[CLOSE] OSVDB ID : 4207 - Disclosed: 2004-02-29

Description:

vHost contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input upon submission to the web GUI. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 4283 - Disclosed: 2004-02-29

Description:

YaBB and Simple Machines SMF contain a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user input upon submission to the "glow" or "shadow" formatting tags. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 24082 - Disclosed: 2004-02-29

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 5916 - Disclosed: 2004-02-29

Description:

Squid Web Proxy Cache contains a flaw that may allow a malicious user to bypass access control lists. The issue is triggered when sending a specially crafted URL request containing '%00' in it. It is possible that the flaw may allow unauthorized access resulting in a loss of integrity.

[CLOSE] OSVDB ID : 14765 - Disclosed: 2004-02-28

Description:

(Description Provided by CVE) : WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled, allows local users to cause a denial of service (crash) via a (1) MKD or (2) XMKD command that causes an absolute path of 260 characters to be used, which overwrites a cookie with a null character, possibly due to an off-by-one error.

[CLOSE] OSVDB ID : 14764 - Disclosed: 2004-02-28

Description:

(Description Provided by CVE) : WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a 0Ah byte (newline) is sent, which allows local users to cause a denial of service (CPU consumption) by continuing to send a long command that does not contain a newline.

[CLOSE] OSVDB ID : 14763 - Disclosed: 2004-02-28

Description:

(Description Provided by CVE) : Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro Server 3.20 Release 2, Server 3.21 Release 1, and Server 3.10 allows local users to execute arbitrary code via long (1) LIST, (2) NLST, or (3) STAT commands.

[CLOSE] OSVDB ID : 4116 - Disclosed: 2004-02-28

Description:

WFTPD Pro Server contains a flaw that may allow a local denial of service. The issue is triggered when the Xerox Docutech option is set to one and a specially crafted "MKD" or "XMKD" FTP command is issued, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 4107 - Disclosed: 2004-02-28

Description:

LAN SUITE Web Mail contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when an attacker views a hidden parameter within the 'login' form occurs, which will disclose the installation path to a remote attacker.

[CLOSE] OSVDB ID : 6932 - Disclosed: 2004-02-28

Description:

602Pro LAN SUITE Web Mail contains a flaw related to the ability to view files in a directory. The issue is triggered when a remote attacker sends an HTTP request to 'cgi-bin/', 'index.html', or 'users/'. This may allow an attacker to obtain a directory listing.

[CLOSE] OSVDB ID : 4103 - Disclosed: 2004-02-28

Description:

Invision Power Board contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the 'st' variable in the in 'search.php' script is not verified properly and will allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 89705 - Disclosed: 2004-02-28

Description:

Libxml2 contains a flaw in xpointer.c that may allow a denial of service. The issue is triggered when handling XML_ENTITY_REF nodes. With a specially crafted node, a context-dependent attacker can cause the program to crash.

[CLOSE] OSVDB ID : 4100 - Disclosed: 2004-02-28

Description:

(Description Provided by CVE) : Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary code via format string specifiers in strings passed to (1) the info function in log.c, (2) the anubis_error function in errs.c, or (3) the ssl_error function in ssl.c.

[CLOSE] OSVDB ID : 8619 - Disclosed: 2004-02-28

Description:

UnZip contains a flaw that may allow a malicious local user to manipulate arbitrary files on the system. The issue is due to the application creating temporary files insecurely. It is possible for a local attacker to use a symlink attack against files to cause the program to unexpectedly write to, or overwrite an attacker specified file.

[CLOSE] OSVDB ID : 8618 - Disclosed: 2004-02-28

Description:

UnZip contains a flaw related to the support for quoting characters. No further details have been provided.

[CLOSE] OSVDB ID : 4236 - Disclosed: 2004-02-28

Description:

pam_ssh_agent contains a flaw that may allow a local attacker to obtain user passwords on the system. The issue is due to the way the program copies the password from PAM to the Expect script before being passed to the ssh-add utility. While PAM and ssh-add wipe the memory to protect the passwords, Expect does not. This allows a local user to potentially find the unencrypted password in the system memory, even long after the user has logged in.

[CLOSE] OSVDB ID : 4809 - Disclosed: 2004-02-28

Description:

Axis Network Camera contains a flaw that may allow a malicious user to bypass authentication. The issue is triggered when requesting a "protected" URL with a trailing slash. It is possible that the flaw may grant access to "protected" parts of the Web Interface resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 6732 - Disclosed: 2004-02-28

Description:

(Description Provided by CVE) : Multiple buffer overflows in auth_ident() function in auth.c for GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to gain privileges via a long string.

[CLOSE] OSVDB ID : 6933 - Disclosed: 2004-02-28

Description:

602Pro LAN SUITE Web Mail contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate user-supplied input to the 'index.html' URL. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 11332 - Disclosed: 2004-02-27

Description:

(Description Provided by CVE) : ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users to cause a denial of service (crash) via a SITE PASS command with a long password parameter, which causes the database to be corrupted.

[CLOSE] OSVDB ID : 11333 - Disclosed: 2004-02-27

Description:

(Description Provided by CVE) : Directory traversal vulnerability in ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users to determine the existence of arbitrary files via ".." sequences in the SITE UNZIP argument.

[CLOSE] OSVDB ID : 11334 - Disclosed: 2004-02-27

Description:

(Description Provided by CVE) : Multiple buffer overflows in ArGoSoft FTP Server before 1.4.1.6 allow remote authenticated users to cause a denial of service and possibly execute arbitrary code via (1) a SITE ZIP command with a long first or second argument, or (2) a SITE COPY with a long argument.

[CLOSE] OSVDB ID : 4078 - Disclosed: 2004-02-27

Description:

Microsoft Internet Explorer contains a flaw that may allow a malicious user to bypass certain frame restrictions (aka Cross Frame Scripting aka XFS). The issue is triggered when access validation errors occur within event handling routines. Malicious JavaScript loaded in a parent frame can then record the keyboard events of child frames.

[CLOSE] OSVDB ID : 4706 - Disclosed: 2004-02-27

Description:

Symantec Gateway Security's management service contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate URLs before returning it in an error message. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 4076 - Disclosed: 2004-02-27

Description:

A local overflow exists in WinZip. The overflow is triggered by a specially crafted archive file, which an attacker can use to cause arbitrary code execution resulting in a loss of confidentiality, integrity, and/or availability.

[CLOSE] OSVDB ID : 4119 - Disclosed: 2004-02-27

Description:

A local overflow exists in UUDeview. The overflow is triggered by a specially crafted archive file, which an attacker can use to cause arbitrary code execution resulting in a loss of confidentiality, integrity, and/or availability.

[CLOSE] OSVDB ID : 4120 - Disclosed: 2004-02-27

Description:

Novell Client Firewall contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered because the tray icon executes the help interface with SYSTEM privileges. This flaw may lead to a loss of confidentiality, integrity and/or availability.

[CLOSE] OSVDB ID : 4072 - Disclosed: 2004-02-27

Description:

ISS Protocol Analysis Module (PAM) contains a flaw that may allow a malicious user to cause a heap overflow. The issue is triggered when a specially crafted SMB packet containing an overlong value in the AccountName field. It is possible that the flaw may allow the execution of arbitrary code with SYSTEM privileges resulting in a loss of confidentiality, integrity, and/or availability.

[CLOSE] OSVDB ID : 4127 - Disclosed: 2004-02-26

Description:

eXtremail contains a flaw that may allow a malicious user to bypass authentication. The issue is triggered when a user password consists of a single digit or begins with a digit. It is possible that the flaw may allow an attacker to log in without a password resulting in a loss of confidentiality and integrity.

[CLOSE] OSVDB ID : 4077 - Disclosed: 2004-02-26

Description:

A remote overflow exists in OpenManage. The HTTP server fails to validate certain POST requests resulting in a heap overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of confidentiality, integrity, and/or availability.

[CLOSE] OSVDB ID : 4068 - Disclosed: 2004-02-26

Description:

@Mail contains a flaw that may allow a remote denial of service. The issue is triggered when the service recieves a large number of connections, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 4070 - Disclosed: 2004-02-26

Description:

Solaris contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered by an unspecified flaw in the passwd command. This flaw may lead to a loss of confidentiality, integrity and/or availability.

[CLOSE] OSVDB ID : 4071 - Disclosed: 2004-02-26

Description:

Solaris contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is an unspecified flaw in /usr/lib/print/conv_fix. This flaw may lead to a loss of confidentiality, integrity and/or availability.

[CLOSE] OSVDB ID : 4069 - Disclosed: 2004-02-26

Description:

Gateway Security contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate URI input upon submission to the error page handler. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 20146 - Disclosed: 2004-02-26

Description:

(Description Provided by CVE) : The PerfectNav plugin for Microsoft Internet Explorer allows remote attackers to cause a denial of service (browser crash) via a malformed URL such as "?".

[CLOSE] OSVDB ID : 4063 - Disclosed: 2004-02-26

Description:

(Description Provided by CVE) : BadBlue 2.4 allows remote attackers to obtain the location of the server installation path via a request for phptest.php, which includes the pathname in the source of the resulting HTML.

[CLOSE] OSVDB ID : 6930 - Disclosed: 2004-02-26

Description:

(Description Provided by CVE) : FreeChat 1.1.1a allows remote attackers to cause a denial of service (crash) via certain unexpected strings, as demonstrated using "aaaaa".

[CLOSE] OSVDB ID : 87443 - Disclosed: 2004-02-26

Description:

EFF Tor contains a flaw that may lead to an unauthorized information disclosure. The issue is due to the server publishing revealing uname information in descriptors. This may allow a remote attacker to gain access to a node's system information.

[CLOSE] OSVDB ID : 4129 - Disclosed: 2004-02-25

Description:

1st Class Mail Server contains a flaw that may allow a remote denial of service. The issue is triggered when a long string is sent to the second parameter of the APOP USER command, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 4066 - Disclosed: 2004-02-25

Description:

@Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input to the "Displayed Name" field upon submission to the util.pl script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.