[CLOSE] OSVDB ID : 11796 - Disclosed: 2003-08-06

Description:

(Description Provided by CVE) : man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE directives from the ~/.manpath file, even when running setuid, which could allow local users to gain privileges.

[CLOSE] OSVDB ID : 60577 - Disclosed: 2003-08-06

Description:

man-db contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when the open_cat_stream() function is called, allowing a local attacker to gain root privileges.

[CLOSE] OSVDB ID : 59799 - Disclosed: 2003-08-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 59798 - Disclosed: 2003-08-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 59797 - Disclosed: 2003-08-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 2121 - Disclosed: 2003-08-05

Description:

Mollensoft FTP server contains a flaw that allows malicious users to obtain usernames and passwords. This is possible due to Mollensoft's insecure storage of user information unencrypted on the filesystem. Local access to the system running Mollensoft FTP server is required.

[CLOSE] OSVDB ID : 2371 - Disclosed: 2003-08-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 2372 - Disclosed: 2003-08-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 30241 - Disclosed: 2003-08-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 2369 - Disclosed: 2003-08-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 2367 - Disclosed: 2003-08-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 44162 - Disclosed: 2003-08-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 3184 - Disclosed: 2003-08-05

Description:

IISShield contains a flaw that may allow a remote attacker to bypass the default rules that prevent malicious attacks from reaching the IIS server. The flaw occurs when a specific byte check is sent to the server, IISShield recognizes it as a bad request but fails to drop the request.

[CLOSE] OSVDB ID : 6859 - Disclosed: 2003-08-05

Description:

phpGroupWare contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that variables in the 'infolog' module are not verified properly and will allow a remote attacker to inject or manipulate SQL queries. No further details have been provided.

[CLOSE] OSVDB ID : 9492 - Disclosed: 2003-08-05

Description:

(Description Provided by CVE) : IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, allows local users to overwrite arbitrary files and gain privileges via a symlink attack on (1) db2job and (2) db2job2.

[CLOSE] OSVDB ID : 9493 - Disclosed: 2003-08-05

Description:

(Description Provided by CVE) : IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, allows local users to overwrite arbitrary files and gain privileges via a symlink attack on (1) db2job and (2) db2job2.

[CLOSE] OSVDB ID : 3855 - Disclosed: 2003-08-04

Description:

e107 contains a flaw that allows a remote attacker to access and use the resetcore.php script. This allows someone to change the theme of the CMS and alter the appearance of the site.

[CLOSE] OSVDB ID : 2362 - Disclosed: 2003-08-04

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 2363 - Disclosed: 2003-08-04

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 2375 - Disclosed: 2003-08-04

Description:

ZoneAlarm contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when two specially crafted requests are created using the DeviceIoControl function from the vsdatant.sys driver. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 2360 - Disclosed: 2003-08-04

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 2361 - Disclosed: 2003-08-04

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 2370 - Disclosed: 2003-08-04

Description:

(Description Provided by CVE) : Buffer overflow in xtokkaetama allows local users to gain privileges via a long -nickname command line argument, a different vulnerability than CVE-2003-0611.

[CLOSE] OSVDB ID : 12884 - Disclosed: 2003-08-04

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 2376 - Disclosed: 2003-08-04

Description:

NetBSD contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious user sends a carefully prepared OSI networking packet to a victim system that is using the OSI networking kernel (sys/netiso), and will result in loss of availability for the platform.

[CLOSE] OSVDB ID : 3068 - Disclosed: 2003-08-04

Description:

Microsoft Internet Explorer contains a flaw that allows remote attackers to launch external programs such as "Notepad" as a form of denial of service. The flaw is due to the behavior of IE to automatically open certain MIME types and protocols. This allows an attacker to load specific files in notepad, regardless of content or size. By creating a page that loads hundreds of instances of a 20 meg file, an attacker could effectively crash the machine.

[CLOSE] OSVDB ID : 2377 - Disclosed: 2003-08-03

Description:

Compaq Insight Manager HTTP Server contains a flaw that may allow a malicious user to compromise the Insight Manager system. The issue is triggered when a long URL with malicious data is sent to the server. It is possible that the flaw may allow the execution of arbitrary code with LocalSystem privileges resulting in a loss of control.

[CLOSE] OSVDB ID : 6551 - Disclosed: 2003-08-03

Description:

Postfix contains a design flaw which may allow an attacker to use the mail server in SMTP 'bounce' scanning or even DDoS attacks. A specially crafted recipient field can cause the mail server to connect and communicate with an arbitrary host/port.

[CLOSE] OSVDB ID : 10544 - Disclosed: 2003-08-03

Description:

(Description Provided by CVE) : The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up.

[CLOSE] OSVDB ID : 10545 - Disclosed: 2003-08-03

Description:

(Description Provided by CVE) : The address parser code in Postfix 1.1.12 and earlier allows remote attackers to cause a denial of service (lock) via (1) a malformed envelope address to a local host that would generate a bounce and contains the ".!" string in the MAIL FROM or Errors-To headers, which causes nqmgr to lock up, or (2) via a valid MAIL FROM with a RCPT TO containing a ".!" string, which causes an instance of the SMTP listener to lock up.

[CLOSE] OSVDB ID : 15209 - Disclosed: 2003-08-02

Description:

Cisco LEAP contains a flaw that may allow a malicious user to recover user accounts and passwords. Cisco LEAP is a modified implementation of MS-CHAPv2, which is vulnerable to dictionary attacks. It is possible that the flaw may allow offline brute force recovery of usernames and passwords resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 2364 - Disclosed: 2003-08-02

Description:

The netfilter module of the Linux kernel contains a flaw that may allow a remote denial of service. The issue is triggered when Network Address Translation (NAT) is enabled, and either the ip_nat_ftp or ip_nat_irc modules have been loaded or CONFIG_IP_NF_NAT_FTP or CONFIG_IP_NF_NAT_IRC are enabled. This will result in loss of availability for the platform.

[CLOSE] OSVDB ID : 6061 - Disclosed: 2003-08-02

Description:

The netfilter (iptables) module of the Linux kernel contains a flaw that may allow a remote denial of service. The issue is triggered only when the connection tracking module ip_conntrack is loaded. When a large number of packets are sent to a machine so configured, one-way traffic packets are marked incorrectly as UNCONFIRMED statein the linked list, and assigned a very high timeout. This eventually consumes large amounts of system memory, and will result in loss of availability for the platform.

[CLOSE] OSVDB ID : 2356 - Disclosed: 2003-08-02

Description:

(Description Provided by CVE) : mindi 0.58 and earlier does not properly create temporary files, which allows local users to overwrite arbitrary files.

[CLOSE] OSVDB ID : 2359 - Disclosed: 2003-08-01

Description:

cdrecord in cdrtools contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The problem is that the rscsi helper binary is installed setuid root. By specifying the target file as a command line argument, a malicious user could overwrite arbitrary files to gain root privileges resulting in a loss of integrity.

[CLOSE] OSVDB ID : 2354 - Disclosed: 2003-08-01

Description:

(Description Provided by CVE) : Multiple buffer overflows in the atari800.svgalib setuid program of the Atari 800 emulator (atari800) before 1.2.2 allow local users to gain privileges via long command line arguments, as demonstrated with the -osa_rom argument.

[CLOSE] OSVDB ID : 2349 - Disclosed: 2003-08-01

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 3518 - Disclosed: 2003-08-01

Description:

Posadis DNS server contains a flaw that allows a local attacker to create a denial of service. The issue is due to two unspecified memory leaks which can be exploited by local users to consume system resources, thereby crashing the service or rendering it useless.

[CLOSE] OSVDB ID : 3519 - Disclosed: 2003-08-01

Description:

Posadis DNS server contains a flaw that allows a remote attacker to crash the service. The issue is due to the server not handling SIGFPE signals correctly which causes the service not to close TCP connections. An attacker can send excessive crafted packets that take advantage of this, denying service to the remote machine.

[CLOSE] OSVDB ID : 3520 - Disclosed: 2003-08-01

Description:

Posadis DNS server contains a flaw that allows a remote attacker to crash the service. The issue is due to the secondary zone configuration. No further details have been provided.