| OSVDB ID | Disclosure Date | Title |
|---|
|
14153
Description:
Unknown / Incomplete
|
2003-12-31
|
BitlBee Nickname Checking Routine Overflow
|
|
17275
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the VCard4J Toolkit allows remote attackers to inject arbitrary web script or HTML via the NICKNAME tag in a vCard.
|
2003-12-31
|
VCard4J Toolkit NICKNAME XSS
|
|
47812
Description:
(Description Provided by CVE) : Opera, probably before 7.50, sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
|
2003-12-30
|
Opera Referer Header Information Disclosure
|
|
47811
Description:
(Description Provided by CVE) : Netscape 4 sends Referer headers containing https:// URLs in requests for http:// URLs, which allows remote attackers to obtain potentially sensitive information by reading Referer log data.
|
2003-12-30
|
Netscape Navigator Referer Header Information Disclosure
|
|
3304
Description:
miniBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the URL of a user's profile in the bb_edit_prf.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2003-12-30
|
miniBB bb_func_usernfo.php Website Name Field XSS
|
|
3303
Description:
PHPCatalog contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the "id" variable is not verified properly and will allow an attacker to inject or manipulate SQL queries.
|
2003-12-30
|
PHPCatalog id Parameter SQL Injection
|
|
3314
Description:
Mac OS X contains a flaw that may allow a local denial of service. The issue is triggered when unlocking a locked keychain and using a very long password. This will result in the SecurityServer crashing and starting a cascading effect of crashing other processes that rely on it.
|
2003-12-30
|
Apple Mac OS X SecurityServer Local DoS
|
|
6879
Description:
(Description Provided by CVE) : Multiple buffer overflows in xsok 1.02 allows local users to gain privileges via (1) a long LANG environment variable, or (2) a long -xsokdir command line argument, a different vulnerability than CVE-2003-0949.
|
2003-12-30
|
xsok LANG Environment Variable Overflow
|
|
3258
Description:
Xsok contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to an unspecified error.
|
2003-12-30
|
xsok gunzip Path Variable Privilege Escalation
|
|
3256
Description:
The NETObserve PC surveillance software uses a web service to provide remote access to the monitored PC. This web service requires a username and password to access, however this authentication can be bypassed by specifying the cookie value of 'login=0'. Once access has been obtained, all features of the NetObserve system are available, including the ability to upload files and execute commands.
|
2003-12-30
|
NETObserve User Authentication Bypass
|
|
3255
Description:
The MDaemon mail server contains a flaw in a CGI application called 'Form2Raw.exe'. This CGI is used to send raw email messages through the HTTP protocol. A stack overflow condition can be triggered in this application by sending a request which contains a From parameter of more than 153 bytes. This overflow can be exploited remote by an unauthenticated attacker to execute arbitrary code in the context of the MDaemon service (normally LocalSystem).
|
2003-12-30
|
MDaemon Form2Raw CGI From Parameter Overflow
|
|
3254
Description:
The PHP-Ping web application does not validate the 'count' parameter prior to including it in a call to the system() function. This allows an unauthenticated remote user to execute arbitrary commands on this system with the privileges of the web server process.
|
2003-12-30
|
PHP-Ping php-ping.php count Parameter Arbitrary Command Execution
|
|
11650
Description:
(Description Provided by CVE) : The AGate component for SAP Internet Transaction Server (ITS) allows remote attackers to obtain sensitive information via a ~command parameter with an AgateInstallCheck value, which provides a list of installed DLLs and full pathnames.
|
2003-12-30
|
SAP Internet Transaction Server AGate Component Information Disclosure
|
|
11735
Description:
(Description Provided by CVE) : Format string vulnerability in the WGate component for SAP Internet Transaction Server (ITS) allows remote attackers to execute arbitrary code via a high "trace level."
|
2003-12-30
|
SAP Internet Transaction Server WGate Component Format String
|
|
7366
Description:
thttpd contains a flaw that may allow a remote attacker to bypass access restrictions. By sending a specially crafted URL containing query strings, a remote attacker could bypass the non-local HTTP referer check, resulting in a loss of confidentiality. No further details have been provided.
|
2003-12-29
|
thttpd Query String URL Non-local Referer Check Bypass
|
|
50563
Description:
Unknown / Incomplete
|
2003-12-29
|
BulletScript MailList bsml.pl Information Disclosure
|
|
3302
Description:
phpBB contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the $sql_in variable is not verified properly in "groupcp.php" and will allow an attacker with moderator privilege to inject arbitrary SQL queries.
|
2003-12-29
|
phpBB groupcp.php sql_in Parameter SQL Injection
|
|
23391
Description:
Unknown / Incomplete
|
2003-12-29
|
LinPHA get_thumbs_on_fly.php filename Variable Traversal Arbitrary Image Access
|
|
3230
Description:
ViewCVS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate paths upon submission and are returned unfiltered. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2003-12-29
|
ViewCVS Error Page XSS
|
|
3227
Description:
CVS contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a user with write access to the repository sends a malformed directory name and makes special use of the "update-prog" and "checkin-prog" commands to execute arbitrary code on the server with the privileges of the running CVS server. If CVSROOT/passwd has been left as writeable this results in a root compromise. This flaw may lead to a loss of Confidentiality, Integrity and/or Availability.
|
2003-12-29
|
CVS Malformed Directory Request Double-free Privilege Escalation
|
|
3257
Description:
A remote overflow exists in Jordan Windows Telnet Server. The server fails to check login input resulting in a buffer overflow. With a specially crafted request, an attacker can cause the return value to be overwritten resulting in a loss of confidentiality, integrity, and/or availability.
|
2003-12-29
|
Jordan Windows Telnet Server Overflow
|
|
3226
Description:
Private Message System contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate variables upon submission to the "page" and "index.php" scripts. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2003-12-29
|
Private Message System XSS
|
|
7912
Description:
Microsoft Internet Explorer contains a flaw that may allow a remote attacker to execute arbitrary files. The issue is triggered due to the 'showHelp()' function. It is possible that the flaw may allow a malicious web page, which invokes the 'showHelp()' function to execute known compiled help files (.chm) within the Local Computer security zone, once the page is viewed resulting in a loss of integrity.
|
2003-12-29
|
Microsoft IE showHelp() Arbitrary File Execution
|
|
3225
Description:
Internet Explorer contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user follows a link on a secure page, which will disclose HTTP Referer information resulting in a loss of confidentiality.
|
2003-12-28
|
Microsoft IE for Mac Information Disclosure
|
|
3223
Description:
Unknown / Incomplete
|
2003-12-28
|
L-Soft LISTSERV WA CGI Script XSS
|
|
3231
Description:
IIS contains a flaw that may allow a malicious user to probe a server without being logged. The issue is triggered when the TRACK verb is used in a request, as TRACK requests are not logged. It is possible that the flaw may allow unauthorized probing to go undetected.
|
2003-12-28
|
Microsoft IIS Log Bypass
|
|
3220
Description:
OpenBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "FID" variable upon submission to the "board.php" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2003-12-28
|
OpenBB board.php FID Parameter XSS
|
|
19371
Description:
Unknown / Incomplete
|
2003-12-28
|
SAP gwrd RFC Parser Unspecified Arbitrary Command Execution
|
|
4864
Description:
Microsoft Internet Information Server (IIS) contains a flaw that may allow a remote attacker to obtain information without being logged. The issue is due to the IIS server not properly logging HTTP TRACK requests. If an attacker uses TRACK requests, they may be able to probe or attempt to exploit an IIS server undetected.
|
2003-12-28
|
Microsoft IIS TRACK Logging Failure
|
|
5648
Description:
The HTTP TRACK method returns the contents of client HTTP requests in the entity-body of the TRACK response. This behavior could be leveraged by attackers to access sensitive information, such as cookies or authentication data, contained in the HTTP headers of the request. Attackers may abuse HTTP TRACK functionality to gain access to information in HTTP headers that is not otherwise available via the DOM interface. Examples of such information are cookies and authentication data. In the presence of other cross-site domain vulnerabilities in web browsers, sensitive header information could be read from domains other than the target of the HTTP TRACK request.
|
2003-12-27
|
Multiple Web Server Dangerous HTTP Method TRACK
|
|
3222
Description:
LANDesk Software contains a flaw that may allow a malicious user to execute code on a vulnerable host. The issue is triggered when a web page containing a call to the vulnerable ActiveX control along with a malicious argument occurs. It is possible that the flaw may allow the attacker to execute arbitrary code on the vulnerable host with privileges of the browser user, resulting in a loss of confidentiality, integrity, and/or availability.
|
2003-12-27
|
LANDesk ircrboot.dll Overflow
|
|
7380
Description:
Unknown / Incomplete
|
2003-12-27
|
osCommerce checkout_confirmation.php Hidden Variable Manipulation
|
|
7615
Description:
PHPhoto contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to the 'picture_list.php' script, which will disclose hidden albums by unauthorized users resulting in a loss of confidentiality.
|
2003-12-26
|
PHPoto picture_list.php Hidden Album Disclosure
|
|
3224
Description:
A local overflow exists in Indent. The handle_token_colon() function fails to perform bounds checking, resulting in a heap overflow. With a specially crafted .c file, an attacker can cause a buffer overflow and execute arbitrary code in the context of the user, resulting in a loss of confidentiality, integrity, and/or availability.
|
2003-12-26
|
Indent File Parsing Overflow
|
|
3215
Description:
Apache mod_php contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker makes an SSL connection to the Apache server with permissions to execute file uploads, which will disclose file descriptor information resulting in possible hijacking of the HTTP service.
|
2003-12-26
|
mod_php for Apache HTTP Server File Descriptor Leakage
|
|
3306
Description:
(Description Provided by CVE) : connection.c in Cherokee web server before 0.4.6 allows remote attackers to cause a denial of service via an HTTP POST request without a Content-Length header field.
|
2003-12-26
|
Cherokee Web Server Malformed POST Request Remote DoS
|
|
6650
Description:
QuizShock contains a flaw that may allow an unauthenticated and unverified user access to the QuizShock system. The issue is due to the vBulletin user module allowing unverified users access to the system before administrative approval.
|
2003-12-26
|
QuizShock Unverified User Authentication Bypass
|
|
3200
Description:
ACK_hole contains a flaw that allows a remote attacker to execute arbitrary code on a vulnerable system. The flaw is due to improper initialization of a "len arg" in a read(2) function. This may allow a remote attacker to send a specially crafted packet that overflows the buffer and executes remote commands.
|
2003-12-25
|
ACK_hole Remote Overflow
|
|
3219
Description:
Pserv contains a flaw that allows a remote attacker to access arbitrary directories outside of the web path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the URI.
|
2003-12-24
|
Pico Server (pServ) Traversal Arbitrary Directory Access
|
|
3216
Description:
A remote overflow exists in Xlight FTP server. The Xlight FTP server fails to properly check boundries on FTP arguments resulting in a buffer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code or application failure resulting in a loss of confidentiality, integrity, and/or availability.
|
2003-12-24
|
Xlight FTP Server Overflow
|
