Caldera CSSA-2002-SCO.28 - Several local & remote bugs were discovered in the rpc.ttdbserverd program that allow an attacker to overwrite memory in the program as well as force the program to create and delete arbitrary files on the system.
Conectiva CLA-2002:507 - A remote attacker who is able to send malicious DNS responses to vulnerable machines could potentially execute arbitrary code with the privileges of the application making use of the vulnerable resolver library.
HEWLETT-PACKARD #0197 - Apache Rev 3 - a remotely exploitable vulnerability in handling of large data chunks in Apache-based web servers on HP9000 Servers running HP-UX release 11.00, 11.04, and 11.11.
Lil'HTTP Server pbcgi.cgi - is vulnerable to cross-site scripting attacks
Microsoft SQL Server 7/2000 - setup.iss is not properly removed after installation or applying service packs and the file contains account user names and password
Microsoft SQL Server 2000 - BULK INSERT query contains a remotely exploitable buffer overrun vulnerability that can be exploited by an attacker to run arbitrary code
Popcorn <-1.20 - multiple remote exploits exist
SunPS iRunbook 2.5.2 - directory traversal vulnerability allows any file or folder on the server to be read.
July 9 2002
BadBlue <1.7.3 - cross site scripting
BadBlue <1.7.3 - Denial of service
Bea Weblogic Performance Pack - a denial of service condition exists when the performance pack is installed where the Bea Weblogic Server can be crashed by a malicious user.
HEWLETT-PACKARD #019 - A remotely exploitable vulnerability in handling of large data chunks in Apache-based web servers on HP9000 Servers running HP-UX release 11.00, 11.04, and 11.11.
Lil'HTTP Server Urlcount.cgi - input sanitation of the CGI's saved data could allow an attacker who could access the CGI to submit a maliciously designed request to the CGI, and then send a targeted visitor to view the counter report.
Conectiva CLA-2002:506 - An attacker can exploit some of these vulnerabilities to execute arbitrary code remotely as the user running squid (which in Conectiva Linux is "proxy" or "nobody"), cause a Denial-of-Service (DoS) in the server or inject/get invalid data in/from the network.
Winamp 2.80a - is remotely exploitable and can execute arbitrary code on the victim machine - Proof Of Concept (POC) included
XiRCON v.10B4 - sending a large message will crash the irc client, creating a denial of service.
July 2 2002
Debian DSA-135-1 - specially crafted .htaccess files allow arbitrary code execution as the web server user, DoS attacks, and allowing someone to take control of apache child processes.
Engarde ESA-20020702-016 - remote openssh vulnerabilities
EnGarde ESA-20020702-017 - off-by-one in mod_ssl's configuration directive handling may allow an attacker to create a denial of service or execute arbitrary commands.
Cisco Secure ACS - Unix Acme.server Information disclosure
CommuniGatePro <= 4.0b4 - allows directory listing
Conectiva CLA-2002-504 - An off-by-one buffer overflow vulnerability exists in the code which handles entries in .htaccess files in mod_ssl <= 2.8.9 allowing an attacker to cause a denial of service or even execute arbitrary commands.
Inktomi Traffic Server - a long command line argument creates a buffer overflow that can be exploited locally to gain root access.
Mandrake MDKSA-2002:040-1 - An input validation error exists in the OpenSSH server between versions 2.3.1 and 3.3 that can result in an integer overflow and privilege escalation. This error is found in the PAMAuthenticationViaKbdInt code in versions 2.3.1 to 3.3, and the ChallengeResponseAuthentication code in versions 2.9.9 to 3.3
Noguska Nola 1.1.1 - It's possible to upload php code with certain file extensions such as: .php4, .phtml, .html etc.. using all upload fields in the application.
PHPAuction - allows anyone to create admin account
SuSE-SA:2002:024 - openssh updates
VeriSign Japanese - allows a malicious site owner to create an authenticity seal (false one) for his site without it being actually issued by VeriSign.
July 1 2002
Caldera CSSA-2002-SCO.31 - UnixWare 7.1.1 Open UNIX 8.0.0 Apache web server chunk handling / mod_ssl off-by-one error
Caldera CSSA-2002-SCO.32 - OpenServer 5.0.5 OpenServer 5.0.6 Apache web server chunk handling / mod_ssl off-by-one error
Blackboard 5 - Blackboard 5 contains multiple input validation errors, exploitable with Cross-site scripting
efstool - a buffer overflow in efstool can allow an attacker to execute arbitrary commands and possibly take control of the system
FS-070102-23-AXPR - buffer overflow exists in AnalogX's Proxy software that allows remote execution of arbitrary code with the privileges of the Proxy daemon.
HEWLETT-PACKARD #00196 - Internal data can be modified causing rpcd or dced to crash causing a denial of service on HP 9000 Series 700/800 running HP-UX 11.11 only with PHSS_25710 or PHSS_26394 and PHSS_26396.
HEWLETT-PACKARD #0197 - Apache Rev 3 - a remotely exploitable vulnerability in handling of large data chunks in Apache-based web servers on HP9000 Servers running HP-UX release 11.00, 11.04, and 11.11.
ircii-pana-1.0c19.tar.gz - a trojaned version has been found for download at ftp.bitchx.com
KPMG-2002026-Jrun - It is possible for a malicious user to trick the Jrun webserver into disclosing sourcecode
KPMG-2002027-Watchguard - A malicious user, with access to the internal network interface card would not have to know the username to log on to the FTP service, and could attempt to bruteforce the password and thus gain access to configuring the firewall.
KPMG-2002028-Sitespring - A malicious user with access to the Sitespring database engine port can crash both the runtime database engine and the Sitespring web service.
OmniHTTPd v2.09 - a problem with handling long HTTP versions which causes a denial of service.
OpenBSD - OpenSSH revision 4
ptl-2002-03 Betsie<=1.5.11 - A Cross-site Scripting vulnerability exists in the application
Remote OpenSSH exploit for 2.9.9-3.3 - signature