Weekly Vulnerabilities Reports > October 24 to 30, 2005

Overview

93 new vulnerabilities reported during this period, including 2 critical vulnerabilities and 33 high severity vulnerabilities. This weekly summary report vulnerabilities in 77 products from 66 vendors including Apple, Ethereal Group, Mantis, Techno Dreams, and Flatnuke. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "SQL Injection", "Resource Management Errors", and "Numeric Errors".

  • 78 reported vulnerabilities are remotely exploitables.
  • 2 reported vulnerabilities have public exploit available.
  • 2 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 92 reported vulnerabilities are exploitable by an anonymous user.
  • Apple has the most reported vulnerabilities, with 9 reported vulnerabilities.
  • Skype Technologies has the most reported critical vulnerabilities, with 2 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

2 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-10-27 CVE-2005-3267 Skype Technologies Numeric Errors vulnerability in Skype Technologies Skype

Integer overflow in Skype client before 1.4.x.84 on Windows, before 1.3.x.17 on Mac OS, before 1.2.x.18 on Linux, and 1.1.x.6 and earlier allows remote attackers to cause a denial of service (crash) via crafted network data with a large Object Counter value, which leads to a resultant heap-based buffer overflow.

10.0
2005-10-27 CVE-2005-3265 Skype Technologies Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Skype Technologies Skype

Buffer overflow in Skype for Windows 1.1.x.0 through 1.4.x.83 allows remote attackers to execute arbitrary code via (1) callto:// and (2) skype:// links, or (3) a non-standard VCARD, possibly due to an underlying error in the SysUtils.WideFmtStr Delphi routine.

9.3

33 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-10-30 CVE-2005-3315 Novell SQL Injection vulnerability in Novell Zenworks Patch Management Server 6.0.0.52

Multiple SQL injection vulnerabilities in Novell ZENworks Patch Management 6.x before 6.2.2.181 allow remote attackers to execute arbitrary SQL commands via the (1) Direction parameter to computers/default.asp, and the (2) SearchText, (3) StatusFilter, and (4) computerFilter parameters to reports/default.asp.

7.5
2005-10-30 CVE-2005-3386 Techno Dreams Scripts Multiple SQL Injection vulnerability in Techno Dreams

SQL injection vulnerability in Techno Dreams Web Directory script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp.

7.5
2005-10-30 CVE-2005-3385 Techno Dreams Scripts Multiple SQL Injection vulnerability in Techno Dreams

SQL injection vulnerability in Techno Dreams Mailing List script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp.

7.5
2005-10-30 CVE-2005-3384 Techno Dreams Scripts Multiple SQL Injection vulnerability in Techno Dreams

SQL injection vulnerability in Techno Dreams Guest Book script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp.

7.5
2005-10-30 CVE-2005-3383 Techno Dreams Scripts Multiple SQL Injection vulnerability in Techno Dreams

SQL injection vulnerability in Techno Dreams Announcement script allows remote attackers to execute arbitrary SQL commands and bypass authentication via the userid parameter in admin/login.asp.

7.5
2005-10-30 CVE-2005-3369 Woltlab SQL Injection vulnerability in Woltlab Info-DB Info_db.PHP

Multiple SQL injection vulnerabilities in the Info-DB module (info_db.php) in Woltlab Burning Board 2.7 and earlier allow remote attackers to execute arbitrary SQL commands and possibly upload files via the (1) fileid and (2) subkatid parameters.

7.5
2005-10-30 CVE-2005-3365 Codeworx Technologies SQL Injection vulnerability in Codeworx Technologies Dcp-Portal

Multiple SQL injection vulnerabilities in DCP-Portal 6 and earlier allow remote attackers to execute arbitrary SQL commands, possibly requiring encoded characters, via (1) the name parameter in register.php, (2) the email parameter in lostpassword.php, (3) the year parameter in calendar.php, and the (4) cid parameter to index.php.

7.5
2005-10-30 CVE-2005-3364 Platinum SQL Injection vulnerability in Platinum DBoardGear

Multiple SQL injection vulnerabilities in DboardGear allow remote attackers to execute arbitrary SQL commands via (1) the buddy parameter in buddy.php, (2) the u2uid parameter in u2u.php, and (3) an invalid theme file in the themes action to ctrtools.php.

7.5
2005-10-30 CVE-2005-3363 Saphp Input Validation vulnerability in Saphp Saphplesson 1.1/2.0

SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1 and saphpLesson2.0, allows remote attackers to execute arbitrary SQL commands via the forumid parameter in (1) showcat.php and (2) add.php.

7.5
2005-10-27 CVE-2005-3336 Mantis Remote vulnerability in Mantis 0.19.2/1.0.0Rc2

SQL injection vulnerability in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2005-10-27 CVE-2005-3335 Mantis Unspecified vulnerability in Mantis 0.19.2/1.0.0Rc2

PHP file inclusion vulnerability in bug_sponsorship_list_view_inc.php in Mantis 1.0.0RC2 and 0.19.2 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the t_core_path parameter.

7.5
2005-10-27 CVE-2005-3333 Ebase SQL Injection vulnerability in Ebase Ebaseweb 3.0

SQL injection vulnerability in eBASEweb 3.0 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.

7.5
2005-10-27 CVE-2005-3332 Belchior Foundry Remote File Include vulnerability in Belchior Foundry Vcard 2.9

PHP remote file include vulnerability in admin/define.inc.php in Belchior Foundry vCard 2.9 allows remote attackers to execute arbitrary PHP code via the match parameter.

7.5
2005-10-27 CVE-2005-3330 Snoopy Improper Input Validation vulnerability in Snoopy 1.2

The _httpsrequest function in Snoopy 1.2, as used in products such as (1) MagpieRSS, (2) WordPress, (3) Ampache, and (4) Jinzora, allows remote attackers to execute arbitrary commands via shell metacharacters in an HTTPS URL to an SSL protected web page, which is not properly handled by the fetch function.

7.5
2005-10-27 CVE-2005-3328 Punbb Unspecified vulnerability in Punbb

PHP remote file inclusion vulnerability in common.php in PunBB 1.1.2 through 1.1.5 allows remote attackers to execute arbitrary code via the pun_root parameter.

7.5
2005-10-27 CVE-2005-3327 Network Appliance Authentication Bypass vulnerability in Network Appliance iSCSI

Network Appliance Data ONTAP 7.0 and earlier allows iSCSI Initiators to bypass iSCSI authentication via a modified client that skips the Security (Start) mode, as required by the Login Negotiation protocol, and uses Operational mode without proving identity.

7.5
2005-10-27 CVE-2005-3326 Mybulletinboard SQL Injection vulnerability in MyBulletinBoard Usercp.PHP

SQL injection vulnerability in usercp.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the awayday parameter.

7.5
2005-10-27 CVE-2005-3325 Acid
Secureideas
SQL Injection vulnerability in multiple products

Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these products, allow remote attackers to execute arbitrary SQL commands via the sig[1] parameter and possibly other parameters.

7.5
2005-10-27 CVE-2005-3324 Appindex SQL Injection vulnerability in Appindex Mwchat 6.8

SQL injection vulnerability in chat.php in MWChat 6.8 allows remote attackers to execute arbitrary SQL commands via the username parameter.

7.5
2005-10-27 CVE-2005-3323 Zope
Debian
docutils in Zope 2.6, 2.7 before 2.7.8, and 2.8 before 2.8.2 allows remote attackers to include arbitrary files via include directives in RestructuredText functionality.
7.5
2005-10-27 CVE-2005-3317 Zipgenius Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Zipgenius Standard5.5.1.468/Suite5.5.1.468

Multiple stack-based buffer overflows in ZipGenius 5.5.1.468 and 6.0.2.1041, and other versions before 6.0.2.1050, allow remote attackers to execute arbitrary code via (1) a ZIP archive that contains a file with a long filename, which is not properly handled by (a) zipgenius.exe, (b) zg.exe, (c) zgtips.dll, and (d) contmenu.dll; (2) a long original name in a (a) UUE, (b) XXE, or (c) MIM file, which is not properly handled by zipgenius.exe; or (3) an ACE archive with a file with a long filename, which is not properly handled by unacev2.dll.

7.5
2005-10-27 CVE-2005-3316 Symantec Unspecified vulnerability in Symantec Discovery and ON Command Discovery

The installation of ON Symantec Discovery 4.5.x and Symantec Discovery 6.0 creates the (1) DiscoveryWeb and (2) DiscoveryRO database accounts with null passwords, which could allow attackers to gain privileges or prevent Discovery from running by setting another password.

7.5
2005-10-27 CVE-2005-3243 Ethereal Group Protocol Dissector vulnerability In Versions Prior To 0.10.13 in Ethereal

Multiple buffer overflows in Ethereal 0.10.12 and earlier might allow remote attackers to execute arbitrary code via unknown vectors in the (1) SLIMP3 and (2) AgentX dissector.

7.5
2005-10-26 CVE-2005-3309 Zomplog SQL-Injection vulnerability in Zomplog 3.4

Multiple SQL injection vulnerabilities in Zomplog 3.4 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in detail.php and the catid parameter in (2) get.php and (3) index.php.

7.5
2005-10-26 CVE-2005-3305 Nuked Klan SQL Injection vulnerability in Nuked-Klan 1.7

Multiple SQL injection vulnerabilities in Nuked Klan 1.7 allow remote attackers to execute arbitrary SQL commands via the (1) forum_id or (2) thread_id parameter in the Forum file, (3) the link_id in the Links file, (4) the artid parameter in the Sections file, and (5) the dl_id parameter in the Download file.

7.5
2005-10-26 CVE-2005-3304 Francisco Burzi Modules SQL Injection vulnerability in Francisco Burzi PHP-Nuke 7.8

Multiple SQL injection vulnerabilities in PHP-Nuke 7.8 allow remote attackers to modify SQL queries and execute arbitrary PHP code via (1) the username parameter in the Your Account page, (2) the url parameter in the Downloads module, and (3) the description parameter in the Web_Links module.

7.5
2005-10-26 CVE-2005-2743 Apple Unspecified vulnerability in Apple mac OS X, mac OS X Server and Quicktime

The Java extensions for QuickTime 6.52 and earlier in Apple Mac OS X 10.3.9 allow untrusted applets to call arbitrary functions in system libraries, which allows remote attackers to execute arbitrary code.

7.5
2005-10-25 CVE-2005-2747 Apple Multiple vulnerability in Apple Mac OS X Security Update 2005-008

Buffer overflow in ImageIO for Apple Mac OS X 10.4.2, as used by applications such as WebCore and Safari, allows remote attackers to execute arbitrary code via a crafted GIF file.

7.5
2005-10-25 CVE-2005-2958 Gnome Format String vulnerability in LibGDA

Multiple format string vulnerabilities in the GNOME Data Access library for GNOME2 (libgda2) 1.2.1 and earlier allow attackers to execute arbitrary code.

7.5
2005-10-24 CVE-2005-3302 Blender Unspecified vulnerability in Blender 2.36

Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call.

7.5
2005-10-27 CVE-2005-3339 Mantis Remote vulnerability in Mantis

Mantis before 0.19.3 caches the User ID longer than necessary, which has unknown impact and attack vectors.

7.2
2005-10-26 CVE-2005-2741 Apple
Perry Kiehtreiber
Permissions, Privileges, and Access Controls vulnerability in multiple products

Authorization Services in securityd for Apple Mac OS X 10.3.9 allows local users to gain privileges by granting themselves certain rights that should be restricted to administrators.

7.2
2005-10-25 CVE-2005-2927 SCO Local Buffer Overflow vulnerability in SCO Unixware 7.1.3/7.1.4

Stack-based buffer overflow in ppp in SCO Unixware 7.1.3 and 7.1.4, and possibly earlier versions, allows local users to execute arbitrary code via a long argument to the (1) prompt or (2) defprompt command.

7.2

48 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-10-30 CVE-2005-3366 PHP Icalendar Remote File Include vulnerability in PHP ICalendar Default_View

PHP file inclusion vulnerability in index.php in PHP iCalendar 2.0a2 through 2.0.1 allows remote attackers to execute arbitrary PHP code and include arbitrary local files via the phpicalendar cookie.

6.8
2005-10-27 CVE-2005-3249 Ethereal Group Protocol Dissector vulnerability In Versions Prior To 0.10.13 in Ethereal

Unspecified vulnerability in the WSP dissector in Ethereal 0.10.1 to 0.10.12 allows remote attackers to cause a denial of service or corrupt memory via unknown vectors that cause Ethereal to free an invalid pointer.

6.4
2005-10-30 CVE-2005-3379 Trend Micro Unspecified vulnerability in Trend Micro Officescan and Pc-Cillin 2005

Multiple interpretation error in Trend Micro (1) PC-Cillin 2005 12.0.1244 with the 7.510.1002 engine and (2) OfficeScan 7.0 with the 7.510.1002 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."

5.1
2005-10-30 CVE-2005-3378 Norman Unspecified vulnerability in Norman Virus Control 5.81Engine5.83.02

Multiple interpretation error in Norman 5.81 with the 5.83.02 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."

5.1
2005-10-30 CVE-2005-3377 Mcafee Unspecified vulnerability in Mcafee Internet Security Suite 7.1.5Version9.1.08Engine4.4.00/8.0.0Patch10Engine4400

Multiple interpretation error in (1) McAfee Internet Security Suite 7.1.5 version 9.1.08 with the 4.4.00 engine and (2) McAfee Corporate 8.0.0 patch 10 with the 4400 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."

5.1
2005-10-30 CVE-2005-3376 Kaspersky LAB Unspecified vulnerability in Kaspersky LAB Kaspersky Anti-Virus 5.0.372

Multiple interpretation error in Kaspersky 5.0.372 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."

5.1
2005-10-30 CVE-2005-3375 Ikarus Unspecified vulnerability in Ikarus Antivirus

Multiple interpretation error in Ikarus demo version allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."

5.1
2005-10-30 CVE-2005-3374 Frisk Software Unspecified vulnerability in Frisk Software F-Prot Antivirus 3.16C

Multiple interpretation error in F-Prot 3.16c allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."

5.1
2005-10-30 CVE-2005-3373 DR WEB Unspecified vulnerability in Dr.Web Antivirus 4.32B

Multiple interpretation error in Dr.Web 4.32b allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."

5.1
2005-10-30 CVE-2005-3372 Broadcom Unspecified vulnerability in Broadcom Etrust Antivirus 7.0.1.4

Multiple interpretation error in eTrust CA 7.0.1.4 with the 11.9.1 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."

5.1
2005-10-30 CVE-2005-3371 Grisoft Unspecified vulnerability in Grisoft AVG Antivirus 7.0.323

Multiple interpretation error in AVG 7 7.0.323 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."

5.1
2005-10-30 CVE-2005-3370 Arcavir Unspecified vulnerability in Arcavir 2005 20050621

Multiple interpretation error in ArcaVir 2005 package 2005-06-21 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."

5.1
2005-10-28 CVE-2005-2930 JED Wing Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in JED Wing CHM LIB

Stack-based buffer overflow in the _chm_find_in_PMGL function in chm_lib.c for chmlib before 0.36, as used in products such as KchmViewer, allows user-assisted attackers to execute arbitrary code via a CHM file containing a long element, a different vulnerability than CVE-2005-3318.

5.1
2005-10-27 CVE-2005-3318 JED Wing Stack Buffer Overflow vulnerability in Jed Wing CHM Lib

Buffer overflow in the _chm_decompress_block function in CHM lib (chmlib) before 0.37, as used in products such as KchmViewer, allows attackers to execute arbitrary code, a different vulnerability than CVE-2005-2930.

5.1
2005-10-25 CVE-2005-2744 Apple Multiple vulnerability in Apple Mac OS X Security Update 2005-008

Buffer overflow in QuickDraw Manager for Apple OS X 10.3.9 and 10.4.2, as used by applications such as Safari, Mail, and Finder, allows remote attackers to execute arbitrary code via a crafted PICT file.

5.1
2005-10-30 CVE-2005-3123 GNU Directory Traversal vulnerability in GNU gnump3d

Directory traversal vulnerability in GNUMP3D before 2.9.6 allows remote attackers to read arbitrary files via crafted sequences such as "/.//..//////././", which is collapsed into "/.././" after ".." and "//" sequences are removed.

5.0
2005-10-30 CVE-2005-3382 Sophos Unspecified vulnerability in Sophos Anti-Virus 3.91Engine2.28.4

Multiple interpretation error in Sophos 3.91 with the 2.28.4 engine allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."

5.0
2005-10-30 CVE-2005-3381 Ukranian National Antivirus Unspecified vulnerability in Ukranian National Antivirus UNA 1.83.2.16

Multiple interpretation error in Ukrainian National Antivirus (UNA) 1.83.2.16 with kernel 265 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."

5.0
2005-10-30 CVE-2005-3380 Panda Unspecified vulnerability in Panda Titanium 2005 4.02.01

Multiple interpretation error in Panda Titanium 2005 4.02.01 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."

5.0
2005-10-27 CVE-2005-3338 Mantis Remote vulnerability in Mantis

Unspecified vulnerability in Mantis before 0.19.3, when using reminders, causes Mantis to display the real email addresses of users.

5.0
2005-10-27 CVE-2005-3322 Squid
Suse
Denial of Service vulnerability in SUSE Linux Squid Proxy SSL Handling

Unspecified vulnerability in Squid on SUSE Linux 9.0 allows remote attackers to cause a denial of service (crash) via HTTPs (SSL).

5.0
2005-10-27 CVE-2005-3248 Ethereal Group Protocol Dissector vulnerability In Versions Prior To 0.10.13 in Ethereal

Unspecified vulnerability in the X11 dissector in Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service (divide-by-zero) via unknown vectors.

5.0
2005-10-27 CVE-2005-3247 Ethereal Group Protocol Dissector vulnerability In Ethereal Group Ethereal 0.10.12

The SigComp UDVM in Ethereal 0.10.12 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.

5.0
2005-10-27 CVE-2005-3246 Ethereal Group Protocol Dissector vulnerability In Versions Prior To 0.10.13 in Ethereal

Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service (null dereference) via unknown vectors in the (1) SCSI, (2) sFlow, or (3) RTnet dissectors.

5.0
2005-10-27 CVE-2005-3245 Ethereal Group Protocol Dissector vulnerability In Versions Prior To 0.10.13 in Ethereal

Unspecified vulnerability in the ONC RPC dissector in Ethereal 0.10.3 to 0.10.12, when the "Dissect unknown RPC program numbers" option is enabled, allows remote attackers to cause a denial of service (memory consumption).

5.0
2005-10-27 CVE-2005-3244 Ethereal Group Protocol Dissector vulnerability In Versions Prior To 0.10.13 in Ethereal

The BER dissector in Ethereal 0.10.3 to 0.10.12 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors.

5.0
2005-10-27 CVE-2005-3242 Ethereal Group Protocol Dissector vulnerability In Versions Prior To 0.10.13 in Ethereal

Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service (crash) via unknown vectors in (1) the IrDA dissector and (2) the SMB dissector when SMB transaction payload reassembly is enabled.

5.0
2005-10-27 CVE-2005-3241 Ethereal Group Protocol Dissector vulnerability In Versions Prior To 0.10.13 in Ethereal

Multiple vulnerabilities in Ethereal 0.10.12 and earlier allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors in the (1) ISAKMP, (2) FC-FCS, (3) RSVP, and (4) ISIS LSP dissector.

5.0
2005-10-26 CVE-2005-3307 Flatnuke Remote File Include vulnerability in FlatNuke

Directory traversal vulnerability in index.php for FlatNuke 2.5.6 allows remote attackers to read arbitrary files via ".." sequences in the (1) user parameter in a profile operation or (2) quale parameter in a newtopic operation.

5.0
2005-10-26 CVE-2005-2746 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

Mail.app in Mail for Apple Mac OS X 10.3.9 and 10.4.2 includes message contents when using auto-reply rules, which could cause Mail.app to include decrypted message contents for encrypted messages.

5.0
2005-10-26 CVE-2005-2745 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

Mail.app in Mail for Apple Mac OS X 10.3.9, when using Kerberos 5 for SMTP authentication, can include uninitialized memory in a message, which might allow remote attackers to obtain sensitive information.

5.0
2005-10-26 CVE-2005-2524 Apple Unspecified vulnerability in Apple mac OS X, mac OS X Server and Safari

Safari after 2.0 in Apple Mac OS X 10.3.9 allows remote attackers to bypass domain restrictions via crafted web archives that cause Safari to render them as if they came from a different site.

5.0
2005-10-25 CVE-2005-2970 Apache Unspecified vulnerability in Apache Http Server 2.0

Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.

5.0
2005-10-27 CVE-2005-3321 Novell
Suse
chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use weaker permissions.
4.6
2005-10-26 CVE-2005-2742 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

SecurityAgent in Apple Mac OS X 10.4.2, under certain circumstances, can cause the "Switch User..." button to appear even though the "Enable fast user switching" setting is disabled, which can allow attackers with physical access to gain access to the desktop and bypass the "Require password to wake this computer from sleep or screen saver" setting.

4.6
2005-10-25 CVE-2005-2959 Todd Miller Permissions, Privileges, and Access Controls vulnerability in Todd Miller Sudo

Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.

4.6
2005-10-25 CVE-2005-2926 SCO Local Buffer Overflow vulnerability in SCO OpenServer Backupsh

Stack-based buffer overflow in (1) backupsh and (2) authsh in SCO Openserver 5.0.7 allows local users to execute arbitrary code via a long HOME environment variable.

4.6
2005-10-30 CVE-2005-3368 Search Enhanced HTML Injection vulnerability in Search Enhanced Search Enhanced 1.1/2.0

Cross-site scripting (XSS) vulnerability in the Search_Enhanced module in PHP-Nuke 7.9 allows remote attackers to inject arbitrary web script or HTML via the query parameter.

4.3
2005-10-30 CVE-2005-3367 Sparkleblog HTML Injection vulnerability in Sparkleblog 2.1

Cross-site scripting (XSS) vulnerability in journal.php in SparkleBlog 2.1 allows remote attackers to inject arbitrary web script or HTML via the name field.

4.3
2005-10-28 CVE-2005-3361 Flatnuke Unspecified vulnerability in Flatnuke 2.5.6

Cross-site scripting (XSS) vulnerability in forum/index.php in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the nome parameter in a login operation, a variant of CVE-2005-3306.

4.3
2005-10-27 CVE-2005-3337 Mantis Cross-Site Scripting vulnerability in Mantis

Multiple cross-site scripting (XSS) vulnerabilities in Mantis before 0.19.3 allow remote attackers to inject arbitrary web script or HTML via (1) unknown vectors involving Javascript and (2) mantis/view_all_set.php.

4.3
2005-10-27 CVE-2005-3334 Flyspray Cross-Site Scripting vulnerability in Flyspray 0.9.7/0.9.8

Cross-site scripting (XSS) vulnerability in index.php in Flyspray 0.9.7 through 0.9.8 (devel) allows remote attackers to inject arbitrary web script or HTML via the (1) PHPSESSID, (2) task, (3) string, (4) type, (5) serv, (6) due, (7) dev, and (8) sort2 parameters.

4.3
2005-10-27 CVE-2005-3329 RSA Cross-Site Scripting vulnerability in RSA ACE Agent Image

Cross-site scripting (XSS) vulnerability in RSA Authentication Agent for Web 5.3 and earlier allows remote attackers to inject arbitrary web script or HTML via the image parameter in a GetPic operation.

4.3
2005-10-27 CVE-2005-2338 Xoops HTML Injection vulnerability in XOOPS

Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.12 JP and earlier, XOOPS 2.0.13.1 and earlier, and 2.2.x up to 2.2.3 RC1 allow remote attackers to inject arbitrary web script or HTML via (1) modules that use "XOOPS Code" and (2) newbb in the forum module.

4.3
2005-10-26 CVE-2005-3312 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 6.0

The HTML rendering engine in Microsoft Internet Explorer 6.0 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML in corrupted images and other files such as .GIF, JPG, and WAV, which is rendered as HTML when the user clicks on the link, even though the web server response and file extension indicate that it should be treated as a different file type.

4.3
2005-10-26 CVE-2005-3308 Zomplog HTML Injection vulnerability in Zomplog 3.3/3.4

Multiple cross-site scripting (XSS) vulnerabilities in Zomplog 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) comment parameter in detail.php, (3) the username parameter in get.php, and (4) the search parameter in index.php.

4.3
2005-10-26 CVE-2005-3306 Flatnuke Unspecified vulnerability in Flatnuke 2.5.6

Cross-site scripting (XSS) vulnerability in index.php for FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the user parameter in a profile operation, a different vulnerability than CVE-2005-2814.

4.3
2005-10-24 CVE-2005-3301 Phpmyadmin Cross-Site Scripting vulnerability in PHPMyAdmin

Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin before 2.6.4-pl3 allow remote attackers to inject arbitrary web script or HTML via certain arguments to (1) left.php, (2) queryframe.php, or (3) server_databases.php.

4.3

10 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-10-26 CVE-2005-3310 Phpbb Group HTML Injection vulnerability in PHPbb Group PHPbb 2.0.17

Interpretation conflict in phpBB 2.0.17, with remote avatars and avatar uploading enabled, allows remote authenticated users to inject arbitrary web script or HTML via an HTML file with a GIF or JPEG file extension, which causes the HTML to be executed by a victim who views the file in Internet Explorer, which renders malformed image types as HTML, enabling cross-site scripting (XSS) attacks.

3.5
2005-10-27 CVE-2005-3320 Siteturn Cross-Site Scripting vulnerability in SiteTurn Domain Manager Pro Admin Panel

Cross-site scripting (XSS) vulnerability in SiteTurn Domain Manager Pro allows remote attackers to inject arbitrary web script or HTML via the err parameter in the panel script.

2.6
2005-10-27 CVE-2005-2973 Linux Local Denial of Service vulnerability in Linux Kernel IPV6

The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, when running IPv6, allows local users to cause a denial of service (infinite loop and crash).

2.1
2005-10-27 CVE-2005-3331 Rogers Software Source Unspecified vulnerability in Rogers Software Source Mgdiff Patch Viewer 1.0

viewpatch in mgdiff 1.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

2.1
2005-10-27 CVE-2005-3319 PHP Local Denial of Service vulnerability in PHP Apache 2

The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.

2.1
2005-10-27 CVE-2005-3088 Fetchmail Information Exposure vulnerability in Fetchmail 6.2.0/6.2.5/6.2.5.2

fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords.

2.1
2005-10-26 CVE-2005-3311 BMC Unspecified vulnerability in BMC Software Control-M Agent 6.1.03

BMC Software Control-M 6.1.03 for Solaris, and possibly other platforms, allows local users to overwrite arbitrary files via a symlink attack on temporary files.

2.1
2005-10-25 CVE-2005-2748 Apple Unspecified vulnerability in Apple mac OS X and mac OS X Server

The malloc function in the libSystem library in Apple Mac OS X 10.3.9 and 10.4.2 allows local users to overwrite arbitrary files by setting the MallocLogFile environment variable to the target file before running a setuid application.

2.1
2005-10-25 CVE-2005-2708 Linux Resource Management Errors vulnerability in Linux Kernel

The search_binary_handler function in exec.c in Linux 2.4 kernel on 64-bit x86 architectures does not check a return code for a particular function call when virtual memory is low, which allows local users to cause a denial of service (panic), as demonstrated by running a process using the bash ulimit -v command.

2.1
2005-10-25 CVE-2005-2100 Redhat Denial-Of-Service vulnerability in Enterprise Linux ES

The rw_vm function in usercopy.c in the 4GB split patch for the Linux kernel in Red Hat Enterprise Linux 4 does not perform proper bounds checking, which allows local users to cause a denial of service (crash).

2.1