[CLOSE] OSVDB ID : 2470 - Disclosed: 2003-08-25

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 2471 - Disclosed: 2003-08-25

Description:

akpop3d contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the username variable in the authentication module is not verified properly and will allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 2469 - Disclosed: 2003-08-25

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 17378 - Disclosed: 2003-08-25

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 2463 - Disclosed: 2003-08-25

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 2464 - Disclosed: 2003-08-25

Description:

GBrowse contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the gbrowse script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "help" variable.

[CLOSE] OSVDB ID : 2465 - Disclosed: 2003-08-25

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 8360 - Disclosed: 2003-08-25

Description:

SNMPc contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to encrypted passwords when a client attempts to authenticate with the server. The passwords are encrypted with a simple substitution cipher. The encrypted passwords are easily compromised, which may lead to a loss of integrity.

[CLOSE] OSVDB ID : 66672 - Disclosed: 2003-08-25

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 7691 - Disclosed: 2003-08-25

Description:

(Description Provided by CVE) : ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA signatures when digital certificates and RSA keys are used, which could allow local and remote attackers to gain privileges.

[CLOSE] OSVDB ID : 11667 - Disclosed: 2003-08-25

Description:

PHP contains an issue that may allow an attacker to gain elevated privileges. The issue is due to the base64_encode function not properly sanitizing user-supplied input. By passing crafted data to the function, an attacker can trigger an integer overflow and possibly execute arbitrary code.

[CLOSE] OSVDB ID : 11668 - Disclosed: 2003-08-25

Description:

PHP contains an issue that may allow an attacker to gain elevated privileges. The issue is due to unspecified functions in the GD library not properly sanitizing user-supplied input. By passing crafted data to the library, an attacker can trigger an integer overflow and possibly execute arbitrary code.

[CLOSE] OSVDB ID : 11670 - Disclosed: 2003-08-25

Description:

PHP contains a flaw that may allow an attacker to gain elevated privileges. The issue is due to the ibase_blob_get() function not properly sanitizing user-supplied input. By passing an overly long string to the function, an attacker can trigger a buffer overflow and execute arbitrary code.

[CLOSE] OSVDB ID : 11671 - Disclosed: 2003-08-25

Description:

PHP contains a flaw that may allow an attacker to gain elevated privileges. The issue is due to the zendlex functionality not properly sanitizing user-supplied input. By passing an overly long string, an attacker can trigger a buffer overflow and execute arbitrary code.

[CLOSE] OSVDB ID : 16043 - Disclosed: 2003-08-24

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 6416 - Disclosed: 2003-08-24

Description:

Blubster contains a flaw that may allow a remote denial of service. The issue is triggered when a packet flood is directed to UDP port 701, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 8070 - Disclosed: 2003-08-24

Description:

(Description Provided by CVE) : nphpd.php in newsPHP 216 and earlier allows remote attackers to bypass authentication via an HTTP request with a modified nphp_users array, which is used for authentication.

[CLOSE] OSVDB ID : 2965 - Disclosed: 2003-08-23

Description:

Microsoft Internet Explorer contains a flaw that may cause a script to be executed in the "My Computer" zone. If a web browser loads a page with malicious content that abuses the method IE uses to retrieve files from the cache, the content is loaded and run under higher priveleges. This method may also be used to run executable files already present on the system, or view file content.

[CLOSE] OSVDB ID : 3353 - Disclosed: 2003-08-23

Description:

Invision Power Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "adsess" variable upon submission to the admin.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 3362 - Disclosed: 2003-08-23

Description:

Invision Power Board allows a remote attacker to inject arbitrary HTML code which may allow altering page content, display and more. The issue is due to unchecked IBF formatting tags in user posted content. Such modified content would allow the attacker to execute the code on subsequent viewer's machines.

[CLOSE] OSVDB ID : 7633 - Disclosed: 2003-08-23

Description:

(Description Provided by CVE) : Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenServer 5.0.7, configures the Apache web server in a way that allows remote attackers to read arbitrary publicly readable files via a certain URL, possibly related to rewrite rules.

[CLOSE] OSVDB ID : 44697 - Disclosed: 2003-08-22

Description:

(Description Provided by CVE) : Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers to obtain the IP addresses of internal interfaces via certain SecuRemote requests to TCP ports 256 or 264, which leaks the IP addresses in a reply packet.

[CLOSE] OSVDB ID : 44698 - Disclosed: 2003-08-22

Description:

(Description Provided by CVE) : Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers to obtain the IP addresses of internal interfaces via certain SecuRemote requests to TCP ports 256 or 264, which leaks the IP addresses in a reply packet.

[CLOSE] OSVDB ID : 2461 - Disclosed: 2003-08-22

Description:

(Description Provided by CVE) : GDM before 2.4.1.6, when using the "examine session errors" feature, allows local users to read arbitrary files via a symlink attack on the ~/.xsession-errors file.

[CLOSE] OSVDB ID : 2146 - Disclosed: 2003-08-22

Description:

BitKeeper versions 3.0.1 and below contain a flaw that may allow a remote attacker to execute arbitrary code on the system. A remote attacker can supply specially-crafted files containing malicious code inside a patch. This then would be executed on the victim's system when the victim loads the patch and could lead to system compromise.

[CLOSE] OSVDB ID : 2462 - Disclosed: 2003-08-22

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 6313 - Disclosed: 2003-08-22

Description:

(Description Provided by CVE) : The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) via a short authorization key name.

[CLOSE] OSVDB ID : 6314 - Disclosed: 2003-08-22

Description:

(Description Provided by CVE) : The X Display Manager Control Protocol (XDMCP) support for GDM before 2.4.1.6 allows attackers to cause a denial of service (daemon crash) when a chosen host expires, a different issue than CVE-2003-0549.

[CLOSE] OSVDB ID : 2468 - Disclosed: 2003-08-22

Description:

KisMAC contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker changes the value of the $DRIVER_KEXT variable in the viha_driver.sh script allowing the creation of a setuid executable owned by the attacker's uid. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 11772 - Disclosed: 2003-08-22

Description:

(Description Provided by CVE) : Buffer overflow in the RTSP protocol parser for the View Source plug-in (vsrcplin.so or vsrcplin3260.dll) for RealNetworks Helix Universal Server 9 and RealSystem Server 8, 7 and RealServer G2 allows remote attackers to execute arbitrary code.

[CLOSE] OSVDB ID : 11792 - Disclosed: 2003-08-22

Description:

(Description Provided by CVE) : Buffer overflow in the whois client, which is not setuid but is sometimes called from within CGI programs, may allow remote attackers to execute arbitrary code via a long command line option.

[CLOSE] OSVDB ID : 11846 - Disclosed: 2003-08-22

Description:

KisMAC contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker changes the value of the $DRIVER_KEXT variable in the 'macjack_load.sh' script allowing the creation of a setuid executable owned by the attacker's uid. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 11847 - Disclosed: 2003-08-22

Description:

KisMAC contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker changes the value of the $DRIVER_KEXT variable in the 'airojack_load.sh' script allowing the creation of a setuid executable owned by the attacker's uid. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 11848 - Disclosed: 2003-08-22

Description:

KisMAC contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker changes the value of the $DRIVER_KEXT variable in the 'viha_driver.sh' script allowing arbitrary kernel modules to be loaded into memory. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 11849 - Disclosed: 2003-08-22

Description:

KisMAC contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker changes the value of the $DRIVER_KEXT variable in the 'macjack_load.sh' script allowing arbitrary kernel modules to be loaded into memory. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 11850 - Disclosed: 2003-08-22

Description:

KisMAC contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker changes the value of the $DRIVER_KEXT variable in the 'airojack_load.sh' script allowing arbitrary kernel modules to be loaded into memory. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 11851 - Disclosed: 2003-08-22

Description:

KisMAC contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker changes the value of the $DRIVER_KEXT variable in the 'exchangeKernel.sh' script allowing the kernel to be overwritten with an arbitrary kernel. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 11852 - Disclosed: 2003-08-22

Description:

KisMAC contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker changes the value of the $DRIVER_KEXT variable in the 'setuid_enable.sh' script allowing the creation of a setuid executable owned by the attacker's uid. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 11853 - Disclosed: 2003-08-22

Description:

KisMAC contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker changes the value of the $DRIVER_KEXT variable in the 'setuid_disable.sh' script allowing the creation of a setuid executable owned by the attacker's uid. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 11854 - Disclosed: 2003-08-22

Description:

KisMAC contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker changes the value of the $DRIVER_KEXT variable in the 'viha_prep.sh' script allowing an arbitrary binary to be executed as root. This flaw may lead to a loss of integrity.