Weekly Vulnerabilities Reports > August 1 to 7, 2005

Overview

78 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 23 high severity vulnerabilities. This weekly summary report vulnerabilities in 74 products from 62 vendors including Novell, Beehive Forum, Opera Software, Website Baker, and Astalavista IT Engineering. Vulnerabilities are notably categorized as "Off-by-one Error", and "Improper Input Validation".

  • 65 reported vulnerabilities are remotely exploitables.
  • 1 reported vulnerabilities have public exploit available.
  • 78 reported vulnerabilities are exploitable by an anonymous user.
  • Novell has the most reported vulnerabilities, with 3 reported vulnerabilities.
  • Ares has the most reported critical vulnerabilities, with 1 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

2 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-08-03 CVE-2005-2425 Ares Remote Buffer Overflow vulnerability in Ares Fileshare 1.1

Stack-based buffer overflow in Ares FileShare 1.1 allows remote attackers or local users to execute arbitrary code via a (1) long history parameter in the configuration file (ares.conf) or (2) long search string.

10.0
2005-08-03 CVE-2005-2420 Ftplocate Remote Command Execution vulnerability in FTPLocate

flsearch.pl in FtpLocate 2.02 allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTP GET request.

10.0

23 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-08-07 CVE-2005-2489 WEB Content Management Unspecified vulnerability in web Content Management web Content Management News System

Web Content Management News System allows remote attackers to create arbitrary accounts and gain privileges via a direct request to Admin/Users/AddModifyInput.php.

7.5
2005-08-07 CVE-2005-2486 Portailphp SQL Injection vulnerability in Portailphp 2.4

SQL injection vulnerability in mod_forum/read_message.php in PortailPHP allows remote attackers to execute arbitrary SQL commands via the id parameter to index.php with the affiche parameter set to "Forum-read_mess", a different vulnerability than CVE-2005-1701.

7.5
2005-08-07 CVE-2005-2484 Denora IRC Stats Remote Buffer Overflow vulnerability in Denora IRC Stats Denora IRC Stats 1.0

Buffer overflow in the rdb_query function for Denora IRC Stats 1.0 might allow attackers to execute arbitrary code.

7.5
2005-08-07 CVE-2005-2483 Karrigell Unspecified vulnerability in Karrigell

Eval injection vulnerability in Karrigell before 2.1.8 allows remote attackers to execute arbitrary Python code via modified arguments to a Karrigell services (.ks) script, which can reference functions from libraries that are used by that script.

7.5
2005-08-05 CVE-2005-2478 Silver Scripts SQL Injection vulnerability in Silver-Scripts Silvernews 2.0.3

SQL injection vulnerability in SilverNews 2.0.3 allows remote attackers to execute arbitrary SQL commands via the user field on the login page in the Admin control panel.

7.5
2005-08-05 CVE-2005-2473 Churchinfo SQL Injection vulnerability in ChurchInfo

Multiple SQL injection vulnerabilities in ChurchInfo allow remote attackers to execute arbitrary SQL commands via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, (8) DepositSlipID parameter to DepositSlipEditor.php, (9) QueryID parameter to QueryView.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php.

7.5
2005-08-05 CVE-2005-2471 Netpbm Unspecified vulnerability in Netpbm 2.10.0.8

pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert a PostScript file into a (1) PBM, (2) PGM, or (3) PNM file, which allows external user-assisted attackers to execute arbitrary commands.

7.5
2005-08-05 CVE-2005-1854 Debian Remote Command Execution vulnerability in Debian Apt-Cacher 0.9.4/0.9.9

Unknown vulnerability in apt-cacher in Debian 3.1, related to "missing input sanitising," allows remote attackers to execute arbitrary commands on the caching server.

7.5
2005-08-05 CVE-2005-1272 Broadcom
CA
Stack-based buffer overflow in the Backup Agent for Microsoft SQL Server in BrightStor ARCserve Backup Agent for SQL Server 11.0 allows remote attackers to execute arbitrary code via a long string sent to port (1) 6070 or (2) 6050.
7.5
2005-08-03 CVE-2005-2450 Clam Anti Virus Integer Overflow vulnerability in Clam Anti-Virus Clamav 0.85/0.85.1/0.86

Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file format processors in libclamav for Clam AntiVirus (ClamAV) 0.86.1 and earlier allow remote attackers to gain privileges via a crafted e-mail message.

7.5
2005-08-03 CVE-2005-2445 Early Impact SQL Injection vulnerability in Early Impact Product Cart 2.6

SQL injection vulnerability in viewPrd.asp in Product Cart 2.6 allows remote attackers to execute arbitrary SQL commands via the idcategory parameter.

7.5
2005-08-03 CVE-2005-2440 Thomson Netg SQL Injection vulnerability in Thomson Netg web Skill Vantage Manager 2.5

SQL injection vulnerability in login.asp in Thomson Web Skill Vantage Manager allows remote attackers to execute arbitrary SQL commands via the svmPassword parameter.

7.5
2005-08-03 CVE-2005-2439 Usebb SQL Injection vulnerability in UseBB Search

SQL injection vulnerability in UseBB 0.5.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the search function.

7.5
2005-08-03 CVE-2005-2432 Tincan SQL Injection vulnerability in PHPList Admin Page

SQL injection vulnerability in PhpList allows remote attackers to modify SQL statements via the id argument to admin pages such as (1) members or (2) admin.

7.5
2005-08-03 CVE-2005-2424 Siemens Denial Of Service vulnerability in Siemens Santis 50 4.2.8.0

The management interface for Siemens SANTIS 50 running firmware 4.2.8.0, and possibly other products including Ericsson HN294dp and Dynalink RTA300W, allows remote attackers to access the Telnet port without authentication via certain packets to the web interface that cause the interface to freeze.

7.5
2005-08-03 CVE-2005-2421 Beehive Forum SQL Injection vulnerability in Beehive Forum Webtag

Multiple SQL injection vulnerabilities in index.php and other pages in Beehive Forum allow remote attackers to execute arbitrary SQL commands via the webtag parameter.

7.5
2005-08-03 CVE-2005-2419 ECI Telecom Unspecified vulnerability in ECI Telecom B-Focus Router 312

B-FOCuS Router 312+ allows remote attackers to bypass authentication and gain unauthorized access via a direct request to firmwarecfg.

7.5
2005-08-03 CVE-2005-2415 Astalavista IT Engineering Input Validation vulnerability in Contrexx

Multiple SQL injection vulnerabilities in Contrexx before 1.0.5 allow remote attackers to execute arbitrary SQL commands via the (1) value parameter to the poll module or (2) pId parameter to the gallery module.

7.5
2005-08-03 CVE-2005-2346 Novell Unspecified vulnerability in Novell Groupwise 6.5

Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers to execute arbitrary code via a GWVW02xx.INI language file with a long entry, as demonstrated using a long ES02TKS.VEW value in the Group Task section.

7.5
2005-08-02 CVE-2005-2079 Symantec Veritas Remote Heap Overflow vulnerability in Veritas Backup Exec Admin Plus Pack Option

Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS Backup Exec 9.0 through 10.0 for Windows Servers allows remote attackers to execute arbitrary code.

7.5
2005-08-01 CVE-2005-2410 Gnome Remote Security vulnerability in NetworkManager

Format string vulnerability in the nm_info_handler function in Network Manager may allow remote attackers to execute arbitrary code via format string specifiers in a Wireless Access Point identifier, which is not properly handled in a syslog call.

7.5
2005-08-01 CVE-2005-2409 Nbsmtp Remote Format String vulnerability in No-Brainer SMTP Client Log_Msg()

Format string vulnerability in util.c in nbsmtp 0.99 and earlier, while running in debug mode, allows remote attackers to execute arbitrary code via format string specifiers that are not properly handled in a syslog call.

7.5
2005-08-03 CVE-2005-1853 University OF Minnesota Unspecified vulnerability in University of Minnesota Gopher 3.0.5

gopher.c in the Gopher client 3.0.5 does not properly create temporary files, which allows local users to gain privileges.

7.2

39 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-08-01 CVE-2005-2411 Tdiary Cross-Site Request Forgery vulnerability in Tdiary 2.1.1

Cross-Site Request Forgery (CSRF) vulnerability in tDiary 2.1.1, and tDiary 2.0.1 and earlier, allows remote attackers to conduct actions as another user, and execute commands on the server, via a URL that is activated by the user.

5.1
2005-08-07 CVE-2005-2482 Metasploit Unspecified vulnerability in Metasploit Framework

The StateToOptions function in msfweb in Metasploit Framework 2.4 and earlier, when running with the -D option (defanged mode), allows attackers to modify temporary environment variables before the "_Defanged" environment option is checked when processing the Exploit command.

5.0
2005-08-05 CVE-2005-2481 Macromedia Information Disclosure vulnerability in Macromedia Coldfusion Fusebox 4.1.0

ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive information via an invalid fuseaction parameter, which leaks the full server path in an error message, as demonstrated using the "?" (question mark) character.

5.0
2005-08-05 CVE-2005-2479 Pablo Software Solutions Denial of Service vulnerability in Pablo Software Solutions Quick N Easy FTP Server 3.0

Quick 'n Easy FTP Server 3.0 allows remote attackers to cause a denial of service (application crash or CPU consumption) via a long USER command.

5.0
2005-08-05 CVE-2005-2477 Naxtor SQL Injection vulnerability in Naxtor Shopping Cart 1.0

shop_display_products.php in Naxtor Shopping Cart 1.0 allows remote attackers to obtain sensitive information via a cat_id with a "'" (single quote), which reveals the path in an error message, possibly due to an SQL injection vulnerability.

5.0
2005-08-05 CVE-2005-2474 Churchinfo Denial-Of-Service vulnerability in ChurchInfo

ChurchInfo allows remote attackers to execute obtain sensitive information via the PersonID parameter to (1) PersonView.php, (2) MemberRoleChange.php, (3) PropertyAssign.php, (4) WhyCameEditor.php, (5) GroupPropsEditor.php, (6) Reports/PDFLabel.php, or (7) UserDelete.php, an invalid Number parameter to (8) SelectList.php or (9) SelectDelete.php, GroupID parameter to (10) GroupView.php, (11) GroupMemberList.php, (12) MemberRoleChange.php, (13) GroupDelete.php, (14) /Reports/ClassAttendance.php, or (15) /Reports/GroupReport.php, (16) PropertyID parameter to PropertyEditor.php, FamilyID parameter to (17) Canvas05Editor.php, (18) CanvasEditor.php, or (19) FamilyView.php, or (20) PledgeID parameter to PledgeDetails.php, which reveal the path in an error message.

5.0
2005-08-05 CVE-2005-2472 Netcplus Remote Buffer Overflow vulnerability in Netcplus Businessmail 4.60.00

Multiple buffer overflows in BusinessMail 4.60.00 allow remote attackers to cause a denial of service (application crash) via a long string to SMTP (1) HELO or (2) MAIL FROM commands.

5.0
2005-08-05 CVE-2005-2359 Freebsd Authentication Constant Key Usage vulnerability in BSD IPsec Session AES-XCBC-MAC

The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used for authentication without other encryption, uses a constant key instead of the one that was assigned by the system administrator, which can allow remote attackers to spoof packets to establish an IPsec session.

5.0
2005-08-05 CVE-2005-1268 Apache
Redhat
Debian
Off-By-One Error vulnerability in multiple products

Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one null byte.

5.0
2005-08-04 CVE-2005-2455 Greasemonkey Remote Information Disclosure vulnerability in Greasemonkey 0.3.3

Greasemonkey before 0.3.5 allows remote web servers to (1) read arbitrary files via a GET request to a file:// URL in the GM_xmlhttpRequest API function, (2) list installed scripts using GM_scripts, or obtain sensitive information via (3) GM_setValue and GM_getValue.

5.0
2005-08-03 CVE-2005-2452 Libtiff Denial of Service vulnerability in Libtiff 3.5.5/3.5.7/3.6.1

libtiff up to 3.7.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image header with a zero "YCbCr subsampling" value, which causes a divide-by-zero error in (1) tif_strip.c and (2) tif_tile.c, a different vulnerability than CVE-2004-0804.

5.0
2005-08-03 CVE-2005-2448 EKG Memory Alignment Remote Denial of Service vulnerability in EKG Libgadu

Multiple "endianness errors" in libgadu in ekg before 1.6rc2 allow remote attackers to cause a denial of service (invalid behavior in applications) on big-endian systems.

5.0
2005-08-03 CVE-2005-2443 Kshout Information Disclosure vulnerability in Kshout

Kshout 2.x and 3.x stores settings.dat under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames and passwords.

5.0
2005-08-03 CVE-2005-2442 SPI Dynamics Unspecified vulnerability in SPI Dynamics Webinspect 5.0.196

Cross-Application Scripting (XAS) vulnerability in SPI Dynamics WebInspect 5.0.196 allows remote attackers to inject Javascript from one application into another.

5.0
2005-08-03 CVE-2005-2437 Website Baker Unspecified vulnerability in Website Baker Website Baker

Website Baker Project does not properly verify the file extensions of uploaded files, which allows remote attackers to upload and execute arbitrary PHP code.

5.0
2005-08-03 CVE-2005-2436 Website Baker Remote Security vulnerability in Website Baker

browse.php in Website Baker Project allows remote attackers to obtain sensitive data via (1) a directory that does not exist in the dir parameter or (2) a direct request to certain php files, which reveal the path in an error message.

5.0
2005-08-03 CVE-2005-2434 Linksys Unspecified vulnerability in Linksys Wrt54G

Linksys WRT54G router uses the same private key and certificate for every router, which allows remote attackers to sniff the SSL connection and obtain sensitive information.

5.0
2005-08-03 CVE-2005-2433 Tincan Information Disclosure vulnerability in PHPlist

PhpList allows remote attackers to obtain sensitive information via a direct request to (1) about.php, (2) connect.php, (3) domainstats.php or (4) usercheck.php in public_html/lists/admin directory, (5) attributes.php, (6) dbcheck.php, (7) importcsv.php, (8) user.php, (9) usermgt.php, or (10) users.php in admin/commonlib/pages directory, (11) helloworld.php, or (12) sidebar.php in public_html/lists/admin/plugins directory, or (13) main.php in public_html/lists/admin/plugsins/defaultplugin directory, which reveal the path in an error message.

5.0
2005-08-03 CVE-2005-2431 Gforge Remote Security vulnerability in Gforge 4.5

The (1) lost password and (2) account pending features in GForge 4.5 do not properly set a limit on the number of e-mails sent to an e-mail address, which allows remote attackers to send a large number of messages to arbitrary e-mail addresses (aka mail bomb).

5.0
2005-08-03 CVE-2005-2429 Mozilla Remote Security vulnerability in Mozilla Firefox 2.0

Firefox, when opening Microsoft Word documents, does not properly set the permissions on shared sections, which allows remote attackers to write arbitrary data to open applications in Microsoft Office.

5.0
2005-08-03 CVE-2005-2428 IBM Unspecified vulnerability in IBM Lotus Domino 5.0/6.0/6.5

Lotus Domino R5 and R6 WebMail, with "Generate HTML for all fields" enabled, stores sensitive data from names.nsf in hidden form fields, which allows remote attackers to read the HTML source to obtain sensitive information such as (1) the password hash in the HTTPPassword field, (2) the password change date in the HTTPPasswordChangeDate field, (3) the client platform in the ClntPltfrm field, (4) the client machine name in the ClntMachine field, and (5) the client Lotus Domino release in the ClntBld field, a different vulnerability than CVE-2005-2696.

5.0
2005-08-03 CVE-2005-2423 Beehive Forum Beehive Forum allows remote attackers to obtain sensitive information via (1) an invalid final_uri or sort_by parameter to index.php or a direct request to (2) admin.php, (3) attachments.inc.php, (4) banned.inc.php, (5) beehive.inc.php, (6) constants.inc.php, (7) db.inc.php, (8) dictionary.inc.php or (9) search_index.php, which reveal the path in an error message.
5.0
2005-08-03 CVE-2005-2417 Astalavista IT Engineering Input Validation vulnerability in Contrexx

Contrexx before 1.0.5 allows remote attackers to obtain sensitive information via a direct request to /config/version.xml.

5.0
2005-08-03 CVE-2005-2413 Atomic Photo Album Remote File Include vulnerability in Atomic Photo Album Apa_PHPInclude.INC.PHP

PHP remote file inclusion vulnerability in apa_phpinclude.inc.php in Atomic Photo Album (APA) allows remote attackers to execute arbitrary PHP code via the apa_module_basedir parameter.

5.0
2005-08-03 CVE-2005-2412 PHP Firstpost Remote File Include vulnerability in PHPFirstpost Block.PHP

PHP remote file inclusion vulnerability in block.php in PHP FirstPost allows remote attackers to execute arbitrary PHP code via the Include parameter.

5.0
2005-08-01 CVE-2005-2405 Opera Software Unspecified vulnerability in Opera Software Opera web Browser 8.01

Opera 8.01, when the "Arial Unicode MS" font (ARIALUNI.TTF) is installed, does not properly handle extended ASCII characters in the file download dialog box, which allows remote attackers to spoof file extensions and possibly trick users into executing arbitrary code.

5.0
2005-08-07 CVE-2005-2488 WEB Content Management Cross-Site Scripting vulnerability in Web Content Management

Cross-site scripting (XSS) vulnerability in Web Content Management News System allows remote attackers to inject arbitrary web script or HTML via (1) the strRootpath parameter to validsession.php or (2) the strTable parameter to Admin/News/List.php.

4.3
2005-08-07 CVE-2005-2485 Logicampus Cross Site Scripting vulnerability in Logicampus 1.1.0

Cross-site scripting (XSS) vulnerability in the Helpdesk in Logicampus before 1.1.1 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2005-08-05 CVE-2005-2480 Macromedia Cross-Site Scripting vulnerability in Macromedia Coldfusion Fusebox 4.1.0

Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter, which is not quoted in an error page, as demonstrated using index.cfm.

4.3
2005-08-05 CVE-2005-2476 Naxtor Cross-Site Scripting vulnerability in Naxtor Shopping Cart 1.0

Cross-site scripting (XSS) vulnerability in lost_passowrd.php in Naxtor Shopping Cart 1.0 allows remote attackers to inject arbitrary web script or HTML via the email parameter.

4.3
2005-08-04 CVE-2005-2453 Networkactiv Cross-Site Scripting vulnerability in NetworkActiv Web Server

Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server 1.0, 2.0.0.6, 3.0.1.1, and 3.5.13, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the query string.

4.3
2005-08-03 CVE-2005-2441 Vbzoom Cross-Site Scripting vulnerability in VBZooM Forum

Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow remote attackers to inject arbitrary web script and HTML via the (1) UserName parameter to profile.php or (2) UserID parameter to login.php.

4.3
2005-08-03 CVE-2005-2438 Usebb Cross-site scripting (XSS) vulnerability in UseBB 0.5.1 and earlier allows remote attackers to inject arbitrary Javascript via the BBCode color value.
4.3
2005-08-03 CVE-2005-2435 Website Baker Cross-Site Scripting vulnerability in Website Baker

Cross-site scripting (XSS) vulnerability in browse.php in Website Baker Project allows remote attackers to inject arbitrary web script or HTML via the dir parameter.

4.3
2005-08-03 CVE-2005-2430 Gforge Cross-Site Scripting vulnerability in Gforge 4.5

Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 allow remote attackers to inject arbitrary web script or HTML via the (1) forum_id or (2) group_id parameter to forum.php, (3) project_task_id parameter to task.php, (4) id parameter to detail.php, (5) the text field on the search page, (6) group_id parameter to qrs.php, (7) form, (8) rows, (9) cols or (10) wrap parameter to notepad.php, or the login field on the login form.

4.3
2005-08-03 CVE-2005-2427 Elemental Software Cross-Site Scripting vulnerability in Elemental Software Cartwiz

Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ allows remote attackers to inject arbitrary web script or HTML via the message parameter.

4.3
2005-08-03 CVE-2005-2422 Beehive Forum Cross-Site Scripting vulnerability in Beehive Forum Webtag

Cross-site scripting (XSS) vulnerability in index.php in Beehive Forum allows remote attackers to inject arbitrary web script or HTML via the webtag parameter.

4.3
2005-08-03 CVE-2005-2416 Astalavista IT Engineering Input Validation vulnerability in Contrexx

Multiple cross-site scripting (XSS) vulnerabilities in Contrexx before 1.0.5 allow remote attackers to inject arbitrary web script or HTML via the (1) term parameter to the search module or (2) title in the blog aggregation module.

4.3
2005-08-01 CVE-2005-2406 Opera Software Unspecified vulnerability in Opera Software Opera web Browser 8.01

Opera 8.01 allows remote attackers to conduct cross-site scripting (XSS) attacks or modify which files are uploaded by tricking a user into dragging an image that is a "javascript:" URI.

4.3

14 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-08-03 CVE-2005-2414 Xpcom Denial-Of-Service vulnerability in Xpcom

Race condition in the xpcom library, as used by web browsers such as Firefox, Mozilla, Netscape, and Galeon, allows remote attackers to cause a denial of service (application crash) via a large HTML file that loads a DOM call from within nested DIV tags, which causes part of the currently rendering page and referenced objects to be deleted.

2.6
2005-08-01 CVE-2005-2407 Opera Software Unspecified vulnerability in Opera Software Opera web Browser 8.01

A design error in Opera 8.01 and earlier allows user-assisted attackers to execute arbitrary code by overlaying a malicious new window above a file download dialog box, then tricking the user into double-clicking on the "Run" button, aka "link hijacking".

2.6
2005-08-07 CVE-2005-2487 Mcdata Remote Denial Of Service vulnerability in McDATA E/OS

Unknown vulnerability in Sun McData switches and directors 4300, 4500, 6064, and 6140 before E/OS 6.0.0 may allow attackers to cause a denial of service (connectivity and array access loss) via a network broadcast storm.

2.1
2005-08-05 CVE-2005-2353 Mozilla Unspecified vulnerability in Mozilla Thunderbird 1.5.0.9

run-mozilla.sh in Thunderbird, with debugging enabled, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.

2.1
2005-08-05 CVE-2005-1767 Novell
Suse
Local Denial of Service vulnerability in Linux Kernel Stack Fault Exceptions

traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception stack, which allows local users to cause a denial of service (oops and stack fault exception).

2.1
2005-08-05 CVE-2005-1761 Novell
Suse
Improper Input Validation vulnerability in multiple products

Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users to cause a denial of service (kernel crash) via ptrace and the restore_sigcontext function.

2.1
2005-08-04 CVE-2005-2456 Linux Buffer Overflow vulnerability in Linux Kernel 2.6.0

Array index overflow in the xfrm_sk_policy_insert function in xfrm_user.c in Linux kernel 2.6 allows local users to cause a denial of service (oops or deadlock) and possibly execute arbitrary code via a p->dir value that is larger than XFRM_POLICY_OUT, which is used as an index in the sock->sk_policy array.

2.1
2005-08-03 CVE-2005-2451 Cisco Unspecified vulnerability in Cisco IOS and IOS XR

Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a local network segment to cause a denial of service (device reload) and possibly execute arbitrary code via a crafted IPv6 packet.

2.1
2005-08-03 CVE-2005-2444 Cerulean Studios Information Disclosure vulnerability in Cerulean Studios Trillian PRO 3.1Build121

Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the password in plaintext in a world readable file and does not delete the file after login, which allows local users to obtain sensitive information.

2.1
2005-08-03 CVE-2005-2426 Ftpshell Denial of Service vulnerability in Ftpshell Server 3.38

FTPshell Server 3.38 allows remote authenticated users to cause a denial of service (application crash) by multiple connections and disconnections without using the QUIT command.

2.1
2005-08-03 CVE-2005-2132 SCO Denial of Service vulnerability in SCO UnixWare RPC Portmapper

RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and 7.1.4 mp2 allows remote attackers or local users to cause a denial of service (lack of response) via multiple invalid portmap requests.

2.1
2005-08-02 CVE-2005-1762 Linux Local Denial of Service vulnerability in Linux Kernel 2.6.10/2.6.8.1

The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform allows local users to cause a denial of service (kernel crash) via a "non-canonical" address.

2.1
2005-08-05 CVE-2005-2475 Info ZIP Unspecified vulnerability in Info-Zip Unzip 5.52

Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete.

1.2
2005-08-03 CVE-2005-2449 Sandbox Insecure Temporary File Creation vulnerability in Gentoo Sandbox

Race condition in sandbox before 1.2.11 allows local users to create or overwrite arbitrary files via symlink attack on sandboxpids.tmp.

1.2