Weekly Vulnerabilities Reports > May 9 to 15, 2005

Overview

96 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 37 high severity vulnerabilities. This weekly summary report vulnerabilities in 63 products from 53 vendors including Mozilla, Apple, Pwsphp, Icewarp, and Mywebland. Vulnerabilities are notably categorized as "Permissions, Privileges, and Access Controls", "Integer Overflow or Wraparound", "SQL Injection", and "Cross-site Scripting".

  • 83 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 96 reported vulnerabilities are exploitable by an anonymous user.
  • Mozilla has the most reported vulnerabilities, with 9 reported vulnerabilities.
  • Neteyes has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

3 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-05-11 CVE-2005-1560 Neteyes Remote Security vulnerability in Neteyes Nexusway 805

The SSH module in Neteyes Nexusway allows remote attackers to execute arbitrary commands via shell metacharacters in arguments to certain commands, as demonstrated using ping and traceroute.

10.0
2005-05-11 CVE-2005-1559 Neteyes Remote Security vulnerability in Neteyes Nexusway

The web module in Neteyes Nexusway allows remote attackers to execute arbitrary commands via hex-encoded shell metacharacters in the ip parameter for (1) nslookup.cgi or (2) ping.cgi.

10.0
2005-05-11 CVE-2005-1513 Qmail Project
Canonical
Debian
Integer Overflow or Wraparound vulnerability in multiple products

Integer overflow in the stralloc_readyplus function in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large SMTP request.

9.8

37 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-05-14 CVE-2005-1577 APG Technology Unspecified vulnerability in APG Technology Classmaster

APG Technology ClassMaster does not properly restrict access to sensitive folders, which allows remote attackers to access folders via a network share.

7.5
2005-05-14 CVE-2005-1566 Arcowave Systems Denial-Of-Service vulnerability in Arcowave Systems Wlan AP + Adsl Router Aap3100Ar

Acrowave AAP-3100AR wireless router allows remote attackers to bypass authentication by pressing CTRL-C at the username or password prompt in a telnet session, which causes the shell to crash and restart, then leave the user in the new shell.

7.5
2005-05-14 CVE-2005-1554 Wowbb SQL Injection vulnerability in Wowbb web Forum 1.6/1.61/1.62

SQL injection vulnerability in view_user.php in WowBB 1.6, 1.61, and 1.62 allows remote attackers to execute arbitrary SQL commands via the sort_by parameter.

7.5
2005-05-14 CVE-2005-1553 Geovision Remote Security vulnerability in Digital Surveillance System 6.0.4/6.1/7.0

GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0 uses a weak encryption scheme to encrypt passwords, which allows remote attackers to obtain the password via sniffing.

7.5
2005-05-14 CVE-2005-1550 Colored Scripts Remote Command Execution vulnerability in Easy Message Board

easymsgb.pl in Easy Message Board allows remote attackers to execute arbitrary commands via shell metacharacters in the print parameter.

7.5
2005-05-14 CVE-2005-1548 Advanced Guestbook SQL Injection vulnerability in Advanced Guestbook Advanced Guestbook 2.3.1

SQL injection vulnerability in index.php in Advanced Guestbook 2.3.1 allows remote attackers to execute arbitrary SQL commands via the entry parameter.

7.5
2005-05-14 CVE-2005-1547 Bakbone Remote Security vulnerability in Bakbone Netvault 7.3

Heap-based buffer overflow in the demo version of Bakbone Netvault, and possibly other versions, allows remote attackers to execute arbitrary commands via a large packet to port 20031.

7.5
2005-05-14 CVE-2005-1544 Libtiff Buffer Overflow vulnerability in LibTIFF TIFFOpen

Stack-based buffer overflow in libTIFF before 3.7.2 allows remote attackers to execute arbitrary code via a TIFF file with a malformed BitsPerSample tag.

7.5
2005-05-12 CVE-2005-1567 Directtopics SQL-Injection vulnerability in Directtopics

SQL injection vulnerability in topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to execute arbitrary SQL commands via the topic parameter.

7.5
2005-05-12 CVE-2005-1564 Mozilla Remote Security vulnerability in Bugzilla

post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows remote authenticated users to "enter bugs into products that are closed for bug entry" by modifying the URL to specify the name of the product.

7.5
2005-05-12 CVE-2005-1532 Mozilla Permissions, Privileges, and Access Controls vulnerability in Mozilla Firefox and Mozilla

Firefox before 1.0.4 and Mozilla Suite before 1.7.8 do not properly limit privileges of Javascript eval and Script objects in the calling context, which allows remote attackers to conduct unauthorized activities via "non-DOM property overrides," a variant of CVE-2005-1160.

7.5
2005-05-12 CVE-2005-1531 Mozilla Script Manager Security Bypass vulnerability in Mozilla Suite And Firefox

Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly implement certain security checks for script injection, which allows remote attackers to execute script via "Wrapped" javascript: URLs, as demonstrated using (1) a javascript: URL in a view-source: URL, (2) a javascript: URL in a jar: URL, or (3) "a nested variant."

7.5
2005-05-11 CVE-2005-1585 Open Solution SQL-Injection vulnerability in Open Solution Quick.Forum 2.1.6

Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow remote attackers to execute arbitrary SQL commands via the (1) iCategory or (2) page parameter to index.php, or (3) iCategory parameter in the query string to the forum directory.

7.5
2005-05-11 CVE-2005-1580 Boastmachine Remote Arbitrary File Upload vulnerability in Boastmachine 3.0

users.ini.php in BoastMachine 3.0 does not properly restrict the types of files that can be uploaded, which allows remote attackers to execute arbitrary code.

7.5
2005-05-11 CVE-2005-1562 Maxwebportal Remote vulnerability in MaxWebPortal

Multiple SQL injection vulnerabilities in MaxWebPortal 1.3.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) fpassword parameter to inc_functions.asp, (2) txtAddress, (3) message, or (4) subject parameter to post_info.asp, (5) andor parameter to search.asp, (6) verkey parameter to pop_profile.asp, or (7) Remove or (8) Delete parameter to pm_delete2.asp.

7.5
2005-05-11 CVE-2005-1558 Neteyes Security Bypass vulnerability in Neteyes Nexusway 805

The web module in Neteyes Nexusway allows remote attackers to bypass authentication and gain administrator privileges by setting the cyclone500_auth cookie.

7.5
2005-05-11 CVE-2005-1517 Cisco Remote Security vulnerability in FWSM for Cisco Catalyst 6500/7600 Series

Unknown vulnerability in Cisco Firewall Services Module (FWSM) 2.3.1 and earlier, when using URL, FTP, or HTTPS filtering exceptions, allows certain TCP packets to bypass access control lists (ACLs).

7.5
2005-05-11 CVE-2005-1516 Netwin Remote Authentication Bypass vulnerability in Netwin Dmail 3.1A

DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass authentication, read log files, and shutdown the system via a sendlog command with an incorrect password hash, which is not properly handled by the _cmd_sendlog function.

7.5
2005-05-11 CVE-2005-1512 Pwsphp Remote Security vulnerability in Pwsphp 1.2.2

The Admin panel in PwsPHP 1.2.2 does not properly verify uploaded picture files, which allows remote attackers to upload and possibly execute arbitrary files.

7.5
2005-05-11 CVE-2005-1511 Pwsphp Security Bypass vulnerability in Pwsphp 1.2.2

PwsPHP 1.2.2 allows remote attackers to bypass authentication and post arbitrary comments via the Pseudo cookie.

7.5
2005-05-11 CVE-2005-1510 Pwsphp Information Disclosure vulnerability in Pwsphp 1.2.2

PwsPHP 1.2.2 allows remote attackers to obtain sensitive information via a direct request to the admin directory, which reveals the path in an error message.

7.5
2005-05-11 CVE-2005-1509 Pwsphp SQL Injection vulnerability in Pwsphp 1.2.2

SQL injection vulnerability in profil.php in PwsPHP 1.2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2005-05-11 CVE-2005-1506 CJ SQL-Injection vulnerability in CJ Ultra Plus 1.0.3/1.0.4

SQL injection vulnerability in out.php in CJ Ultra (CJUltra) Plus 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via the perm parameter.

7.5
2005-05-11 CVE-2005-1505 Apple The new account wizard in Mail.app 2.0 in Mac OS 10.4, when configuring an IMAP mail account and checking the credentials, does not prompt the user to use SSL until after the password has already been sent, which causes the password to be sent in plaintext.
7.5
2005-05-11 CVE-2005-1503 Midicart Software SQL Injection vulnerability in MidiCart PHP Search_List.PHP SearchString Parameter

Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) searchstring parameter to search_list.php, the (2) maingroup or (3) secondgroup parameters to item_list.php, or (4) code_no parameter to item_show.php.

7.5
2005-05-11 CVE-2005-1501 Midicart Software Information Disclosure vulnerability in MidiCart PHP Shopping Cart

MidiCart PHP Shopping Cart allows remote attackers to obtain sensitive information via a direct request to (1) search_list.php, (2) item_list.php, or (3) item_show.php, which reveal the path in a PHP error message.

7.5
2005-05-11 CVE-2005-1500 Mywebland SQL Injection vulnerability in Mywebland Mybloggie 2.1.1/2.1.3

Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote attackers to execute arbitrary SQL commands via (1) the keyword parameter in search.php; or (2) the date_no parameter in viewdate mode, (3) the cat_id parameter in viewcat mode, the (4) month_no or (5) year parameter in viewmonth mode, or (6) post_id parameter in viewid mode to index.php.

7.5
2005-05-11 CVE-2005-1499 Mywebland Input Validation vulnerability in Mybloggie 2.1.1/2.1.2

delcomment.php in myBloggie 2.1.1 allows remote attackers to delete arbitrary comments by modifying the comment_id parameter.

7.5
2005-05-11 CVE-2005-1495 Oracle Buffer Overflow vulnerability in Oracle Application Server, Oracle10G and Oracle9I

Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the SYS user executes a SELECT statement on an FGA object, which makes it easier for attackers to escape detection.

7.5
2005-05-11 CVE-2005-1482 Interspire Remote vulnerability in Interspire Articlelive 2005

ArticleLive 2005 allows remote attackers to gain privileges by modifying the (1) auth and (2) userId fields in a cookie.

7.5
2005-05-11 CVE-2005-1481 Aaronoutpost SQL-Injection vulnerability in Aaronoutpost ASP Inline Corporate Calendar 3

Multiple SQL injection vulnerabilities in Aaron Outpost ASP Inline Corporate Calendar allow remote attackers to execute arbitrary SQL commands via the Event_ID parameter to (1) defer.asp or (2) details.asp.

7.5
2005-05-11 CVE-2005-1479 JGS XA SQL Injection vulnerability in JGS-Portal ID Variable

SQL injection vulnerability in jgs_portal.php in JGS-Portal 3.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2005-05-11 CVE-2005-1478 Netwin Remote Format String vulnerability in Netwin Dmail 3.1A/3.1B

Format string vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a allows remote attackers to execute arbitrary code via format string specifiers in the xtellmail command.

7.5
2005-05-11 CVE-2005-1261 ROB Flynn Remote URI Handling Buffer Overflow vulnerability in Gaim

Stack-based buffer overflow in the URL parsing function in Gaim before 1.3.0 allows remote attackers to execute arbitrary code via an instant message (IM) with a large URL.

7.5
2005-05-12 CVE-2005-0974 Apple Unspecified vulnerability in Apple mac OS X

Unknown vulnerability in the nfs_mount call in Mac OS X 10.3.9 and earlier allows local users to gain privileges via crafted arguments.

7.2
2005-05-12 CVE-2005-0972 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

Integer overflow in the searchfs system call in Mac OS X 10.3.9 and earlier allows local users to execute arbitrary code via crafted parameters.

7.2
2005-05-11 CVE-2005-1263 Linux Local Buffer Overflow vulnerability in Linux Kernel ELF Core Dump

The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4 allows local users to execute arbitrary code via an ELF binary that, in certain conditions involving the create_elf_tables function, causes a negative length argument to pass a signed integer comparison, leading to a buffer overflow.

7.2

50 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-05-11 CVE-2005-1508 Pwsphp Cross-Site Scripting vulnerability in Pwsphp 1.2.2

Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 allow remote attackers to inject arbitrary web script or HTML via the (1) month or (2) annee parameters to the news module, (3) nbractif or (4) annee parameters to the stats module, (5) id parameter to profil.php, (6) mb_lettre or (7) lettre parameter to memberlist.php, or (8) chaine_search, or (9) auteur_search parameter to the recherche module.

6.8
2005-05-11 CVE-2005-1502 Midicart Software Cross-Site Scripting vulnerability in MidiCart PHP Search_List.PHP SearchString Parameter

Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the (1) searchstring parameter to search_list.php or the (2) secondgroup or (3) maingroup parameters to item_list.php.

6.8
2005-05-11 CVE-2005-1519 Squid DNS Spoofing vulnerability in Squid Proxy

Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered and the environment does not prevent IP spoofing, allows remote attackers to spoof DNS lookups.

6.4
2005-05-10 CVE-2005-0039 Nissc Unspecified vulnerability in Nissc Ipsec 1.0

Certain configurations of IPsec, when using Encapsulating Security Payload (ESP) in tunnel mode, integrity protection at a higher layer, or Authentication Header (AH), allow remote attackers to decrypt IPSec communications by modifying the outer packet in ways that cause plaintext data from the inner packet to be returned in ICMP messages, as demonstrated using bit-flipping attacks and (1) Destination Address Rewriting, (2) a modified header length that causes portions of the packet to be interpreted as IP Options, or (3) a modified protocol field and source address.

6.4
2005-05-14 CVE-2005-1551 Sophos Denial-Of-Service vulnerability in Sophos Anti-Virus 3.93

Sophos Anti-Virus 3.93 does not check downloaded files for viruses when they have only been written, which creates a race condition and may allow remote attackers to bypass virus protection if the file is executed before the antivirus starts on system reboot.

5.1
2005-05-14 CVE-2005-1546 HT Editor Unspecified vulnerability in HT Editor HT Editor

Buffer overflow in the PE parser in HT Editor before 0.8.0 allows remote attackers to execute arbitrary code via a crafted PE file.

5.1
2005-05-14 CVE-2005-1545 HT Editor Unspecified vulnerability in HT Editor HT Editor

Integer overflow in the ELF parser in HT Editor before 0.8.0 allows remote attackers to execute arbitrary code via a crafted ELF file, which leads to a heap-based buffer overflow.

5.1
2005-05-09 CVE-2005-1477 Mozilla Remote Arbitrary Code Execution vulnerability in Mozilla Firefox 1.0.3

The install function in Firefox 1.0.3 allows remote web sites on the browser's whitelist, such as update.mozilla.org or addon.mozilla.org, to execute arbitrary Javascript with chrome privileges, leading to arbitrary code execution on the system when combined with vulnerabilities such as CVE-2005-1476, as demonstrated using a javascript: URL as the package icon and a cross-site scripting (XSS) attack on a vulnerable whitelist site.

5.1
2005-05-09 CVE-2005-1476 Mozilla Remote Arbitrary Code Execution vulnerability in Mozilla Firefox Install Method

Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript in other domains by using an IFRAME and causing the browser to navigate to a previous javascript: URL, which can lead to arbitrary code execution when combined with CVE-2005-1477.

5.1
2005-05-14 CVE-2005-1586 Open Solution Information Disclosure vulnerability in Open Solution Quick.Forum 2.1.6

Quick.Forum 2.1.6 stores potentially sensitive information such as usernames, banned IP addresses, censored words, and backups under the web document root, which allows remote attackers to obtain that information via a direct request to (1) db/users.txt, (2) db/banList.txt, (3) db/censureWords.txt, or (4) backup files.

5.0
2005-05-14 CVE-2005-1583 1Two Remote Security vulnerability in 1Two News 1.0

1Two News 1.0 allows remote attackers to (1) delete images for new stories via a direct request to admin/delete.php or (2) upload arbitrary images via a direct request to admin/upload.php.

5.0
2005-05-14 CVE-2005-1575 Mozilla Remote Security vulnerability in Mozilla Firefox 0.10.1/1.0

The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows allows remote attackers to hide the real file types of downloaded files via the Content-Type HTTP header and a filename containing whitespace, dots, or ASCII byte 160.

5.0
2005-05-14 CVE-2005-1571 Wenig AND Spitzer Williams Directory Traversal vulnerability in Wenig and Spitzer-Williams Showoff Digital Media Software 1.5.4

Multiple directory traversal vulnerabilities in ShowOff! 1.5.4 allow remote attackers to read arbitrary files via ".." sequences in arguments to the (1) ShowAlbum, (2) ShowVideo, or (3) ShowGraphic scripts.

5.0
2005-05-14 CVE-2005-1570 Battleaxe Software SQL-Injection vulnerability in Battleaxe Software Bttlxeforum 2.0

forum.asp in bttlxeForum 2.0 allows remote attackers to obtain full path information via a certain hex-encoded argument to the page parameter, possibly due to a SQL injection vulnerability.

5.0
2005-05-14 CVE-2005-1563 Mozilla Information Disclosure vulnerability in Bugzilla Hidden Product

Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different error message depending on whether a product exists or not, which allows remote attackers to determine hidden products.

5.0
2005-05-14 CVE-2005-1556 Gamespy Denial-Of-Service vulnerability in Gamespy Sdk Cd-Key Validation Toolkit

Gamespy cd-key validation system allows remote attackers to cause a denial of service (cd-key already in use) by capturing and replaying a cd-key authorization session.

5.0
2005-05-14 CVE-2005-1552 Geovision Unspecified vulnerability in Geovision Digital Surveillance System 6.0.4/6.1/7.0

GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when set to create JPEG images, does not properly protect an image even when a password and username is assigned, which may allow remote attackers to gain sensitive information via a direct request to the image.

5.0
2005-05-14 CVE-2005-1549 Colored Scripts Directory Traversal vulnerability in Easy Message Board

Directory traversal vulnerability in easymsgb.pl in Easy Message Board allows remote attackers to read arbitrary files via a ..

5.0
2005-05-12 CVE-2005-1579 Apple Information Disclosure vulnerability in Apple Quicktime 7.0

Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to obtain sensitive information via a .mov file with a Quartz Composer composition (.qtz) file that uses certain patches to read local information, then other patches to send the information to the attacker.

5.0
2005-05-12 CVE-2005-1568 Directtopics Information Disclosure vulnerability in Directtopics

topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to obtain sensitive information via an invalid topic parameter, which reveals the path in an error message.

5.0
2005-05-12 CVE-2005-1565 Mozilla Information Disclosure vulnerability in Bugzilla Authentication

Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is prompted to log in while attempting to view a chart, displays the password in the URL, which may allow local users to gain sensitive information from web logs or browser history.

5.0
2005-05-11 CVE-2005-1572 Wenig AND Spitzer Williams Denial-Of-Service vulnerability in Wenig and Spitzer-Williams Showoff Digital Media Software 1.5.4

ShowOff! 1.5.4 allows remote attackers to cause a denial of service (server crash) via a malformed request to port 8083.

5.0
2005-05-11 CVE-2005-1515 DAN Bernstein Denial-Of-Service vulnerability in Qmail

Integer signedness error in the qmail_put and substdio_put functions in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large number of SMTP RCPT TO commands.

5.0
2005-05-11 CVE-2005-1514 DAN Bernstein Denial-Of-Service vulnerability in Qmail

commands.c in qmail, when running on 64 bit platforms with a large amount of virtual memory, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SMTP command without a space character, which causes an array to be referenced with a negative index.

5.0
2005-05-11 CVE-2005-1507 4D Remote Buffer Overflow vulnerability in 4D WebStar Tomcat Plugin

Buffer overflow in the Tomcat plugin in 4d WebSTAR 5.33 and 5.4 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long URL.

5.0
2005-05-11 CVE-2005-1504 Gamespy Security Bypass vulnerability in Cd-Key Validation System

GameSpy SDK CD-Key Validation Toolkit, as used by many online games, allows remote attackers to bypass the CD key validation by sending a spoofed \disc\ command, which tells the server the CD key is no longer in use.

5.0
2005-05-11 CVE-2005-1497 Mywebland Information Disclosure vulnerability in Mywebland Mybloggie 2.1.1

index.php in myBloggie 2.1.1 allows remote attackers to obtain sensitive information via an invalid post_id parameter, which reveals the path in an error message.

5.0
2005-05-11 CVE-2005-1493 Dead Pirate Software Directory Traversal vulnerability in Dead Pirate Software Simplecam 1.2

Directory traversal vulnerability in SimpleCam 1.2 allows remote attackers to read arbitrary files via a ..\ (dot dot backslash) in the URL.

5.0
2005-05-11 CVE-2005-1489 Icewarp
Merak
Remote Security vulnerability in Mail Server

Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote authenticated users to obtain the full path of the server via certain requests to (1) calendar_addevent.html, (2) calendar_event.html, or (3) calendar_task.html.

5.0
2005-05-11 CVE-2005-1486 Fishnet Cross-Site Scripting vulnerability in Fishnet Fishcart 3.1

Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) trackingnum, (2) reqagree, or (3) m parameter to upstracking.php or (4) nlst parameter to display.php.

5.0
2005-05-11 CVE-2005-1485 Kmint21 Software Information Disclosure vulnerability in Kmint21 Software Golden FTP Server 2.52

Golden FTP Server Pro 2.52 allows remote attackers to obtain sensitive information via a GET request for a file that does not exist, which reveals the absolute path of the FTP server in the resulting FTP error message.

5.0
2005-05-11 CVE-2005-1484 Kmint21 Software Directory Traversal vulnerability in Golden FTP Server Pro

Directory traversal vulnerability in Golden FTP server pro 2.52 allows remote attackers to read arbitrary files via a "\.." (backward slash dot dot) with a leading '"' (double quote) in the GET command.

5.0
2005-05-11 CVE-2005-1480 Raiden Professional Servers Unspecified vulnerability in Raiden Professional Servers Raidenftpd

Directory traversal vulnerability in RaidenFTPD before 2.4.2241 allows remote attackers to read arbitrary files via a "..\\" (dot dot backslash) in the urlget site command.

5.0
2005-05-11 CVE-2005-1262 ROB Flynn Remote MSN Empty SLP Message Denial Of Service vulnerability in Gaim

Gaim 1.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed MSN message.

5.0
2005-05-13 CVE-2005-0758 GNU
Canonical
zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.
4.6
2005-05-12 CVE-2005-0971 Apple Unspecified vulnerability in Apple mac OS X

Stack-based buffer overflow in the semop system call in Mac OS X 10.3.9 and earlier allows local users to gain privileges via crafted arguments.

4.6
2005-05-12 CVE-2005-0969 Apple Unspecified vulnerability in Apple mac OS X

Heap-based buffer overflow in the syscall emulation functionality in Mac OS X before 10.3.9 allows local users to cause a denial of service (kernel panic) and possibly execute arbitrary code via crafted parameters.

4.6
2005-05-11 CVE-2005-1496 Oracle Privilege Escalation vulnerability in Oracle Application Server and Oracle10G

The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE JOB privileges to gain additional privileges by changing SESSION_USER to the SYS user.

4.6
2005-05-11 CVE-2005-1491 Icewarp
Merak
Local Security vulnerability in Mail Server

Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote authenticated users to (1) move their home directory via viewaction.html or (2) move arbitrary files via the importfile parameter to importaction.html.

4.6
2005-05-14 CVE-2005-1587 Open Solution Cross-Site Scripting vulnerability in Open Solution Quick.Cart 0.3.0

Cross-site scripting (XSS) vulnerability in index.php for Quick.cart 0.3.0 allows remote attackers to inject arbitrary web script or HTML via the sWord parameter.

4.3
2005-05-14 CVE-2005-1584 Open Solution HTML Injection vulnerability in Open Solution Quick.Forum 2.1.6

Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum 2.1.6 allows remote attackers to inject arbitrary web script or HTML via the topic field in a NewTopic action.

4.3
2005-05-14 CVE-2005-1582 1Two Cross-Site Scripting vulnerability in 1Two News 1.0

Cross-site scripting (XSS) vulnerability in index.php for 1Two News 1.0 allows remote attackers to inject arbitrary web script or HTML via the (1) nom, (2) email, (3) siteweb, or (4) commentaire variables.

4.3
2005-05-14 CVE-2005-1581 Eric Fichot Cross-Site Scripting vulnerability in Eric Fichot BUG Report 1.0

Cross-site scripting (XSS) vulnerability in Bug Report 1.0 allows remote attackers to inject arbitrary web script or HTML via various fields to bug_report.php, which are not filtered or quoted when processed by bug_list.php or admin/index.php.

4.3
2005-05-14 CVE-2005-1569 Directtopics Cross-Site Scripting vulnerability in Directtopics 2.1/2.2

Cross-site scripting (XSS) vulnerability in DirectTopics 2.1 and 2.2 allows remote attackers to inject arbitrary web script via a javascript: URL in (1) a thread or (2) an IMG tag.

4.3
2005-05-11 CVE-2005-1561 Maxwebportal Remote vulnerability in MaxWebPortal

Multiple cross-site scripting (XSS) vulnerabilities in post.asp in MaxWebPortal 1.3.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) mod, (2) M, or (3) type parameter.

4.3
2005-05-11 CVE-2005-1557 Pixysoft HTML Injection vulnerability in Pixysoft Guestbook PRO 3.2.1

Multiple cross-site scripting (XSS) vulnerabilities in WebApp Guestbook PRO 3.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) content of a message.

4.3
2005-05-11 CVE-2005-1498 Mywebland Input Validation vulnerability in Mybloggie 2.1.1/2.1.2

Multiple cross-site scripting (XSS) vulnerabilities in myBloggie 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) year parameter in viewmode.php, or the (2) cat_id, (3) month_no, or (4) post_id parameter in index.php, which are not properly sanitized before they are displayed in an error message.

4.3
2005-05-11 CVE-2005-1494 Megabook Cross-Site Scripting vulnerability in MegaBook Admin.CGI EntryID

Multiple cross-site scripting (XSS) vulnerabilities in admin.cgi in MegaBook 2.0 and 2.1 allow remote attackers to inject arbitrary web script or HTML via the (1) entryid or (2) password parameter.

4.3
2005-05-11 CVE-2005-1483 Interspire Remote vulnerability in Interspire Articlelive 2005

Multiple cross-site scripting (XSS) vulnerabilities in ArticleLive 2005 allow remote attackers to inject arbitrary web script or HTML via the (1) Query, (2) Username, (3) LastName, (4) Biography, or (5) BlogId parameter.

4.3
2005-05-10 CVE-2005-1555 Macromedia Cross-Site Scripting vulnerability in Macromedia Coldfusion 7.0

Cross-site scripting (XSS) vulnerability in the JRun Web Server in ColdFusion MX 7.0 allows remote attackers to inject arbitrary script or HTML via the URL, which is not properly quoted in the resulting default 404 error page.

4.3

6 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-05-12 CVE-2005-1576 Mozilla Remote Security vulnerability in Mozilla Firefox 0.10.1/1.0

The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows uses the Content-Type HTTP header to determine the file type, but saves the original file extension when "Save to Disk" is selected, which allows remote attackers to hide the real file types of downloaded files.

2.6
2005-05-13 CVE-2005-1578 Guidance Software Local Security vulnerability in Guidance Software Encase 4.18A

EnCase Forensic Edition 4.18a does not support Device Configuration Overlays (DCO), which allows attackers to hide information without detection.

2.1
2005-05-12 CVE-2005-0973 Apple Unspecified vulnerability in Apple mac OS X

Unknown vulnerability in the setsockopt system call in Mac OS X 10.3.9 and earlier allows local users to cause a denial of service (memory exhaustion) via crafted arguments.

2.1
2005-05-11 CVE-2005-1518 SUN Unspecified vulnerability in SUN Solaris and Sunos

Unknown vulnerability in Solaris 7 through 9, when using Federated Naming Services (FNS), autofs, and FNS X.500 configuration, allows local users to cause a denial of service (automountd crash) when "accessing" /xfn/_x500.

2.1
2005-05-11 CVE-2005-1490 Icewarp
Merak
Local Security vulnerability in Mail Server

Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the mailbox.dat file does not exist, allows remote authenticated users to determine if a file exists via the folder parameter to attachment.html.

2.1
2005-05-11 CVE-2005-1488 Icewarp
Merak
Cross-Site Scripting vulnerability in Mail Server

Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) the E-mail address, Note, or Public Certificate fields to address.html, (2) addressaction.html, (3) the Signature field to settings.html, or (4) the Shared calendars to calendarsettings.html.

1.9