[CLOSE] OSVDB ID : 16475 - Disclosed: 2005-01-15

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 14569 - Disclosed: 2005-01-15

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in common.inc in Drupal before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via certain inputs.

[CLOSE] OSVDB ID : 13041 - Disclosed: 2005-01-15

Description:

SparkleBlog contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "id" variable upon submission to the journal.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 13042 - Disclosed: 2005-01-15

Description:

SparkleBlog contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a specially crafted URL containing an invalid argument to the id variable is submitted to the journal.php script, which will disclose installation path information resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 13043 - Disclosed: 2005-01-15

Description:

SparkleBlog contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a specially crafted URL containing an invalid argument to the id variable is submitted to archives.php, which will disclose installation path information resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 13044 - Disclosed: 2005-01-15

Description:

SparkleBlog contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a specially crafted URL containing an invalid argument to the id variable is sent to the update.php script, which will disclose installation path information resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 45128 - Disclosed: 2005-01-14

Description:

SHA-1 Algorithm contains a flaw in cryptanalysis that may result in hash function collusion. This will allow a remote attacker to more easily bypass protection mechanisms and gain access to password information.

[CLOSE] OSVDB ID : 12946 - Disclosed: 2005-01-14

Description:

A local overflow exists in Exim. Exim fails to check the length of a string resulting in a buffer overflow in the dns_build_reverse() function. Exim drops SUID privileges before the vulnerable code is reached. With a specially crafted request, an attacker can further escalate privileges or retrieve the mailer uid to access email messages, resulting in a loss of integrity and confidentiality.

[CLOSE] OSVDB ID : 13057 - Disclosed: 2005-01-14

Description:

A chroot() call is implemented in AtheOS, and its behavior is supposed to be POSIX conformant. Once chroot(<directory>) is issued by a process, <directory> should become the base directory ('/') with no way to go out of the jail. That feature is widely used to protect applications against unwanted directory traversals (ftp, http, etc.) . After a chroot() call on AtheOS, '/' indeed seems to become the base directory. '/path/to/file' is translated to '<directory>/path/to/file' . Unfortunately, relative paths aren't checked against the current chroot jail. Therefore, '../../../../path/to/file' will be translated to a file out of the chroot limits.

[CLOSE] OSVDB ID : 12902 - Disclosed: 2005-01-14

Description:

Midnight Commander contains multiple format strings that may allow an attacker to execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 12903 - Disclosed: 2005-01-14

Description:

Midnight Commander contains multiple overflow flaws that may allow an attacker to execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 12904 - Disclosed: 2005-01-14

Description:

Midnight Commander contains a flaw that may allow a local denial of service. The issue is caused by an infinte loop flaw, and will result in loss of availability.

[CLOSE] OSVDB ID : 12905 - Disclosed: 2005-01-14

Description:

Midnight Commander contains a flaw that may allow a local denial of service. The issue is due to a corrupted selection header, and will result in loss of availability.

[CLOSE] OSVDB ID : 12906 - Disclosed: 2005-01-14

Description:

Midnight Commander contains a flaw related to a non-descript Null Dereference that may allow an attacker to cause a denial of service. No further details have been provided.

[CLOSE] OSVDB ID : 12907 - Disclosed: 2005-01-14

Description:

Midnight Commander contains a flaw related to a non-descript Unallocated Memory that may allow an attacker to cause a denial of service. No further details have been provided.

[CLOSE] OSVDB ID : 12908 - Disclosed: 2005-01-14

Description:

Midnight Commander contains a flaw related to a non-descript freed memory issue that may allow an attacker to cause a denial of service. No further details have been provided.

[CLOSE] OSVDB ID : 12909 - Disclosed: 2005-01-14

Description:

Midnight Commander contains a flaw related to the non-existant file descriptor handling that may allow an attacker to cause a denial of service. No further details have been provided.

[CLOSE] OSVDB ID : 12910 - Disclosed: 2005-01-14

Description:

Midnight Commander contains a flaw related to insecure filename quoting that may allow an attacker to execute arbitrary code. No further details have been provided.

[CLOSE] OSVDB ID : 12911 - Disclosed: 2005-01-14

Description:

Midnight Commander contains a flaw that may allow an attacker to cause a denial of service. No further details have been provided.

[CLOSE] OSVDB ID : 13040 - Disclosed: 2005-01-14

Description:

Windows contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when IE is given the path to a javascript file known to be installed by default, which will disclose installation path information resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 13147 - Disclosed: 2005-01-14

Description:

(Description Provided by CVE) : prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers.

[CLOSE] OSVDB ID : 12985 - Disclosed: 2005-01-14

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 12986 - Disclosed: 2005-01-14

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 12894 - Disclosed: 2005-01-13

Description:

(Description Provided by CVE) : helvis 1.8h2_1 and earlier allows local users to recover and read the files of other users via the elvrec setuid program.

[CLOSE] OSVDB ID : 12914 - Disclosed: 2005-01-13

Description:

Linux Kernel contains a flaw that may allow a malicious user to execute arbitrary code with root privileges on multi-processor systems. The issue is caused by the page fault handler and is triggered when two threads, which share the same virtual memory space, request a stack expansion simultaneously. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 12882 - Disclosed: 2005-01-13

Description:

The tcltags script distributed with vim uses an insecure method to create temporary files. This could allow an attacker to read or possibly change files without appropriate permissions, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 12883 - Disclosed: 2005-01-13

Description:

Vim contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to the tclflags and vimspell.sh scripts creating temporary files insecurely allowing an attacker to create symlinks and overwrite arbitrary files. This flaw may lead to a loss of Integrity and/or Availability.

[CLOSE] OSVDB ID : 12897 - Disclosed: 2005-01-13

Description:

(Description Provided by CVE) : Breed patch 1 and earlier allows remote attackers to cause a denial of service (application crash) via an empty UDP packet, which triggers a null dereference.

[CLOSE] OSVDB ID : 13133 - Disclosed: 2005-01-13

Description:

Windows contains a flaw that may allow a remote denial of service. The issue is triggered when IE processes an iframe tag with a malformed attribute, and will result in loss of availability for the browser.

[CLOSE] OSVDB ID : 12913 - Disclosed: 2005-01-13

Description:

(Description Provided by CVE) : Format string vulnerability in the log routine for gopher daemon (gopherd) 3.0.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code.

[CLOSE] OSVDB ID : 12917 - Disclosed: 2005-01-13

Description:

(Description Provided by CVE) : The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file.

[CLOSE] OSVDB ID : 12919 - Disclosed: 2005-01-13

Description:

A remote overflow exists in MaxDB. The 'websql' CGI fails to perform proper bounds checking resulting in a buffer overflow. By supplying an overly long password, a remote attacker can cause arbitrary code execution with SYSTEM privileges resulting in a loss of integrity.

[CLOSE] OSVDB ID : 12920 - Disclosed: 2005-01-13

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in f.aspx in forumKIT 1.0 allows remote attackers to inject arbitrary web script or HTML via the members parameter.

[CLOSE] OSVDB ID : 12925 - Disclosed: 2005-01-13

Description:

ZeroBoard contains a flaw that allows a remote attacker to arbitrary access files outside of the web path. The issue is due to the '_head.php' script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the '_zb_path' variable.

[CLOSE] OSVDB ID : 12926 - Disclosed: 2005-01-13

Description:

ZeroBoard contains a flaw that allows a remote attacker to arbitrary access files outside of the web path. The issue is due to the 'write.php' script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'dir' variable.

[CLOSE] OSVDB ID : 12927 - Disclosed: 2005-01-13

Description:

ZeroBoard contains a flaw that allows a remote attacker to arbitrary access files outside of the web path. The issue is due to the 'outlogin.php' script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the '_zb_path' variable.

[CLOSE] OSVDB ID : 12928 - Disclosed: 2005-01-13

Description:

ZeroBoard contains a flaw that may allow a remote attacker to execute arbritary commands. The issue is due to 'print_category.php' script not properly sanitizing user input supplied to the 'dir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 12929 - Disclosed: 2005-01-13

Description:

ZeroBoard contains a flaw that may allow a remote attacker to execute arbritary commands. The issue is due to 'login.php' script not properly sanitizing user input supplied to the 'dir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 12930 - Disclosed: 2005-01-13

Description:

ZeroBoard contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'setup.php' script not properly sanitizing user input supplied to the 'dir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 12931 - Disclosed: 2005-01-13

Description:

ZeroBoard contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to 'ask_password.php' script not properly sanitizing user input supplied to the 'dir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.