| OSVDB ID | Disclosure Date | Title |
|---|
|
12375
Description:
A remote overflow exists in the Microsoft Word for Windows font Converter within the Microsoft Windows operating systems. The program fails to perform proper bounds checking in ConvertForeignToRtf() resulting in a buffer overflow. With a specially crafted request, an attacker may be able to execute aribtrary code remotely, resulting in a loss of integrity.
|
2004-12-14
|
Microsoft Word / Wordpad Font Converter Remote Overflow
|
|
12376
Description:
The Microsoft Windows operating system contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to an error in the validation of identity tokens within the Local Security Authority Subsystem Service (LSASS.) This flaw may lead to a loss of confidentiality.
|
2004-12-14
|
Microsoft Windows LSASS Identity Token Validation Local Privilege Escalation
|
|
12378
Description:
Microsoft Windows Server contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is due to an error in 'WINS.EXE' when handling replication packets. By sending a specially crafted WINS replication packet containing a modified memory pointer, a remote attacker could execute arbitrary code resulting in a loss of integrity.
|
2004-12-14
|
Microsoft Windows WINS Association Context Validation Remote Code Execution
|
|
12492
Description:
(Description Provided by CVE) : Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and B.11.11 allows local users to gain elevated privileges.
|
2004-12-14
|
HP-UX newgrp Unspecified Local Privilege Escalation
|
|
12369
Description:
(Description Provided by CVE) : Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and MailServer before 6.0.5 use symmetric encryption for user passwords, which allows attackers to decrypt the user database and obtain the passwords by extracting the secret key from within the software.
|
2004-12-14
|
Kerio MailServer / ServerFirewall Configuration File Hidden Key Password Disclosure
|
|
12389
Description:
(Description Provided by CVE) : PHP remote file inclusion vulnerability in index.php in GNUBoard 3.39 and earlier allows remote attackers to execute arbitrary PHP code by modifying the doc parameter to reference a URL on a remote web server that contains the code.
|
2004-12-14
|
GNUBoard index.php doc Parameter Arbitrary Command Execution
|
|
12386
Description:
(Description Provided by CVE) : Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial of service or execute arbitrary code via (1) the ip_mc_source function, which decrements a counter to -1, or (2) the igmp_marksources function, which does not properly validate IGMP message parameters and performs an out-of-bounds read.
|
2004-12-14
|
Linux Kernel IGMP ip_mc_source() Function Arbitrary Memory Overwrite
|
|
12387
Description:
(Description Provided by CVE) : Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial of service or execute arbitrary code via (1) the ip_mc_source function, which decrements a counter to -1, or (2) the igmp_marksources function, which does not properly validate IGMP message parameters and performs an out-of-bounds read.
|
2004-12-14
|
Linux Kernel IGMP ip_mc_msfget / ip_mc_gsfget Function Arbitrary Memory Read
|
|
12388
Description:
(Description Provided by CVE) : Multiple vulnerabilities in the IGMP functionality for Linux kernel 2.4.22 to 2.4.28, and 2.6.x to 2.6.9, allow local and remote attackers to cause a denial of service or execute arbitrary code via (1) the ip_mc_source function, which decrements a counter to -1, or (2) the igmp_marksources function, which does not properly validate IGMP message parameters and performs an out-of-bounds read.
|
2004-12-14
|
Linux Kernel IGMP igmp_marksources() Function Remote DoS
|
|
13153
Description:
(Description Provided by CVE) : Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and MailServer before 6.0.5, when installed on Windows based systems, do not modify the ACLs for critical files, which allows local users with Power Users privileges to modify programs, install malicious DLLs in the plug-ins folder, and modify XML files related to configuration.
|
2004-12-14
|
Kerio MailServer / ServerFirewall Critical File ACL Weakness
|
|
12385
Description:
Unknown / Incomplete
|
2004-12-14
|
Novell NetMail IMAPD 101_mEna Script Remote Overflow
|
|
12390
Description:
phpGroupware contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when sending a specially crafted URL request to the 'preferences.php' script, which will disclose the installation path resulting in a loss of confidentiality.
|
2004-12-14
|
phpGroupWare preferences.php Path Disclosure
|
|
12391
Description:
phpGroupware contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when sending a specially crafted URL request to the 'index.php' script, which will disclose the installation path resulting in a loss of confidentiality.
|
2004-12-14
|
phpGroupWare index.php Path Disclosure
|
|
12392
Description:
phpGroupWare contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'kp3' variables upon submission to the 'index.php' script ('wiki' directory). This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2004-12-14
|
phpGroupWare wiki/index.php kp3 Parameter XSS
|
|
12393
Description:
phpGroupWare contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple variables upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2004-12-14
|
phpGroupWare index.php Multiple Parameter XSS
|
|
12394
Description:
phpGroupWare contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'ticket_id' variables upon submission to the 'viewticket_details.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2004-12-14
|
phpGroupWare viewticket_details.php ticket_id Parameter XSS
|
|
12395
Description:
phpGroupWare contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the 'ticket_id' parameter in the 'viewticket_details.php' script is not verified properly and will allow an attacker to inject or manipulate SQL queries.
|
2004-12-14
|
phpGroupWare viewticket_details.php ticket_id Parameter SQL Injection
|
|
12396
Description:
phpGroupWare contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that multiple parameters in the 'index.php' script are not verified properly and will allow an attacker to inject or manipulate SQL queries.
|
2004-12-14
|
phpGroupWare index.php Multiple Parameter SQL Injection
|
|
12397
Description:
A remote overflow exists in Adobe Acrobat Reader. The Adobe Acrobat Reader fails to validate the mailListIsPdf() function resulting in a buffer overflow. With a specially crafted request, an attacker can cause execute arbitrary code resulting in a loss of integrity.
|
2004-12-14
|
Adobe Acrobat Reader mailListIsPdf() Function Remote Overflow
|
|
12350
Description:
FirstClass contains a flaw that may allow a remote denial of service. The issue is triggered when numerous POST requests from different connection to /Search occurs, and will result in loss of availability for the service.
|
2004-12-14
|
FirstClass /Search Large Request Remote DoS
|
|
12852
Description:
(Description Provided by CVE) : zgv 5.5.3 allows remote attackers to cause a denial of service (application crash via segmentation fault) via crafted multiple-image (animated) GIF images.
|
2004-12-14
|
zgv Malformed Animated Gif DoS
|
|
12753
Description:
Unknown / Incomplete
|
2004-12-14
|
Symantec Anti-Virus on Novell NetMail Attachment Scan Failure
|
|
12547
Description:
(Description Provided by CVE) : The control panel in ASP Calendar does not require authentication to access, which allows remote attackers to gain unauthorized access via a direct request to main.asp.
|
2004-12-14
|
ASP Calendar main.asp Unauthorized Admin Interface Access
|
|
12332
Description:
phpBB Attachment Mod contains a flaw that allows a remote attacker to access files outside of the web path. The issue is due to Attachment Mod not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the "attachment_list[]" and "filename_list[]" variables.
|
2004-12-14
|
phpBB Attachment Mod Directory Traversal Arbitrary File Access
|
|
12478
Description:
Ricoh Aficio 450/455 PCL 5e printers contain a flaw that may allow a remote denial of service. The issue is triggered when a specific malformed ICMP packet is received, and will result in loss of availability for the service, due to the printer spontaneously rebooting.
|
2004-12-14
|
Ricoh Aficio 450/455 Malformed ICMP Packet DoS
|
|
12548
Description:
ASP-Rider contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the 'username' parameter in the 'verify.asp' script is not verified properly and will allow an attacker to inject or manipulate SQL queries.
|
2004-12-14
|
ASP-Rider verify.asp username Parameter SQL Injection
|
|
12490
Description:
NullSoft Winamp contains a flaw that may allow a remote denial of service. The issue is triggered when an .mp4 or .m4a file containing tagging information is loaded, and will result in loss of availability for the application.
|
2004-12-13
|
Winamp mp4 Tagging System DoS
|
|
12491
Description:
winamp contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker creates a specially crafted file with size of 1mb and names it with either .nsv or .nsa file extension, which will consume all cpu resource if the file is openned by winamp, resulting in loss of availability.
|
2004-12-13
|
Winamp Large nsv / nsa File DoS
|
|
35405
Description:
(Description Provided by CVE) : chetcpasswd.cgi in Pedro Lineu Orso chetcpasswd before 2.1 allows remote attackers to read the last line of the shadow file via a long user (userid) field.
|
2004-12-13
|
chetcpasswd chetcpasswd.cgi userid Variable /etc/shadow Fragment Disclosure
|
|
44049
Description:
Unknown / Incomplete
|
2004-12-13
|
Sympa wwsympa/wwsympa.fcgi edit_list Form Password Disclosure
|
|
12860
Description:
Unknown / Incomplete
|
2004-12-13
|
Multiple Browser Content-Type Spoofing Restriction Bypass
|
|
12399
Description:
(Description Provided by CVE) : Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry.
|
2004-12-13
|
Opera for Linux kfmclient Arbitrary Command Execution
|
|
12330
Description:
phpMyAdmin contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is on systems where PHP safe mode is disabled and external MIME-based transformations is activated, MySQL data is not verified properly and will allow an attacker to inject or manipulate SQL queries, which may lead to a loss of integrity.
|
2004-12-13
|
phpMyAdmin External Transformations Remote Command Execution
|
|
12331
Description:
phpMyAdmin contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered on systems where $cfg['UploadDir'] is defined and PHP safe mode is disabled. 'sql_localfile' is not properly sanatized and can be exploited by a remote malicious user by calling read_dump.php via a crafted form from the phpMyAdmin interface, which will disclose file information resulting in a loss of confidentiality.
|
2004-12-13
|
phpMyAdmin UploadDir Function sql_localfile Parameter Arbitrary File Access
|
|
12357
Description:
(Description Provided by CVE) : Multiple integer overflows in xzgv 0.8 and earlier allow remote attackers to execute arbitrary code via images with large width and height values, which trigger a heap-based buffer overflow, as demonstrated in the read_prf_file function in readprf.c. NOTE: CVE-2004-0994 and CVE-2004-1095 identify sets of bugs that only partially overlap, despite having the same developer. Therefore, they should be regarded as distinct.
|
2004-12-13
|
xzgv read_prf_file Method Remote Overflow
|
|
12358
Description:
Unknown / Incomplete
|
2004-12-13
|
Sugar Sales Username SQL Injection
|
|
12359
Description:
Sugar Sales contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'index.php' script not properly sanitizing user-supplied input to the 'record' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2004-12-13
|
Sugar Sales index.php record Parameter SQL Injection
|
|
12360
Description:
Unknown / Incomplete
|
2004-12-13
|
Sugar Sales phprint.php Path Disclosure
|
|
12361
Description:
Unknown / Incomplete
|
2004-12-13
|
Sugar Sales index.php module Parameter Traversal Arbitrary File Access
|
|
12362
Description:
Unknown / Incomplete
|
2004-12-13
|
Sugar Sales Installation Scripts DoS
|
