Weekly Vulnerabilities Reports > October 31 to November 6, 2005

Overview

151 new vulnerabilities reported during this period, including 31 critical vulnerabilities and 43 high severity vulnerabilities. This weekly summary report vulnerabilities in 101 products from 76 vendors including Oracle, Apple, Phpbb Group, PHP, and Cisco. Vulnerabilities are notably categorized as "Information Exposure", "Numeric Errors", "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Cross-site Scripting", and "Resource Management Errors".

  • 139 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 151 reported vulnerabilities are exploitable by an anonymous user.
  • Oracle has the most reported vulnerabilities, with 30 reported vulnerabilities.
  • Oracle has the most reported critical vulnerabilities, with 30 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

31 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-11-02 CVE-2005-3466 Oracle Multiple vulnerability in Oracle Peoplesoft Enterprise Customer Relationship Management 8.81/8.9

Unspecified vulnerability in Enterprise CRM Sales in Oracle 8.81 up to 8.9 has unknown impact and attack vectors, as identified by Oracle Vuln# CRM01.

10.0
2005-11-02 CVE-2005-3465 Jdedwards
Oracle
Multiple vulnerability in Oracle October Security Update

Unspecified vulnerability in JDEdwards HTML Server in Oracle EnterpriseOne 8.94 OneWorld XE up to 8.95_B1, 8.94_Q1, and SP23_K1 has unknown impact and attack vectors, as identified by Oracle Vuln# JDE01.

10.0
2005-11-02 CVE-2005-3464 Oracle Multiple vulnerability in Oracle October Security Update

Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.44 up to 8.46 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE04.

10.0
2005-11-02 CVE-2005-3463 Oracle Multiple vulnerability in Oracle October Security Update

Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.44 up to 8.46.03 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE03.

10.0
2005-11-02 CVE-2005-3462 Oracle Multiple vulnerability in Oracle October Security Update

Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.44 up to 8.46.02 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE02.

10.0
2005-11-02 CVE-2005-3461 Oracle Multiple vulnerability in Oracle October Security Update

Unspecified vulnerability in PeopleTools in Oracle PeopleSoft Enterprise 8.42 up to 8.45.17 has unknown impact and attack vectors, as identified by Oracle Vuln# PSE01.

10.0
2005-11-02 CVE-2005-3460 Oracle Multiple vulnerability in Oracle products

Unspecified vulnerability in Oracle Agent in Oracle Enterprise Manager 9.0.4.1 up to 10.1.0.4 has unknown impact and attack vectors, as identified by Oracle Vuln# EM01.

10.0
2005-11-02 CVE-2005-3459 Oracle Multiple vulnerability in Oracle Clinical and E-Business Suite

Unspecified vulnerability in Oracle E-Business Suite and Applications 4.5 up to 4.5.1 has unknown impact and attack vectors, as identified by Oracle Vuln# APPS22 in Oracle Clinical.

10.0
2005-11-02 CVE-2005-3458 Oracle Multiple vulnerability in Oracle October Security Update

Unspecified vulnerability in Oracle E-Business Suite and Applications 11.0 up to 11.5.9 has unknown impact and attack vectors, as identified by Oracle Vuln# APPS19 in Workflow Cartridge.

10.0
2005-11-02 CVE-2005-3457 Oracle Multiple vulnerability in Oracle October Security Update

Unspecified vulnerability in Oracle E-Business Suite and Applications 11.0 up to 11.5.10 has unknown impact and attack vectors, as identified by Oracle Vuln# APPS08 in HRMS.

10.0
2005-11-02 CVE-2005-3456 Oracle Multiple vulnerability in Oracle October Security Update

Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5 up to 11.5.9 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) APPS04 in Application Object Library, and (2) APPS17, (3) APPS18, and (4) APPS21 in Workflow Cartridge.

10.0
2005-11-02 CVE-2005-3455 Oracle Multiple vulnerability in Oracle October Security Update

Multiple unspecified vulnerabilities in Oracle E-Business Suite and Applications 11.5 up to 11.5.10 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) APPS01 in Application Install; (2) APPS02 and (3) APPS03 in Application Object Library; (4) APPS05 and (5) APPS06 in Applications Technology Stack; (6) APPS07 in Applications Utilities; (7) APPS09, (8) APPS10, and (9) APPS11 in HRMS; (10) APPS12 in Mobile Application Foundation; (11) APPS13 in SDP Number Portability; (12) APPS14 in Oracle Service; (13) APPS15 in Service Fulfillment Manage, (14) APPS16 in Universal Work Queue; and (15) APPS20 in Workflow Cartridge.

10.0
2005-11-02 CVE-2005-3454 Oracle Multiple vulnerability in Oracle October Security Update

Multiple unspecified vulnerabilities in Oracle Collaboration Suite 10g Release 1 version 10.1.1 and 9i Release 2 9.0.4.2 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) OCS01, (2) OCS02, (3) OCS03, and (4) OCS04 for Calendar; (5) OCS05, (6) OCS06, (7) OCS07, (8) OCS08, (9) OCS09, and (10) OCS10 for Email Server; and (11) OCS11, (12) OCS12, and (13) OCS13 for Oracle Files.

10.0
2005-11-02 CVE-2005-3453 Oracle Multiple vulnerability in Oracle October Security Update

Multiple unspecified vulnerabilities in Web Cache in Oracle Application Server 1.0 up to 10.1.2.0 has unknown impact and attack vectors, as identified by Oracle Vuln# (1) AS12 and (2) AS14.

10.0
2005-11-02 CVE-2005-3452 Oracle Multiple vulnerability in Oracle October Security Update

Unspecified vulnerability in Web Cache in Oracle Application Server 1.0 up to 9.0.4.2 has unknown impact and attack vectors, as identified by Oracle Vuln# AS13.

10.0
2005-11-02 CVE-2005-3451 Oracle Multiple vulnerability in Oracle October Security Update

Unspecified vulnerability in SQL*ReportWriter in Oracle Application Server 9.0 up to 9.0.2.1 has unknown impact and attack vectors, as identified by Oracle Vuln# AS10.

10.0
2005-11-02 CVE-2005-3450 Oracle Multiple vulnerability in Oracle October Security Update

Unspecified vulnerability in the HTTP Server in Oracle Application Server 1.0 up to 9.0.2.3 has unknown impact and attack vectors, as identified by Oracle Vuln# AS04.

10.0
2005-11-02 CVE-2005-3449 Oracle Multiple vulnerability in Oracle October Security Update

Multiple unspecified vulnerabilities in Oracle Application Server 9.0 up to 10.1.2.0 have unknown impact and attack vectors, as identified by Oracle Vuln# (1) AS02 in Containers for J2EE, (2) AS07 in Internet Directory, (3) AS09 in Report Server, and (4) AS11 in Web Cache.

10.0
2005-11-02 CVE-2005-3448 Oracle Multiple vulnerability in Oracle October Security Update

Unspecified vulnerability in the OC4J Module in Oracle Application Server 9.0 up to 10.1.2.0.2 has unknown impact and attack vectors, as identified by Oracle Vuln# AS01.

10.0
2005-11-02 CVE-2005-3447 Oracle Multiple vulnerability in Oracle October Security Update

Unspecified vulnerability in Single Sign-On in Oracle Database Server 10g up to 10.1.0.4.2 and Application Server 9.0.2.3 up to 9.0.4.2 has unknown impact and attack vectors, aka Oracle Vuln# DB33 and AS08.

10.0
2005-11-02 CVE-2005-3446 Oracle Multiple vulnerability in Oracle Application Server and Database Server

Unspecified vulnerability in Internet Directory in Oracle Database Server 9i up to 9.2.0.6 and Application Server 9.0.2.3 up to 10.1.2.0 has unknown impact and attack vectors, aka Oracle Vuln# DB32 and AS06.

10.0
2005-11-02 CVE-2005-3445 Oracle Multiple vulnerability in Oracle Application Server and Database Server

Multiple unspecified vulnerabilities in HTTP Server in Oracle Database Server 8i up to 10.1.0.4.2 and Application Server 1.0.2.2 up to 10.1.2.0 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB30 and AS03 or (2) DB31 and AS05.

10.0
2005-11-02 CVE-2005-3444 Oracle Multiple vulnerability in Oracle October Security Update

Multiple unspecified vulnerabilities in the Programmatic Interface in Oracle Database Server from 8i up to 9.2.0.5 have unknown impact and attack vectors, aka Oracle Vuln# DB26.

10.0
2005-11-02 CVE-2005-3443 Oracle Multiple vulnerability in Oracle October Security Update

Unspecified vulnerability in the Spatial component in Oracle Database Server from 9i up to 10.1.0.3 has unknown impact and attack vectors, aka Oracle Vuln# DB17.

10.0
2005-11-02 CVE-2005-3442 Oracle Multiple vulnerability in Oracle October Security Update

Multiple unspecified vulnerabilities in Oracle Database Server 8i up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB09 in Export, (2) DB11 in Materialized Views, and (3) DB16 in Security Service.

10.0
2005-11-02 CVE-2005-3441 Oracle Multiple vulnerability in Oracle October Security Update

Unspecified vulnerability in Intelligent Agent in Oracle Database Server 9i up to 9.0.1.5 has unknown impact and attack vectors, aka Oracle Vuln# DB14.

10.0
2005-11-02 CVE-2005-3440 Oracle Multiple vulnerability in Oracle Database Server 10.1.0.3

Unspecified vulnerability in Database Scheduler in Oracle Database Server 10g up to 10.1.0.3 has unknown impact and attack vectors, aka Oracle Vuln# DB08.

10.0
2005-11-02 CVE-2005-3439 Oracle Multiple vulnerability in Oracle October Security Update

Multiple unspecified vulnerabilities in Oracle Database Server 10g up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB02, (2) DB03, and (3) DB05 in Change Data Capture; (4) DB07 in Data Pump Export; and (5) DB18, (6) DB19, (7) DB20, (8) DB21, (9) DB22, (10) DB23, (11) DB24, and (12) DB25 in the Spatial component.

10.0
2005-11-02 CVE-2005-3438 Oracle Multiple vulnerability in Oracle October Security Update

Multiple unspecified vulnerabilities in Oracle Database Server 9i up to 10.1.0.4.2 have unknown impact and attack vectors, aka Oracle Vuln# (1) DB04 in Change Data Capture; (2) DB06 in Data Guard Logical Standby; (3) DB10 in Locale; (4) DB12 in Materialized Views; (5) DB13 in Objects Extension; (6) DB15 in Oracle Label Security; (7) DB27 in Security, possibly due to a buffer overflow in sys.pbsde.init; and (8) DB28 and (9) DB29 in Workspace Manager.

10.0
2005-11-02 CVE-2005-3437 Oracle Multiple vulnerability in Oracle October Security Update

Unspecified vulnerability in the PL/SQL component in Oracle Database Server 9i up to 10.1.0.4 has unknown impact and attack vectors, aka Oracle Vuln# DB01.

10.0
2005-11-03 CVE-2005-3481 Cisco Unspecified vulnerability in Cisco IOS

Cisco IOS 12.0 to 12.4 might allow remote attackers to execute arbitrary code via a heap-based buffer overflow in system timers.

9.3

43 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-11-03 CVE-2005-3488 Scorched 3D Multiple vulnerability in Scorched 3D Scorched 3D 39.1

Scorched 3D 39.1 (bf) and earlier allows remote attackers to cause a denial of service (long loop and server hang) via a negative numplayers value that bypasses a signed check in ServerConnectHandler.cpp.

7.8
2005-11-06 CVE-2005-3521 E107 SQL Injection vulnerability in E107 0.617/0.6171/0.6172

SQL injection vulnerability in resetcore.php in e107 0.617 through 0.6173 allows remote attackers to execute arbitrary SQL commands, bypass authentication, and inject HTML or script via the (1) a_name parameter or (2) user field of the login page.

7.5
2005-11-06 CVE-2005-3519 Mysource Unspecified vulnerability in Mysource 2.14.0/2.14.0Rc2

Multiple PHP file inclusion vulnerabilities in MySource 2.14.0 allow remote attackers to execute arbitrary PHP code and include arbitrary local files via the (1) INCLUDE_PATH and (2) SQUIZLIB_PATH parameters in new_upgrade_functions.php, (3) the INCLUDE_PATH parameter in init_mysource.php, and the PEAR_PATH parameter in (4) Socket.php, (5) Request.php, (6) Mail.php, (7) Date.php, (8) Span.php, (9) mimeDecode.php, and (10) mime.php.

7.5
2005-11-06 CVE-2005-3518 Punbb Unspecified vulnerability in Punbb 1.2.7/1.2.8

SQL injection vulnerability in search.php in PunBB 1.2.7 and 1.2.8 allows remote attackers to execute arbitrary SQL commands via the old_searches parameter.

7.5
2005-11-06 CVE-2005-3509 Jportal SQL Injection vulnerability in Jportal web Portal 2.2.1/2.3.1

Multiple SQL injection vulnerabilities in JPortal allow remote attackers to execute arbitrary SQL commands via (1) banner.php or the id parameter to (2) print.php, (3) comment.php, and (4) news.php.

7.5
2005-11-06 CVE-2005-3508 Galerie SQL Injection vulnerability in Galerie 2.4

SQL injection vulnerability in showGallery.php in Gallery (Galerie) 2.4 allows remote attackers to execute arbitrary SQL commands via the galid parameter.

7.5
2005-11-05 CVE-2005-3504 IBM Local Buffer Overflow vulnerability in IBM AIX SWCONS

Buffer overflow in swcons in IBM AIX 5.2, when debug malloc is enabled, allows remote attackers to cause a core dump and possibly execute arbitrary code.

7.5
2005-11-05 CVE-2005-3303 Clam Anti Virus Buffer Overflow vulnerability in Clam Anti-Virus ClamAV FSG File Handling

The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 allows remote attackers to cause "memory corruption" and execute arbitrary code via a crafted FSG 1.33 file.

7.5
2005-11-04 CVE-2005-3499 Frisk Software Unspecified vulnerability in Frisk Software F-Prot Antivirus

Frisk F-Prot Antivirus allows remote attackers to bypass protection via a ZIP file with a version header greater than 15, which prevents F-Prot from decompressing and analyzing the file.

7.5
2005-11-04 CVE-2005-3497 Phphandicapper SQL Injection vulnerability in PHPhandicapper PHP Handicapper

** DISPUTED ** SQL injection vulnerability in process_signup.php in PHP Handicapper allows remote attackers to execute arbitrary SQL commands via the serviceid parameter.

7.5
2005-11-04 CVE-2005-3495 AR Blog Remote Authentication Bypass vulnerability in AR-Blog

Ar-blog 5.2 and earlier allows remote attackers to bypass authentication by modifying cookies.

7.5
2005-11-04 CVE-2005-3491 Johannes F Kuhlmann Remote Buffer Overflow And Denial Of Service vulnerability in Johannes F. Kuhlmann Flatfrag 0.3

Multiple buffer overflows in the receiver function in loop.c in FlatFrag 0.3 and earlier allow remote attackers to execute arbitrary code via the (1) version, (2) name, and (3) model fields.

7.5
2005-11-04 CVE-2005-3489 Asus Buffer Overflow vulnerability in Asus VideoSecurity Online Web Server Authentication

Buffer overflow in Asus Video Security 3.5.0.0 and earlier, when using authorization, allows remote attackers to execute arbitrary code via a long username/password string.

7.5
2005-11-04 CVE-2005-3350 Libungif Unspecified vulnerability in Libungif 4.1.3

libungif library before 4.1.0 allows attackers to corrupt memory and possibly execute arbitrary code via a crafted GIF file that leads to an out-of-bounds write.

7.5
2005-11-03 CVE-2005-3487 Scorched 3D Multiple vulnerability in Scorched 3D Scorched 3D 39.1

Multiple buffer overflows in Scorched 3D 39.1 (bf) and earlier allow remote attackers to execute arbitrary code via various (1) GLConsole::addLine, (2) ServerCommon::sendString, (3) ServerCommon::serverLog functions, (4) a long command that is not properly handled in ComsMessageHandler.cpp when generating an error message, (5) a long UniqueID value in Logger.cpp, and possibly other unspecified vectors.

7.5
2005-11-03 CVE-2005-3486 Scorched 3D Multiple vulnerability in Scorched 3D Scorched 3D 39.1

Multiple format string vulnerabilities in Scorched 3D 39.1 (bf) and earlier allow remote attackers to execute arbitrary code via various (1) GLConsole::addLine, (2) ServerCommon::sendString, (3) ServerCommon::serverLog functions, and possibly other unspecified vectors.

7.5
2005-11-03 CVE-2005-3485 Glider Buffer Errors vulnerability in Glider Collectn Kill 1.0.0.0

Buffer overflow in Glider Collect'n kill 1.0.0.0 allows remote attackers to execute arbitrary code via a gl_playerEnter command with a long player name.

7.5
2005-11-03 CVE-2005-3483 Graphon
Microsoft
Buffer Errors vulnerability in Graphon Go-Global 3.1.0.3270

Buffer overflow in GO-Global for Windows 3.1.0.3270 and earlier allows remote attackers to execute arbitrary code via a data block that is longer than the specified data block size.

7.5
2005-11-03 CVE-2005-3478 Phpcafe SQL Injection vulnerability in PHPcafe Tutorial Manager 1.0Beta2

SQL injection vulnerability in index.php in PHPCafe.net Tutorials Manager 1.0 Beta 2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

7.5
2005-11-02 CVE-2005-3470 Mailscanner SQL Injection vulnerability in Mailscanner 1.0.2

SQL injection vulnerability in in the authenticate function in MailWatch for MailScanner 1.0.2 allows remote attackers to execute arbitrary SQL commands.

7.5
2005-11-02 CVE-2005-3469 News2Net SQL Injection vulnerability in News2Net 3.0.0.0

SQL injection vulnerability in index.php in News2Net 3.0.0.0 allows remote attackers to execute arbitrary SQL commands via the category parameter.

7.5
2005-11-02 CVE-2005-3435 Archilles Security Bypass vulnerability in Newsworld

admin_news.php in Archilles Newsworld up to 1.3.0 allows attackers to bypass authentication by obtaining the password hash for another user, for example through another Newsworld vulnerability, and specifying the hash in the pwd argument.

7.5
2005-11-02 CVE-2005-3434 Archilles Information Disclosure vulnerability in Archilles Newsworld 1.3.1/1.3.2

Archilles Newsworld before 1.5.0-rc1 stores (1) account.nwd and (2) session.nwd under the web root with insufficient access control, which allows remote attackers to obtain sensitive information such as usernames, hashed passwords, and session IDs, and gain privileges.

7.5
2005-11-02 CVE-2005-3430 Rockliffe Unspecified vulnerability in Rockliffe Mailsite Express 6.1.20

Incomplete blacklist vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to upload and execute arbitrary script files by giving the files specific extensions, such as (1) .unk, (2) .asa, and possibly (3) .htr and (4) .aspx, which are not filtered like the .asp extension.

7.5
2005-11-01 CVE-2005-3423 Subdreamer Remote SQL Injection vulnerability in Subdreamer 2.2.1

Multiple SQL injection vulnerabilities in Subdreamer 2.2.1 allow remote attackers to execute arbitrary SQL commands via (1) the loginusername parameter or (2) cookies to (a) subdreamer.php, (b) ipb2.php, (c) phpbb2.php, (d) vbulletin2.php, and (e) vbulletin3.php.

7.5
2005-11-01 CVE-2005-3420 Phpbb Group Unspecified vulnerability in PHPbb Group PHPbb

usercp_register.php in phpBB 2.0.17 allows remote attackers to modify regular expressions and execute PHP code via the signature_bbcode_uid parameter, as demonstrated by injecting an "e" modifier into a preg_replace statement.

7.5
2005-11-01 CVE-2005-3419 Phpbb Group Unspecified vulnerability in PHPbb Group PHPbb

SQL injection vulnerability in usercp_register.php in phpBB 2.0.17 allows remote attackers to execute arbitrary SQL commands via the signature_bbcode_uid parameter, which is not properly initialized.

7.5
2005-11-01 CVE-2005-3417 Phpbb Group Unspecified vulnerability in PHPbb Group PHPbb

phpBB 2.0.17 and earlier, when the register_long_arrays directive is disabled, allows remote attackers to modify global variables and bypass security mechanisms because PHP does not define the associated HTTP_* variables.

7.5
2005-11-01 CVE-2005-3416 Phpbb Group Unspecified vulnerability in PHPbb Group PHPbb

phpBB 2.0.17 and earlier, when register_globals is enabled and the session_start function has not been called to handle a session, allows remote attackers to bypass security checks by setting the $_SESSION and $HTTP_SESSION_VARS variables to strings instead of arrays, which causes an array_merge function call to fail.

7.5
2005-11-01 CVE-2005-3415 Phpbb Group Unspecified vulnerability in PHPbb Group PHPbb

phpBB 2.0.17 and earlier allows remote attackers to bypass protection mechanisms that deregister global variables by setting both a GET/POST/COOKIE (GPC) variable and a GLOBALS[] variable with the same name, which causes phpBB to unset the GLOBALS[] variable but not the GPC variable.

7.5
2005-11-01 CVE-2005-3414 Eyeos Project Information Disclosure vulnerability in Eyeos Project Eyeos 0.8.4

eyeOS 0.8.4 stores usrinfo.xml under the web document root with insufficient access control, which allows remote attackers to obtain user credentials.

7.5
2005-11-01 CVE-2005-3408 Greg Neustaetter SQL Injection vulnerability in Greg Neustaetter Gcards 1.43

SQL injection vulnerability in news.php in gCards version 1.43 allows remote attackers to execute arbitrary SQL commands via the limit parameter.

7.5
2005-11-01 CVE-2005-3407 Butterfat Input Validation vulnerability in PHPESP

SQL injection vulnerability in phpESP 1.7.5 and earlier allows remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2005-11-01 CVE-2005-3405 Adaptive Technology Resource Centre Input Validation vulnerability in ATutor

ATutor 1.4.1 through 1.5.1-pl1 allows remote attackers to execute arbitrary PHP functions via a direct request to forum.inc.php with a modified addslashes parameter with either the (1) asc or (2) desc parameters set, possibly due to an eval injection vulnerability.

7.5
2005-11-01 CVE-2005-3404 Adaptive Technology Resource Centre Input Validation vulnerability in ATutor

Multiple PHP file inclusion vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to include arbitrary files via the section parameter followed by a null byte (%00) in (1) body_header.inc.php and (2) print.php.

7.5
2005-11-01 CVE-2005-3396 IBM Local Buffer Overflow vulnerability in IBM AIX CHCONS

Buffer overflow in the chcons (chcon) command in IBM AIX 5.2 and 5.3, when DEBUG MALLOC is enabled, might allow attackers to execute arbitrary code via a long command line argument.

7.5
2005-11-01 CVE-2005-3395 Invision Power Services SQL Injection vulnerability in Invision Power Services Invision Gallery 2.0.3

SQL injection vulnerability in Invision Gallery 2.0.3 allows remote attackers to execute arbitrary SQL commands via the st parameter.

7.5
2005-11-01 CVE-2005-3394 Oaboard SQL Injection vulnerability in Oaboard 1.0

Multiple SQL injection vulnerabilities in forum.php in oaboard forum 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) channel parameter in the topics module and (2) topic parameter in the posting module.

7.5
2005-11-01 CVE-2005-3393 Openvpn Remote Format String vulnerability in Openvpn and Openvpn Access Server

Format string vulnerability in the foreign_option function in options.c for OpenVPN 2.0.x allows remote clients to execute arbitrary code via format string specifiers in a push of the dhcp-option command option.

7.5
2005-11-01 CVE-2005-3392 PHP Unspecified vulnerability in PHP

Unspecified vulnerability in PHP before 4.4.1, when using the virtual function on Apache 2, allows remote attackers to bypass safe_mode and open_basedir directives.

7.5
2005-11-01 CVE-2005-3391 PHP Safe_Mode and Open_Basedir Restriction Bypass vulnerability in PHP cURL and GD

Multiple vulnerabilities in PHP before 4.4.1 allow remote attackers to bypass safe_mode and open_basedir restrictions via unknown attack vectors in (1) ext/curl and (2) ext/gd.

7.5
2005-11-01 CVE-2005-3390 PHP Unspecified vulnerability in PHP

The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when register_globals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field.

7.5
2005-11-05 CVE-2005-3503 Pwdutils Privilege Escalation vulnerability in CHFN User Modification

chfn in pwdutils 3.0.4 and earlier on SuSE Linux, and possibly other operating systems, does not properly check arguments for the GECOS field, which allows local users to gain privileges.

7.2

65 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-11-05 CVE-2005-2756 Apple Remote Buffer Overflow vulnerability in Apple QuickTime Compressed PICT Data

Apple QuickTime before 7.0.3 allows user-assisted attackers to overwrite memory and execute arbitrary code via a crafted PICT file that triggers an overflow during expansion.

5.1
2005-11-05 CVE-2005-2754 Apple Numeric Errors vulnerability in Apple Quicktime

Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file with "Improper movie attributes."

5.1
2005-11-05 CVE-2005-2753 Apple Numeric Errors vulnerability in Apple Quicktime

Integer overflow in Apple QuickTime before 7.0.3 allows user-assisted attackers to execute arbitrary code via a crafted MOV file that causes a sign extension of the length element in a Pascal style string.

5.1
2005-11-05 CVE-2005-2628 Macromedia Unspecified vulnerability in Macromedia Flash Player

Macromedia Flash 6 and 7 (Flash.ocx) allows remote attackers to execute arbitrary code via a SWF file with a modified frame type identifier that is used as an out-of-bounds array index to a function pointer.

5.1
2005-11-02 CVE-2005-3433 Mirabilis Remote Security vulnerability in ICQ

Buffer overflow in Mirabilis ICQ 2003a allows user-assisted attackers to execute arbitrary code by convincing a user to enter long strings into the First Name and Last Name fields.

5.1
2005-11-06 CVE-2005-3517 Chipmunk Scripts Remote Security vulnerability in Chipmunk Guestbook

Chipmunk Scripts Guestbook allows remote attackers to obtain the installation path of the script via a URL that causes an error message to be displayed, such as a URL that contains a single quote (') in the start parameter of index.php.

5.0
2005-11-06 CVE-2005-3513 Vubb Remote Security vulnerability in Vubb Alpharc1

index.php in VUBB alpha rc1 allows remote attackers to obtain the installation path of the application via a viewforum action with the f parameter set to a single quote (').

5.0
2005-11-06 CVE-2005-3510 Apache Denial Of Service vulnerability in Apache Tomcat Simultaneous Directory Listing

Apache Tomcat 5.5.0 to 5.5.11 allows remote attackers to cause a denial of service (CPU consumption) via a large number of simultaneous requests to list a web directory that has a large number of files.

5.0
2005-11-06 CVE-2005-3507 Cutephp Directory Traversal vulnerability in CutePHP CuteNews

Directory traversal vulnerability in CuteNews 1.4.1 allows remote attackers to include arbitrary files, execute code, and gain privileges via "../" sequences in the template parameter to (1) show_archives.php and (2) show_news.php.

5.0
2005-11-05 CVE-2005-3502 Cerberus Information Disclosure vulnerability in Cerberus Helpdesk

attachment_send.php in Cerberus Helpdesk allows remote attackers to view attachments and tickets of other users via a modified file_id parameter.

5.0
2005-11-05 CVE-2005-3500 Clam Anti Virus Denial Of Service vulnerability in Clam Anti-Virus ClamAV TNEF File Handling

The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via a crafted value in a CAB file that causes ClamAV to repeatedly scan the same block.

5.0
2005-11-04 CVE-2005-3493 Afsl Games Remote Denial of Service vulnerability in Battle Carry

Battle Carry .005 and earlier allows remote attackers to cause a denial of service (inaccessible port) via a large packet, which triggers a socket error and terminates the socket that is listening on the server's UDP port.

5.0
2005-11-04 CVE-2005-3492 Johannes F Kuhlmann Remote Buffer Overflow And Denial Of Service vulnerability in Johannes F. Kuhlmann Flatfrag 0.3

FlatFrag 0.3 and earlier allows remote attackers to cause a denial of service (crash) by sending an NT_CONN_OK command from a client that is not connected, which triggers a null dereference.

5.0
2005-11-04 CVE-2005-3490 Asus Directory Traversal vulnerability in Asus VideoSecurity Online Web Server

Directory traversal vulnerability in the web server in Asus Video Security 3.5.0.0 and earlier allows remote attackers to read arbitrary files via "../" or "..\" sequences in the URL.

5.0
2005-11-03 CVE-2005-3484 Nero Directory Traversal vulnerability in Nero Neronet 1.2.0.2

Directory traversal vulnerability in NeroNET 1.2.0.2 and earlier allows remote attackers to read arbitrary files with certain file extensions (such as ZIP, AVI, JPG, TXT, and HTML) via ".." and hex-encoded (1) slash "/" ("%2f") or (2) backslash "\" ("%5c") sequences.

5.0
2005-11-03 CVE-2005-3482 Cisco Unspecified vulnerability in Cisco Aironet Ap1131, Aironet Ap1200 and Aironet Ap1240

Cisco 1200, 1131, and 1240 series Access Points, when operating in Lightweight Access Point Protocol (LWAPP) mode and controlled by 2000 and 4400 series Airespace WLAN controllers running 3.1.59.24, allow remote attackers to send unencrypted traffic to a secure network using frames with the MAC address of an authenticated end host.

5.0
2005-11-03 CVE-2005-3480 Ringtail Remote Security vulnerability in Ringtail Casebook 6.1.0

login.asp in Ringtail CaseBook 6.1.0 displays different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames.

5.0
2005-11-03 CVE-2005-3475 Hasbani WEB Server Remote Denial of Service vulnerability in Hasbani web Server Hasbani web Server 2.0

Hasbani Web Server (WindWeb) 2.0 allows remote attackers to cause a denial of service (infinite loop) via HTTP crafted GET requests.

5.0
2005-11-03 CVE-2005-3472 SUN Information Disclosure vulnerability in SUN Java System Communications Express 2004Q2/2005Q1

Unspecified vulnerability in Sun Java System Communications Express 2005Q1 and 2004Q2 allows local and remote attackers to read sensitive information from configuration files.

5.0
2005-11-02 CVE-2005-3471 Mailscanner Directory Traversal vulnerability in MailWatch for MailScanner

Directory traversal vulnerability in the ruleset view for MailWatch for MailScanner 1.0.2 allows remote attackers to access arbitrary files.

5.0
2005-11-02 CVE-2005-3468 F Secure Directory Traversal vulnerability in F-Secure Anti-Virus and Internet Gatekeeper

Directory traversal vulnerability in F-Secure Anti-Virus for Microsoft Exchange 6.40 and Internet Gatekeeper 6.40 to 6.42 allows limited remote attackers to bypass Web Console authentication and read files.

5.0
2005-11-02 CVE-2005-3467 Solarwinds Improper Input Validation vulnerability in Solarwinds Serv-U File Server

Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of service (crash) via (1) malformed packets and possibly other unspecified issues with unknown impact and attack vectors including (2) use of "~" in a pathname, and (3) memory consumption of the daemon.

5.0
2005-11-02 CVE-2005-3432 Thomas Rybak Authentication Bypass vulnerability in Thomas Rybak Minigal 2 0.5.1/B13

MiniGal 2 (MG2) 0.5.1 allows remote attackers to list password protected images via a request to index.php with the list parameter set to * (wildcard) and the page parameter set to all.

5.0
2005-11-02 CVE-2005-3431 Rockliffe Information Disclosure vulnerability in Rockliffe MailSite Express

Absolute path traversal vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to read arbitrary files via a full pathname in the AttachPath field of a mail message under composition.

5.0
2005-11-02 CVE-2005-3426 Cisco Denial of Service vulnerability in Cisco 11500 Content Services Switch Malformed SSL Client Certificate

Cisco CSS 11500 Content Services Switch (CSS) with SSL termination services allows remote attackers to cause a denial of service (memory corruption and device reload) via a malformed client certificate during SSL session negotiation.

5.0
2005-11-02 CVE-2005-3409 Openvpn Remote Denial Of Service vulnerability in Openvpn and Openvpn Access Server

OpenVPN 2.x before 2.0.4, when running in TCP mode, allows remote attackers to cause a denial of service (segmentation fault) by forcing the accept function call to return an error status, which leads to a null dereference in an exception handler.

5.0
2005-11-01 CVE-2005-3421 Hyper Estraier Remote Information Disclosure vulnerability in Hyper Estraier 1.0/1.0.1

estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote attackers to read unauthorized files via a crafted search request for a filename that contains Unicode characters.

5.0
2005-11-01 CVE-2005-3401 Thehacker Security Bypass vulnerability in Thehacker 5.8.4.128

Multiple interpretation error in TheHacker 5.8.4.128 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."

5.0
2005-11-01 CVE-2005-3400 Fortinet Security Bypass vulnerability in Fortinet 2.48.0.0

Multiple interpretation error in Fortinet 2.48.0.0 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."

5.0
2005-11-01 CVE-2005-3399 CAT Security Bypass vulnerability in CAT Quick Heal 8.0

Multiple interpretation error in CAT-QuickHeal 8.0 allows remote attackers to bypass virus scanning via a file such as BAT, HTML, and EML with an "MZ" magic byte sequence which is normally associated with EXE, which causes the file to be treated as a safe type that could still be executed as a dangerous file type by applications on the end system, as demonstrated by a "triple headed" program that contains EXE, EML, and HTML content, aka the "magic byte bug."

5.0
2005-11-01 CVE-2005-3389 PHP Unspecified vulnerability in PHP

The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected.

5.0
2005-11-01 CVE-2005-3313 Ethereal Group Denial of Service vulnerability in Ethereal IRC Protocol Dissector

The IRC protocol dissector in Ethereal 0.10.13 allows remote attackers to cause a denial of service (infinite loop).

5.0
2005-11-03 CVE-2005-3474 Sony Local Security vulnerability in First4internet Xcp Content Management

The aries.sys driver in Sony First4Internet XCP DRM software hides any file, registry key, or process with a name that starts with "$sys$", which allows attackers to hide activities on a system that uses XCP.

4.6
2005-11-01 CVE-2005-3387 Luca Deri Unspecified vulnerability in Luca Deri Ntop

The startup script in packages/RedHat/ntop.init in ntop before 3.2, when ntop.conf is writable by users besides root, creates temporary files insecurely, which allows remote attackers to execute arbitrary code.

4.6
2005-11-06 CVE-2005-3522 Adventnet Cross-Site Scripting vulnerability in Adventnet Manageengine Netflow Analyzer 4.0.2

Cross-site scripting (XSS) vulnerability in index.jsp in ManageEngine Netflow Analyzer 4.0.2 allows remote attackers to inject arbitrary web script or HTML via the grDisp parameter.

4.3
2005-11-06 CVE-2005-3520 Mysource Cross-Site Scripting vulnerability in MySource

Multiple cross-site scripting (XSS) vulnerabilities in MySource 2.14.0 allow remote attackers to inject arbitrary web script or HTML via (1) the target_url parameter in upgrade_in_progress_backend.php, (2) the stylesheet parameter in edit_table_cell_type_wysiwyg.php, and the bgcolor parameter in (3) insert_table.php, (4) edit_table_cell_props.php, (5) header.php, (6) edit_table_row_props.php, and (7) edit_table_props.php.

4.3
2005-11-06 CVE-2005-3516 Chipmunk Scripts Unspecified vulnerability in Chipmunk Scripts Chipmunk Directory

Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk Directory script allows remote attackers to inject arbitrary web script or HTML via the entryID parameter.

4.3
2005-11-06 CVE-2005-3515 Chipmunk Scripts Unspecified vulnerability in Chipmunk Scripts Chipmunk Topsites

Cross-site scripting (XSS) vulnerability in recommend.php in Chipmunk Topsites script allows remote attackers to inject arbitrary web script or HTML via the ID parameter.

4.3
2005-11-06 CVE-2005-3514 Chipmunk Scripts Unspecified vulnerability in Chipmunk Scripts Chipmunk Forum

Multiple cross-site scripting (XSS) vulnerabilities in Chipmunk Forum script allow remote attackers to inject arbitrary web script or HTML via the forumID parameter to (1) newtopic.php, (2) quote.php, (3) index.php, and (4) reply.php.

4.3
2005-11-06 CVE-2005-3512 Vubb Unspecified vulnerability in Vubb Alpharc1

Cross-site scripting (XSS) vulnerability in index.php in VUBB alpha rc1 allows remote attackers to inject arbitrary web script or HTML via the t parameter in a newreply action.

4.3
2005-11-06 CVE-2005-3511 Spymac Cross-Site Scripting vulnerability in Spymac web OS 4.0

Multiple cross-site scripting (XSS) vulnerabilities in Spymac Web OS 4.0 allow remote attackers to inject arbitrary web script or HTML via (a) the blogs module, including the (1) curr parameter in index.php, (2) inspire, (3) system, or (4) title parameter in blog_newentry.php, (5) entry parameter in blog_newentry_comment.php, (6) entry parameter in blog_edit_entry.php, or (7) caldate parameter in blog.php; and (b) the notes module, including the (1) forwardid parameter in a noteform action; (2) del_folder parameter in a delete_folder action; (3) isread, (4) dateorder, (5) subjectorder, (6) curr, (7) fromorder, or (8) action parameters; (9) ppp or (10) totalreplies parameter in an Inbox action; (11) totalnotes parameter; or (12) touserid parameter in a noteform action.

4.3
2005-11-05 CVE-2005-3506 Sambar Cross-Site Scripting vulnerability in Sambar Server

Cross-site scripting (XSS) vulnerability in proxy.asp in Sambar Server 6.3 BETA 2 and possibly earlier versions allows remote attackers to inject arbitrary web script or HTML via the (1) Remote Proxy Server or (2) Proxy Filter IPs field.

4.3
2005-11-05 CVE-2005-3505 Cpanel HTML Injection vulnerability in Cpanel 10.2.0R82/10.6.0R137

Cross-site scripting (XSS) vulnerability in the Entropy Chat script in cPanel 10.2.0-R82 and 10.6.0-R137 allows remote attackers to inject arbitrary web script or HTML via a chat message containing Javascript in style attributes in tags such as <b>, which are processed by Internet Explorer.

4.3
2005-11-05 CVE-2005-3501 Clamav Resource Management Errors vulnerability in Clamav

The cabd_find function in cabd.c of the libmspack library (mspack) for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted CAB file that causes cabd_find to be called with a zero length.

4.3
2005-11-04 CVE-2005-3498 IBM Information Exposure vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server 5.0.x before 5.02.15, 5.1.x before 5.1.1.8, and 6.x before fixpack V6.0.2.5, when session trace is enabled, records a full URL including the queryString in the trace logs when an application encodes a URL, which could allow attackers to obtain sensitive information.

4.3
2005-11-04 CVE-2005-3496 PHP Handicapper Cross-Site Scripting vulnerability in PHP Handicapper PHP Handicapper

Cross-site scripting (XSS) vulnerability in PHP Handicapper allows remote attackers to inject arbitrary web script or HTML via the msg parameter to msg.php.

4.3
2005-11-04 CVE-2005-3494 AR Blog HTML Injection vulnerability in AR-Blog Comment

Cross-site scripting (XSS) vulnerability in Ar-blog 5.2 and earlier allows remote attackers to inject arbitrary web script or HTML via a blog comment.

4.3
2005-11-03 CVE-2005-3479 Ringtail Cross-Site Scripting vulnerability in Ringtail Casebook 6.1.0

Cross-site scripting (XSS) vulnerability in login.asp in Ringtail CaseBook 6.1.0 allows remote attackers to inject arbitrary web script or HTML via the users parameter.

4.3
2005-11-03 CVE-2005-3477 Invision Power Services HTML Injection vulnerability in Invision Power Services Invision Gallery 2.0.3

Multiple interpretation error in the image upload handling code in Invision Gallery 2.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via HTML or script in an image whose type does not match its extension, which is rendered by Internet Explorer due to CVE-2005-3312.

4.3
2005-11-03 CVE-2005-3473 Alexander Palmo Input Validation vulnerability in Alexander Palmo Simple PHP Blog 0.4.5

Multiple cross-site scripting (XSS) vulnerabilities in Simple PHP Blog 0.4.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) entry, (2) blog_subject, and (3) blog_text parameters (involving the temp_subject variable) in (a) preview_cgi.php and (b) preview_static_cgi.php, or (4) scheme_name parameter and (5) bg_color parameters (involving the preset_name and result variables) in (c) colors.php.

4.3
2005-11-02 CVE-2005-3436 Nuked Klan HTML Injection vulnerability in Nuked-Klan 1.7

Cross-site scripting (XSS) vulnerability in Nuked-Klan 1.7 allows remote attackers to inject arbitrary web script or HTML via the (1) Search module, (2) certain edit fields in Guestbook, (3) the title in the Forum module, and (4) Textbox.

4.3
2005-11-02 CVE-2005-3429 Rockliffe Cross-Site Scripting vulnerability in Rockliffe Mailsite Express 6.1.20

Rockliffe MailSite Express before 6.1.22, with the option to save login information enabled, saves user passwords in plaintext in cookies, which allows local users to obtain passwords by reading the cookie file, or remote attackers to obtain the cookies via cross-site scripting (XSS) vulnerabilities.

4.3
2005-11-02 CVE-2005-3428 Rockliffe Cross-Site Scripting vulnerability in MailSite Express

Cross-site scripting (XSS) vulnerability in Rockliffe MailSite Express before 6.1.22 allows remote attackers to inject arbitrary web script or HTML via a message body.

4.3
2005-11-01 CVE-2005-3425 GNU Cross-Site Scripting vulnerability in GNU gnump3d

Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2005-3424.

4.3
2005-11-01 CVE-2005-3424 GNU Cross-Site Scripting vulnerability in GNU gnump3d Error Page

Cross-site scripting (XSS) vulnerability in GNUMP3D before 2.9.5 allows remote attackers to inject arbitrary web script or HTML via 404 error pages, a different vulnerability than CVE-2005-3425.

4.3
2005-11-01 CVE-2005-3422 10 4 APS Cross-Site Scripting vulnerability in ASP Fast Forum Error.ASP

Cross-site scripting (XSS) vulnerability in error.asp in ASP Fast Forum allows remote attackers to inject arbitrary web script or HTML via the error parameter.

4.3
2005-11-01 CVE-2005-3418 Phpbb Group Unspecified vulnerability in PHPbb Group PHPbb

Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.17 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) error_msg parameter to usercp_register.php, (2) forward_page parameter to login.php, and (3) list_cat parameter to search.php, which are not initialized as variables.

4.3
2005-11-01 CVE-2005-3413 Eyeos Project HTML Injection vulnerability in Eyeos Project Eyeos 0.8.4

Cross-site scripting (XSS) vulnerability in desktop.php in eyeOS 0.8.4 allows remote attackers to inject arbitrary web script or HTML via the motd parameter.

4.3
2005-11-01 CVE-2005-3412 Elite Forum HTML Injection vulnerability in Elite Forum Elite Forum 1.0.0.0

Cross-site scripting (XSS) vulnerability in Elite Forum 1.0.0.0 allows remote attackers to inject arbitrary web script or HTML via a Post Reply to a topic, in which the reply contains a javascript: URL in an <img> tag.

4.3
2005-11-01 CVE-2005-3411 Snitz Communications Cross-Site Scripting vulnerability in Snitz Communications Snitz Forums 2000 3.4.05

Cross-site scripting (XSS) vulnerability in post.asp in Snitz Forums 2000 3.4.05 allows remote attackers to inject arbitrary web script or HTML via the type parameter in a Topic method.

4.3
2005-11-01 CVE-2005-3406 Butterfat Input Validation vulnerability in PHPESP

Cross-site scripting (XSS) vulnerability in phpESP 1.7.5 and earlier allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

4.3
2005-11-01 CVE-2005-3403 Adaptive Technology Resource Centre Input Validation vulnerability in ATutor

Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.1 through 1.5.1-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the _base_href parameter in translate.php, (2) the _base_path parameter in news.inc.php, and (3) the p parameter in add_note.php.

4.3
2005-11-01 CVE-2005-3398 SUN Information Exposure vulnerability in SUN Solaris and Sunos

The default configuration of the web server for the Solaris Management Console (SMC) in Solaris 8, 9, and 10 enables the HTTP TRACE method, which could allow remote attackers to obtain sensitive information such as cookies and authentication data from HTTP headers.

4.3
2005-11-01 CVE-2005-3397 Comersus Open Technologies Input Validation And Information Disclosure vulnerability in Comersus BackOffice

Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows remote attackers to inject arbitrary web script or HTML via the error parameter to comersus_backoffice_supportError.asp.

4.3
2005-11-01 CVE-2005-3388 PHP Cross-Site Scripting vulnerability in PHP PHPInfo

Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5 allows remote attackers to inject arbitrary web script or HTML via a crafted URL with a "stacked array assignment."

4.3

12 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-11-05 CVE-2005-2755 Apple Denial of Service vulnerability in Apple QuickTime Null Pointer Dereference

Apple QuickTime Player before 7.0.3 allows user-assisted attackers to cause a denial of service (crash) via a crafted file with a missing movie attribute, which leads to a null dereference.

2.6
2005-11-04 CVE-2005-2974 Libungif Denial of Service vulnerability in Libungif 4.1.3

libungif library before 4.1.0 allows attackers to cause a denial of service via a crafted GIF file that triggers a null dereference.

2.6
2005-11-01 CVE-2005-3402 Mozilla Unspecified vulnerability in Mozilla Thunderbird 1.0.5/1.0.7

The SMTP client in Mozilla Thunderbird 1.0.5 BETA, 1.0.7, and possibly other versions, does not notify users when it cannot establish a secure channel with the server, which allows remote attackers to obtain authentication information without detection via a man-in-the-middle (MITM) attack that bypasses TLS authentication or downgrades CRAM-MD5 authentication to plain authentication.

2.6
2005-11-06 CVE-2005-3124 Acme Labs Unspecified vulnerability in Acme Labs Thttpd 2.21B/2.23B1

syslogtocern in Acme thttpd before 2.23 allows local users to write arbitrary files via a symlink attack on a temporary file.

2.1
2005-11-03 CVE-2005-3476 HP Local Denial of Service vulnerability in OpenVMS

Unspecified vulnerability in HP OpenVMS Integrity 8.2-1 and 8.2, and OpenVMS Alpha 7.3-2 and 8.2, allows local users to cause a denial of service.

2.1
2005-11-02 CVE-2005-3427 Cisco Unspecified vulnerability in Cisco Ciscoworks Management Center for IPS Sensors 2.1

The Cisco Management Center (MC) for IPS Sensors (IPS MC) 2.1 can omit port field values while generating the Cisco IOS IPS configuration file, wich can cause some signatures to be disabled and makes it easier for attackers to escape detection.

2.1
2005-11-01 CVE-2005-2977 PAM Unspecified vulnerability in PAM

The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses.

2.1
2005-11-01 CVE-2005-2752 Apple Information Exposure vulnerability in Apple mac OS X and mac OS X Server

An unspecified kernel interface in Mac OS X 10.4.2 and earlier does not properly clear memory before reusing it, which could allow attackers to obtain sensitive information, a different vulnerability than CVE-2005-1126 and CVE-2005-1406.

2.1
2005-11-01 CVE-2005-2751 Apple Local vulnerability in Apple Mac OS X Security Update 2005-10-31

memberd in Mac OS X 10.4 up to 10.4.2, in certain situations, does not quickly synchronize access control checks with changes in group membership, which could allow users to access files and other resources after they have been removed from a group.

2.1
2005-11-01 CVE-2005-2750 Apple Local vulnerability in Apple mac OS X Server 10.4.2

Software Update in Mac OS X 10.4.2, when the user marks all updates to be ignored, exits without asking the user to reset the status of the updates, which could prevent important, security-relevant updates from being installed.

2.1
2005-11-01 CVE-2005-2749 Apple Local vulnerability in Apple Mac OS X Security Update 2005-10-31

Unspecified vulnerability in the Finder Get Info window for Mac OS X 10.4 up to 10.4.2 causes Finder to misrepresent file and group ownership information.

2.1
2005-11-01 CVE-2005-2739 Apple Local vulnerability in Apple Mac OS X Security Update 2005-10-31

Keychain Access in Mac OS X 10.4.2 and earlier keeps a password visible even if a keychain times out while the password is being viewed, which could allow attackers with physical access to obtain the password.

2.1