| OSVDB ID | Disclosure Date | Title |
|---|
|
11955
Description:
Unknown / Incomplete
|
2004-03-31
|
Microsoft IE/Outlook URL FORM Status Bar Spoofing
|
|
4761
Description:
(Description Provided by CVE) : LINBOX LIN:BOX allows remote attackers to bypass authentication, obtain sensitive information, or gain access via a direct request to admin/user.pl preceded by // (double leading slash).
|
2004-03-31
|
LIN:BOX admin/user.pl Direct Request Authentication Bypass
|
|
4759
Description:
(Description Provided by CVE) : The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon (clamd) before 0.70 allows local users to execute arbitrary commands via shell metacharacters in a file name.
|
2004-03-31
|
Clam AntiVirus Realtime Scanning VirusEvent Local Arbitrary Command Execution
|
|
4760
Description:
(Description Provided by CVE) : The p_submit_url value in the sample login form in the Oracle 9i Application Server (9iAS) Single Sign-on Administrators Guide, Release 2(9.0.2) for Oracle SSO allows remote attackers to spoof the login page, which could allow users to inadvertently reveal their username and password.
|
2004-03-31
|
Oracle Application Server Single Sign-on (SSO) p_submit_url XSS
|
|
4750
Description:
(Description Provided by CVE) : Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via an ISAKMP packet with an Identification payload with a length that becomes less than 8 during byte order conversion, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite.
|
2004-03-31
|
tcpdump ISAKMP Identification Payload DoS
|
|
4751
Description:
(Description Provided by CVE) : TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of service (crash) via ISAKMP packets containing a Delete payload with a large number of SPI's, which causes an out-of-bounds read, as demonstrated by the Striker ISAKMP Protocol Test Suite.
|
2004-03-31
|
tcpdump ISAKMP Delete Payload DoS
|
|
4752
Description:
Unknown / Incomplete
|
2004-03-31
|
BlackICE Insecure Default Configuration Weakness
|
|
4753
Description:
Unknown / Incomplete
|
2004-03-31
|
BlackICE NIC Protection Failure
|
|
12278
Description:
Unknown / Incomplete
|
2004-03-31
|
Codestriker Parser.pm Unspecified tempfile() Issue
|
|
4755
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the search parameter.
|
2004-03-31
|
SillySearch search XSS
|
|
55480
Description:
Unknown / Incomplete
|
2004-03-31
|
Kame Racoon Invalid Cookie Handling Remote DoS
|
|
4756
Description:
MadBMS contains an unspecified flaw in its login. It is possible that the flaw may allow unauthorized users to log in resulting in a loss of confidentiality, integrity, and/or availability.
|
2004-03-31
|
MadBMS Unspecified Login
|
|
4757
Description:
(Description Provided by CVE) : SQL injection vulnerability in the sloth TCL script in QuoteEngine before 1.2.0 allow remote attackers to execute arbitrary SQL commands via unknown vectors.
|
2004-03-31
|
quoteengine SQL Injection
|
|
4785
Description:
CactuShop contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the 'strItems' parameter in the 'payonline.asp' script is not verified properly and will allow a remote attacker to inject or manipulate SQL queries.
|
2004-03-31
|
Cactusoft CactuShop payonline.asp strItems Parameter SQL Injection
|
|
4786
Description:
CactuShop contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the 'strItems' parameter in the 'mailorder.asp' script is not verified properly and will allow a remote attacker to inject or manipulate SQL queries.
|
2004-03-31
|
Cactusoft CactuShop mailorder.asp strItems Parameter SQL Injection
|
|
4787
Description:
CactuShop contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'strImageTag' parameter upon submission to the 'popuplargeimage.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2004-03-31
|
Cactusoft CactuShop popuplargeimage.asp strImageTag Parameter XSS
|
|
7517
Description:
Unknown / Incomplete
|
2004-03-31
|
Mambo Open Source Media Manager Unauthorized Access
|
|
7548
Description:
Mambo Open Source 4.5 contains a flaw that may allow a remote attacker to delete or overwrite arbitrary images. The issue is due to the lister.php script not properly authenticating image manipulation requests.
|
2004-03-31
|
Mambo Open Source lister.php Arbitrary Image Deletion
|
|
19216
Description:
(Description Provided by CVE) : The client and server for Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and earlier report sensitive information such as IDs and source IP addresses, which allows remote attackers to obtain sensitive information.
|
2004-03-31
|
Roger Wilco Information Disclosure
|
|
17161
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows allows remote attackers to inject arbitrary web script or HTML via forum messages.
|
2004-03-30
|
PHPKIT Forum Message Arbitrary HTML/Script Injection
|
|
4684
Description:
Unknown / Incomplete
|
2004-03-30
|
psInclude Arbitrary Command Execution
|
|
4671
Description:
eZ publish contains a flaw that may allow an attacker to modify arbitrary files, even if not a designated template. No further details have been provided.
|
2004-03-30
|
eZ publish Unspecified Template Editing Issue
|
|
4672
Description:
Pam-PGSQL <0.5.2-7.1 contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to not properly sanitizing user-supplied input. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2004-03-30
|
libpam-pgsql SQL Injection
|
|
4754
Description:
(Description Provided by CVE) : Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header.
|
2004-03-30
|
MPlayer HTTP Location Header Parsing Overflow
|
|
4667
Description:
Unknown / Incomplete
|
2004-03-30
|
GNOME gnome-session LD_LIBRARY_PATH Privilege Escalation
|
|
45462
Description:
Unknown / Incomplete
|
2004-03-30
|
Multiple Vendor Phone Bluetooth Arbitrary AT Command Execution (BlueBug)
|
|
4673
Description:
A-CART contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate certain variables upon submission to the deliver.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2004-03-30
|
A-CART deliver.asp XSS
|
|
4674
Description:
A-CART contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate certain variables upon submission to the billing.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2004-03-30
|
A-CART billing.asp XSS
|
|
4675
Description:
A-CART contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the catcode variable in the category.asp module is not verified properly and will allow an attacker to inject or manipulate SQL queries.
|
2004-03-30
|
A-CART category.asp catcode Parameter SQL Injection
|
|
14208
Description:
(Description Provided by CVE) : Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote attackers to read arbitrary files in known locations.
|
2004-03-29
|
Mozilla Liveconnect Arbitrary Local File Access
|
|
7456
Description:
Unknown / Incomplete
|
2004-03-29
|
TikiWiki Search Form Path Disclosure
|
|
4644
Description:
phpBB contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the "pm_sql_user" variable in the "privmsg.php" module is not verified properly and will allow an attacker to inject or manipulate SQL queries.
|
2004-03-29
|
phpBB privmsg.php pm_sql_user Parameter SQL Injection
|
|
4645
Description:
(Description Provided by CVE) : Buffer overflow in the UrlToLocal function in PunyLib.dll of Foxmail 5.0.300 allows remote attackers to execute arbitrary code via a mail message with a long From field, a different issue than CVE-2005-0339.
|
2004-03-29
|
Foxmail PunyLib.dll UrlToLocal Function Overflow
|
|
4749
Description:
phpBB contains several flaws related to the admin pages. No further details have been provided.
|
2004-03-29
|
phpBB Multiple Unspecified Admin Pages Issue
|
|
7612
Description:
phpBB contains a flaw related to the IMG BBCode Tag that may allow a remote attacker to inject arbitrary code. No further details have been provided.
|
2004-03-29
|
phpBB Unspecified IMG BBCode Tag Injection
|
|
4670
Description:
Interchange contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker requests an invalid file and receives the standard "missing" special page, which will disclose variable information resulting in a loss of confidentiality.
|
2004-03-29
|
Interchange Variable Information Disclosure
|
|
4668
Description:
FreeBSD contains a flaw due to the manner in which it implements KAME Project IPv6 code that may allow a remote denial of service. The issue is an input validation flaw in the "setsockopt()" system call when handling certain IPv6 socket options, and will result in loss of availability for the platform.
|
2004-03-29
|
FreeBSD KAME Project IPv6 setsockopt() DoS
|
|
5392
Description:
Unknown / Incomplete
|
2004-03-29
|
Savane vars.php Arbitrary Code Execution
|
|
5985
Description:
FreeBSD contains a flaw that may lead to an unauthorized information disclosure. The issue is in FreeBSD's implementation of KAME Project IPv6 code beacuse of an input validation flaw in the "setsockopt()" system call when handling certain IPv6 socket options, which will disclose the kernel memory resulting in a loss of confidentiality. No further details are available.
|
2004-03-29
|
FreeBSD KAME Project IPv6 setsockopt() Kernel Memory Disclosure
|
|
7140
Description:
Interchange contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that an unknown variable in an unspecified script is not verified properly and will allow an attacker to inject or manipulate SQL queries. No further details have been released.
|
2004-03-29
|
Interchange Unspecified SQL Injection
|
