Internet Security Systems
Date Reported: 02/18/2003
Brief Description: PHP-Nuke auth.php SQL injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, PHP-Nuke 5.6, PHP-Nuke 6.0
Vulnerability: phpnuke-auth-sql-injection
X-Force URL:
http://www.iss.net/security_center/static/11385.php
Date Reported: 02/18/2003
Brief Description: phpBB auth.php script file disclosure
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, phpBB 1.4.x
Vulnerability: phpbb-auth-read-files
X-Force URL:
http://www.iss.net/security_center/static/11407.php
Date Reported: 02/21/2003
Brief Description: MyGuestbook form.php HTML injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, MyGuestbook 3.0
Vulnerability: myguestbook-form-html-injection
X-Force URL:
http://www.iss.net/security_center/static/11391.php
Date Reported: 02/21/2003
Brief Description: MyGuestbook authentication cookie unauthorized
access
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, MyGuestbook 3.0
Vulnerability: myguestbook-cookie-unauth-access
X-Force URL:
http://www.iss.net/security_center/static/11392.php
Date Reported: 02/21/2003
Brief Description: MyGuestbook user_modif.php allows attacker to
modify data
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, MyGuestbook 3.0
Vulnerability: myguestbook-usermodif-modify-data
X-Force URL:
http://www.iss.net/security_center/static/11393.php
Date Reported: 02/21/2003
Brief Description: Nuked-Klan cross-site scripting in Team, News, and
Liens modules
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, Nuked-Klan b1.3 and earlier
Vulnerability: nuked-klan-team-xss
X-Force URL:
http://www.iss.net/security_center/static/11420.php
Date Reported: 02/21/2003
Brief Description: Nuked-Klan information disclosure
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, Nuked-Klan b1.3 and earlier
Vulnerability: nukedklan-information-disclosure
X-Force URL:
http://www.iss.net/security_center/static/11424.php
Date Reported: 02/22/2003
Brief Description: Webmin and Usermin session ID spoofing root access
Risk Factor: High
Attack Type: Network Based
Platforms: Unix Any version, Mandrake Linux 7.2, Mandrake
Linux 8.0, Mandrake Single Network Firewall 7.2,
Mandrake Linux 8.1, Mandrake Linux 8.2, Gentoo
Linux Any version, Mandrake Linux 9.0, Webmin prior
to 1.070, Usermin prior to 1.000
Vulnerability: webmin-usermin-root-access
X-Force URL:
http://www.iss.net/security_center/static/11390.php
Date Reported: 02/23/2003
Brief Description: glFtpD username overwrite files
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Solaris Any version, FreeBSD Any
version, glFtpD 1.28 and earlier
Vulnerability: glftpd-username-file-overwrite
X-Force URL:
http://www.iss.net/security_center/static/11396.php
Date Reported: 02/23/2003
Brief Description: moxftp FTP welcome banner buffer overflow
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, FreeBSD Ports Collection Any
version, moxftp 2.2
Vulnerability: moxftp-welcome-banner-bo
X-Force URL:
http://www.iss.net/security_center/static/11399.php
Date Reported: 02/23/2003
Brief Description: GOsa PHP plugin variable file include
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Unix Any version, GOsa 1.0.0
Vulnerability: gosa-plugin-file-include
X-Force URL:
http://www.iss.net/security_center/static/11408.php
Date Reported: 02/23/2003
Brief Description: SIRCD reverse DNS lookup buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, Solaris Any version, Windows NT
Any version, Windows 2000 Any version, FreeBSD
Ports Collection Any version, SIRCD 0.4.0, SIRCD
0.4.4
Vulnerability: sircd-reverse-dns-bo
X-Force URL:
http://www.iss.net/security_center/static/11409.php
Date Reported: 02/23/2003
Brief Description: glFtpD oneliners file modification could allow
unauthorized root privileges
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, Solaris Any version, FreeBSD Any
version, glFtpD 1.28 and earlier
Vulnerability: glftpd-oneliners-root-privileges
X-Force URL:
http://www.iss.net/security_center/static/11410.php
Date Reported: 02/23/2003
Brief Description: Wihphoto sendphoto.php file disclosure
Risk Factor: Medium
Attack Type: Network Based
Platforms: Unix Any version, Wihphoto 0.86-dev
Vulnerability: wihphoto-sendphoto-file-disclosure
X-Force URL:
http://www.iss.net/security_center/static/11429.php
Date Reported: 02/24/2003
Brief Description: FreeBSD SYN cookie brute force attack
Risk Factor: Low
Attack Type: Network Based
Platforms: FreeBSD 4.7-STABLE, FreeBSD 5.0-RELEASE, FreeBSD
4.5-RELEASE, FreeBSD 4.6-RELEASE, FreeBSD 4.7-
RELEASE
Vulnerability: freebsd-syncookie-brute-force
X-Force URL:
http://www.iss.net/security_center/static/11397.php
Date Reported: 02/24/2003
Brief Description: Mambo Site Server MD5 hash session ID could allow
elevated privileges
Risk Factor: High
Attack Type: Network Based
Platforms: lftpd Any version, Linux Any version, Solaris Any
version, Windows Any version, Mac OS X Any version,
Mambo Site Server 4.0.12 RC2
Vulnerability: mambo-sessionid-gain-privileges
X-Force URL:
http://www.iss.net/security_center/static/11398.php
Date Reported: 02/24/2003
Brief Description: QuickTime and Darwin Streaming Server parse_xml.cgi
command execution
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, Solaris Any version, Windows Any
version, Mac OS X Server 10.2, Mac OS X Server
10.2.1, Mac OS X Server 10.2.2, Mac OS X Server
10.2.3, QuickTime Streaming Server 4.1.1, Darwin
Streaming Server 4.1.2
Vulnerability: quicktime-darwin-command-execution
X-Force URL:
http://www.iss.net/security_center/static/11401.php
Date Reported: 02/24/2003
Brief Description: QuickTime and Darwin Streaming Server parse_xml.cgi
path disclosure
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux Any version, Solaris Any version, Windows Any
version, Mac OS X Server 10.2, Mac OS X Server
10.2.1, Mac OS X Server 10.2.2, Mac OS X Server
10.2.3, QuickTime Streaming Server 4.1.1, Darwin
Streaming Server 4.1.2
Vulnerability: quicktime-darwin-path-disclosure
X-Force URL:
http://www.iss.net/security_center/static/11402.php
Date Reported: 02/24/2003
Brief Description: QuickTime and Darwin Streaming Server parse_xml.cgi
directory disclosure
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux Any version, Solaris Any version, Windows Any
version, Mac OS X Server 10.2, Mac OS X Server
10.2.1, Mac OS X Server 10.2.2, Mac OS X Server
10.2.3, QuickTime Streaming Server 4.1.1, Darwin
Streaming Server 4.1.2
Vulnerability: quicktime-darwin-directory-disclosure
X-Force URL:
http://www.iss.net/security_center/static/11403.php
Date Reported: 02/24/2003
Brief Description: QuickTime and Darwin Streaming Server parse_xml.cgi
cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Solaris Any version, Windows Any
version, Mac OS X Server 10.2, Mac OS X Server
10.2.1, Mac OS X Server 10.2.2, Mac OS X Server
10.2.3, QuickTime Streaming Server 4.1.1, Darwin
Streaming Server 4.1.2
Vulnerability: quicktime-darwin-parsexml-xss
X-Force URL:
http://www.iss.net/security_center/static/11404.php
Date Reported: 02/24/2003
Brief Description: QuickTime and Darwin Streaming Server RTSP DESCRIBE
cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Solaris Any version, Windows Any
version, Mac OS X Server 10.2, Mac OS X Server
10.2.1, Mac OS X Server 10.2.2, Mac OS X Server
10.2.3, QuickTime Streaming Server 4.1.1, Darwin
Streaming Server 4.1.2
Vulnerability: quicktime-darwin-describe-xss
X-Force URL:
http://www.iss.net/security_center/static/11405.php
Date Reported: 02/24/2003
Brief Description: QuickTime and Darwin Streaming Server MP3
broadcasting buffer overflow
Risk Factor: High
Attack Type: Host Based / Network Based
Platforms: Linux Any version, Solaris Any version, Windows Any
version, Mac OS X Server 10.2, Mac OS X Server
10.2.1, Mac OS X Server 10.2.2, Mac OS X Server
10.2.3, QuickTime Streaming Server 4.1.1, Darwin
Streaming Server 4.1.2
Vulnerability: quicktime-darwin-mp3-bo
X-Force URL:
http://www.iss.net/security_center/static/11406.php
Date Reported: 02/24/2003
Brief Description: Apache HTTP Server error log terminal escape
sequence injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, Apache HTTP Server Any version
Vulnerability: apache-esc-seq-injection
X-Force URL:
http://www.iss.net/security_center/static/11412.php
Date Reported: 02/24/2003
Brief Description: Multiple vendor terminal emulator screen dump file
overwrite
Risk Factor: Medium
Attack Type: Host Based / Network Based
Platforms: BSD Any version, Linux Any version, Unix Any
version, Eterm 0.9.1 and earlier, rxvt 2.7.8
Vulnerability: terminal-emulator-screen-dump
X-Force URL:
http://www.iss.net/security_center/static/11413.php
Date Reported: 02/24/2003
Brief Description: Multiple vendor terminal emulator window title
command execution
Risk Factor: Medium
Attack Type: Host Based / Network Based
Platforms: BSD Any version, Linux Any version, Windows Any
version, Unix Any version, Eterm 0.9.1 and earlier,
rxvt 2.7.8, XFree86 4.2.0, dtterm Any version,
uxterm Any version, aterm 0.4.2, PuTTY 0.53, gnome-
terminal 2.0.2, hanterm-xf 2.0
Vulnerability: terminal-emulator-window-title
X-Force URL:
http://www.iss.net/security_center/static/11414.php
Date Reported: 02/24/2003
Brief Description: Multiple vendor terminal emulator DEC UDK denial of
service
Risk Factor: Low
Attack Type: Host Based / Network Based
Platforms: Linux Any version, Unix Any version, XFree86 4.2.0,
hanterm-xf 2.0
Vulnerability: terminal-emulator-dec-udk
X-Force URL:
http://www.iss.net/security_center/static/11415.php
Date Reported: 02/24/2003
Brief Description: Multiple vendor terminal emulator menuBar
modification command execution
Risk Factor: Medium
Attack Type: Host Based / Network Based
Platforms: Linux Any version, Unix Any version, rxvt 2.7.8,
aterm 0.4.2
Vulnerability: terminal-emulator-menu-modification
X-Force URL:
http://www.iss.net/security_center/static/11416.php
Date Reported: 02/24/2003
Brief Description: ClarkConnect clarkconnectd daemon information
disclosure
Risk Factor: Medium
Attack Type: Network Based
Platforms: ClarkConnect 1.2, Linux Any version
Vulnerability: clarkconnect-clarkconnectd-info-disclosure
X-Force URL:
http://www.iss.net/security_center/static/11419.php
Date Reported: 02/24/2003
Brief Description: Netscape Cascading Style-Sheet (CSS) overflow set
to scroll denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, Netscape 7.0, Netscape 6.0
Vulnerability: netscape-css-overflow-dos
X-Force URL:
http://www.iss.net/security_center/static/11433.php
Date Reported: 02/25/2003
Brief Description: CuteNews shownews.php, search.php, and comments.php
file include
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, CuteNews .088
Vulnerability: cutenews-php-file-include
X-Force URL:
http://www.iss.net/security_center/static/11417.php
Date Reported: 02/25/2003
Brief Description: VERITAS BMR for IBM TSM could allow root access to
BMR Main Server
Risk Factor: High
Attack Type: Network Based
Platforms: Windows NT Any version, AIX 4.2.1, Solaris 2.6, HP-
UX 11.00, HP-UX 10.20, Solaris 7, AIX 4.3, AIX
4.3.2, Solaris 8, Windows 2000 Server, HP-UX 11.11,
Windows 2000 Advanced Server, AIX 5.1, AIX 4.3.3,
Windows 2000 Professional, AIX 4.3.1, VERITAS Bare
Metal Restore for TSM 3.1.0, VERITAS Bare Metal
Restore for TSM 3.1.1, VERITAS Bare Metal Restore
for TSM 3.2.0, VERITAS Bare Metal Restore for TSM
3.2.1, AIX 4.3.3.10
Vulnerability: veritas-bmr-root-access
X-Force URL:
http://www.iss.net/security_center/static/11418.php
Date Reported: 02/25/2003
Brief Description: nCipher could import duplicate keys
Risk Factor: Medium
Attack Type: Host Based / Network Based
Platforms: Linux Any version, Windows NT 4.0, Solaris 2.6, HP-
UX 11.00, HP-UX 10.20, Solaris 7, Windows 2000 Any
version, AIX 4.3.3, AIX 5L, nCipher support
software prior to 7.00
Vulnerability: ncipher-duplicate-keys
X-Force URL:
http://www.iss.net/security_center/static/11422.php
Date Reported: 02/25/2003
Brief Description: Apache HTTP Server MIME message boundaries
information disclosure
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, OpenBSD 3.2, Apache HTTP Server 1.3.22 -
1.3.27
Vulnerability: apache-mime-information-disclosure
X-Force URL:
http://www.iss.net/security_center/static/11438.php
Date Reported: 02/26/2003
Brief Description: Opera "Enable Automatic Redirection" option cross-
site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Opera 7.02,
Opera 6.x
Vulnerability: opera-automatic-redirection-xss
X-Force URL:
http://www.iss.net/security_center/static/11423.php
Date Reported: 02/26/2003
Brief Description: AMX amx_say format string attack
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, AMX 0.9.2
and earlier
Vulnerability: amx-amxsay-format-string
X-Force URL:
http://www.iss.net/security_center/static/11427.php
Date Reported: 02/26/2003
Brief Description: AMX transmits rcon password in plain text
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, AMX 0.9.2
and earlier
Vulnerability: amx-rcon-password-plaintext
X-Force URL:
http://www.iss.net/security_center/static/11428.php
Date Reported: 02/27/2003
Brief Description: Ecartis password reset
Risk Factor: Medium
Attack Type: Host Based
Platforms: Linux Any version, Unix Any version, Ecartis 1.0.0
Vulnerability: ecartis-password-reset
X-Force URL:
http://www.iss.net/security_center/static/11431.php
Date Reported: 02/27/2003
Brief Description: tcpdump ISAKMP parsing denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux Any version, FreeBSD Any version, Debian
Linux 3.0, tcpdump 3.7.1, tcpdump 3.6.3
Vulnerability: tcpdump-isakmp-dos
X-Force URL:
http://www.iss.net/security_center/static/11434.php
Date Reported: 02/27/2003
Brief Description: Invision Power Board ipchat.php file include
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, Invision Power Board 1.1.1
Vulnerability: invision-ipchat-file-include
X-Force URL:
http://www.iss.net/security_center/static/11435.php
Date Reported: 02/27/2003
Brief Description: Sun Solaris ftp -d plaintext password
Risk Factor: Medium
Attack Type: Host Based
Platforms: Solaris 2.6, Solaris 7, Solaris 8
Vulnerability: solaris-ftp-plaintext-password
X-Force URL:
http://www.iss.net/security_center/static/11436.php
Date Reported: 02/28/2003
Brief Description: mhc-utils adb2mhc creates an insecure temporary
directory
Risk Factor: Medium
Attack Type: Host Based
Platforms: Debian Linux 3.0, mhc-utils Any version
Vulnerability: mhc-adb2mhc-insecure-tmp
X-Force URL:
http://www.iss.net/security_center/static/11439.php
Date Reported: 02/28/2003
Brief Description: WEB-ERP logicworks.ini unauthorized configuration
access
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Unix Any version, Windows NT Any
version, Windows 2000 Any version, Windows XP Any
version, WEB-ERP 0.1.4 and prior
Vulnerability: weberp-logicworks-ini-access
X-Force URL:
http://www.iss.net/security_center/static/11443.php
Date Reported: 03/02/2003
Brief Description: PY-Livredor guest book field cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Windows Any version, Unix Any
version, PY-Livredor 1.0
Vulnerability: pylivredor-guestbook-xss
X-Force URL:
http://www.iss.net/security_center/static/11448.php