[CLOSE] OSVDB ID : 12167 - Disclosed: 2004-11-30

Description:

A local overflow exists in FreeImage. The FreeImage library fails to check the length of an Interleaved Bitmap field resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 12283 - Disclosed: 2004-11-30

Description:

A local overflow exists in the linux kernel. The issue is due to function "sys32_ni_syscall()" copying a 16 chars variable "task_struct.comm" to a static 8 byte buffer, resulting in a buffer overflow. With a specially crafted request, an attacker can cause a denial of service or execute arbitrary code on the system, resulting in a loss of availability or integrity.

[CLOSE] OSVDB ID : 14675 - Disclosed: 2004-11-30

Description:

Scalable OGo (SOGo) contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to insecure permissions, which will disclose sensitive information resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 12168 - Disclosed: 2004-11-30

Description:

Sun Solaris ping(1M) utility contains a flaw that may allow a malicious local user to gain access to unauthorized privileges. The issue is triggered when an unspecified buffer overflow condition occurs and may lead to a loss of integrity.

[CLOSE] OSVDB ID : 12172 - Disclosed: 2004-11-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 12173 - Disclosed: 2004-11-30

Description:

JanaServer2 contains a flaw that may allow a remote denial of service. The issue is due to an error in "pna-proxy" module when handling real player requests. By specifing a data block size bigger than the data really sent in a real player request, a remote attack can cause a endless loop and crash the server, resulting in a loss of availability.

[CLOSE] OSVDB ID : 12241 - Disclosed: 2004-11-29

Description:

(Description Provided by CVE) : Buffer overflow in CuteFTP Professional 6.0, and possibly other versions, allows remote FTP servers to cause a denial of service (application crash) via large replies to FTP commands.

[CLOSE] OSVDB ID : 15339 - Disclosed: 2004-11-29

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 12248 - Disclosed: 2004-11-29

Description:

(Description Provided by CVE) : KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.

[CLOSE] OSVDB ID : 12158 - Disclosed: 2004-11-29

Description:

Alt-N MDaemon contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a new file is created, which opens a notepad window. Then, using the new notepad window, cmd.exe is opened from the Windows Directory, which will open a command shell with System privileges. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 12165 - Disclosed: 2004-11-29

Description:

A local overflow exists in ncpfs ncplogin. ncpfs ncplogin fails to perform proper bounds checking within the NWDSCreateContextHandleMnt function resulting in a buffer overflow. With a specially crafted request, an attacker can cause an access violation resulting in a loss of availability.

[CLOSE] OSVDB ID : 12166 - Disclosed: 2004-11-29

Description:

A local overflow exists in ncpfs ncpmap. Ncpfs ncpmap fails to perform proper bounds checking within the NWDSCreateContextHandleMnt function resulting in a buffer overflow. With a specially crafted request, an attacker can cause an access violation resulting in a loss of availability.

[CLOSE] OSVDB ID : 12153 - Disclosed: 2004-11-29

Description:

Groupmax contains a flaw that allows a remote attacker logged in to GmaxWWW to retrieve any HTML files on the web server. The issue is due to the GmaxWWW not properly sanitizing user input allowing directory traversal, resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 12154 - Disclosed: 2004-11-29

Description:

Groupmax contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate variables upon submission to the GmaxWWW script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 12508 - Disclosed: 2004-11-29

Description:

A buffer overflow exists in Mercury Mail. The IMAP server fails to validate input passed to the EXAMINE, SUBSCRIBE, STATUS, APPEND, CHECK, CLOSE, EXPUNGE, FETCH, RENAME, DELETE, LIST, SEARCH, CREATE, and UNSUBSCRIBE commands resulting in a stack overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 12164 - Disclosed: 2004-11-29

Description:

A remote overflow exists in Orbz. The Orbz server fails to check the length of a password field used for authentication, resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 12509 - Disclosed: 2004-11-29

Description:

A buffer overflow exists in WSFTP. The SITE, XMKD, MKD, and RNFR commands fail to validate user-supplied arguments resulting in a stack overflow. With a specially crafted command, an authenticated user can cause arbitrary code execution in the context of the FTP server resulting in a loss of integrity.

[CLOSE] OSVDB ID : 12169 - Disclosed: 2004-11-29

Description:

VMware Workstation contains a flaw that may allow a malicious user to do privilege escalation. The issue is triggered when VMware is installed with suid and format specifier characters are passed using the command line. It is possible that the flaw may facilitate privilege escalation resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 17994 - Disclosed: 2004-11-29

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 21158 - Disclosed: 2004-11-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 13236 - Disclosed: 2004-11-28

Description:

Symantec AntiVirus contains a flaw that may cause a user to lose emails . The issue is triggered when the software detects a virus that it cannot clean but quarantines. The flaw will cause the entire inbox file to be quarantined resulting in a loss of availability.

[CLOSE] OSVDB ID : 12184 - Disclosed: 2004-11-28

Description:

PHP contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes certain HTTP requests with crafted arguments, which will disclose PHP version and another sensitive information resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 16581 - Disclosed: 2004-11-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 63258 - Disclosed: 2004-11-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 16472 - Disclosed: 2004-11-27

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 12143 - Disclosed: 2004-11-27

Description:

SecretSanta contains a coding flaw that may lead to an unauthorized information disclosure. During the "Signup" process, the application fails to perform adequate input validation on the "Account Name", "Full Name", and "Group Name" form fields which would allow a remote malicious user to enumerate the full path to the web root directory and other potentially sensitive application information, resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 12140 - Disclosed: 2004-11-27

Description:

A local overflow exists in Atari800 in the "Atari800_Initialise" function, resulting in a buffer overflow. With a specially crafted request, an attacker can get root privileges and execute arbitrary code, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 12840 - Disclosed: 2004-11-27

Description:

Microsoft Windows contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is triggered due to the 'Related Topics' command in the Help ActiveX control ('hhctrl.ocx'). It is possible that the flaw may allow a remote attacker to create a specially crafted URL to open a help popup window and inject scripting code into that window, which could allow arbitrary command execution in the 'Local Machine' zone resulting in a loss of integrity.

[CLOSE] OSVDB ID : 12162 - Disclosed: 2004-11-26

Description:

The Attach module for phpBB version 2.0.10 and below does not properly filter the string in the UPLOAD_DIR field. Attackers may specify a string containing "../" to traverse directories allowing file upload access from anywhere on the underlying operating system.

[CLOSE] OSVDB ID : 12255 - Disclosed: 2004-11-26

Description:

(Description Provided by CVE) : Stack-based buffer overflow in the ELF header parsing code in file before 4.12 allows attackers to execute arbitrary code via a crafted ELF file.

[CLOSE] OSVDB ID : 12134 - Disclosed: 2004-11-26

Description:

phpCMS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the file variable upon submission to the parser.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 13259 - Disclosed: 2004-11-26

Description:

(Description Provided by CVE) : parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug modes enabled, allows remote attackers to gain sensitive information via an invalid file parameter, which reveals the web server's installation path.

[CLOSE] OSVDB ID : 12144 - Disclosed: 2004-11-26

Description:

BNC contains a flaw that may allow a malicious user to authenticate with incorrect password credentials. It is possible that the flaw may allow arbitrary use of the IRC proxy resulting in a loss of integrity.

[CLOSE] OSVDB ID : 12163 - Disclosed: 2004-11-26

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 12610 - Disclosed: 2004-11-26

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 12170 - Disclosed: 2004-11-26

Description:

FluxBox contains a flaw that may allow a local denial of service. The issue is triggered by issuing a long '-title' parameter when executing XMAN, and will result in loss of availability of the product.

[CLOSE] OSVDB ID : 12160 - Disclosed: 2004-11-26

Description:

(Description Provided by CVE) : codebrowserpntm.php in PnTresMailer 6.03 allows remote attackers to gain sensitive information via an invalid filetohighlight parameter, which reveals the full path in an error message.

[CLOSE] OSVDB ID : 12161 - Disclosed: 2004-11-26

Description:

(Description Provided by CVE) : Directory traversal vulnerability in codebrowserpntm.php in pnTresMailer 6.0.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the filetodownload parameter.

[CLOSE] OSVDB ID : 12152 - Disclosed: 2004-11-26

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 12178 - Disclosed: 2004-11-25

Description:

Apache Jakarta contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate user-supplied input upon submission to the results.jsp script. This may allow a user to create a specially crafted request that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.