I only list important ones: people are not supposed to play games nor use talkd on their important servers (nor use commercial software). Boa Webserver 0.94.2.x File Disclosure Vulnerability BugTraq ID: 1770 Remote: Yes Date Published: 2000-10-10 Relevant URL: http://www.securityfocus.com/bid/1770 Summary: A local vulnerability exists in versions 0.94.8.3 and earlier of Boa Webserver. Improper filtering of percent-encoded characters ("/%2E%2E/") [ ... ] Also, if the configuration file /etc/boa/boa.conf contains the following entry: AddType application/x-httpd-cgi-cgi a user with local access and able to create an executable ".cgi" file will be able to run that program as the user id of the webserver. [ ... ] Big Brother Arbitrary Shell Command Execution Vulnerability BugTraq ID: 1779 Remote: Yes Date Published: 2000-10-10 Relevant URL: http://www.securityfocus.com/bid/1779 Summary: A vulnerability exists in versions of the Big Brother network monitor server prior to v1.5c2. Due to improper filtering of '&' characters from [ ... ] Tmpwatch Arbitrary Command Execution Vulnerability BugTraq ID: 1785 Remote: No Date Published: 2000-10-06 Relevant URL: http://www.securityfocus.com/bid/1785 Summary: A vulnerability exists in tmpwatch, a utility which automates the removal of temporary files in unix-like systems. An optional component of [ ... ] PHP Error Logging Format String Vulnerability BugTraq ID: 1786 Remote: Yes Date Published: 2000-10-12 Relevant URL: http://www.securityfocus.com/bid/1786 Summary: PHP is a scripting language designed for CGI applications that is used on many websites. There exists a remotely exploitable format string vulnerability in all versions of PHP below PHP 4.0.3. [ ... ] Shred File Wiper Insecure File Deletion Vulnerability BugTraq ID: 1788 Remote: No Date Published: 2000-10-06 Relevant URL: http://www.securityfocus.com/bid/1788 -- Pour poster une annonce: [EMAIL PROTECTED]
