[CLOSE] OSVDB ID : 17322 - Disclosed: 2005-05-17

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two 1.1 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the id parameter to index.php, or the (2) site_id, (3) nom, (4) email, or (5) commentaire parameters in commentaires.php.

[CLOSE] OSVDB ID : 16646 - Disclosed: 2005-05-17

Description:

Shop-Script FREE contains a flaw that may allow a remote attacker to inject arbitrary SQL queries. The issue is due to the 'categoryID' and 'ProductID' variables in the 'index.php' script not being properly sanitized and may allow a remote attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 16776 - Disclosed: 2005-05-17

Description:

A local overflow exists in the vmstat utility, distributed as part of the procps package. The 'partition' variable fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request to the '-p' argument, a malicious user can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 28015 - Disclosed: 2005-05-17

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 28014 - Disclosed: 2005-05-17

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 16621 - Disclosed: 2005-05-17

Description:

Fastream NETFile FTP/Web Server contains a flaw that may lead to an information disclosure. The problem is that the FTP server does not validate IP addresses supplied via the PORT command while in passive(PASV) mode. It is possible for a remote attacker to establish a connection between the FTP server and an arbitrary port on a third-party system, essentially conducting a port-scan. This can be used to obscure the the source of the port-scan, as well as scan internal systems that may be protected by a screening device.

[CLOSE] OSVDB ID : 18207 - Disclosed: 2005-05-16

Description:

(Description Provided by CVE) : Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow local users to gain root privileges via (1) su, (2) chsh, (3) passwd, (4) chfn, (5) dxchpwd, and (6) libc.

[CLOSE] OSVDB ID : 18808 - Disclosed: 2005-05-16

Description:

(Description Provided by CVE) : vlan_dev.c in the VLAN code for Linux kernel 2.6.8 allows remote attackers to cause a denial of service (kernel oops from null dereference) via certain UDP packets that lead to a function call with the wrong argument, as demonstrated using snmpwalk on snmpd.

[CLOSE] OSVDB ID : 16575 - Disclosed: 2005-05-16

Description:

Woltlab Burning Board contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the $email variable in the verify_email() function not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 16612 - Disclosed: 2005-05-16

Description:

SafeHTML contains a flaw that may allow a malicious user to bypass security in the quoting of HTML entrires. The issue is triggered when the _writeAttrs() function incorrectly handles specifically crafted HTML. It is possible that the flaw may allow a security bypass resulting in a loss of integrity.

[CLOSE] OSVDB ID : 16628 - Disclosed: 2005-05-16

Description:

pServ contains a flaw that may allow a malicious user to view arbitrary files on the system. The issue is due to the web server not differentiating between files and symbolic links. It is possible for a local user with access to the web server directory to create a symbolic link from a critical file on the system to a file in the web server. Visiting the link via the server will disclose the contents of the linked file resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 16629 - Disclosed: 2005-05-16

Description:

pServ contains a flaw that may lead to an unauthorized information disclosure. The issue is due to pServ only treating URLs beginning with "cgi-bin" as valid CGI script requests. By sending a crafted command such as "/somedir/../cgi-bin/file.cgi", the server will treat it as a standard request for a file and not process the CGI requested; displaying the source code instead.

[CLOSE] OSVDB ID : 16630 - Disclosed: 2005-05-16

Description:

pServ contains a flaw that allows a remote attacker to execute arbitrary commands outside of the web path. The issue is due to the server not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the URI.

[CLOSE] OSVDB ID : 16618 - Disclosed: 2005-05-16

Description:

(Description Provided by CVE) : Keyvan1 ImageGallery stores the image.mdb database under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information.

[CLOSE] OSVDB ID : 16614 - Disclosed: 2005-05-16

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke before 3.0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) register a new user page, (2) User-Agent, or (3) Username, which is not properly quoted before sending to the error log.

[CLOSE] OSVDB ID : 16615 - Disclosed: 2005-05-16

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke before 3.0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) register a new user page, (2) User-Agent, or (3) Username, which is not properly quoted before sending to the error log.

[CLOSE] OSVDB ID : 16616 - Disclosed: 2005-05-16

Description:

(Description Provided by CVE) : Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke before 3.0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) register a new user page, (2) User-Agent, or (3) Username, which is not properly quoted before sending to the error log.

[CLOSE] OSVDB ID : 16617 - Disclosed: 2005-05-16

Description:

(Description Provided by CVE) : Directory traversal vulnerability in the pnModFunc function in pnMod.php for PostNuke 0.750 through 0.760rc4 allows remote attackers to read arbitrary files via a .. (dot dot) in the func parameter to index.php.

[CLOSE] OSVDB ID : 16664 - Disclosed: 2005-05-16

Description:

JGS-Portal for Woltlab Burning Board contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when an attacker makes a direct request to a script and provides no arguments, which will disclose the installation path of the application resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 16665 - Disclosed: 2005-05-16

Description:

JGS-Portal for Woltlab Burning Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'anzahl_beitraege' variable upon submission to the jgs_portal.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 16666 - Disclosed: 2005-05-16

Description:

JGS-Portal for Woltlab Burning Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'year' variable upon submission to the jgs_portal_statistik.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 16667 - Disclosed: 2005-05-16

Description:

JGS-Portal for Woltlab Burning Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'year' variable upon submission to the jgs_portal_beitraggraf.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 16668 - Disclosed: 2005-05-16

Description:

JGS-Portal for Woltlab Burning Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'tag' variable upon submission to the jgs_portal_viewsgraf.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 16669 - Disclosed: 2005-05-16

Description:

JGS-Portal for Woltlab Burning Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'year' variable upon submission to the jgs_portal_themengraf.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 16670 - Disclosed: 2005-05-16

Description:

JGS-Portal for Woltlab Burning Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the jgs_portal_sponsor.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 16671 - Disclosed: 2005-05-16

Description:

JGS-Portal for Woltlab Burning Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the jgs_portal_box.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 16672 - Disclosed: 2005-05-16

Description:

JGS-Portal for Woltlab Burning Board contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'year' variable upon submission to the jgs_portal_mitgraf.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 16673 - Disclosed: 2005-05-16

Description:

JGS-Portal for Woltlab Burning Board contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'year' variable in the jgs_portal_statistik.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 16674 - Disclosed: 2005-05-16

Description:

JGS-Portal for Woltlab Burning Board contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'year' variable in the jgs_portal_beitraggraf.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 16675 - Disclosed: 2005-05-16

Description:

JGS-Portal for Woltlab Burning Board contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'tag' variable in the jgs_portal_viewsgraf.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 16676 - Disclosed: 2005-05-16

Description:

JGS-Portal for Woltlab Burning Board contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'year' variable in the jgs_portal_themengraf.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 16677 - Disclosed: 2005-05-16

Description:

JGS-Portal for Woltlab Burning Board contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'anzahl_beitraege' variable in the jgs_portal.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 16678 - Disclosed: 2005-05-16

Description:

JGS-Portal for Woltlab Burning Board contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'year' variable in the jgs_portal_mitgraf.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 16679 - Disclosed: 2005-05-16

Description:

JGS-Portal for Woltlab Burning Board contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'id' variable in the jgs_portal_sponsor.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 16680 - Disclosed: 2005-05-16

Description:

JGS-Portal for Woltlab Burning Board contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the Accept-Language header field in the jgs_portal_log.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 16681 - Disclosed: 2005-05-16

Description:

JGS-Portal for Woltlab Burning Board contains a flaw that may allow an attacker to inject arbitrary SQL queries. The issue is due to the 'id' variable in the jgs_portal_box.php script not being properly sanitized and may allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 16725 - Disclosed: 2005-05-16

Description:

SecurityAgent in Mac OS X contains a flaw that may allow a malicious user to bypass screensaver restrictions. The issue is triggered when opening a URL from a text input field via the contextual menu. It is possible that the flaw may allow a malicious user to launch an arbitrary application behind a locked screensaver window resulting in a loss of integrity.

[CLOSE] OSVDB ID : 16726 - Disclosed: 2005-05-16

Description:

Mac OS X contains a flaw that may lead to an unauthorized information disclosure.  The issue is due to the incorrect checking of permissions on enclosing directories without the POSIX read, but with the POSIX execute bits set for group and other, which will disclose file names in restricted directories resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 16608 - Disclosed: 2005-05-16

Description:

(Description Provided by CVE) : The pkt_ioctl function in the pktcdvd block device ioctl handler (pktcdvd.c) in Linux kernel 2.6.12-rc4 and earlier calls the wrong function before passing an ioctl to the block device, which crosses security boundaries by making kernel address space accessible from user space and allows local users to cause a denial of service and possibly execute arbitrary code, a similar vulnerability to CVE-2005-1264.

[CLOSE] OSVDB ID : 16609 - Disclosed: 2005-05-16

Description:

The Linux Kernel contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when input to the raw Device ioctl_by_bdev() function is not validated correctly. This flaw may lead to execution of arbitrary code with kernel level privileges and a loss of Integrity.