Apache Tomcat can be tricked to disclose files, directory listings and unprocessed JSP files. This issue affects Apache Tomcat version 3.3.1 and earlier. Tomcat users should upgrade to version 3.3.1a.
d53725d1e508b8d13aaa142c7e45373e1c4216348fe76af9dc8196021b9abf4b
NGSSoftware Security Advisory NISR29012003 - There is a remotely exploitable buffer overflow vulnerability in the Microsoft RPC (Remote Procedure Call) Locator Service. This vulnerability, which especially affects Windows Domain Controllers, has been fixed by Microsoft and patch information can be found in Microsoft security advisory MS03-001.
a2a3c79f201bcc9cccb987fb64883826f91e927d2436724e71aa37f834e00fdb
Carl Livitt security advisory CLIVITT-2003-2 - A format string vulnerability has been found in the plpnfsd daemon that comes with versions of the plptools package prior to 0.7. This issue can allow code execution with elevated privileges and has been fixed in newer versions of plptools. This advisory contains exploit code that may be used against affected SuSE Linux systems.
f829611591f0d2e1fe21f665a3734db57a1c622bdeb93d60a441b30612987c9e
The utility slocate has a local buffer overflow vulnerability when the -r and -c switches are used. Due to this utility being setgid slocate on many default installs, slight privilege escalation is possible.
7e71b25301d29a85ee989e3de872b234d94b33bc2d114ac572bfc141bb2eab8c
CVS v1.11.4 and below contains a double free bug which allows attackers with read access to execute code on the server by sending a malformed directory name. By default, CVS runs with root privileges. Patch available here.
cf1e29270d759e81797059b571c99eff0c58d3aa9fffcdeb234d72fc4c3a22a7
iDEFENSE Security Advisory 01.21.03: Buffer Overflows in Mandrake Linux printer-drivers Package. Three vulnerabilities exist, the worst of which allows local root compromise. Overflows in the mtink and escputil binaries, which are set group id sys, allow an attacker to gain sys group privileges. A race condition in the ml85p binary, which is set user id root, allows an attacker to create a file with super user privileges.
7176f37ea45e1920e9e214222d1b7446b1bb27eb36daf186f9b7edeb3b38a417
The WebIntelligence application v2.x is a web interface which uses HTTPS and cookies to keep track of user sessions. Guessing session cookies, remote attackers can hijack the sessions of other users and take any action the account owner can take.
b36e9e10f3c0edc71dc5a686d26c7cbafab869f763fb0db8bc410b5fc4dd0363
Tanne v0.6.17 contains a remote format string vulnerability in logger() which can lead to arbitrary code execution as root. for Linux/x86 which has been tested against Redhat 6.1, 7.0, and 8.0. Tanne is a secure http session management tool sometimes used in online banking.
424ca1d3a400348bfeb0aab16cccbba84c3baac6882c426080179f6f88b31fb4
Pine Digital Security Advisory PINE-CERT-20030101 - A local vulnerability has been found in the FreeBSD kernel which allows privilege escalation or denial of service by taking advantage of the socket file counter. FreeBSD 4.X after 20021111 has been fixed.
6edc8db6259fc7b17ccd231a3431182439832505cff547336d6c670774b7fad0
The Platinum FTP Server v1.06 contains remote directory traversal vulnerabilities that allow denial of service, list any directory on the server, and possibly arbitrary file deletion. Denial of service exploit in perl included. Fix available here.
a8bc055674587d2f973081399e32d98230ea6742287042f8447672f8eb93bdab