Weekly Vulnerabilities Reports > August 22 to 28, 2005

Overview

75 new vulnerabilities reported during this period, including 3 critical vulnerabilities and 31 high severity vulnerabilities. This weekly summary report vulnerabilities in 123 products from 55 vendors including Linux, Openvpn, Savewebportal, Broadcom, and Cisco. Vulnerabilities are notably categorized as "Resource Management Errors", "NULL Pointer Dereference", and "Credentials Management".

  • 65 reported vulnerabilities are remotely exploitables.
  • 75 reported vulnerabilities are exploitable by an anonymous user.
  • Linux has the most reported vulnerabilities, with 5 reported vulnerabilities.
  • Broadcom has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

3 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-08-23 CVE-2005-2679 Sysinternals Buffer Overflow vulnerability in Sysinternals Process Explorer 9.23.0.0

Buffer overflow in Sysinternals Process Explorer 9.23, and other versions before 9.25, allows local users to execute arbitrary code via a long CompanyName field in the VersionInfo information in a running process.

10.0
2005-08-23 CVE-2005-2669 Broadcom
CA
Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows remote attackers to execute arbitrary commands via spoofed CAFT packets.
10.0
2005-08-23 CVE-2005-2668 Broadcom
CA
Multiple buffer overflows in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allow remote attackers to execute arbitrary code via unknown vectors.
10.0

31 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-08-26 CVE-2005-2697 Mybulletinboard SQL Injection vulnerability in MyBulletinBoard Search.PHP

SQL injection vulnerability in search.php for MyBulletinBoard (MyBB) 1.00 Release Candidate 1 through 4 allows remote attackers to execute arbitrary SQL commands via the uid parameter.

7.5
2005-08-26 CVE-2005-2694 Winace Remote Security vulnerability in Winace 2.6.0.5

Buffer overflow in WinAce 2.6.0.5, and possibly earlier versions, allows remote attackers to execute arbitrary code via a temporary (.tmp) file that contains an entry with a long file name.

7.5
2005-08-24 CVE-2005-2692 Runcms SQL-Injection vulnerability in Runcms 1.1/1.1A/1.2

Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) addquery and (2) subquery parameters to the newbb plus module, the forum parameter to (3) newtopic.php, (4) edit.php, or (5) reply.php in the newbb plus module, or (6) the msg_id parameter to print.php in the messages module.

7.5
2005-08-24 CVE-2005-2691 Runcms Remote Security vulnerability in Runcms 1.1/1.1A/1.2

includes/common.php in RunCMS 1.2 and earlier calls the extract function with EXTR_OVERWRITE on HTTP POST variables, which allows remote attackers to overwrite arbitrary variables, possibly allowing execution of arbitrary code.

7.5
2005-08-24 CVE-2005-2690 Postnuke Software Foundation SQL Injection vulnerability in Postnuke Software Foundation Postnuke 0.76Rc4B

SQL injection vulnerability in the Downloads module in PostNuke 0.760-RC4b allows PostNuke administrators to execute arbitrary SQL commands via the show parameter to dl-viewdownload.php.

7.5
2005-08-24 CVE-2005-2687 Savewebportal Remote Security vulnerability in Savewebportal 3.4

PHP remote file inclusion vulnerability in SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP code via the (1) SITE_Path parameter to menu_dx.php or (2) CONTENTS_Dir parameter to menu_sx.php.

7.5
2005-08-24 CVE-2005-2686 Savewebportal Directory Traversal vulnerability in Savewebportal 3.4

Directory traversal vulnerability in SaveWebPortal 3.4 allows remote attackers to include arbitrary files and execute arbitrary local PHP programs via ".." sequences in the (1) SITE_Path parameter to menu_dx.php or (2) CONTENTS_Dir parameter to menu_sx.php.

7.5
2005-08-24 CVE-2005-2685 Savewebportal Remote Security vulnerability in Savewebportal 3.4

SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP code via a direct request to admin/PhpMyExplorer/editerfichier.php, then editing the desired file to contain the PHP code, as demonstrated using header.php in the fichier parameter.

7.5
2005-08-24 CVE-2005-2556 Mantis Input Validation vulnerability in Mantis

core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with register_globals enabled, allows remote attackers to connect to internal databases by modifying the g_db_type variable and monitoring the speed of responses, as identified by bug#0005956.

7.5
2005-08-23 CVE-2005-2684 Virtech nquser.php in Virtual Edge Netquery 3.11 allows remote attackers to execute arbitrary commands via shell metacharacters in the host parameter to a dig query.
7.5
2005-08-23 CVE-2005-2683 Phpkit SQL Injection vulnerability in PHPkit 1.6.1

Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote attackers to execute arbitrary SQL commands via the (1) letter parameter to login/member.php or (2) im_receiver parameter to login/imcenter.php.

7.5
2005-08-23 CVE-2005-2682 Dtlink Remote Security vulnerability in Areaedit

aspell_setup.php in the SpellChecker plugin in DTLink AreaEdit before 0.4.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the dictionary parameter (aka the lang variable).

7.5
2005-08-23 CVE-2005-2675 Neocrome SQL Injection vulnerability in Neocrome Land Down Under 800

** DISPUTED ** Note: the vendor has disputed this issue.

7.5
2005-08-23 CVE-2005-2673 Woltlab SQL Injection vulnerability in Woltlab Burning Board 2.2.2/2.2.3

SQL injection vulnerability in modcp.php in WoltLab Burning Board 2.2.2 and 2.3.3 allows remote authenticated attackers to execute arbitrary SQL commands via the (1) x or (2) y parameters.

7.5
2005-08-23 CVE-2005-2665 ELM Development Group Remote Buffer Overflow vulnerability in Elm Expires Header

Stack-based buffer overflow in expires.c in Elm 2.5 PL5 through PL7, and possibly other versions, allows remote attackers to execute arbitrary code via an e-mail message with a long Expires header.

7.5
2005-08-23 CVE-2005-2651 Phpoutsourcing Unspecified vulnerability in PHPoutsourcing Zorum 3.5

gorum/prod.php in Zorum 3.5 allows remote attackers to execute arbitrary code via shell metacharacters in the argv parameter.

7.5
2005-08-23 CVE-2005-2645 Xerox Security Bypass vulnerability in Document Centre

Unknown vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to bypass authentication.

7.5
2005-08-23 CVE-2005-2644 Isemarket Buffer Overflow vulnerability in Isemarket JaguarControl ActiveX Control

Buffer overflow in JaguarEditControl.dll in Isemarket JaguarControl allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long Jtext field.

7.5
2005-08-23 CVE-2005-2642 Mutt Buffer Overflow vulnerability in Mutt 1.5.10

Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt 1.5.10 allows remote attackers to execute arbitrary code, possibly due to interactions with libiconv or gettext.

7.5
2005-08-23 CVE-2005-2641 Padl Software Authentication Bypass vulnerability in PADL Software PAM_LDAP

Unknown vulnerability in pam_ldap before 180 does not properly handle a new password policy control, which could allow attackers to gain privileges.

7.5
2005-08-23 CVE-2005-2639 Valusoft Buffer Overflow vulnerability in Valusoft Chris Moneymakers World Poker Championship 1.0

Buffer overflow in Chris Moneymaker's World Poker Championship 1.0 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long nickname.

7.5
2005-08-23 CVE-2005-2637 Phpfreenews SQL Injection vulnerability in PHPFreeNews SearchResults.PHP

Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) Match or (2) CatID parameter to SearchResults.php, or (3) the password to AccessControl.php.

7.5
2005-08-23 CVE-2005-2636 Phpadsnew
Phppgads
SQL Injection vulnerability in phpPgAds Lib-View-Direct.INC.PHP

SQL injection vulnerability in lib-view-direct.inc.php in phpAdsNew and phpPgAds before 2.0.6 allows remote attackers to execute arbitrary SQL commands via the clientid parameter.

7.5
2005-08-23 CVE-2005-2634 Winftp Server Buffer Overflow vulnerability in Winftp Server Winftp Server 1.6.8

Buffer overflow in the Log-SCR function in the "Log to Screen" feature in WinFtp Server 1.6.8 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long request.

7.5
2005-08-23 CVE-2005-2633 Phptb Remote File Include vulnerability in PHPTB Topic Board

Multiple PHP file inclusion vulnerabilities in (1) admin_o.php, (2) board_o.php, (3) dev_o.php, (4) file_o.php or (5) tech_o.php in PHPTB Topic Board 2.0 and earlier allow remote attackers to execute arbitrary PHP code via the absolutepath parameter.

7.5
2005-08-23 CVE-2005-2632 Mediabox404 SQL Injection vulnerability in Mediabox404 Login_Admin_Mediabox404.PHP

SQL injection vulnerability in login_admin_mediabox404.php in mediabox404 1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the User field.

7.5
2005-08-23 CVE-2005-2631 Cisco Unspecified vulnerability in Cisco Network Admission Control Manager and Server System Software

Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to 3.5.3 does not properly authenticate users when invoking API methods, which could allow remote attackers to bypass security checks, change the assigned role of a user, or disconnect users.

7.5
2005-08-23 CVE-2005-2491 Pcre Unspecified vulnerability in Pcre 5.0/6.0/6.1

Integer overflow in pcre_compile.c in Perl Compatible Regular Expressions (PCRE) before 6.2, as used in multiple products such as Python, Ethereal, and PHP, allows attackers to execute arbitrary code via quantifier values in regular expressions, which leads to a heap-based buffer overflow.

7.5
2005-08-23 CVE-2005-0358 EMC
SUN
Multiple vulnerability in EMC Legato Networker

EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token.

7.5
2005-08-23 CVE-2005-0357 EMC
SUN
Multiple vulnerability in EMC Legato Networker

EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID.

7.5
2005-08-23 CVE-2005-2681 Cisco Local Privilege Escalation vulnerability in Cisco Intrusion Prevention System

Unspecified vulnerability in the command line processing (CLI) logic in Cisco Intrusion Prevention System 5.0(1) and 5.0(2) allows local users with OPERATOR or VIEWER privileges to gain additional privileges via unknown vectors.

7.2

33 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-08-23 CVE-2005-2646 Xerox Denial-Of-Service vulnerability in Document Centre

Unknown vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to cause a denial of service or read files via unknown vectors involving crafted HTTP requests.

6.4
2005-08-23 CVE-2005-0359 EMC
SUN
Multiple vulnerability in EMC Legato Networker

The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 does not restrict access to the pmap_set and pmap_unset commands, which allows remote attackers to (1) cause a denial of service by using pmap_unset to un-register a NetWorker service, or (2) obtain sensitive information from NetWorker services by using pmap_set to register a new service.

6.4
2005-08-26 CVE-2005-2696 IBM Information Disclosure vulnerability in Lotus Notes

IBM Lotus Notes does not properly restrict access to password hashes in the Notes Address Book (NAB), which allows remote attackers to obtain sensitive information via the (1) password digest field in the Administration tab of a Lotus Notes client, (2) "PasswordDigest" and "HTTPPassword" fields in the document properties in the NAB, or (3) a direct query to the Domino LDAP server, a different vulnerability than CVE-2005-2428.

5.0
2005-08-26 CVE-2005-2695 Cisco Unspecified vulnerability in Cisco products

Unspecified vulnerability in the SSL certificate checking functionality in Cisco CiscoWorks Management Center for IDS Sensors (IDSMC) 2.0 and 2.1, and Monitoring Center for Security (Security Monitor or Secmon) 1.1 through 2.0 and 2.1, allows remote attackers to spoof a Cisco Intrusion Detection Sensor (IDS) or Intrusion Prevention System (IPS).

5.0
2005-08-24 CVE-2005-2532 Openvpn Denial Of Service vulnerability in OpenVPN Packet Decryption Failure

OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue when a packet can not be decrypted by the server, which allows remote authenticated attackers to cause a denial of service (client disconnection) via a large number of packets that can not be decrypted.

5.0
2005-08-24 CVE-2005-2531 Openvpn Denial Of Service vulnerability in OpenVPN Failed Authentication

OpenVPN before 2.0.1, when running with "verb 0" and without TLS authentication, does not properly flush the OpenSSL error queue when a client fails certificate authentication to the server and causes the error to be processed by the wrong client, which allows remote attackers to cause a denial of service (client disconnection) via a large number of failed authentication attempts.

5.0
2005-08-23 CVE-2005-2680 Oracle Security Bypass vulnerability in Oracle Weblogic Portal 8.1

Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when using entitlements, allows remote attackers to bypass access restrictions for the pages of a Book via crafted URLs.

5.0
2005-08-23 CVE-2005-2678 Microsoft Unspecified vulnerability in Microsoft products

Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost.

5.0
2005-08-23 CVE-2005-2677 Acnews Information Disclosure vulnerability in ACNews

ACNews stores the database in a file under the web document root with a db.inc extension and insufficient access control, which allows remote attackers to obtain sensitive information such as the full pathname of the server.

5.0
2005-08-23 CVE-2005-2670 Hauri Directory Traversal vulnerability in HAURI Anti-Virus Compressed Files

Directory traversal vulnerability in HAURI Anti-Virus products including ViRobot Expert 4.0, Advanced Server, Linux Server 2.0, and LiveCall allows remote attackers to overwrite arbitrary files via ".." sequences in filenames contained in (1) ACE, (2) ARJ, (3) CAB, (4) LZH, (5) RAR, (6) TAR and (7) ZIP files.

5.0
2005-08-23 CVE-2005-2667 Broadcom
CA
Unknown vulnerability in Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 before Build 220_13, and 1.11 before Build 29_13 allows attackers to cause a denial of service via unknown vectors, aka the "CAM TCP port vulnerability."
5.0
2005-08-23 CVE-2005-2652 Phpoutsourcing Remote Security vulnerability in PHPoutsourcing Zorum 3.5

Zorum 3.5 allows remote attackers to obtain the full installation path via direct requests to (1) gorum/notification.php, (2) user.php, (3) attach.php, (4) blacklist.php, (5) zorum/forum.php, (6) globalstat.php, (7) gorum/trace.php, (8) gorum/badwords.php, or (9) gorum/flood.php.

5.0
2005-08-23 CVE-2005-2648 W Agora Directory Traversal vulnerability in W-Agora 4.2

Directory traversal vulnerability in index.php in W-Agora 4.2.0 and earlier allows remote attackers to read arbitrary files via the site parameter.

5.0
2005-08-23 CVE-2005-2643 TOR Unspecified vulnerability in TOR

Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and earlier, does not reject certain weak keys when using ephemeral Diffie-Hellman (DH) handshakes, which allows malicious Tor servers to obtain the keys that a client uses for other systems in the circuit.

5.0
2005-08-23 CVE-2005-2640 Neoteris
Juniper
Netscreen
Behavioral discrepancy information leak in Juniper Netscreen VPN running ScreenOS 5.2.0 and earlier, when using IKE with pre-shared key authentication, allows remote attackers to enumerate valid usernames via an IKE Aggressive Mode packet, which generates a response if the username is valid but does not respond when the username is invalid.
5.0
2005-08-23 CVE-2005-2635 Phpadsnew
Phppgads
Local File Include vulnerability in phpPgAds

Multiple directory traversal vulnerabilities in phpAdsNew and phpPgAds before 2.0.6 allow remote attackers to include arbitrary files via a ..

5.0
2005-08-23 CVE-2005-2459 Linux
Debian
Null Pointer Dereference vulnerability in multiple products

The huft_build function in inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 returns the wrong value, which allows remote attackers to cause a denial of service (kernel crash) via a certain compressed file that leads to a null pointer dereference, a different vulnerability than CVE-2005-2458.

5.0
2005-08-23 CVE-2005-2458 Linux Local Denial of Service vulnerability in Linux Kernel ZLib Invalid Memory Access

inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 allows remote attackers to cause a denial of service (kernel crash) via a compressed file with "improper tables".

5.0
2005-08-23 CVE-2005-2457 Linux Denial Of Service vulnerability in Linux Kernel ISO File System

The driver for compressed ISO file systems (zisofs) in the Linux kernel before 2.6.12.5 allows local users and remote attackers to cause a denial of service (kernel crash) via a crafted compressed ISO file system.

5.0
2005-08-23 CVE-2005-2099 Linux Resource Management Errors vulnerability in Linux Kernel

The Linux kernel before 2.6.12.5 does not properly destroy a keyring that is not instantiated properly, which allows local users or remote attackers to cause a denial of service (kernel oops) via a keyring with a payload that is not empty, which causes the creation to fail, leading to a null dereference in the keyring destructor.

5.0
2005-08-23 CVE-2005-2098 Linux Local Denial of Service vulnerability in Linux Kernel Session Keyring Allocation

The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before 2.6.12.5 contains an error path that does not properly release the session management semaphore, which allows local users or remote attackers to cause a denial of service (semaphore hang) via a new session keyring (1) with an empty name string, (2) with a long name string, (3) with the key quota reached, or (4) ENOMEM.

5.0
2005-08-26 CVE-2005-2699 Phpkit File-Upload vulnerability in PHPkit 1.6.1

Unrestricted file upload vulnerability in admin/admin.php in PHPKit 1.6.1 allows remote authenticated administrators to execute arbitrary PHP code by uploading a .php file to the content/images/ directory using images.php.

4.6
2005-08-26 CVE-2005-2693 CVS Unspecified vulnerability in CVS 1.12.12

cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack.

4.6
2005-08-24 CVE-2005-1843 Adobe Local Privilege Escalation vulnerability in Adobe Version Cue for Mac OS X

VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suite 1.0 and 1.3, and when running on Mac OS X with Version Cue Workspace, allows local users to load arbitrary libraries and execute arbitrary code via the -lib command line argument.

4.6
2005-08-26 CVE-2005-2698 Nelogic Technologies Cross-Site Scripting vulnerability in Nelogic Technologies Nephp Publisher Enterprise 3.04

Cross-site scripting (XSS) vulnerability in browse.php in Nephp Publisher Enterprise 3.04 allows remote attackers to inject arbitrary web script or HTML via a hex-encoded keywords parameter.

4.3
2005-08-24 CVE-2005-2688 Savewebportal Cross-Site Scripting vulnerability in Savewebportal 3.4

Multiple cross-site scripting (XSS) vulnerabilities in SaveWebPortal 3.4 allow remote attackers to inject arbitrary web script or HTML via a large number of parameters to (1) footer.php, (2) header.php, (3) menu_dx.php, or (4) menu_sx.php, or Javascript code in the (5) HTTP_REFERER (referer) or (6) HTTP_USER_AGENT (user agent) fields.

4.3
2005-08-23 CVE-2005-2676 Coppermine Unspecified vulnerability in Coppermine Photo Gallery

Cross-site scripting (XSS) vulnerability in displayimage.php in Coppermine Photo Gallery before 1.3.4 allows remote attackers to inject arbitrary web script or HTML via EXIF data.

4.3
2005-08-23 CVE-2005-2674 Neocrome Cross-Site Scripting vulnerability in Neocrome Land Down Under 800

** DISPUTED ** Note: the vendor has disputed this issue.

4.3
2005-08-23 CVE-2005-2653 Bbcaffe HTML Injection vulnerability in Bbcaffe 2.0

Cross-site scripting (XSS) vulnerability in BBCaffe 2.0 allows remote attackers to inject arbitrary web script or HTML via e-mail data in a message.

4.3
2005-08-23 CVE-2005-2650 Emefa HTML Injection vulnerability in Emefa Guestbook 1.2

Cross-site scripting (XSS) vulnerability in sign.asp in Emefa Guestbook 1.2 allows remote attackers to inject arbitrary web script or HTML via the (1) name, (2) location, and (3) email parameters.

4.3
2005-08-23 CVE-2005-2649 Adaptive Technology Resource Centre Cross-Site Scripting vulnerability in Adaptive Technology Resource Centre Atutor 1.5.1

Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote attackers to inject arbitrary web script or HTML via (1) course parameter in login.php or (2) words parameter in search.php.

4.3
2005-08-23 CVE-2005-2647 Xerox Cross-Site Scripting vulnerability in Document Centre

Cross-site scripting (XSS) vulnerability in Xerox MicroServer Web Server in Document Centre 220 through 265, 332 and 340, 420 through 490, and 535 through 555 allows remote attackers to inject arbitrary web script or HTML and modify web pages via unknown vectors.

4.3
2005-08-23 CVE-2005-2638 Phpfreenews Cross-Site Scripting vulnerability in PHPfreenews 1.40

Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews 1.40 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) NewsMode parameter to NewsCategoryForm.php, or the (2) Match or (3) NewsMode parameter to SearchResults.php.

4.3

8 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-08-24 CVE-2005-2689 Postnuke Software Foundation Cross-Site Scripting vulnerability in Postnuke Software Foundation Postnuke 0.76Rc4B

Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.760-RC4b allows remote attackers to inject arbitrary web script or HTML via (1) the moderate parameter to the Comments module or (2) htmltext parameter to html/user.php.

2.6
2005-08-24 CVE-2005-2534 Openvpn Denial Of Service vulnerability in OpenVPN Same Client Certificate

Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not enabled, allows remote attackers to cause a denial of service (server crash) via simultaneous TCP connections from multiple clients that use the same client certificate.

2.6
2005-08-24 CVE-2005-2533 Openvpn Unspecified vulnerability in Openvpn

OpenVPN before 2.0.1, when running in "dev tap" Ethernet bridging mode, allows remote authenticated clients to cause a denial of service (memory exhaustion) via a flood of packets with a large number of spoofed MAC addresses.

2.1
2005-08-24 CVE-2005-1842 Adobe Local Privilege Escalation vulnerability in Adobe Version Cue for Mac OS X

VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative Suite 1.0 and 1.3, and when running on Mac OS X with Version Cue Workspace, creates temporary log files with predictable names, which allows local users to modify arbitrary files via a symlink attack.

2.1
2005-08-23 CVE-2005-2672 LM Sensors Unspecified vulnerability in LM Sensors LM Sensors

pwmconfig in LM_sensors before 2.9.1 creates temporary files insecurely, which allows local users to overwrite arbitrary files via a symlink attack on the fancontrol temporary file.

2.1
2005-08-23 CVE-2005-2664 Whisper32 Unspecified vulnerability in Whisper32 1.16

Whisper 32 1.16, and possibly earlier versions, stores passwords in plaintext in memory, which allows local users to obtain the password using a debugger or another mechanism to read process memory.

2.1
2005-08-23 CVE-2005-2499 Slocate Local Database Corruption vulnerability in SLocate

slocate before 2.7 does not properly process very long paths, which allows local users to cause a denial of service (updatedb exit and incomplete slocate database) via a certain crafted directory structure.

2.1
2005-08-23 CVE-2005-2666 Openbsd Credentials Management vulnerability in Openbsd Openssh

SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key.

1.2