[CLOSE] OSVDB ID : 13514 - Disclosed: 2005-01-31

Description:

(Description Provided by CVE) : Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest firmware, allows remote attackers on the WAN to obtain the IP address of the LAN side interface by pinging a valid LAN IP address, which generates an ARP reply from the WAN address side that maps the LAN IP address to the WAN's MAC address.

[CLOSE] OSVDB ID : 13515 - Disclosed: 2005-01-31

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 13366 - Disclosed: 2005-01-31

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 13446 - Disclosed: 2005-01-31

Description:

(Description Provided by CVE) : D-BUS (dbus) before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket.

[CLOSE] OSVDB ID : 13354 - Disclosed: 2005-01-31

Description:

(Description Provided by CVE) : PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users to load arbitrary shared libraries and execute code via the LOAD extension.

[CLOSE] OSVDB ID : 13355 - Disclosed: 2005-01-31

Description:

(Description Provided by CVE) : PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE permission check for functions by using the CREATE AGGREGATE command.

[CLOSE] OSVDB ID : 13356 - Disclosed: 2005-01-31

Description:

(Description Provided by CVE) : The intagg contrib module for PostgreSQL 8.0.0 and earlier allows attackers to cause a denial of service (crash) via crafted arrays.

[CLOSE] OSVDB ID : 13357 - Disclosed: 2005-01-31

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 13300 - Disclosed: 2005-01-31

Description:

A remote overflow exists in ngIRCd. ngIRCd contains an integer overflow in the Lists_MakeMask() function. With a specially crafted request, an attacker can cause a DoS and arbitrary code execution resulting in a loss of availability and integrity.

[CLOSE] OSVDB ID : 13299 - Disclosed: 2005-01-31

Description:

HP VirtualVault contains a flaw that may allow a remote denial of service. The issue is triggered when an unspecified error in the TGA (Trusted Gateway Agent) daemon occurs, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 13345 - Disclosed: 2005-01-31

Description:

(Description Provided by CVE) : The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.

[CLOSE] OSVDB ID : 13344 - Disclosed: 2005-01-31

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 13342 - Disclosed: 2005-01-31

Description:

ClamAV contains a flaw that may allow a remote denial of service. The issue is due to an error in the handling of file information in corrupted ZIP files, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 13343 - Disclosed: 2005-01-31

Description:

ClamAV contains a flaw that may allow a remote denial of service. The issue is triggered when sending a base64 encoded image file in a URL an attacker could evade virus scanning. By sending a specially-crafted ZIP file an attacker could cause a Denial of Service by crashing the clamd daemon. occurs, and will result in loss of availability for the clamd service.

[CLOSE] OSVDB ID : 13939 - Disclosed: 2005-01-31

Description:

(Description Provided by CVE) : The Software Development Kit (SDK) and Run Time Environment (RTE) 1.4.1 and 1.4.2 for Tru64 UNIX allows remote attackers to cause a denial of service (Java Virtual Machine hang) via object deserialization.

[CLOSE] OSVDB ID : 13329 - Disclosed: 2005-01-30

Description:

fprobe contains a flaw that may allow a remote denial of service. The issue is triggered when specially crafted data containing many hash collisions occurs and is due to vulnerable xor8, xor16, and crc16 hash implementations. This will result in loss of availability for the platform by causing a large amount of CPU usage.

[CLOSE] OSVDB ID : 13317 - Disclosed: 2005-01-30

Description:

(Description Provided by CVE) : Xpand Rally 1.0.0.0 allows remote attackers or remote malicious game servers to cause a denial of service (application crash) via a packet with large values that are not properly handled in certain malloc or memcpy operations.

[CLOSE] OSVDB ID : 13297 - Disclosed: 2005-01-30

Description:

(Description Provided by CVE) : nwclient.c in ncpfs before 2.2.6 does not drop root privileges before executing utilities using the NetWare client functions, which allows local users to gain privileges.

[CLOSE] OSVDB ID : 13298 - Disclosed: 2005-01-30

Description:

(Description Provided by CVE) : Buffer overflow in ncplogin in ncpfs before 2.2.6 allows remote malicious NetWare servers to execute arbitrary code on the NetWare client.

[CLOSE] OSVDB ID : 13280 - Disclosed: 2005-01-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 13320 - Disclosed: 2005-01-29

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Infinite Mobile Delivery Webmail 2.6 allows remote attackers to inject arbitrary web script or HTML via the URL.

[CLOSE] OSVDB ID : 13321 - Disclosed: 2005-01-29

Description:

(Description Provided by CVE) : Infinite Mobile Delivery Webmail 2.6 allows remote attackers to gain sensitive information via an HTTP request that contains invalid characters for a Windows foldername, which reveals the path in an error message.

[CLOSE] OSVDB ID : 15061 - Disclosed: 2005-01-28

Description:

(Description Provided by CVE) : MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server 7.6.4r with Icewarp Mail Server 5.3.2 uses weak encryption in the (1) users.cfg, (2) settings.cfg, (3) users.dat or (4) user.dat files, which allows local users to extract the passwords.

[CLOSE] OSVDB ID : 13228 - Disclosed: 2005-01-28

Description:

CitrusDB contains a flaw related to the credit card data import/export functions that may allow an attacker to gain access to that data. No further details have been provided.

[CLOSE] OSVDB ID : 13459 - Disclosed: 2005-01-28

Description:

(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

[CLOSE] OSVDB ID : 60678 - Disclosed: 2005-01-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 13873 - Disclosed: 2005-01-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 13322 - Disclosed: 2005-01-28

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in useredit_account.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter.

[CLOSE] OSVDB ID : 13323 - Disclosed: 2005-01-28

Description:

(Description Provided by CVE) : useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly validate account edits by the logged in user, which allows remote authenticated users to edit other users' account information via a modified user parameter.

[CLOSE] OSVDB ID : 13324 - Disclosed: 2005-01-28

Description:

(Description Provided by CVE) : Direct remote injection vulnerability in modalfram.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to load external webpages that appear to come from the WebAdmin server, which allows remote attackers to inject arbitrary HTML or web script to facilitate cross-site scripting (XSS) and phishing attacks.

[CLOSE] OSVDB ID : 13234 - Disclosed: 2005-01-28

Description:

WebWasher Classic contains a flaw that may allow a malicious user to remotely connect to tcp ports listening on 127.0.0.1 of the WebWasher system. WebWasher Classic supports two server modes: 1) client mode, local mode (bound to 127.0.0.1); 2) server mode - network proxy (bound to 0.0.0.0). The issue is triggered when WebWasher server is running in server mode. It is possible that the flaw may allow an attacker to bypass security controls protecting the WebWasher system resulting in a loss of integrity.

[CLOSE] OSVDB ID : 13318 - Disclosed: 2005-01-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 13368 - Disclosed: 2005-01-28

Description:

IceWarp Web Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "username" variable upon submission to the login.html script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 13369 - Disclosed: 2005-01-28

Description:

IceWarp Web Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "accountid" variable upon submission to the accountsettings_add.html script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 13370 - Disclosed: 2005-01-28

Description:

IceWarp Web Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "Title" variable upon submission to the calendar_addnote.html script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 13371 - Disclosed: 2005-01-28

Description:

IceWarp Web Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "Note" variables upon submission to the calendar_addtask.html script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 13372 - Disclosed: 2005-01-28

Description:

IceWarp Web Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple variables upon submission to the calendar_addevent.html script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 13373 - Disclosed: 2005-01-28

Description:

IceWarp Web Mail contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when improper parameters are provided to the calendar_d.html script, which will disclose the physical web path resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 13374 - Disclosed: 2005-01-28

Description:

IceWarp Web Mail contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when improper parameters are provided to the calendar_m.html script, which will disclose the physical web path resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 13375 - Disclosed: 2005-01-28

Description:

IceWarp Web Mail contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when improper parameters are provided to the calendar_w.html script, which will disclose the physical web path resulting in a loss of confidentiality.