Weekly Vulnerabilities Reports > July 4 to 10, 2005
Overview
70 new vulnerabilities reported during this period, including 1 critical vulnerabilities and 18 high severity vulnerabilities. This weekly summary report vulnerabilities in 62 products from 55 vendors including Wordpress, Microsoft, Mozilla, IBM, and Adobe. Vulnerabilities are notably categorized as "Resource Management Errors", "Link Following", and "Cleartext Storage of Sensitive Information".
- 60 reported vulnerabilities are remotely exploitables.
- 1 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
- 69 reported vulnerabilities are exploitable by an anonymous user.
- Wordpress has the most reported vulnerabilities, with 4 reported vulnerabilities.
- THE Cacti Group has the most reported critical vulnerabilities, with 1 reported vulnerabilities.
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
VULNERABILITIES
EXPLOITABLE
EXPLOITABLE
AVAILABLE
ANONYMOUSLY
WEB APPLICATION
Vulnerability Details
The following table list reported vulnerabilities for the period covered by this report:
1 Critical Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-07-06 | CVE-2005-2149 | THE Cacti Group | Unspecified vulnerability in the Cacti Group Cacti config.php in Cacti 0.8.6e and earlier allows remote attackers to set the no_http_headers switch, then modify session information to gain privileges and disable the use of addslashes to conduct SQL injection attacks. | 10.0 |
18 High Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-07-06 | CVE-2005-2165 | Globalnotescript | Remote Security vulnerability in GlobalNoteScript read.cgi in GlobalNoteScript allows remote attackers to execute arbitrary commands via shell metacharacters in the file parameters. | 7.5 |
2005-07-06 | CVE-2005-2164 | Covide Groupware CRM | SQL-Injection vulnerability in Covide Groupware-Crm Covide 5.2 SQL injection vulnerability in Covide Groupware-CRM allows remote attackers to execute arbitrary SQL commands via unknown attack vectors. | 7.5 |
2005-07-06 | CVE-2005-2160 | Ipswitch | Cleartext Storage of Sensitive Information vulnerability in Ipswitch Imail 2006 IMail stores usernames and passwords in cleartext in a cookie, which allows remote attackers to obtain sensitive information. | 7.5 |
2005-07-06 | CVE-2005-2158 | Jboss | Remote Security vulnerability in Jboss Jbpm 2.0 A regression error in the embedded HSQLDB in JBoss jBPM 2.0 allows remote attackers to execute arbitrary comands, a re-introduction of a vulnerability that was originally identified by CVE-2003-0845. | 7.5 |
2005-07-06 | CVE-2005-2156 | Phpnews | SQL Injection vulnerability in PHPnews 1.2.5 SQL injection vulnerability in news.php in PHPNews 1.2.5 allows remote attackers to execute arbitrary SQL commands via the prevnext parameter. | 7.5 |
2005-07-06 | CVE-2005-2155 | Easyphpcalendar | Remote Security vulnerability in Easyphpcalendar 6.1.5 PHP remote file inclusion vulnerability in EasyPHPCalendar 6.1.5 and earlier allows remote attackers to execute arbitrary code via the serverPath parameter. | 7.5 |
2005-07-06 | CVE-2005-2154 | Osticket | Input Validation vulnerability in OSTicket PHP local file inclusion vulnerability in (1) view.php and (2) open.php in osTicket 1.3.1 beta and earlier allows remote attackers to include and possibly execute arbitrary local files via the inc parameter. | 7.5 |
2005-07-06 | CVE-2005-2153 | Osticket | Input Validation vulnerability in OSTicket SQL injection vulnerability in class.ticket.php in osTicket 1.3.1 beta and earlier allows remote attackers to execute arbitrary SQL commands via the ticket variable. | 7.5 |
2005-07-06 | CVE-2005-2152 | Geeklog | SQL-Injection vulnerability in Geeklog SQL injection vulnerability in Geeklog before 1.3.11 allows remote attackers to execute arbitrary SQL commands via user comments for an article. | 7.5 |
2005-07-06 | CVE-2005-2148 | THE Cacti Group | SQL Injection vulnerability in RaXnet Cacti Input Filter Cacti 0.8.6e and earlier does not perform proper input validation to protect against common attacks, which allows remote attackers to execute arbitrary commands or SQL by sending a legitimate value in a POST request or cookie, then specifying the attack string in the URL, which causes the get_request_var function to return the wrong value in the $_REQUEST variable, which is cleansed while the original malicious $_GET value remains unmodified, as demonstrated in (1) graph_image.php and (2) graph.php. | 7.5 |
2005-07-06 | CVE-2005-2096 | Zlib | Unspecified vulnerability in Zlib 1.2.0/1.2.1/1.2.2 zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to a buffer overflow, as demonstrated using a crafted PNG file. | 7.5 |
2005-07-05 | CVE-2005-2135 | Etoshop | SQL-Injection vulnerability in Etoshop Dynamic BIZ Website Builder Quickweb 1.0 SQL injection vulnerability in verify.asp in EtoShop Dynamic Biz Website Builder (QuickWeb) 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) T1 or (2) T2 parameters. | 7.5 |
2005-07-05 | CVE-2005-2113 | Xoops | SQL-Injection vulnerability in Xoops SQL injection vulnerability in the loginUser function in the XMLRPC server in XOOPS 2.0.11 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via crafted values in an XML file, as demonstrated using the blogger.getPost method. | 7.5 |
2005-07-05 | CVE-2005-2111 | Community Link PRO WEB Editor | Remote Security vulnerability in Community Link Pro Web Editor login.cgi in Community Link Pro Web Editor allows remote attackers to execute arbitrary commands via the file parameter. | 7.5 |
2005-07-05 | CVE-2005-2108 | Wordpress | SQL-Injection vulnerability in WordPress SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file. | 7.5 |
2005-07-05 | CVE-2005-2105 | Cisco | Security Bypass vulnerability in IOS Cisco IOS 12.2T through 12.4 allows remote attackers to bypass Authentication, Authorization, and Accounting (AAA) RADIUS authentication, if the fallback method is set to none, via a long username. | 7.5 |
2005-07-05 | CVE-2005-2086 | Phpbb Group | Remote Security vulnerability in PHPbb Group PHPbb 2.0.15 PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code. | 7.5 |
2005-07-05 | CVE-2005-0393 | Crip | Unspecified vulnerability in Crip 3.5 The helper scripts for crip 3.5 do not properly use temporary files, which allows local users to have an unknown impact with unknown attack vectors. | 7.2 |
43 Medium Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-07-09 | CVE-2005-2176 | Novell | Unspecified vulnerability in Novell Netmail Novell NetMail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies. | 6.4 |
2005-07-06 | CVE-2005-2147 | Edgewall Software | Unspecified vulnerability in Edgewall Software Trac 0.7.1/0.8.1/0.8.3 Trac before 0.8.4 allows remote attackers to read or upload arbitrary files via a full pathname in the id parameter to the (1) upload or (2) attachment viewer scripts. | 6.4 |
2005-07-06 | CVE-2005-1916 | EKG Project Debian | Link Following vulnerability in multiple products linki.py in ekg 2005-06-05 and earlier allows local users to overwrite or create arbitrary files via a symlink attack on temporary files. | 5.5 |
2005-07-09 | CVE-2005-2175 | IBM | Remote Security vulnerability in Lotus Notes The web interface for Lotus Notes mail automatically processes HTML in an attachment without prompting the user to save or open it, which makes it easier for remote attackers to conduct web-based attacks and steal cookies. | 5.0 |
2005-07-08 | CVE-2005-2173 | Mozilla | Unspecified vulnerability in Mozilla Bugzilla The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to 2.18.1 and 2.19.1 to 2.19.3 do not verify that the flag ID is appropriate for the given bug or attachment ID, which allows users to change flags on arbitrary bugs and obtain a bug summary via process_bug.cgi. | 5.0 |
2005-07-06 | CVE-2005-2169 | KAF Oseo | Directory Traversal vulnerability in KAF Oseo Quick and Dirty PHPsource Printer 1.1 Directory traversal vulnerability in source.php in Quick & Dirty PHPSource Printer 1.1 and earlier allows remote attackers to read arbitrary files via ".../...//" sequences in the file parameter, which are reduced to "../" when PHPSource Printer uses a regular expression to remove "../" sequences. | 5.0 |
2005-07-06 | CVE-2005-2162 | Levcgi COM | Remote Security vulnerability in Levcgi.Com Myguestbook 0.6.1 PHP remote file inclusion vulnerability in form.inc.php3 in MyGuestbook 0.6.1 allows remote attackers to execute arbitrary PHP code via the lang parameter. | 5.0 |
2005-07-06 | CVE-2005-2159 | Planetdns | Remote Buffer Overflow vulnerability in Planetdns Planetfileserver 2.0.1.3 mshftp.dll in PlanetDNS PlanetFileServer 2.0.1.3 allows remote attackers to cause a denial of service (application crash) via a long request. | 5.0 |
2005-07-06 | CVE-2005-2157 | Nabocorp | Remote Security vulnerability in Nabocorp Nabopoll 1.2 PHP remote file inclusion vulnerability in survey.inc.php for nabopoll 1.2 allows remote attackers to execute arbitrary PHP code via the path parameter. | 5.0 |
2005-07-06 | CVE-2005-2151 | Double Precision Incorporated | Unspecified vulnerability in Double Precision Incorporated Courier Mail Server spf.c in Courier Mail Server does not properly handle DNS failures when looking up Sender Policy Framework (SPF) records, which could allow attackers to cause memory corruption. | 5.0 |
2005-07-05 | CVE-2005-2143 | Microsoft | Unspecified vulnerability in Microsoft Frontpage Microsoft Front Page allows attackers to cause a denial of service (crash) via a crafted style tag in a web page. | 5.0 |
2005-07-05 | CVE-2005-2141 | Jollybox DE | Denial-Of-Service vulnerability in Jollybox.De TCP Chat 1.0 TCP Chat 1.0 allows remote attackers to cause a denial of service (crash) via a long string to the chat service, possibly triggering a buffer overflow. | 5.0 |
2005-07-05 | CVE-2005-2140 | Fsboard | Directory Traversal vulnerability in Fsboard 2.0 Directory traversal vulnerability in default.asp for FSboard 2.0 allows remote attackers to read arbitrary files via ".." sequences in the filename parameter. | 5.0 |
2005-07-05 | CVE-2005-2139 | Pavsta | Remote Security vulnerability in Pavsta Auto Site PHP remote file inclusion vulnerability in user_check.php for Pavsta Auto Site allows remote attackers to execute arbitrary PHP code via the sitepath parameter. | 5.0 |
2005-07-05 | CVE-2005-2137 | Nateon | Unspecified vulnerability in Nateon Messenger 3.0 Unknown vulnerability in NateOn Messenger 3.0 allows remote attackers to list arbitrary directories via unknown attack vectors. | 5.0 |
2005-07-05 | CVE-2005-2115 | Raven Software | Denial-Of-Service vulnerability in Soldier Of Fortune 2 Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause a denial of service (server crash) via a large ID value in the ignore command, which is used as an array index and causes an out-of-bounds operation. | 5.0 |
2005-07-05 | CVE-2005-2114 | Mozilla | Denial-Of-Service vulnerability in Firefox Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and K-Meleon 0.9, and possibly other products that use the Gecko engine, allow remote attackers to cause a denial of service (application crash) via JavaScript that repeatedly calls an empty function. | 5.0 |
2005-07-05 | CVE-2005-2110 | Wordpress | Information Disclosure vulnerability in WordPress WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensitive information via (1) a direct request to menu-header.php or a "1" value in the feed parameter to (2) wp-atom.php, (3) wp-rss.php, or (4) wp-rss2.php, which reveal the path in an error message. | 5.0 |
2005-07-05 | CVE-2005-2109 | Wordpress | Denial-Of-Service vulnerability in WordPress wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use. | 5.0 |
2005-07-05 | CVE-2005-2106 | Drupal | Unspecified vulnerability in Drupal Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 allows remote attackers to execute arbitrary PHP code via a public comment or posting. | 5.0 |
2005-07-05 | CVE-2005-2087 | Microsoft | Resource Management Errors vulnerability in Microsoft IE and Internet Explorer Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). | 5.0 |
2005-07-05 | CVE-2005-2085 | Infradig Systems | Denial-Of-Service vulnerability in Infradig Systems Inframail Advantage Server6.0/Server6.7 Buffer overflow in Inframail Advantage Server Edition 6.0 through 6.7 allows remote attackers to cause a denial of service (process crash) via a long (1) SMTP FROM field or possibly (2) FTP NLST command. | 5.0 |
2005-07-05 | CVE-2005-2083 | Truenorth Software | Denial-Of-Service vulnerability in Ia Emailserver Format string vulnerability in IMAP4 in IA eMailServer Corporate Edition 5.2.2 build 1051 allows remote attackers to cause a denial of service (application crash) via a LIST command with format string specifiers as the second argument. | 5.0 |
2005-07-05 | CVE-2005-2082 | CGI Club | Remote Security vulnerability in Cgi-Club Imtrset 1.02 im_trbbs.cgi in imTRSET 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the df parameter. | 5.0 |
2005-07-05 | CVE-2005-2081 | Digium | Unspecified vulnerability in Digium Asterisk 1.0.7 Stack-based buffer overflow in the function that parses commands in Asterisk 1.0.7, when the 'write = command' option is enabled, allows remote attackers to execute arbitrary code via a command that has two double quotes followed by a tab character. | 5.0 |
2005-07-05 | CVE-2005-2068 | Freebsd | Unspecified vulnerability in Freebsd FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers to modify certain TCP options via a TCP packet with the SYN flag set for an already established session. | 5.0 |
2005-07-05 | CVE-2005-2019 | Freebsd | Unspecified vulnerability in Freebsd 5.4 ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) or Uni Processor (UP) systems with the PREEMPTION kernel option enabled, does not sufficiently lock certain resources while performing table lookups, which can cause the cache results to be corrupted during multiple concurrent lookups, allowing remote attackers to bypass intended access restrictions. | 5.0 |
2005-07-05 | CVE-2005-1931 | Goodtech Systems | Denial-Of-Service vulnerability in Goodtech Systems Goodtech Smtp Server 5.14 GoodTech SMTP Server 5.14 allows remote attackers to cause a denial of service (application crash) via a RCPT TO command with an invalid argument, as demonstrated using an "A" character. | 5.0 |
2005-07-05 | CVE-2005-1922 | Clam Anti Virus | Unspecified vulnerability in Clam Anti-Virus Clamav The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 allows remote attackers to cause a denial of service (file descriptor and memory consumption) via a crafted file that causes repeated errors in the cli_msexpand function. | 5.0 |
2005-07-05 | CVE-2005-1625 | Adobe | Unspecified vulnerability in Adobe Acrobat Reader 5.0.10/5.0.9 Stack-based buffer overflow in the UnixAppOpenFilePerform function in Adobe Reader 5.0.9 and 5.0.10 for Unix allows remote attackers to execute arbitrary code via a PDF document with a long /Filespec tag. | 5.0 |
2005-07-05 | CVE-2005-0360 | Microsoft | Remote Security vulnerability in Log Sink Class Activex Control The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked as "safe for scripting" for Internet Explorer, which allows remote attackers to create or append to arbitrary files. | 5.0 |
2005-07-05 | CVE-2005-2146 | SSH | Local Security vulnerability in SSH Tectia Server 4.3.1 SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows Servers, uses insecure permissions when generating the Secure Shell host identification key, which allows local users to access the key and spoof the server. | 4.6 |
2005-07-05 | CVE-2005-2145 | Prevx | Local Security vulnerability in Prevx PRO 2005 1.0 The kernel driver in Prevx Pro 2005 1.0 does not verify the source of certain messages, which allows local users to bypass protection by sending certain messages to the driver, as demonstrated by sending an "allow" message to bypass a warning message. | 4.6 |
2005-07-06 | CVE-2005-2163 | Autoindex | Cross-Site Scripting vulnerability in Autoindex PHP Script 1.5.2 Cross-site scripting (XSS) vulnerability in index.php in AutoIndex PHP Script 1.5.2 allows remote attackers to inject arbitrary web script or HTML via the search parameter. | 4.3 |
2005-07-06 | CVE-2005-2161 | Phpbb Group | Unspecified vulnerability in PHPbb Group PHPbb 2.0.16 Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote attackers to inject arbitrary web script or HTML via nested [url] tags. | 4.3 |
2005-07-05 | CVE-2005-2138 | Comdev | Cross-Site Scripting vulnerability in Comdev Ecommerce 3.0/3.1 Cross-site scripting (XSS) vulnerability in index.php in Comdev eCommerce 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the onMouseOver event of an "A" tag in a review message. | 4.3 |
2005-07-05 | CVE-2005-2112 | Xoops | Cross-Site Scripting vulnerability in Xoops Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) order parameter to edit.php or (2) cid parameter to comment_edit.php. | 4.3 |
2005-07-05 | CVE-2005-2107 | Wordpress | Cross-Site Scripting vulnerability in WordPress Multiple cross-site scripting (XSS) vulnerabilities in post.php in WordPress 1.5.1.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) p or (2) comment parameter. | 4.3 |
2005-07-05 | CVE-2005-2094 | SUN | Cross-Site Scripting vulnerability in SUN ONE web Server 6.1 Sun SunONE web server 6.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes SunONE to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | 4.3 |
2005-07-05 | CVE-2005-2093 | Oracle | Unspecified vulnerability in Oracle Application Server 9.0.2 Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes Application Server to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | 4.3 |
2005-07-05 | CVE-2005-2092 | BEA | Cross-Site Scripting vulnerability in BEA Weblogic Server 8.1 BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebLogic to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | 4.3 |
2005-07-05 | CVE-2005-2091 | IBM | Cross-Site Scripting vulnerability in Websphere Application Server 5.0/5.1.0 IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison the web cache, bypass web application firewall protection, and conduct XSS attacks via an HTTP request with both a "Transfer-Encoding: chunked" header and a Content-Length header, which causes WebSphere to incorrectly handle and forward the body of the request in a way that causes the receiving server to process it as a separate HTTP request, aka "HTTP Request Smuggling." | 4.3 |
2005-07-05 | CVE-2005-2084 | Telligent Systems | Cross-Site Scripting vulnerability in Community Server Forums Cross-site scripting (XSS) vulnerability in SearchResults.aspx in Community Forum allows remote attackers to inject arbitrary web script or HTML via the q parameter. | 4.3 |
8 Low Vulnerabilities
DATE | CVE | VENDOR | VULNERABILITY | CVSS |
---|---|---|---|---|
2005-07-08 | CVE-2005-2174 | Mozilla | Unspecified vulnerability in Mozilla Bugzilla Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 inserts a bug into the database before it is marked private, which introduces a race condition and allows attackers to access information about the bug via buglist.cgi before MySQL replication is complete. | 2.6 |
2005-07-05 | CVE-2005-1923 | Clam Anti Virus | Unspecified vulnerability in Clam Anti-Virus Clamav The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, which causes a zero-length read. | 2.6 |
2005-07-07 | CVE-2005-1841 | Adobe | Unspecified vulnerability in Adobe Acrobat Reader 5.0.10/5.0.9 The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris, HP-UX, and AIX creates temporary files with the permissions as specified in a user's umask, which could allow local users to read PDF documents of that user if the umask allows it. | 2.1 |
2005-07-05 | CVE-2005-2144 | Prevx | Local Security vulnerability in Prevx PRO 2005 1.0 Prevx Pro 2005 1.0 allows local users to bypass file protection and modify files by using MapViewOfFile to perform memory mapping on the file. | 2.1 |
2005-07-05 | CVE-2005-2142 | Kmint21 Software | Directory Traversal vulnerability in Kmint21 Software Golden FTP Server 2.60 Directory traversal vulnerability in Golden FTP Server 2.60 allows remote authenticated attackers to list arbitrary directories via a "\.." (backslash dot dot) in an LS (LIST) command. | 2.1 |
2005-07-05 | CVE-2005-2134 | Netbsd | Denial-Of-Service vulnerability in NetBSD The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 allow local users to cause a denial of service (kernel crash) by using the set-parameters ioctl on an audio device to change the block size and set the pause state to "unpaused" in the same ioctl, which causes a divide-by-zero error. | 2.1 |
2005-07-05 | CVE-2005-1932 | Lpanel | Input Validation vulnerability in LPanel Lpanel 1.59 and earlier, and other versions before 1.597, allows remote authenticated users to modify certain critical variables and (1) modify DNS settings for arbitrary domains via the domain parameter to diagnose.php, (2) close, open, or respond to arbitrary support tickets via the close, open, or pid parameter to view_ticket.php, (3) obtain sensitive information on arbitrary invoices via the inv parameter to viewreceipt.php, or (4) modify domain information for arbitrary domains via the editdomain parameter to domains.php. | 2.1 |
2005-07-05 | CVE-2005-1917 | Kpopper | Unspecified vulnerability in Kpopper 1.0 kpopper 1.0 and earlier allows local users to create and overwrite arbitrary files via a symlink attack on the .popper-new temporary file. | 2.1 |