| OSVDB ID | Disclosure Date | Title |
|
19258
Description:
Greymatter contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'Comment Name' field upon submission to the log file. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2005-08-31
|
Greymatter Comment Name Field Control Panel Log XSS
|
|
19143
Description:
A remote overflow exists in SlimFTPd. The 'USER' and 'PASS' commands fail to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing an overly long username and password, a remote attacker can cause the daemon to crash resulting in a loss of availability.
|
2005-08-31
|
SlimFTPd Username/Password Overflow Remote DoS
|
|
19112
Description:
(Description Provided by CVE) : PHP remote file inclusion vulnerability in lang.php in CMS Made Simple 0.10 and earlier allows remote attackers to execute arbitrary PHP code via the nls[file][vx][vxsfx] parameter.
|
2005-08-31
|
CMS Made Simple admin/lang.php CMS_ADMIN_PAGE Variable Authentication Bypass
|
|
19113
Description:
(Description Provided by CVE) : PHP remote file inclusion vulnerability in lang.php in CMS Made Simple 0.10 and earlier allows remote attackers to execute arbitrary PHP code via the nls[file][vx][vxsfx] parameter.
|
2005-08-31
|
CMS Made Simple admin/lang.php nls Parameter Remote File Inclusion
|
|
19119
Description:
A remote overflow exists in DameWare Mini Remote Control. The 'dwrcs.exe' service fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing an overly long username, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.
|
2005-08-31
|
DameWare Mini Remote Control username Remote Overflow
|
|
19120
Description:
(Description Provided by CVE) : Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as demonstrated using a PHP script on a malicious server.
|
2005-08-31
|
Simple Machines Forum (SMF) Offsite Avatar Information Disclosure
|
|
19122
Description:
DownFile contains a flaw that may allow a remote attacker to bypass authentication settings. The issue is triggered when directly requesting the 'update.php', 'del.php' and 'add_form.php' scripts, which may allow a remote attacker to gain access to administrative privileges resulting in a loss of integrity.
|
2005-08-31
|
DownFile Multiple Admin Script Direct Request Authentication Bypass
|
|
19123
Description:
DownFile contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the 'email.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-08-31
|
DownFile email.php id Parameter XSS
|
|
19124
Description:
DownFile contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-08-31
|
DownFile index.php id Parameter XSS
|
|
19125
Description:
DownFile contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the 'del.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-08-31
|
DownFile del.php id Parameter XSS
|
|
19126
Description:
DownFile contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'mode' variable upon submission to the 'add_form.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-08-31
|
DownFile add_form.php mode Parameter XSS
|
|
19086
Description:
NetWare contains a flaw that may allow a remote denial of service. The issue is triggered when handling password length in a system running CIFS.NLM component. This vulnerability is reported to be exploited by the "worm.rbot.ccc" worm, and will result in loss of availability for the platform.
|
2005-08-31
|
Novell NetWare CIFS Unspecified Remote DoS
|
|
19287
Description:
Microsoft Windows Firewall contains a flaw that may allow a malicious local user, with administrative privileges, to hide firewall ruleset information. The issue is triggered by a specially crafted Windows Firewall exception entry in the Windows Registry. It is possible that the flaw may not allow firewall exception entries to be displayed in the Windows firewall graphical user interface, resulting in a loss of integrity. The command line firewall administration tool "Netsh" is not affected by this issue
|
2005-08-31
|
Microsoft Windows Firewall Malformed Registry Entry Ruleset Exception Weakness
|
|
19166
Description:
(Description Provided by CVE) : smb4k 0.4 and other versions before 0.6.3 allows local users to read sensitive files via a symlink attack on the (1) smb4k.tmp or (2) sudoers temporary files.
|
2005-08-31
|
Smb4k smb4k.tmp Symlink Arbitrary File Access
|
|
19167
Description:
(Description Provided by CVE) : smb4k 0.4 and other versions before 0.6.3 allows local users to read sensitive files via a symlink attack on the (1) smb4k.tmp or (2) sudoers temporary files.
|
2005-08-31
|
Smb4k sudoers Symlink Arbitrary File Access
|
|
19150
Description:
(Description Provided by CVE) : Savant Web Server stores user credentials in plaintext in the Savant\Users registry key, which allows local users to gain privileges.
|
2005-08-31
|
Savant Web Server Registry Cleartext Password Disclosure
|
|
19221
Description:
(Description Provided by CVE) : Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and possibly other versions, when obtaining updates from an internal LiveUpdate server, stores sensitive information in cleartext in the Log.Liveupdate log file, which allows attackers to obtain the username and password to the internal LiveUpdate server.
|
2005-08-31
|
Symantec Anti-Virus LiveUpdate Log File Local Credential Disclosure
|
|
19108
Description:
(Description Provided by CVE) : Buffer overflow in MMClient.exe in Indiatimes Messenger 6.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long group name argument to the RenameGroup function in the MMClient.MunduMessenger.1 ActiveX object.
|
2005-08-31
|
Indiatimes Messenger MMClient.MunduMessenger ActiveX RenameGroup() Function Overflow
|
|
58828
Description:
(Description Provided by CVE) : Ariba Spend Management System sends the username and password to the server in plaintext in a POST request, which allows remote attackers to obtain sensitive information.
|
2005-08-31
|
Ariba Spend Management System POST Request Cleartext Credentials Disclosure
|
|
19088
Description:
(Description Provided by CVE) : forum_post.php in e107 0.6 allows remote attackers to post to non-existent forums by modifying the forum number.
|
2005-08-30
|
e107 forum_post.php Nonexistent Forum Post DoS
|
|
19079
Description:
Unknown / Incomplete
|
2005-08-30
|
FreeStyle Wiki Management Page Arbitrary Command Injection
|
|
19083
Description:
(Description Provided by CVE) : lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows local users to gain privileges via command line arguments.
|
2005-08-30
|
maildrop lockmail Privileged Local Command Execution
|
|
19114
Description:
FlatNuke contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'usr' parameter upon submission to the index.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2005-08-30
|
FlatNuke index.php usr Parameter XSS
|
|
19115
Description:
(Description Provided by CVE) : print.php in FlatNuke 2.5.6 allows remote attackers to obtain sensitive information (path disclosure on error) or cause a denial of service (resource consumption) via an MS-DOS device name in the news parameter to print.php, such as (1) AUX, (2) CON, (3) PRN, (4) COM1, or (5) LPT1.
|
2005-08-30
|
FlatNuke print.php news Variable MS-DOS Device Request Path Disclosure
|
|
19116
Description:
(Description Provided by CVE) : print.php in FlatNuke 2.5.6 allows remote attackers to obtain sensitive information (path disclosure on error) or cause a denial of service (resource consumption) via an MS-DOS device name in the news parameter to print.php, such as (1) AUX, (2) CON, (3) PRN, (4) COM1, or (5) LPT1.
|
2005-08-30
|
FlatNuke print.php Null Byte Resource Consumption DoS
|
|
19117
Description:
Unknown / Incomplete
|
2005-08-30
|
FlatNuke index.php Null Byte Resource Consumption DoS
|
|
19118
Description:
(Description Provided by CVE) : Directory traversal vulnerability in FlatNuke 2.5.6 and possibly earlier allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) characters in the id parameter to the read mod in index.php.
|
2005-08-30
|
FlatNuke index.php id Parameter Traversal Arbitrary File Access
|
|
19077
Description:
(Description Provided by CVE) : cosmoshop 8.10.78 and earlier stores passwords in plaintext in the database, which allows local users to obtain sensitive information.
|
2005-08-30
|
Cosmoshop Database Cleartext Password Storage
|
|
19082
Description:
(Description Provided by CVE) : Multiple stack-based buffer overflows in University of Minnesota gopher client 3.0.9 allow remote malicious servers to execute arbitrary code via (1) a long "+VIEWS:" reply, which is not properly handled in the VIfromLine function, and (2) certain arguments when launching third party programs such as a web browser from a web link, which is not properly handled in the FIOgetargv function.
|
2005-08-30
|
UMN Gopher +VIEWS: Reply VIfromLine() Function Overflow
|
|
19067
Description:
(Description Provided by CVE) : phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disable_anon_bind is set, via an HTTP request to login.php with the anonymous_bind parameter set.
|
2005-08-30
|
phpLDAPadmin Unspecified Anonymous Bind Policy Bypass
|
|
20707
Description:
(Description Provided by CVE) : db2fmp process in IBM DB2 Content Manager before 8.2 Fix Pack 10 allows local users to cause a denial of service (CPU consumption) by importing a corrupted Microsoft Excel file, aka "CORRUPTED EXEL FILE WILL CAUSE TEXT SEARCH PROCESS LOOPING."
|
2005-08-30
|
IBM DB2 Content Manager Malformed Excel File db2fmp Process DoS
|
|
24605
Description:
Help contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate unspecified parameters upon submission to the Control Panel Default Page. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2005-08-30
|
Helm Control Panel Default Page Unspecified XSS
|
|
20312
Description:
Unknown / Incomplete
|
2005-08-29
|
Sun Java System Directory Server passwordRetryCount Increment Failure
|
|
19089
Description:
Unknown / Incomplete
|
2005-08-29
|
Microsoft IE Unspecified Remote Code Execution
|
|
19068
Description:
(Description Provided by CVE) : PHP remote file inclusion vulnerability in welcome.php in phpLDAPadmin 0.9.6 and 0.9.7 allows remote attackers to execute arbitrary PHP code via the custom_welcome_page parameter.
|
2005-08-29
|
phpLDAPadmin welcome.php custom_welcome_page Variable Arbitrary File Inclusion
|
|
19732
Description:
MediaWiki contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the '<math>' tags. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2005-08-29
|
MediaWiki math Tag XSS
|
|
19733
Description:
MediaWiki contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the table syntax for extensions or <nowiki> sections. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2005-08-29
|
MediaWiki Extension / <nowiki> Table Syntax XSS
|
|
19069
Description:
(Description Provided by CVE) : client.cpp in BNBT EasyTracker 7.7r3.2004.10.27 and earlier allows remote attackers cause a denial of service (application hang) via an HTTP header containing only a ":" (colon), possibly leading to an integer signedness error due to a missing field name or value.
|
2005-08-29
|
BNBT EasyTracker client.cpp Malformed GET Request DoS
|
|
19047
Description:
SqWebMail contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate img src tags in HTML e-mails. This may allow a user to create a specially crafted e-mail that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2005-08-29
|
SqWebMail HTML Email img src Tag Arbitrary Script Insertion
|
|
19055
Description:
(Description Provided by CVE) : The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the group, which causes xntpd to run with different privileges than intended.
|
2005-08-29
|
NTP ntpd -u Group Permission Weakness
|