[CLOSE] OSVDB ID : 13342 - Disclosed: 2005-01-31

Description:

ClamAV contains a flaw that may allow a remote denial of service. The issue is due to an error in the handling of file information in corrupted ZIP files, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 13343 - Disclosed: 2005-01-31

Description:

ClamAV contains a flaw that may allow a remote denial of service. The issue is triggered when sending a base64 encoded image file in a URL an attacker could evade virus scanning. By sending a specially-crafted ZIP file an attacker could cause a Denial of Service by crashing the clamd daemon. occurs, and will result in loss of availability for the clamd service.

[CLOSE] OSVDB ID : 13939 - Disclosed: 2005-01-31

Description:

(Description Provided by CVE) : The Software Development Kit (SDK) and Run Time Environment (RTE) 1.4.1 and 1.4.2 for Tru64 UNIX allows remote attackers to cause a denial of service (Java Virtual Machine hang) via object deserialization.

[CLOSE] OSVDB ID : 13329 - Disclosed: 2005-01-30

Description:

fprobe contains a flaw that may allow a remote denial of service. The issue is triggered when specially crafted data containing many hash collisions occurs and is due to vulnerable xor8, xor16, and crc16 hash implementations. This will result in loss of availability for the platform by causing a large amount of CPU usage.

[CLOSE] OSVDB ID : 13317 - Disclosed: 2005-01-30

Description:

(Description Provided by CVE) : Xpand Rally 1.0.0.0 allows remote attackers or remote malicious game servers to cause a denial of service (application crash) via a packet with large values that are not properly handled in certain malloc or memcpy operations.

[CLOSE] OSVDB ID : 13297 - Disclosed: 2005-01-30

Description:

(Description Provided by CVE) : nwclient.c in ncpfs before 2.2.6 does not drop root privileges before executing utilities using the NetWare client functions, which allows local users to gain privileges.

[CLOSE] OSVDB ID : 13298 - Disclosed: 2005-01-30

Description:

(Description Provided by CVE) : Buffer overflow in ncplogin in ncpfs before 2.2.6 allows remote malicious NetWare servers to execute arbitrary code on the NetWare client.

[CLOSE] OSVDB ID : 13280 - Disclosed: 2005-01-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 13320 - Disclosed: 2005-01-29

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Infinite Mobile Delivery Webmail 2.6 allows remote attackers to inject arbitrary web script or HTML via the URL.

[CLOSE] OSVDB ID : 13321 - Disclosed: 2005-01-29

Description:

(Description Provided by CVE) : Infinite Mobile Delivery Webmail 2.6 allows remote attackers to gain sensitive information via an HTTP request that contains invalid characters for a Windows foldername, which reveals the path in an error message.

[CLOSE] OSVDB ID : 15061 - Disclosed: 2005-01-28

Description:

(Description Provided by CVE) : MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server 7.6.4r with Icewarp Mail Server 5.3.2 uses weak encryption in the (1) users.cfg, (2) settings.cfg, (3) users.dat or (4) user.dat files, which allows local users to extract the passwords.

[CLOSE] OSVDB ID : 13228 - Disclosed: 2005-01-28

Description:

CitrusDB contains a flaw related to the credit card data import/export functions that may allow an attacker to gain access to that data. No further details have been provided.

[CLOSE] OSVDB ID : 13459 - Disclosed: 2005-01-28

Description:

(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

[CLOSE] OSVDB ID : 13873 - Disclosed: 2005-01-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 13322 - Disclosed: 2005-01-28

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in useredit_account.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter.

[CLOSE] OSVDB ID : 13323 - Disclosed: 2005-01-28

Description:

(Description Provided by CVE) : useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly validate account edits by the logged in user, which allows remote authenticated users to edit other users' account information via a modified user parameter.

[CLOSE] OSVDB ID : 13324 - Disclosed: 2005-01-28

Description:

(Description Provided by CVE) : Direct remote injection vulnerability in modalfram.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to load external webpages that appear to come from the WebAdmin server, which allows remote attackers to inject arbitrary HTML or web script to facilitate cross-site scripting (XSS) and phishing attacks.

[CLOSE] OSVDB ID : 13234 - Disclosed: 2005-01-28

Description:

WebWasher Classic contains a flaw that may allow a malicious user to remotely connect to tcp ports listening on 127.0.0.1 of the WebWasher system. WebWasher Classic supports two server modes: 1) client mode, local mode (bound to 127.0.0.1); 2) server mode - network proxy (bound to 0.0.0.0). The issue is triggered when WebWasher server is running in server mode. It is possible that the flaw may allow an attacker to bypass security controls protecting the WebWasher system resulting in a loss of integrity.

[CLOSE] OSVDB ID : 13318 - Disclosed: 2005-01-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 13368 - Disclosed: 2005-01-28

Description:

IceWarp Web Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "username" variable upon submission to the login.html script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 13369 - Disclosed: 2005-01-28

Description:

IceWarp Web Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "accountid" variable upon submission to the accountsettings_add.html script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 13370 - Disclosed: 2005-01-28

Description:

IceWarp Web Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "Title" variable upon submission to the calendar_addnote.html script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 13371 - Disclosed: 2005-01-28

Description:

IceWarp Web Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "Note" variables upon submission to the calendar_addtask.html script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 13372 - Disclosed: 2005-01-28

Description:

IceWarp Web Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple variables upon submission to the calendar_addevent.html script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 13373 - Disclosed: 2005-01-28

Description:

IceWarp Web Mail contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when improper parameters are provided to the calendar_d.html script, which will disclose the physical web path resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 13374 - Disclosed: 2005-01-28

Description:

IceWarp Web Mail contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when improper parameters are provided to the calendar_m.html script, which will disclose the physical web path resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 13375 - Disclosed: 2005-01-28

Description:

IceWarp Web Mail contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when improper parameters are provided to the calendar_w.html script, which will disclose the physical web path resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 13376 - Disclosed: 2005-01-28

Description:

IceWarp Web Mail contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when improper parameters are provided to the calendar_y.html script, which will disclose the physical web path resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 13377 - Disclosed: 2005-01-28

Description:

IceWarp Web Mail contains a flaw that may allow a remote attacker to manipulate arbitrary files on the web server. The issue is due to the importaction.html script not properly sanitizing input passed to the "importfile" parameter. This may allow an attacker to supply any path within the web root and create or view an arbitrary file.

[CLOSE] OSVDB ID : 13349 - Disclosed: 2005-01-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 13460 - Disclosed: 2005-01-28

Description:

(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

[CLOSE] OSVDB ID : 13282 - Disclosed: 2005-01-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 13241 - Disclosed: 2005-01-27

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 13237 - Disclosed: 2005-01-27

Description:

(Description Provided by CVE) : Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session for an active user when the administrator disables that user from a resource, which could allow remote authenticated users to retain unauthorized access to resources.

[CLOSE] OSVDB ID : 13203 - Disclosed: 2005-01-27

Description:

(Description Provided by CVE) : Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pam_radius_auth.conf set to be world-readable, which allows local users to obtain sensitive information.

[CLOSE] OSVDB ID : 13197 - Disclosed: 2005-01-27

Description:

ginp contains a flaw that may allow a malicious user to bypass security restrictions. The issue is triggered when Java preferences are not properly saved in some situations. It is possible that the flaw may allow unauthorized access to restricted images resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 13231 - Disclosed: 2005-01-27

Description:

(Description Provided by CVE) : The f2c translator in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files.

[CLOSE] OSVDB ID : 13232 - Disclosed: 2005-01-27

Description:

(Description Provided by CVE) : The f2 shell script in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files.

[CLOSE] OSVDB ID : 13348 - Disclosed: 2005-01-27

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 13244 - Disclosed: 2005-01-27

Description:

Winmail Server contains a flaw that allows a remote attacker to access arbitrary files. The issue is due to the 'download.php' script not properly sanitizing user input, specifically traversal style attacks (../../) resulting in a loss of confidentiality.