Weekly Vulnerabilities Reports > May 2 to 8, 2005

Overview

933 new vulnerabilities reported during this period, including 29 critical vulnerabilities and 318 high severity vulnerabilities. This weekly summary report vulnerabilities in 640 products from 436 vendors including Microsoft, Mozilla, Apple, Ethereal Group, and IBM. Vulnerabilities are notably categorized as "Improper Input Validation", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Code Injection", and "Resource Management Errors".

  • 771 reported vulnerabilities are remotely exploitables.
  • 8 reported vulnerabilities have public exploit available.
  • 5 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 929 reported vulnerabilities are exploitable by an anonymous user.
  • Microsoft has the most reported vulnerabilities, with 35 reported vulnerabilities.
  • Microsoft has the most reported critical vulnerabilities, with 3 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

29 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-05-03 CVE-2005-1452 S9Y Remote Security vulnerability in Serendipity

Serendipity before 0.8 allows Chief users to "hide plugins installed by other users."

10.0
2005-05-03 CVE-2005-1449 S9Y Remote Security vulnerability in Serendipity

Unknown vulnerability in serendipity_config_local.inc.php for Serendipity before 0.8 has unknown impact.

10.0
2005-05-03 CVE-2005-1415 Globalscape Remote Buffer Overflow vulnerability in GlobalSCAPE Secure FTP Server 3.0/3.0.2

Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows remote authenticated users to execute arbitrary code via a long FTP command.

10.0
2005-05-02 CVE-2005-1177 Usermin
Webmin
Denial-Of-Service vulnerability in Usermin

Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 causes Webmin to change permissions and ownership of configuration files, with unknown impact.

10.0
2005-05-02 CVE-2005-1131 Symantec Veritas Unspecified vulnerability in Symantec Veritas I3 Focalpoint Server 7.1

Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier has unknown attack vectors and unknown but "critical" impact.

10.0
2005-05-02 CVE-2005-1069 Scssboard Remote Security vulnerability in sCssBoard

Unknown vulnerability in sCssBoard 1.11 and earlier has unknown impact, related to "an exploit on the Profile page."

10.0
2005-05-02 CVE-2005-1037 IBM Unspecified vulnerability in IBM AIX 5.3.0

Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, allows remote attackers to gain root privileges.

10.0
2005-05-02 CVE-2005-1015 Mailenable Unspecified vulnerability in Mailenable Imapd

Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote attackers to execute arbitrary code via a long LOGIN command.

10.0
2005-05-02 CVE-2005-1009 Bakbone Remote Heap Overflow vulnerability in Bakbone Netvault 7.0/7.1

Multiple buffer overflows in BakBone NetVault 6.x and 7.x allow (1) remote attackers to execute arbitrary code via a modified computer name and length that leads to a heap-based buffer overflow, or (2) local users to execute arbitrary code via a long Name entry in the configure.cfg file.

10.0
2005-05-02 CVE-2005-0927 WEB APP ORG Remote Security vulnerability in Webapp 0.9.9/0.9.9.1/0.9.9.2

Unknown vulnerability in subs.pl for WebAPP 0.9.9 through 0.9.9.2 has unknown impact and attack vectors, probably involving shell metacharacters or ..

10.0
2005-05-02 CVE-2005-0855 Coolforum Remote Security vulnerability in CoolForum

CoolForum 0.8.1 beta and earlier allows remote attackers to obtain sensitive path information via direct requests to (1) entete.php, (2) profile_accueil.php, (3) profile_mdp.php, (4) profile_notify.php, (5) profile_options.php, (6) profile_perso.php, (7) profile_pm.php, or (8) readannonce.php, which leaks the full pathname in a PHP error message.

10.0
2005-05-02 CVE-2005-0836 SUN Remote Unauthorized Access vulnerability in Sun Java Web Start System Property Tags

Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06 allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file.

10.0
2005-05-02 CVE-2005-0768 Goodtech Systems Unspecified vulnerability in Goodtech Systems Goodtech Telnet Server 4.0/5.0

Buffer overflow in the administration web server for GoodTech Telnet Server 4.0 and 5.0, and possibly all versions before 5.0.7, allows remote attackers to execute arbitrary code via a long string to port 2380.

10.0
2005-05-02 CVE-2005-0744 Novell Remote Security vulnerability in iChain Server

The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers to hijack sessions and gain administrator privileges by (1) sniffing the connection on TCP port 51100 and replaying the authentication information or (2) obtaining and replaying the PCZQX02 authentication cookie from the browser.

10.0
2005-05-02 CVE-2005-0735 Newsscript CO UK Permissions, Privileges, and Access Controls vulnerability in Newsscript.Co.Uk Newsscript

newsscript.pl for NewsScript allows remote attackers to gain privileges by setting the mode parameter to admin.

10.0
2005-05-02 CVE-2005-0708 Dragonflybsd
Freebsd
The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 can transfer portions of kernel memory if a file is truncated while it is being sent, which could allow remote attackers to obtain sensitive information.
10.0
2005-05-02 CVE-2005-0635 Foxmail Remote vulnerability in Foxmail Email Server 2.0

Buffer overflow in Foxmail Server 2.0 allows remote attackers to execute arbitrary code via a long USER command.

10.0
2005-05-02 CVE-2005-0582 CA Unspecified vulnerability in CA License Software 0.1.0.15

Buffer overflow in Computer Associates (CA) License Client 0.1.0.15 allows remote attackers to execute arbitrary code via a long filename in a PUTOLF request.

10.0
2005-05-02 CVE-2005-0551 Microsoft Unspecified vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime System (CSRSS) process of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application that provides console window information with a long FaceName value.

10.0
2005-05-02 CVE-2005-0491 Knox Software Remote Stack-Based Buffer Overrun vulnerability in Knox Arkeia Type 77 Request

Stack-based buffer overflow in Knox Arkeia Server Backup 5.3.x allows remote attackers to execute arbitrary code via a long type 77 request.

10.0
2005-05-02 CVE-2005-0353 Safenet Remote Buffer Overflow vulnerability in Safenet Sentinel License Manager 7.2.0.2

Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel License Manager 7.2.0.2 allows remote attackers to execute arbitrary code by sending a large amount of data to UDP port 5093.

10.0
2005-05-02 CVE-2005-0339 Foxmail Remote Buffer Overflow vulnerability in Foxmail Email Server 2.0

Buffer overflow in Foxmail 2.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long MAIL FROM command.

10.0
2005-05-02 CVE-2005-0260 CA Remote Security vulnerability in CA Brightstor Arcserve Backup 11.1

Stack-based buffer overflow in the Discovery Service for BrightStor ARCserve Backup 11.1 and earlier allows remote attackers to execute arbitrary code via a long packet to UDP port 41524, which is not properly handled in a recvfrom call.

10.0
2005-05-02 CVE-2005-0194 Squid Security Bypass vulnerability in Squid

Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings.

10.0
2005-05-02 CVE-2005-0065 TCP Remote Denial Of Service vulnerability in Multiple Vendor TCP/IP Implementation ICMP

The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged (aka "TCP sequence number checking"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged "Destination Unreachable" messages, (2) blind throughput-reduction attacks with forged "Source Quench" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced.

10.0
2005-05-02 CVE-2005-0059 Microsoft Unspecified vulnerability in Microsoft products

Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.

10.0
2005-05-02 CVE-2005-0050 Microsoft Improper Input Validation vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows NT

The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, aka the "License Logging Service Vulnerability."

10.0
2005-05-02 CVE-2005-0011 KDE Unspecified vulnerability in KDE 3.3/3.3.1/3.3.2

Multiple vulnerabilities in fliccd, when installed setuid root as part of the kdeedu Kstars support for Instrument Neutral Distributed Interface (INDI) in KDE 3.3 to 3.3.2, allow local users and remote attackers to execute arbitrary code via stack-based buffer overflows.

10.0
2005-05-02 CVE-2005-0002 Gentoo Unspecified vulnerability in Gentoo Poppassd PAM 1.0

poppassd_pam 1.0 and earlier, when changing a user password, does not verify that the user entered the old password correctly, which allows remote attackers to change passwords for arbitrary users.

10.0

318 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-05-02 CVE-2005-0209 Linux Improper Input Validation vulnerability in Linux Kernel 2.6.8.1

Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via crafted IP packet fragments.

7.8
2005-05-02 CVE-2005-0970 Apple Permissions, Privileges, and Access Controls vulnerability in Apple mac OS X

Mac OS X 10.3.9 and earlier allows users to install, create, and execute setuid/setgid scripts, contrary to the intended design, which may allow attackers to conduct unauthorized activities with escalated privileges via vulnerable scripts.

7.6
2005-05-02 CVE-2005-0893 Smail Remote Security vulnerability in Smail 3.2.0.120

modes.c in smail 3.2.0.120 implements signal handlers with certain unsafe library calls, which may allow attackers to execute arbitrary code via signal handler race conditions, possibly using xmalloc.

7.6
2005-05-06 CVE-2005-1471 RSA Unspecified vulnerability in RSA Securid web Agent 5/5.2/5.3

Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 allows remote attackers to execute arbitrary code via crafted chunked-encoding data.

7.5
2005-05-05 CVE-2005-1463 Ethereal Group Remote Protocol Dissector vulnerability in Ethereal

Multiple format string vulnerabilities in the (1) DHCP and (2) ANSI A dissectors in Ethereal before 0.10.11 may allow remote attackers to execute arbitrary code.

7.5
2005-05-05 CVE-2005-1462 Ethereal Group Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Ethereal Group Ethereal

Double free vulnerability in the ICEP dissector in Ethereal before 0.10.11 may allow remote attackers to execute arbitrary code.

7.5
2005-05-05 CVE-2005-1461 Ethereal Group Remote Protocol Dissector vulnerability in Ethereal

Multiple buffer overflows in the (1) SIP, (2) CMIP, (3) CMP, (4) CMS, (5) CRMF, (6) ESS, (7) OCSP, (8) X.509, (9) ISIS, (10) DISTCC, (11) FCELS, (12) Q.931, (13) NCP, (14) TCAP, (15) ISUP, (16) MEGACO, (17) PKIX1Explitit, (18) PKIX_Qualified, (19) Presentation dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code.

7.5
2005-05-04 CVE-2005-1342 Apple Multiple vulnerability in Apple Mac OS X

The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X 10.3.9 does not cleanse terminal escape sequences, which allows remote attackers to execute arbitrary commands.

7.5
2005-05-04 CVE-2005-1340 Apple Remote Security vulnerability in Apple mac OS X 10.3.9

The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does not restrict access when it is enabled, which allows remote attackers to use the proxy.

7.5
2005-05-04 CVE-2005-1339 Apple Remote Security vulnerability in Mac OS X Server

lukemftpd in Mac OS X 10.3.9 allows remote authenticated users to escape the chroot environment by logging in with their full name.

7.5
2005-05-04 CVE-2005-1337 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 10.3.9 allows remote attackers to read and execute arbitrary scrpts with less restrictive privileges via a help:// URI.

7.5
2005-05-04 CVE-2005-1332 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

Bluetooth-enabled systems in Mac OS X 10.3.9 enables the Bluetooth file exchange service by default, which allows remote attackers to access files without the user being notified, and local users to access files via the default directory.

7.5
2005-05-04 CVE-2005-0676 Phpoutsourcing SQL-Injection vulnerability in PHPoutsourcing Zorum 3.5

index.php in Zorum 3.5 allows remote attackers to trigger an SQL error, and possibly inject arbitrary SQL commands, via the search capability.

7.5
2005-05-03 CVE-2005-1826 HP Remote Security vulnerability in HP Radia Client 3.1.0.0

Buffer overflow in HP Radia Notify Daemon 3.1.0.0 (formerly by Novadigm), and other versions including 2.x, 3.x, and 4.x, allows remote attackers to execute arbitrary code via a long file extension.

7.5
2005-05-03 CVE-2005-1825 HP Unspecified vulnerability in HP Radia Client 3.1.2.0

Multiple stack-based buffer overflows in the nvd_exec function in HP Radia Notify Daemon 3.1.2.0 (formerly by Novadigm), and other versions including 2.x, 3.x, and 4.x, allows remote attackers to execute arbitrary code via a command with crafted parameters to a RADEXECD process.

7.5
2005-05-03 CVE-2005-1451 S9Y Remote Security vulnerability in Serendipity

The media manager in Serendipity before 0.8 allows remote attackers to upload and execute arbitrary (1) .php or (2) .shtml files.

7.5
2005-05-03 CVE-2005-1450 S9Y Remote Security vulnerability in Serendipity

Unknown vulnerability in "the function used to validate path-names for uploading media" in Serendipity before 0.8 has unknown impact.

7.5
2005-05-03 CVE-2005-1447 Sitepanel Remote Security vulnerability in Sitepanel

PHP remote file inclusion vulnerability in main.php in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to execute arbitrary PHP code via the p parameter.

7.5
2005-05-03 CVE-2005-1446 Sitepanel Remote Security vulnerability in Sitepanel

SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to upload and execute arbitrary files such as PHP scripts via an attachment to a trouble ticket.

7.5
2005-05-03 CVE-2005-1439 Osticket Directory Traversal vulnerability in osTicket

Directory traversal vulnerability in attachments.php in osTicket allows remote attackers to read arbitrary files via ..

7.5
2005-05-03 CVE-2005-1438 Osticket Remote Security vulnerability in Osticket 1

PHP remote file inclusion vulnerability in main.php in osTicket allows remote attackers to execute arbitrary PHP code via the include_dir parameter.

7.5
2005-05-03 CVE-2005-1437 Osticket SQL-Injection vulnerability in Osticket 1.X

Multiple SQL injection vulnerabilities in osTicket allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to admin.php or (2) cat parameter to view.php.

7.5
2005-05-03 CVE-2005-1435 Open Webmail Unspecified vulnerability in Open Webmail Open Webmail

Open WebMail (OWM) before 2.51 20050430 allows remote authenticated users to execute arbitrary commands via shell metacharacters in a filename.

7.5
2005-05-03 CVE-2005-1434 HP Denial-Of-Service vulnerability in OpenView Network Node Manager

Multiple unknown vulnerabilities in OpenView Network Node Manager (OV NNM) 6.2, 6.4, 7.01, and 7.50 allow attackers to cause a denial of service or execute arbitrary code.

7.5
2005-05-03 CVE-2005-1429 Abczone IT SQL Injection vulnerability in Abczone.It Wwwguestbook 1.1

SQL injection vulnerability in login.asp in WWWguestbook 1.1 allows remote attackers to execute arbitrary SQL commands via the password parameter.

7.5
2005-05-03 CVE-2005-1428 Uapplication File-Upload vulnerability in Uapplication Uphotogallery

edit_image.asp in Uapplication Uphotogallery allows remote attackers to upload arbitrary files.

7.5
2005-05-03 CVE-2005-1427 Uapplication Information Disclosure vulnerability in uPhotoGallery

Uapplication Uphotogallery stores the database under the web document root, which allows remote attackers to obtain sensitive information via a direct request to uphotogallery.mdb.

7.5
2005-05-03 CVE-2005-1422 Raysoft Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to conduct administrator operations and cause a denial of service (server or camera shutdown) via a direct request to admin.html.
7.5
2005-05-03 CVE-2005-1419 Ocean12 Technologies SQL-Injection vulnerability in Ocean12 Technologies Mailing List Manager 1.06

SQL injection vulnerability in the admin login panel for Ocean12 Mailing List Manager 1.06 allows remote attackers to execute arbitrary SQL commands via the Admin_id parameter.

7.5
2005-05-03 CVE-2005-1417 Maxwebportal SQL Injection vulnerability in MaxWebPortal

Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and other versions allow remote attackers to execute arbitrary SQL commands via (1) article_popular.asp, (2) arguments to dl_popular.asp, (3) arguments to links_popular.asp, (4) arguments to pic_popular.asp, (5) article_rate.asp, (6) dl_rate.asp, (7) links_rate.asp, (8) pic_rates.asp, (9) article_toprated.asp, (10) dl_toprated.asp, (11) links_toprated.asp, (12) arguments to pic_toprated.asp, or (13) the TOPIC_ID or Forum_ID parameters to custom_link.asp.

7.5
2005-05-03 CVE-2005-1413 Envivosoft SQL Injection vulnerability in Envivosoft Envivo CMS 3.54

Multiple SQL injection vulnerabilities in enVivo!CMS allow remote attackers to execute arbitrary SQL commands and gain privileges via the (1) username or (2) password parameters to admin_login.asp, or the (3) searchstring and possibly (4) ID parameters to default.asp.

7.5
2005-05-03 CVE-2005-1412 Ecomm Unspecified vulnerability in Ecomm Professional Guestbook 3

SQL injection vulnerability in verify.asp for Ecomm Professional Guestbook 3.x allows remote attackers to execute arbitrary SQL commands via the AdminPWD parameter.

7.5
2005-05-03 CVE-2005-1409 Postgresql Privilege Escalation vulnerability in PostgreSQL Character Set Conversion

PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain character conversion functions, which allows unprivileged users to call those functions with malicious values, with unknown impact, aka the "Character conversion vulnerability."

7.5
2005-05-03 CVE-2005-1401 MTP Target Unspecified vulnerability in Mtp-Target 1.2.2

Format string vulnerability in the client for Mtp-Target 1.2.2 and earlier allows remote attackers to execute arbitrary code via game messages or other text.

7.5
2005-05-03 CVE-2005-1397 PHP Calendar SQL Injection vulnerability in PHP-Calendar Search.PHP

SQL injection vulnerability in search.php for PHP-Calendar before 0.10.3 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2005-05-03 CVE-2005-1391 Apsis Remote Buffer Overflow vulnerability in Apsis Pound 1.8.2

Buffer overflow in the add_port function in APSIS Pound 1.8.2 and earlier allows remote attackers to execute arbitrary code via a long Host HTTP header.

7.5
2005-05-03 CVE-2005-1384 Coinsoft Technologies SQL Injection vulnerability in PHPcoin 1.2/1.2.1/1.2.1B

Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to index.php, (2) phpcoinsessid parameter to login.php, (3) id, (4) dtopic_id, or (5) dcat_id to mod.php.

7.5
2005-05-03 CVE-2005-1383 Oracle Unspecified vulnerability in Oracle Application Server

The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, in Oracle Application Server allows remote attackers to bypass HTTP Server mod_access restrictions via a request to the webcache TCP port 7778.

7.5
2005-05-03 CVE-2005-1378 Oxpus SQL Injection vulnerability in Notes Module for PHPBB

SQL injection vulnerability in posting_notes.php in the notes module for phpBB allows remote attackers to execute arbitrary SQL commands via the p parameter, which is used in the $post_id variable, and other attack vectors.

7.5
2005-05-03 CVE-2005-1377 Claroline Remote Input Validation vulnerability in Claroline 1.5.3/1.6Beta/1.6Rc1

Multiple PHP remote file inclusion vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary PHP code via unknown vectors.

7.5
2005-05-03 CVE-2005-1376 Claroline Remote Input Validation vulnerability in Claroline 1.5.3/1.6Beta/1.6Rc1

Multiple directory traversal vulnerabilities in (1) document.php or (2) insertMyDoc.php in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote project administrators to upload arbitrary files.

7.5
2005-05-03 CVE-2005-1375 Claroline Remote Input Validation vulnerability in Claroline 1.5.3/1.6Beta/1.6Rc1

Multiple SQL injection vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to execute arbitrary SQL commands via (1) learningPath.php, (2) learningPathAdmin.php, (3) learnPath_details.php, (4) modules_pool.php, (5) module.php, (6) uInfo parameter in userInfo.php, or (7) exo_id parameter to exercises_details.php.

7.5
2005-05-03 CVE-2005-1373 Dream4 SQL Injection vulnerability in Dream4 Koobi CMS 4.2.3

Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi CMS 4.2.3 allow remote attackers to execute arbitrary SQL commands via the (1) q or (2) p parameters.

7.5
2005-05-03 CVE-2005-1370 HP Remote Command Execution vulnerability in HP OpenView Radia Management Portal 1.0/2.0

Unknown vulnerability in Radia Management Agent (RMA) in HP OpenView Radia Management Portal (RMP) 1.x and 2.x allows remote attackers to execute arbitrary commands via unknown vectors.

7.5
2005-05-03 CVE-2005-0157 Smartlist Unspecified vulnerability in Smartlist

The confirm add-on in SmartList 3.15 and earlier allows attackers to subscribe arbitrary e-mail addresses by using a valid cookie that specifies an address other than the address for which the cookie was assigned.

7.5
2005-05-02 CVE-2005-1364 Metalinks Remote SQL Injection vulnerability in MetaBid Auctions intAuctionID Parameter

Multiple SQL injection vulnerabilities in MetaBid Auctions allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password fields in logIn.asp, or (3) intAuctionID parameter to item.asp.

7.5
2005-05-02 CVE-2005-1363 Metalinks SQL-Injection vulnerability in Metalinks Metacart2 Payflowlink

Multiple SQL injection vulnerabilities in MetaCart 2.0 for PayFlow allow remote attackers to execute arbitrary commands via (1) intCatalogID, (2) strSubCatalogID, or (3) strSubCatalog_NAME parameter to productsByCategory.asp, (4) curCatalogID, (5) strSubCatalog_NAME, (6) intCatalogID, or (7) page parameter to productsByCategory.asp or (8) intProdID parameter to product.asp.

7.5
2005-05-02 CVE-2005-1362 Metalinks SQL-Injection vulnerability in Metalinks Metacart2 Paypal

Multiple SQL injection vulnerabilities in MetaCart 2.0 for Paypal allow remote attackers to execute arbitrary SQL commands via the (1) intProdID parameter to product.asp, (2) intCatalogID or (3) strSubCatalogID parameters to productsByCategory.asp, (4) chkText, (5) strText, (6) chkPrice, (7) intPrice, (8) chkCat, or (9) strCat parameters to searchAction.asp.

7.5
2005-05-02 CVE-2005-1361 Metalinks Remote SQL Injection vulnerability in Metalinks Metacart E-Shop 8.0

Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) intProdID parameter in product.asp or (2) strCatalog_NAME parameter to productsByCategory.asp.

7.5
2005-05-02 CVE-2005-1360 Graycms Remote File Include vulnerability in Graycms 1.1

PHP remote file inclusion vulnerability in error.php in GrayCMS 1.1 allows remote attackers to execute arbitrary PHP code by modifying the path_prefix parameter to reference a URL on a remote web server that contains the code.

7.5
2005-05-02 CVE-2005-1358 Text CGI Remote Security vulnerability in Text.Cgi

text.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.

7.5
2005-05-02 CVE-2005-1354 Forum PL Remote Security vulnerability in Forum.Pl

The forum.pl script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.

7.5
2005-05-02 CVE-2005-1351 Leif M Wright Remote Security vulnerability in ad.cgi

The ad.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument.

7.5
2005-05-02 CVE-2005-1349 Perl Buffer Overflow vulnerability in Convert-UUlib Perl Module

Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows remote attackers to execute arbitrary code via a malformed parameter to a read operation.

7.5
2005-05-02 CVE-2005-1348 Mailenable Remote Security vulnerability in MailEnable Professional

Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to execute arbitrary code via a long HTTP Authorization header.

7.5
2005-05-02 CVE-2005-1345 Squid Remote Security vulnerability in Squid

Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator.

7.5
2005-05-02 CVE-2005-1344 Apache Buffer Overflow vulnerability in Apache Http Server 2.0.52

Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument.

7.5
2005-05-02 CVE-2005-1323 Intersoft Buffer Overflow vulnerability in Intersoft Netterm 4.2.2

Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote attackers to execute arbitrary code via a long USER command.

7.5
2005-05-02 CVE-2005-1304 Citat PL The citat.pl script allows remote attackers to execute arbitrary files via shell metacharacters in the argument.
7.5
2005-05-02 CVE-2005-1302 Swsoft SQL Injection vulnerability in Swsoft Confixx 3.0.6/3.0.8/Pro3

SQL injection vulnerability in Confixx 3.08 and earlier allows remote attackers to execute arbitrary SQL commands via the "change user" field.

7.5
2005-05-02 CVE-2005-1293 Storeportal SQL-Injection vulnerability in Storeportal 2.63

Multiple SQL injection vulnerabilities in default.asp in StorePortal 2.63 allow remote attackers to execute arbitrary SQL commands via the (1) language, (2) bpic, (3) idcategory, (4) content, (5) keyword, or (6) idproduct parameter.

7.5
2005-05-02 CVE-2005-1289 E Cart Unspecified vulnerability in E-Cart 20041.1

index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) art and possibly (2) cat parameters.

7.5
2005-05-02 CVE-2005-1288 ASP Press Remote Security vulnerability in ACS Blog

inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote attackers to gain administrator privileges via the "in" value in a cookie.

7.5
2005-05-02 CVE-2005-1284 Argosoft Unspecified vulnerability in Argosoft Mail Server 1.8.7.6

The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote attackers to create arbitrary accounts, even if "Allow Creation of Accounts From the Web Interface" is disabled, via a direct HTTP POST request.

7.5
2005-05-02 CVE-2005-1238 IBM Remote Security vulnerability in Iseries As 400

By design, the built-in FTP server for iSeries AS/400 systems does not support a restricted document root, which allows attackers to read or write arbitrary files, including sensitive QSYS databases, via a full pathname in a GET or PUT request.

7.5
2005-05-02 CVE-2005-1237 China ON Site SQL Injection vulnerability in FlexPHPNews News.PHP

SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows remote attackers to execute arbitrary SQL commands via the newsid parameter.

7.5
2005-05-02 CVE-2005-1236 Duware SQL Injection vulnerability in Duware Duportal 3.1.2/3.1.2Sql

Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and 3.1.2 SQL allow remote attackers to execute arbitrary SQL commands via the (1) iChannel parameter to channel.asp or search.asp, (2) iData parameter to detail.asp or inc_rating.asp, (3) iCat parameter to detail.asp or type.asp, (4) DAT_PARENT parameter to inc_poll_voting.asp, or (5) iRate parameter to inc_rating.asp, a different set of vulnerabilities than CVE-2005-1224.

7.5
2005-05-02 CVE-2005-1232 SUN Remote Security vulnerability in SUN Java System web Proxy Server 3.6

Buffer overflow in Sun Java System Web Proxy Server (aka Sun ONE Proxy Server) 3.6 SP6 allows remote attackers to execute arbitrary code via unknown vectors.

7.5
2005-05-02 CVE-2005-1226 Coppermine Information Disclosure vulnerability in Coppermine Photo Gallery 1.3.2

Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which allows remote attackers to obtain sensitive information.

7.5
2005-05-02 CVE-2005-1225 Coppermine SQL-Injection vulnerability in Coppermine Photo Gallery 1.3.2

SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows remote attackers to execute arbitrary SQL commands via the favs parameter to (1) init.inc.php or (2) zipdownload.php.

7.5
2005-05-02 CVE-2005-1224 Duware SQL Injection vulnerability in Duware Duportal 3.4/Pro3.4/Sql3.4

Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) nChannel parameter to default.asp, cat.asp, or detail.asp, (2) the iChannel parameter to search.asp, default.asp, result.asp, cat.asp, or detail.asp (3) the iCat parameter to cat.asp or detail.asp, (4) the iData parameter to detail.asp or result.asp, the (5) POL_ID, (6) POL_PARENT, (7) POL_CATEGORY, (8) CHA_NAME, or (9) CHA_ID parameters to inc_vote.asp, or the (10) tfm_order or (11) tfm_orderby parameters to toppages.asp, a different set of vulnerabilities than CVE-2005-1236.

7.5
2005-05-02 CVE-2005-1223 Ocean12 Technologies SQL-Injection vulnerability in Ocean12 Technologies Calendar Manager PRO 1.01

Multiple SQL injection vulnerabilities in Ocean12 Calendar manager 1.01 allow remote attackers to execute arbitrary SQL commands via the Admin_id field.

7.5
2005-05-02 CVE-2005-1222 Netref Remote Security vulnerability in Netref 4.2

cat_for_gen.php in Annuaire Netref 4.2 allows remote attackers to execute arbitrary PHP code by setting the ad_direct parameter to reference cat_for_gen.php, then including the code in the m_for_racine parameter, which is then written to cat_for_gen.php.

7.5
2005-05-02 CVE-2005-1221 Ecommerce Carts SQL-Injection vulnerability in Ecommerce-Carts Ecommpro 3.0

SQL injection vulnerability in login.asp for Ecommerce-Carts EcommPro 3.0 allows remote attackers to execute arbitrary SQL commands via the password field.

7.5
2005-05-02 CVE-2005-1220 Knusperleicht Information Disclosure vulnerability in Shoutbox Script

Shoutbox SCRIPT 3.0.2 and earlier allows remote attackers to obtain sensitive information via a direct request to db/settings.dat, which displays usernames and password hashes.

7.5
2005-05-02 CVE-2005-1203 Egroupware Cross-Site Scripting and SQL Injection vulnerability in eGroupWare

Multiple SQL injection vulnerabilities in index.php in eGroupware before 1.0.0.007 allow remote attackers to execute arbitrary SQL commands via the (1) filter or (2) cats_app parameter.

7.5
2005-05-02 CVE-2005-1200 Azbb Remote Security vulnerability in Az Bulletin Board 1.0.07A/1.0.07B/1.0.07C

PHP remote file inclusion vulnerability in main_index.php in AZ Bulletin Board (AZbb) 1.0.07a through 1.0.07c allows remote attackers to execute arbitrary PHP code by modifying the (1) dir_src or (2) abs_layer parameter to reference a URL on a remote web server that contains the code.

7.5
2005-05-02 CVE-2005-1199 Infopop SQL Injection vulnerability in Infopop Ultimate Bulletin Board 6.0

SQL injection vulnerability in printthread.php in UBB.Threads allows remote attackers to execute arbitrary SQL commands via the main parameter.

7.5
2005-05-02 CVE-2005-1197 Oracle SQL-Injection vulnerability in Oracle10g Enterprise Edition

SQL injection vulnerability in the SYS.DBMS_CDC_IPUBLISH.CREATE_SCN_CHANGE_SET procedure in Oracle Database Server 10g allows remote attackers to execute arbitrary SQL commands via the CHANGE_SET_NAME parameter.

7.5
2005-05-02 CVE-2005-1196 Phpbb Group SQL-Injection vulnerability in phpBB

SQL injection vulnerability in kb.php in the Knowledge Base module for phpBB allows remote attackers to obtain sensitive information and execute SQL commands via the cat parameter.

7.5
2005-05-02 CVE-2005-1195 Mplayer
Xine
Remote Buffer Overflow vulnerability in MPlayer MMST Stream ID

Multiple heap-based buffer overflows in the code used to handle (1) MMS over TCP (MMST) streams or (2) RealMedia RTSP streams in xine-lib before 1.0, and other products that use xine-lib such as MPlayer 1.0pre6 and earlier, allow remote malicious servers to execute arbitrary code.

7.5
2005-05-02 CVE-2005-1181 Ariadne Unspecified vulnerability in Ariadne CMS 2.4

** DISPUTED ** NOTE: this issue has been disputed by the vendor.

7.5
2005-05-02 CVE-2005-1178 Oracle SQL-Injection vulnerability in Forms And Reports

SQL injection vulnerability in Oracle Forms 10g allows remote attackers to execute arbitrary SQL commands via the Query/Where feature.

7.5
2005-05-02 CVE-2005-1173 Pmsoftware Unspecified vulnerability in Pmsoftware Simple web Server 1.0

Buffer overflow in PMSoftware Simple Web Server 1.0 allows remote attackers to execute arbitrary code via a long GET request.

7.5
2005-05-02 CVE-2005-1170 Datenbank Module Unspecified vulnerability in Datenbank Module Datenbank Module

SQL injection vulnerability in mod.php in the datenbank module for phpBB allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2005-05-02 CVE-2005-1169 Mafia Authentication Bypass vulnerability in Mafia Blog 4Beta

Mafia Blog .4 BETA does not properly protect the admin directory, which allows remote attackers to execute arbitrary PHP code by using writeinfo.php to inject the code into info.php.

7.5
2005-05-02 CVE-2005-1161 Oneworldstore SQL Injection vulnerability in OneWorldStore OWAddItem.ASP

Multiple SQL injection vulnerabilities in OneWorldStore allow remote attackers to execute arbitrary SQL commands via the idProduct parameter to (1) owAddItem.asp or (2) owProductDetail.asp, (3) idCategory parameter to owListProduct.asp, or (4) bSpecials parameter to owListProduct.asp.

7.5
2005-05-02 CVE-2005-1159 Mozilla Unspecified vulnerability in Mozilla Firefox and Mozilla

The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type.

7.5
2005-05-02 CVE-2005-1157 Mozilla
Netscape
Remote Script Code Execution vulnerability in Mozilla Suite And Firefox Search Plug-In

Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to replace existing search plugins with malicious ones using sidebar.addSearchEngine and the same filename as the target engine, which may not be displayed in the GUI, which could then be used to execute malicious script, aka "Firesearching 2."

7.5
2005-05-02 CVE-2005-1156 Mozilla
Netscape
Remote Script Code Execution vulnerability in Mozilla Suite And Firefox Search Plug-In

Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 allows remote attackers to execute arbitrary script and code via a new search plugin using sidebar.addSearchEngine, aka "Firesearching 1."

7.5
2005-05-02 CVE-2005-1155 Mozilla Code Injection vulnerability in Mozilla Firefox and Mozilla

The favicon functionality in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary code via a <LINK rel="icon"> tag with a javascript: URL in the href attribute, aka "Firelinking."

7.5
2005-05-02 CVE-2005-1154 Mozilla Cross-Site Scripting vulnerability in Mozilla Suite And Firefox Global Scope Pollution

Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope pollution."

7.5
2005-05-02 CVE-2005-1153 Mozilla Multiple vulnerability Fixed in SCO OpenServer Release 5.0.7 Maintenance Pack 4 Released -

Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option.

7.5
2005-05-02 CVE-2005-1128 Virtual Hosting Control System SQL-Injection vulnerability in Virtual Hosting Control System Virtual Hosting Control System 2.2

Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via certain inputs from HTTP POST queries.

7.5
2005-05-02 CVE-2005-1117 All4Www Remote File Include vulnerability in All4Www All4Www-Homepagecreator 1.0A

PHP remote file inclusion vulnerability in index.php in All4WWW-Homepagecreator 1.0a allows remote attackers to execute arbitrary PHP code by modifying the site parameter to reference a URL on a remote web server that contains the code.

7.5
2005-05-02 CVE-2005-1114 Phpbb Group
Smartor
Multiple SQL injection vulnerabilities in album_search.php in Photo Album 2.0.53 for phpBB allow remote attackers to execute arbitrary SQL commands via the (1) mode or (2) search parameters.
7.5
2005-05-02 CVE-2005-1110 Sumus Unspecified vulnerability in Sumus 0.2.2

Stack-based buffer overflow in the RespondeHTTPPendiente function in the HTTP server for SUMUS 0.2.2 allows remote attackers to execute arbitrary code via a large packet sent to TCP port 81.

7.5
2005-05-02 CVE-2005-1109 Junkbuster Unspecified vulnerability in Junkbuster Internet Junkbuster 2.0.1/2.0.2/2.0.2R2

The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via heap corruption.

7.5
2005-05-02 CVE-2005-1101 IBM Unspecified vulnerability in IBM Lotus Domino Server 6.0.5/6.5.4

Multiple buffer overflows in Lotus Domino Server 6.0.5 and 6.5.4 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via large amounts of data in certain (1) time or (2) date fields.

7.5
2005-05-02 CVE-2005-1100 Salim Gasmi Unspecified vulnerability in Salim Gasmi GLD 1.3/1.4

Format string vulnerability in the ErrorLog function in cnf.c in Greylisting daemon (GLD) 1.3 and 1.4 allows remote attackers to execute arbitrary code via format string specifiers in data that is passed directly to syslog.

7.5
2005-05-02 CVE-2005-1093 Popup Plus Plugin Remote Buffer Overflow vulnerability in Popup Plus Plugin Popup Plus Plugin for Miranda IM 2.0.3.8

Buffer overflow in the PopUp Plus 2.0.3.8 plugin for Miranda IM, with "Use SmileyAdd Setting" enabled, allows remote attackers to execute arbitrary code.

7.5
2005-05-02 CVE-2005-1091 Maxthon Information Disclosure vulnerability in Maxthon Web Browser Plug-in API Security ID

Maxthon 1.2.0 and 1.2.1 allows remote attackers to bypass the security ID and use restricted plugin API functions via script that includes the max.src file into the source page.

7.5
2005-05-02 CVE-2005-1084 Aewebworks Unspecified vulnerability in Aewebworks Aedating 3.2

SQL injection vulnerability in sdating.php in aeDating 3.2 allows remote attackers to execute arbitrary SQL commands files via the event parameter.

7.5
2005-05-02 CVE-2005-1079 Mike DE Boer SQL injection vulnerability in index.php for zOOm Media Gallery 2.1.2 allows remote attackers to execute arbitrary SQL commands via the catid parameter.
7.5
2005-05-02 CVE-2005-1074 Radscripts Multiple vulnerability in Radscripts Radbids 2

SQL injection vulnerability in index.php for RadScripts RadBids Gold 2 allows remote attackers to execute arbitrary SQL commands via the mode parameter.

7.5
2005-05-02 CVE-2005-1062 Kerio Remote Security vulnerability in Kerio products

The administration protocol for Kerio WinRoute Firewall 6.x up to 6.0.10, Personal Firewall 4.x up to 4.1.2, and MailServer up to 6.0.8 allows remote attackers to quickly obtain passwords that are 5 characters or less via brute force methods.

7.5
2005-05-02 CVE-2005-1058 Cisco Unspecified vulnerability in Cisco IOS 12.2T/12.3/12.3T

Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile that specifies XAUTH authentication after Phase 1 negotiation, may not process certain attributes in the ISAKMP profile that specifies XAUTH, which allows remote attackers to bypass XAUTH and move to Phase 2 negotiations.

7.5
2005-05-02 CVE-2005-1057 Cisco Unspecified vulnerability in Cisco IOS 12.2T/12.3/12.3T

Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH version 6 authentication, allows remote attackers to bypass authentication via a "malformed packet."

7.5
2005-05-02 CVE-2005-1054 Moderngigabyte Unspecified vulnerability in Moderngigabyte Modernbill

PHP remote file inclusion vulnerability in news.php in ModernBill 4.3.0 and earlier allows remote attackers to execute arbitrary PHP code by modifying the DIR parameter to reference a URL on a remote web server that contains the code.

7.5
2005-05-02 CVE-2005-1048 Postnuke Software Foundation Unspecified vulnerability in Postnuke Software Foundation Postnuke 0.760Rc3

SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 allows remote attackers to execute arbitrary SQL statements via the sid parameter.

7.5
2005-05-02 CVE-2005-1046 KDE Buffer Overflow vulnerability in KDE 3.4.0

Buffer overflow in the kimgio library for KDE 3.4.0 allows remote attackers to execute arbitrary code via a crafted PCX image file.

7.5
2005-05-02 CVE-2005-1045 Centrinity Unspecified vulnerability in Centrinity Firstclass Desktop Client 8.0

OpenText FirstClass 8.0 client does not properly sanitize strings before passing them to the Windows ShellExecute API, which allows remote attackers to execute arbitrary commands via a UNC path in a bookmark.

7.5
2005-05-02 CVE-2005-1042 PHP Unspecified vulnerability in PHP

Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP before 4.3.11 may allow remote attackers to execute arbitrary code via an IFD tag that leads to a negative byte count.

7.5
2005-05-02 CVE-2005-1026 Dlman PRO
Linkz PRO
SQL Injection vulnerability in PHPBB DLMan Pro Module

Multiple SQL injection vulnerabilities in SnailSource phpBB 2.0.x mods allow remote attackers to execute arbitrary SQL commands via the (1) file_id parameter to dlman.php in DLMan Pro or (2) id parameter to links.php in Linkz Pro (aka LinksLinks Pro).

7.5
2005-05-02 CVE-2005-1018 CA Remote Buffer Overflow vulnerability in CA Brightstor Arcserve Backup 11.1

Buffer overflow in the UniversalAgent for Computer Associates (CA) BrightStor ARCserve Backup allows remote authenticated users to cause a denial of service or execute arbitrary code via an agent request to TCP port 6050 with a large argument before the option field.

7.5
2005-05-02 CVE-2005-1017 Maxwebportal SQL Injection vulnerability in Maxwebportal

SQL injection vulnerability in the Update_Events function in events_functions.asp in MaxWebPortal 1.33 and earlier allows remote attackers to execute arbitrary SQL commands via the EVENT_ID parameter, as demonstrated using events.asp.

7.5
2005-05-02 CVE-2005-1014 Mailenable Buffer Overflow vulnerability in MailEnable IMAP Authenticate Request

Buffer overflow in the IMAP service for MailEnable Enterprise 1.04 and earlier and Professional 1.54 allows remote attackers to execute arbitrary code via a long AUTHENTICATE command.

7.5
2005-05-02 CVE-2005-1011 Iatek SQL Injection vulnerability in SiteEnable

SQL injection vulnerability in content.asp in SiteEnable allows remote attackers to execute arbitrary SQL commands via the sortby parameter.

7.5
2005-05-02 CVE-2005-1005 Profitcode Unspecified vulnerability in Profitcode Payprocart 3.0

ProfitCode PayProCart 3.0 allows remote attackers to bypass authentication and gain administrative privileges to the admin control panel, as demonstrated via a direct request to adminshop/index.php with hex-encoded ..

7.5
2005-05-02 CVE-2005-1003 Profitcode Directory Traversal vulnerability in Profitcode Payprocart 3.0

Directory traversal vulnerability in index.php for ProfitCode PayProCart 3.0 allows remote attackers to include arbitrary PHP files via ..

7.5
2005-05-02 CVE-2005-0999 Francisco Burzi Unspecified vulnerability in Francisco Burzi PHP-Nuke

SQL injection vulnerability in the Top module for PHP-Nuke 6.x through 7.6 allows remote attackers to execute arbitrary SQL commands via the querylang parameter.

7.5
2005-05-02 CVE-2005-0997 Francisco Burzi Unspecified vulnerability in Francisco Burzi PHP-Nuke 7.6

Multiple SQL injection vulnerabilities in the Web_Links module for PHP-Nuke 7.6 allow remote attackers to execute arbitrary SQL commands via (1) the email or url parameters in the Add function, (2) the url parameter in the modifylinkrequestS function, (3) the orderby or min parameters in the viewlink function, (4) the orderby, min, or show parameters in the search function, or (5) the ratenum parameter in the MostPopular function.

7.5
2005-05-02 CVE-2005-0994 Early Impact Input Validation vulnerability in Early Impact Productcart 2.7

Multiple SQL injection vulnerabilities in ProductCart 2.7 allow remote attackers to execute arbitrary SQL commands via (1) the Category or resultCnt parameters to advSearch_h.asp, and possibly (2) the offset parameter to tarinasworld_butterflyjournal.asp.

7.5
2005-05-02 CVE-2005-0980 Alstrasoft Remote File Include vulnerability in Alstrasoft Epay 2.0

PHP remote file inclusion vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary PHP code by modifying the view parameter to reference a URL on a remote web server that contains the code.

7.5
2005-05-02 CVE-2005-0979 Netmanage Buffer Overflow vulnerability in Netmanage Rumba 7.3/7.4

Multiple buffer overflows in RUMBA 7.3 and earlier allow remote attackers to cause a denial of service and possibly execute arbitrary code via crafted values in a profile file, as demonstrated using a long SysName field.

7.5
2005-05-02 CVE-2005-0962 Lighthouse Development SQL Injection vulnerability in Lighthouse Development Squirrelcart 1.5.5

SQL injection vulnerability in index.php for Lighthouse Squirrelcart allows remote attackers to execute arbitrary SQL commands via the (1) crn parameter in a show action or (2) rn parameter in a show_detail action.

7.5
2005-05-02 CVE-2005-0959 Yepyep Remote CWD Argument Format String vulnerability in Yepyep Mtftpd 0.1A/0.2/0.3

Buffer overflow in the mt_do_dir function in YepYep mtftpd 0.0.3 may allow attackers to execute arbitrary code via a long path.

7.5
2005-05-02 CVE-2005-0958 Yepyep Remote CWD Argument Format String vulnerability in Yepyep Mtftpd 0.1A/0.2/0.3

Format string vulnerability in the log_do function in log.c for YepYep mtftpd 0.0.3, when the statistics option is enabled, allows remote attackers to execute arbitrary code via the CWD command.

7.5
2005-05-02 CVE-2005-0956 Interakt Unspecified vulnerability in Interakt MX Kart 1.1.2

Multiple SQL injection vulnerabilities in index.php in InterAKT MX Kart 1.1.2 allow remote attackers to execute arbitrary SQL commands via the (1) idp, (2) id_ctg, or (3) id_man parameter.

7.5
2005-05-02 CVE-2005-0955 Interakt SQL Injection vulnerability in Interakt MX Shop 1.1.1

SQL injection vulnerability in InterAKT MX Shop 1.1.1 allows remote attackers to execute arbitrary SQL commands via the id_ctg parameter.

7.5
2005-05-02 CVE-2005-0948 Iatek Input Validation vulnerability in Iatek PortalApp

SQL injection vulnerability in ad_click.asp for PortalApp allows remote attackers to execute arbitrary SQL commands via the banner_id parameter.

7.5
2005-05-02 CVE-2005-0947 Coinsoft Technologies Remote vulnerability in PHPcoin 1.2/1.2.1/1.2.1B

Directory traversal vulnerability in auxpage.php in phpCoin 1.2.1b and earlier allows remote attackers to read and execute arbitrary files via a ..

7.5
2005-05-02 CVE-2005-0944 Microsoft Unspecified vulnerability in Microsoft JET

Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll) 4.00.8618.0, related to insufficient data validation, allows remote attackers to execute arbitrary code via a crafted mdb file.

7.5
2005-05-02 CVE-2005-0935 Esmi SQL Injection vulnerability in Esmi Paypal Storefront 1.7

Multiple SQL injection vulnerabilities in ESMI PayPal Storefront allow remote attackers to execute arbitrary SQL commands via the (1) idpages parameter to pages.php or the (2) id2 parameter to products1.php.

7.5
2005-05-02 CVE-2005-0932 Coinsoft Technologies Remote vulnerability in PHPcoin 1.2/1.2.1/1.2.1B

Multiple SQL injection vulnerabilities in phpCOIN 1.2.1b and earlier allow remote attackers to execute arbitrary SQL commands (1) via the search engine, (2) the username or email fields in the "forgotten password" feature, or (3) the domain name in a package order.

7.5
2005-05-02 CVE-2005-0929 Photopost SQL injection vulnerability in PhotoPost PHP Pro 5.x may allow remote attackers to execute arbitrary SQL commands via (1) the sl parameter to showmembers.php or (2) the photo parameter to showphoto.php.
7.5
2005-05-02 CVE-2005-0920 Bugtracker NET SQL Injection vulnerability in Bugtracker.NET

Multiple SQL injection vulnerabilities in Bugtracker.NET 2.0.1 allow remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2005-05-02 CVE-2005-0917 Powerdev Remote Security vulnerability in Powerdev Encapsbb 0.3.2Fixed

PHP remote file inclusion vulnerability in index_header.php for EncapsBB 0.3.2_fixed, and possibly other versions, allows remote attackers to execute arbitrary PHP code via the root parameter.

7.5
2005-05-02 CVE-2005-0915 Webmasters Debutants Security Bypass vulnerability in Webmasters-Debutants WD Guestbook 2.8

Webmasters-Debutants WD Guestbook 2.8 allows remote attackers to bypass authentication and perform certain administrator actions via a direct HTTP POST request to (1) ajout_admin2.php or (2) suppr.php.

7.5
2005-05-02 CVE-2005-0913 Smarty Remote PHP Script Execution vulnerability in Smarty Template Engine

Unknown vulnerability in the regex_replace modifier (modifier.regex_replace.php) in Smarty before 2.6.8 allows attackers to execute arbitrary PHP code.

7.5
2005-05-02 CVE-2005-0909 Tkais Shoutbox Unspecified vulnerability in Tkais Shoutbox Tkais Shoutbox

PHP remote file inclusion vulnerability in shoutact.php for TKai's Shoutbox allows remote attackers to execute arbitrary PHP code via the query parameter.

7.5
2005-05-02 CVE-2005-0907 Valdersoft SQL-Injection vulnerability in Valdersoft Shopping Cart 3.0

Multiple SQL injection vulnerabilities in Valdersoft Shopping Cart 3.0 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to category.php, (2) the id parameter to item.php, (3) the lang parameter to index.php, (4) the searchQuery parameter to search_result.php, (5) or the searchTopCategoryID parameter to search_result.php.

7.5
2005-05-02 CVE-2005-0906 Instance Four
Sacred
UBI Soft
Remote Buffer Overflow vulnerability in Tincat Network Library

Buffer overflow in a player logging function in the Tincat network library 2.x before 2.0.28, as used in games such as Sacred and The Settlers: Heritage of Kings, allows remote attackers to execute arbitrary code.

7.5
2005-05-02 CVE-2005-0902 Nukebookmarks SQL-Injection vulnerability in Nukebookmarks 0.6

SQL injection vulnerability in marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the category parameter.

7.5
2005-05-02 CVE-2005-0897 Magicscripts Remote File Include vulnerability in Magicscripts E-Store Kit-2 Paypal

PHP remote file inclusion vulnerability in catalog.php in E-Store Kit-2 PayPal Edition allows remote attackers to execute arbitrary PHP code by modifying the menu and main parameters to reference a URL on a remote web server that contains the code.

7.5
2005-05-02 CVE-2005-0890 Dream4 SQL Injection vulnerability in Dream4 Koobi CMS 4.2.3

SQL injection vulnerability in Dream4 Koobi CMS 4.2.3 allows remote attackers to execute arbitrary SQL commands via the area parameter.

7.5
2005-05-02 CVE-2005-0884 Digitalhive Remote Security vulnerability in Digitalhive 2.0

DigitalHive 2.0 allows remote attackers to re-install the product by directly accessing the install script.

7.5
2005-05-02 CVE-2005-0882 Birdblog SQL Injection vulnerability in Birdblog 1.0.0/1.1.0

SQL injection vulnerability in admincore.php in BirdBlog before 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) userid or (2) userpw parameters.

7.5
2005-05-02 CVE-2005-0879 Vortex Portal Remote PHP File Include vulnerability in Vortex Portal Vortex Portal 2.0

PHP remote file include vulnerability in (1) content.php and (2) index.php for Vortex Portal allows remote attackers to execute arbitrary PHP code via a URL in the act parameter.

7.5
2005-05-02 CVE-2005-0868 Bosanova
IBM
Mochasoft
Powerterm
Remote Security vulnerability in Client Access

AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) IBM client access, (2) Bosanova, (3) PowerTerm, (4) Mochasoft, and possibly other emulations, allows malicious AS/400 servers to execute arbitrary commands via a STRPCO (Start PC Organizer) command followed by STRPCCMD (Start PC command), as demonstrated by creating a backdoor account using REXEC.

7.5
2005-05-02 CVE-2005-0865 Securecomputing Remote vulnerability in Securecomputing Samsung Adsl Modem Smdk8947V1.2

Samsung ADSL Modem SMDK8947v1.2 uses default passwords for the (1) root, (2) admin, or (3) user users, which allows remote attackers to gain privileges via Telnet or an HTTP request to adsl.cgi.

7.5
2005-05-02 CVE-2005-0862 Phpopenchat Remote File Include vulnerability in PHPopenchat 2.3.4/3.0.1

Multiple PHP remote file inclusion vulnerabilities in PHPOpenChat 3.0.1 and earlier allow remote attackers to execute arbitrary PHP code via the phpbb_root_path parameter to (1) poc_loginform.php or (2) phpbb/poc.php, the poc_root_path parameter to (3) phpbb/poc.php, (4) phpnuke/ENGLISH_poc.php, (5) phpnuke/poc.php, or (6) yabbse/poc.php, or (7) the sourcedir parameter to yabbse/poc.php.

7.5
2005-05-02 CVE-2005-0861 Delegate Unspecified vulnerability in Delegate

Multiple buffer overflows in DeleGate before 8.11.1 may allow attackers to cause a denial of service or execute arbitrary code, possibly due to "overflows on arrays."

7.5
2005-05-02 CVE-2005-0860 THE Rusted Gate Remote File Include vulnerability in the Rusted Gate TRG News 3.0

PHP remote file inclusion vulnerability in TRG News Script 3.0 allows remote attackers to execute arbitrary PHP code via the dir parameter to (1) article.php, (2) authorall.php, (3) comment.php, (4) display.php, or (5) displayall.php.

7.5
2005-05-02 CVE-2005-0859 Czaries Network Remote File Include vulnerability in Czaries Network Czarnews 1.13B

PHP remote file inclusion vulnerability in CzarNews 1.13b allows remote attackers to execute arbitrary PHP code via the tpath parameter to (1) headlines.php or (2) news.php.

7.5
2005-05-02 CVE-2005-0858 Coolforum Cross-Site Scripting And SQL Injection vulnerability in CoolForum

Multiple SQL injection vulnerabilities in CoolForum 0.8 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the pseudo parameter to entete.php or (2) the login parameter to register.php.

7.5
2005-05-02 CVE-2005-0856 Coolforum SQL-Injection vulnerability in CoolForum

CoolForum 0.8.1 beta and earlier allows remote attackers to manipulate SQL commands via certain requests to (1) alert.php or (2) viewip.php, possibly due to a SQL injection vulnerability.

7.5
2005-05-02 CVE-2005-0854 Betaparticle Remote vulnerability in Betaparticle Blog 2.0/3.0

betaparticle blog (bp blog), posisbly before version 4, allows remote attackers to bypass authentication and (1) upload files via a direct request to upload.asp or (2) delete files via a direct request to myFiles.asp.

7.5
2005-05-02 CVE-2005-0841 Phpmyfamily SQL Injection vulnerability in PHPmyfamily 1.4

SQL injection vulnerability in (1) people.php, (2) track.php, (3) edit.php, (4) document.php, (5) census.php, (6) passthru.php and possibly other php files in phpMyFamily 1.4.0 allows remote attackers to execute arbitrary SQL commands, as demonstrated via (1) the person parameter to people.php or (2) the Login field.

7.5
2005-05-02 CVE-2005-0838 Icecast Multiple vulnerability in Icecast 2.20

Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow attackers to cause a denial of service and possibly execute arbitrary code via (1) a long test value in an xsl:when tag, (2) a long test value in an xsl:if tag, or (3) a long select value in an xsl:value-of tag.

7.5
2005-05-02 CVE-2005-0833 Belkin Multiple vulnerability in Belkin 54G Wireless Router F5D7130

Belkin 54G (F5D7130) wireless router allows remote attackers to access restricted resources by sniffing URIs from UPNP datagrams, then accessing those URIs, which do not require authentication.

7.5
2005-05-02 CVE-2005-0830 Xzabite Unspecified vulnerability in Xzabite Dyndnsupdate 0.6.15

Multiple buffer overflows in Xzabite DYNDNSUpdate 0.6.15 and earlier, including the ipcheck function in dyndnsupdate.c, allow remote attackers who spoof a dyndns.org server to execute arbitrary code via unknown vectors.

7.5
2005-05-02 CVE-2005-0825 Lgames Unspecified vulnerability in Lgames Ltris 1.0.9

Buffer overflow in LTris before 1.0.10 allows local users to execute arbitrary code via a crafted highscores file.

7.5
2005-05-02 CVE-2005-0821 Citrix Multiple vulnerability in Citrix MetaFrame

Unknown vulnerability in Citrix MetaFrame Conferencing Manager 3.0 allows conference members to bypass organizer restrictions to control the keyboard and mouse.

7.5
2005-05-02 CVE-2005-0810 Notify Technology Multiple vulnerability in Notify Technology Notifylink Enterpriseserver

SQL injection vulnerability in NotifyLink before 3.0 allows remote attackers to execute arbitrary SQL commands via the URL.

7.5
2005-05-02 CVE-2005-0809 Notify Technology Multiple vulnerability in Notify Technology Notifylink Enterpriseserver

NotifyLink, when configured for client key retrieval, allows remote attackers to obtain AES keys via a direct request to /hwp/get.asp, then uses a weak encryption scheme (fixed byte reordering) to protect the key, which allows remote attackers to obtain the key via a brute force attack.

7.5
2005-05-02 CVE-2005-0807 Oxid Remote Heap Buffer Overflow vulnerability in Massimiliano Montoro Cain & Abel PSK Sniffer

Multiple buffer overflows in Cain & Abel before 2.67 allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via (1) an IKE packet with a large ID field that is not properly handled by the PSK sniffer filter, (2) the HTTP sniffer filter, or the (3) POP3, (4) SMTP, (5) IMAP, (6) NNTP, or (7) TDS sniffer filters.

7.5
2005-05-02 CVE-2005-0805 Subdreamer SQL Injection vulnerability in Subdreamer Light 1.0

SQL injection vulnerability in index.php in Subdreamer Light, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via certain parameters that are used as global variables, as demonstrated using the imageid parameter, which is not properly handled by imagegallery.php.

7.5
2005-05-02 CVE-2005-0800 Mcnews Unspecified vulnerability in Mcnews

PHP remote file inclusion vulnerability in install.php in mcNews 1.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the l parameter to reference a URL on a remote web server that contains the code, a different vulnerability than CVE-2005-0720.

7.5
2005-05-02 CVE-2005-0781 PHP Arena SQL Injection And Cross-Site Scripting vulnerability in PAFileDB

SQL injection vulnerability in (1) viewall.php and (2) category.php in paFileDB 3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the start parameter to pafiledb.php.

7.5
2005-05-02 CVE-2005-0775 Photopost Remote vulnerability in Photopost PHP PRO 5.0Rc3

The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does not limit the logging data that is sent to the administrator, which allows remote attackers to send large amounts of email to the administrator.

7.5
2005-05-02 CVE-2005-0770 Datarescue Unspecified vulnerability in Datarescue IDA PRO 4.7.0.830

Format string vulnerability in DataRescue Interactive Disassembler and Debugger (IDA) Pro 4.7.0.830 allows remote attackers or local users to cause a denial of service (CPU consumption or application crash) and possibly execute arbitrary code via format string specifiers in a dynamic link library (DLL) name.

7.5
2005-05-02 CVE-2005-0769 Openslp Buffer Overflow vulnerability in OpenSLP

Multiple buffer overflows in OpenSLP before 1.1.5 allow remote attackers to have an unknown impact via malformed SLP packets.

7.5
2005-05-02 CVE-2005-0764 Marc Lehmann Unspecified vulnerability in Marc Lehmann Rxvt-Unicode

Buffer overflow in command.C for rxvt-unicode before 5.3 allows remote attackers to execute arbitrary code via a crafted file containing long escape sequences.

7.5
2005-05-02 CVE-2005-0762 Imagemagick Unspecified vulnerability in Imagemagick

Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 allows remote attackers to execute arbitrary code via a crafted SGI image file.

7.5
2005-05-02 CVE-2005-0743 Xoops Remote Arbitrary PHP File Upload vulnerability in Xoops Custom Avatar

The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered.

7.5
2005-05-02 CVE-2005-0737 Yahoo Remote Buffer Overflow vulnerability in Yahoo! Messenger Offline Mode Status

Buffer overflow in Yahoo! Messenger allows remote attackers to execute arbitrary code via the offline mode.

7.5
2005-05-02 CVE-2005-0729 Techland Remote Security vulnerability in XPand Rally 1.0/1.1

Format string vulnerability in Xpand Rally 1.1.0.0 and earlier allows remote attackers to execute arbitrary code via format string specifiers in a message.

7.5
2005-05-02 CVE-2005-0726 Ubbcentral SQL-Injection vulnerability in Ubbcentral Ubb.Threads 6.0

SQL injection vulnerability in editpost.php in UBB.threads 6.0 allows remote attackers to execute arbitrary SQL commands via the Number parameter.

7.5
2005-05-02 CVE-2005-0721 Gamearena Remote Security vulnerability in Experience2

PHP remote file inclusion vulnerability in modules.php in eXPerience2 allows remote attackers to execute arbitrary PHP code by modifying the file parameter to reference a URL on a remote web server that contains the code.

7.5
2005-05-02 CVE-2005-0706 Grip Matches Buffer Overflow vulnerability in Grip CDDB Response

Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code by causing the cddb lookup to return more matches than expected.

7.5
2005-05-02 CVE-2005-0704 Ethereal Group Unspecified vulnerability in Ethereal Group Ethereal 0.10.7/0.10.8/0.10.9

Buffer overflow in the Etheric dissector in Ethereal 0.10.7 through 0.10.9 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code.

7.5
2005-05-02 CVE-2005-0679 Stadtaus Code Injection vulnerability in Stadtaus Tell A Friend Script

PHP remote file inclusion vulnerability in tell_a_friend.inc.php for Tell A Friend Script 2.7 before 20050305 allows remote attackers to execute arbitrary PHP code by modifying the script_root parameter to reference a URL on a remote web server that contains the code.

7.5
2005-05-02 CVE-2005-0678 Stadtaus Remote Security vulnerability in Form Mail Script

PHP remote file inclusion vulnerability in formmail.inc.php for Form Mail Script 2.3 and earlier allows remote attackers to execute arbitrary PHP code by modifying the script_root to reference a URL on a remote web server that contains the code.

7.5
2005-05-02 CVE-2005-0672 Ca3De Remote vulnerability in Ca3DE

Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows remote attackers to execute arbitrary code via text strings that are not null terminated, which triggers a null dereference.

7.5
2005-05-02 CVE-2005-0669 Coinsoft Technologies Remote Input Validation vulnerability in PHPcoin 1.2/1.2.1/1.2.1B

Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 through 1.2.1b allow remote attackers to execute arbitrary SQL commands via the (1) the faq_id in the faq mod, (2) the id parameter in the pages mod, (3) the id parameter in the siteinfo module, (4) the topic_id parameter in the articles module, (5) the ord_id in the orders module, (6) the dom_id parameter in the domains module, or (7) the invd_id parameter in the invoices module.

7.5
2005-05-02 CVE-2005-0663 Mercuryboard SQL-Injection vulnerability in Mercuryboard 1.1.2

SQL injection vulnerability in index.php for MercuryBoard 1.1.2 allows remote attackers to inject arbitrary SQL commands via the f parameter.

7.5
2005-05-02 CVE-2005-0661 Woltlab SQL-Injection vulnerability in Burning Board

SQL injection vulnerability in the getwbbuserdata function in session.php for Woltlab Burning Board 2.0.3 through 2.3.0 allows remote attackers to execute arbitrary SQL commands via the (1) userid or (2) lastvisit cookie.

7.5
2005-05-02 CVE-2005-0658 CMW Linklist SQL-Injection vulnerability in Cmw Linklist

SQL injection vulnerability in a third party extension to TYPO3 allows remote attackers to execute arbitrary SQL commands via the category_uid parameter.

7.5
2005-05-02 CVE-2005-0651 Projectbb SQL Injection vulnerability in Projectbb 0.4.5.1

Multiple SQL injection vulnerabilities in ProjectBB 0.4.5.1 allow remote attackers to execute arbitrary SQL commands via (1) liste or (2) desc parameters to divers.php (incorrectly referred to as "drivers.php" by some sources), (3) the search feature text area, (4) post name in the post creation feature, (5) City, (6) Homepage, (7) ICQ, (8) AOL, (9) Yahoo!, (10) MSN, or (11) e-mail fields in the profile feature or (12) the new field in the moderator section.

7.5
2005-05-02 CVE-2005-0646 PHP Arena SQL-Injection vulnerability in PHP Arena Panews 2.0.4B

SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote attackers to execute arbitrary SQL via the mysql_prefix parameter.

7.5
2005-05-02 CVE-2005-0644 Mcafee Buffer Overflow/Directory Traversal vulnerability in Mcafee Antivirus Engine 4.3.20

Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4436 allows remote attackers to execute arbitrary code via a malformed LHA file with a type 2 header file name field, a variant of CVE-2005-0643.

7.5
2005-05-02 CVE-2005-0643 Mcafee Buffer Overflow/Directory Traversal vulnerability in Mcafee Antivirus Engine 4.3.20

Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4357 allows remote attackers to execute arbitrary code via crafted LHA files.

7.5
2005-05-02 CVE-2005-0642 CA SQL-Injection vulnerability in CA Unicenter Asset Management 4.0

SQL injection vulnerability in the Query Designer for Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 allows remote attackers to execute arbitrary SQL via an imported file.

7.5
2005-05-02 CVE-2005-0634 Kmint21 Software Remote Buffer Overflow vulnerability in Kmint21 Software Golden FTP Server 1.92

Buffer overflow in Golden FTP Server 1.92 allows remote attackers to execute arbitrary code via a long USER command.

7.5
2005-05-02 CVE-2005-0617 Postnuke Software Foundation SQL-Injection vulnerability in Postnuke Software Foundation Postnuke 0.750/0.760Rc2

SQL injection vulnerability in dl-search.php in PostNuke 0.750 and 0.760-RC2 allows remote attackers to execute arbitrary SQL commands via the show parameter.

7.5
2005-05-02 CVE-2005-0615 Postnuke Software Foundation SQL-Injection vulnerability in Postnuke Software Foundation Postnuke 0.760Rc2

Multiple SQL injection vulnerabilities in (1) index.php, (2) modules.php, or (3) admin.php in PostNuke 0.760-RC2 allow remote attackers to execute arbitrary SQL code via the catid parameter.

7.5
2005-05-02 CVE-2005-0614 Phpbb Group Remote Security vulnerability in phpBB

sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie.

7.5
2005-05-02 CVE-2005-0612 Cisco Remote Default Community String vulnerability in Cisco IP/VC Videoconferencing System SNMP

Cisco IP/VC Videoconferencing System 3510, 3520, 3525 and 3530 contain hard-coded default SNMP community strings, which allows remote attackers to gain access, cause a denial of service, and modify configuration.

7.5
2005-05-02 CVE-2005-0601 Cisco Remote vulnerability in Cisco Application and Content Networking System

Cisco devices running Application and Content Networking System (ACNS) 4.x, 5.0, 5.1, or 5.2 use a default password when the setup dialog has not been run, which allows remote attackers to gain access.

7.5
2005-05-02 CVE-2005-0595 Working Resources INC Remote Buffer Overflow vulnerability in Working Resources Inc. Badblue 2.55

Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers to execute arbitrary code via a long mfcisapicommand parameter.

7.5
2005-05-02 CVE-2005-0575 Stormy Studios Remote Buffer Overflow vulnerability in Stormy Studios KNet

Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP GET request.

7.5
2005-05-02 CVE-2005-0569 Punbb Remote Input Validation vulnerability in Punbb 1.2.1

Multiple SQL injection vulnerabilities in PunBB 1.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) language parameter to register.php, (2) change email feature in profile.php, (3) posts or (4) topics parameter to moderate.php.

7.5
2005-05-02 CVE-2005-0567 Phpmyadmin Local File Include vulnerability in PHPmyadmin 2.6.1

Multiple PHP remote file inclusion vulnerabilities in phpMyAdmin 2.6.1 allow remote attackers to execute arbitrary PHP code by modifying the (1) theme parameter to phpmyadmin.css.php or (2) cfg[Server][extension] parameter to database_interface.lib.php to reference a URL on a remote web server that contains the code.

7.5
2005-05-02 CVE-2005-0565 Phpwebsite Remote Security vulnerability in Phpwebsite

The Announce module in phpWebSite 0.10.0 and earlier allows remote attackers to execute arbitrary PHP code by setting the Image field to reference a PHP file whose name contains a .gif.php extension.

7.5
2005-05-02 CVE-2005-0560 Microsoft Out-Of-Bounds Write vulnerability in Microsoft Exchange Server 2000/2003

Heap-based buffer overflow in the SvrAppendReceivedChunk function in xlsasink.dll in the SMTP service of Exchange Server 2000 and 2003 allows remote attackers to execute arbitrary code via a crafted X-LINK2STATE extended verb request to the SMTP port.

7.5
2005-05-02 CVE-2005-0554 Microsoft Unspecified vulnerability in Microsoft IE 5.01/5.5/6.0

Buffer overflow in the URL processor of Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a URL with a long hostname, aka "URL Parsing Memory Corruption Vulnerability."

7.5
2005-05-02 CVE-2005-0546 Cyrus Remote Buffer Overflow vulnerability in Cyrus IMAPD

Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow attackers to execute arbitrary code via (1) an off-by-one error in the imapd annotate extension, (2) an off-by-one error in "cached header handling," (3) a stack-based buffer overflow in fetchnews, or (4) a stack-based buffer overflow in imapd.

7.5
2005-05-02 CVE-2005-0541 Cyclades Remote Security vulnerability in Cyclades Alterpath Manager 1.2.1

consoleConnect.jsp in Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote attackers to connect to arbitrary consoles by modifying the consolename parameter.

7.5
2005-05-02 CVE-2005-0533 Trend Micro Heap Overflow vulnerability in Trend Micro VSAPI ARJ Handling

Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI before 7.510, as used in multiple Trend Micro products, allows remote attackers to execute arbitrary code via a crafted ARJ file with long header file names that modify pointers within a structure.

7.5
2005-05-02 CVE-2005-0523 Prozilla Remote Client-Side Format String vulnerability in ProZilla Initial Server Response

Format string vulnerability in ProZilla 1.3.7.3 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the Location header.

7.5
2005-05-02 CVE-2005-0501 Digipen Institute OF Technology Remote Nickname Buffer Overrun vulnerability in Digipen Institute of Technology Bontago 1.1

Buffer overflow in Bontago 1.1 and earlier allows remote attackers to execute arbitrary code via a long nickname.

7.5
2005-05-02 CVE-2005-0498 Gigafast Ethernet Information Disclosure vulnerability in Gigafast Router

Gigafast router (aka CompUSA router) allows remote attackers to gain sensitive information and bypass the login page via a direct request to backup.cfg, which reveals the administrator password in plaintext.

7.5
2005-05-02 CVE-2005-0469 Ncsa Remote Buffer Overflow vulnerability in Multiple Vendor Telnet Client LINEMODE Sub-Options

Buffer overflow in the slc_add_reply function in various BSD-based Telnet clients, when handling LINEMODE suboptions, allows remote attackers to execute arbitrary code via a reply with a large number of Set Local Character (SLC) commands.

7.5
2005-05-02 CVE-2005-0468 Ncsa Buffer Overflow vulnerability in Ncsa Telnet C

Heap-based buffer overflow in the env_opt_add function in telnet.c for various BSD-based Telnet clients allows remote attackers to execute arbitrary code via responses that contain a large number of characters that require escaping, which consumers more memory than allocated.

7.5
2005-05-02 CVE-2005-0463 INL SQL Injection vulnerability in INL Ulog-PHP 0.8/0.8.1/0.8.2

Unknown "major security flaws" in Ulog-php before 1.0, related to input validation, have unknown impact and attack vectors, probably related to SQL injection vulnerabilities in (1) host.php, (2) port.php, and (3) index.php.

7.5
2005-05-02 CVE-2005-0454 Codeworx Technologies SQL Injection vulnerability in DCP-Portal

Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the lcat, doc, or uid parameters to index.php, or (2) the mid or bid parameters to forums.php.

7.5
2005-05-02 CVE-2005-0440 Stefan Ritt Remote vulnerability in ELOG Web Logbook

ELOG before 2.5.7 allows remote attackers to bypass authentication and download a configuration file that contains a sensitive write password via a modified URL.

7.5
2005-05-02 CVE-2005-0439 Stefan Ritt Remote vulnerability in ELOG Web Logbook

Buffer overflow in the decode_post function in ELOG before 2.5.7 allows remote attackers to execute arbitrary code via attachments with long file names.

7.5
2005-05-02 CVE-2005-0437 Awstats Directory Traversal vulnerability in Awstats 6.3/6.4

Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to include arbitrary Perl modules via ..

7.5
2005-05-02 CVE-2005-0436 Awstats Remote Security vulnerability in Awstats 6.3/6.4

Direct code injection vulnerability in awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to execute portions of Perl code via the PluginMode parameter.

7.5
2005-05-02 CVE-2005-0431 Barracuda Networks Remote Security vulnerability in Barracuda Networks Barracuda Spam Firewall 3.1.10

Barracuda Spam Firewall 3.1.10 and earlier does not restrict the domains that white-listed domains can send mail to, which allows members of white-listed domains to use Barracuda as an open mail relay for spam.

7.5
2005-05-02 CVE-2005-0418 SUN Unspecified vulnerability in SUN J2Se

Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up to 1.4.2_06, on Mac OS X, allows untrusted applications to gain privileges via the value parameter of a property tag in a JNLP file.

7.5
2005-05-02 CVE-2005-0397 Imagemagick Unspecified vulnerability in Imagemagick

Format string vulnerability in the SetImageInfo function in image.c for ImageMagick before 6.0.2.5 may allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a filename argument to convert, which may be called by other web applications.

7.5
2005-05-02 CVE-2005-0390 Axel Buffer Overflow vulnerability in Axel 1.0A

Buffer overflow in the HTTP redirection capability in conn.c for Axel before 1.0b may allow remote attackers to execute arbitrary code.

7.5
2005-05-02 CVE-2005-0388 Remstats Unspecified vulnerability in Remstats 1.0.13

Unknown vulnerability in the remoteping service in remstats 1.0.13 and earlier allows remote attackers to execute arbitrary commands "due to missing input sanitising."

7.5
2005-05-02 CVE-2005-0383 Trend Micro Remote Security vulnerability in Trend Micro Control Manager 3.0Enterprise

Trend Micro Control Manager 3.0 Enterprise Edition allows remote attackers to gain privileges via a replay attack of the encrypted username and password.

7.5
2005-05-02 CVE-2005-0380 Zeroboard Remote File Include vulnerability in Zeroboard DIR Parameter

Multiple PHP remote file inclusion vulnerabilities in (1) print_category.php, (2) login.php, (3) setup.php, (4) ask_password.php, or (5) error.php in ZeroBoard 4.1pl5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the dir parameter to reference a URL on a remote web server that contains the code.

7.5
2005-05-02 CVE-2005-0377 Sergey Kiselev SQL Injection vulnerability in Sergey Kiselev Sgallery 1.01

SQL injection vulnerability in imageview.php for SGallery 1.01 allows remote attackers to execute arbitrary SQL commands via the (1) idalbum or (2) idimage parameters.

7.5
2005-05-02 CVE-2005-0368 Chipmunk Scripts SQL Injection vulnerability in CMScore

Multiple SQL injection vulnerabilities in CMScore allow remote attackers to execute arbitrary SQL commands via the (1) EntryID or (2) searchterm parameter to index.php, or (3) username parameter to authenticate.php.

7.5
2005-05-02 CVE-2005-0363 Awstats Unspecified vulnerability in Awstats 4.0/6.2

awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter.

7.5
2005-05-02 CVE-2005-0350 F Secure Remote Security vulnerability in F-Secure Anti-Virus

Heap-based buffer overflow in multiple F-Secure Anti-Virus and Internet Security products allows remote attackers to execute arbitrary code via a crafted ARJ archive.

7.5
2005-05-02 CVE-2005-0349 CA Unspecified vulnerability in CA Brightstor Arcserve Backup 11.1

The production release of the UniversalAgent for UNIX in BrightStor ARCserve Backup 11.1 contains hard-coded credentials, which allows remote attackers to access the file system and possibly execute arbitrary commands.

7.5
2005-05-02 CVE-2005-0343 Logicnow SQL Injection vulnerability in Logicnow Perldesk 1.0

SQL injection vulnerability in PerlDesk 1.x allows remote attackers to inject arbitrary SQL commands via the view parameter.

7.5
2005-05-02 CVE-2005-0338 Savant Remote Buffer Overflow vulnerability in Savant Webserver 3.1

Buffer overflow in Savant Web Server 3.1 allows remote attackers to execute arbitrary code via a long HTTP request.

7.5
2005-05-02 CVE-2005-0337 Wietse Venema
Redhat
Suse
Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.
7.5
2005-05-02 CVE-2005-0332 Ventia Remote Directory Traversal vulnerability in Ventia DeskNow Mail And Collaboration Server 2.5.12/2.5.13

Directory traversal vulnerability in DeskNow Mail and Collaboration Server 2.5.12 allows remote attackers to (1) upload and possibly execute files outside the directory via the AttachmentsKey parameter to attachment.do, as demonstrated using JSP pages, or (2) delete arbitrary files via the select_file parameter to file.do.

7.5
2005-05-02 CVE-2005-0327 PHP Arena Remote Security vulnerability in PHP Arena Pafiledb 3.1

pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute arbitrary PHP code via a modified action parameter that is used in an include statement for login.php.

7.5
2005-05-02 CVE-2005-0305 Siteman Privilege Escalation vulnerability in Siteman User Database

CRLF injection vulnerability in users.php in Siteman 1.1.10 and earlier allows remote attackers to add arbitrary users and gain privileges via the line parameter in a docreate operation.

7.5
2005-05-02 CVE-2005-0302 Comersus Open Technologies SQL-Injection vulnerability in Comersus Open Technologies Comersus Backoffice Lite 6.0/6.1

SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP header.

7.5
2005-05-02 CVE-2005-0301 Comersus Open Technologies Security Bypass vulnerability in Comersus Open Technologies Comersus Backoffice Lite 6.0/6.1

comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to bypass authentication and gain privileges via a direct request to the program.

7.5
2005-05-02 CVE-2005-0282 Mybulletinboard SQL Injection vulnerability in Mybulletinboard 1.0Rc4

SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the uid parameter.

7.5
2005-05-02 CVE-2005-0273 Photopost Input Validation vulnerability in All Enthusiast PhotoPost Classifieds

Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) ppuser parameter.

7.5
2005-05-02 CVE-2005-0272 Photopost Remote Security vulnerability in Photopost Reviewpost PHP PRO 1.0.2/2.5

ReviewPost PHP Pro before 2.84 allows remote attackers to upload and execute arbitrary PHP files by posting a review file with multiple extensions, which bypasses the intended restrictions.

7.5
2005-05-02 CVE-2005-0269 SIR Unspecified vulnerability in SIR Gnuboard

The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters.

7.5
2005-05-02 CVE-2005-0267 Flatnuke Unspecified vulnerability in Flatnuke 2.5.1

index.php in FlatNuke 2.5.1 allows remote attackers to create an administrator account via carriage returns and #10 in the url_avatar field, which is interpreted as a sensitive directive.

7.5
2005-05-02 CVE-2005-0265 OWL Cross-Site Scripting and SQL Injection vulnerability in OWL Intranet Engine 0.7/0.8

Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to execute arbitrary SQL commands via the (1) parent or (2) sortposted parameter.

7.5
2005-05-02 CVE-2005-0252 Biborb Input Validation vulnerability in Biborb 1.3.2

SQL injection vulnerability in BibORB 1.3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password.

7.5
2005-05-02 CVE-2005-0248 SUN Unspecified vulnerability in SUN Solaris and Sunos

The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when creating user accounts that are configured for password aging, creates the accounts with a blank password, which allows remote or local attackers to break into those accounts.

7.5
2005-05-02 CVE-2005-0239 Squirrelmail Unspecified vulnerability in Squirrelmail S Mime Plugin 0.4/0.5

viewcert.php in the S/MIME plugin 0.4 and 0.5 for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the cert parameter.

7.5
2005-05-02 CVE-2005-0217 Invision Power Services SQL Injection vulnerability in Invision Power Services Invision Community Blog 1.0

SQL injection vulnerability in index.php in Invision Community Blog allows remote attackers to execute arbitrary SQL commands via the eid parameter.

7.5
2005-05-02 CVE-2005-0211 Squid Cache
Debian
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter.

7.5
2005-05-02 CVE-2005-0200 Tiki Improper Input Validation vulnerability in Tiki Tikiwiki Cms/Groupware 1.6.1

TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2004-1386.

7.5
2005-05-02 CVE-2005-0199 Ngircd Remote Buffer Overflow vulnerability in ngIRCd

Integer underflow in the Lists_MakeMask() function in lists.c in ngIRCd before 0.8.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MODE line that causes an incorrect length calculation, which leads to a buffer overflow.

7.5
2005-05-02 CVE-2005-0198 University OF Washington Remote Authentication Bypass vulnerability in University Of Washington IMAP Server CRAM-MD5

A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users.

7.5
2005-05-02 CVE-2005-0187 Athoc Remote Code Execution vulnerability in AtHoc ToolBar

Stack-based buffer overflow in the SetSkin function in AtHoc toolbar allows remote attackers to execute arbitrary code via a long skin name.

7.5
2005-05-02 CVE-2005-0185 Mnet Soft Factory Buffer Overflow vulnerability in Mnet Soft Factory Nodemanager Professional 2.00

Stack-based buffer overflow in NodeManager Professional 2.00 allows remote attackers to execute arbitrary commands via a LinkDown-Trap packet that contains a long OCTET-STRING in the Trap variable-bindings field.

7.5
2005-05-02 CVE-2005-0173 Squid Authentication Bypass vulnerability in Squid Proxy squid_ldap_auth

squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.

7.5
2005-05-02 CVE-2005-0158 Bidwatcher Unspecified vulnerability in Bidwatcher

Format string vulnerability in bidwatcher before 1.3.17 allows remote malicious web servers from eBay, or a spoofed eBay server, to cause a denial of service and possibly execute arbitrary code via certain responses.

7.5
2005-05-02 CVE-2005-0147 Mozilla Unspecified vulnerability in Mozilla Firefox and Mozilla

Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials.

7.5
2005-05-02 CVE-2005-0140 Peid Remote Buffer Overflow vulnerability in Peid 0.92

Buffer overflow in PeID allows attackers to execute arbitrary code via a PE file with an Import Address Table containing a long import library name.

7.5
2005-05-02 CVE-2005-0126 Apple Remote Buffer Overflow vulnerability in Apple ColorSync ICC Header

ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute arbitrary code via malformed ICC color profiles that modify the heap.

7.5
2005-05-02 CVE-2005-0089 Python Software Foundation Unspecified vulnerability in Python Software Foundation Python

The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes.

7.5
2005-05-02 CVE-2005-0088 Apache Information Disclosure vulnerability in Apache mod_python Module Publisher Handler

The publisher handler for mod_python 2.7.8 and earlier allows remote attackers to obtain access to restricted objects via a crafted URL.

7.5
2005-05-02 CVE-2005-0086 Redhat Unspecified vulnerability in Redhat Enterprise Linux and Enterprise Linux Desktop

Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file, as demonstrated using the UTF-8 locale.

7.5
2005-05-02 CVE-2005-0084 Ethereal Group Dissector vulnerability in Multiple Ethereal

Buffer overflow in the X11 dissector in Ethereal 0.8.10 through 0.10.8 allows remote attackers to execute arbitrary code via a crafted packet.

7.5
2005-05-02 CVE-2005-0064 Xpdf Unspecified vulnerability in Xpdf

Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.

7.5
2005-05-02 CVE-2005-0063 Microsoft Remote Code Execution vulnerability in Microsoft Windows Shell

The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.

7.5
2005-05-02 CVE-2005-0057 Microsoft Buffer Overflow vulnerability in Microsoft Windows Hyperlink Object Library

The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link that triggers an "unchecked buffer" in the library, possibly due to a buffer overflow.

7.5
2005-05-02 CVE-2005-0055 Microsoft Unspecified vulnerability in Microsoft IE 5.0.1/5.5/6.0

Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability."

7.5
2005-05-02 CVE-2005-0053 Microsoft Unspecified vulnerability in Microsoft products

Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."

7.5
2005-05-02 CVE-2005-0051 Microsoft Remote Information Disclosure vulnerability in Microsoft Windows Named Pipe

The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows remote attackers to obtain sensitive information (users who are accessing resources) via an anonymous logon using a named pipe, which is not properly authenticated, aka the "Named Pipe Vulnerability."

7.5
2005-05-02 CVE-2005-0048 Microsoft Unspecified vulnerability in Microsoft Windows 2000 and Windows XP

Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."

7.5
2005-05-02 CVE-2005-0045 Microsoft Remote Buffer Overflow vulnerability in Microsoft Windows Server Message Block Handlers

The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the "Server Message Block Vulnerability," and as demonstrated using Trans2 FIND_FIRST2 responses with large file name length fields.

7.5
2005-05-02 CVE-2005-0044 Microsoft Unspecified vulnerability in Microsoft products

The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability."

7.5
2005-05-02 CVE-2005-0043 Apple Buffer Overflow vulnerability in Apple Itunes 4.7

Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute arbitrary code via a long URL in (1) .m3u or (2) .pls playlist files.

7.5
2005-05-02 CVE-2005-0015 Crosswire Bible Society Unspecified vulnerability in Crosswire Bible Society Sword 1.5.7A

diatheke.pl in Sword 1.5.7a allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

7.5
2005-05-02 CVE-2005-0014 Ncpfs Remote vulnerability in NCPFS

Buffer overflow in ncplogin in ncpfs before 2.2.6 allows remote malicious NetWare servers to execute arbitrary code on the NetWare client.

7.5
2005-05-02 CVE-2005-0012 Dillo Unspecified vulnerability in Dillo web Browser

Format string vulnerability in the a_Interface_msg function in Dillo before 0.8.3-r4 allows remote attackers to execute arbitrary code via format string specifiers in a web page.

7.5
2005-05-02 CVE-2005-0005 Graphicsmagick
Imagemagick
SGI
Debian
Gentoo
Suse
Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.
7.5
2005-05-04 CVE-2005-1335 Apple Local Security vulnerability in Mac OS X Server

Unknown vulnerability in Mac OS X 10.3.9 allows local users to gain privileges via (1) chfn, (2) chpass, and (3) chsh, which "use external helper programs in an insecure manner."

7.2
2005-05-04 CVE-2005-0594 Apple Unspecified vulnerability in Apple mac OS X Server 10.3.9

Buffer overflow in the Netinfo Setup Tool (NeST) allows local users to execute arbitrary code.

7.2
2005-05-03 CVE-2005-1395 Swlink Buffer overflow in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier may allow local users to gain privileges via a long (1) XAPPLRESLANGPATH or (2) XAPPLRESDIR environment variable, or (3) command line argument.
7.2
2005-05-03 CVE-2005-1394 Esri Unspecified vulnerability in Esri Arcgis and Arcinfo Workstation

Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 allows local users to gain privileges via format string specifiers in the ARCHOME environment variable to (1) wservice or (2) lockmgr.

7.2
2005-05-03 CVE-2005-1387 Kristofer Szymanski Unspecified vulnerability in Kristofer Szymanski Cocktail 3.5.4

Cocktail 3.5.4 and possibly earlier in Mac OS X passes the administrative password on the command line to sudo in cleartext, which allows local users to gain sensitive information by running listing processes.

7.2
2005-05-03 CVE-2005-1371 Bulletproof Local Privilege Escalation vulnerability in Bulletproof FTP Server 2.4.0.31

BPFTPServer service in BulletProof FTP Server 2.4.0.31 does not properly drop privileges before opening files through the Help menu, which allows local users to gain privileges.

7.2
2005-05-03 CVE-2005-1343 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

Stack-based buffer overflow in the VPN daemon (vpnd) for Mac OS X before 10.3.9 allows local users to execute arbitrary code via a long -i (Server_id) argument.

7.2
2005-05-02 CVE-2005-1092 Light Speed Technology Local Authentication Credentials Disclosure vulnerability in Light Speed Technologies DeluxeFTP

Lightspeed DeluxeFTP 6.01 stores usernames and passwords in plaintext in sites.xml, which is world-readable, which allows local users to gain privileges.

7.2
2005-05-02 CVE-2005-1088 Dameware Development Privilege Escalation vulnerability in Dameware Development Mini Remote Control and NT Utilities

Unknown vulnerability in DameWare NT Utilities 4.8 and earlier, and Mini Remote Control 4.8 and earlier, allows local users to gain additional rights.

7.2
2005-05-02 CVE-2005-1040 Novell Unspecified vulnerability in Novell Linux Desktop 9

Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop 9 allow local users to gain root privileges, related to "User input [being] passed to network scripts without verification."

7.2
2005-05-02 CVE-2005-1036 Freebsd Unspecified vulnerability in Freebsd

FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, which allows local users to bypass intended access restrictions to cause a denial of service, obtain sensitive information, and possibly gain privileges.

7.2
2005-05-02 CVE-2005-1019 Aeon Local Security vulnerability in Aeon

Buffer overflow in the getConfig function in Aeon 0.2a and earlier allows local users to gain privileges via a long HOME environment variable.

7.2
2005-05-02 CVE-2005-0867 Linux Unspecified vulnerability in Linux Kernel 2.6.0

Integer overflow in Linux kernel 2.6 allows local users to overwrite kernel memory by writing to a sysfs file.

7.2
2005-05-02 CVE-2005-0839 Linux Unspecified vulnerability in Linux Kernel

Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE line discipline for a TTY, which allows local users to gain privileges by injecting mouse or keyboard events into other user sessions.

7.2
2005-05-02 CVE-2005-0816 SUN Local Buffer Overflow vulnerability in Sun Solaris NewGRP

Buffer overflow in newgrp in Solaris 7 through 9 allows local users to gain root privileges.

7.2
2005-05-02 CVE-2005-0707 Ipswitch Buffer Overflow vulnerability in Ipswitch Collaboration Suite IMail Server IMAP EXAMINE Argument

Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch Collaboration Suite (ICS) before 8.15 Hotfix 1 allows remote authenticated users to execute arbitrary code via a long EXAMINE command.

7.2
2005-05-02 CVE-2005-0545 Microsoft Unspecified vulnerability in Microsoft Windows 2000 and Windows XP

Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running Active Directory allow local users to bypass group policies that restrict access to hidden drives by using the browse feature in Office 10 applications such as Word or Excel, or using a flash drive.

7.2
2005-05-02 CVE-2005-0497 ADP Local Security vulnerability in Elite System Max 9000

ADP Elite System Max 9000 allows remote authenticated users to gain privileges by uploading a .profile that sets the ADPROOT environment variable to the root directory.

7.2
2005-05-02 CVE-2005-0457 Opera Software Local Security vulnerability in Opera Web Browser

Opera 7.54 and earlier on Gentoo Linux uses an insecure path for plugins, which could allow local users to gain privileges by inserting malicious libraries into the PORTAGE_TMPDIR (portage) temporary directory.

7.2
2005-05-02 CVE-2005-0385 Frank Mcingvale Local Buffer Overflow vulnerability in Frank Mcingvale Luxman 0.41/0.4117

Buffer overflow in luxman before 0.41, if used with certain insecure svgalib libraries, allows local users to execute arbitrary code via a long -f command line argument.

7.2
2005-05-02 CVE-2005-0322 Icewarp
Merak
Local Security vulnerability in Mail Server

MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server 7.6.4r with Icewarp Mail Server 5.3.2 uses weak encryption in the (1) users.cfg, (2) settings.cfg, (3) users.dat or (4) user.dat files, which allows local users to extract the passwords.

7.2
2005-05-02 CVE-2005-0263 IBM Local Buffer Overflow vulnerability in IBM AIX 5.1/5.2/5.3

Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -O argument.

7.2
2005-05-02 CVE-2005-0262 IBM Local Buffer Overflow vulnerability in IBM AIX 5.1/5.2/5.3

Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -d argument.

7.2
2005-05-02 CVE-2005-0250 IBM Local Format String vulnerability in IBM AIX 5.1/5.2/5.3

Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via format string specifiers in a command line argument.

7.2
2005-05-02 CVE-2005-0240 IBM Unspecified vulnerability in IBM AIX 5.2

Format string vulnerability in chdev on IBM AIX 5.2 allows local users to execute arbitrary code via format string specifiers in a command line argument, which is not properly handled when printing an error message.

7.2
2005-05-02 CVE-2005-0183 Squirrelmail Unspecified vulnerability in Squirrelmail Vacation Plugin

ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allows local users to execute arbitrary commands via shell metacharacters in a command line argument.

7.2
2005-05-02 CVE-2005-0125 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop privileges, which allows local users to (1) delete arbitrary files via atrm, (2) execute arbitrary programs via the -f argument to batch, or (3) read arbitrary files via the -f argument to batch, which generates a job file that is readable by the local user.

7.2
2005-05-02 CVE-2005-0091 Redhat Multiple vulnerability in Red Hat Enterprise Linux Kernel

Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when using the hugemem kernel, allows local users to read and write to arbitrary kernel memory and gain privileges via certain syscalls.

7.2
2005-05-02 CVE-2005-0076 Debian Unspecified vulnerability in Debian Linux 3.0

Multiple buffer overflows in the XView library 3.2 may allow local users to execute arbitrary code via setuid applications that use the library.

7.2
2005-05-02 CVE-2005-0070 Synaesthesia Local File Disclosure vulnerability in Synaesthesia

Synaesthesia 2.1 and earlier, and possibly other versions, when installed setuid root, does not drop privileges before processing configuration and mixer files, which allows local users to read arbitrary files.

7.2
2005-05-02 CVE-2005-0061 Microsoft Unspecified vulnerability in Microsoft products

The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.

7.2
2005-05-02 CVE-2005-0060 Microsoft Unspecified vulnerability in Microsoft products

Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application.

7.2
2005-05-02 CVE-2005-0047 Microsoft Unspecified vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability."

7.2
2005-05-02 CVE-2005-0021 University OF Cambridge Unspecified vulnerability in University of Cambridge Exim 4.41/4.42

Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.

7.2
2005-05-02 CVE-2005-0013 Ncpfs Remote vulnerability in NCPFS

nwclient.c in ncpfs before 2.2.6 does not drop root privileges before executing utilities using the NetWare client functions, which allows local users to gain privileges.

7.2
2005-05-02 CVE-2005-1021 Cisco Resource Management Errors vulnerability in Cisco IOS

Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when authenticating against a TACACS+ server, allows remote attackers to cause a denial of service (memory consumption) via an incorrect username or password.

7.1
2005-05-02 CVE-2005-1020 Cisco Improper Authentication vulnerability in Cisco IOS

Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote attackers to cause a denial of service (device reload) (1) via a username that contains a domain name when using a TACACS+ server to authenticate, (2) when a new SSH session is in the login phase and a currently logged in user issues a send command, or (3) when IOS is logging messages and an SSH session is terminated while the server is sending data.

7.1
2005-05-02 CVE-2005-0449 Linux Improper Input Validation vulnerability in Linux Kernel

The netfilter/iptables module in Linux before 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) or bypass firewall rules via crafted packets, which are not properly handled by the skb_checksum_help function.

7.1

495 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-05-02 CVE-2005-0001 Linux
Redhat
Trustix
Local Privilege Escalation vulnerability in Linux Kernel Symmetrical Multiprocessing Page Fault

Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor machines, allows local users to execute arbitrary code via concurrent threads that share the same virtual memory space and simultaneously request stack expansion.

6.9
2005-05-03 CVE-2005-1448 S9Y HTML Injection vulnerability in S9Y Serendipity BBCode Plugin

Cross-site scripting (XSS) vulnerability in the BBCode plugin for Serendipity before 0.8 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

6.8
2005-05-03 CVE-2005-1444 Sitepanel Cross-Site Scripting vulnerability in Sitepanel

Multiple cross-site scripting (XSS) vulnerabilities in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to inject arbitrary web script or HTML via (1) the v, show, or sec_name parameters to main.php, (2) the inadmin, newsev, or postid parameters to 5.php, or (3) the id parameter to 0.php.

6.8
2005-05-03 CVE-2005-1443 Invision Power Services Cross-Site Scripting vulnerability in Invision Power Board

Multiple cross-site scripting (XSS) vulnerabilities in index.php for Invision Power Board (IPB) 2.0.3 and 2.1 Alpha 2 allows remote attackers to inject arbitrary web script or HTML via the (1) act, (2) Members, (3) calendar, or (4) HID parameters.

6.8
2005-05-03 CVE-2005-1440 Codetosell Cross-Site Scripting and HTML Injection vulnerability in Codetosell Viart Shop Enterprise 2.1.6

Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop Enterprise 2.1.6 allow remote attackers to inject arbitrary web script or HTML via (1) various parameters to basket.php, (2) the nickname, email, topic, and message fields in forum.php, as demonstrated using forum_new_thread.php and forum_thread.php, (3) the page parameter to page.php, (4) category_id and item_id parameters to reviews.php, (5) the category_id parameter to product_details.php, (6) the category_id or search_string parameters to products.php, or (7) the rp or page parameters to news_view.php.

6.8
2005-05-03 CVE-2005-1436 Osticket Cross-Site Scripting vulnerability in Osticket 1.2.7/1.3.0

Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow remote attackers to inject arbitrary web script or HTML via (1) the t parameter to view.php, (2) the osticket_title parameter to header.php, (3) the em parameter to admin_login.php, (4) the e parameter to user_login.php, (5) the err parameter to open_submit.php, or (6) the name and subject fields when adding a ticket.

6.8
2005-05-03 CVE-2005-1403 Just Williams Cross-Site Scripting vulnerability in Just William's Amazon Webstore Closeup.PHP Image Parameter

Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's Amazon Webstore 04050100 allow remote attackers to inject arbitrary web script or HTML via the (1) image parameter to closeup.php, the (2) currentIsExpanded or (3) searchFor parameters to index.php, (4) the currentNumber parameter to software_CAD_Technical_60002_uk.htm, or (5) a cookie.

6.8
2005-05-03 CVE-2005-1381 Oracle Cross-Site Scripting vulnerability in Oracle Application Server 9i Webcache Cache_dump_file

Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache 9i allow remote attackers to inject arbitrary web script or HTML via the (1) cache_dump_file or (2) PartialPageErrorPage parameter.

6.8
2005-05-03 CVE-2005-1380 BEA Cross-Site Scripting vulnerability in BEA Weblogic Server 8.1

Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 allows remote attackers to execute arbitrary web script or HTML via the server parameter to a JndiFramesetAction action.

6.8
2005-05-03 CVE-2005-1374 Claroline Remote Input Validation vulnerability in Claroline 1.5.3/1.6Beta/1.6Rc1

Multiple cross-site scripting (XSS) vulnerabilities in Claroline 1.5.3 through 1.6 Release Candidate 1, and possibly Dokeos, allow remote attackers to inject arbitrary web script or HTML via (1) exercise_result.php, (2) exercice_submit.php, (3) agenda.php, (4) learningPathList.php, (5) learningPathAdmin.php, (6) learningPath.php, (7) userLog.php, (8) tool parameter to toolaccess_details.php, (9) data parameter to user_access_details.php, or (10) coursePath parameter to myagenda.php.

6.8
2005-05-02 CVE-2005-1202 Egroupware Cross-Site Scripting and SQL Injection vulnerability in eGroupWare

Multiple cross-site scripting (XSS) vulnerabilities in eGroupware before 1.0.0.007 allow remote attackers to inject arbitrary web script or HTML via the (1) ab_id, (2) page, (3) type, or (4) lang parameter to index.php or (5) category_id parameter.

6.8
2005-05-02 CVE-2005-1186 Musicmatch Cross-Site Scripting vulnerability in Jukebox

Musicmatch Jukebox 10.00.2047 and earlier adds the musicmatch.com domain to the Trusted Sites zone in Internet Explorer, which allows systems in the domain to conduct unauthorized activities, as demonstrated using cross-site scripting (XSS) attacks.

6.8
2005-05-02 CVE-2005-1102 Wordpress Cross-Site Scripting vulnerability in WordPress

Multiple cross-site scripting (XSS) vulnerabilities in template-functions-post.php in WordPress 1.5 and earlier allow remote attackers to execute arbitrary commands via the (1) content or (2) title of the post.

6.8
2005-05-02 CVE-2005-1051 Punbb SQL Injection vulnerability in PunBB Profile.PHP

SQL injection vulnerability in profile.php in PunBB 1.2.4 allows remote authenticated users to execute arbitrary SQL commands via the id parameter in a change_email action.

6.5
2005-05-02 CVE-2005-0247 Postgresql Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Postgresql

Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via (1) a large number of variables in a SQL statement being handled by the read_sql_construct function, (2) a large number of INTO variables in a SELECT statement being handled by the make_select_stmt function, (3) a large number of arbitrary variables in a SELECT statement being handled by the make_select_stmt function, and (4) a large number of INTO variables in a FETCH statement being handled by the make_fetch_stmt function, a different set of vulnerabilities than CVE-2005-0245.

6.5
2005-05-02 CVE-2005-0244 Postgresql Permissions, Privileges, and Access Controls vulnerability in Postgresql

PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE permission check for functions by using the CREATE AGGREGATE command.

6.5
2005-05-03 CVE-2005-1445 Sitepanel Directory Traversal vulnerability in Sitepanel

Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to (1) delete arbitrary files via the id parameter in a rmattach action to 5.php, or (2) read arbitrary files via the lang parameter to index.php.

6.4
2005-05-03 CVE-2005-1423 Software602 Denial-Of-Service vulnerability in Software602 602Lan Suite 2004.0.05.0413

Directory traversal vulnerability in the mail program in 602LAN SUITE 2004.0.05.0413 allows remote attackers to cause a denial of service and determine the presence of arbitrary files via ..

6.4
2005-05-02 CVE-2005-1201 Azbb Multiple directory traversal vulnerabilities in AZ Bulletin board (AZbb) before 1.0.08 allow (1) remote authenticated users with administrative privileges to delete arbitrary files via a ..
6.4
2005-05-02 CVE-2005-1163 Yager Development Buffer Overflow vulnerability in Yager Development Yager Game 5.0/5.20/5.24

Multiple buffer overflows in Yager 5.24 and earlier allow remote attackers to execute arbitrary code via (1) a crafted nickname or (2) a packet with a large amount of data.

6.4
2005-05-02 CVE-2005-1090 Maxthon Directory Traversal vulnerability in Maxthon 1.2.0/1.2.1

Directory traversal vulnerability in the readFile and writeFile API for Maxthon 1.2.0 and 1.2.1 allows remote attackers to read or write arbitrary files.

6.4
2005-05-02 CVE-2005-1086 AN Remote Buffer Overflow vulnerability in AN An-Httpd 1.42N

Buffer overflow in the cmdIS.DLL plugin for AN HTTPD Server 1.42n allows remote attackers to execute arbitrary code via an HTTP request with a long User-Agent header.

6.4
2005-05-02 CVE-2005-0966 ROB Flynn Unspecified vulnerability in ROB Flynn Gaim 1.2.0

The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, allows (1) remote attackers to inject arbitrary Gaim markup via irc_msg_kick, irc_msg_mode, irc_msg_part, irc_msg_quit, (2) remote attackers to inject arbitrary Pango markup and pop up empty dialog boxes via irc_msg_invite, or (3) malicious IRC servers to cause a denial of service (application crash) by injecting certain Pango markup into irc_msg_badmode, irc_msg_banned, irc_msg_unknown, irc_msg_nochan functions.

6.4
2005-05-02 CVE-2005-0815 Linux ISO9660 Filesystem Handling vulnerability in Linux Kernel

Multiple "range checking flaws" in the ISO9660 filesystem handler in Linux 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt memory via a crafted filesystem.

6.4
2005-05-02 CVE-2005-0657 Computalynx Denial-Of-Service vulnerability in Computalynx Cproxy 3.3/3.4/3.4.4

Directory traversal vulnerability in Computalynx CProxy 3.3.x and 3.4.x through 3.4.4 allows remote attackers to read arbitrary files or cause a denial of service (application crash) via a ..

6.4
2005-05-02 CVE-2005-0618 Nexland
Symantec
The SMTP binding function in Symantec Firewall/VPN Appliance 200/200R firmware after 1.5Z and before 1.68, Gateway Security 360/360R and 460/460R firmware before vuild 858, and Nexland Pro800turbo, when configured for load balancing between two WANs, might send SMTP traffic to a trusted network through an untrusted network.
6.4
2005-05-02 CVE-2005-0602 Info ZIP Privilege Escalation vulnerability in Info-Zip Unzip 5.50

Unzip 5.51 and earlier does not properly warn the user when extracting setuid or setgid files, which may allow local users to gain privileges.

6.2
2005-05-02 CVE-2005-0197 Cisco Configuration vulnerability in Cisco IOS

Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Label Switching (MPLS) installed but disabled, allows remote attackers to cause a denial of service (device reload) via a crafted packet sent to the disabled interface.

6.1
2005-05-02 CVE-2005-1162 Oneworldstore Cross-Site Scripting vulnerability in OneWorldStore OWContactUs.ASP

Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore allow remote attackers to inject arbitrary web script or HTML via the (1) sEmail parameter to owContactUs.asp, (2) bSub parameter to owListProduct.asp, or the (3) Name, (4) Email, or (5) Comment fields in owProductDetail.asp.

5.8
2005-05-04 CVE-2005-1341 Apple Multiple vulnerability in Apple Mac OS X

Apple Terminal 1.4.4 allows attackers to execute arbitrary commands via terminal escape sequences.

5.1
2005-05-04 CVE-2005-1331 Apple Multiple vulnerability in Apple Mac OS X

The AppleScript Editor in Mac OS X 10.3.9 does not properly display script code for an applescript: URI, which can result in code that is different than the actual code that would be run, which could allow remote attackers to trick users into executing malicious code via certain URI characters such as NULL, control characters, and homographs.

5.1
2005-05-02 CVE-2005-1187 X Ways Software Technology AG Remote Security vulnerability in X-Ways Software Technology AG Winhex 12.05Sr14

Heap-based buffer overflow in WinHex 12.05 SR-14, and possibly other versions, may allow attackers to execute arbitrary code via a long file name argument.

5.1
2005-05-02 CVE-2005-1160 Mozilla Unspecified vulnerability in Mozilla Firefox and Mozilla

The privileged "chrome" UI code in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to gain privileges by overriding certain properties or methods of DOM nodes, as demonstrated using multiple attacks involving the eval function or the Script object.

5.1
2005-05-02 CVE-2005-1125 Avaya Unspecified vulnerability in Avaya Libsafe

Race condition in libsafe 2.0.16 and earlier, when running in multi-threaded applications, allows attackers to bypass libsafe protection and exploit other vulnerabilities before the _libsafe_die function call is completed.

5.1
2005-05-02 CVE-2005-0941 Openoffice Remote Heap Overflow vulnerability in OpenOffice Malformed Document

The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 and earlier allocates memory based on 16 bit length values, but process memory using 32 bit values, which allows remote attackers to cause a denial of service and possibly execute arbitrary code via a DOC document with certain length values, which leads to a heap-based buffer overflow.

5.1
2005-05-02 CVE-2005-0926 Sylpheed Unspecified vulnerability in Sylpheed

Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via attachments with MIME-encoded file names.

5.1
2005-05-02 CVE-2005-0665 John Bradley Unspecified vulnerability in John Bradley XV 3.10A

Format string vulnerability in xv before 3.10a allows remote attackers to execute arbitrary code via format string specifiers in a filename.

5.1
2005-05-02 CVE-2005-0611 Realnetworks Unspecified vulnerability in Realnetworks Helix Player, Realone Player and Realplayer

Heap-based buffer overflow in RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1, allows remote attackers to execute arbitrary code via .WAV files.

5.1
2005-05-02 CVE-2005-0577 DNA Remote Security vulnerability in mkbold-mkitalic

Format string vulnerability in DNA MKBold-MKItalic 0.06_1 and earlier allows remote attackers to execute arbitrary code via crafted BDF font files.

5.1
2005-05-02 CVE-2005-0558 Microsoft Unspecified vulnerability in Microsoft Word 2000/2002/2003

Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 allows remote attackers to execute arbitrary code via a crafted document.

5.1
2005-05-02 CVE-2005-0553 Microsoft Unspecified vulnerability in Microsoft IE 5.01/5.5/6.0

Race condition in the memory management routines in the DHTML object processor in Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail, aka "DHTML Object Memory Corruption Vulnerability".

5.1
2005-05-02 CVE-2005-0527 Mozilla Unspecified vulnerability in Mozilla Firefox 1.0

Firefox 1.0 allows remote attackers to execute arbitrary code via plugins that load "privileged content" into frames, as demonstrated using certain XUL events when a user drags a scrollbar two times, aka "Firescrolling."

5.1
2005-05-02 CVE-2005-0490 Curl
Libcurl
Buffer Overflow vulnerability in cURL / libcURL NTLM Authentication

Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and possibly other versions, allow remote malicious web servers to execute arbitrary code via base64 encoded replies that exceed the intended buffer lengths when decoded, which is not properly handled by (1) the Curl_input_ntlm function in http_ntlm.c during NTLM authentication or (2) the Curl_krb_kauth and krb4_auth functions in krb4.c during Kerberos authentication.

5.1
2005-05-02 CVE-2005-0455 Realnetworks Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed function in smlparse.cpp for RealNetworks RealPlayer 10.5 (6.0.12.1056 and earlier), 10, 8, and RealOne Player V2 and V1 allows remote attackers to execute arbitrary code via a .SMIL file with a large system-screen-size value.
5.1
2005-05-02 CVE-2005-0401 Mozilla Remote Insecure XUL Start Up Script Loading vulnerability in Mozilla Browser

FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."

5.1
2005-05-02 CVE-2005-0399 Mozilla Remote Heap Overflow vulnerability in Mozilla Firefox, Mozilla and Thunderbird

Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size.

5.1
2005-05-02 CVE-2005-0347 Realnetworks Remote Security vulnerability in RealArcade

Integer overflow in RealArcade 1.2.0.994 and earlier allows remote attackers to execute arbitrary code via an RGS file with an invalid size string for the GUID and game name, which leads to a buffer overflow.

5.1
2005-05-02 CVE-2005-0230 Mozilla Unspecified vulnerability in Mozilla Firefox 1.0

Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka "firedragging."

5.1
2005-05-02 CVE-2005-0056 Microsoft Unspecified vulnerability in Microsoft IE 5.01/5.5/6

Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."

5.1
2005-05-02 CVE-2005-0054 Microsoft Unspecified vulnerability in Microsoft IE 5.01/5.5/6

Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability."

5.1
2005-05-02 CVE-2005-0035 Adobe Information Disclosure vulnerability in Adobe Acrobat Reader ActiveX Control LoadFile

The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and earlier, when used with Internet Explorer, allows remote attackers to determine the existence of arbitrary files via the LoadFile ActiveX method.

5.1
2005-05-05 CVE-2005-1470 Ethereal Group Remote Protocol Dissector vulnerability in Ethereal

Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3) ISUP, (4) SMB, or (5) Bittorrent dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (segmentation fault) via unknown vectors.

5.0
2005-05-05 CVE-2005-1469 Ethereal Group Remote Protocol Dissector vulnerability in Ethereal

Unknown vulnerability in the GSM dissector in Ethereal before 0.10.11 allows remote attackers to cause the dissector to access an invalid pointer.

5.0
2005-05-05 CVE-2005-1468 Ethereal Group Remote Protocol Dissector vulnerability in Ethereal

Multiple unknown vulnerabilities in the (1) WSP, (2) Q.931, (3) H.245, (4) KINK, (5) MGCP, (6) RPC, (7) SMBMailslot, and (8) SMB NETLOGON dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (crash) via unknown vectors that lead to a null dereference.

5.0
2005-05-05 CVE-2005-1467 Ethereal Group Remote Protocol Dissector vulnerability in Ethereal

Unknown vulnerability in the NDPS dissector in Ethereal before 0.10.11 allows remote attackers to cause a denial of service (memory exhaustion) via unknown vectors.

5.0
2005-05-05 CVE-2005-1466 Ethereal Group Remote Protocol Dissector vulnerability in Ethereal

Unknown vulnerability in the DICOM dissector in Ethereal before 0.10.11 allows remote attackers to cause a denial of service (large memory allocation) via unknown vectors.

5.0
2005-05-05 CVE-2005-1465 Ethereal Group Remote Protocol Dissector vulnerability in Ethereal

Unknown vulnerability in the NCP dissector in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (long loop).

5.0
2005-05-05 CVE-2005-1464 Ethereal Group Remote Protocol Dissector vulnerability in Ethereal

Multiple unknown vulnerabilities in the (1) KINK, (2) L2TP, (3) MGCP, (4) EIGRP, (5) DLSw, (6) MEGACO, (7) LMP, and (8) RSVP dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (infinite loop).

5.0
2005-05-05 CVE-2005-1460 Ethereal Group Remote Protocol Dissector vulnerability in Ethereal

Multiple unknown dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (assert error) via an invalid protocol tree item length.

5.0
2005-05-05 CVE-2005-1459 Ethereal Group Remote Protocol Dissector vulnerability in Ethereal

Multiple unknown vulnerabilities in the (1) WSP, (2) BER, (3) SMB, (4) NDPS, (5) IAX2, (6) RADIUS, (7) TCAP, (8) MRDISC, (9) 802.3 Slow, (10) SMBMailslot, or (11) SMB PIPE dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (assert error).

5.0
2005-05-05 CVE-2005-1458 Ethereal Group Remote Protocol Dissector vulnerability in Ethereal

Multiple unknown "other problems" in the KINK dissector in Ethereal before 0.10.11 have unknown impact and attack vectors.

5.0
2005-05-05 CVE-2005-1457 Ethereal Group Remote Protocol Dissector vulnerability in Ethereal

Multiple unknown vulnerabilities in the (1) AIM, (2) LDAP, (3) FibreChannel, (4) GSM_MAP, (5) SRVLOC, and (6) NTLMSSP dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (crash).

5.0
2005-05-05 CVE-2005-1456 Ethereal Group Remote Protocol Dissector vulnerability in Ethereal

Multiple unknown vulnerabilities in the (1) DHCP and (2) Telnet dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (abort).

5.0
2005-05-05 CVE-2005-1453 Leafnode Unspecified vulnerability in Leafnode

fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to cause a denial of service (crash) by closing the connection while fetchnews is reading (1) an article header or (2) an article body, which also prevents fetchnews from querying other servers.

5.0
2005-05-05 CVE-2005-0918 Adobe Remote Security vulnerability in SVG Viewer

The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, when running on Internet Explorer, allows remote attackers to determine the existence of arbitrary files by setting the src property to the target filename and using Javascript to determine if the web page immediately stops loading, which indicates whether the file exists or not.

5.0
2005-05-04 CVE-2005-1333 Apple Directory Traversal vulnerability in Apple mac OS X 10.3.9

Directory traversal vulnerability in the Bluetooth file and object exchange (OBEX) services in Mac OS X 10.3.9 allows remote attackers to read arbitrary files.

5.0
2005-05-03 CVE-2005-1441 IBM Remote Procedure Call Remote Format String vulnerability in IBM Lotus Domino Server Notes

Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and 6.5.x before 6.5.4 allows remote attackers to cause a denial of service via the Notes protocol (NRPC).

5.0
2005-05-03 CVE-2005-1431 GNU Denial of Service vulnerability in GNUTLS Padding

The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before 1.0.25 allows remote attackers to cause a denial of service, possibly related to padding bytes in gnutils_cipher.c.

5.0
2005-05-03 CVE-2005-1426 Uapplication Uapplication Ublog Reload stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mdb-database/blog.mdb (aka mdb-database/blog.msb).
5.0
2005-05-03 CVE-2005-1425 Uapplication Permissions, Privileges, and Access Controls vulnerability in Uapplication Uguestbook 1.0

Uapplication Uguestbook 1.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mdb-database/guestbook.mdb.

5.0
2005-05-03 CVE-2005-1421 Raysoft Directory Traversal vulnerability in Raysoft Video CAM Server 1.0.0Beta

Directory traversal vulnerability in Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to read arbitrary files via ".." (dot dot) sequences in an HTTP request.

5.0
2005-05-03 CVE-2005-1420 Raysoft Remote Security vulnerability in Raysoft Video CAM Server 1.0.0Beta

Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to determine the full pathname of the server via a request for an invalid page, as demonstrated using "%20" (hex-encoded space).

5.0
2005-05-03 CVE-2005-1416 Soft3304 Unspecified vulnerability in Soft3304 04Webserver 1.81

Directory traversal vulnerability in 04WebServer 1.81 allows remote attackers to read files outside of the web root but within the installation folder.

5.0
2005-05-03 CVE-2005-1404 Myphp Forum Unspecified vulnerability in Myphp Forum Myphp Forum 1.0/2.0/3.0

MyPHP Forum 1.0 allows remote attackers to spoof the username by modifying the (1) nbuser parameter to post.php or (2) sender parameter to privmsg.php.

5.0
2005-05-03 CVE-2005-1402 MTP Target Unspecified vulnerability in Mtp-Target

Integer signedness error in certain older versions of the NeL library, as used in Mtp-Target 1.2.2 and earlier, and possibly other products, allows remote attackers to cause a denial of service (memory consumption or server crash) via a negative value in a STLport call, which is not caught by a signed comparison.

5.0
2005-05-03 CVE-2005-1398 Phpcart Improper Input Validation vulnerability in PHPcart 3.2/3.4/4.6.4

phpcart.php in PHPCart 3.2 allows remote attackers to change product price information by modifying the (1) price or (2) postage parameters.

5.0
2005-05-03 CVE-2005-1386 Francisco Burzi Information Disclosure vulnerability in PHP-Nuke

PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive information via a direct request to (1) ipban.php, (2) db.php, (3) lang-norwegian.php, (4) lang-indonesian.php, (5) lang-greek.php, (6) a request to Web_Links with the portuguese language (lang-portuguese.php), (7) a request to Web_Links with the indonesian language (lang-indonesian.php), (8) a request to the survey module with the indonesian language (lang-indonesian.php), (9) a request to the Reviews module with the portuguese language, or (10) a request to the Journal module with the portuguese language, which reveal the path in an error message.

5.0
2005-05-03 CVE-2005-1382 Oracle File Corruption vulnerability in Oracle Application Server 9i Webcache Arbitrary

The webcacheadmin module in Oracle Webcache 9i allows remote attackers to corrupt arbitrary files via a full pathname in the cache_dump_file parameter.

5.0
2005-05-02 CVE-2005-1357 Text CGI Remote Security vulnerability in Text.Cgi

text.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument.

5.0
2005-05-02 CVE-2005-1355 Includer CGI Remote Security vulnerability in Includer.Cgi 1.1

includer.cgi in The Includer allows remote attackers to read arbitrary files via a full pathname in the argument, a similar vulnerability to CVE-2005-0801.

5.0
2005-05-02 CVE-2005-1353 Forum PL Remote Security vulnerability in Forum.Pl

The forum.pl script allows remote attackers to read arbitrary files via a full pathname in the argument.

5.0
2005-05-02 CVE-2005-1350 Leif M Wright Remote Security vulnerability in ad.cgi

The ad.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument.

5.0
2005-05-02 CVE-2005-1329 Oneworldstore Information Disclosure vulnerability in OneWorldStore IDOrder

owOfflineCC.asp in OneWorldStore allows remote attackers to obtain sensitive information by modifying the idOrder parameter.

5.0
2005-05-02 CVE-2005-1328 Oneworldstore Remote Denial Of Service vulnerability in OneWorldStore CHKSettings.ASP

OneWorldStore allows remote attackers to cause a denial of service (application crash) via a direct request to owConnections/chksettings.asp.

5.0
2005-05-02 CVE-2005-1326 Voodoo Circle Denial-Of-Service vulnerability in Voodoo Circle

Buffer overflow in VooDoo cIRCle BOTNET before 1.0.33 allows remote authenticated attackers to cause a denial of service (client crash) via a crafted packet.

5.0
2005-05-02 CVE-2005-1325 Matthieu Aubry Unspecified vulnerability in Matthieu Aubry PHPmyvisites 1.3

set_lang.php in phpMyVisites 1.3 allows remote attackers to read and include arbitrary files via the mylang parameter.

5.0
2005-05-02 CVE-2005-1305 Hyper CGI Remote Security vulnerability in Hyper.Cgi

The hyper.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument.

5.0
2005-05-02 CVE-2005-1280 LBL Denial Of Service vulnerability in tcpdump RSVP Decoding Routines

The rsvp_print function in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted RSVP packet of length 4.

5.0
2005-05-02 CVE-2005-1279 LBL Denial Of Service vulnerability in tcpdump LDP Decoding Routines

tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of service (infinite loop) via a crafted (1) BGP packet, which is not properly handled by RT_ROUTING_INFO, or (2) LDP packet, which is not properly handled by the ldp_print function.

5.0
2005-05-02 CVE-2005-1278 LBL Denial Of Service vulnerability in tcpdump ISIS Decoding Routines

The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero length, as demonstrated using a GRE packet.

5.0
2005-05-02 CVE-2005-1243 Safestone Technologies Directory Traversal vulnerability in Axcessit

Directory traversal vulnerability in the third party tool from SafeStone, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request.

5.0
2005-05-02 CVE-2005-1242 Bsafe Directory Traversal vulnerability in Global Security

Directory traversal vulnerability in the third party tool from Bsafe, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request.

5.0
2005-05-02 CVE-2005-1239 RAZ LEE Unspecified vulnerability in Raz-Lee Security+++

Directory traversal vulnerability in the third party tool from Raz-Lee, as used to secure the iSeries AS/400 FTP server, allows remote attackers to access arbitrary files, including those from qsys.lib, via ".." sequences in a GET request.

5.0
2005-05-02 CVE-2005-1235 Phpbb Group Information Disclosure vulnerability in PHPbb Group PHPbb-Auction 1.0M/1.2M

auction_my_auctions.php in phpbb-Auction 1.2m and earlier allows remote attackers to obtain sensitive information via an invalid mode parameter, which leaks the full path in a PHP error message.

5.0
2005-05-02 CVE-2005-1234 Phpbb Group SQL Injection vulnerability in PHPbb Group PHPbb-Auction 1.0M/1.2M

Multiple SQL injection vulnerabilities in phpbb-Auction allow remote attackers to execute arbitrary SQL commands via the (1) u parameter to auction_rating.php or (2) ar parameter to action_offer.php.

5.0
2005-05-02 CVE-2005-1230 Magnus Lundvall Directory Traversal vulnerability in Magnus Lundvall Yawcam 0.2.5

Directory traversal vulnerability in Yawcam 0.2.5 allows remote attackers to read arbitrary files via "..\" (dot dot backslash) sequences in a GET request.

5.0
2005-05-02 CVE-2005-1228 GNU Multiple Security vulnerability in Apple Mac OS X

Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a ..

5.0
2005-05-02 CVE-2005-1204 Nelso Software Denial-Of-Service vulnerability in Desktop Rover

Desktop Rover 3.0, and possibly earlier versions, allows remote attackers to cause a denial of service (application crash) via a crafted packet to TCP port 61427, which causes an invalid memory access.

5.0
2005-05-02 CVE-2005-1198 Anaconda Partners Directory Traversal vulnerability in Foundation Directory

Directory traversal vulnerability in apexec.pl for Anaconda Foundation Directory allows remote attackers to read arbitrary files via hex-encoded null characters (%00) in the middle of ".." sequences in the template parameter.

5.0
2005-05-02 CVE-2005-1192 HP Remote Denial Of Service vulnerability in HP-UX ICMP PMTUD

Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attackers to cause a denial of service via certain packets, related to the PMTU, a different vulnerability than CVE-2004-1060.

5.0
2005-05-02 CVE-2005-1191 Microsoft Unspecified vulnerability in Microsoft products

The Web View DLL (webvw.dll), as used in Windows Explorer on Windows 2000 systems, does not properly filter an apostrophe ("'") in the author name in a document, which allows attackers to execute arbitrary script via extra attributes when Web View constructs a mailto: link for the preview pane when the user selects the file.

5.0
2005-05-02 CVE-2005-1190 Webcamxp Denial-Of-Service vulnerability in Webcamxp Pro

WebcamXP PRO v2.16.468 and earlier allows remote attackers to cause a denial of service via a long chat name, which takes up too much display space and prevents the chat frame from being properly rendered.

5.0
2005-05-02 CVE-2005-1184 Microsoft Denial Of Service vulnerability in Multiple Vendor TCP Session Acknowledgement Number

The TCP/IP stack in multiple operating systems allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet with the correct sequence number but the wrong Acknowledgement number, which generates a large number of "keep alive" packets.

5.0
2005-05-02 CVE-2005-1182 IBM Denial-Of-Service vulnerability in IBM OS 400 R510/R520/R530

Unknown vulnerability in Incoming Remote Command (iSeries Access for Windows Remote Command service) in IBM OS/400 R510, R520, and R530 allows attackers to cause a denial of service (IRC shutdown) via certain inputs.

5.0
2005-05-02 CVE-2005-1180 Francisco Burzi Remote Security vulnerability in Francisco Burzi PHP-Nuke 7.6

HTTP Response Splitting vulnerability in the Surveys module in PHP-Nuke 7.6 allows remote attackers to spoof web content and poison web caches via hex-encoded CRLF ("%0d%0a") sequences in the forwarder parameter.

5.0
2005-05-02 CVE-2005-1179 Xerox SNMP Authentication Bypass vulnerability in Xerox MicroServer

Unknown vulnerability in Xerox MicroServer Web Server for various WorkCentre products including M35/M45/M55 2.028.11.000 through 2.97.20.032 and 4.84.16.000 through 4.97.20.032, Pro 35/45/55 3.028.11.000 through 3.97.20.032, Pro 65/75/90 1.001.00.060 through 1.001.02.084, and others, related to SNMP authentication, allows remote attackers to modify system configuration, a different vulnerability than CVE-2005-0703.

5.0
2005-05-02 CVE-2005-1168 Musicmatch Unspecified vulnerability in Musicmatch Jukebox 9.0.5059

DiagCollectionControl.dll in Musicmatch 10.00.2047 and earlier allows remote attackers to overwrite arbitrary files via the bstrSavePath argument.

5.0
2005-05-02 CVE-2005-1165 Yager Development Yager 5.24 and earlier allows remote attackers to cause a denial of service (application crash) via certain malformed data.
5.0
2005-05-02 CVE-2005-1164 Yager Development Denial Of Service vulnerability in Yager Development Yager Game 5.0/5.20/5.24

Yager 5.24 and earlier allows remote attackers to cause a denial of service (application hang) via a packet with a game header that provides less data than indicated by the length.

5.0
2005-05-02 CVE-2005-1158 Mozilla Unspecified vulnerability in Mozilla Firefox

Multiple "missing security checks" in Firefox before 1.0.3 allow remote attackers to inject arbitrary Javascript into privileged pages using the _search target of the Firefox sidebar.

5.0
2005-05-02 CVE-2005-1150 SUN Denial-Of-Service vulnerability in SUN Java System web Server 6.0

Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlier, when running on Windows systems, allows attackers to cause a denial of service (hang).

5.0
2005-05-02 CVE-2005-1148 Calendarscript Information Disclosure vulnerability in Calendarscript 3.20/3.21

calendar.pl in CalendarScript 3.21 allows remote attackers to obtain sensitive information via invalid (1) year or (2) month parameters, which leaks the full pathname and debug information.

5.0
2005-05-02 CVE-2005-1137 Alexander Palmo Information Disclosure vulnerability in Alexander Palmo Simple PHP Blog 0.4.0

Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to obtain sensitive information via a direct request to sb_functions.php, which leaks the full pathname in a PHP error message.

5.0
2005-05-02 CVE-2005-1133 IBM Remote Information Disclosure vulnerability in IBM iSeries AS400 POP3 Server

The POP3 server in IBM iSeries AS/400 returns different error messages when the user exists or not, which allows remote attackers to determine valid user IDs on the server.

5.0
2005-05-02 CVE-2005-1132 LG Electronics Remote Denial Of Service vulnerability in LG Electronics LG Mobile Phone U8120

LG U8120 mobile phone allows remote attackers to cause a denial of service (device crash) via a malformed MIDI file.

5.0
2005-05-02 CVE-2005-1127 Postgrey Unspecified vulnerability in Postgrey 1.17/1.18

Format string vulnerability in the log function in Net::Server 0.87 and earlier, as used in Postfix Greylisting Policy Server (Postgrey) 1.18 and earlier, and possibly other products, allows remote attackers to cause a denial of service (crash) via format string specifiers that are not properly handled before being sent to syslog, as demonstrated using sender addresses to Postgrey.

5.0
2005-05-02 CVE-2005-1123 Monkey Project Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Monkey-Project Monkey

Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service (memory corruption) via a request for a zero byte file.

5.0
2005-05-02 CVE-2005-1121 Igor Khasilev
Gentoo
Remote Format String vulnerability in Oops! Proxy Server Auth

Format string vulnerability in the my_xlog function in lib.c for Oops! Proxy Server 1.5.23 and earlier, as called by the auth functions in the passwd_mysql and passwd_pgsql modules, may allow attackers to execute arbitrary code via a URL.

5.0
2005-05-02 CVE-2005-1112 IBM Unspecified vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with an invalid Host header, which causes the page to be processed by the web server instead of the JSP engine.

5.0
2005-05-02 CVE-2005-1108 Junkbuster Unspecified vulnerability in Junkbuster Internet Junkbuster 2.0.2R2

The ij_untrusted_url function in JunkBuster 2.0.2-r2, with single-threaded mode enabled, allows remote attackers to overwrite the referrer field via a crafted HTTP request.

5.0
2005-05-02 CVE-2005-1106 Apple Denial-Of-Service vulnerability in Apple Quicktime Pictureviewer 6.5.2

PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers to cause a denial of service (application crash) via a GIF image with the maximum depth start value, possibly triggering an integer overflow.

5.0
2005-05-02 CVE-2005-1105 SUN Unspecified vulnerability in SUN Javamail 1.3.2

Directory traversal vulnerability in the MimeBodyPart.getFileName method in JavaMail 1.3.2 allows remote attackers to write arbitrary files via a ..

5.0
2005-05-02 CVE-2005-1083 Aewebworks Unspecified vulnerability in Aewebworks Aedating 3.2

index.php in aeDating 3.2 allows remote attackers to include arbitrary files via the skin parameter.

5.0
2005-05-02 CVE-2005-1080 SUN Directory Traversal vulnerability in Sun J2SE Software Development Kit Java Archive Tool

Directory traversal vulnerability in the Java Archive Tool (Jar) utility in J2SE SDK 1.4.2 and 1.5, and OpenJDK, allows remote attackers to create or overwrite arbitrary files via a ..

5.0
2005-05-02 CVE-2005-1073 Radscripts Multiple vulnerability in Radscripts Radbids 2

Directory traversal vulnerability in index.php for RadScripts RadBids Gold 2 allows remote attackers to read arbitrary files via the read parameter.

5.0
2005-05-02 CVE-2005-1061 Logwatch
Redhat
The secure script in LogWatch before 2.6-2 allows attackers to prevent LogWatch from detecting malicious activity via certain strings in the secure file that are later used as part of a regular expression, which causes the parser to crash, aka "logwatch log processing regular expression DoS."
5.0
2005-05-02 CVE-2005-1060 Novell Remote Denial Of Service vulnerability in Novell Netware 6.0/6.5

Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in Novell Netware 6.x allows remote attackers to cause a denial of service (ABEND by Page Fault Processor Exception) via certain packets.

5.0
2005-05-02 CVE-2005-1056 HP Remote Denial of Service vulnerability in HP OpenView Network Node Manager

Unknown vulnerability in HP OpenView Network Node Manager (NMM) 6.2 through 6.4, and 7.01 through 7.50, allows remote attackers to cause a denial of service.

5.0
2005-05-02 CVE-2005-1052 Microsoft Unspecified vulnerability in Microsoft Outlook and Outlook web Access

Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not properly display comma separated addresses in the From field in an e-mail message, which could allow remote attackers to spoof e-mail addresses.

5.0
2005-05-02 CVE-2005-1050 Postnuke Software Foundation Information Disclosure vulnerability in Postnuke Software Foundation Postnuke 0.760Rc3

The modload op in the Reviews module for PostNuke 0.760-RC3 allows remote attackers to obtain sensitive information via an invalid id parameter, which reveals the path in a PHP error message.

5.0
2005-05-02 CVE-2005-1034 Netwin Denial of Service vulnerability in Netwin Surgeftp 2.2K3/2.2M1

SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command.

5.0
2005-05-02 CVE-2005-1033 Devellion Unspecified vulnerability in Devellion Cubecart 2.0.6

CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid (1) language parameter to index.php, (2) PHPSESSID parameter to index.php, (3) product parameter to tellafriend.php, (4) add parameter to view_cart.php, or (5) product parameter to view_product.php, which reveals the path in a PHP error message.

5.0
2005-05-02 CVE-2005-1031 E Xoops
Runcms
Remote Arbitrary File Upload vulnerability in RunCMS

RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), when "Allow custom avatar upload" is enabled, does not properly verify uploaded files, which allows remote attackers to upload arbitrary files.

5.0
2005-05-02 CVE-2005-1028 Phpnuke Information Exposure vulnerability in PHPnuke PHP-Nuke

PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals the path in a PHP error message.

5.0
2005-05-02 CVE-2005-1025 IBM Information Disclosure vulnerability in IBM Iseries AS 400 4.3

The FTP server in AS/400 4.3, when running in IFS mode, allows remote attackers to obtain sensitive information via a symlink attack using RCMD and the ADDLNK utility, as demonstrated using the QSYS.LIB library.

5.0
2005-05-02 CVE-2005-1024 Francisco Burzi Unspecified vulnerability in Francisco Burzi PHP-Nuke

modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) my_headlines, (2) userinfo, or (3) search, which reveals the path in a PHP error message.

5.0
2005-05-02 CVE-2005-1022 Macromedia Unspecified vulnerability in Macromedia Coldfusion 6.1

ColdFusion 6.1 Updater 1 places Java .class files under the web root in the /WEB-INF/cfclasses directory, which allows remote attackers to obtain sensitive information.

5.0
2005-05-02 CVE-2005-1013 Mailenable Denial Of Service vulnerability in MailEnable SMTP Malformed EHLO Request

The SMTP service in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to cause a denial of service (server crash) via an EHLO command with a Unicode string.

5.0
2005-05-02 CVE-2005-1007 Stalker Unspecified vulnerability in Stalker Communigate PRO 4.3C1/4.3C2

Unknown vulnerability in the LIST functionality in CommuniGate Pro before 4.3c3 allows remote attackers to cause a denial of service (server crash) via certain multipart messages.

5.0
2005-05-02 CVE-2005-1002 Logics Software Unspecified vulnerability in Logics Software Log-Ft

logwebftbs2000.exe in Logics Software File Transfer (LOG-FT) allows remote attackers to read arbitrary files via modified (1) VAR_FT_LANG and (2) VAR_FT_TMPL parameters.

5.0
2005-05-02 CVE-2005-1001 Francisco Burzi Information Disclosure vulnerability in Francisco Burzi PHP-Nuke 7.6

PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via direct requests to (1) the Surveys module with the file parameter set to comments or (2) 3D-Fantasy/theme.php, which leaks the full pathname of the web server in a PHP error message.

5.0
2005-05-02 CVE-2005-0998 Francisco Burzi Information Disclosure vulnerability in Francisco Burzi PHP-Nuke 7.6

The Web_Links module for PHP-Nuke 7.6 allows remote attackers to obtain sensitive information via an invalid show parameter, which triggers a division by zero PHP error that leaks the full pathname of the server.

5.0
2005-05-02 CVE-2005-0996 Francisco Burzi Unspecified vulnerability in Francisco Burzi PHP-Nuke 7.6

Multiple SQL injection vulnerabilities in the Downloads module for PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the email or url parameters in the Add function, (2) the min parameter in the viewsdownload function, or (3) the min parameter in the search function.

5.0
2005-05-02 CVE-2005-0989 Mozilla
Netscape
The find_replen function in jsstr.c in the Javascript engine for Mozilla Suite 1.7.6, Firefox 1.0.1 and 1.0.2, and Netscape 7.2 allows remote attackers to read portions of heap memory in a Javascript string via the lambda replace method.
5.0
2005-05-02 CVE-2005-0987 IRC Services Remote Security vulnerability in Nickserv Listlinks

Unknown vulnerability in IRC Services NickServ LISTLINKS before 5.0.50 allows remote attackers to obtain the links of a nick.

5.0
2005-05-02 CVE-2005-0986 IBM Unspecified vulnerability in IBM Lotus Domino Server 6.0.3/6.5.1

NLSCCSTR.DLL in the web service in IBM Lotus Domino Server 6.5.1, 6.0.3, and possibly other versions allows remote attackers to cause a denial of service (deep recursion and nHTTP.exe process crash) via a long GET request containing UNICODE decimal value 430 characters, which causes the stack to be exhausted.

5.0
2005-05-02 CVE-2005-0984 Lucasarts Buffer Overflow vulnerability in Lucasarts Star Wars Jedi Knight Jedi Academy 1.0.11

Buffer overflow in the G_Printf function in Star Wars Jedi Knight: Jedi Academy 1.011 and earlier allows remote attackers to execute arbitrary code via a long message using commands such as (1) say and (2) tell.

5.0
2005-05-02 CVE-2005-0983 Activision
ID Software
Lucasarts
Raven Software
Denial of Service vulnerability in Quake 3 Engine Message

Quake 3 engine, as used in multiple games, allows remote attackers to cause a denial of service (client disconnect) via a long message, which is not properly truncated and causes the engine to process the remaining data as if it were network data.

5.0
2005-05-02 CVE-2005-0978 IVT Directory Traversal vulnerability in IVT Bluesoleil 1.4

Directory traversal vulnerability in the Object Push service in IVT BlueSoleil 1.4 allows remote attackers to upload arbitrary files via a ..

5.0
2005-05-02 CVE-2005-0976 Apple
Hmdt
Omnigroup
AppleWebKit (WebCore and WebKit), as used in multiple products such as Safari 1.2 and OmniGroup OmniWeb 5.1, allows remote attackers to read arbitrary files via the XMLHttpRequest Javascript component, as demonstrated using automatically mounted disk images and file:// URLs.
5.0
2005-05-02 CVE-2005-0968 CA Unspecified vulnerability in CA Etrust Intrusion Detection 3.0

Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote attackers to cause a denial of service via large size values that are not properly validated before calling the CPImportKey function in the Crypto API.

5.0
2005-05-02 CVE-2005-0967 ROB Flynn Remote Denial Of Service vulnerability in ROB Flynn Gaim 1.2.0

Gaim 1.2.0 allows remote attackers to cause a denial of service (application crash) via a malformed file transfer request to a Jabber user, which leads to an out-of-bounds read.

5.0
2005-05-02 CVE-2005-0965 ROB Flynn Remote Denial Of Service vulnerability in ROB Flynn Gaim 1.2.0

The gaim_markup_strip_html function in Gaim 1.2.0, and possibly earlier versions, allows remote attackers to cause a denial of service (application crash) via a string that contains malformed HTML, which causes an out-of-bounds read.

5.0
2005-05-02 CVE-2005-0960 Openbsd Remote Denial Of Service vulnerability in Openbsd 3.5/3.6

Multiple vulnerabilities in the SACK functionality in (1) tcp_input.c and (2) tcp_usrreq.c OpenBSD 3.5 and 3.6 allow remote attackers to cause a denial of service (memory exhaustion or system crash).

5.0
2005-05-02 CVE-2005-0954 Microsoft Remote Denial of Service vulnerability in Microsoft IE, Windows Explorer and Windows XP

Windows Explorer and Internet Explorer in Windows 2000 SP1 allows remote attackers to cause a denial of service (CPU consumption) via a malformed Windows Metafile (WMF) file.

5.0
2005-05-02 CVE-2005-0952 PHP Arena Unspecified vulnerability in PHP Arena Pafiledb 3.1

Cross-site scripting vulnerability in pafiledb.php in PaFileDB 3.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

5.0
2005-05-02 CVE-2005-0942 Sybase Unspecified vulnerability in Sybase Adaptive Server Enterprise

The XP Server process (xp_server) in Sybase Adaptive Server Enterprise (ASE) XP Server 12.x before 12.5.3 ESD#1 allows attackers to cause a denial of service (process crash) via malformed data sent to the XP Server TCP port.

5.0
2005-05-02 CVE-2005-0938 Uapplication Remote Security vulnerability in Ublog Reload

Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the web root, which allows remote attackers to read usernames and hashed passwords via a direct request to ublogreload.mdb.

5.0
2005-05-02 CVE-2005-0936 Esmi Cross-Site Scripting vulnerability in Esmi Paypal Storefront 1.7

Cross-site scripting vulnerability in products1h.php in ESMI PayPal Storefront allows remote attackers to inject arbitrary web script or HTML via the id parameter.

5.0
2005-05-02 CVE-2005-0933 Coinsoft Technologies Remote vulnerability in PHPcoin 1.2.1/1.2.1B

Directory traversal vulnerability in auxpage.php for phpCOIN 1.2.1b and earlier allows remote attackers to read arbitrary files via the page parameter.

5.0
2005-05-02 CVE-2005-0922 Symantec Remote Denial Of Service vulnerability in Symantec products

Unknown vulnerability in the Auto-Protect module in Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (system hang or crash) by triggering a scan of a certain file type.

5.0
2005-05-02 CVE-2005-0895 Netcomm Remote Denial of Service vulnerability in Netcomm Nb1300 4.4.1

Netcomm 1300NB DSL Modem allows remote attackers to cause a denial of service (device hang) via a large number of ping packets.

5.0
2005-05-02 CVE-2005-0891 GTK Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in GTK Gtk+

Double free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote attackers to cause a denial of service (crash) via a crafted BMP image.

5.0
2005-05-02 CVE-2005-0880 Vortex Portal Information Disclosure vulnerability in Vortex Portal

content.php in Vortex Portal allows remote attackers to obtain sensitive information via an invalid act parameter, which leaks the full pathname in a PHP error message.

5.0
2005-05-02 CVE-2005-0877 Dnsmasq Remote vulnerability in Dnsmasq

Dnsmasq before 2.21 allows remote attackers to poison the DNS cache via answers to queries that were not made by Dnsmasq.

5.0
2005-05-02 CVE-2005-0876 Dnsmasq Remote vulnerability in Dnsmasq

Off-by-one buffer overflow in Dnsmasq before 2.21 may allow attackers to execute arbitrary code via the DHCP lease file.

5.0
2005-05-02 CVE-2005-0875 Cerulean Studios Unspecified vulnerability in Cerulean Studios Trillian 2.0/3.0/3.1

Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, and 3.1 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header.

5.0
2005-05-02 CVE-2005-0874 Cerulean Studios Unspecified vulnerability in Cerulean Studios Trillian 2.0

Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other plug-ins for Trillian 2.0 allow remote web servers to cause a denial of service (application crash) via a long string in an HTTP 1.1 response header.

5.0
2005-05-02 CVE-2005-0871 Phpbb Group Information Disclosure vulnerability in PHPbb Group PHPbb 1.0.1

calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when running on a Microsoft IIS server, allows remote attackers to obtain sensitive information via invalid parameters, which reveal the path in an error message.

5.0
2005-05-02 CVE-2005-0869 Phpsysinfo Information Disclosure vulnerability in PHPsysinfo 2.3

phpSysInfo 2.3 allows remote attackers to obtain sensitive information via a direct request to (1) class.OpenBSD.inc.php, (2) class.NetBSD.inc.php, (3) class.FreeBSD.inc.php, (4) class.Darwin.inc.php, (5) XPath.class.php, (6) system_header.php, or (7) system_footer.php, which reveal the path in a PHP error message.

5.0
2005-05-02 CVE-2005-0864 Securecomputing Remote vulnerability in Securecomputing Samsung Adsl Modem Smdk8947V1.2

The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 and possibly other products, allows remote attackers to read arbitrary files via a full pathname in the HTTP request.

5.0
2005-05-02 CVE-2005-0853 Betaparticle Remote vulnerability in Betaparticle Blog 2.0/3.0

betaparticle blog (bp blog) stores the database under the web root, which allows remote attackers to obtain sensitive information via a direct request to (1) dbBlogMX.mdb for versions before 3.0, or (2) Blog.mdb for versions 3.0 and later.

5.0
2005-05-02 CVE-2005-0851 Filezilla Project Infinite Loop vulnerability in Filezilla-Project Filezilla Server

FileZilla FTP server before 0.9.6, when using MODE Z (zlib compression), allows remote attackers to cause a denial of service (infinite loop) via certain file uploads or directory listings.

5.0
2005-05-02 CVE-2005-0850 Filezilla Project Improper Input Validation vulnerability in Filezilla-Project Filezilla Server

FileZilla FTP server before 0.9.6 allows remote attackers to cause a denial of service via a request for a filename containing an MS-DOS device name such as CON, NUL, COM1, LPT1, and others.

5.0
2005-05-02 CVE-2005-0849 Funlabs Unspecified vulnerability in Funlabs products

Multiple games developed by FUN labs, including 4X4 Off-road Adventure III, Big Game Hunter, Dangerous Hunts, Deer Hunt, Revolution, Secret Service, Shadow Force, and US Most Wanted, allow remote attackers to cause a denial of service (crash from invalid memory access) via a malformed join packet with values that cause the server to copy more memory than was actually provided in the packet.

5.0
2005-05-02 CVE-2005-0848 Funlabs Unspecified vulnerability in Funlabs products

Multiple games developed by FUN labs, including 4X4 Off-road Adventure III, Big Game Hunter, Dangerous Hunts, Deer Hunt, Revolution, Secret Service, Shadow Force, and US Most Wanted, allow remote attackers to cause a denial of service via an empty UDP packet to the server, which cannot detect that a new packet has arrived using the socket ioctl.

5.0
2005-05-02 CVE-2005-0847 Code Ocean Remote Denial of Service vulnerability in Code Ocean FTP Server 1.0

Code Ocean FTP server 1.0 allows remote attackers to cause a denial of service via a large number of connections.

5.0
2005-05-02 CVE-2005-0845 Netwin Directory traversal vulnerability in the Webmail interface in SurgeMail 2.2g3 allows remote authenticated users to write arbitrary files or directories via a ..
5.0
2005-05-02 CVE-2005-0843 Phorum Unspecified vulnerability in Phorum 5.0.14A

CRLF injection vulnerability in search.php in Phorum 5.0.14a allows remote attackers to perform HTTP Response Splitting attacks via the body parameter, which is included in the resulting Location header.

5.0
2005-05-02 CVE-2005-0837 Icecast Multiple vulnerability in Icecast XSL Parser

IceCast 2.20 allows remote attackers to bypass the XSL parser and obtain the source for XSL files via a request for a .xsl file with a trailing .

5.0
2005-05-02 CVE-2005-0835 Belkin Multiple vulnerability in Belkin 54G Wireless Router F5D7130

The SNMP service in the Belkin 54G (F5D7130) wireless router allows remote attackers to cause a denial of service via unknown vectors.

5.0
2005-05-02 CVE-2005-0834 Belkin Multiple vulnerability in Belkin 54G Wireless Router

Belkin 54G (F5D7130) wireless router enables SNMP by default in a manner that allows remote attackers to obtain sensitive information.

5.0
2005-05-02 CVE-2005-0831 PHP Post Remote Input Validation vulnerability in PHP-Post

PHP-Post allows remote attackers to spoof the names of other users by registering with a username containing hex-encoded characters.

5.0
2005-05-02 CVE-2005-0828 Ciamos
E Xoops
Runcms
Information Disclosure vulnerability in RunCMS Database Configuration

highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allows remote attackers to read arbitrary PHP files by specifying the pathname in the file parameter, as demonstrated by reading database configuration information from mainfile.php.

5.0
2005-05-02 CVE-2005-0827 Ciamos
E Xoops
Runcms
Information Disclosure vulnerability in E-Xoops

Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 Rev3, and possibly other products based on e-Xoops (exoops), allow remote attackers to obtain sensitive information via an invalid parameter to the convertorderbytrans function, which reveals the path in a PHP error message.

5.0
2005-05-02 CVE-2005-0826 Ollydbg Denial Of Service vulnerability in OllyDbg Library Module Name

OllyDbg 1.10 and earlier allows remote attackers to cause a denial of service (application crash) via a dynamic link library (DLL) with a long filename.

5.0
2005-05-02 CVE-2005-0820 Microsoft Microsoft Office InfoPath 2003 SP1 includes sensitive information in the Manifest.xsf file in a custom .xsn form, which allows attackers to obtain printer and network information, obtain the database name, username, and password, or obtain the internal web server name.
5.0
2005-05-02 CVE-2005-0819 Novell Unspecified vulnerability in Novell Netware 6.5

The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote attackers to redirect the xsession without authentication via a direct request to GUIMirror/Start.

5.0
2005-05-02 CVE-2005-0817 Symantec Unspecified vulnerability in Symantec products

Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway Security 5400 2.x and 5300 1.x, Enterprise Firewall 7.0.x and 8.x, and VelociRaptor 1100/1200/1300 1.5, allows remote attackers to poison the DNS cache and redirect users to malicious sites.

5.0
2005-05-02 CVE-2005-0814 Lysator Unspecified vulnerability in Lysator LSH

Unknown vulnerability in lshd in Lysator LSH 1.x and 2.x before 2.0.1 allows remote attackers to cause a denial of service via unknown vectors.

5.0
2005-05-02 CVE-2005-0813 Initial Redirect Remote Buffer Overflow vulnerability in Initial Redirect Initial Redirect Squid Proxy Plug-In 0.1/0.2

Buffer overflow in Initial Redirect (ir) Squid Proxy Plug-In 0.1 and 0.2 may allow attackers to cause a denial of service and execute arbitrary code via unknown vectors.

5.0
2005-05-02 CVE-2005-0812 Notify Technology Multiple vulnerability in Notify Technology Notifylink Enterpriseserver

The web interface in NotifyLink 3.0 displays passwords in cleartext on the administrative page, which could allow remote attackers or local users to obtain sensitive information.

5.0
2005-05-02 CVE-2005-0808 Apache Remote Malformed Request Denial Of Service vulnerability in Apache Tomcat

Apache Tomcat before 5.x allows remote attackers to cause a denial of service (application crash) via a crafted AJP12 packet to TCP port 8007.

5.0
2005-05-02 CVE-2005-0806 Ximian Unspecified vulnerability in Ximian Evolution 2.0.3

Evolution 2.0.3 allows remote attackers to cause a denial of service (application crash or hang) via crafted messages, possibly involving charsets in attachment filenames.

5.0
2005-05-02 CVE-2005-0804 Mailenable Remote Format String vulnerability in Mailenable Standard 1.8

Format string vulnerability in MailEnable 1.8 allows remote attackers to cause a denial of service (application crash) via format string specifiers in the mailto field.

5.0
2005-05-02 CVE-2005-0803 Microsoft Resource Management Errors vulnerability in Microsoft Windows 2000

The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 allows remote attackers to cause a denial of service (application crash) via a crafted Enhanced Metafile (EMF) file that causes invalid (1) end, (2) emreof, or (3) palent offsets to be used, aka "Enhanced Metafile Vulnerability."

5.0
2005-05-02 CVE-2005-0801 Includer CGI Directory Traversal vulnerability in Includer.Cgi

Directory traversal vulnerability in includer.cgi in The Includer allows remote attackers to read arbitrary files via (1) a ..

5.0
2005-05-02 CVE-2005-0796 Hola Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote attackers to overwrite arbitrary files via a "holaDB/votes" followed by a ..
5.0
2005-05-02 CVE-2005-0779 Platinumftp Malformed User Name Connection Denial Of Service vulnerability in Platinumftp Platinumftpserver 1.0.18

PlatinumFTP 1.0.18, and possibly earlier versions, allows remote attackers to cause a denial of service (server crash) via multiple connection attempts with a \ (backslash) in the username.

5.0
2005-05-02 CVE-2005-0778 Photopost Remote vulnerability in Photopost PHP PRO 5.0Rc3

PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is an image file, which allows remote attackers to inject arbitrary Javascript by uploading non-image files with an image extension such as .gif.

5.0
2005-05-02 CVE-2005-0776 Photopost Remote vulnerability in Photopost PHP PRO 5.0Rc3

adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify administrative privileges before manipulating photos, which could allow remote attackers to manipulate other users' photos.

5.0
2005-05-02 CVE-2005-0766 Ethereal Group Unspecified vulnerability in Ethereal Group Ethereal

Unknown vulnerability in the sFlow dissector in Ethereal 0.9.14 through 0.10.9 allows remote attackers to cause a denial of service (application crash).

5.0
2005-05-02 CVE-2005-0760 Imagemagick Unspecified vulnerability in Imagemagick

The TIFF decoder in ImageMagick before 6.0 allows remote attackers to cause a denial of service (crash) via a crafted TIFF file.

5.0
2005-05-02 CVE-2005-0746 Novell Remote Path Disclosure vulnerability in Novell Ichain 2.2/2.2.113/2.3

The Mini FTP server in Novell iChain 2.2 and 2.3 SP2 and earlier allows remote unauthenticated attackers to obtain the full path of the server via the PWD command.

5.0
2005-05-02 CVE-2005-0739 Ethereal Group Numeric Errors vulnerability in Ethereal Group Ethereal

The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does not properly use certain routines for formatting strings, which could leave it vulnerable to buffer overflows, as demonstrated using modified length values that are not properly handled by the dissect_pdus and pduval_to_str functions.

5.0
2005-05-02 CVE-2005-0738 Microsoft Resource Exhaustion vulnerability in Microsoft Exchange Server 2003

Stack consumption vulnerability in Microsoft Exchange Server 2003 SP1 allows users to cause a denial of service (hang) by deleting or moving a folder with deeply nested subfolders, which causes Microsoft Exchange Information Store service (Store.exe) to hang as a result of a large number of recursive calls.

5.0
2005-05-02 CVE-2005-0734 PY Software Denial-Of-Service vulnerability in PY Software Active Webcam 5.5

PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to cause a denial of service (memory exhaustion and process crash) via a large number of HTTP requests.

5.0
2005-05-02 CVE-2005-0733 PY Software Remote Security vulnerability in PY Software Active Webcam 5.5

PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to determine the existence of files via an HTTP request with a full pathname, which produces different messages whether the file exists or not.

5.0
2005-05-02 CVE-2005-0732 PY Software Remote Security vulnerability in PY Software Active Webcam 5.5

PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to obtain the full path of the web server via a request for a non-existent filename, which leaks the full path in an error message.

5.0
2005-05-02 CVE-2005-0730 PY Software Denial-Of-Service vulnerability in PY Software Active Webcam 5.5

PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote attackers to cause a denial of service via a request to a file on the floppy drive, as demonstrated using A:\a.txt.

5.0
2005-05-02 CVE-2005-0724 PHP Arena Information Disclosure vulnerability in paFileDB

paFileDB 3.1 and earlier allows remote attackers to obtain sensitive information via (1) an invalid str parameter to pafiledb.php, or a direct request to (2) viewall.php, (3) stats.php, (4) search.php, (5) rate.php, (6) main.php, (7) license.php, (8) category.php, (9) download.php, (10) file.php, (11) email.php, or (12) admin.php, which reveals the path in a PHP error message.

5.0
2005-05-02 CVE-2005-0705 Ethereal Group Unspecified vulnerability in Ethereal Group Ethereal 0.10.7/0.10.8/0.10.9

The GPRS-LLC dissector in Ethereal 0.10.7 through 0.10.9, with the "ignore cipher bit" option enabled.

5.0
2005-05-02 CVE-2005-0677 Phpoutsourcing Remote Security vulnerability in PHPoutsourcing Zorum 3.5

index.php for Zorum 3.5 allows remote attackers to perform certain actions as other users by modifying the id parameter.

5.0
2005-05-02 CVE-2005-0659 Phpbb Group Information Disclosure vulnerability in phpBB

phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message.

5.0
2005-05-02 CVE-2005-0655 Arif Supriyanto Information Disclosure vulnerability in Arif Supriyanto Auracms 1.5

auraCMS 1.5 allows remote attackers to obtain sensitive information via an HTTP request with an invalid id parameter to (1) teman.php, (2) hal.php, or (3) arsip.php, which reveals the path in a PHP error message.

5.0
2005-05-02 CVE-2005-0654 THE Gimp Team Denial-Of-Service vulnerability in Gimp 2.0.5/2.2.3/2.2.4

gifload.exe in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows remote attackers or local users to cause a denial of service (application crash) via the image descriptor (1) height or (2) width fields set to zero.

5.0
2005-05-02 CVE-2005-0647 PHP Arena Remote Security vulnerability in PHP Arena Panews 2.0.4B

admin_setup.php in paNews 2.0.4b allows remote attackers to inject arbitrary PHP code via the (1) $form[comments] or (2) $form[autoapprove] parameters, which are written to config.php.

5.0
2005-05-02 CVE-2005-0637 Openbsd Unspecified vulnerability in Openbsd 3.5/3.6

The copy functions in locore.s such as copyout in OpenBSD 3.5 and 3.6, and possibly other BSD based operating systems, may allow attackers to exceed certain address boundaries and modify kernel memory.

5.0
2005-05-02 CVE-2005-0621 Enlight Software Denial-Of-Service vulnerability in Enlight Software Scrapland 1.0

Scrapland 1.0 and earlier allows remote attackers to cause a denial of service (server termination) by triggering an error, which is treated as a fatal error by the server, as demonstrated using (1) signed integers for size values, (2) an invalid model, (3) a "newpos" value that is less than or equal to a size value, or (4) partial packets.

5.0
2005-05-02 CVE-2005-0607 Devellion Remote Security vulnerability in Cubecart

CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the full path of the server via direct calls without parameters to (1) information.php, (2) language.php, (3) list_docs.php, (4) popular_prod.php, (5) sale.php, (6) subfooter.inc.php, (7) subheader.inc.php, (8) cat_navi.php, or (9) check_sum.php, which reveals the path in a PHP error message.

5.0
2005-05-02 CVE-2005-0599 Cisco Remote vulnerability in Cisco Application and Content Networking System

Cisco devices running Application and Content Networking System (ACNS) 4.x, 5.0, or 5.1 before 5.1.11.6 allow remote attackers to cause a denial of service (CPU consumption) via malformed IP packets.

5.0
2005-05-02 CVE-2005-0597 Cisco Remote vulnerability in Cisco Application and Content Networking System

Cisco devices running Application and Content Networking System (ACNS) 5.0 before 5.0.17.6 and 5.1 before 5.1.11.6 allow remote attackers to cause a denial of service (process restart) via a "crafted TCP connection."

5.0
2005-05-02 CVE-2005-0590 Mozilla Remote vulnerability in Mozilla Firefox, Mozilla and Thunderbird

The installation confirmation dialog in Firefox before 1.0.1, Thunderbird before 1.0.1, and Mozilla before 1.7.6 allows remote attackers to use InstallTrigger to spoof the hostname of the host performing the installation via a long "user:pass" sequence in the URL, which appears before the real hostname.

5.0
2005-05-02 CVE-2005-0589 Mozilla Remote vulnerability in Mozilla Suite

The Form Fill feature in Firefox before 1.0.1 allows remote attackers to steal potentially sensitive information via an input control that monitors the values that are generated by the autocomplete capability.

5.0
2005-05-02 CVE-2005-0588 Mozilla Remote vulnerability in Mozilla Suite

Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict xsl:include and xsl:import tags in XSLT stylesheets to the current domain, which allows remote attackers to determine the existence of files on the local system.

5.0
2005-05-02 CVE-2005-0583 CA Unspecified vulnerability in CA License Software 0.1.0.15

Directory traversal vulnerability in Computer Associates (CA) License Client 0.1.0.15 allows remote attackers to create arbitrary files via ..

5.0
2005-05-02 CVE-2005-0574 Cupidsystems Remote Directory Traversal vulnerability in Cupidsystems CIS Webserver 3.5.13

Directory traversal vulnerability in CIS WebServer 3.5.13 allows remote attackers to read arbitrary files via ..

5.0
2005-05-02 CVE-2005-0573 ROB Flynn Denial-Of-Service vulnerability in ROB Flynn Gaim 1.1.3

Gaim 1.1.3 on Windows systems allows remote attackers to cause a denial of service (client crash) via a file transfer in which the filename contains "(" or ")" (parenthesis) characters.

5.0
2005-05-02 CVE-2005-0572 Phpwebsite Information Disclosure vulnerability in Phpwebsite

index.php in phpWebSite 0.10.0 and earlier allows remote attackers to obtain sensitive information via an invalid SEA_search_module parameter, which reveals the path in a PHP error message.

5.0
2005-05-02 CVE-2005-0571 Punbb Remote Security vulnerability in Punbb 1.2.1

admin_loader.php in PunBB 1.2.1 allows remote attackers to read arbitrary files via the plugin parameter.

5.0
2005-05-02 CVE-2005-0570 Punbb Remote Input Validation vulnerability in Punbb 1.2.1

profile.php in PunBB 1.2.1 allows remote attackers to cause a denial of service (account lockout) by setting the user's password to NULL.

5.0
2005-05-02 CVE-2005-0568 Raven Software Remote Denial Of Service vulnerability in Raven Software Soldier Of Fortune 2

Soldier of Fortune II 1.03 gold allows remote attackers to cause a denial of service (application crash) via a large cl_guid value, which results in an invalid pointer dereference.

5.0
2005-05-02 CVE-2005-0544 Phpmyadmin Remote Security vulnerability in PHPmyadmin 2.6.1

phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of the server via direct requests to (1) sqlvalidator.lib.php, (2) sqlparser.lib.php, (3) select_theme.lib.php, (4) select_lang.lib.php, (5) relation_cleanup.lib.php, (6) header_meta_style.inc.php, (7) get_foreign.lib.php, (8) display_tbl_links.lib.php, (9) display_export.lib.php, (10) db_table_exists.lib.php, (11) charset_conversion.lib.php, (12) ufpdf.php, (13) mysqli.dbi.lib.php, (14) setup.php, or (15) cookie.auth.lib.php, which reveals the path in a PHP error message.

5.0
2005-05-02 CVE-2005-0540 Cyclades Information Disclosure vulnerability in Cyclades Alterpath Manager 1.2.1

Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote attackers to obtain sensitive information via a direct request to the /about.html page.

5.0
2005-05-02 CVE-2005-0538 Ginp Directory Traversal vulnerability in Ginp 0.20/0.21

Directory traversal vulnerability in (1) GinpPictureServlet.java and (2) PicCollection.java in ginp (Java Photo Gallery Web Application) before 0.22 allows remote attackers to read arbitrary files.

5.0
2005-05-02 CVE-2005-0536 Mediawiki Unspecified vulnerability in Mediawiki

Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allows remote attackers to delete arbitrary files or determine file existence via a parameter related to image deletion.

5.0
2005-05-02 CVE-2005-0525 PHP Unspecified vulnerability in PHP

The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a JPEG image with an invalid marker value, which causes a negative length value to be passed to php_stream_seek.

5.0
2005-05-02 CVE-2005-0524 PHP Unspecified vulnerability in PHP

The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 and 5.0.3, as reachable by the getimagesize PHP function, allows remote attackers to cause a denial of service (infinite loop) via a -8 size value.

5.0
2005-05-02 CVE-2005-0500 Microsoft Unspecified vulnerability in Microsoft IE 6.0

Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to spoof the domain name of a URL in a titlebar for a script-initiated popup window, which could facilitate phishing attacks.

5.0
2005-05-02 CVE-2005-0493 Seth M Knorr Security Bypass vulnerability in Biz Mail Form

CRLF injection vulnerability in bizmail.cgi in Biz Mail Form before 2.2 allows remote attackers to bypass the email check and send spam e-mail via CRLF sequences and forged mail headers in the email parameter.

5.0
2005-05-02 CVE-2005-0461 Leonard Richardson Unknown vulnerability in NewsBruiser 2.x before 2.6.1 allows remote attackers to "take actions on comments."
5.0
2005-05-02 CVE-2005-0460 Mercuryboard Information Disclosure vulnerability in Mercuryboard 1.0/1.1/1.1.1

index.php in MercuryBoard 1.0.x and 1.1.x allows remote attackers to obtain sensitive information by setting the debug parameter.

5.0
2005-05-02 CVE-2005-0459 Phpmyadmin Remote Security vulnerability in phpMyAdmin

phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote attackers to determine the full path of the web root via a direct request to select_lang.lib.php, which reveals the path in a PHP error message.

5.0
2005-05-02 CVE-2005-0451 Sami Denial-Of-Service vulnerability in Sami Http Server 1.0.5

Sami HTTP Server 1.0.5 allows remote attackers to cause a denial of service via an HTTP request containing two CRLF sequences, which triggers a NULL dereference.

5.0
2005-05-02 CVE-2005-0450 Sami Directory Traversal vulnerability in Sami Http Server 1.0.5

Directory traversal vulnerability in Sami HTTP Server 1.0.5 allows remote attackers to read arbitrary files via an HTTP request containing (1) ..

5.0
2005-05-02 CVE-2005-0446 Squid Remote Denial Of Service vulnerability in Squid Proxy DNS Name Resolver

Squid 2.5.STABLE8 and earlier allows remote attackers to cause a denial of service (crash) via certain DNS responses regarding (1) Fully Qualified Domain Names (FQDN) in fqdncache.c or (2) IP addresses in ipcache.c, which trigger an assertion failure.

5.0
2005-05-02 CVE-2005-0442 Devellion Multiple vulnerability in Brooky Cubecart 2.0.1/2.0.4

Directory traversal vulnerability in index.php for CubeCart 2.0.4 allows remote attackers to read arbitrary files via the language parameter.

5.0
2005-05-02 CVE-2005-0438 Awstats Information Disclosure vulnerability in Awstats 6.3/6.4

awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain sensitive information by setting the debug parameter.

5.0
2005-05-02 CVE-2005-0435 Awstats Remote Security vulnerability in Awstats 6.3/6.4

awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog.

5.0
2005-05-02 CVE-2005-0432 BEA Remote Security vulnerability in BEA Weblogic Server 7.0/8.1

BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service Pack 3 and earlier, generates different login exceptions that suggest why an authentication attempt fails, which makes it easier for remote attackers to guess passwords via brute force attacks.

5.0
2005-05-02 CVE-2005-0429 Jelsoft Remote Command Execution vulnerability in VBulletin Forumdisplay.PHP

Direct code injection vulnerability in forumdisplay.php in vBulletin 3.0 through 3.0.4, when showforumusers is enabled, allows remote attackers to execute inject arbitrary PHP commands via the comma parameter.

5.0
2005-05-02 CVE-2005-0428 Powerdns Remote Denial of Service vulnerability in Powerdns 2.0Rc1/2.8/2.9.15

The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 allows remote attackers to cause a denial of service by sending a random stream of bytes.

5.0
2005-05-02 CVE-2005-0427 Gentoo Remote Security vulnerability in webmin-1.140.ebuild

The ebuild of Webmin before 1.170-r3 on Gentoo Linux includes the encrypted root password in the miniserv.users file when building a tbz2 of the webmin package, which allows remote attackers to obtain and possibly crack the encrypted password.

5.0
2005-05-02 CVE-2005-0426 SUN Local Denial Of Service vulnerability in Sun Solaris UDP Processing

Unknown vulnerability in Solaris 8 and 9 allows remote attackers to cause a denial of service (panic) via "Heavy UDP Usage" that triggers a NULL dereference.

5.0
2005-05-02 CVE-2005-0425 IBM Remote Security vulnerability in Websphere Application Server 5.0/5.1.0/6.0

Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, and 6.0 when running on Windows, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via a crafted URL that causes the page to be processed by the file serving servlet instead of the JSP engine.

5.0
2005-05-02 CVE-2005-0404 Kmail
KDE
KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email information, such as whether the email has been digitally signed or encrypted, via HTML formatted email.
5.0
2005-05-02 CVE-2005-0391 Daniel DE Rauglaudre Unspecified vulnerability in Daniel DE Rauglaudre Geneweb

geneweb 4.10 and earlier does not properly check file permissions and content during conversion, which allows attackers to modify arbitrary files.

5.0
2005-05-02 CVE-2005-0382 Breed Remote Denial of Service vulnerability in Breed Patch1

Breed patch 1 and earlier allows remote attackers to cause a denial of service (application crash) via an empty UDP packet, which triggers a null dereference.

5.0
2005-05-02 CVE-2005-0379 Zeroboard File Disclosure vulnerability in Zeroboard

Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5 and earlier allow remote attackers to read arbitrary files via a ..

5.0
2005-05-02 CVE-2005-0375 Sergey Kiselev Information Disclosure vulnerability in Sergey Kiselev Sgallery 1.01

imageview.php in SGallery 1.01 allows remote attackers to obtain sensitive information via an HTTP request with (1) idalbum and (2) idimage unset, which reveals the installation path in an error message for the sql_fetch_row function.

5.0
2005-05-02 CVE-2005-0372 GTK Remote Directory Traversal vulnerability in gFTP

Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via ..

5.0
2005-05-02 CVE-2005-0371 Armagetron Unspecified vulnerability in Armagetron and Armagetron Advanced

Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and earlier allow remote attackers to cause a denial of service (freeze) via a large number of player connections that do not send any data.

5.0
2005-05-02 CVE-2005-0370 Armagetron Denial-Of-Service vulnerability in Armagetron and Armagetron Advanced

Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and earlier allow remote attackers to cause a denial of service (network disconnection) via an empty UDP packet, which is not properly distinguished from the "no new packets" state of the associated socket.

5.0
2005-05-02 CVE-2005-0369 Armagetron Denial-Of-Service vulnerability in Armagetron and Armagetron Advanced

Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 earlier allows remote attackers to cause a denial of service (application crash) via a packet with a large (1) descriptor ID or (2) claim_id, which exceeds the boundaries of an array.

5.0
2005-05-02 CVE-2005-0366 Gnupg Inadequate Encryption Strength vulnerability in Gnupg

The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback (CFB) mode, allows remote attackers to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are known, and an oracle or other mechanism is available to determine whether an integrity check failed.

5.0
2005-05-02 CVE-2005-0345 PHP Fusion Unspecified vulnerability in PHP Fusion PHP Fusion 4.0

viewthread.php in php-fusion 4.x does not check the (1) forum_id or (2) forum_cat parameters, which allows remote attackers to view protected forums via the thread_id parameter.

5.0
2005-05-02 CVE-2005-0344 Software602 Directory Traversal vulnerability in Software602 602Lan Suite 2004.0.04.1221

Directory traversal vulnerability in 602LAN SUITE 2004.0.04.1221 allows remote authenticated users to upload and execute arbitrary files via a ..

5.0
2005-05-02 CVE-2005-0340 Apple Remote Integer Overflow vulnerability in Apple Mac OS X AppleFileServer

Integer signedness error in Apple File Service (AFP Server) allows remote attackers to cause a denial of service (application crash) via a negative UAM string length in a FPLoginExt packet.

5.0
2005-05-02 CVE-2005-0335 Emotion Multiple vulnerability in Emotion Mediapartner web Server 5.0

Directory traversal vulnerability in EMotion MediaPartner Web Server 5.0 allows remote attackers to read arbitrary files via a ..

5.0
2005-05-02 CVE-2005-0334 Linksys Unspecified vulnerability in Linksys Psus4 Printserver 6032

Linksys PSUS4 running firmware 6032 allows remote attackers to cause a denial of service (device crash) via an HTTP POST request containing an unknown parameter without a value.

5.0
2005-05-02 CVE-2005-0333 Lanchat PRO Revival Remote Denial Of Service vulnerability in Lanchat PRO Revival Lanchat PRO Revival 1.666C

LANChat Pro Revival 1.666c allows remote attackers to cause a denial of service (application crash) via a malformed UDP packet.

5.0
2005-05-02 CVE-2005-0328 Netgear
Zyxel
Remote Security vulnerability in Rt311

Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest firmware, allows remote attackers on the WAN to obtain the IP address of the LAN side interface by pinging a valid LAN IP address, which generates an ARP reply from the WAN address side that maps the LAN IP address to the WAN's MAC address.

5.0
2005-05-02 CVE-2005-0326 PHP Arena Information Disclosure vulnerability in PHP Arena Pafiledb 3.1

pafiledb.php in PaFileDB 3.1 allows remote attackers to gain sensitive information via an invalid or missing action parameter, which reveals the path in an error message when it cannot include a login.php script.

5.0
2005-05-02 CVE-2005-0325 Techland Remote Denial Of Service vulnerability in Techland Xpand Rally 1.0

Xpand Rally 1.0.0.0 allows remote attackers or remote malicious game servers to cause a denial of service (application crash) via a packet with large values that are not properly handled in certain malloc or memcpy operations.

5.0
2005-05-02 CVE-2005-0324 Captaris Path Disclosure vulnerability in Captaris Infinite Mobile Delivery Webmail 2.6

Infinite Mobile Delivery Webmail 2.6 allows remote attackers to gain sensitive information via an HTTP request that contains invalid characters for a Windows foldername, which reveals the path in an error message.

5.0
2005-05-02 CVE-2005-0310 Exponent Information Disclosure vulnerability in Exponent 0.95

Exponent 0.95 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) search.info.php, (2) permissions.info.php, (3) security.info.php, (4) formcontrol.php, or (5) file_modules.php, which reveals the path in an error message because the pathos_core_version variable is undefined.

5.0
2005-05-02 CVE-2005-0304 Divx Directory Traversal vulnerability in Divx Player 2.6

Directory traversal vulnerability in DivX Player 2.6 and earlier allows remote attackers to overwrite arbitrary files via a ..

5.0
2005-05-02 CVE-2005-0299 Gforge Information Disclosure vulnerability in GForge

Directory traversal vulnerability in GForge 3.3 and earlier allows remote attackers to list arbitrary directories via a ..

5.0
2005-05-02 CVE-2005-0298 Oracle Unspecified vulnerability in Oracle Database Server

The DIRECTORY objects in Oracle 8i through Oracle 10g contain the location of a specific operating system directory, which allows users with read privileges to a DIRECTORY object to obtain sensitive information.

5.0
2005-05-02 CVE-2005-0293 Minis Remote Directory Traversal vulnerability in Minis 0.2.1

Directory traversal vulnerability in minis.php in Minis 0.2.1 allows remote attackers to read arbitrary files via a ..

5.0
2005-05-02 CVE-2005-0289 Apple Remote Denial of Service vulnerability in Apple AirPort Wireless Distribution System

Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1, configured as a Wireless Data Service (WDS), allows remote attackers to cause a denial of service (device freeze) by connecting to UDP port 161 and before link-state change occurs.

5.0
2005-05-02 CVE-2005-0286 Emotion Multiple vulnerability in eMotion MediaPartner Enterprise

eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to obtain sensitive information via an HTTP request for a .bhtml file that contains a (1) .

5.0
2005-05-02 CVE-2005-0279 Jowood Productions Remote vulnerability in Soldner Secret Wars

Soldner Secret Wars 30830 and earlier does not properly handle the "message too long" socket error, which allows remote attackers to cause a denial of service (socket termination) via a long UDP packet.

5.0
2005-05-02 CVE-2005-0278 3Com Remote vulnerability in 3Com 3Cdaemon 2.0

The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to gain sensitive information via a cd command that contains an MS-DOS device name, which reveals the installation path in an error message.

5.0
2005-05-02 CVE-2005-0277 3Com Remote vulnerability in 3Com 3Cdaemon 2.0

Buffer overflow in the FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via (1) a long username in the USER command or (2) an FTP command that contains a long argument, such as cd, send, or ls.

5.0
2005-05-02 CVE-2005-0276 3Com Remote vulnerability in 3Com 3Cdaemon 2.0

Multiple format string vulnerabilities in the FTP service in 3Com 3CDaemon 2.0 revision 10 allow remote attackers to cause a denial of service (application crash) via format string specifiers in (1) the username, (2) cd, (3) delete, (4) rename, (5) rmdir, (6) literal, (7) stat, or (8) CWD commands.

5.0
2005-05-02 CVE-2005-0275 3Com Denial-Of-Service vulnerability in 3Com 3Cdaemon 2.0

TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) via a GET request containing an MS-DOS device name.

5.0
2005-05-02 CVE-2005-0256 Washington University Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Washington University Wu-Ftpd 2.6.1/2.6.2

The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command.

5.0
2005-05-02 CVE-2005-0255 Mozilla Remote vulnerability in Mozilla Firefox, Mozilla and Thunderbird

String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption.

5.0
2005-05-02 CVE-2005-0254 Biborb Input Validation vulnerability in Biborb 1.3.2

BibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for uploading only PDF and PS files, which allows remote attackers to upload arbitrary files that are presented to other users with PDF or PS icons, which may trick some users into downloading and executing those files.

5.0
2005-05-02 CVE-2005-0253 Biborb Input Validation vulnerability in Biborb 1.3.2

Directory traversal vulnerability in index.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to delete arbitrary files via a Delete action and ..

5.0
2005-05-02 CVE-2005-0246 Postgresql Remote vulnerability in PostgreSQL

The intagg contrib module for PostgreSQL 8.0.0 and earlier allows attackers to cause a denial of service (crash) via crafted arrays.

5.0
2005-05-02 CVE-2005-0241 Squid Remote vulnerability in Squid Proxy Oversize HTTP Headers

The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.

5.0
2005-05-02 CVE-2005-0238 Gnome
Mozilla
Omnigroup
Opera Software
The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.
5.0
2005-05-02 CVE-2005-0237 KDE Unspecified vulnerability in KDE and Konqueror

The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

5.0
2005-05-02 CVE-2005-0236 Omnigroup Unspecified vulnerability in Omnigroup Omniweb 5

The International Domain Name (IDN) support in Omniweb 5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

5.0
2005-05-02 CVE-2005-0235 Opera Software Unspecified vulnerability in Opera Software Opera web Browser 7.54

The International Domain Name (IDN) support in Opera 7.54 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

5.0
2005-05-02 CVE-2005-0234 Apple Unspecified vulnerability in Apple Safari 1.2.5

The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

5.0
2005-05-02 CVE-2005-0223 SUN
Compaq
Denial-Of-Service vulnerability in Rte

The Software Development Kit (SDK) and Run Time Environment (RTE) 1.4.1 and 1.4.2 for Tru64 UNIX allows remote attackers to cause a denial of service (Java Virtual Machine hang) via object deserialization.

5.0
2005-05-02 CVE-2005-0222 Gallery Project Denial-Of-Service vulnerability in Gallery Project Gallery 2.0Alpha

main.php in Gallery 2.0 Alpha allows remote attackers to gain sensitive information by changing the value of g2_subView parameter, which reveals the path in an error message.

5.0
2005-05-02 CVE-2005-0220 Gallery Project Cross-Site Scripting vulnerability in Gallery Project Gallery 1.4.4Pl2

Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 allows remote attackers to inject arbitrary web script or HTML via the username field.

5.0
2005-05-02 CVE-2005-0218 Clam Anti Virus Unspecified vulnerability in Clam Anti-Virus Clamav

ClamAV 0.80 and earlier allows remote attackers to bypass virus scanning via a base64 encoded image in a data: (RFC 2397) URL.

5.0
2005-05-02 CVE-2005-0215 Mozilla Denial-Of-Service vulnerability in Mozilla 1.6

Mozilla 1.6 and possibly other versions allows remote attackers to cause a denial of service (application crash) via a XBM (X BitMap) file with a large (1) height or (2) width value.

5.0
2005-05-02 CVE-2005-0214 Alexander Palmo Remote Directory Traversal vulnerability in Alexander Palmo Simple PHP Blog 0.3.7C

Directory traversal vulnerability in Simple PHP Blog (SPHPBlog) 0.3.7c allows remote attackers to read or create arbitrary files via a ..

5.0
2005-05-02 CVE-2005-0213 Webtoolmaster Software Remote vulnerability in Webtoolmaster Software Winhki 1.4D

Directory traversal vulnerability in WinHKI 1.4d allows remote attackers to overwrite arbitrary files via a ..

5.0
2005-05-02 CVE-2005-0212 AMP Remote Denial Of Service vulnerability in Amp II 3D Game Engine

The Amp II engine as used by Gore: Ultimate Soldier 1.50 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero byte UDP packet.

5.0
2005-05-02 CVE-2005-0208 ROB Flynn Remote Denial of Service vulnerability in Gaim

The HTML parsing functions in Gaim before 1.1.4 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0473.

5.0
2005-05-02 CVE-2005-0202 GNU Unspecified vulnerability in GNU Mailman

Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences.

5.0
2005-05-02 CVE-2005-0196 Cisco Unspecified vulnerability in Cisco IOS

Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp log-neighbor-changes command, allows remote attackers to cause a denial of service (device reload) via a malformed BGP packet.

5.0
2005-05-02 CVE-2005-0195 Cisco Unspecified vulnerability in Cisco IOS

Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a denial of service (device restart) via a crafted IPv6 packet.

5.0
2005-05-02 CVE-2005-0148 Mozilla Unspecified vulnerability in Mozilla Thunderbird 0.6/0.7/0.8

Thunderbird before 0.9, when running on Windows systems, uses the default handler when processing javascript: links, which invokes Internet Explorer and may expose the Thunderbird user to vulnerabilities in the version of Internet Explorer that is installed on the user's system.

5.0
2005-05-02 CVE-2005-0146 Mozilla Unspecified vulnerability in Mozilla Firefox and Mozilla

Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to obtain sensitive data from the clipboard via Javascript that generates a middle-click event on systems for which a middle-click performs a paste operation.

5.0
2005-05-02 CVE-2005-0133 Clam Anti Virus Unspecified vulnerability in Clam Anti-Virus Clamav

ClamAV 0.80 and earlier allows remote attackers to cause a denial of service (clamd daemon crash) via a ZIP file with malformed headers.

5.0
2005-05-02 CVE-2005-0127 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

Mail in Mac OS X 10.3.7, when generating a Message-ID header, generates a GUUID that includes information that identifies the Ethernet hardware being used, which allows remote attackers to link mail messages to a particular machine.

5.0
2005-05-02 CVE-2005-0083 Mysql Unspecified vulnerability in Mysql Maxdb 7.5.00

MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and other platforms, allows remote attackers to cause a denial of service (application crash) via invalid parameters to the (1) DBMCli_String::ReallocString, (2) DBMCli_String::operator, (3) DBMCli_Buffer::ForceResize, (4) DBMCli_Wizard::InstallDatabase, (5) DBMCli_Devspaces::Complete, (6) DBMWeb_TemplateWizard::askForWriteCountStep5, or (7) DBMWeb_DBMWeb::wizardDB functions, which triggers a null dereference.

5.0
2005-05-02 CVE-2005-0080 GNU
Ubuntu
Remote Security vulnerability in Ubuntu Linux

The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address.

5.0
2005-05-02 CVE-2005-0071 VDR Remote File Access vulnerability in VDR Daemon

vdr before 1.2.6 does not securely create files, which allows attackers to overwrite arbitrary files.

5.0
2005-05-02 CVE-2005-0033 ISC Remote Buffer Overflow vulnerability in ISC Bind 8.4.4/8.4.5

Buffer overflow in the code for recursion and glue fetching in BIND 8.4.4 and 8.4.5 allows remote attackers to cause a denial of service (crash) via queries that trigger the overflow in the q_usedns array that tracks nameservers and addresses.

5.0
2005-05-02 CVE-2005-0010 Ethereal Group Dissector vulnerability in Multiple Ethereal

Unknown vulnerability in the MMSE dissector in Ethereal 0.10.4 through 0.10.8 allows remote attackers to cause a denial of service by triggering a free of statically allocated memory.

5.0
2005-05-02 CVE-2005-0009 Ethereal Group Dissector vulnerability in Ethereal Group Ethereal 0.10.6/0.10.7/0.10.8

Unknown vulnerability in the Gnutella dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service (application crash).

5.0
2005-05-02 CVE-2005-0008 Ethereal Group Dissector vulnerability in Multiple Ethereal

Unknown vulnerability in the DNP dissector in Ethereal 0.10.5 through 0.10.8 allows remote attackers to cause "memory corruption."

5.0
2005-05-02 CVE-2005-0007 Ethereal Group Dissector vulnerability in Ethereal Group Ethereal 0.10.6/0.10.7/0.10.8

Unknown vulnerability in the DLSw dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service (application crash from assertion).

5.0
2005-05-02 CVE-2005-0006 Ethereal Group Dissector vulnerability in Ethereal Group Ethereal 0.10.6/0.10.7/0.10.8

The COPS dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service (infinite loop).

5.0
2005-05-02 CVE-2001-1420 AOL Denial of Service vulnerability in AOL Instant Messenger 4.7

AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application crash) via a long filename, possibly caused by a buffer overflow.

5.0
2005-05-02 CVE-1999-1557 Ipswitch Denial-Of-Service vulnerability in Ipswitch Imail 5.0

Buffer overflow in the login functions in IMAP server (imapd) in Ipswitch IMail 5.0 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via (1) a long user name or (2) a long password.

5.0
2005-05-02 CVE-1999-1374 Arpanet Unspecified vulnerability in Arpanet Perlshop

perlshop.cgi shopping cart program stores sensitive customer information in directories and files that are under the web root, which allows remote attackers to obtain that information via an HTTP request.

5.0
2005-05-04 CVE-2005-1330 Apple Improper Input Validation vulnerability in Apple mac OS X and mac OS X Server

AppKit in Mac OS X 10.3.9 allows attackers to cause a denial of service (Cocoa application crash) via a malformed TIFF image that causes the NXSeek to use an incorrect offset, leading to an unhandled exception.

4.9
2005-05-02 CVE-2005-0210 Linux Resource Management Errors vulnerability in Linux Kernel 2.6.8.1

Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a denial of service (memory consumption) via certain packet fragments that are reassembled twice, which causes a data structure to be allocated twice.

4.9
2005-05-06 CVE-2005-1406 Freebsd Local Kernel Memory Disclosure vulnerability in FreeBSD

The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly clear certain fixed-length buffers when copying variable-length data for use by applications, which could allow those applications to read previously used sensitive memory.

4.6
2005-05-06 CVE-2005-1400 Freebsd Unspecified vulnerability in Freebsd

The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 allows local users to access sensitive kernel memory via arguments with negative or very large values.

4.6
2005-05-06 CVE-2005-1399 Freebsd Unspecified vulnerability in Freebsd

FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions for the /dev/iir device, which allows local users to execute restricted ioctl calls to read or modify data on hardware that is controlled by the iir driver.

4.6
2005-05-04 CVE-2005-1338 Apple Local Security vulnerability in Apple mac OS X 10.3.9

Mac OS X 10.3.9, when using an LDAP server that does not use ldap_extended_operation, may store initial LDAP passwords for new accounts in plaintext.

4.6
2005-05-04 CVE-2005-1336 Apple Local Security vulnerability in Apple mac OS X 10.3.9

Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows local users to execute arbitrary code via a long environment variable.

4.6
2005-05-04 CVE-2005-1194 Redhat Remote Buffer Overflow vulnerability in Redhat products

Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287.

4.6
2005-05-03 CVE-2005-1442 IBM Local NOTES.INI Buffer Overflow vulnerability in IBM Lotus Notes

Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 and 6.0 before 6.0.5 allows local users to cause a denial of service (client crash) and possibly execute arbitrary code via the NOTES.INI file.

4.6
2005-05-03 CVE-2005-1433 HP Denial-Of-Service vulnerability in OpenView Event Correlation Services 3.2/3.3

Multiple unknown vulnjerabilities HP OpenView Event Correlation Services (OV ECS) 3.32 and 3.33 allow attackers to cause a denial of service or execute arbitrary code.

4.6
2005-05-03 CVE-2005-1418 Netleaf Limited Local Information Disclosure vulnerability in Netleaf Limited Notjustbrowsing 1.0.3

NetLeaf Limited NotJustBrowsing 1.0.3 stores the View Lock Password in plaintext in the notjustbrowsing.prf file, which allows local users to gain privileges.

4.6
2005-05-03 CVE-2005-1414 Exoticsoft Local Information Disclosure vulnerability in FilePocket

ExoticSoft FilePocket 1.2 stores sensitive proxy information, including proxy passwords, in plaintext in the registry, which allows local users to gain privileges.

4.6
2005-05-03 CVE-2005-1411 Cybration Password Local Information Disclosure vulnerability in Cybration Icuii 7.0

Cybration ICUII 7.0 stores passwords in plaintext in the world-readable icuii.ini file, which allows local users to gain privileges.

4.6
2005-05-03 CVE-2005-1407 Skype Technologies Local Security vulnerability in Skype

Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the identity check for an authorized application, then call arbitrary Skype API functions by modifying or replacing that application.

4.6
2005-05-03 CVE-2005-1393 Esri Unspecified vulnerability in Esri Arcinfo Workstation 9.0

Multiple buffer overflows in ArcGIS for ESRI ArcInfo Workstation 9.0 allow local users to execute arbitrary code via long command line arguments to (1) asmaster, (2) asuser, (3) asutility, (4) se, or (5) asrecovery.

4.6
2005-05-03 CVE-2005-1392 Phpmyadmin Unspecified vulnerability in PHPmyadmin 2.6.2

The SQL install script in phpMyAdmin 2.6.2 is created with world-readable permissions, which allows local users to obtain the initial database password by reading the script.

4.6
2005-05-03 CVE-2005-1379 Mandrakesoft Unspecified vulnerability in Mandrakesoft Mandrake Lam-Runtime 7.0.6.2Mdk

The LAM runtime environment package (lam-runtime-7.0.6-2mdk) on Mandrake Linux installs the mpi user without a password, which allows local users to gain privileges.

4.6
2005-05-03 CVE-2005-1372 Bakbone Local Privilege Escalation vulnerability in BakBone NetVault NVStatsMngr.EXE

nvstatsmngr.exe process in BakBone NetVault 7.1 does not properly drop privileges before opening files, which allows local users to gain privileges via the Help menu.

4.6
2005-05-03 CVE-2005-0106 Ubuntu Unspecified vulnerability in Ubuntu Linux 5.04

SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGD_PATH variable, which allows local users to reduce the cryptographic strength of certain operations by modifying the file.

4.6
2005-05-02 CVE-2005-1229 GNU Directory Traversal vulnerability in CPIO Filename

Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a ..

4.6
2005-05-02 CVE-2005-1185 Musicmatch Local Security vulnerability in Jukebox

Unquoted Windows search path vulnerability in Musicmatch Jukebox 10.00.2047 and earlier allows local users to gain privileges via a malicious C:\program.exe file, which is run by MMFWLaunch.exe when it attempts to execute launch.exe.

4.6
2005-05-02 CVE-2005-1124 SUN Local Security vulnerability in Solaris

Unknown vulnerability in the libgss Generic Security Services Library in Solaris 7, 8, and 9 allows local users to gain privileges by loading their own GSS-API.

4.6
2005-05-02 CVE-2005-1097 Rebrand Local Security vulnerability in Rebrand P2P Share SPY 2.2

Rebrand P2P Share Spy 2.2 stores the user password in plaintext in the txtPassword value in the registry, which allows local users to gain privileges.

4.6
2005-05-02 CVE-2005-0993 SCO Local Buffer Overflow vulnerability in SCO OpenServer NWPrint Command Line Argument

Buffer overflow in nwprint in SCO OpenServer 5.0.7 allows local users to execute arbitrary code via a long command line argument.

4.6
2005-05-02 CVE-2005-0964 Kerio Local Network Access Restriction Bypass vulnerability in Kerio Personal Firewall

Unknown vulnerability in Kerio Personal Firewall 4.1.2 and earlier allows local users to bypass firewall rules via a malicious process that impersonates a legitimate process that has fewer restrictions.

4.6
2005-05-02 CVE-2005-0921 Microsoft Unspecified vulnerability in Microsoft Outlook Connector 2002

Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local users to save passwords and login credentials locally, even when password caching is disabled by a group policy.

4.6
2005-05-02 CVE-2005-0844 Nortel Cryptographic Issues vulnerability in Nortel Contivity 5.01

Nortel VPN client 5.01 stores the cleartext password in the memory of the Extranet.exe process, which could allow local users to obtain sensitive information.

4.6
2005-05-02 CVE-2005-0823 Thepoolclub Local Credential Storage vulnerability in Thepoolclub Ipool and Isnooker

ThePoolClub (1) iPool and (2) iSnooker 1.6.81 and earlier stores usernames and passwords in cleartext in the MyDetails.txt file, which allows local users to gain privileges.

4.6
2005-05-02 CVE-2005-0811 Notify Technology Multiple vulnerability in Notify Technology Notifylink Enterpriseserver

The web interface in NotifyLink 3.0 does not properly restrict access to functions that have been disabled in the GUI, which allows remote authenticated users to bypass intended restrictions via a direct request to certain URLs.

4.6
2005-05-02 CVE-2005-0763 Midnight Commander Unspecified vulnerability in Midnight Commander Midnight Commander

Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may allow attackers to execute arbitrary code.

4.6
2005-05-02 CVE-2005-0712 Apple Unspecified vulnerability in Apple mac OS X 10.1/10.2/10.3.4

Mac OS X before 10.3.8 users world-writable permissions for certain directories, which may allow local users to gain privileges, possibly via the receipt cache or ColorSync profiles.

4.6
2005-05-02 CVE-2005-0710 Mysql
Oracle
Remote vulnerability in MySQL AB MySQL

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to bypass library path restrictions and execute arbitrary libraries by using INSERT INTO to modify the mysql.func table, which is processed by the udf_init function.

4.6
2005-05-02 CVE-2005-0709 Mysql
Oracle
Code Injection vulnerability in multiple products

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote authenticated users with INSERT and DELETE privileges to execute arbitrary code by using CREATE FUNCTION to access libc calls, as demonstrated by using strcat, on_exit, and exit.

4.6
2005-05-02 CVE-2005-0666 THE PAX Team Privilege Escalation vulnerability in PaX VMA Mirroring

Unknown vulnerability in PaX from the September 2003 release to 2.2 before 2005.03.05, related to SEGMEXEC or RANDEXEC and VMA mirroring, allows local users and possibly remote attackers to bypass intended access restrictions and execute arbitrary code.

4.6
2005-05-02 CVE-2005-0653 Phpmyadmin Local Security vulnerability in PHPmyadmin 2.6.1

phpMyAdmin 2.6.1 does not properly grant permissions on tables with an underscore in the name, which grants remote authenticated users more privileges than intended.

4.6
2005-05-02 CVE-2005-0627 Trolltech Local Code Execution vulnerability in Trolltech QT

Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be world-writable, to load shared libraries regardless of the LD_LIBRARY_PATH environment variable, which allows local users to execute arbitrary programs.

4.6
2005-05-02 CVE-2005-0604 GFI Local Security vulnerability in GFI Languard Network Security Scanner 5.0

lnss.exe in GFI Languard Network Security Scanner 5.0 stores the username and password in memory in plaintext, which could allow local administrators to obtain domain administrator credentials.

4.6
2005-05-02 CVE-2005-0581 CA Unspecified vulnerability in CA License Software 0.1.0.15

Multiple buffer overflows in Computer Associates (CA) License Client and Server 0.1.0.15 allow remote attackers to execute arbitrary code via (1) certain long fields in the Checksum item in a GCR request, (2) a long IP address, hostname, or netmask values in a GCR request, (3) a long last parameter in a GETCONFIG packet, or (4) long values in a request with an invalid format.

4.6
2005-05-02 CVE-2005-0542 Cyclades Local Security vulnerability in Cyclades Alterpath Manager 1.2.1

saveUser.do in Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows local users to gain privileges by setting the adminUser parameter to true.

4.6
2005-05-02 CVE-2005-0539 IBM Local Security vulnerability in IBM Hardware Management Console 4.1/4.2

Unknown vulnerability in IBM Hardware Management Console (HMC) before 4.4 for POWER5 servers allows local users to gain privileges, related to the Guided Setup Wizard.

4.6
2005-05-02 CVE-2005-0522 Lionmax Software Unspecified vulnerability in Lionmax Software Chat Anywhere 2.72A

Chat Anywhere 2.72a stores sensitive information such as passwords in plaintext in the .INI file for a chatroom, which allows local users to gain privileges.

4.6
2005-05-02 CVE-2005-0311 Ingate Unspecified vulnerability in Ingate Firewall

Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session for an active user when the administrator disables that user from a resource, which could allow remote authenticated users to retain unauthorized access to resources.

4.6
2005-05-02 CVE-2005-0285 Bottomline Unspecified vulnerability in Bottomline Webseries Payment Application 4.0

Webseries Payment Application does not properly restrict privileged operations, which allows remote authenticated users to gain privileges by directly accessing certain URLs.

4.6
2005-05-02 CVE-2005-0205 Bernd Wuebben
KDE
KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to /etc/hosts and /etc/resolv.conf and gain control over DNS name resolution by opening a number of file descriptors before executing kppp.
4.6
2005-05-02 CVE-2005-0155 Larry Wall Local vulnerability in Larry Wall Perl 5.8.0

The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable.

4.6
2005-05-02 CVE-2005-0121 Alexander Siegel Local Security vulnerability in Alexander Siegel Golddig 2.0

Multiple buffer overflows in golddig 2.0 and earlier allow local users to execute arbitrary code via (1) a long map name command line argument or (2) a long username as recorded in the USER environment variable.

4.6
2005-05-02 CVE-2005-0079 Xtrlock Local Buffer Overflow vulnerability in Xtrlock 2.0

Buffer overflow in xtrlock 2.0 allows local users to cause a denial of service (application crash) and hijack the desktop session.

4.6
2005-05-02 CVE-2005-0078 Debian
KDE
Redhat
The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session.
4.6
2005-05-02 CVE-2005-0073 Debian Unspecified vulnerability in Debian Sympa 3.3.3

Buffer overflow in queue.c in a support script for sympa 3.3.3, when running setuid, allows local users to execute arbitrary code.

4.6
2005-05-02 CVE-2005-0022 University OF Cambridge Remote Buffer Overflow vulnerability in University of Cambridge Exim 4.41/4.42

Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.

4.6
2005-05-03 CVE-2005-1388 Survivor Cross-Site Scripting vulnerability in Survivor 0.9.5A

Cross-site scripting (XSS) vulnerability in SURVIVOR before 0.9.6 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2005-05-02 CVE-2005-1359 Text CGI Cross-Site Scripting vulnerability in Text.Cgi

Cross-site scripting (XSS) vulnerability in text.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument.

4.3
2005-05-02 CVE-2005-1356 Includer CGI Cross-Site Scripting vulnerability in Includer.Cgi

Cross-site scripting (XSS) vulnerability in includer.cgi script in The Includer allows remote attackers to inject arbitrary web script or HTML via the argument.

4.3
2005-05-02 CVE-2005-1352 Leif M Wright Cross-Site Scripting vulnerability in ad.cgi

Cross-site scripting (XSS) vulnerability in the ad.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument.

4.3
2005-05-02 CVE-2005-1327 Woltlab Cross-Site Scripting vulnerability in WoltLab Burning Board

Cross-site scripting (XSS) vulnerability in pms.php for Woltlab Burning Board 2.3.1 PL2 and earlier allows remote attackers to inject arbitrary web script or HTML via the folderid parameter.

4.3
2005-05-02 CVE-2005-1324 Matthieu Aubry Cross-Site Scripting vulnerability in Phpmyvisites

Multiple cross-site scripting (XSS) vulnerabilities in index.php for phpMyVisites allow remote attackers to inject arbitrary web script or HTML via the (1) part, (2) per, or (3) site parameters.

4.3
2005-05-02 CVE-2005-1322 Horde Cross-Site Scripting vulnerability in Horde NAG 1.1.1/1.1.2

Cross-site scripting (XSS) vulnerability in Horde Nag Task List Manager before 1.1.3 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.

4.3
2005-05-02 CVE-2005-1321 Horde Cross-Site Scripting vulnerability in Vaction

Cross-site scripting (XSS) vulnerability in Horde Vacation module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.

4.3
2005-05-02 CVE-2005-1320 Horde Cross-Site Scripting vulnerability in Mnemo

Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.

4.3
2005-05-02 CVE-2005-1319 Horde Cross-Site Scripting vulnerability in IMP

Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client before 3.2.8 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.

4.3
2005-05-02 CVE-2005-1318 Horde Cross-Site Scripting vulnerability in Horde Forwards 2.1/2.2/2.2.1

Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail Forwarding Manager before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.

4.3
2005-05-02 CVE-2005-1316 Horde Cross-Site Scripting vulnerability in Horde Accounts 2.1/2.1.1

Cross-site scripting (XSS) vulnerability in Horde Accounts module before 2.1.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.

4.3
2005-05-02 CVE-2005-1315 Horde Cross-Site Scripting vulnerability in Turba

Cross-site scripting (XSS) vulnerability in Horde Turba module before 1.2.5 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.

4.3
2005-05-02 CVE-2005-1314 Horde Cross-Site Scripting vulnerability in Horde Kronolith 1.1.3

Cross-site scripting (XSS) vulnerability in Horde Kronolith module before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.

4.3
2005-05-02 CVE-2005-1313 Horde Cross-Site Scripting vulnerability in Passwd

Cross-site scripting (XSS) vulnerability in Horde Passwd module before 2.2.2 allows remote attackers to inject arbitrary web script or HTML via the parent's frame page title.

4.3
2005-05-02 CVE-2005-1311 Yappa NG Cross-Site Scripting vulnerability in Yappa-NG

Cross-site scripting (XSS) vulnerability in Yappa-NG before 2.3.2 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2005-05-02 CVE-2005-1309 Eaden Mckee Cross-Site Scripting vulnerability in Eaden Mckee Bblog 0.7.4

Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows remote attackers to inject arbitrary web script or HTML via the (1) entry title field or (2) comment body text.

4.3
2005-05-02 CVE-2005-1292 Elemental Software Cross-Site Scripting vulnerability in CartWIZ

Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP Cart allow remote attackers to inject arbitrary web script or HTML via the idProduct parameter to (1) tellAFriend.asp or (2) addToWishlist.asp, redirect parameter to (3) access.asp or (4) login.asp, message parameter to (5) login.asp or (6) error.asp, or (7) sku or (8) name parameter to searchResults.asp.

4.3
2005-05-02 CVE-2005-1290 Phpbb Group Cross-Site Scripting vulnerability in phpBB

Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) u parameter to profile.php, (2) highlight parameter to viewtopic.php, or (3) forumname or forumdesc parameters to admin_forums.php.

4.3
2005-05-02 CVE-2005-1282 Argosoft HTML Injection vulnerability in Argosoft Mail Server 1.8.7.6

Multiple cross-site scripting (XSS) vulnerabilities in Argosoft Mail Server Pro 1.8.7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the src parameter in an IMG tag, (2) User settings, or (3) Address book input boxes in the webmail interface.

4.3
2005-05-02 CVE-2005-1245 Mediawiki HTML Tidy Cross-Site Scripting vulnerability in MediaWiki

Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, when using HTML Tidy ($wgUseTidy), allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2005-05-02 CVE-2005-1231 Jaws HTML Injection vulnerability in Jaws 0.3/0.4/0.5Beta2

Cross-site scripting (XSS) vulnerability in the NewTerm function in GlossaryModel.php in JAWS 0.4 allows remote attackers to inject arbitrary web script or HTML via the (1) term or (2) description.

4.3
2005-05-02 CVE-2005-1189 Webcamxp Cross-Site Scripting vulnerability in Webcamxp Pro

Cross-site scripting (XSS) vulnerability in WebcamXP PRO v2.16.468 and earlier allows remote attackers to inject arbitrary web script or HTML via the chat name, as demonstrated by using an IFRAME to redirect users to other sites.

4.3
2005-05-02 CVE-2005-1188 Comersus Open Technologies Cross-Site Scripting vulnerability in Comersus Cart Comersus_Search_Item.ASP

Cross-site scripting (XSS) vulnerability in comersus_searchItem.asp in Comersus 3.90 to 4.51 allows remote attackers to inject arbitrary web script or HTML via the curPage parameter.

4.3
2005-05-02 CVE-2005-1183 Mvnforum Cross-Site Scripting vulnerability in Mvnforum 1.0Rc4

Cross-site scripting (XSS) vulnerability in mvnForum 1.0 RC4 allows remote attackers to inject arbitrary web script or HTML via the Search parameter.

4.3
2005-05-02 CVE-2005-1172 Coppermine HTML Injection vulnerability in Coppermine Photo Gallery X-Forwarded-For Logging

Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine Photo Gallery 1.3.x allows remote attackers to inject arbitrary web script or HTML via the X-Forwarded-For parameter.

4.3
2005-05-02 CVE-2005-1171 Datenbank Module Remote Mod.PHP Cross-Site Scripting vulnerability in Datenbank Module For PHPBB

Cross-site scripting (XSS) vulnerability in mod.php in the datenbank module for phpBB allows remote attackers to inject arbitrary web script or HTML via the id parameter.

4.3
2005-05-02 CVE-2005-1135 Alexander Palmo Cross-Site Scripting vulnerability in Alexander Palmo Simple PHP Blog 0.4.0

Cross-site scripting (XSS) vulnerability in search.php for Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

4.3
2005-05-02 CVE-2005-1120 Ilohamail Remote HTML Injection vulnerability in IlohaMail Email Message

Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail 0.8.14 and earlier allow remote attackers to inject arbitrary web script or HTML via the e-mail (1) body, (2) filename, or (3) MIME type.

4.3
2005-05-02 CVE-2005-1116 Phpbb Group Cross-Site Scripting vulnerability in phpBB

Cross-site scripting (XSS) vulnerability in the Calendar module for phpBB allow remote attackers to inject arbitrary web script or HTML via the start parameter to calendar_scheduler.php.

4.3
2005-05-02 CVE-2005-1115 Phpbb Group
Smartor
Cross-Site Scripting vulnerability in PHPBB Photo Album Module

Multiple cross-site scripting (XSS) vulnerabilities in Photo Album 2.0.53 module for phpBB allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) album_cat.php or (2) album_comment.php.

4.3
2005-05-02 CVE-2005-1113 Phpbb Group Cross-Site Scripting vulnerability in PHPbb Group PHPbb Plus 1.3/1.51

Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 and earlier allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) groupcp.php, (2) index.php, (3) portal.php, (4) viewforum.php, or (5) viewtopic.php, (6) the c parameter to index.php, or (7) the article parameter to portal.php.

4.3
2005-05-02 CVE-2005-1104 Centra Unspecified vulnerability in Centra 7

Multiple cross-site scripting (XSS) vulnerabilities in Centra 7 allow remote attackers to inject arbitrary web script or HTML via the (1) username, (2) first name, or (3) last name fields.

4.3
2005-05-02 CVE-2005-1095 Ocean12 Technologies Cross-Site Scripting vulnerability in Ocean12 Membership Manager Pro

Cross-site scripting (XSS) vulnerability in main.asp for Ocean12 Membership Manager Pro 1.x allows remote attackers to inject arbitrary web script or HTML via the page parameter.

4.3
2005-05-02 CVE-2005-1085 Aewebworks Cross-site scripting (XSS) vulnerability in the control panel in aeDating 3.2 allows remote attackers to inject arbitrary web script or HTML.
4.3
2005-05-02 CVE-2005-1081 Azerbaijan Development Group Multiple vulnerability in Azerbaijan Development Group Azdgdating 1.1.0

Cross-site scripting (XSS) vulnerability in view.php in AzDGDatingPlatinum 1.1.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter.

4.3
2005-05-02 CVE-2005-1076 Webct HTML Injection vulnerability in Webct Campus4.1

Cross-site scripting (XSS) vulnerability in the discussion board functionality for WebCT Campus Edition 4.1 allows remote attackers to inject arbitrary web script or HTML via the message field.

4.3
2005-05-02 CVE-2005-1075 Radscripts Multiple vulnerability in Radscripts Radbids 2

Multiple cross-site scripting (XSS) vulnerabilities in RadScripts RadBids Gold 2 allow remote attackers to inject arbitrary web script or HTML via (1) the farea parameter to faq.php or the (2) cat, (3) order, or (4) area parameters to index.php.

4.3
2005-05-02 CVE-2005-1068 Scssboard Cross-site scripting (XSS) vulnerability in sCssBoard 1.11 and earlier allows remote attackers to execute arbitrary Javascript via [url] tags.
4.3
2005-05-02 CVE-2005-1053 Moderngigabyte Unspecified vulnerability in Moderngigabyte Modernbill

Multiple cross-site scripting (XSS) vulnerabilities in orderwiz.php in ModernBill 4.3.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) c_code or (2) aid parameters.

4.3
2005-05-02 CVE-2005-1030 Active WEB Softwares Cross-Site Scripting vulnerability in Active web Softwares Active Auction House 7.1

Multiple cross-site scripting (XSS) vulnerabilities in Active Auction House allow remote attackers to inject arbitrary web script or HTML via the (1) ReturnURL, (2) password, (3) username parameter, (4) ReturnURL parameter to account.asp, (5) Table, (6) Title parameter to sendpassword.asp, or (7) itemid to watchthisitem.asp.

4.3
2005-05-02 CVE-2005-1027 Francisco Burzi Cross-Site Scripting vulnerability in PHP-Nuke Modules.PHP Username URI Parameter

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in the Your_Account module, (2) avatarcategory parameter in the Your_Account module, or (3) lid parameter in the Downloads module.

4.3
2005-05-02 CVE-2005-1023 Francisco Burzi Unspecified vulnerability in Francisco Burzi PHP-Nuke

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x to 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) min parameter to the Search module, (2) the categories parameter to the FAQ module, or (3) the ltr parameter to the Encyclopedia module.

4.3
2005-05-02 CVE-2005-1016 Maxwebportal Input Validation vulnerability in MaxWebPortal Events And Links Interface

Cross-site scripting (XSS) vulnerability in links_add_form.asp for MaxWebPortal 1.33 and earlier allows remote attackers to inject arbitrary web script or HTML via a Javascript URL in a banner URL.

4.3
2005-05-02 CVE-2005-1012 Iatek Cross-Site Scripting vulnerability in SiteEnable

Cross-site scripting (XSS) vulnerability in Iatek SiteEnable allows remote attackers to inject arbitrary web script or HTML via (1) the contenttype parameter to content.asp, (2) the title, or (3) the description.

4.3
2005-05-02 CVE-2005-1010 Comersus Open Technologies HTML Injection vulnerability in Comersus Open Technologies Comersus Cart 6.0.3

Cross-site scripting (XSS) vulnerability in Comersus Cart 6 allows remote attackers to inject arbitrary web script or HTML via the account username.

4.3
2005-05-02 CVE-2005-1008 ASP DEV Unspecified vulnerability in Asp-Dev XM Forum RC3

Cross-site scripting (XSS) vulnerability in posts.asp for ASP-DEv XM Forum RC3 allows remote attackers to inject arbitrary web script or HTML via a "javascript:" URL in an IMG tag.

4.3
2005-05-02 CVE-2005-1006 Sonicwall Remote Input Validation vulnerability in Sonicwall Soho 5.1.7.0

Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO 5.1.7.0 allow remote attackers to inject arbitrary web script or HTML via (1) the URL or (2) the user login name, which is not filtered when the administrator views the log file.

4.3
2005-05-02 CVE-2005-1004 Profitcode Unspecified vulnerability in Profitcode Payprocart 3.0

Cross-site scripting (XSS) vulnerability in usrdetails.php in ProfitCode PayProCart 3.0 allows remote attackers to inject arbitrary web script or HTML via the sgnuptype parameter.

4.3
2005-05-02 CVE-2005-1000 Francisco Burzi Unspecified vulnerability in Francisco Burzi PHP-Nuke 7.6

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 allow remote attackers to inject arbitrary web script or HTML via (1) the bid parameter to the EmailStats op in banners.pgp, (2) the ratenum parameter in the TopRated and MostPopular actions in the Web_Links module, (3) the ttitle parameter in the viewlinkdetails, viewlinkeditorial, viewlinkcomments, and ratelink actions in the Web_Links module, or (4) the username parameter in the Your_Account module.

4.3
2005-05-02 CVE-2005-0995 Early Impact Input Validation vulnerability in Early Impact Productcart 2.7

Multiple cross-site scripting (XSS) vulnerabilities in ProductCart 2.7 allow remote attackers to inject arbitrary web script or HTML via (1) the keyword parameter to advSearch_h.asp, (2) the redirectUrl parameter to NewCust.asp, (3) the country parameter to storelocator_submit.asp, or (4) the error parameter to techErr.asp.

4.3
2005-05-02 CVE-2005-0992 Phpmyadmin Cross-Site Scripting vulnerability in PHPMyAdmin Convcharset

Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin before 2.6.2-rc1 allows remote attackers to inject arbitrary web script or HTML via the convcharset parameter.

4.3
2005-05-02 CVE-2005-0982 YET Another Forum NET Unspecified vulnerability in YET Another Forum.Net YET Another Forum.Net 0.9.9

Multiple cross-site scripting (XSS) vulnerabilities in Yet Another Forum.net 0.9.9 allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) location, or (3) Subject field.

4.3
2005-05-02 CVE-2005-0981 Alstrasoft Cross-Site Scripting vulnerability in Alstrasoft Epay 2.0

Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Pro 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) payment or (2) send parameter.

4.3
2005-05-02 CVE-2005-0961 Horde Unspecified vulnerability in Horde Application Framework 3.0.4Rc1

Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before 3.0.4-RC2 allows remote attackers to inject arbitrary web script or HTML via the parent frame title.

4.3
2005-05-02 CVE-2005-0949 Iatek Input Validation vulnerability in Iatek PortalApp

Multiple cross-site scripting (XSS) vulnerabilities in content.asp in Iatek PortalApp allow remote attackers to inject arbitrary web script or HTML via the (1) contenttype or (2) keywords parameter.

4.3
2005-05-02 CVE-2005-0945 ASP Press Unspecified vulnerability in ASP Press ACS Blog 1.1.1

Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1 allows remote attackers to inject arbitrary web script or HTML via onmouseover or onload events in (1) img, (2) link, or (3) mail tags.

4.3
2005-05-02 CVE-2005-0934 Wackowiki Cross-Site Scripting vulnerability in Wackowiki R4

Multiple cross-site scripting (XSS) vulnerabilities in WackoWiki R4 allow remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2005-05-02 CVE-2005-0930 Chatness HTML Injection vulnerability in Chatness 2.5.1

Cross-site scripting (XSS) vulnerability in message.php in Chatness 2.5.1 and earlier allows remote attackers to inject arbitrary web script or HTML via (1) the user field or (2) the message parameter to message.php.

4.3
2005-05-02 CVE-2005-0928 Photopost Unspecified vulnerability in Photopost PHP PRO 5.02

Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP Pro 5.x allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) password, (3) ppuser, (4) sort, or (5) si parameters to showgallery.php, the (6) ppuser, (7) sort, or (8) si parameters to showmembers.php, or (9) the photo parameter to slideshow.php.

4.3
2005-05-02 CVE-2005-0925 Uapplication Cross-Site Scripting vulnerability in Uapplication Ublog

Cross-site scripting (XSS) vulnerability in login.asp for Ublog Reload 1.0 through 1.0.4 allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

4.3
2005-05-02 CVE-2005-0910 E Xoops Cross-Site Scripting vulnerability in E-Xoops

Multiple cross-site scripting (XSS) vulnerabilities in exoops allow remote attackers to inject arbitrary web script or HTML via (1) the sortdays parameter to viewforum.php or (2) the viewcat parameter to index.php.

4.3
2005-05-02 CVE-2005-0901 Nukebookmarks Cross-Site Scripting vulnerability in Nukebookmarks 0.6

Multiple cross-site scripting (XSS) vulnerabilities in NukeBookmarks 0.6 for PHP-Nuke allow remote attackers to inject arbitrary web script or HTML via the (1) catname, (2) markname, (3) comment, or (4) category parameter.

4.3
2005-05-02 CVE-2005-0896 Accomplishtechnology Cross-Site Scripting vulnerability in Accomplishtechnology PHPmydirectory 10.1.3

Multiple cross-site scripting (XSS) vulnerabilities in review.php in phpMyDirectory 10.1.3-rel allow remote attackers to inject arbitrary web script or HTML via the (1) subcat, (2) page, or (3) subsubcat parameter.

4.3
2005-05-02 CVE-2005-0888 Michael Dean Unspecified vulnerability in Michael Dean Double Choco Latte 0.9.4.3

Multiple cross-site scripting (XSS) vulnerabilities in functions.inc.php for Double Choco Latte 0.9.4.3 allow remote attackers to inject arbitrary web script or HTML via the (1) class or (2) method name.

4.3
2005-05-02 CVE-2005-0886 Invision Power Services HTML Injection vulnerability in Invision Power Board

Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 and earlier allows remote attackers to inject arbitrary web script or HTML via an HTTP POST request.

4.3
2005-05-02 CVE-2005-0885 XMB Forum Remote Cross-Site Scripting vulnerability in XMB Forum XMB 1.9.1

Multiple cross-site scripting (XSS) vulnerabilities in XMB Forum 1.9.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Mood or (2) "Send To" fields.

4.3
2005-05-02 CVE-2005-0873 Oracle Remote Cross-Site Scripting vulnerability in Oracle 10G Reports Server 9.0.4.3.3

Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in Oracle Reports Server 10g (9.0.4.3.3) allow remote attackers to inject arbitrary web script or HTML via the (1) desname or (2) repprod parameter.

4.3
2005-05-02 CVE-2005-0872 Phpbb Group Unspecified vulnerability in PHPbb Group PHPbb 1.0.1

Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in the Topic Calendar 1.0.1 module for phpBB allows remote attackers to inject arbitrary web script or HTML via the start parameter.

4.3
2005-05-02 CVE-2005-0870 Phpsysinfo Cross-Site Scripting vulnerability in PHPsysinfo 2.3

Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, when register_globals is enabled, allow remote attackers to inject arbitrary web script or HTML via the (1) sensor_program parameter to index.php, (2) text[language], (3) text[template], or (4) hide_picklist parameter to system_footer.php.

4.3
2005-05-02 CVE-2005-0863 Phpopenchat HTML Injection vulnerability in PHPopenchat 3.0.0/3.0.1/3.0.2

Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x allows remote attackers to inject arbitrary web script or HTML via (1) the chatter parameter to regulars.php or (2) the chatter, chatter1, chatter2, chatter3, or chatter4 parameters to register.php.

4.3
2005-05-02 CVE-2005-0857 Coolforum Cross-Site Scripting And SQL Injection vulnerability in CoolForum

Cross-site scripting (XSS) vulnerability in avatar.php for CoolForum 0.8 and earlier allows remote attackers to inject arbitrary web script or HTML via the img parameter.

4.3
2005-05-02 CVE-2005-0846 Netwin Cross-Site Scripting vulnerability in Netwin Surgemail 2.2G3

Multiple cross-site scripting (XSS) vulnerabilities in the email auto-reply message in SurgeMail 2.2g3 allow remote attackers to inject arbitrary web script or HTML via the (1) message subject or (2) message header field.

4.3
2005-05-02 CVE-2005-0842 Kayako Unspecified vulnerability in Kayako Esupport 2.3

Cross-site scripting (XSS) vulnerability in index.php in Kayako eSupport 2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) _i or (2) _c parameter.

4.3
2005-05-02 CVE-2005-0832 PHP Post Remote Input Validation vulnerability in PHP-Post

Cross-site scripting (XSS) vulnerability in PHP-Post before 0.33 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2005-05-02 CVE-2005-0829 PHP Fusion Unspecified vulnerability in PHP Fusion PHP Fusion 5.01

Cross-site scripting (XSS) vulnerability in setuser.php of the Digitanium addon to PHP-Fusion 5.01 allows remote attackers to inject arbitrary web script or HTML via the (1) user_name or (2) user_pass parameters.

4.3
2005-05-02 CVE-2005-0818 Punbb Unspecified vulnerability in Punbb 1.2.3

Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote attackers to inject arbitrary web script or HTML via the (1) email or (2) Jabber parameters.

4.3
2005-05-02 CVE-2005-0802 ASP Press Cross-Site Scripting vulnerability in ACS Blog Search.ASP

Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 through 1.1b allows remote attackers to execute arbitrary web script or HTML via the search parameter.

4.3
2005-05-02 CVE-2005-0785 Yabb Remote UsersRecentPosts Cross-Site Scripting vulnerability in Yabb 2.0Rc1

Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB 2.0 rc1 allows remote attackers to inject arbitrary web script or HTML via the username parameter.

4.3
2005-05-02 CVE-2005-0784 Phorum Subject and Attachment HTML Injection vulnerability in Phorum 5.0.14

Multiple cross-site scripting (XSS) vulnerabilities in Phorum before 5.0.15 allow remote attackers to inject arbitrary web script or HTML via (1) the subject line to follow.php or (2) the subject line in the user's personal control panel.

4.3
2005-05-02 CVE-2005-0783 Phorum Subject and Attachment HTML Injection vulnerability in Phorum 5.0.14

Cross-site scripting (XSS) vulnerability in Phorum before 5.0.14a allows remote attackers to inject arbitrary web script or HTML via the filename of an attached file.

4.3
2005-05-02 CVE-2005-0782 PHP Arena SQL Injection And Cross-Site Scripting vulnerability in PAFileDB

Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) category.php for paFileDB 3.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the start parameter to pafiledb.php.

4.3
2005-05-02 CVE-2005-0777 Photopost Remote vulnerability in Photopost PHP PRO 5.0Rc3

Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP 5.0 RC3 allow remote attackers to inject arbitrary web script or HTML via (1) the check_tags function or (2) the editbio field in the user profile.

4.3
2005-05-02 CVE-2005-0742 SUN Cross-Site Scripting vulnerability in SUN Java System Application Server 7.0

Cross-site scripting (XSS) vulnerability in Sun Java System Application Server 7 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2005-05-02 CVE-2005-0682 Drupal Cross-Site Scripting vulnerability in Drupal

Cross-site scripting (XSS) vulnerability in common.inc in Drupal before 4.5.2 allows remote attackers to inject arbitrary web script or HTML via certain inputs.

4.3
2005-05-02 CVE-2005-0675 Phpoutsourcing Cross-Site Scripting vulnerability in PHPoutsourcing Zorum 3.3/3.4/3.5

Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.5 allows remote attackers to inject arbitrary web script or HTML via the (1) list or (2) frommethod parameters.

4.3
2005-05-02 CVE-2005-0673 Phpbb Group Cross-Site Scripting vulnerability in PHPbb Group PHPbb 2.0.13

Cross-site scripting (XSS) vulnerability in usercp_register.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the (1) allowhtml, (2) allowbbcode, or (3) allowsmilies parameters to inject HTML into signatures for personal messages, possibly when they are processed by privmsg.php or viewtopic.php.

4.3
2005-05-02 CVE-2005-0670 Coinsoft Technologies Remote Input Validation vulnerability in PHPcoin 1.2/1.2.1/1.2.1B

Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through 1.2.1b allows remote attackers to inject arbitrary web script or HTML via (1) the new parameter to mod.php, (2) the w parameter to mod.php, (3) the e parameter to login.php, (4) the o parameter to login.php, and possibly other scripts.

4.3
2005-05-02 CVE-2005-0662 Mercuryboard Cross-Site Scripting vulnerability in Mercuryboard 1.1.2

Cross-site scripting (XSS) vulnerability in index.php for MercuryBoard 1.1.2 allows remote attackers to inject arbitrary web script or HTML via the Avatar field.

4.3
2005-05-02 CVE-2005-0660 Adalis Cross-Site Scripting vulnerability in Adalis D-Forum 1.11

Multiple cross-site scripting (XSS) vulnerabilities in D-Forum 1.11 allows remote attackers to inject arbitrary web script or HTML via certain fields, as demonstrated using the page parameter in nav.php3.

4.3
2005-05-02 CVE-2005-0656 Arif Supriyanto Cross-Site Scripting vulnerability in Arif Supriyanto Auracms 1.5

Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 allow remote attackers to inject arbitrary web script or HTML via the (1) hits parameter to hits.php, (2) query parameter to index.php, or (3) theCount parameter to counter.php.

4.3
2005-05-02 CVE-2005-0650 Projectbb Remote Cross-Site Scripting vulnerability in Projectbb 0.4.5.1

Multiple cross-site scripting (XSS) vulnerabilities in ProjectBB 0.4.5.1 allow remote attackers to inject arbitrary web script or HTML via (1) the pages parameter to divers.php (incorrectly referred to as "drivers.php" by some sources), (2) in the search feature text area, (3) forum name, (4) site name or (5) the maximum avatar size in the option section, (5) new category or (6) new forum fields in the forum section.

4.3
2005-05-02 CVE-2005-0649 Pixel Apes Group Cross-Site Scripting vulnerability in Safehtml

Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass cross-site scripting (XSS) protection via "hexadecimal HTML entities."

4.3
2005-05-02 CVE-2005-0648 Pixel Apes Group Cross-Site Scripting vulnerability in Pixel-Apes Group Safehtml 1.3.0

Multiple vulnerabilities in Pixel-Apes SafeHTML before 1.3.0 allow remote attackers to bypass cross-site scripting (XSS) protection via (1) "decimal HTML entities" or (2) "the \x00 symbol."

4.3
2005-05-02 CVE-2005-0645 Cutephp Cross-Site Scripting vulnerability in cuteNews

Cross-site scripting (XSS) vulnerability in show.inc.php in cuteNews 1.3.6 allows remote attackers to inject arbitrary HTML, web script, and PHP code via the (1) CLIENT-IP or (2) X-FORWARDED-FOR header in an HTTP POST request to show_news.php.

4.3
2005-05-02 CVE-2005-0606 Devellion Cross-Site Scripting vulnerability in CubeCart

Cross-site scripting (XSS) vulnerability in settings.inc.php for CubeCart 2.0.0 through 2.0.5, as used in multiple PHP files, allows remote attackers to inject arbitrary HTML or web script via the (1) cat_id, (2) PHPSESSID, (3) view_doc, (4) product, (5) session, (6) catname, (7) search, or (8) page parameters.

4.3
2005-05-02 CVE-2005-0549 SUN Unspecified vulnerability in SUN Solaris Answerbook2 1.4/1.4.2/1.4.4

Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 Documentation 1.4.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the "View Log Files" function.

4.3
2005-05-02 CVE-2005-0534 Mediawiki Unspecified vulnerability in Mediawiki

Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.x before 1.3.11 and 1.4 beta before 1.4 rc1 allow remote attackers to inject arbitrary web script.

4.3
2005-05-02 CVE-2005-0526 Pblang Cross-Site Scripting vulnerability in Pblang 4.65

Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 allow remote attackers to inject arbitrary web script or HTML via (1) the search string to search.php, (2) the subject of a PM, which is processed by pm.php, or (3) the body of a PM, which is processed by pmpshow.php.

4.3
2005-05-02 CVE-2005-0458 Oscommerce Cross-Site Scripting vulnerability in Oscommerce 2.2Ms2

Cross-site scripting (XSS) vulnerability in contact_us.php in osCommerce 2.2-MS2 allows remote attackers to inject arbitrary web script or HTML via the enquiry parameter.

4.3
2005-05-02 CVE-2005-0445 Open Webmail Cross-Site Scripting vulnerability in Open WebMail Logindomain Parameter

Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows remote attackers to inject arbitrary HTML or web script via the domain name parameter (logindomain) in the login page.

4.3
2005-05-02 CVE-2005-0443 Devellion Multiple vulnerability in Brooky Cubecart 2.0.1/2.0.4

index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the full path for the web server or (2) conduct cross-site scripting (XSS) attacks via an invalid language parameter, which echoes the parameter in a PHP error message.

4.3
2005-05-02 CVE-2005-0407 Zakon Group HTML Injection vulnerability in OpenConf Paper Submission

Cross-site scripting (XSS) vulnerability in Openconf 1.04, and possibly other versions before 1.10, allows remote attackers to inject arbitrary HTML and web script via the paper title.

4.3
2005-05-02 CVE-2005-0386 Mailreader COM Unspecified vulnerability in Mailreader.Com

Cross-site scripting (XSS) vulnerability in network.cgi in mailreader before 2.3.29 earlier allows remote attackers to inject arbitrary web script or HTML via MIME text/enriched or text/richtext messages.

4.3
2005-05-02 CVE-2005-0378 Horde Cross-Site Scripting vulnerability in Horde 3.0

Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php.

4.3
2005-05-02 CVE-2005-0374 Bitshifters Unspecified vulnerability in Bitshifters Bitboard 2.0/2.5

Cross-site scripting (XSS) vulnerability in Bitboard 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via an [img] bbcode image tag with an event such as mouseover.

4.3
2005-05-02 CVE-2005-0341 Apple Cross-Site Scripting vulnerability in Apple Safari 1.2.4

Apple Safari 1.2.4 does not obey the Content-type field in the HTTP header and renders text as HTML, which allows remote attackers to inject arbitrary web script or HTML and perform cross-site scripting (XSS) attacks.

4.3
2005-05-02 CVE-2005-0336 Emotion Multiple vulnerability in Emotion Mediapartner web Server 5.0

Cross-site scripting (XSS) vulnerability in EMotion MediaPartner Web Server 5.0 allows remote attackers to inject arbitrary HTML or web script, as demonstrated using a URL containing ..

4.3
2005-05-02 CVE-2005-0323 Captaris Path Disclosure vulnerability in Captaris Infinite Mobile Delivery Webmail 2.6

Cross-site scripting (XSS) vulnerability in Infinite Mobile Delivery Webmail 2.6 allows remote attackers to inject arbitrary web script or HTML via the URL.

4.3
2005-05-02 CVE-2005-0303 Comersus Open Technologies Cross-Site Scripting vulnerability in Comersus Open Technologies Comersus Backoffice Lite 6.0/6.1

Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_supportError.asp or (2) comersus_backofficelite_supportError.asp in BackOffice Lite 6.0 and 6.01 allow remote attackers to inject arbitrary web script or HTML via the error parameter.

4.3
2005-05-02 CVE-2005-0281 Jowood Productions Remote vulnerability in Soldner Secret Wars

Cross-site scripting (XSS) vulnerability in the web interface in Soldner Secret Wars 30830 allows remote attackers to inject arbitrary web script or HTML via a user message, which is not filtered or quoted when the administrator views the server logs.

4.3
2005-05-02 CVE-2005-0270 Photopost Cross-Site Scripting vulnerability in Photopost Reviewpost PHP PRO 1.0.2/2.5/2.5.1

Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) si parameter to showcat.php, (2) cat or (3) page parameter to showproduct.php, or (4) report parameter to reportproduct.php.

4.3
2005-05-02 CVE-2005-0264 OWL Cross-Site Scripting and SQL Injection vulnerability in Owl Intranet Engine

Multiple cross-site scripting (XSS) vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) expand or (2) order parameter.

4.3
2005-05-02 CVE-2005-0251 Biborb Input Validation vulnerability in Biborb 1.3.2

Cross-site scripting (XSS) vulnerability in bibindex.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the search parameter.

4.3
2005-05-02 CVE-2005-0227 Postgresql Code Injection vulnerability in Postgresql

PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users to load arbitrary shared libraries and execute code via the LOAD extension.

4.3
2005-05-02 CVE-2005-0219 Gallery Project Cross-Site Scripting vulnerability in Gallery Project Gallery 1.3.4Pl1

Multiple cross-site scripting (XSS) vulnerabilities in Gallery 1.3.4-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the index field in add_comment.php, (2) set_albumName, (3) slide_index, (4) slide_full, (5) slide_loop, (6) slide_pause, (7) slide_dir fields in slideshow_low.php, or (8) username field in search.php.

4.3
2005-05-02 CVE-2005-0216 Woltlab Cross-Site Scripting vulnerability in WoltLab Burning Board Lite Form Mail Script

Cross-site scripting (XSS) vulnerability in formmail.php in Woltlab Burning Board Lite 1.0.0, 1.0.1e, and possibly other versions, allows remote attackers to inject arbitrary web script and HTML via the userid parameter.

4.3
2005-05-02 CVE-2005-0049 Microsoft Unspecified vulnerability in Microsoft Sharepoint Portal Server and Sharepoint Team Services

Windows SharePoint Services and SharePoint Team Services for Windows Server 2003 does not properly validate an HTTP redirection query, which allows remote attackers to inject arbitrary HTML and web script via a cross-site scripting (XSS) attack, or to spoof the web cache.

4.3
2005-05-02 CVE-2005-0034 ISC Remote Denial Of Service vulnerability in ISC Bind 9.3.0

An "incorrect assumption" in the authvalidated validator function in BIND 9.3.0, when DNSSEC is enabled, allows remote attackers to cause a denial of service (named server exit) via crafted DNS packets that cause an internal consistency test (self-check) to fail.

4.3

91 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-05-02 CVE-2005-1111 GNU Unspecified vulnerability in GNU Cpio

Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.

3.7
2005-05-02 CVE-2005-1039 GNU Local Race Condition vulnerability in GNU Coreutils 5.2.1

Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files.

3.7
2005-05-02 CVE-2005-0988 GNU
Freebsd
Gentoo
Redhat
Trustix
Turbolinux
Ubuntu
Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.
3.7
2005-05-02 CVE-2005-0953 Bzip Unspecified vulnerability in Bzip Bzip2

Race condition in bzip2 1.0.2 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by bzip2 after the decompression is complete.

3.7
2005-05-03 CVE-2005-1430 Apple Local Security vulnerability in Mac OS X

Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo terminal tty (pty) that is managed by a non-setuid program, which allows local users to read or modify sessions of other users.

3.6
2005-05-02 CVE-2005-0894 Openmosixview Insecure Temporary File Creation vulnerability in Openmosixview 1.5

OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local users to overwrite or delete arbitrary files via a symlink attack on (1) temporary files in the openmosixcollector directory or (2) nodes.tmp.

3.6
2005-05-02 CVE-2005-0576 SUN File Corruption vulnerability in SUN Solaris 9.0

Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files.

3.6
2005-05-03 CVE-2005-1385 Apple Denial-Of-Service vulnerability in Apple Safari 1.3

Safari 1.3 allows remote attackers to cause a denial of service (application crash) via a long https URL that triggers a NULL pointer dereference.

2.6
2005-05-02 CVE-2005-1347 Adobe Unspecified vulnerability in Adobe Acrobat Reader 3.0/5.0.10/6.0

** UNVERIFIABLE ** NOTE: this issue describes a problem that can not be independently verified as of 20050421.

2.6
2005-05-02 CVE-2005-1346 Symantec Denial-Of-Service vulnerability in Web Security

Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP 4.0.5.66, AntiVirus Scan Engine 4.3.7.27, SAV/Filter for Domino NT 3.1.1.87, and Mail Security for Exchange 4.5.4.743, when running on Windows, allows remote attackers to cause a denial of service (component crash) and avoid detection via a crafted RAR file.

2.6
2005-05-02 CVE-2005-1049 Postnuke Software Foundation Remote Cross-Site Scripting vulnerability in Postnuke Software Foundation Postnuke 0.760Rc3

Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 allow remote attackers to inject arbitrary web script or HTML via the (1) module parameter to admin.php or (2) op parameter to user.php.

2.6
2005-05-02 CVE-2005-0905 Maxthon Information Disclosure vulnerability in Maxthon 1.2

Maxthon 1.2.0 allows remote malicious web sites to obtain potentially sensitive data from the search bar via the m2_search_text property.

2.6
2005-05-02 CVE-2005-0903 Apple Buffer Overflow vulnerability in Apple Quicktime Pictureviewer 6.5.1

Buffer overflow in QuickTime PictureViewer 6.5.1 allows remote attackers to cause a denial of service (application crash) via a JPEG file with crafted Huffman Table (marker DHT) data.

2.6
2005-05-02 CVE-2005-0664 Libexif Unspecified vulnerability in Libexif 0.6.9

Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly validate the structure of the EXIF tags, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a JPEG image with a crafted EXIF tag.

2.6
2005-05-02 CVE-2005-0591 Mozilla Unspecified vulnerability in Mozilla Firefox

Firefox before 1.0.1 allows remote attackers to spoof the (1) security and (2) download modal dialog boxes, which could be used to trick users into executing script or downloading and executing a file, aka "Firespoofing."

2.6
2005-05-02 CVE-2005-0586 Mozilla Remote vulnerability in Mozilla Suite

Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious web sites to spoof the extensions of files to download via the Content-Disposition header, which could be used to trick users into downloading dangerous content.

2.6
2005-05-02 CVE-2005-0584 Mozilla Unspecified vulnerability in Mozilla Firefox and Mozilla

Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks.

2.6
2005-05-02 CVE-2005-0492 Adobe Improper Input Validation vulnerability in Adobe Acrobat Reader 6.0.3/7.0

Adobe Acrobat Reader 6.0.3 and 7.0.0 allows remote attackers to cause a denial of service (application crash) via a PDF file that contains a negative Count value in the root page node.

2.6
2005-05-02 CVE-2005-0402 Mozilla Unspecified vulnerability in Mozilla Firefox

Firefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into saving a page as a Firefox sidebar panel, then using the sidebar panel to inject Javascript into a privileged page.

2.6
2005-05-02 CVE-2005-0348 Realnetworks Remote vulnerability in RealNetworks RealArcade

Directory traversal vulnerability in RealArcade 1.2.0.994 allows remote attackers to delete arbitrary files via an RGP file with a ..

2.6
2005-05-02 CVE-2005-0331 Rarlab Directory Traversal vulnerability in RARLAB WinRAR

Directory traversal vulnerability in WinRAR 3.42 and earlier, when the user clicks on the ZIP file to extract it, allows remote attackers to create arbitrary files via a ...

2.6
2005-05-02 CVE-2005-0329 Zipgenius Directory Traversal vulnerability in ZipGenius

Directory traversal vulnerability in ZipGenius 5.5 and earlier allows remote attackers to create and possibly modify arbitrary files via a ZIP file with a file whose name includes ..

2.6
2005-05-02 CVE-2005-0232 Mozilla Unspecified vulnerability in Mozilla Firefox 1.0

Firefox 1.0 allows remote attackers to modify Boolean configuration parameters for the about:config site by using a plugin such as Flash, and the -moz-opacity filter, to display the about:config site then cause the user to double-click at a certain screen position, aka "Fireflashing."

2.6
2005-05-02 CVE-2005-0144 Mozilla Unspecified vulnerability in Mozilla Firefox and Mozilla

Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks.

2.6
2005-05-02 CVE-2005-0141 Mozilla Unspecified vulnerability in Mozilla Firefox and Mozilla

Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab.

2.6
2005-05-03 CVE-2005-1424 Stumbleinside Local Information Disclosure vulnerability in Stumbleinside Gotext 1.01

StumbleInside GoText 1.01 stores sensitive username, mail address,and phone number information in plaintext in the GoText.bin file, which allows local users to obtain that information.

2.1
2005-05-03 CVE-2005-1410 Postgresql
Trustix
The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) dex_init, (2) snb_en_init, (3) snb_ru_init, (4) spell_init, and (5) syn_init functions as "internal" even when they do not take an internal argument, which allows attackers to cause a denial of service (application crash) and possibly have other impacts via SQL commands that call other functions that accept internal arguments.
2.1
2005-05-03 CVE-2005-1405 IBM Local Security vulnerability in Lotus Notes

HTTP response splitting vulnerability in the @SetHTTPHeader function in Lotus Domino 6.5.x before 6.5.4 and 6.0.x before 6.0.5 allows attackers to poison the web cache via malicious applications.

2.1
2005-05-02 CVE-2005-1369 Linux Unspecified vulnerability in Linux Kernel

The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before 2.6.11.8, and 2.6.12 before 2.6.12-rc2, create the sysfs "alarms" file with write permissions, which allows local users to cause a denial of service (CPU consumption) by attempting to write to the file, which does not have an associated store function.

2.1
2005-05-02 CVE-2005-1167 Musicmatch Information Disclosure vulnerability in Jukebox

Musicmatch 10.00.2047 and earlier store log files in the Program Files directory instead of the user profile, which may allow local users to obtain sensitive information.

2.1
2005-05-02 CVE-2005-1166 Dameware Development Unspecified vulnerability in Dameware Development Dameware NT Utilities and Miniremote Control

The DNTUS26 process in Dameware NT Utilities and the DWRCS process in MiniRemote Control 4.9 and earlier stores the username and password in cleartext in memory, which could allow attackers to obtain sensitive information.

2.1
2005-05-02 CVE-2005-1129 Egroupware Information Disclosure vulnerability in EGroupWare EMail Attachment

eGroupWare 1.0.6 and earlier, when an e-mail is composed with an attachment but not sent, will send that attachment in the next e-mail, which may cause sensitive information to be sent to the wrong recipient.

2.1
2005-05-02 CVE-2005-1119 Todd Miller Unspecified vulnerability in Todd Miller Sudo

Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary files via a symlink attack on temporary files.

2.1
2005-05-02 CVE-2005-1098 Runtime Software Information Disclosure vulnerability in Runtime Software Getdataback for Ntfs 2.31

GetDataBack for NTFS 2.31 stores the username and license key in plaintext in the Name value in the License registry key, which may allow local users to obtain sensitive information.

2.1
2005-05-02 CVE-2005-1065 Novell Unspecified vulnerability in Novell Linux Desktop 9

tetex in Novell Linux Desktop 9 allows local users to determine the existence of arbitrary files via a symlink attack in the /var/cache/fonts directory.

2.1
2005-05-02 CVE-2005-1059 Linksys Remote Authentication Bypass vulnerability in Linksys WET11 Password Update

Linksys WET11 1.5.4 allows remote attackers to change the password without providing the original password via the data parameter to changepw.html.

2.1
2005-05-02 CVE-2005-1041 Linux Local Denial of Service vulnerability in Linux Kernel 2.6.20.1

The fib_seq_start function in fib_hash.c in Linux kernel allows local users to cause a denial of service (system crash) via /proc/net/route.

2.1
2005-05-02 CVE-2005-1038 Paul Vixie
Redhat
crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink.
2.1
2005-05-02 CVE-2005-0991 IBM Local Insecure Temporary File Creation vulnerability in IBM AIX RC.BOOT

RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not "use a secure location for temporary files," which allows local users to have an unknown impact, probably by overwriting files.

2.1
2005-05-02 CVE-2005-0990 GNU Local Insecure Temporary File Creation vulnerability in GNU Sharutils 4.2.1

unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite arbitrary files via a symlink attack on the unsh.X temporary file.

2.1
2005-05-02 CVE-2005-0977 Linux Local Denial Of Service vulnerability in Linux Kernel 2.6.8.1.5

The shmem_nopage function in shmem.c for the tmpfs driver in Linux kernel 2.6 does not properly verify the address argument, which allows local users to cause a denial of service (kernel crash) via an invalid address.

2.1
2005-05-02 CVE-2005-0975 Apple
Opendarwin
Local Integer Overflow vulnerability in Darwin Kernel Mach File Parsing

Integer signedness error in the parse_machfile function in the mach-o loader (mach_loader.c) for the Darwin Kernel as used in Mac OS X 10.3.7, and other versions before 10.3.9, allows local users to cause a denial of service (CPU consumption) via a crafted mach-o header.

2.1
2005-05-02 CVE-2005-0963 Toshiba Denial-Of-Service vulnerability in Toshiba Acpi Flash Bios 1.6

An error in the Toshiba ACPI BIOS 1.6 causes the BIOS to only examine the first slot in the Master Boot Record (MBR) table for an active partition, which prevents the system from booting even though the MBR is not malformed.

2.1
2005-05-02 CVE-2005-0923 Symantec Local Denial Of Service vulnerability in Symantec products

The SmartScan feature in the Auto-Protect module for Symantec Norton AntiVirus 2004 and 2005, as also used in Internet Security 2004/2005 and System Works 2004/2005, allows attackers to cause a denial of service (CPU consumption and system crash) by renaming a file on a network share.

2.1
2005-05-02 CVE-2005-0916 Linux Local Denial Of Service vulnerability in Linux Kernel 2.6.11

AIO in the Linux kernel 2.6.11 on the PPC64 or IA64 architectures with CONFIG_HUGETLB_PAGE enabled allows local users to cause a denial of service (system panic) via a process that executes the io_queue_init function but exits without running io_queue_release, which causes exit_aio and is_hugepage_only_range to fail.

2.1
2005-05-02 CVE-2005-0904 Microsoft Improper Input Validation vulnerability in Microsoft Windows XP

Remote Desktop in Windows XP SP1 does not verify the "Force shutdown from a remote system" setting, which allows remote attackers to shut down the system by executing TSShutdn.exe.

2.1
2005-05-02 CVE-2005-0899 IBM Unspecified vulnerability in IBM OS 400 5.2

AS/400 running OS400 5.2 installs and enables LDAP by default, which allows remote authenticated users to obtain OS/400 user profiles by performing a search.

2.1
2005-05-02 CVE-2005-0866 Cdrtools Unspecified vulnerability in Cdrtools Cdrecord

cdrecord before 4:2.0, when DEBUG is enabled, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

2.1
2005-05-02 CVE-2005-0852 Microsoft Local Denial Of Service vulnerability in Microsoft Windows

Microsoft Windows XP SP1 allows local users to cause a denial of service (system crash) via an empty datagram to a raw IP over IP socket (IP protocol 4), as originally demonstrated using code in Python 2.3.

2.1
2005-05-02 CVE-2005-0824 Mathopd Unspecified vulnerability in Mathopd

The internal_dump function in Mathopd before 1.5p5, and 1.6x before 1.6b6 BETA, when Mathopd is running with the -n option, allows local users to overwrite arbitrary files via a symlink attack on dump files that are triggered by a SIGWINCH signal.

2.1
2005-05-02 CVE-2005-0822 Citrix Information Disclosure vulnerability in Citrix Metaframe Password Manager 2.5

Citrix Metaframe Password Manager 2.5 and earlier stores a password in cleartext although it is obfuscated when presented to a user, which allows users to view their secondary passwords even if it is not allowed by policy.

2.1
2005-05-02 CVE-2005-0787 Wine Local Insecure File Creation vulnerability in Wine 20050211/20050305/20050310

Wine 20050211 and earlier creates temp files with world readable permissions and predictable file names, which allows local users to obtain sensitive information, such as passwords.

2.1
2005-05-02 CVE-2005-0711 Mysql
Oracle
Remote vulnerability in MySQL AB MySQL

MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable file names when creating temporary tables, which allows local users with CREATE TEMPORARY TABLE privileges to overwrite arbitrary files via a symlink attack.

2.1
2005-05-02 CVE-2005-0652 HP Local Security vulnerability in Openvms

Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS Alpha 7.x or 6.x allows local users to access privileged files.

2.1
2005-05-02 CVE-2005-0596 PHP Denial Of Service vulnerability in PHP 4.0

PHP 4 (PHP4) allows attackers to cause a denial of service (daemon crash) by using the readfile function on a file whose size is a multiple of the page size.

2.1
2005-05-02 CVE-2005-0578 Mozilla Remote vulnerability in Mozilla Suite

Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a symlink attack on the plugtmp directory.

2.1
2005-05-02 CVE-2005-0550 Microsoft Unspecified vulnerability in Microsoft Windows 2000, Windows 2003 Server and Windows XP

Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to cause a denial of service (i.e., system crash) via a malformed request, aka "Object Management Vulnerability".

2.1
2005-05-02 CVE-2005-0532 Linux Unspecified vulnerability in Linux Kernel 2.6.10/2.6.11

The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c for Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4, when running on 64-bit architectures, may allow local users to trigger a buffer overflow as a result of casting discrepancies between size_t and int data types.

2.1
2005-05-02 CVE-2005-0531 Linux Unspecified vulnerability in Linux Kernel 2.6.10/2.6.11

The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 before 2.6.11-rc4 may allow local users to trigger a buffer overflow via negative arguments.

2.1
2005-05-02 CVE-2005-0530 Linux Unspecified vulnerability in Linux Kernel 2.6.10/2.6.11Rc1Bk6

Signedness error in the copy_from_read_buf function in n_tty.c for Linux kernel 2.6.10 and 2.6.11rc1 allows local users to read kernel memory via a negative argument.

2.1
2005-05-02 CVE-2005-0529 Linux Unspecified vulnerability in Linux Kernel 2.6.10/2.6.11Rc1Bk6

Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for offset arguments to the proc_file_read and locks_read_proc functions, which leads to a heap-based buffer overflow when a signed comparison causes negative integers to be used in a positive context.

2.1
2005-05-02 CVE-2005-0465 SGI Unspecified vulnerability in SGI Irix

gr_osview in SGI IRIX does not drop privileges before opening files, which allows local users to overwrite arbitrary files via the -s option.

2.1
2005-05-02 CVE-2005-0464 SGI Unspecified vulnerability in SGI Irix 6.5.22

gr_osview in SGI IRIX 6.5.22, and possibly other 6.5 versions, does not drop privileges when opening description files while in debug mode, which allows local users to read a line from arbitrary files via the -d and -D options, which prints the line as a formatting error.

2.1
2005-05-02 CVE-2005-0400 Linux Unspecified vulnerability in Linux Kernel

The ext2_make_empty function call in the Linux kernel before 2.6.11.6 does not properly initialize memory when creating a block for a new directory entry, which allows local users to obtain potentially sensitive information by reading the block.

2.1
2005-05-02 CVE-2005-0396 KDE Local Denial of Service vulnerability in KDE Dcopserver and Desktop Communication Protocol Daemon

Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in KDE before 3.4 allows local users to cause a denial of service (dcopserver consumption) by "stalling the DCOP authentication process."

2.1
2005-05-02 CVE-2005-0387 Remstats Unspecified vulnerability in Remstats

remstats 1.0.13 and earlier, when processing uptime data, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.

2.1
2005-05-02 CVE-2005-0365 KDE Unspecified vulnerability in KDE 3.2.X/3.3.X

The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.

2.1
2005-05-02 CVE-2005-0346 Safenet Information Disclosure vulnerability in Softremote Vpn Client

SafeNet SoftRemote VPN Client stores the VPN password (pre-shared key) in cleartext in memory of the IreIKE.exe process, which allows local users to gain sensitive information if they have access to that process.

2.1
2005-05-02 CVE-2005-0342 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

The Finder in Mac OS X and earlier allows local users to overwrite arbitrary files and gain privileges by creating a hard link from the .DS_Store file to an arbitrary file.

2.1
2005-05-02 CVE-2005-0330 People CAN FLY Remote Buffer Overflow vulnerability in People CAN FLY Painkiller 1.3.1/1.3.5

Buffer overflow in Painkiller 1.35 and earlier, and possibly other versions before 1.61, allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a long cd-key hash.

2.1
2005-05-02 CVE-2005-0321 Icewarp
Merak
Information Disclosure vulnerability in Mail Server

MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote authenticated users to gain sensitive information via an HTTP request to (1) calendar_d.html, (2) calendar_m.html, (3) calendar_w.html, or (4) calendar_y.html, which reveal the installation path.

2.1
2005-05-02 CVE-2005-0225 Firehol Local Temporary File Creation vulnerability in FireHOL Insecure

firehol.sh in FireHOL before 1.224 creates temporary files with predictable file names, which could allow local users to overwrite arbitrary files via a symlink attack.

2.1
2005-05-02 CVE-2005-0207 Conectiva
Linux
Redhat
Suse
Local NFS I/O Denial of Service vulnerability in Linux Kernel

Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT.

2.1
2005-05-02 CVE-2005-0204 Linux Multiple vulnerability in Linux Kernel

Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T architectures, allows local users to write to privileged IO ports via the OUTS instruction.

2.1
2005-05-02 CVE-2005-0184 Squirrelmail Directory traversal vulnerability in ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allows local users to read arbitrary files via a ..
2.1
2005-05-02 CVE-2005-0142 Mozilla Unspecified vulnerability in Mozilla Firefox, Mozilla and Thunderbird

Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g.

2.1
2005-05-02 CVE-2005-0137 Linux Unspecified vulnerability in Linux Kernel 2.6.0

Linux kernel 2.6 on Itanium (ia64) architectures allows local users to cause a denial of service via a "missing Itanium syscall table entry."

2.1
2005-05-02 CVE-2005-0135 Linux Local Denial of Service vulnerability in Linux Kernel 2.6.0

The unw_unwind_to_user function in unwind.c on Itanium (ia64) architectures in Linux kernel 2.6 allows local users to cause a denial of service (system crash).

2.1
2005-05-02 CVE-2005-0120 Helvis Local Security vulnerability in helvis

helvis 1.8h2_1 and earlier allows local users to delete arbitrary files via the elvprsv setuid program.

2.1
2005-05-02 CVE-2005-0119 Helvis Local Security vulnerability in Helvis

helvis 1.8h2_1 and earlier allows local users to recover and read the files of other users via the elvrec setuid program.

2.1
2005-05-02 CVE-2005-0118 Helvis Local Security vulnerability in Helvis

helvis 1.8h2_1 and earlier stores recovery files in world readable directories with world readable permissions, which allows local users to read the recovered files of other users.

2.1
2005-05-02 CVE-2005-0090 Redhat Multiple vulnerability in Red Hat Enterprise Linux Kernel

A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch omits an "access check," which allows local users to cause a denial of service (crash).

2.1
2005-05-02 CVE-2005-0077 Debian
Gentoo
Redhat
Ubuntu
Insecure Temporary File Creation vulnerability in Libdbi-perl

The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.

2.1
2005-05-02 CVE-2005-0018 F2C Open Source Project Local Insecure Temporary File Creation vulnerability in F2C Open Source Project F2C Translator 3.1

The f2 shell script in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files.

2.1
2005-05-02 CVE-2005-0017 F2C Open Source Project Local Insecure Temporary File Creation vulnerability in F2C

The f2c translator in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files.

2.1
2005-05-03 CVE-2005-1396 Swlink Race condition in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier allows local users to write to arbitrary files via a symlink attack on the ce_edit_log temporary file.
1.2
2005-05-02 CVE-2005-1368 Linux Unspecified vulnerability in Linux Kernel

The key_user_lookup function in security/keys/key.c in Linux kernel 2.6.10 to 2.6.11.8 may allow attackers to cause a denial of service (oops) via SMP.

1.2
2005-05-02 CVE-2005-1286 Softwin Local Security vulnerability in Softwin Bitdefender Antivirus Professionalplus8/Standard8

Unquoted Windows search path vulnerability in BitDefender 8 allows local users to prevent BitDefender from starting by creating a malicious C:\program.exe, possibly due to the lack of quoting of the full pathname when executing a process.

1.2
2005-05-02 CVE-2005-1176 IBM Information Disclosure vulnerability in AIX

Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while I/O is still occurring for that file, may write data to a different file, which could leak sensitive information.

1.2
2005-05-02 CVE-2005-1066 University OF Washington Unspecified vulnerability in University of Washington Pine 4.62

Race condition in rpdump in Pine 4.62 and earlier allows local users to overwrite arbitrary files via a symlink attack.

1.2
2005-05-02 CVE-2005-0448 Larry Wall Local Race Condition Privilege Escalation vulnerability in Perl 'rmdir()'

Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452.

1.2