[CLOSE] OSVDB ID : 14250 - Disclosed: 2005-02-28

Description:

(Description Provided by CVE) : nxagent in FreeNX before 0.2.8 does not properly handle when the XAUTHORITY environment variable is not set, which allows local users to access the X server without X authentication.

[CLOSE] OSVDB ID : 14290 - Disclosed: 2005-02-28

Description:

(Description Provided by CVE) : Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, allows remote attackers to upload arbitrary files.

[CLOSE] OSVDB ID : 14317 - Disclosed: 2005-02-28

Description:

(Description Provided by CVE) : lnss.exe in GFI Languard Network Security Scanner 5.0 stores the username and password in memory in plaintext, which could allow local administrators to obtain domain administrator credentials.

[CLOSE] OSVDB ID : 14242 - Disclosed: 2005-02-27

Description:

phpBB contains a flaw that may allow a remote attacker to gain access to unauthorized privileges. The issue is triggered due to an error in the comparison of "sessiondata['autologinid']" and "auto_login_key". Further, phpBB does not reset the $userdata['user_level'] variable after a failed autologin. It is possible for a remote attacker to set a specially crafted cookie to change the user_id to that of an administrator resulting in a loss of integrity.

[CLOSE] OSVDB ID : 23394 - Disclosed: 2005-02-27

Description:

LinPHA contains a flaw related to the Edit_File_Info.php, Edit_File_Info_Example.php and Write_File_Info.php scripts that may allow an attacker to manipulate files without proper permission. No further details have been provided.

[CLOSE] OSVDB ID : 23395 - Disclosed: 2005-02-27

Description:

LinPHA contains a flaw related to the exif thumbnail features invoked by the get_*_thumb.php files. This may allow a remote attacker to gain access to private images. No further details have been provided.

[CLOSE] OSVDB ID : 27680 - Disclosed: 2005-02-27

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 14212 - Disclosed: 2005-02-27

Description:

Einstein contains a flaw that may lead to an unauthorized information disclosure. The issue is due to plaintext storage of passwords in the registry, which may disclose username (mail address) and passwords to local users resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 14247 - Disclosed: 2005-02-26

Description:

(Description Provided by CVE) : PHP 4 (PHP4) allows attackers to cause a denial of service (daemon crash) by using the readfile function on a file whose size is a multiple of the page size.

[CLOSE] OSVDB ID : 14273 - Disclosed: 2005-02-26

Description:

(Description Provided by CVE) : Multiple vulnerabilities in Pixel-Apes SafeHTML before 1.3.0 allow remote attackers to bypass cross-site scripting (XSS) protection via (1) "decimal HTML entities" or (2) "the \x00 symbol."

[CLOSE] OSVDB ID : 14274 - Disclosed: 2005-02-26

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 14243 - Disclosed: 2005-02-26

Description:

phpBB contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an invalid date is passed to the viewtopic.php script, which will disclose the software installation path resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 15298 - Disclosed: 2005-02-26

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 14198 - Disclosed: 2005-02-25

Description:

(Description Provided by CVE) : Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a symlink attack on the plugtmp directory.

[CLOSE] OSVDB ID : 14197 - Disclosed: 2005-02-25

Description:

Firefox contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when downloading a malformed HTML document that includes Firefox XPCOM code to perform actions that are triggered by scrollbar actions. It is possible that the flaw may allow writing to an arbitrary local file.

[CLOSE] OSVDB ID : 14138 - Disclosed: 2005-02-25

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 14137 - Disclosed: 2005-02-25

Description:

(Description Provided by CVE) : DelphiTurk FTP 1.0 stores usernames and passwords in the profile.dat file, which allows local users to gain privileges.

[CLOSE] OSVDB ID : 14577 - Disclosed: 2005-02-25

Description:

(Description Provided by CVE) : Evolution 2.0.3 allows remote attackers to cause a denial of service (application crash or hang) via crafted messages, possibly involving charsets in attachment filenames.

[CLOSE] OSVDB ID : 29045 - Disclosed: 2005-02-25

Description:

(Description Provided by CVE) : The SISCO OSI stack for Windows, as used by MMS-EASE 7.10 and earlier, AX-S4 MMS 5.01 and earlier, AX-S4 ICCP 3.0103 and earlier, and the ICCP Toolkit for MMS-EASE 4.10 and earlier, allows remote attackers to cause a denial of service (process crash) via certain network traffic, as demonstrated using a Nessus scan.

[CLOSE] OSVDB ID : 14293 - Disclosed: 2005-02-25

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 14294 - Disclosed: 2005-02-25

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 14246 - Disclosed: 2005-02-25

Description:

(Description Provided by CVE) : bsmtpd 2.3 and earlier does not properly sanitize e-mail addresses, which allows remote attackers to execute arbitrary commands.

[CLOSE] OSVDB ID : 14241 - Disclosed: 2005-02-25

Description:

(Description Provided by CVE) : cmd5checkpw, when running setuid, does not properly drop privileges before calling the execvp function, which allows local users to read the poppasswd file.

[CLOSE] OSVDB ID : 14291 - Disclosed: 2005-02-25

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 25401 - Disclosed: 2005-02-25

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 14238 - Disclosed: 2005-02-25

Description:

A REMOTE overflow exists in BadBlue http Server. The BadBlue http Server fails to validate the mfcisapicommand parameter resulting in a buffer overflow. With a specially crafted request, an attacker can cause the execution of arbitrary code resulting in a loss of integrity.

[CLOSE] OSVDB ID : 14237 - Disclosed: 2005-02-25

Description:

(Description Provided by CVE) : Directory traversal vulnerability in CIS WebServer 3.5.13 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the URL.

[CLOSE] OSVDB ID : 14239 - Disclosed: 2005-02-25

Description:

(Description Provided by CVE) : Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP GET request.

[CLOSE] OSVDB ID : 14127 - Disclosed: 2005-02-25

Description:

(Description Provided by CVE) : The Announce module in phpWebSite 0.10.0 and earlier allows remote attackers to execute arbitrary PHP code by setting the Image field to reference a PHP file whose name contains a .gif.php extension.

[CLOSE] OSVDB ID : 14563 - Disclosed: 2005-02-25

Description:

(Description Provided by CVE) : Unknown vulnerability in ftpd on HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23 allows remote authenticated users to gain "unauthorized access to files."

[CLOSE] OSVDB ID : 14134 - Disclosed: 2005-02-25

Description:

(Description Provided by CVE) : Format string vulnerability in DNA MKBold-MKItalic 0.06_1 and earlier allows remote attackers to execute arbitrary code via crafted BDF font files.

[CLOSE] OSVDB ID : 14135 - Disclosed: 2005-02-25

Description:

(Description Provided by CVE) : Format string vulnerability in DNA MKBold-MKItalic 0.06_1 and earlier allows remote attackers to execute arbitrary code via crafted BDF font files.

[CLOSE] OSVDB ID : 14240 - Disclosed: 2005-02-25

Description:

(Description Provided by CVE) : Heap-based buffer overflow in server.cpp for WebMod 0.47 allows remote attackers to cause a denial of service (crash) and execute arbitrary code via a POST request with a Content-Length that is less than the amount of data that is actually sent.

[CLOSE] OSVDB ID : 14211 - Disclosed: 2005-02-25

Description:

(Description Provided by CVE) : index.php in phpWebSite 0.10.0 and earlier allows remote attackers to obtain sensitive information via an invalid SEA_search_module parameter, which reveals the path in a PHP error message.

[CLOSE] OSVDB ID : 13810 - Disclosed: 2005-02-25

Description:

CubeCart contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cat_id', 'PHPSESSID', 'view_doc', 'product', 'session', 'catname', 'search' and 'page' variables upon submission to all scripts that include the 'settings.inc.php' file. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 14141 - Disclosed: 2005-02-25

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 14203 - Disclosed: 2005-02-25

Description:

WU-FTPD contains a flaw that may allow a remote attacker to cause a Denial of Service condition. The issue is due to the wu_fnmatch function in wu_fnmatch.c not properly sanitizing user input. With a specially crafted glob pattern combined with a large number of wildcard characters (*), an attacker can cause the service to use excessive CPU cycles and exhaust all available resources.

[CLOSE] OSVDB ID : 14213 - Disclosed: 2005-02-25

Description:

CubeCart contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker calls the information.php script with improper arguments, which will disclose the physical path of the web server resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 14214 - Disclosed: 2005-02-25

Description:

CubeCart contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker calls the language.php script with improper arguments, which will disclose the physical path of the web server resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 14215 - Disclosed: 2005-02-25

Description:

CubeCart contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker calls the list_docs.php script with improper arguments, which will disclose the physical path of the web server resulting in a loss of confidentiality.