| OSVDB ID | Disclosure Date | Title |
|---|
|
12932
Description:
ZeroBoard contains a flaw that may allow a remote attacker to execute arbritary commands. The issue is due to 'error.php' script not properly sanitizing user input supplied to the 'dir' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.
|
2005-01-13
|
ZeroBoard error.php dir Parameter Remote File Inclusion
|
|
55703
Description:
(Description Provided by CVE) : Format string vulnerability in the log routine for gopher daemon (gopherd) 3.0.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code.
|
2005-01-13
|
UMN Gopher Daemon (gopherd) ftp.c Logging Routine Format String
|
|
12915
Description:
IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when inpview trusts the user environment and does not drop privileges. A malicious user can set the environment variable SUN_TTSESSION_CMD to "cp /bin/jsh /tmp/jsh;chmod 6755 /tmp/jsh;killall -9 inpview," which will execute with root permissions, thus allowing a regular user to drop a setuid and setgid shell to /tmp. This flaw leads to a loss of integrity.
|
2005-01-13
|
IRIX inpview Environment Variable Local Privilege Escalation
|
|
12918
Description:
Microsoft Internet Explorer contains a flaw that may allow a remote attacker to bypass download security settings. The issue is triggered when creating a malicious Web page containing a 'BODY' tag that uses an 'onclick' event to trigger the 'createElement' function, which would create an 'IFRAME' window that references to a malicious file. It is possible for a remote attacker to bypass any download security settings and download arbitrary files to a system once the victim visits and clicks anywhere on the body of the malicious Web page resulting in a loss of integrity.
|
2005-01-13
|
Microsoft IE Dynamic IFRAME Tag XP SP2 File Download Security Bypass
|
|
15662
Description:
PHP-Nuke Sgallery contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'config.php' script not properly sanitizing user input supplied to the 'DOCUMENT_ROOT' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
|
2005-01-12
|
PHP-Nuke Sgallery config.php DOCUMENT_ROOT Parameter Remote File Inclusion
|
|
15663
Description:
PHP-Nuke Sgallery contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'sql_layer.php' script not properly sanitizing user input supplied to the 'DOCUMENT_ROOT' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
|
2005-01-12
|
PHP-Nuke Sgallery sql_layer.php DOCUMENT_ROOT Parameter Remote File Inclusion
|
|
12881
Description:
A local overflow exists in OpenBSD. The mod_include module for httpd fails to properly validate the length of user supplied tag strings prior to copying them to a local buffer resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
|
2005-01-12
|
OpenBSD httpd mod_include Local Overflow
|
|
12889
Description:
(Description Provided by CVE) : imageview.php in SGallery 1.01 allows remote attackers to obtain sensitive information via an HTTP request with (1) idalbum and (2) idimage unset, which reveals the installation path in an error message for the sql_fetch_row function.
|
2005-01-12
|
PHP-Nuke Sgallery imageview.php Path Disclosure
|
|
12890
Description:
(Description Provided by CVE) : SQL injection vulnerability in imageview.php for SGallery 1.01 allows remote attackers to execute arbitrary SQL commands via the (1) idalbum or (2) idimage parameters.
|
2005-01-12
|
PHP-Nuke Sgallery imageview.php Multiple Parameter SQL Injection
|
|
12886
Description:
(Description Provided by CVE) : The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers.
|
2005-01-12
|
Squid Malformed WCCP_I_SEE_YOU Messsage DoS
|
|
12887
Description:
A remote overflow exists in Squid. The 'gopherToHTML()' function fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request from a malicious gopher server which response with overly long lines, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.
|
2005-01-12
|
Squid gopherToHTML() Function Remote Overflow
|
|
12891
Description:
Unknown / Incomplete
|
2005-01-12
|
MPM Guestbook Pro top.php Arbitrary Command Execution
|
|
12892
Description:
Unknown / Incomplete
|
2005-01-12
|
MPM Guestbook Pro top.php Traversal Arbitrary File Access
|
|
12868
Description:
(Description Provided by CVE) : Firefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka "Firespoofing."
|
2005-01-12
|
Mozilla Modal Dialog Overlapping Issue
|
|
12863
Description:
BMV contains a flaw that may allow a malicious user to overwrite arbitrary files. The issue is triggered when temp files are created insecurely. It is possible that the flaw may allow arbitrary files to be overwritten resulting in a loss of integrity.
|
2005-01-12
|
BMV Symlink Arbitrary File Overwrite
|
|
12900
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php.
|
2005-01-12
|
Horde prefs.php group Parameter XSS
|
|
12901
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php.
|
2005-01-12
|
Horde index.php url Parameter XSS
|
|
13017
Description:
Unknown / Incomplete
|
2005-01-12
|
Arkeia usr.lst Cleartext Password Disclosure
|
|
13018
Description:
Unknown / Incomplete
|
2005-01-12
|
Arkeia dbase Directory Permission Weakness Information Disclosure
|
|
12854
Description:
Mailman contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate variables upon submission to scripts/driver when returning error pages. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-01-12
|
Mailman Error Page XSS
|
|
12855
Description:
Mailman contains a flaw that may allow a malicious user to determine a user's password. The issue is triggered when a malicious user attempts to brute force an account with the five million possible passwords. It is possible that the flaw may allow unauthorized access resulting in a loss of confidentiality.
|
2005-01-12
|
Mailman Automatic Password Generation Weakness
|
|
12856
Description:
Mailman contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious user sends a special request, resulting in an error message which will disclose subscription status information regarding a particular email address resulting in a loss of confidentiality.
|
2005-01-12
|
Mailman Private Roster Management Arbitrary Subscription Verification
|
|
13132
Description:
Internet Explorer contains a flaw that may allow a malicious user to spoof domain names of a very short length. The issue is triggered by a specially crafted URL under 16 characters. It is possible that the flaw may allow domain name spoofing resulting in a loss of integrity.
|
2005-01-12
|
Microsoft IE %20 URL Spoofing
|
|
13933
Description:
(Description Provided by CVE) : The glibcbug script in glibc 2.3.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2004-0968.
|
2005-01-12
|
GNU C Library (glibc) Symlink Arbitrary File Overwrite
|
|
12898
Description:
Tftpd32 contains a flaw that may allow a remote denial of service. The issue is triggered when the server receives a TFTP request with a long filename, and will result in loss of availability for the service.
|
2005-01-12
|
Tftpd32 Long File Name Request Remote DoS
|
|
12885
Description:
Unknown / Incomplete
|
2005-01-12
|
PHPObject Gateway.php Unspecified Security Issue
|
|
12921
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Bitboard 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via an [img] bbcode image tag with an event such as mouseover.
|
2005-01-12
|
BiTBOARD BBCODE Tag XSS
|
|
12831
Description:
Unknown / Incomplete
|
2005-01-12
|
VHCS sql.php Arbitrary Command Execution
|
|
16430
Description:
(Description Provided by CVE) : The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allows remote attackers to execute arbitrary code via the AnimationHeaderBlock length field, which leads to a stack-based buffer overflow.
|
2005-01-11
|
Microsoft Windows Animated Cursor (ANI) Capability AnimationHeaderBlock Length Field Overflow
|
|
12815
Description:
XviD Codec contains a flaw related to trellis optimization that may allow an attacker to cause an overflow. No further details have been provided.
|
2005-01-11
|
Xvid Codec Trellis Optimization Overflow
|
|
12832
Description:
A remote overflow exists in the Microsoft Windows Indexing service. The indexing service fails to perform proper bounds checking on user queries, resulting in a buffer overflow. With a specially crafted query request, an attacker may be able to execute arbitrary code resulting in a loss of confidentiality and/or integrity.
|
2005-01-11
|
Microsoft Windows Indexing Service Query Overflow
|
|
12833
Description:
A local overflow exists in iTunes. iTunes fails to perform proper bounds checking on m3u/pls playlists, which may result in a buffer overflow. A remote attacker can create a specially crafted m3u/pls playlist which when executed by a local user can cause a buffer overflow resulting in a loss of integrity and/or availability.
|
2005-01-11
|
Apple iTunes m3u/pls Playlist Overflow
|
|
12864
Description:
Apple AirPort Express/Extreme hardware contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker sends specially crafted UDP packets to the device occurs, and will result in loss of availability for the system.
|
2005-01-11
|
Apple AirPort Express/Extreme WDS UDP DoS
|
|
12867
Description:
(Description Provided by CVE) : Opera 7.54 and earlier does not properly validate base64 encoded binary data in a data: (RFC 2397) URL, which causes the URL to be obscured in a download dialog, which may allow remote attackers to trick users into executing arbitrary code.
|
2005-01-11
|
Opera data: URI Handler Application Spoofing
|
|
12865
Description:
Dokeos contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate various input variable types when creating a new course. This could allow an attacker to create a specially crafted course which may execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-01-11
|
Dokeos New Course Arbitrary Script Injection
|
|
12866
Description:
SCO UnixWare contains a flaw that may allow a remote denial of service. The issue is triggered when mountd is run by inetd which may allow an attacker to create multiple mountd processes by issuing multiple NFS related mount requests, consuming memory resources which may result in loss of availability for the system.
|
2005-01-11
|
SCO UnixWare mountd Multiple Process Creation DoS
|
|
12870
Description:
Unknown / Incomplete
|
2005-01-11
|
IlohaMail Multiple Configuration Files Remote Information Disclosure
|
|
12916
Description:
(Description Provided by CVE) : The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when creating user accounts that are configured for password aging, creates the accounts with a blank password, which allows remote or local attackers to break into those accounts.
|
2005-01-11
|
Sun SMC GUI Account Creation Default Null Password
|
|
13229
Description:
Unknown / Incomplete
|
2005-01-11
|
VooDoo cIRCle Bad Login Lockout Failure
|
|
13230
Description:
Unknown / Incomplete
|
2005-01-11
|
VooDoo cIRCle Malformed Packet Sequence DoS
|
