[CLOSE] OSVDB ID : 11173 - Disclosed: 2004-10-27

Description:

Shadow chfn/chsh contain flaws that may allow a malicious user to modify their own account information. The issue is due to a validation error in the passwd_check() function in 'libmisc/pwdcheck.c'. It is possible that the flaw may allow unauthorized modifications to certain account properties such as full name or login shell, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 88474 - Disclosed: 2004-10-27

Description:

Libxml2 contains multiple unspecified flaws in the xmlNanoFTPConnect() function in nanoftp.c. No further details have been provided.

[CLOSE] OSVDB ID : 88473 - Disclosed: 2004-10-27

Description:

Libxml2 contains multiple unspecified flaws in the xmlNanoHTTPConnectHost() function in nanohttp.c. No further details have been provided.

[CLOSE] OSVDB ID : 11172 - Disclosed: 2004-10-27

Description:

Tincan Limited phpList contains an unspecified flaw that may allow a remote attacker to obtain user details. No further information is available.

[CLOSE] OSVDB ID : 11191 - Disclosed: 2004-10-27

Description:

Master of Orion 3 contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious client sends a data block containing an overly large value in the size field, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 11192 - Disclosed: 2004-10-27

Description:

Master of Orion 3 contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious, remote client attempts to make multiple consecutive connections using overly long nicknames to a server, possibly causing the MoO3 server to crash, and resulting in a loss of availability for the service.

[CLOSE] OSVDB ID : 11194 - Disclosed: 2004-10-27

Description:

Remote Desktop contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered at launch of Remote Desktop when loginwindow is active via Fast User Switching. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 11335 - Disclosed: 2004-10-27

Description:

ArGoSoft FTP Server contains a flaw that may allow disclosure of sensitive information. The issue is due to the product confirming or denying the existence of a user account when processing the USER command before issuing the "331 Need Password" command. It is possible that the flaw may allow an attacker to determine the existence of a particular user account resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 19906 - Disclosed: 2004-10-27

Description:

A remote overflow exists in InnerMedia's DynaZip as used in multiple products. The 'DUNZIP32.DLL' library fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted '.zip' file containing a file with an overly long filename, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 11146 - Disclosed: 2004-10-26

Description:

Googe Desktop Search contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate variables upon submission to the script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. It is possible for a remote attacker to create a specially crafted URL, that when loaded by a target user that has Google Desktop Search installed, will execute scripting code which will be executed by the target user's browser. The code will originate from the Google site and will run in the security context of that site. The resulting impact is that the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

[CLOSE] OSVDB ID : 11138 - Disclosed: 2004-10-26

Description:

Internet Explorer contains a flaw that may allow a remote denial of service. The issue is triggered when a user accesses a specially crafted page with malformed HTML tags that causess a NULL pointer derefence in mshtml.dll, and will result in loss of availability for the browser.

[CLOSE] OSVDB ID : 11174 - Disclosed: 2004-10-26

Description:

A remote overflow exists in MailCarrier. The server fails to properly check bounds on HELO and EHLO commands, resulting in a buffer overflow. With a specially crafted request, an attacker can cause a denial of service or execute arbitrary code with the privileges of the running daemon.

[CLOSE] OSVDB ID : 11223 - Disclosed: 2004-10-26

Description:

ADSL Modem Router HAR11A and 4-port ADSL Modem Router HAR14A contain a flaw that may allow an attacker to obtain access to the router's administrative interface. The issue is triggered when the attacker uses telnet to connect to port 23, 254, or 255. The flaw allows unauthorized access to the router's management interface resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 11132 - Disclosed: 2004-10-26

Description:

Hummingbird Connectivity Inetd32 Administration Tool contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a user configure which services to run under Inetd, he can replace the normal daemon with a command of his choice which can run as the context of Local System. This flaw may lead to a loss of Integrity.

[CLOSE] OSVDB ID : 11133 - Disclosed: 2004-10-26

Description:

A remote overflow exists in Hummingbird Connectivity's FTP server. The product fails to properly validate data passed in via the XCWD command, resulting in a buffer overflow. By sending a pathname of 256-259 characters as the argument to the XCWD command, an attacker can cause the FTP service to crash, resulting in a loss of availability.

[CLOSE] OSVDB ID : 11128 - Disclosed: 2004-10-26

Description:

Mozilla Firefox contains a flaw that may allow a malicious user to crash it remotely. The issue is triggered when the browser attempts to parse a binary file over 5GB in size as HTML. It is possible that the flaw may cause the browser to crash, resulting in a loss of availability.

[CLOSE] OSVDB ID : 11171 - Disclosed: 2004-10-26

Description:

Mega Upload contains a flaw related to the way that the upload.cgi script qscript variable handles the list of uploaded files and may allow an attacker to perform an attack with an unknown impact. No further details have been provided.

[CLOSE] OSVDB ID : 44960 - Disclosed: 2004-10-26

Description:

(Description Provided by CVE) : A design error in the IEEE1394 specification allows attackers with physical access to a device to read and write to sensitive memory using a modified FireWire/IEEE 1394 client, thus bypassing intended restrictions that would normally require greater degrees of physical access to exploit. NOTE: this was reported in 2008 to affect Windows Vista, but some Linux-based operating systems have protection mechanisms against this attack.

[CLOSE] OSVDB ID : 11166 - Disclosed: 2004-10-26

Description:

A remote overflow exists in ImageMagick. The product fails to perform correct boundary checking in the EXIF parsing routine resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 11119 - Disclosed: 2004-10-26

Description:

Windows systems running Remote Desktop with the pGina replacement for msgina.dll contain a flaw that may allow a malicious user to shut down or reboot the system remotely. The issue due to the fact that the shutdown and restart options are available in the login screen unless explicitly disabled by the administrator. It is possible that the flaw may allow the vulnerable system to be shut down without authenticating, resulting in a loss of availability.

[CLOSE] OSVDB ID : 53009 - Disclosed: 2004-10-26

Description:

The PostNuke distribution archive contains a malicious trojan that may allow a malicious user to gain arbitrary control of a PostNuke installation. It is possible that the flaw may allow arbitrary access to systems running PostNuke resulting in a loss of integrity.

[CLOSE] OSVDB ID : 11179 - Disclosed: 2004-10-26

Description:

A remote overflow exists in Libxml2. libxml2's nanoftp.c xmlNanoFTPScanURL() function fails to perform boundary checking of user-supplied data that is copied into a finite stack buffer, which could potentially cause a stack-based overflow. Using a specially crafted URL, an attacker can cause a denial of service or execute arbitrary code resulting in a loss of integrity or availability.

[CLOSE] OSVDB ID : 11180 - Disclosed: 2004-10-26

Description:

Remote overflows exist in Libxml2. libxml's nanoftp.c xmlNanoFTPConnect() and nanohttp.c xmlNanoHTTPConnectHost() functions fail to properly perform boundary checking of DNS replies, an issue that could potentially cause stack-based overflows. Using specially-crafted DNS replies, an attacker that has hijacked or is controlling a DNS server can cause a denial of service or execute arbitrary code, resulting in a loss of availability or integrity.

[CLOSE] OSVDB ID : 11324 - Disclosed: 2004-10-26

Description:

A remote overflow exists in Libxml2. Libxml2's nanoftp.c xmlNanoFTPScanProxy() function fails to perform boundary checking of user-supplied data that is copied into a finite stack buffer, which could potentially cause a stack-based overflow. Using a specially crafted URL, an attacker can cause a denial of service or execute arbitrary code resulting in a loss of integrity or availability.

[CLOSE] OSVDB ID : 13735 - Disclosed: 2004-10-26

Description:

MIME-tools MIMEDefang contains a flaw that may allow a malicious user to bypass virus scans. The issue is triggered when an empty string is passed in as the boundary content type (boundary=""). It is possible that the flaw may allow an email to be delivered without first being scanned for viruses resulting in a loss of integrity.

[CLOSE] OSVDB ID : 20724 - Disclosed: 2004-10-26

Description:

(Description Provided by CVE) : The H.323 protocol agent in StoneSoft firewall engine 2.2.8 and earlier allows remote attackers to cause a denial of service (crash) via crafted H.323 packets.

[CLOSE] OSVDB ID : 11205 - Disclosed: 2004-10-25

Description:

A remote overflow exists in zgv. zgv fails to perform boundary checking of user-supplied data from BMP image headers in readbmp.c resulting in a heap overflow. With a specially crafted BMP file, an attacker can cause remote code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 11206 - Disclosed: 2004-10-25

Description:

A remote overflow exists in zgv. zgv fails to perform boundary checking of user-supplied data from GIF image headers in readgif.c resulting in a heap overflow. Using a specially crafted GIF file, an attacker can cause remote code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 11207 - Disclosed: 2004-10-25

Description:

A remote overflow exists in zgv. zgv fails to perform boundary checking of user-supplied data from MRF image headers in readmrf.c resulting in a heap overflow. Using a specially crafted MRF file, an attacker can cause remote code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 11208 - Disclosed: 2004-10-25

Description:

A remote overflow exists in zgv. zgv fails to perform boundary checking of user-supplied data from PCX image headers in readpcx.c, resulting in a heap overflow. With a specially crafted PCX file, an attacker can cause remote code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 11209 - Disclosed: 2004-10-25

Description:

A remote overflow exists in zgv. zgv fails to perform boundary checking of user-supplied data from PNG image headers in readpng.c, resulting in a heap overflow. Using a specially crafted PNG file, an attacker can cause remote code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 11210 - Disclosed: 2004-10-25

Description:

A remote overflow exists in zgv. zgv fails to perform boundary checking of user-supplied data from PNM image headers in readpnm.c, resulting in a heap overflow. With a specially crafted PNM file, an attacker can cause remote code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 11211 - Disclosed: 2004-10-25

Description:

A remote overflow exists in zgv. zgv fails to perform boundary checking of user-supplied data from PRF image headers in readprf.c, resulting in a heap overflow. Using a specially crafted PRF file, an attacker can cause remote code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 11212 - Disclosed: 2004-10-25

Description:

A remote overflow exists in zgv. zgv fails to perform boundary checking of user-supplied data from TIFF image headers in readtiff.c, resulting in a heap overflow. Using a specially crafted TIFF file, an attacker can cause remote code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 11213 - Disclosed: 2004-10-25

Description:

A remote overflow exists in zgv. zgv fails to perform boundary checking of user-supplied data from XPM image headers in readxpm.c, resulting in a heap overflow. With a specially crafted XPM file, an attacker can cause remote code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 11235 - Disclosed: 2004-10-25

Description:

A remote overflow exists in zgv. zgv fails to perform boundary checking of user-supplied data from PCD image headers in readpcd.c, resulting in a heap overflow. Using a specially crafted PCD file, an attacker could possibly cause remote code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 11396 - Disclosed: 2004-10-25

Description:

A remote overflow exists in xzgv. xzgv allows for a heap overflow due to its failure to perform boundary checking of user-supplied data from GIF image headers in readgif.c. Using a specially crafted GIF file, an attacker can remotely execute arbitrary code or cause a denial of service, resulting in a loss of integrity or availability.

[CLOSE] OSVDB ID : 11397 - Disclosed: 2004-10-25

Description:

A remote overflow exists in xzgv. xzgv allows for a heap overflow due to its failure to perform boundary checking of user-supplied data from MRF image headers in readmrf.c. Using a specially crafted MRF file, an attacker can remotely execute arbitrary code or cause a denial of service, resulting in a loss of integrity or availability.

[CLOSE] OSVDB ID : 11398 - Disclosed: 2004-10-25

Description:

A remote overflow exists in xzgv. xzgv allows for a heap overflow due to its failure to perform boundary checking of user-supplied data from JPEG image headers in readjpeg.c. Using a specially crafted JPEG file, an attacker can remotely execute arbitrary code or cause a denial of service, resulting in a loss of integrity or availability.

[CLOSE] OSVDB ID : 11399 - Disclosed: 2004-10-25

Description:

A remote overflow exists in xzgv. xzgv allows for a heap overflow due to its failure to perform boundary checking of user-supplied data from PRF image headers in readprf.c. Using a specially crafted PRF file, an attacker can remotely execute arbitrary code or cause a denial of service, resulting in a loss of integrity or availability.