| OSVDB ID | Disclosure Date | Title |
|---|
|
11855
Description:
KisMAC contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker changes the value of the $DRIVER_KEXT variable in the 'viha_unprep.sh' script allowing an arbitrary binary to be executed as root. This flaw may lead to a loss of integrity.
|
2003-08-22
|
KisMAC viha_unprep.sh Arbitrary Program Execution
|
|
34989
Description:
(Description Provided by CVE) : Buffer overflow in Avant Browser 8.02 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long URL in an HTTP request.
|
2003-08-21
|
Avant Browser HTTP URL Request Overflow
|
|
2459
Description:
Unknown / Incomplete
|
2003-08-21
|
paBox Administrator Cleartext Password Disclosure
|
|
2458
Description:
Unknown / Incomplete
|
2003-08-21
|
HAURI ViRobot Linux Server Multiple CGI Local Overflow
|
|
2457
Description:
(Description Provided by CVE) : The checklogin function in omail.pl for omail webmail 0.98.4 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) password, (2) domainname, or (3) username.
|
2003-08-21
|
oMail-webmail omail.pl checklogin Function Multiple Field Arbitrary Command Execution
|
|
2455
Description:
(Description Provided by CVE) : Multiple buffer overflows in main.c for Crafty 19.3 allow local users to gain group "games" privileges via long command line arguments to crafty.bin.
|
2003-08-21
|
Crafty CLI Arguments Overflow
|
|
7894
Description:
(Description Provided by CVE) : Buffer overflow in Internet Explorer 6 SP1 for certain languages that support double-byte encodings (e.g., Japanese) allows remote attackers to execute arbitrary code via the Type property of an Object tag, a variant of CVE-2003-0344.
|
2003-08-21
|
Microsoft IE Object Tag Type Property Double-byte Overflow
|
|
9208
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows remote attackers to execute arbitrary web script and steal cookies via a URL with encoded newlines followed by a request to a .jsp file whose name contains the script.
|
2003-08-21
|
Apache Tomcat .jsp Encoded Newline XSS
|
|
15217
Description:
(Description Provided by CVE) : Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to cause a denial of service (browser or Outlook Express crash) via HTML with certain input tags that are not properly rendered.
|
2003-08-20
|
Microsoft IE input Tag Rendering DoS
|
|
7444
Description:
Unknown / Incomplete
|
2003-08-20
|
TikiWiki Anonymous Calendar Entry Creation
|
|
2451
Description:
Unknown / Incomplete
|
2003-08-20
|
Microsoft IE Object Data Header Type Safe File Execution
|
|
2460
Description:
(Description Provided by CVE) : RealOne player allows remote attackers to execute arbitrary script in the "My Computer" zone via a SMIL presentation with a URL that references a scripting protocol, which is executed in the security context of the previously loaded URL, as demonstrated using a "javascript:" URL in the area tag.
|
2003-08-20
|
RealOne Player SMIL Arbitrary Script Execution
|
|
2450
Description:
Unknown / Incomplete
|
2003-08-20
|
Cerberus FTP Server Unspecified DoS
|
|
2448
Description:
Unknown / Incomplete
|
2003-08-20
|
Starfish Family Mail accounts.db Account Credential Cleartext Disclosure
|
|
2446
Description:
Unknown / Incomplete
|
2003-08-20
|
vHost POP3 Username Overflow DoS
|
|
2447
Description:
Unknown / Incomplete
|
2003-08-20
|
Allenchow POP3 Checker ENOTIFY.DBF Weak Password Encryption
|
|
2454
Description:
OpenBSD contains a flaw that may allow a local denial of service. The issue is triggered when a local user passes an overly long string to the semget() function, and will result in loss of availability for the platform.
|
2003-08-20
|
OpenBSD semget() Overflow DoS
|
|
2143
Description:
ECLiPt eroaster (a GUI for the cdrecord and mkisofs utilities), creates temporary files in an insecure manner which may allow malicious users to over-write arbitrary files with the privileges of the user running eroaster.
|
2003-08-20
|
ECLiPt eroaster Insecure Lockfile Creation
|
|
2453
Description:
(Description Provided by CVE) : Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to access and execute script in the My Computer domain using the browser cache via crafted Content-Type and Content-Disposition headers, aka the "Browser Cache Script Execution in My Computer Zone" vulnerability.
|
2003-08-20
|
Microsoft IE My Computer Zone Caching Issue
|
|
2964
Description:
Internet Explorer contains a flaw that fails to validate the nature of the file being loaded for the Object tag. This tag is used to embed all ActiveX into HTML pages, and therefore is susceptible to trojan style attacks via HTML in web pages or e-mail. When exploited, the trojan program will run silently and does not require user interaction.
|
2003-08-20
|
Multiple Browser Object HTA Execution
|
|
2966
Description:
Microsoft Internet Explorer contains a flaw that may allow an attacker to execute code on a vulnerable system. Due to a buffer overflow in the BR549.DLL ActiveX control, anyone browsing a maclicious HTML page with a vulnerable browser is subject to this flaw.
|
2003-08-20
|
Microsoft IE BR549.DLL Overflow
|
|
9364
Description:
(Description Provided by CVE) : The C-Media PCI sound driver in Linux before 2.4.21 does not use the get_user function to access userspace, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0700.
|
2003-08-20
|
LInux C-Media PCI Driver get_user userspace Privilege Escalation
|
|
9365
Description:
(Description Provided by CVE) : The C-Media PCI sound driver in Linux before 2.4.22 does not use the get_user function to access userspace in certain conditions, which crosses security boundaries and may facilitate the exploitation of vulnerabilities, a different vulnerability than CVE-2003-0699.
|
2003-08-20
|
LInux C-Media PCI Driver get_user userspace Privilege Escalation
|
|
10129
Description:
(Description Provided by CVE) : Buffer overflow in a component of SQL-DMO for Microsoft Data Access Components (MDAC) 2.5 through 2.7 allows remote attackers to execute arbitrary code via a long response to a broadcast request to UDP port 1434.
|
2003-08-20
|
Microsoft Data Access Components SQL-DMO Broadcast Request Overflow
|
|
11743
Description:
(Description Provided by CVE) : ipmasq before 3.5.12, in certain configurations, may forward packets to the external interface even if the packets are not associated with an established connection, which could allow remote attackers to bypass intended filtering.
|
2003-08-20
|
ipmasq External Interface Packet Forward Restriction Bypass
|
|
7443
Description:
Unknown / Incomplete
|
2003-08-19
|
TikiWiki RSS Feed Thread Content Disclosure
|
|
2144
Description:
MySQL3, MySQL4, and WinMySQLadmin for Win32 contain a flaw that allows malicious users to obtain usernames and passwords. This is possible due to MySQL's insecure storage of user information unencrypted on the filesystem. Local access to the system running the MySQL software is required.
|
2003-08-19
|
WinMySQLadmin my.ini Cleartext Password Disclosure
|
|
2145
Description:
phpBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate javascript upon submission during message posts. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2003-08-19
|
phpBB JavaScript Message Content XSS
|
|
16429
Description:
Unknown / Incomplete
|
2003-08-19
|
GNU as Command Line Overflow
|
|
2444
Description:
Unknown / Incomplete
|
2003-08-19
|
WebFtp accounts.dat Authentication Credential Cleartext Disclosure
|
|
2445
Description:
phpSecureSite contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that user input in to the application is not verified properly and will allow an attacker to inject or manipulate SQL queries.
|
2003-08-19
|
phpSecureSite SQL Injection
|
|
2442
Description:
Unknown / Incomplete
|
2003-08-19
|
MatrikzGB user.dat.php Authentication Credential Cleartext Disclosure
|
|
2441
Description:
Unknown / Incomplete
|
2003-08-19
|
msmtp Process Information Authentication Credential Cleartext Disclosure
|
|
7977
Description:
PunBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate IMG tag variables. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. No further details have been provided.
|
2003-08-19
|
PunBB IMG Tag Client Side Scripting XSS
|
|
15132
Description:
(Description Provided by CVE) : The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) 108801-02 for cachefs on Solaris 2.6 and 7 overwrite the inetd.conf file, which may silently reenable services and allow remote attackers to bypass the intended security policy.
|
2003-08-18
|
Solaris Multiple cachefs Patches inetd.conf Overwrite Restriction Failure
|
|
2449
Description:
A remote overflow exists in Oracle9i Database Server. The XML Database (XDB) HTTP service fails to perform proper bounds checking resulting in a stack-based buffer overflow. With a specially crafted request containing an overly long username or password, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.
|
2003-08-18
|
Oracle9i XDB HTTP Long Username/Password Overflow
|
|
22265
Description:
A remote overflow exists in Oracle9i Database Server. The XML Database (XDB) FTP service fails to perform proper bounds checking resulting in a stack-based buffer overflow. With a specially crafted request containing an overly long username or password, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.
|
2003-08-18
|
Oracle9i XDB FTP Long Username/Password Overflow
|
|
22266
Description:
A remote overflow exists in Oracle9i Database Server. The XML Database (XDB) FTP service fails to perform proper bounds checking resulting in a stack-based buffer overflow. With a specially crafted request containing an overly long string to the 'TEST' or 'UNLOCK' command, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.
|
2003-08-18
|
Oracle9i XDB FTP Multiple Command Overflow
|
|
2440
Description:
A remote overflow exists in the 'autorespond' utility included in the qmailadmin package. autorespond fails to perform boundary checks when copying environment variables set by the Mail Transfer Agent (MTA). With a specially crafted request, an attacker can cause a buffer overflow resulting in a loss of integrity and availability.
|
2003-08-18
|
qmailadmin autorespond Multiple Variable Remote Overflow
|
|
3676
Description:
AttilaPHP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "Rubrique" variable upon submission to the "index.php3" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2003-08-18
|
AttilaPHP index.php3 Rubrique Parameter XSS
|
