| OSVDB ID | Disclosure Date | Title |
|---|
|
9891
Description:
A remote overflow exists in Oracle Database Server. The server fails to properly sanitize user input supplied to the second parameter of the interval conversion functions resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code or crash the server resulting in a loss of integrity or availability.
|
2004-08-31
|
Oracle Interval Conversion Functions Overflow
|
|
9886
Description:
A remote overflow exists in Oracle Database Server. The server fails to properly sanitize user input supplied to the FILE parameter resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code or crash the server resulting in a loss of integrity or availability.
|
2004-08-31
|
Oracle FILE Parameter Overflow
|
|
9887
Description:
A remote overflow exists in Oracle Database Server. The server fails to properly sanitize user input supplied to the CONTROLFILE parameter resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code or crash the server resulting in a loss of integrity or availability.
|
2004-08-31
|
Oracle CONTROLFILE Parameter Overflow
|
|
9888
Description:
A remote overflow exists in Oracle Database Server. The server fails to properly sanitize user input supplied to the LOGFILE parameter resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code or crash the server resulting in a loss of integrity or availability.
|
2004-08-31
|
Oracle LOGFILE Parameter Overflow
|
|
9889
Description:
A remote overflow exists in Oracle Database Server. The server fails to properly sanitize user input supplied to the TEMPFILE parameter resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code or crash the server resulting in a loss of integrity or availability.
|
2004-08-31
|
Oracle TEMPFILE Parameter Overflow
|
|
9881
Description:
A remote overflow exists in Oracle Database Server DBMS_REPCAT_RGT package. The package fails to properly sanitize user input supplied to the "refresh_template_name" or "user_name" parameter which is passed to the INSTANTIATE_OFFLINE, INSTANTIATE_ONLINE or DROP_SITE_INSTANTIATION resulting in a buffe overflow. With a specially crafted request, an attacker can cause arbitrary code execution or server crash resulting in a loss of integrity or availability.
|
2004-08-31
|
Oracle DBMS_REPCAT_RGT Package Multiple Function Overflows
|
|
9882
Description:
A remote overflow exists in Oracle Database Server DBMS_REPCAT_ADMIN package. The package fails to properly sanitize user input supplied to the "privilege_type" parameter which is passed to the REGISTER_USER_REPGROUP or UNREGISTER_USER_REPGROUP procedure resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code or crash the system resulting in a loss of integrity or availability.
|
2004-08-31
|
Oracle DBMS_REPCAT_ADMIN Package Multiple Procedure Overflow
|
|
9883
Description:
A remote overflow exists in Oracle Database Server DBMS_REPCAT package. The package fails to propertly sanitize user input supplied to the sname, oname, type, gowner, operation and other parameters which are passed to multiple procedures including CREATE_MVIEW_REPGROUP and GENERATE_REPLICATION_SUPPORT resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code or crash the server resulting in a loss of integrity or availability.
|
2004-08-31
|
Oracle DBMS_REPCAT Package Multiple Parameter Overflow
|
|
9884
Description:
A remote overflow exists in Oracle Database Server DBMS_REPCAT_INSTANTIATE package. The package fails to properly sanitize user input supplied to the first argument of the DROP_SITE_INSTANTIATION, INSTANTIATE_ONLINE or INSTANTIATE_OFFLINE procedure resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code or crash the server resulting in a loss of integrity or availability.
|
2004-08-31
|
Oracle DBMS_REPCAT_INSTANTIATE Package Multiple Function Overflow
|
|
9437
Description:
pLog contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate username and blog variables upon submission to the register.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2004-08-31
|
pLog register.php Multiple Parameter XSS
|
|
9965
Description:
(Description Provided by CVE) : Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and Thunderbird before 0.8 allows untrusted Javascript code to read and write to the clipboard, and possibly obtain sensitive information, via script-generated events such as Ctrl-Ins.
|
2004-08-31
|
Mozilla Multiple Products Text Field Script Generation Arbitrary Clipboard Content Manipulation
|
|
9382
Description:
WS_FTP Server version contains a flaw that may allow a remote denial of service. The issue is triggered in the file path parse module which will cause the FTP server to consume large amounts of CPU power. When this occurs, it will result in loss of availability for the service.
|
2004-08-31
|
WS_FTP Server Path Parsing Remote DoS
|
|
23728
Description:
(Description Provided by CVE) : Unspecified vulnerability in the ESS/ Network Controller in Xerox CopyCentre and Xerox WorkCentre Pro, running software 1.001.02.073 or earlier, or 1.001.02.074 before 1.001.02.715, causes the Immediate Image Overwrite feature to fail after a power loss, which could leave data exposed to attack.
|
2004-08-31
|
XEROX CopyCentre/WorkCentre ESS/Network Controller Immediate Image Overwrite Failure Issue
|
|
9434
Description:
Diebold Global Election Management System (GEMS) contains a flaw that may allow a malicious user to manipulate arbitrary votes totals. The issue is triggered when entering a 2-digit code in a hidden location. It is possible that the flaw may allow the creation of a second set of votes, which causes the vote system to read the totals from the manipulated set resulting in a loss of integrity.
|
2004-08-31
|
Diebold Global Election Management System (GEMS) Backdoor Account Vote Modification
|
|
9562
Description:
OpenSSH contains a flaw that may allow a authenticated attacker to perform a port bouncing attack. The issue is triggered when the 'AllowTcpForwarding' option is enabled in the sshd_config file. This may make it possible for a malicious user to use SSH to access an anonymous service (i.e. AnonCVS) and forward connections to arbitrary ports via this vulnerable service.
|
2004-08-31
|
OpenSSH Default Configuration Anon SSH Service Port Bounce Weakness
|
|
9397
Description:
A remote overflow exists in Titan FTP. Titan FTP fails to perform bounds checking on multiple commands resulting in a heap overflow. With a specially crafted request, an attacker can cause the server to crash resulting in a loss of availability.
|
2004-08-31
|
Titan FTP Server Long Command Remote Overflow
|
|
9398
Description:
WFTPD Pro Server contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious users sends more than 60 specially crafted MLST commands to the FTP server, and will result in a loss of availability for the server.
|
2004-08-31
|
WFTPD Pro Server MLST Command DoS
|
|
9399
Description:
CesarFTP contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious user sends a specially crafted long command string, and will result in loss of availability for the server.
|
2004-08-31
|
CesarFTP Long Command Remote DoS
|
|
9401
Description:
The D-Link DCS-900 internet camera contains a flaw that may allow a malicious user to remotely change the camera IP address. The issue is triggered when a malicious user sends specially crafted UDP packets to the camera bypassing authentication. It is possible that the flaw may allow the user to change configuration options such as the IP address of the camera resulting in a loss of confidentiality and/or availability.
|
2004-08-31
|
D-Link DCS-900 Camera Arbitrary Remote IP Address Modification
|
|
9405
Description:
OpenExchange Server contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered by OpenExchange Server storing the root password in plaintext within the swap partition, a local attacker can search the swap partition which will disclose the root password resulting in a loss of confidentiality.
|
2004-08-31
|
OpenExchange Server Swap Partition Cleartext Root Password Disclosure
|
|
9406
Description:
MIT Kerberos 5 distribution contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker impersonating a legitimate key distribution center or application server may cause a client program to hang inside an infinite loop via a specially crafted BER encoding and will result in loss of availability of the service.
|
2004-08-31
|
MIT Kerberos 5 ASN.1 Decoder DoS
|
|
9407
Description:
MIT Kerberos 5 contains a flaw related to a double free in the KDC ASN.1 error handling code that may allow an attacker to run privileged code of the attackers choosing. MIT note that no published means of exploiting a double free is known, impying that a real world exploit would be difficult at best. Should this feat be achieved, a complete Kerberos realm could be compromised.
|
2004-08-31
|
MIT Kerberos 5 Double-free Error Condition Code Execution
|
|
9408
Description:
Keberos contains a flaw that may allow a malicious user to execute arbitrary commaands. The issue is triggered when krb5_rd_cread() tries to free allready freed buffers that were returned by decode_krb5_enc_cred_part() when error occurs. It is possible that the flaw may allow compromise entire Kerberos realm if victim is running KDC resulting in a loss of integrity.
|
2004-08-31
|
MIT Kerberos 5 krb524d krb5_rd_cred() Arbitrary Code Execution
|
|
9409
Description:
MIT Kerberos contains a flaw that may allow a malicious user to execute arbitrary commands. The issue is due to a double-free condition inside the Key Distribution Center (KDC) code. Under some circumstances, a KDC host could be compromised by a remote attacker. No further details have been provided.
|
2004-08-31
|
MIT Kerberos 5 krb524d Double-free Error Condition Code Execution
|
|
9433
Description:
TYPSoft FTP Server contains a flaw that may allow a remote denial of service. The issue is triggered when an authenticated user sends two consecutive RETR commands followed by a QUIT command, and will result in loss of availability for the server.
|
2004-08-31
|
TYPSoft FTP Server Crafted RETR Command Sequence Remote DoS
|
|
9435
Description:
A remote overflow exists in imlib. imlib fails to perform proper bounds checking on BMP files resulting in a non-descript overflow. With a specially crafted request, an attacker can potentially cause imlib to crash or allow arbitrary code execution resulting in a loss of confidentiality and/or integrity.
|
2004-08-31
|
imlib BMP Decoding Overflow
|
|
9436
Description:
A remote overflow exists in imlib2. imlib2 fails to properly perform bounds checking on BMP deconding resulting in a buffer overflow. With a specially crafted request, an attacker can cause imlib2 to crash possibly allowing the execution of arbitrary code resulting in a loss of confidentiality and/or integrity.
|
2004-08-31
|
imlib2 BMP Decoding Overflow
|
|
9444
Description:
phpWebSite contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the "cal_template" variable in the Calendar Module is not verified properly and will allow an attacker to inject or manipulate SQL queries.
|
2004-08-31
|
phpWebSite Calendar Module cal_template Parameter SQL Injection
|
|
9445
Description:
phpWebSite contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "CM_pis" variable upon submission to the Comment Module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2004-08-31
|
phpWebSite Comment Module CM_pid XSS
|
|
9446
Description:
phpWebSite contains a flaw that may allow a malicious user to execute arbitrary scripts within a user's browser. The issue is triggered when a malicious user sends specially crafted scripts via the 'subject' and 'message' fields within the notes module. It is possible that the flaw may allow the execution of the script within the users browser in the context of the affected phpWebSite while accessing the notes module, resulting in a loss of integrity.
|
2004-08-31
|
phpWebSite Notes Module Multiple Field Script Injection
|
|
9447
Description:
phpWebSite contains a flaw that may allow a malicious user to force an administrator to execute malicious code. The issue is triggered when a malicious user sends specially crafted code to an administrator which forces commands to be executed via POST requests instead of GET requests, bypassing some authentication checks. It is possible that the flaw may allow a remote attacker to create an adminsitrative account and/or take over the system resulting in a loss of confidentiality and/or integrity.
|
2004-08-31
|
phpWebSite Administrator Forced Command Execution
|
|
9450
Description:
phpScheduleIt contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user supplied variables upon submission to multiple new user registration fields, including "first name" and the "last name" fields. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2004-08-31
|
phpScheduleIt New User Registration Multiple Field XSS
|
|
9451
Description:
phpScheduleIt contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user input upon submission to the creation name field. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2004-08-31
|
phpScheduleIt Schedule Creation Name Field XSS
|
|
9452
Description:
(Description Provided by CVE) : phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if the administrator logs in as a normal user, which allows users with physical access to gain administrative privileges.
|
2004-08-31
|
phpScheduleIt Browser Cache Privilege Escalation
|
|
9524
Description:
Comersus Shopping Cart contains a flaw that may allow a malicious user to conduct a HTTP response splitting attack. The issue is triggered when a malicious user submits a specially crafted url to the 'redirecturl' parameter. It is possible that the flaw may allow a remote attacker to display arbitrary content on the server resulting in a loss of integrity.
|
2004-08-31
|
Comersus ASP Shopping Cart redirecturl HTTP Response Splitting
|
|
9779
Description:
CDRTools' cdrecord is vulnerable to an RSH environment variable local privilege escalation vulnerability. This issue is due to cdrecord not dropping privileges before executing a program specified by the user via the "RSH" environment variable. Due to cdrecord being generally installed suid root, an attacker may leverage this behavior to gain superuser privileges on a system running the affected software.
|
2004-08-31
|
cdrecord RSH Environment Variable Local Privilege Escalation
|
|
9369
Description:
Password Protect contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'ShowMsg' variables upon submission to the 'ChangePassword.asp' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2004-08-30
|
Password Protect ChangePassword.asp ShowMsg Parameter XSS
|
|
9370
Description:
Password Protect contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the variables "LoginId", "OPass", "NPass" and "CPass" in the "ChangePassword.asp" module are not verified properly and will allow an attacker to inject or manipulate SQL queries.
|
2004-08-30
|
Password Protect ChangePassword.asp Multiple Variables SQL Injection
|
|
9371
Description:
Password Protect contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate "ShowMsg" variable upon submission to the "index.asp" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2004-08-30
|
Password Protect index.asp ShowMsg Parameter XSS
|
|
9372
Description:
Password Protect contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the "admin" and "Pass" variables in the "index_next.asp" module is not verified properly and will allow an attacker to inject or manipulate SQL queries.
|
2004-08-30
|
Password Protect index_next.asp Multiple Parameter SQL Injection
|
