| OSVDB ID | Disclosure Date | Title |
|---|
|
12186
Description:
Kreed contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when a specially crafted messages occurs or a user joins a server with a specially crafted nickname. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.
|
2004-12-02
|
Kreed Nickname Remote Format String
|
|
12187
Description:
Kreed contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker sends an UDP packet with 1401 and more bytes, which will cause a "message too long" socket error. This flaw may lead to a loss of availability of service.
|
2004-12-02
|
Kreed Large UDP Packet Remote DoS
|
|
12188
Description:
Kreed contains a flaw that may allow a remote denial of service. The issue is triggered when an overly long nickname or model type is used, and will result in loss of availability for the service.
|
2004-12-02
|
Kreed Multiple Parameter Dialog Box DoS
|
|
12179
Description:
Unknown / Incomplete
|
2004-12-02
|
Big Medium Web Directory Arbitrary File Upload
|
|
12177
Description:
Serendipity contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'searchTerm' variables in the 'search' module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2004-12-02
|
Serendipity compat.php searchTerm Parameter XSS
|
|
12174
Description:
PHProjekt contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered by an unspecified error in the setup.php script. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.
|
2004-12-02
|
PHProjekt setup.php Arbitrary Command Execution
|
|
12348
Description:
(Description Provided by CVE) : Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Server 2.2.9 and earlier leads to a buffer overflow, which may allow remote attackers to execute arbitrary code via the username.
|
2004-12-02
|
Cyrus IMAP Server mysasl_canon_user() Function Remote Overflow
|
|
12176
Description:
Apache included with Mac OS X Server contains a flaw that may allow a malicious user to authenticate to the web server by replaying a successful valid login. The issue is triggered when mod_digest_apple fails to validate security tokens for the session. It is possible that the flaw may allow unauthorized access resulting in a loss of confidentiality and/or integrity.
|
2004-12-02
|
mod_digest_apple for Apache HTTP Server on Mac OS X Authentication Replay
|
|
12192
Description:
Mac OS X contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when file access is performed in a case-insensitive manner, and the Apache configuration blocks access to .ht and .DS_Store files in a case-sensitive manner, which will disclose file contents information resulting in a loss of confidentiality.
|
2004-12-02
|
Apache HTTP Server on Mac OS X Unauthorized .ht and .DS_Store File Access
|
|
12193
Description:
Mac OS X contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an unspecified specially crafted request is sent to the Apache webserver, which will disclose file data or resource fork content information resulting in a loss of confidentiality.
|
2004-12-02
|
Apache HTTP Server on Mac OS X File Handler Bypass
|
|
12194
Description:
Mac OS X contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a secure text input field does not correctly enable secure input, which will disclose the information entered into that field to another application in the same window session, resulting in a loss of confidentiality.
|
2004-12-02
|
Apple Mac OS X Appkit Text Field Input Leakage
|
|
12198
Description:
Mac OS X contains a flaw that may allow a malicious user to access arbitrary mailboxes. The issue is triggered when a user authenticates to the Cyrus IMAP server via Kerberos, and then switches to any other mailbox on the server. It is possible that the flaw may allow unauthorized mailbox access resulting in a loss of confidentiality and/or integrity.
|
2004-12-02
|
Apple Mac OS X Server Cyrus IMAP Unauthorized Mailbox Access
|
|
12199
Description:
Mac OS X contains a flaw that may allow a malicious user to kill applications in kiosk mode. The issue is triggered when a key combination which brings up a force quit window is used in kiosk mode. It is possible that the flaw may allow unauthorization applicatio termination resulting in a loss of availability.
|
2004-12-02
|
Apple Mac OS X HIToolbox Kiosk Mode Allows User to Quit
|
|
12200
Description:
Mac OS X contains a flaw that may allow an unauthorized user to authenticate. The issue is triggered when the CRAM-MD5 credentials used by Postfix can in some situations be replayed during a short time period. It is possible that the flaw may allow unauthorized access resulting in a loss of confidentiality and/or integrity.
|
2004-12-02
|
Apple Mac OS X Postfix CRAM-MD5 Replay Credentials
|
|
12201
Description:
A local overflow exists in Mac OS X. The PSNormalizer component fails to validate user input resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
|
2004-12-02
|
Apple Mac OS X PSNormalizer Buffer Overflow
|
|
12202
Description:
Mac OS X Server contains a flaw that may allow a remote denial of service. The issue is triggered when handling DESCRIBE requests, and will result in loss of availability for the service.
|
2004-12-02
|
Apple Darwin Quicktime Streaming Server DESCRIBE Request DoS
|
|
12203
Description:
Mac OS X contains a flaw related to the Safari web browser that may allow an attacker to spoof the destination URI of a link. No further details have been provided.
|
2004-12-02
|
Apple Safari Status Bar Spoofing
|
|
12206
Description:
Mac OS X contains a flaw that may allow a malicious user to spoof dialog boxes from inactive browser windows. The issue is triggered a user is sent a malicious URL, which then launches a window which appears to be initiated by the web site in the active window. It is possible that the flaw may allow users to be tricked into revealing sensitive information resulting in a loss of confidentiality.
|
2004-12-02
|
Apple Safari Spoof Pop-Up Windows
|
|
12207
Description:
Mac OS X contains a flaw that may allow user to expect greater security than is actually in effect. The issue is triggered when the Terminal application indicates that "Secure Keyboard Entry" is active, when it is not. It is possible that the flaw may cause users to rely on a level of security that is not in effect, leading to a possible loss of confidentiality.
|
2004-12-02
|
Apple Mac OS X Terminal Inaccurate Secure Keyboard Entry Setting
|
|
12239
Description:
Blog Torrent contains a flaw that allows a remote attacker to access files outside of the web path. The issue is due to the btdownload.php script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the file variable.
|
2004-12-02
|
Blog Torrent btdownload.php file Variable Traversal Arbitrary File Retrieval
|
|
15414
Description:
The SuSE distributed Linux kernel contains a flaw that may allow a local denial of service. The issue is triggered when SCSI commands sent to CD devices that have been opened read-only are not properly validated, allowing for SCSI commands to be sent that overwrite the firmware of SCSI devices.
|
2004-12-01
|
SuSE Linux SCSI Device Firmware Modification
|
|
12120
Description:
SugarCRM contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input upon submission to multiple modules. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2004-12-01
|
SugarCRM Multiple Module XSS
|
|
12228
Description:
SugarCRM contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input when calling certain scripts directly. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2004-12-01
|
SugarCRM Direct Script Call XSS
|
|
12229
Description:
SugarCRM contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the 'record' parameter in multiple modules is not verified properly and will allow a remote attacker to inject or manipulate SQL queries.
|
2004-12-01
|
SugarCRM Multiple Module record Parameter SQL Injection
|
|
12230
Description:
SugarCRM contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to multiple modules not properly sanitizing user-supplied input. This may allow a remote attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.
|
2004-12-01
|
SugarCRM Multiple Module Traversal Arbitrary File Access
|
|
13269
Description:
SugarCRM contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input upon submission to multiple modules. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2004-12-01
|
SugarCRM Module Path Disclosure
|
|
12699
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, including 2.16.x before 2.16.11, allows remote attackers to inject arbitrary HTML and web script via forced error messages, as demonstrated using the action parameter.
|
2004-12-01
|
Bugzilla Internal Error Response XSS
|
|
12171
Description:
Unknown / Incomplete
|
2004-12-01
|
JChemPaint Unspecified Sandbox Issue
|
|
12175
Description:
The implementation of the /proc/curproc/cmdline pseudofile in the process file system (procfs) on FreeBSD contains a flaw that may allow a local denial of service and/or unauthorized information disclosure. The issue is triggered when a malicious user causes a pointer to be dereferenced directly while a process' argument vector is read from the process address space. This will result in loss of confidentiality and/or availability.
|
2004-12-01
|
FreeBSD procfs cmdline Process Argument Vector Local DoS
|
|
20288
Description:
The implementation of the /proc/self/cmdline pseudofile in the linux process file system (linprocfs) on FreeBSD contains a flaw that may allow a local denial of service and/or unauthorized information disclosure. The issue is triggered when a malicious user causes a pointer to be dereferenced directly while a process' argument vector is read from the process address space. This will result in loss of confidentiality and/or availability.
|
2004-12-01
|
FreeBSD linprocfs cmdline Process Argument Vector Local DoS
|
|
63259
Description:
Unknown / Incomplete
|
2004-12-01
|
Neverwinter Nights special Mode Fake Players Remote DoS
|
|
12245
Description:
Unknown / Incomplete
|
2004-11-30
|
EnergyMech ESAY Command Remote Overflow
|
|
12777
Description:
Unknown / Incomplete
|
2004-11-30
|
gnubiff Unterminated Line DoS
|
