| OSVDB ID | Disclosure Date | Title |
|---|
|
15734
Description:
Toshiba ACPI BIOS contains a flaw that may allow a local denial of service. The issue is due to an error, which causes the BIOS to only check the first slot in the MBR table for a bootable partition. It is possible for a malicious user to arbitrary specify a different slot in the MBR table, which prevents the system from booting resulting in a loss of availability.
|
2005-03-29
|
Toshiba ACPI BIOS MBR Boot Order Issue
|
|
44176
Description:
Unknown / Incomplete
|
2005-03-29
|
Sun Java System Directory Server Directory Manager Password Console Change Audit Log Cleartext Disclosure
|
|
15089
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in CPG Dragonfly 9.0.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) the profile parameter to index.php or (2) the cat parameter.
|
2005-03-29
|
CPG Dragonfly CMS Coppermine Module Multiple Parameter XSS
|
|
15170
Description:
(Description Provided by CVE) : Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may allow attackers to execute arbitrary code.
|
2005-03-29
|
Midnight Commander insert_text() Function Local Overflow
|
|
23406
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in CPG Dragonfly 9.0.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) the profile parameter to index.php or (2) the cat parameter.
|
2005-03-29
|
CPG Dragonfly CMS Blogs Module id Parameter XSS
|
|
23407
Description:
(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in CPG Dragonfly 9.0.2.0 allow remote attackers to inject arbitrary web script or HTML via (1) the profile parameter to index.php or (2) the cat parameter.
|
2005-03-29
|
CPG Dragonfly CMS Your_Account Module profile Parameter XSS
|
|
15095
Description:
Horde contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input upon submission to the the parent frame's page title. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-03-29
|
Horde Parent Frame Page Title XSS
|
|
15261
Description:
SonicWALL SOHO/10 Firewall Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate query string upon submission to the webroot. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-03-29
|
SonicWALL SOHO Firewall Server XSS
|
|
15262
Description:
Some SonicWALL Firewall devices contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'uName' variables upon submission to the auth.cgi script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-03-29
|
SonicWALL SOHO Firewall username Variable Logfile Script Injection
|
|
78768
Description:
Unknown / Incomplete
|
2005-03-29
|
I2P netDB leaseSet Lookup Statistical Anonymity Attack Weakness
|
|
15091
Description:
E-Data contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the input fields upon submission to the creation of a new user. This could allow a user to create a specially crafted HTML and script code that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server when the malicious personal information is viewed, leading to a loss of integrity.
|
2005-03-29
|
E-Data Personal Information Addition XSS
|
|
15180
Description:
IRC Services contains a flaw that may allow a user to view the list of links for a nickname without identifying for the nickname. No further details have been provided.
|
2005-03-29
|
IRC Services NickServ LISTLINKS Link Disclosure
|
|
15118
Description:
FastStone 4in1 Browser contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the built-in web server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via URI.
|
2005-03-29
|
FastStone 4in1 Browser Web Server Traversal Arbitrary File Access
|
|
15121
Description:
Ublog Reload contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'msg' variable upon submission to the login.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-03-29
|
Ublog Reload login.asp msg Parameter XSS
|
|
15122
Description:
Ublog Reload contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker directly requests the ublogreload.mdb file, which will disclose the administrator login and hashed password resulting in a loss of confidentiality.
|
2005-03-29
|
Ublog Reload ublogreload.mdb Information Disclosure
|
|
15076
Description:
A buffer overflow exists in AntiGen for Domino. By submitting a very small file to the scanning engine, an attacker can cause a denial of service by exploiting the vulnerability, resulting in a loss of availability.
|
2005-03-29
|
Antigen for Domino Small File Overflow DoS
|
|
15077
Description:
Antigen for Domino contains a flaw that may allow a local denial of service. The issue is due to an unspecific error within the scanning functionality when scanning a specially crafted RAR file, and will result in loss of availability for the system.
|
2005-03-29
|
Antigen for Domino Malformed RAR File DoS
|
|
15164
Description:
Unknown / Incomplete
|
2005-03-29
|
ACPI BIOS MBR Bootable Partition Subversion DoS
|
|
15160
Description:
phpCOIN contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that user-supplied input in the 'Search For' field is not verified properly and will allow a remote attacker to inject or manipulate SQL queries.
|
2005-03-29
|
phpCOIN Search Engine SQL Injection
|
|
15161
Description:
phpCOIN contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that user-supplied input in the 'Domain Name' field when ordering a product is not verified properly and will allow a remote attacker to inject or manipulate SQL queries.
|
2005-03-29
|
phpCOIN Product Order SQL Injection
|
|
15162
Description:
phpCOIN contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that user-supplied input in the 'username' and 'email' fields when requesting a forgotten password are not verified properly and will allow a remote attacker to inject or manipulate SQL queries.
|
2005-03-29
|
phpCOIN Forgotten Password Request SQL Injection
|
|
15163
Description:
phpCOIN contains a flaw that allows a remote attacker to arbitrary access files outside of the web path. The issue is due to the 'auxpage.php' script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'page' variable.
|
2005-03-29
|
phpCOIN auxpage.php page Parameter Traversal Arbitrary File Access
|
|
15116
Description:
Linux Kernel contains a flaw that may allow a local denial of service. The issue due to load_elf_library modifing `elf_phdata' before freeing it, which will lead to a loss of availability of system.
|
2005-03-29
|
Linux Kernel load_elf_library elf_phdata Modification DoS
|
|
15117
Description:
Chatness contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'user' variable upon submission to the message.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-03-29
|
Chatness message.php user Parameter XSS
|
|
15110
Description:
Microsoft Outlook 2002 Connector for IBM Lotus Domino, allows users to save passwords locally when authenticating. If the user selects the remember password check box, the credentials will be saved locally resulting in a loss of confidentiality.
|
2005-03-28
|
Microsoft Outlook Connector for Lotus Domino Password Policy Bypass
|
|
15105
Description:
WebAPP contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote user submits a specially crafted request containing a null character '%00', which will disclose dat files used by the system resulting in a loss of confidentiality.
|
2005-03-28
|
web-app.org WebAPP Encoded Request .dat File Disclosure
|
|
15256
Description:
Linux Kernel on PPC64 or IA64 architectures contains a flaw that may allow a local or remote denial of service. The issue is triggered when a program using the is_hugepage_only_range() function calls the io_queue_init() function then exits without calling the io_queue_release() function first. This may cause a kernel panic and will result in loss of availability of the system.
|
2005-03-28
|
Linux Kernel is_hugepage_only_range() Function DoS
|
|
15092
Description:
A remote overflow exists in TinCat. TinCat has a flaw in the players logging function resulting in a buffer overflow. With a specially crafted request, an attacker can execute malicious code resulting in a loss of integrity.
|
2005-03-28
|
TinCat Network Library Player Logging Remote Overflow
|
|
15153
Description:
A remote overflow exists in The Settlers: Heritage of Kings. The Settlers: Heritage of Kings have a flaw in the players logging function resulting in a buffer overflow. With a specially crafted request, an attacker can execute malicious code resulting in a loss of integrity.
|
2005-03-28
|
The Settlers: Heritage of Kings Player Logging Remote Overflow
|
|
15154
Description:
A remote overflow exists in Sacred. Sacred has a flaw in the players logging function resulting in a buffer overflow. With a specially crafted request, an attacker can execute malicious code resulting in a loss of integrity.
|
2005-03-28
|
Sacred Player Logging Remote Overflow
|
|
15096
Description:
PhotoPost PHP Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple variables upon submission to the showgallery.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-03-28
|
PhotoPost PHP Pro showgallery.php Multiple Parameter XSS
|
|
15097
Description:
PhotoPost PHP Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'ppuser', 'sort' or 'si' variables upon submission to the showmembers.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-03-28
|
PhotoPost PHP Pro showmembers.php Multiple Parameter XSS
|
|
15098
Description:
PhotoPost PHP Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'photo' variables upon submission to the slideshow.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-03-28
|
PhotoPost PHP Pro slideshow.php photo Parameter XSS
|
|
15099
Description:
PhotoPost PHP Pro contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the 'sl' variable in the showmembers.php script is not verified properly and will allow an attacker to inject or manipulate SQL queries.
|
2005-03-28
|
PhotoPost PHP Pro showmembers.php sl Parameter SQL Injection
|
|
15100
Description:
PhotoPost PHP Pro contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the 'photo' variable in the showphoto.php script is not verified properly and will allow an attacker to inject or manipulate SQL queries.
|
2005-03-28
|
PhotoPost PHP Pro showphoto.php photo Parameter SQL Injection
|
|
15093
Description:
(Description Provided by CVE) : Heap-based buffer overflow in the env_opt_add function in telnet.c for various BSD-based Telnet clients allows remote attackers to execute arbitrary code via responses that contain a large number of characters that require escaping, which consumers more memory than allocated.
|
2005-03-28
|
Multiple Vendor Telnet env_opt_add Function Remote Overflow
|
|
15094
Description:
(Description Provided by CVE) : Buffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands.
|
2005-03-28
|
Multiple Vendor Telnet slc_add_reply Function Remote Overflow
|
|
15101
Description:
(Description Provided by CVE) : Unknown vulnerability in the Auto-Protect module in Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (system hang or crash) by triggering a scan of a certain file type.
|
2005-03-28
|
Symantec Multiple Products Auto-Protect Module Unspecified File Scanning DoS
|
|
15102
Description:
(Description Provided by CVE) : The SmartScan feature in the Auto-Protect module for Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (CPU consumption and system crash) by renaming a file on a network share.
|
2005-03-28
|
Symantec Multiple Products Auto-Protect SmartScan Network Share File DoS
|
|
15087
Description:
ACS Blog contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the [link], [mail], and [img] BBcode tags upon submission to the comments section of ACS Blog. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. The pages affected by the flaw are: add_comment.asp, admin_entry.asp, inc_editor_buttons_safari.asp, inc_functions.asp, inc_javascripts.js, popup_insert_element.asp, popup_preview.asp, user_footer.asp, user_functions.asp.
|
2005-03-28
|
ACS Blog Multiple BBcode Tag XSS
|
