MidnightBSD

Advisories for national_science_foundation

CVE-1999-1273 HIGH

Squid Internet Object Cache 1.1.20 allows users to bypass access control lists (ACLs) by encoding the URL with hexadecimal escape sequences.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
national_science_foundation squid_web_proxy 1.1.20
CVE-1999-1481 MEDIUM

Squid 2.2.STABLE5 and below, when using external authentication, allows attackers to bypass access controls via a newline in the user/password pair.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
national_science_foundation squid_web_proxy 1.1
national_science_foundation squid_web_proxy 1.0novm
national_science_foundation squid_web_proxy 1.0
national_science_foundation squid_web_proxy 2.1
national_science_foundation squid_web_proxy 2.2
CVE-2001-0142 LOW

squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.

CVSS 2.0

Severity: LOW

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
immunix immunix 7.0_beta
redhat linux 7.0
mandrakesoft mandrake_linux 7.0
national_science_foundation squid_web_proxy 2.3_stable4
mandrakesoft mandrake_linux 6.0
mandrakesoft mandrake_linux 7.2
mandrakesoft mandrake_linux 7.1
trustix secure_linux 1.1
mandrakesoft mandrake_linux 6.1
trustix secure_linux 1.2
CVE-2004-0541 HIGH

Buffer overflow in the ntlm_check_auth (NTLM authentication) function for Squid Web Proxy Cache 2.5.x and 3.x, when compiled with NTLM handlers enabled, allows remote attackers to execute arbitrary code via a long password ("pass" variable).

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
national_science_foundation squid_web_proxy_cache 3_pre
national_science_foundation squid_web_proxy_cache 2.5_stable
CVE-2004-2479 MEDIUM

Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensitive information via URLs containing invalid hostnames that cause DNS operations to fail, which results in references to previously used error messages.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
national_science_foundation squid_web_proxy_cache 2.5_stable2
national_science_foundation squid_web_proxy_cache 2.5_stable5
national_science_foundation squid_web_proxy_cache 2.5_stable1
national_science_foundation squid_web_proxy_cache 2.5_stable3
national_science_foundation squid_web_proxy_cache 2.5_stable4
national_science_foundation squid_web_proxy_cache 2.5_stable6
national_science_foundation squid_web_proxy_cache 2.5_stable7
CVE-2004-2480 MEDIUM

Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass security controls and access arbitrary websites via "@@" sequences in a URL within Internet Explorer.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
national_science_foundation squid_web_proxy_cache 2.3_stable5