839.php
Date Reported: 12/13/2002
Brief Description: Symantec Enterprise Firewall (SEF) buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Symantec VelociRaptor 500/700/1000, Symantec
VelociRaptor 1100/1200/1300, Symantec Gateway
Security 5110/5200/5300, Solaris Any version,
Windows NT Any version, Windows 2000 Any version,
Raptor Firewall 6.5, Symantec Enterprise Firewall
(SEP) 7.0, Symantec Enterprise Firewall (SEP)
6.5.2, Raptor Firewall 6.5.3
Vulnerability: sef-realaudio-proxy-bo
X-Force URL:
http://www.iss.net/security_center/static/10862.php
Date Reported: 12/14/2002
Brief Description: MyPHPLinks index.php[/url] script SQL injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: Windows Any version, MyPHPLinks 2.1.9, MyPHPLinks
2.2.0CVS
Vulnerability: myphplinks-index-sql-injection
X-Force URL:
http://www.iss.net/security_center/static/10864.php