| OSVDB ID | Disclosure Date | Title |
|
13342
Description:
ClamAV contains a flaw that may allow a remote denial of service. The issue is due to an error in the handling of file information in corrupted ZIP files, and will result in loss of availability for the service.
|
2005-01-31
|
Clam AntiVirus ZIP Scanning DoS
|
|
13343
Description:
ClamAV contains a flaw that may allow a remote denial of service. The issue is triggered when sending a base64 encoded image file in a URL an attacker could evade virus scanning. By sending a specially-crafted ZIP file an attacker could cause a Denial of Service by crashing the clamd daemon. occurs, and will result in loss of availability for the clamd service.
|
2005-01-31
|
Clam AntiVirus BMP File Scan Bypass
|
|
13939
Description:
(Description Provided by CVE) : The Software Development Kit (SDK) and Run Time Environment (RTE) 1.4.1 and 1.4.2 for Tru64 UNIX allows remote attackers to cause a denial of service (Java Virtual Machine hang) via object deserialization.
|
2005-01-31
|
HP Tru64 UNIX Sun SDK and RTE JVM DoS
|
|
13329
Description:
fprobe contains a flaw that may allow a remote denial of service. The issue is triggered when specially crafted data containing many hash collisions occurs and is due to vulnerable xor8, xor16, and crc16 hash implementations. This will result in loss of availability for the platform by causing a large amount of CPU usage.
|
2005-01-30
|
fprobe Weak Hash Functions DoS
|
|
13317
Description:
(Description Provided by CVE) : Xpand Rally 1.0.0.0 allows remote attackers or remote malicious game servers to cause a denial of service (application crash) via a packet with large values that are not properly handled in certain malloc or memcpy operations.
|
2005-01-30
|
Xpand Rally Broadcast Remote DoS
|
|
13297
Description:
(Description Provided by CVE) : nwclient.c in ncpfs before 2.2.6 does not drop root privileges before executing utilities using the NetWare client functions, which allows local users to gain privileges.
|
2005-01-30
|
ncpfs nwclient.c Based Utilities Arbitrary Privileged File Access
|
|
13298
Description:
(Description Provided by CVE) : Buffer overflow in ncplogin in ncpfs before 2.2.6 allows remote malicious NetWare servers to execute arbitrary code on the NetWare client.
|
2005-01-30
|
ncpfs ncplogin Unspecified Overflow
|
|
13280
Description:
Unknown / Incomplete
|
2005-01-30
|
JShop Server product.php Multiple Variable XSS
|
|
13320
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Infinite Mobile Delivery Webmail 2.6 allows remote attackers to inject arbitrary web script or HTML via the URL.
|
2005-01-29
|
Captaris Infinite Mobile Delivery Webmail XSS
|
|
13321
Description:
(Description Provided by CVE) : Infinite Mobile Delivery Webmail 2.6 allows remote attackers to gain sensitive information via an HTTP request that contains invalid characters for a Windows foldername, which reveals the path in an error message.
|
2005-01-29
|
Captaris Infinite Mobile Delivery Webmail Path Disclosure
|
|
15061
Description:
(Description Provided by CVE) : MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server 7.6.4r with Icewarp Mail Server 5.3.2 uses weak encryption in the (1) users.cfg, (2) settings.cfg, (3) users.dat or (4) user.dat files, which allows local users to extract the passwords.
|
2005-01-28
|
IceWarp WebMail Multiple File Weak User Info Encryption
|
|
13228
Description:
CitrusDB contains a flaw related to the credit card data import/export functions that may allow an attacker to gain access to that data. No further details have been provided.
|
2005-01-28
|
CitrusDB Credit Card Import/Export Data Disclosure
|
|
13459
Description:
(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
|
2005-01-28
|
Newsgrab Downloaded File Symlink Arbitrary File Overwrite
|
|
13873
Description:
Unknown / Incomplete
|
2005-01-28
|
AWStats Default Database Save Permission Weakness
|
|
13322
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in useredit_account.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter.
|
2005-01-28
|
WebAdmin useredit_account.wdm user Variable XSS
|
|
13323
Description:
(Description Provided by CVE) : useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly validate account edits by the logged in user, which allows remote authenticated users to edit other users' account information via a modified user parameter.
|
2005-01-28
|
WebAdmin useredit_account.wdm Arbitrary Account Modification
|
|
13324
Description:
(Description Provided by CVE) : Direct remote injection vulnerability in modalfram.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to load external webpages that appear to come from the WebAdmin server, which allows remote attackers to inject arbitrary HTML or web script to facilitate cross-site scripting (XSS) and phishing attacks.
|
2005-01-28
|
WebAdmin modalframe.wdm Arbitrary HTML Injection
|
|
13234
Description:
WebWasher Classic contains a flaw that may allow a malicious user to remotely connect to tcp ports listening on 127.0.0.1 of the WebWasher system. WebWasher Classic supports two server modes: 1) client mode, local mode (bound to 127.0.0.1); 2) server mode - network proxy (bound to 0.0.0.0). The issue is triggered when WebWasher server is running in server mode. It is possible that the flaw may allow an attacker to bypass security controls protecting the WebWasher system resulting in a loss of integrity.
|
2005-01-28
|
WebWasher Classic Server Mode Arbitrary Proxy CONNECT Request
|
|
13318
Description:
Unknown / Incomplete
|
2005-01-28
|
SmarterMail Attachment Upload Arbitrary Script Execution
|
|
13368
Description:
IceWarp Web Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "username" variable upon submission to the login.html script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-01-28
|
IceWarp WebMail login.html username Variable XSS
|
|
13369
Description:
IceWarp Web Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "accountid" variable upon submission to the accountsettings_add.html script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-01-28
|
IceWarp WebMail accountsettings_add.html accountid Variable XSS
|
|
13370
Description:
IceWarp Web Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "Title" variable upon submission to the calendar_addnote.html script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-01-28
|
IceWarp WebMail calendar_addnote.html Title Variable XSS
|
|
13371
Description:
IceWarp Web Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "Note" variables upon submission to the calendar_addtask.html script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-01-28
|
IceWarp WebMail calendar_addtask.html Note Variable XSS
|
|
13372
Description:
IceWarp Web Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple variables upon submission to the calendar_addevent.html script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-01-28
|
IceWarp WebMail calendar_addevent.html Multiple Variable XSS
|
|
13373
Description:
IceWarp Web Mail contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when improper parameters are provided to the calendar_d.html script, which will disclose the physical web path resulting in a loss of confidentiality.
|
2005-01-28
|
IceWarp WebMail calendar_d.html id Variable Path Disclosure
|
|
13374
Description:
IceWarp Web Mail contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when improper parameters are provided to the calendar_m.html script, which will disclose the physical web path resulting in a loss of confidentiality.
|
2005-01-28
|
IceWarp WebMail calendar_m.html id Variable Path Disclosure
|
|
13375
Description:
IceWarp Web Mail contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when improper parameters are provided to the calendar_w.html script, which will disclose the physical web path resulting in a loss of confidentiality.
|
2005-01-28
|
IceWarp WebMail calendar_w.html id Variable Path Disclosure
|
|
13376
Description:
IceWarp Web Mail contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when improper parameters are provided to the calendar_y.html script, which will disclose the physical web path resulting in a loss of confidentiality.
|
2005-01-28
|
IceWarp WebMail calendar_y.html id Variable Path Disclosure
|
|
13377
Description:
IceWarp Web Mail contains a flaw that may allow a remote attacker to manipulate arbitrary files on the web server. The issue is due to the importaction.html script not properly sanitizing input passed to the "importfile" parameter. This may allow an attacker to supply any path within the web root and create or view an arbitrary file.
|
2005-01-28
|
IceWarp WebMail importaction.html Arbitrary File Manipulation
|
|
13349
Description:
Unknown / Incomplete
|
2005-01-28
|
DokuWiki userwrite Mode Restricted page Disclosure
|
|
13460
Description:
(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
|
2005-01-28
|
Newsgrab Newsgroup Message Arbitrary File Write
|
|
13282
Description:
Unknown / Incomplete
|
2005-01-28
|
XOOPS Incontent Module Traversal Arbitrary PHP File Source Disclosure
|
|
13241
Description:
Unknown / Incomplete
|
2005-01-27
|
phpPgAds dest Parameter HTTP Response Splitting
|
|
13237
Description:
(Description Provided by CVE) : Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session for an active user when the administrator disables that user from a resource, which could allow remote authenticated users to retain unauthorized access to resources.
|
2005-01-27
|
Ingate Firewall Blocked Active PPTP Tunnel Persistance
|
|
13203
Description:
(Description Provided by CVE) : Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pam_radius_auth.conf set to be world-readable, which allows local users to obtain sensitive information.
|
2005-01-27
|
Debian pam_radius_auth.conf Local Information Disclosure
|
|
13197
Description:
ginp contains a flaw that may allow a malicious user to bypass security restrictions. The issue is triggered when Java preferences are not properly saved in some situations. It is possible that the flaw may allow unauthorized access to restricted images resulting in a loss of confidentiality.
|
2005-01-27
|
ginp Java Preferences API Security Bypass
|
|
13231
Description:
(Description Provided by CVE) : The f2c translator in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files.
|
2005-01-27
|
f2c Translator Multiple File Insecure Temporary File Handling
|
|
13232
Description:
(Description Provided by CVE) : The f2 shell script in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files.
|
2005-01-27
|
f2c f2 Script Multiple Insecure Temporary File Handling
|
|
13348
Description:
Unknown / Incomplete
|
2005-01-27
|
UebiMiau Session / User Information Disclosure
|
|
13244
Description:
Winmail Server contains a flaw that allows a remote attacker to access arbitrary files. The issue is due to the 'download.php' script not properly sanitizing user input, specifically traversal style attacks (../../) resulting in a loss of confidentiality.
|
2005-01-27
|
Winmail Server download.php Traversal Arbitrary File Access
|