Weekly Vulnerabilities Reports > December 26, 2005 to January 1, 2006

Overview

419 new vulnerabilities reported during this period, including 22 critical vulnerabilities and 145 high severity vulnerabilities. This weekly summary report vulnerabilities in 403 products from 242 vendors including IBM, BEA, Apple, SUN, and Microsoft. Vulnerabilities are notably categorized as "Improper Restriction of Operations within the Bounds of a Memory Buffer", "Permissions, Privileges, and Access Controls", "Resource Management Errors", "Numeric Errors", and "SQL Injection".

  • 338 reported vulnerabilities are remotely exploitables.
  • 3 reported vulnerabilities have public exploit available.
  • 15 reported vulnerabilities are related to weaknesses in OWASP Top Ten.
  • 400 reported vulnerabilities are exploitable by an anonymous user.
  • IBM has the most reported vulnerabilities, with 22 reported vulnerabilities.
  • IBM has the most reported critical vulnerabilities, with 4 reported vulnerabilities.

TOTAL
VULNERABILITIES
CRITICAL RISK
VULNERABILITIES
HIGH RISK
VULNERABILITIES
MEDIUM RISK
VULNERABILITIES
LOW RISK
VULNERABILITIES
REMOTELY
EXPLOITABLE
LOCALLY
EXPLOITABLE
EXPLOIT
AVAILABLE
EXPLOITABLE
ANONYMOUSLY
AFFECTING
WEB APPLICATION

Vulnerability Details

The following table list reported vulnerabilities for the period covered by this report:

Expand/Hide

22 Critical Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-12-31 CVE-2005-4865 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Universal Database

Stack-based buffer overflow in call in IBM DB2 7.x and 8.1 allows remote attackers to execute arbitrary code via a long libname.

10.0
2005-12-31 CVE-2005-4847 Spey Remote Security vulnerability in Spey 0.3.3

Unspecified vulnerability in Spey 0.3.3 has unknown impact and attack vectors related to "A number of security holes which could lead to compromise," a different issue than CVE-2005-4846.

10.0
2005-12-31 CVE-2005-4837 NET Snmp
Sourceforge
Numeric Errors vulnerability in multiple products

snmp_api.c in snmpd in Net-SNMP 5.2.x before 5.2.2, 5.1.x before 5.1.3, and 5.0.x before 5.0.10.2, when running in master agentx mode, allows remote attackers to cause a denial of service (crash) by causing a particular TCP disconnect, which triggers a free of an incorrect variable, a different vulnerability than CVE-2005-2177.

10.0
2005-12-31 CVE-2005-4823 HP Buffer Overflow vulnerability in HP HTTP Server Remote

Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP Web-enabled Management Software allows remote attackers to execute arbitrary code via unknown vectors.

10.0
2005-12-31 CVE-2005-4730 Pear Remote Security vulnerability in Pear Text Password 1.0

Unspecified vulnerability in PEAR Text_Password 1.0 has unknown impact and attack vectors, related to "problematic seeding" of the random number generator, possibly predictable seeds.

10.0
2005-12-31 CVE-2005-4604 Jean Jacques Sarton Buffer Overflow vulnerability in Jean-Jacques Sarton Mtink 1.0.5

Buffer overflow in MTink in the printer-filters-utils package allows local users to execute arbitrary code via a long HOME environment variable.

10.0
2005-12-31 CVE-2005-3653 Broadcom
CA
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Heap-based buffer overflow in the iGateway service for various Computer Associates (CA) iTechnology products, in iTechnology iGateway before 4.0.051230, allows remote attackers to execute arbitrary code via an HTTP request with a negative Content-Length field.

10.0
2005-12-31 CVE-2005-3625 Easy Software Products
KDE
Libextractor
Poppler
SGI
Tetex
Xpdf
Conectiva
Debian
Gentoo
Mandrakesoft
Redhat
SCO
Slackware
Suse
Trustix
Turbolinux
Ubuntu
Resource Management Errors vulnerability in multiple products

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

10.0
2005-12-31 CVE-2005-3057 Fortinet Unspecified vulnerability in Fortinet Fortigate and Fortios

The FTP component in FortiGate 2.8 running FortiOS 2.8MR10 and v3beta, and other versions before 3.0 MR1, allows remote attackers to bypass the Fortinet FTP anti-virus engine by sending a STOR command and uploading a file before the FTP server response has been sent, as demonstrated using LFTP.

10.0
2005-12-31 CVE-2005-2530 SUN Privilege Escalation vulnerability in SUN Java 1.3.1

Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X allows an untrusted applet to gain privileges, related to "Mac OS X specific extensions."

10.0
2005-12-31 CVE-2005-2529 SUN Remote Security vulnerability in SUN Java 1.4.2

Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to gain privileges via unspecified attack vectors relating to "the utility used to update Java shared archives."

10.0
2005-12-29 CVE-2005-4566 Adtran Multiple Unspecified vulnerability in ADTRAN NetVanta Products IKE Traffic

Buffer overflow in the Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to have an unknown impact via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.

10.0
2005-12-29 CVE-2005-4565 Adtran Multiple Unspecified vulnerability in ADTRAN NetVanta Products IKE Traffic

Format string vulnerability in the Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to have an unknown impact via format string specifiers in crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.

10.0
2005-12-31 CVE-2005-4853 EZ Permissions, Privileges, and Access Controls vulnerability in EZ Publish

The default configuration of the forum package in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050818 does not restrict edit permissions to a posting's owner, which allows remote authenticated users to edit arbitrary postings.

9.4
2005-12-31 CVE-2005-4867 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Universal Database

Stack-based buffer overflow in the SATENCRYPT function in IBM DB2 8.1, when Satellite Administration (SATADMIN) is enabled, allows remote attackers to execute arbitrary code via a long parameter.

9.3
2005-12-31 CVE-2005-3525 Adobe Buffer Overflow vulnerability in Macromedia Shockwave Player ActiveX Control

Stack-based buffer overflow in an ActiveX control for the installer for Adobe Macromedia Shockwave Player 10.1.0.11 and earlier allows remote attackers to execute arbitrary code via crafted large values for unspecified parameters.

9.3
2005-12-31 CVE-2005-2922 Realnetworks Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Realnetworks products

Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header.

9.3
2005-12-31 CVE-2005-2619 Autonomy
IBM
Path Traversal vulnerability in multiple products

Directory traversal vulnerability in kvarcve.dll in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allows remote attackers to delete arbitrary files via a (1) ZIP, (2) UUE or (3) TAR archive that contains a ..

9.3
2005-12-31 CVE-2005-2618 Autonomy
IBM
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Multiple stack-based buffer overflows in Autonomy (formerly Verity) KeyView SDK before 9.2.0, as used in Lotus Notes 6.5.4 and 7.0, allow remote attackers to execute arbitrary code via (1) a UUE file containing an encoded file with a long filename handled by uudrdr.dll, (2) a compressed ZIP file with a long filename handled by kvarcve.dll, (3) a TAR archive with a long filename that is extracted to a directory with a long path handled by the TAR reader (tarrdr.dll), (4) an email that contains a long HTTP, FTP, or // link handled by the HTML speed reader (htmsr.dll) or (5) an email containing a crafted long link handled by the HTML speed reader (htmsr.dll).

9.3
2005-12-31 CVE-2005-1924 Squirrelmail Remote Command Execution vulnerability in SquirrelMail G/PGP Encryption Plug-in

The G/PGP (GPG) Plugin 2.1 and earlier for Squirrelmail allow remote authenticated users to execute arbitrary commands via shell metacharacters in (1) the fpr parameter to the deleteKey function in gpg_keyring.php, as called by (a) import_key_file.php, (b) import_key_text.php, and (c) keyring_main.php; and (2) the keyserver parameter to the gpg_recv_key function in gpg_key_functions.php, as called by gpg_options.php.

9.3
2005-12-31 CVE-2005-1730 Novell Unspecified vulnerability in Novell Imanager 1.5/2.0/2.0.2

Multiple vulnerabilities in the OpenSSL ASN.1 parser, as used in Novell iManager 2.0.2, allows remote attackers to cause a denial of service (NULL pointer dereference) via crafted packets, as demonstrated by "OpenSSL ASN.1 brute forcer." NOTE: this issue might overlap CVE-2004-0079, CVE-2004-0081, or CVE-2004-0112.

9.3
2005-12-31 CVE-2005-4800 Yapig Remote Security vulnerability in YaPig

Direct static code injection vulnerability in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allows remote authenticated administrators to inject arbitrary PHP code via the TestGallery parameter in a mod_info action to modify_gallery.php, which inserts the code into guid_info.php.

9.0

145 High Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-12-31 CVE-2005-4860 Spectrumcu Use of a Broken or Risky Cryptographic Algorithm vulnerability in Spectrumcu Cash Receipting System

Spectrum Cash Receipting System before 6.504 uses weak cryptography (static substitution) in the PASSFILE password file, which makes it easier for local users to gain privileges by decrypting a password.

7.8
2005-12-31 CVE-2005-4843 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 7.0

The SmartConnect Class control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.

7.8
2005-12-31 CVE-2005-4812 Sisco Remote Denial of Service vulnerability in SISCO OSI Stack

The SISCO OSI stack for Windows, as used by MMS-EASE 7.10 and earlier, AX-S4 MMS 5.01 and earlier, AX-S4 ICCP 3.0103 and earlier, and the ICCP Toolkit for MMS-EASE 4.10 and earlier, allows remote attackers to cause a denial of service (process crash) via certain network traffic, as demonstrated using a Nessus scan.

7.8
2005-12-31 CVE-2005-4764 BEA Multiple vulnerability in BEA Weblogic Server 6.1/7.0/8.1

BEA WebLogic Server and WebLogic Express 9.0, 8.1, and 7.0 lock out the admin user account after multiple incorrect password guesses, which allows remote attackers who know or guess the admin account name to cause a denial of service (blocked admin logins).

7.8
2005-12-31 CVE-2005-4746 Freeradius RLM_SQLCounter Buffer Overflow vulnerability in Freeradius 1.0.3/1.0.4

Multiple buffer overflows in FreeRADIUS 1.0.3 and 1.0.4 allow remote attackers to cause denial of service (crash) via (1) the rlm_sqlcounter module or (2) unknown vectors "while expanding %t".

7.8
2005-12-31 CVE-2005-2712 IBM Denial of Service vulnerability in Lotus Domino LDAP

The LDAP server (nldap.exe) in IBM Lotus Domino before 7.0.1, 6.5.5, and 6.5.4 FP2 allows remote attackers to cause a denial of service (crash) via a long bind request, which triggers a null dereference.

7.8
2005-12-31 CVE-2005-2342 RIM Denial Of Service vulnerability in Blackberry Enterprise Server Router SRP Packet

Research in Motion (RIM) BlackBerry Router allows remote attackers to cause a denial of service (communication disruption) via crafted Server Routing Protocol (SRP) packets.

7.8
2005-12-30 CVE-2005-4587 Juniper Remote Denial of Service vulnerability in Juniper NetScreen-Security Manager 2004

Juniper NetScreen-Security Manager (NSM) 2004 FP2 and FP3 allow remote attackers to cause a denial of service (crash or hang of server components that are automatically restarted) via a long crafted string on (1) port 7800 (the GUI Server port) or (2) port 7801 (the Device Server port).

7.8
2005-12-29 CVE-2005-4570 Fortinet Denial Of Service vulnerability in Multiple Fortinet Products IKE Exchange

The Internet Key Exchange version 1 (IKEv1) implementations in Fortinet FortiOS 2.50, 2.80 and 3.0, FortiClient 2.0,; and FortiManager 2.80 and 3.0 allow remote attackers to cause a denial of service (termination of a process that is automatically restarted) via IKE packets with invalid values of certain IPSec attributes, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.

7.8
2005-12-28 CVE-2005-4546 Epic Designs Cross-Site Scripting vulnerability in Epic Designs Eggblog Search.PHP

search.php in eggblog 2.0 allows remote attackers to obtain the full path via an invalid q parameter, as used by the Keyword and Search fields, possibly due to an SQL injection vulnerability.

7.8
2005-12-31 CVE-2005-4830 Viewcvs Unspecified vulnerability in Viewcvs 0.9.2

CRLF injection vulnerability in viewcvs in ViewCVS 0.9.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the content-type parameter.

7.6
2005-12-31 CVE-2005-4808 GNU
Canonical
Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050714 allows user-assisted attackers to have an unknown impact via a crafted .s file.
7.6
2005-12-31 CVE-2005-4765 BEA Multiple vulnerability in BEA Weblogic Server 7.0/8.1

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier and 7.0 SP6 and earlier, when using the weblogic.Deployer command with the t3 protocol, does not use the secure t3s protocol even when an Administration port is enabled on the Administration server, which might allow remote attackers to sniff the connection.

7.6
2005-12-31 CVE-2005-3618 Vmware Cross-Site Request Forgery vulnerability in ESX

Cross-site request forgery (CSRF) vulnerability in the management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 allows allows remote attackers to perform unauthorized actions as the administrator via URLs, as demonstrated using the setUsr operation to change a password.

7.6
2005-12-31 CVE-2005-3188 Nullsoft Remote Buffer Overflow vulnerability in Nullsoft Winamp 5.094

Buffer overflow in Nullsoft Winamp 5.094 allows remote attackers to execute arbitrary code via (1) an m3u file containing a long line ending in .wma or (2) a pls file containing a long File1 value ending in .wma, a different vulnerability than CVE-2006-0476.

7.6
2005-12-31 CVE-2005-4875 Typo3 Information Exposure vulnerability in Typo3 0.4.1/1.1/3.7.0

TYPO3 3.8.0 and earlier allows remote attackers to obtain sensitive information via a direct request to misc/phpcheck/, which invokes the phpinfo function and prints values of unspecified environment variables.

7.5
2005-12-31 CVE-2005-4873 Cups Buffer Errors vulnerability in Cups 1.1.23

Multiple stack-based buffer overflows in the phpcups PHP module for CUPS 1.1.23rc1 might allow context-dependent attackers to execute arbitrary code via vectors that result in long function parameters, as demonstrated by the cups_get_dest_options function in phpcups.c.

7.5
2005-12-31 CVE-2005-4861 Jasio NET Improper Authentication vulnerability in Jasio.Net Ragnarok Online Control Panel 4.3.4A

functions.php in Ragnarok Online Control Panel (ROCP) 4.3.4a allows remote attackers to bypass authentication by requesting account_manage.php with a trailing "/login.php" PHP_SELF value, which is not properly handled by the CHECK_AUTH function.

7.5
2005-12-31 CVE-2005-4832 Oracle Remote SQL Injection vulnerability in Oracle 10g Database SUBSCRIPTION_NAME

SQL injection vulnerability in the Oracle Database Server 10g allows remote authenticated users to execute arbitrary SQL commands with elevated privileges via the SUBSCRIPTION_NAME parameter in the (1) SYS.DBMS_CDC_SUBSCRIBE and (2) SYS.DBMS_CDC_ISUBSCRIBE packages, a different vector than CVE-2005-1197.

7.5
2005-12-31 CVE-2005-4827 Microsoft
Canon
Internet Explorer 6.0, and possibly other versions, allows remote attackers to bypass the same origin security policy and make requests outside of the intended domain by calling open on an XMLHttpRequest object (Microsoft.XMLHTTP) and using tab, newline, and carriage return characters within the first argument (method name), which is supported by some proxy servers that convert tabs to spaces.
7.5
2005-12-31 CVE-2005-4824 Glen Campbell Remote Security vulnerability in Siteframe

PHP remote file inclusion vulnerability in web/classes.php in Siteframe before 3.2.2 allows remote attackers to execute arbitrary PHP code via a URL in the LOCAL_PATH parameter, a different vulnerability than CVE-2005-1965.

7.5
2005-12-31 CVE-2005-4822 Digger Solutions SQL Injection vulnerability in Digger Solutions Intranet Open Source Project-Edit.ASP

SQL injection vulnerability in projects/project-edit.asp in Digger Solutions Intranet Open Source (IOS) version 2.7.2 allows remote attackers to execute arbitrary SQL commands via the project_id parameter.

7.5
2005-12-31 CVE-2005-4818 Copernicus SQL Injection vulnerability in Copernicus Europa

Multiple SQL injection vulnerabilities in Copernicus Europa allow remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2005-12-31 CVE-2005-4817 Tmsnc Format String vulnerability in TMSNC

Format string vulnerability in ui.c in Textbased MSN Client (TMSNC) before 0.2.5 allows attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors that cause format strings to be injected into the wprintw function.

7.5
2005-12-31 CVE-2005-4816 Proftpd Project Buffer Overflow vulnerability in ProFTPD Mod_Radius

Buffer overflow in mod_radius in ProFTPD before 1.3.0rc2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long password.

7.5
2005-12-31 CVE-2005-4815 SAP Remote Security vulnerability in Sap R 3

SAP 6.4 before 6.40 patch 4, 6.2 before 6.20 patch 1364, 4.6 before 4.6D patch 1767, 45 before 45B patch 913, 40 before 40B patch 1008, and 31 before 31I patch 735 do not properly restrict process execution by lnaxdm/sapsys, which allows remote attackers to execute arbitrary code via a certain UDP packet that ends with the name of a local executable file, aka the "FX SAP R/3 gwrd vuln."

7.5
2005-12-31 CVE-2005-4814 Middlebury College File-Upload vulnerability in Segue Cms

Unrestricted file upload vulnerability in Segue CMS before 1.3.6, when the Apache HTTP Server handles .phtml files with the PHP interpreter, allows remote attackers to upload and execute arbitrary PHP code by placing .phtml files in the userfiles/ directory.

7.5
2005-12-31 CVE-2005-4807 GNU
Canonical
Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in multiple products

Stack-based buffer overflow in the as_bad function in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code.

7.5
2005-12-31 CVE-2005-4801 Yapig Cross-Site Request Forgery vulnerability in YaPig

Multiple cross-site request forgery (CSRF) vulnerabilities in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allow remote attackers to perform unauthorized actions as a logged-in user, as demonstrated by tricking the administrator to access a web page that performs a mod_info action in modify_gallery.php.

7.5
2005-12-31 CVE-2005-4793 Hitachi Remote Security vulnerability in Hitachi products

Multiple unspecified vulnerabilities in the web utility function in Hitachi Cm2/Network Node Manager and JP1/Cm2/Network Node Manager before 20050930 allow attackers to execute arbitrary commands, disable services, and "exploit vulnerabilities."

7.5
2005-12-31 CVE-2005-4792 Phpwebsite SQL Injection vulnerability in PHPWebSite Search Module

SQL injection vulnerability in index.php in Appalachian State University phpWebSite 0.10.1 and earlier allows remote attackers to execute arbitrary SQL commands via the module parameter.

7.5
2005-12-31 CVE-2005-4770 Accelerated Enterprise Solutions SQL Injection vulnerability in Accelerated E Solutions

SQL injection vulnerability in an unspecified Accelerated Enterprise Solutions product, possibly Accelerated E Solutions, allows remote attackers to execute arbitrary SQL commands via the password parameter.

7.5
2005-12-31 CVE-2005-4769 Belchior Foundry SQL Injection vulnerability in Belchior Foundry vCard Pro Addrbook.PHP

SQL injection vulnerability in addrbook.php in Belchior Foundry vCard PRO 3.1 allows remote attackers to execute arbitrary SQL commands via the addr_id parameter.

7.5
2005-12-31 CVE-2005-4768 TUX Racer SQL Injection vulnerability in TuxBank ManageAccount.PHP

SQL injection vulnerability in manage_account.php in Tux Racer TuxBank 0.7x and 0.8 allows remote attackers to execute arbitrary SQL commands via the id parameter in a manageaccount action to index.php.

7.5
2005-12-31 CVE-2005-4763 BEA Multiple vulnerability in BEA Weblogic Server 6.1/7.0/8.1

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier, when Internet Inter-ORB Protocol (IIOP) is used, sometimes include a password in an exception message that is sent to a client or stored in a log file, which might allow remote attackers to perform unauthorized actions.

7.5
2005-12-31 CVE-2005-4757 BEA Multiple vulnerability in BEA Weblogic Server 7.0/8.1

BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, do not properly "constrain" a "/" (slash) servlet root URL pattern, which might allow remote attackers to bypass intended servlet protections.

7.5
2005-12-31 CVE-2005-4756 BEA Multiple vulnerability in BEA Weblogic Server 7.0/8.1

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not properly validate derived Principals with multiple PrincipalValidators, which might allow attackers to gain privileges.

7.5
2005-12-31 CVE-2005-4750 BEA Multiple vulnerability in BEA Weblogic Server 6.1/7.0/8.1

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier allow remote attackers to cause a denial of service (server thread hang) via unknown attack vectors.

7.5
2005-12-31 CVE-2005-4745 Freeradius SQL Injection vulnerability in Freeradius 1.0.3/1.0.4

SQL injection vulnerability in the rlm_sqlcounter module in FreeRADIUS 1.0.3 and 1.0.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.

7.5
2005-12-31 CVE-2005-4741 Netbsd Local PTrace Privilege Escalation vulnerability in NetBSD

NetBSD 1.6, NetBSD 2.0 through 2.1, and NetBSD-current before 20051031 allows local users to gain privileges by attaching a debugger to a setuid/setgid (P_SUGID) process that performs an exec without a reset of real credentials.

7.5
2005-12-31 CVE-2005-4737 IBM Multiple vulnerability in IBM DB2 Universal Database

IBM DB2 Universal Database (UDB) 820 before ESE AIX 5765F4100 allows remote authenticated users to cause a denial of service (CPU consumption) by "abnormally" terminating a connection, which prevents db2agents from being properly cleared.

7.5
2005-12-31 CVE-2005-4729 Vbzoom SQL Injection vulnerability in Vbzoom 1.11

SQL injection vulnerability in show.php in VBZooM Forum allows remote attackers to execute arbitrary SQL commands via the SubjectID parameter.

7.5
2005-12-31 CVE-2005-4725 Geeklog Security Bypass vulnerability in Geeklog (Extended Japanese Package)

Geeklog before 1.3.11sr3 allows remote attackers to bypass intended access restrictions and comment on an arbitrary story or topic by guessing the story ID.

7.5
2005-12-31 CVE-2005-4724 Phptagcool SQL injection vulnerability in post.php in PhpTagCool 1.0.3 allows remote attackers to execute arbitrary SQL commands via the X-Forwarded-For field in an HTTP header.
7.5
2005-12-31 CVE-2005-4719 Sysbotz SQL-Injection vulnerability in Systems Panel

Multiple SQL injection vulnerabilities in Sysbotz Systems Panel 1.0.6 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the cid parameter in knowledgebase/index.php, (2) the aid parameter in knowledgebase/view.php, (3) the cid parameter in contact/update.php, (4) the letter parameter in links/index.php, (5) the mid parameter in messageboard/view.php, and (6) the tid parameter in tickets/view.php.

7.5
2005-12-31 CVE-2005-4715 Francisco Burzi SQL-Injection vulnerability in Francisco Burzi PHP-Nuke 7.8

Multiple SQL injection vulnerabilities in modules.php in PHP-Nuke 7.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) name, (2) sid, and (3) pid parameters in a POST request, which bypasses security checks that are performed for GET requests.

7.5
2005-12-31 CVE-2005-4714 Openvmps Unspecified vulnerability in Openvmps 1.3

Format string vulnerability in the vmps_log function in OpenVMPS (VLAN Management Policy Server) 1.3 allows remote attackers to execute arbitrary code via unknown vectors.

7.5
2005-12-31 CVE-2005-4694 Plain Black Unspecified vulnerability in the www_add method in Asset.pm in Plain Black WebGUI 6.3.0 and other versions before 6.7.6 allows attackers to execute arbitrary code via unknown attack vectors.
7.5
2005-12-31 CVE-2005-4692 Mroovca Remote Security vulnerability in Mroovca Stats

Unspecified vulnerability in mroovca stats (mroovcastats) before 0.4.5b has unknown attack vectors and impact, related to cookies.

7.5
2005-12-31 CVE-2005-4674 Complete PHP Counter SQL Injection vulnerability in Complete PHP Counter

Multiple SQL injection vulnerabilities in list.php in Complete PHP Counter allow remote attackers to execute arbitrary SQL commands via the (1) c or (2) s parameter.

7.5
2005-12-31 CVE-2005-4669 RT Internet Solutions SQL-Injection vulnerability in Rt Internet Solutions Webadmin

SQL injection vulnerability in RT Internet Solutions (RTIS) WebAdmin allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields.

7.5
2005-12-31 CVE-2005-4657 Ocean12 Technologies Authentication Bypass vulnerability in Ocean12 Technologies Calendar Manager PRO 1.01

Ocean12 Calendar Manager Pro 1.01 allows remote attackers to bypass authentication and obtain sensitive information via a direct request to /admin/view.asp.

7.5
2005-12-31 CVE-2005-4647 Pearlinger SQL Injection vulnerability in Pearl Forums

Multiple SQL injection vulnerabilities in PEARLINGER Pearl Forums 2.4 allow remote attackers to execute arbitrary SQL commands via the (1) forumsId and (2) topicId parameters in index.php.

7.5
2005-12-31 CVE-2005-4645 3Cfr SQL-Injection vulnerability in 3Cfr

SQL injection vulnerability in index.php in 3CFR allows remote attackers to execute arbitrary SQL commands via the LangueID parameter.

7.5
2005-12-31 CVE-2005-4643 Antharia SQL Injection vulnerability in Antharia OnContent // CMS

SQL injection vulnerability in index.php in Antharia OnContent // CMS allows remote attackers to execute arbitrary SQL commands via the pid parameter.

7.5
2005-12-31 CVE-2005-4641 Eazycms SQL-Injection vulnerability in Eazycms 2.0

SQL injection vulnerability in home.php in eazyCMS 2.0 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.

7.5
2005-12-31 CVE-2005-4640 Class 1 SQL-Injection vulnerability in Poll Software

SQL injection vulnerability in index.php in class-1 Poll Software 0.4 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) pollid or (2) previouspoll parameters.

7.5
2005-12-31 CVE-2005-4634 Activecampaign SQL-Injection vulnerability in Activecampaign Supporttrio 1.4

SQL injection vulnerability in index.php in ActiveCampaign SupportTrio 1.4 allows remote attackers to execute arbitrary SQL commands via the page parameter.

7.5
2005-12-31 CVE-2005-4632 Vote PRO SQL Injection vulnerability in Vote PRO Vote PRO

SQL injection vulnerability in poll_frame.php in Vote! Pro 4.0 and earlier allows remote attackers to execute arbitrary SQL commands via the poll_id parameter.

7.5
2005-12-31 CVE-2005-4631 Ryan Lath SQL-Injection vulnerability in Zina

SQL injection vulnerability in index.php in Zina 0.12.07 and earlier allows remote attackers to execute arbitrary SQL commands via the p parameter.

7.5
2005-12-31 CVE-2005-4630 Clientexec SQL-Injection vulnerability in Clientexec 2.3

SQL injection vulnerability in index.php in ClientExec 2.3 allows remote attackers to execute arbitrary SQL commands via the (1) billshowid, (2) billdetailid, (3) fuse, and (4) frmClientID parameters.

7.5
2005-12-31 CVE-2005-4629 Smbcms SQL-Injection vulnerability in Smbcms 2.1

SQL injection vulnerability in SMBCMS 2.1 allows remote attackers to execute arbitrary SQL commands via unspecified search parameters.

7.5
2005-12-31 CVE-2005-4628 Help Desk Point Software SQL-Injection vulnerability in Helpdeskpoint

SQL injection vulnerability in index.php in HelpDeskPoint 2.38 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter.

7.5
2005-12-31 CVE-2005-4622 Efilego Input Validation vulnerability in Efilego 3.0.1

Directory traversal vulnerability in eFileGo 3.01 allows remote attackers to execute arbitrary code, read arbitrary files, and upload arbitrary files via a ...

7.5
2005-12-31 CVE-2005-4619 Phpoutsourcing SQL Injection vulnerability in PHPOutsourcing Zorum RollID

SQL injection vulnerability in index.php in phpoutsourcing Zorum Forum 3.5 and earlier allows remote attackers to execute arbitrary SQL commands via the rollid parameter in the showhtmllist method.

7.5
2005-12-31 CVE-2005-4617 Forperfect SQL Injection vulnerability in Forperfect Csupport 1.0

SQL injection vulnerability in tickets.php in cSupport 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the pg parameter.

7.5
2005-12-31 CVE-2005-4616 Idevspot SQL-Injection vulnerability in Idevspot Isupport 1.06

SQL injection vulnerability in index.php in iSupport 1.06 allows remote attackers to execute arbitrary SQL commands via the include_file parameter.

7.5
2005-12-31 CVE-2005-4615 Dapperdesk SQL-Injection vulnerability in DapperDesk

SQL injection vulnerability in news.php in DapperDesk 3.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the page parameter.

7.5
2005-12-31 CVE-2005-4614 SUM Effect Software SQL-Injection vulnerability in digiSHOP

Multiple SQL injection vulnerabilities in digiSHOP 3.1.17 and earlier allow remote attackers to execute arbitrary SQL commands or obtain the full installation path via (1) the c parameter in cart.php and (2) unspecified search module parameters.

7.5
2005-12-31 CVE-2005-4612 Vubb SQL-Injection vulnerability in Vubb Alpharc1

Multiple SQL injection vulnerabilities in VUBB alpha rc1 allow remote attackers to execute arbitrary SQL commands via the (1) f parameter to viewforum.php, (2) t parameter to viewtopic.php, and (3) view parameter to usercp.php.

7.5
2005-12-31 CVE-2005-4611 Phpfreebies COM SQL-Injection vulnerability in Free Clickbank

SQL injection vulnerability in search.php in Free ClickBank 1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the keywords parameter.

7.5
2005-12-31 CVE-2005-4610 Dopewars Unspecified vulnerability in Dopewars

Format string vulnerability in the server for Dopewars before 1.5.12, when running as an NT service, allows remote attackers to execute arbitrary code via unspecified attack vectors.

7.5
2005-12-31 CVE-2005-4608 Incogen SQL Injection vulnerability in INCOGEN Bugport

SQL injection vulnerability in index.php in BugPort 1.147 allows remote attackers to execute arbitrary SQL commands via the (1) devWherePair[0], (2) orderBy, and (3) where parameters.

7.5
2005-12-31 CVE-2005-4606 Webwiz SQL Injection vulnerability in Webwiz products

SQL injection vulnerability in check_user.asp in multiple Web Wiz products including (1) Site News 3.06 and earlier, (2) Journal 1.0 and earlier, (3) Polls 3.06 and earlier, and (4) and Database Login 1.71 and earlier allows remote attackers to execute arbitrary SQL commands via the txtUserName parameter.

7.5
2005-12-31 CVE-2005-4602 Mybulletinboard SQL Injection vulnerability in MyBB File Upload

SQL injection vulnerability in inc/function_upload.php in MyBB before 1.0.1 allows remote attackers to execute arbitrary SQL commands via the file extension of an uploaded file attachment.

7.5
2005-12-31 CVE-2005-4601 Imagemagick Remote Command Execution vulnerability in Imagemagick 6.2.4.5

The delegate code in ImageMagick 6.2.4.5-0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename that is processed by the display command.

7.5
2005-12-31 CVE-2005-4594 Tugzip Buffer Overflow vulnerability in Tugzip 3.4.0.0

Stack-based buffer overflow in TUGZip 3.4.0.0 allows remote attackers to execute arbitrary code via a long filename in an ARJ archive.

7.5
2005-12-31 CVE-2005-4593 Joshua Eichorn Remote and Local File Include vulnerability in PHPDocumentor

PHP remote file inclusion vulnerability in phpDocumentor 1.3.0 rc4 and earlier, when register_globals is enabled, allows remote attackers to execute arbitrary code via a URL in the (1) FORUM[LIB] parameter in Documentation/tests/bug-559668.php and (2) the root_dir parameter in docbuilder/file_dialog.php.

7.5
2005-12-31 CVE-2005-4592 Bogofilter Remote Buffer Overflow vulnerability in Bogofilter

Heap-based buffer overflow in bogofilter and bogolexer 0.96.2 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via words that are longer than the input buffer used by flex.

7.5
2005-12-31 CVE-2005-4591 Bogofilter Remote Buffer Overflow vulnerability in Bogofilter

Heap-based buffer overflow in bogofilter 0.96.2, 0.95.2, 0.94.14, 0.94.12, and other versions from 0.93.5 to 0.96.2, when using Unicode databases, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via "invalid input sequences" that lead to heap corruption when bogofilter or bogolexer converts character sets.

7.5
2005-12-31 CVE-2005-4418 Vserver Unspecified vulnerability in Vserver Util-Vserver 0/0.30.209

util-vserver before 0.30.208-1 with kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux sets a default policy that trusts unknown capabilities, which could allow local users to conduct unauthorized activities.

7.5
2005-12-31 CVE-2005-4085 Bluecoat Remote Host Header Buffer Overflow vulnerability in Bluecoat Proxyav and Webproxy

Buffer overflow in BlueCoat (a) WinProxy before 6.1a and (b) the web console access functionality in ProxyAV before 2.4.2.3 allows remote attackers to execute arbitrary code via a long Host: header.

7.5
2005-12-31 CVE-2005-3713 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a GIF image file with a crafted Netscape Navigator Application Extension Block that modifies the heap in the Picture Modifier block.

7.5
2005-12-31 CVE-2005-3711 Apple Numeric Errors vulnerability in Apple Quicktime

Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified (1) "strips" (StripByteCounts) or (2) "bands" (StripOffsets) values.

7.5
2005-12-31 CVE-2005-3710 Apple Numeric Errors vulnerability in Apple Quicktime

Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a TIFF image file with modified image height and width (ImageWidth) tags.

7.5
2005-12-31 CVE-2005-3709 Apple Numeric Errors vulnerability in Apple Quicktime

Integer underflow in Apple Quicktime before 7.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Color Map Entry Size in a TGA image file.

7.5
2005-12-31 CVE-2005-3708 Apple Code Execution vulnerability in RETIRED: Apple QuickTime

Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files.

7.5
2005-12-31 CVE-2005-3707 Apple Code Execution vulnerability in RETIRED: Apple QuickTime

Buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files.

7.5
2005-12-31 CVE-2005-3658 EMC Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in EMC Legato Networker

Multiple heap-based buffer overflows in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allow remote attackers to execute arbitrary code or cause a denial of service (unresponsive application) via malformed RPC packets to (1) RPC program number 390109 (nsrd.exe) and (2) RPC program number 390113 (nsrexecd.exe).

7.5
2005-12-31 CVE-2005-3655 Novell Remote Manager HTTP Request Header Heap Overflow vulnerability in Novell Open Enterprise Server 9

Heap-based buffer overflow in Novell Open Enterprise Server Remote Manager (novell-nrm) in Novell SUSE Linux Enterprise Server 9 allows remote attackers to execute arbitrary code via an HTTP POST request with a negative Content-Length parameter.

7.5
2005-12-31 CVE-2005-3654 Bluecoat Remote Denial Of Service vulnerability in Blue Coat Systems WinProxy Telnet

Blue Coat Systems Inc.

7.5
2005-12-31 CVE-2005-3628 Xpdf Unspecified vulnerability in Xpdf

Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors.

7.5
2005-12-31 CVE-2005-3627 Xpdf Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xpdf

Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo.

7.5
2005-12-31 CVE-2005-3540 Petris Local Buffer Overflow vulnerability in Petris

Buffer overflow in petris before 1.0.1 allows remote attackers to execute arbitrary code via unspecified attack vectors.

7.5
2005-12-31 CVE-2005-3539 Hylafax Scripts Remote Command Execution vulnerability in Hylafax

Multiple eval injection vulnerabilities in HylaFAX 4.2.3 and earlier allow remote attackers to execute arbitrary commands via (1) the notify script in HylaFAX 4.2.0 to 4.2.3 and (2) crafted CallID parameters to the faxrcvd script in HylaFAX 4.2.2 and 4.2.3.

7.5
2005-12-31 CVE-2005-3538 Ifax Solutions Remote PAM Authentication Bypass vulnerability in Ifax Solutions Hylafax 4.2.3

hfaxd in HylaFAX 4.2.3, when PAM support is disabled, accepts arbitrary passwords, which allows remote attackers to gain privileges.

7.5
2005-12-31 CVE-2005-3058 Fortinet Permissions, Privileges, and Access Controls vulnerability in Fortinet Fortigate and Fortios

Interpretation conflict in Fortinet FortiGate 2.8, running FortiOS 2.8MR10 and v3beta, allows remote attackers to bypass the URL blocker via an (1) HTTP request terminated with a line feed (LF) and not carriage return line feed (CRLF) or (2) HTTP request with no Host field, which is still processed by most web servers without violating RFC2616.

7.5
2005-12-31 CVE-2005-2464 Pcxp Toppe CMS Security Bypass vulnerability in Pcxp Toppe CMS Pcxp Toppe CMS 1.15/2

login.php in PCXP/TOPPE CMS allows remote attackers to bypass authentication and gain privileges by modifying the cookie to match the target userid.

7.5
2005-12-31 CVE-2005-2341 RIM Buffer Errors vulnerability in RIM products

Heap-based buffer overflow in Research in Motion (RIM) BlackBerry Attachment Service allows remote attackers to cause a denial of service (hang) via an e-mail attachment with a crafted TIFF file.

7.5
2005-12-31 CVE-2005-2340 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple Quicktime

Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a crafted (1) QuickTime Image File (QTIF), (2) PICT, or (3) JPEG format image with a long data field.

7.5
2005-12-31 CVE-2005-2315 Dnrd Remote Security vulnerability in dnrd

Buffer overflow in Domain Name Relay Daemon (DNRD) before 2.19.1 allows remote attackers to execute arbitrary code via a large number of large DNS packets with the Z and QR flags cleared.

7.5
2005-12-30 CVE-2005-4586 Phpsurveyor SQL Injection vulnerability in PHPsurveyor 0.99

Multiple SQL injection vulnerabilities in PHPSurveyor before 0.991 allow remote attackers to execute arbitrary SQL commands via the (1) sql parameter in browse.php and the (2) sid, (3) lid, (4) gid, and (5) token parameters in certain PHP scripts.

7.5
2005-12-29 CVE-2005-4582 Scott Draves Remote Security vulnerability in Scott Draves Electric Sheep 2.6.3

Electric Sheep 2.6.3 does not require authentication or integrity checks from the server to the client, which allows remote attackers to download and display arbitrary MPEG movie files via (1) DNS spoofing, (2) a URL on the command line, or (3) a URL in the configuration file.

7.5
2005-12-29 CVE-2005-4578 Hitachi Input Validation vulnerability in Hitachi Business Logic

Multiple SQL injection vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to execute arbitrary SQL commands via unknown attack vectors in an unspecified input form.

7.5
2005-12-29 CVE-2005-4573 Plogger Code Injection vulnerability in Plogger

PHP remote file include vulnerability in plog-admin-functions.php in Plogger Beta 2 allows remote attackers to execute arbitrary code via a URL in the config[basedir] parameter.

7.5
2005-12-29 CVE-2005-4572 Myezshop Input Validation vulnerability in myEZshop Shopping Cart

Multiple SQL injection vulnerabilities in myEZshop Shopping Cart allow remote attackers to execute arbitrary SQL commands via the (1) GroupsId and (2) ItemsId parameters in admin.php.

7.5
2005-12-29 CVE-2005-4569 Floosietek Remote vulnerability in Floosietek Ftgate 4.4Build4.4.000

Stack-based buffer overflow in index.fts in FTGate Technology (formerly known as Floosietek) FTGate 4.4 (aka Build 4.4.000 Oct 26 2005) allows remote attackers to execute arbitrary code via a long tzoffset value.

7.5
2005-12-29 CVE-2005-4568 Floosietek Remote vulnerability in Floosietek Ftgate 4.4Build4.4.000

Multiple format string vulnerabilities in FTGate Technology (formerly known as Floosietek) FTGate 4.4 (aka Build 4.4.000 Oct 26 2005) allow remote attackers to execute arbitrary code via format string specifiers in the (1) USER, (2) PASS, and (3) TOP commands to the POP3 server; and the (4) LIST and (5) AUTHENTICATE commands to the IMAP server.

7.5
2005-12-29 CVE-2005-4563 Enterprise Heart SQL Injection vulnerability in Enterprise Heart Enterprise Connector 1.0.2

SQL injection vulnerability in main.php in Enterprise Heart Enterprise Connector 1.0.2 allows remote attackers to execute arbitrary SQL commands and bypass login authentication via the loginid parameter, a different vulnerability than CVE-2005-3875.

7.5
2005-12-28 CVE-2005-4560 Microsoft Improper Input Validation vulnerability in Microsoft Windows 2003 Server and Windows XP

The Windows Graphical Device Interface library (GDI32.DLL) in Microsoft Windows allows remote attackers to execute arbitrary code via a Windows Metafile (WMF) format image with a crafted SETABORTPROC GDI Escape function call, related to the Windows Picture and Fax Viewer (SHIMGVW.DLL), a different vulnerability than CVE-2005-2123 and CVE-2005-2124, and as originally discovered in the wild on unionseek.com.

7.5
2005-12-28 CVE-2005-4556 Deerfield
Icewarp
Merak
Input Validation vulnerability in IceWarp Universal WebMail

PHP remote file include vulnerability in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, when register_globals is enabled, allows remote attackers to include arbitrary local and remote PHP files via a URL in the (1) lang_settings and (2) language parameters in (a) accounts/inc/include.php and (b) admin/inc/include.php.

7.5
2005-12-28 CVE-2005-4554 DEV Input Validation vulnerability in DEV web Management System 1.5

Multiple SQL injection vulnerabilities in DEV web management system 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter in an openforum action (openforum.php) in index.php, (2) cat parameter in getfile.php, and (3) target parameter in download_now.php.

7.5
2005-12-28 CVE-2005-4553 Kmint21 Software Buffer Overflow vulnerability in Kmint21 Software Golden FTP Server 1.92

Buffer overflow in Golden FTP Server 1.92 allows remote attackers to execute arbitrary code via a long APPE command.

7.5
2005-12-28 CVE-2005-4548 RWS SQL Injection vulnerability in Real Web Solution Statistics Counter Service

SQL injection vulnerability in the "user area" in RWS Statistics Counter before 2.4.1 allows remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2005-12-28 CVE-2005-4534 Mozilla Unspecified vulnerability in Mozilla Bugzilla

The shadow database feature (syncshadowdb) in Bugzilla 2.9 through 2.16.10 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

7.5
2005-12-28 CVE-2005-4533 Scponly Local vulnerability in SCPOnly

Argument injection vulnerability in scponlyc in scponly 4.1 and earlier, when both scp and rsync compatibility are enabled, allows local users to execute arbitrary applications via "getopt" style argument specifications, which are not filtered.

7.5
2005-12-28 CVE-2005-4529 Chatspot Remote Security vulnerability in Chatspot 2.0.0A7

The Chatspot 2.0.0a7 module for phpBB might allow remote attackers to impersonate other users via unknown vectors.

7.5
2005-12-28 CVE-2005-4528 Chatspot SQL-Injection vulnerability in Chatspot 2.0.0A7

SQL injection vulnerability in the Chatspot 2.0.0a7 module for phpBB allows remote attackers to execute arbitrary SQL commands via unknown vectors.

7.5
2005-12-28 CVE-2005-4527 Direct News Unspecified vulnerability in Direct News Direct News 4.9

Multiple SQL injection vulnerabilities in Direct News 4.9 allow remote attackers to execute arbitrary SQL commands via (1) the setLang parameter in index.php and (2) unspecified search module parameters.

7.5
2005-12-28 CVE-2005-4519 Mantis Unspecified vulnerability in Mantis

Multiple SQL injection vulnerabilities in the manage user page (manage_user_page.php) in Mantis 1.0.0rc3 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) prefix and (2) sort parameters to the manage user page (manage_user_page.php), or (3) the sort parameter to view_all_set.php.

7.5
2005-12-28 CVE-2005-4518 Mantis Mantis before 0.19.4 allows remote attackers to bypass the file upload size restriction by modifying the max_file_size parameter to (1) bug_file_add.php, (2) bug_report.php, (3) bug_report_advanced_page.php, and (4) proj_doc_add_page.php.
7.5
2005-12-28 CVE-2005-4517 PHP Fusion SQL-Injection vulnerability in PHP Fusion

SQL injection vulnerability in PHP-Fusion 6.00.200 through 6.00.300 allows remote attackers to execute arbitrary SQL commands via the ratings parameter in multiple scripts, such as ratings_include.php.

7.5
2005-12-27 CVE-2005-3535 Ketm Unspecified vulnerability in Ketm 0.0.6

Buffer overflow in KETM 0.0.6 allows local users to execute arbitrary code via unknown vectors.

7.5
2005-12-31 CVE-2005-4864 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Universal Database

Stack-based buffer overflow in libdb2.so in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long DB2LPORT environment variable.

7.2
2005-12-31 CVE-2005-4863 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Universal Database

Stack-based buffer overflow in db2fmp in IBM DB2 7.x and 8.1 allows local users to execute arbitrary code via a long parameter.

7.2
2005-12-31 CVE-2005-4795 SUN Local Security vulnerability in SUN Sunos 5.7/5.8

Unspecified vulnerability in the multi-language environment library (libmle) in Solaris 7 and 8, as shipped with the Japanese locale, allows local users to gain privileges via unknown attack vectors.

7.2
2005-12-31 CVE-2005-4776 Netbsd Denial-Of-Service vulnerability in NetBSD

Integer overflow in the FreeBSD compatibility code (freebsd_misc.c) in NetBSD-current, NetBSD-3, NetBSD-2.0, and NetBSD-2 before 20050913; and NetBSD-1.6 before 20050914; allows local users to cause a denial of service (heap corruption or system crash) and possibly gain root privileges.

7.2
2005-12-31 CVE-2005-4762 BEA Multiple vulnerability in BEA Weblogic Server 6.1/7.0/8.1

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier sometimes stores the boot password in the registry in cleartext, which might allow local users to gain administrative privileges.

7.2
2005-12-31 CVE-2005-4708 Adobe Local Privilege Escalation vulnerability in Macromedia eLicensing Client Activation Code

Adobe Macromedia MX 2004 products, Captivate, Contribute 2, Contribute 3, and eLicensing client install the Macromedia Licensing Service with the Users group permitted to configure the service, including the path to executable, which allows local users to execute arbitrary code as Local System.

7.2
2005-12-31 CVE-2005-4595 Gentoo Unspecified vulnerability in Gentoo Nview and Xnview

Untrusted search path vulnerability (RPATH) in XnView 1.70 and NView 4.51 on Gentoo Linux allows local users to execute arbitrary code via a malicious library in the current working directory.

7.2
2005-12-31 CVE-2005-3629 Redhat Local Privilege Escalation vulnerability in Red Hat Initscripts

initscripts in Red Hat Enterprise Linux 4 does not properly handle certain environment variables when /sbin/service is executed, which allows local users with sudo permissions for /sbin/service to gain root privileges via unknown vectors.

7.2
2005-12-31 CVE-2005-3340 NEW Breed Software Unspecified vulnerability in NEW Breed Software TUX Paint 0.9.14

The tuxpaint-import.sh script in Tux Paint (tuxpaint) 0.9.14 and earlier creates temporary files insecurely, with unknown impact and attack vectors.

7.2
2005-12-31 CVE-2005-2934 SCO Local Privilege Escalation vulnerability in SCO Unixware 7.1.3/7.1.4

Unspecified vulnerability in ptrace in SCO UnixWare 7.1.3 and 7.1.4 allows local users to gain privileges via unspecified vectors.

7.2
2005-12-31 CVE-2005-2932 Checkpoint Permissions, Privileges, and Access Controls vulnerability in Checkpoint Zonealarm and Zonealarm Security Suite

Multiple Check Point Zone Labs ZoneAlarm products before 7.0.362, including ZoneAlarm Security Suite 5.5.062.004 and 6.5.737, use insecure default permissions for critical files, which allows local users to gain privileges or bypass security controls.

7.2
2005-12-31 CVE-2005-2711 ISS Local Privilege Escalation vulnerability in Internet Security Systems BlackICE and RealSecure Desktop

ISS BlackIce 3.6, as used in multiple products including BlackICE PC Protection, Server Protection, Agent for Server, and RealSecure Desktop 3.6 and 7.0, does not drop privileges before launching help from the "More Info" button in the "Application Protection" dialog, which allows local users to execute arbitrary programs as SYSTEM.

7.2
2005-12-31 CVE-2005-1528 QNX Local Privilege Escalation and Denial Of Service vulnerability in QNX Rtos 6.2.1

Untrusted search path vulnerability in the crttrap command in QNX Neutrino RTOS 6.2.1 allows local users to load arbitrary libraries via a LD_LIBRARY_PATH environment variable that references a malicious library.

7.2
2005-12-28 CVE-2005-3345 Rssh Local Privilege Escalation vulnerability in RSSH RSSH_CHROOT_HELPER

rssh 2.0.0 through 2.2.3 allows local users to bypass access restrictions and gain root privileges by using the rssh_chroot_helper command to chroot to an external directory.

7.2
2005-12-28 CVE-2005-4552 SUN Unspecified vulnerability in SUN Solaris PC Netlink 2.0

The (1) slsmgr and (2) slsadmin programs in Sun Solaris PC NetLink 2.0 create temporary files insecurely, which allows local users to gain privileges.

7.2
2005-12-28 CVE-2005-4532 Scponly Local vulnerability in SCPOnly

scponlyc in scponly 4.1 and earlier, when the operating system supports LD_PRELOAD mechanisms, allows local users to execute arbitrary code with root privileges by creating a chroot directory in their home directory, hard linking to a system setuid application, and using a modified LD_PRELOAD to modify expected function calls in the setuid application.

7.2
2005-12-31 CVE-2005-4868 IBM Incorrect Permission Assignment for Critical Resource vulnerability in IBM DB2 Universal Database

Shared memory sections and events in IBM DB2 8.1 have default permissions of read and write for the Everyone group, which allows local users to gain unauthorized access, gain sensitive information, such as cleartext passwords, and cause a denial of service.

7.1
2005-12-31 CVE-2005-4844 Microsoft Unspecified vulnerability in Microsoft Internet Explorer

The CLSID_ApprenticeICW control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.

7.1
2005-12-31 CVE-2005-4842 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 7.0

The System Monitor Source Properties control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.

7.1
2005-12-31 CVE-2005-4841 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 7.0

The Outlook Progress Ctl control allows remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.

7.1
2005-12-31 CVE-2005-4835 Madwifi Denial-Of-Service vulnerability in MADWifi

The ath_rate_sample function in the ath_rate/sample/sample.c sample code in MadWifi before 0.9.3 allows remote attackers to cause a denial of service (failed KASSERT and system crash) by moving a connected system to a location with low signal strength, and possibly other vectors related to a race condition between interface enabling and packet transmission.

7.1
2005-12-31 CVE-2005-4625 Intel
ATI
Drivers for certain display adapters, including (1) an unspecified ATI driver and (2) an unspecified Intel driver, might allow remote attackers to cause a denial of service (system crash) via a large JPEG image, as demonstrated in Internet Explorer using stoopid.jpg with a width and height of 9999999.
7.1

214 Medium Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-12-31 CVE-2005-4790 Novell
Suse
Local Privilege Escalation vulnerability in Tomboy LD_LIBRARY_PATH Environment Variable

Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam.

6.9
2005-12-31 CVE-2005-4866 IBM Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in IBM DB2 Universal Database

Stack-based buffer overflow in JDBC Applet Server in IBM DB2 8.1 allows remote attackers to execute arbitrary by connecting and sending a long username, then disconnecting gracefully and reconnecting and sending a short username and an unexpected db2java.zip version, which causes a null terminator to be removed and leads to the overflow.

6.8
2005-12-31 CVE-2005-4819 IBM Cross-Site Scripting vulnerability in Lotus Domino

Cross-site scripting (XSS) vulnerability in Lotus Domino versions before 6.5.4 fix pack 1 (FP1) and versions before 7.0 allows remote attackers to inject arbitrary web script or HTML via unknown vectors.

6.8
2005-12-31 CVE-2005-4751 BEA Multiple vulnerability in BEA WebLogic Server and WebLogic Express

Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic Server and WebLogic Express 9.0, 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allow remote attackers to inject arbitrary web script or HTML and gain administrative privileges via unknown attack vectors.

6.8
2005-12-31 CVE-2005-4748 Vwar Remote File Include vulnerability in Vwar Virtual WAR 1.3/1.4/1.5.0R10

PHP remote file include vulnerability in functions_admin.php in Virtual War (VWar) 1.5.0 R10 allows remote attackers to include and execute arbitrary PHP code via unspecified attack vectors.

6.8
2005-12-31 CVE-2005-4739 IBM Multiple vulnerability in IBM DB2 Universal Database

IBM DB2 Universal Database (UDB) 820 before version 8 FixPak 10 (s050811) allows remote authenticated users to cause a denial of service (application crash) by using a table function for an instance of snapshot_tbreorg, which triggers a trap in sqlnr_EStoE_action.

6.8
2005-12-31 CVE-2005-4736 IBM Multiple vulnerability in IBM DB2 Universal Database

IBM DB2 Universal Database (UDB) 820 before 8.2 FP10 allows remote authenticated users to cause a denial of service (disk consumption) via a hash join (hsjn) that triggers an infinite loop in sqlri_hsjnFlushBlocks.

6.8
2005-12-31 CVE-2005-4735 IBM Multiple vulnerability in IBM DB2 Universal Database

IBM DB2 Universal Database (UDB) 810 before 8.1 FP10 allows remote authenticated users to cause a denial of service (application crash) via (1) certain equality predicates that trigger self-removal, aka IY70808; and (2) a query with more than 32000 elements in the IN-list, aka LI70817.

6.8
2005-12-31 CVE-2005-4711 Neocrome SQL-Injection vulnerability in Neocrome Land Down Under

SQL injection vulnerability in Neocrome Land Down Under (LDU) 801 allows remote attackers to execute arbitrary SQL commands via an HTTP Referer header.

6.8
2005-12-31 CVE-2005-4658 Iisworks Cross-Site Scripting vulnerability in Iisworks Aspknowledgebase

Multiple cross-site scripting (XSS) vulnerabilities in ASP-Programmers.com ASPKnowledgebase allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in the administrative interface.

6.8
2005-12-31 CVE-2005-3619 Vmware Unspecified vulnerability in VMWare ESX

Cross-site scripting (XSS) vulnerability in the management interface for VMware ESX 2.5.x before 2.5.2 upgrade patch 2, 2.1.x before 2.1.2 upgrade patch 6, and 2.0.x before 2.0.1 upgrade patch 6 allows remote attackers to inject arbitrary web script or HTML via messages that are not sanitized when viewing syslog log files.

6.8
2005-12-31 CVE-2005-2714 Apple Link Following vulnerability in Apple mac OS X and mac OS X Server

passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to overwrite arbitrary files via a symlink attack on the .pwtmp.[PID] temporary file.

6.8
2005-12-31 CVE-2005-2713 Apple Multiple vulnerability in Apple Mac OS X Security Update 2006-001

passwd in Directory Services in Mac OS X 10.3.x before 10.3.9 and 10.4.x before 10.4.5 allows local users to create arbitrary world-writable files as root by specifying an alternate file in the password database option.

6.8
2005-12-31 CVE-2005-4738 IBM Multiple vulnerability in IBM DB2 Universal Database

IBM DB2 Universal Database (UDB) 810 before ESE AIX 5765F4100 does not ensure that a user has execute privileges before permitting object creation based on routines, which allows remote authenticated users to gain privileges.

6.5
2005-12-31 CVE-2005-3712 Apple Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Apple mac OS X and mac OS X Server

Heap-based buffer overflow in rsync in Mac OS X 10.4 through 10.4.5 allows remote authenticated users to execute arbitrary code via long extended attributes.

6.5
2005-12-31 CVE-2005-3526 Ipswitch Remote Buffer Overflow vulnerability in Ipswitch IMail Server / Collaboration Suite IMAP FETCH

Buffer overflow in the IMAP daemon in Ipswitch Collaboration Suite 2006.02 and earlier allows remote authenticated users to execute arbitrary code via a long FETCH command.

6.5
2005-12-28 CVE-2005-4558 Deerfield
Icewarp
Merak
Input Validation vulnerability in IceWarp Universal WebMail

IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly restrict acceptable values for the language parameter to mail/settings.html before it is stored in a database, which can allow remote authenticated users to include arbitrary PHP code via a URL in a modified lang_settings parameter to mail/index.html.

6.5
2005-12-31 CVE-2005-4859 Chitta Unspecified vulnerability in Chitta Mimicboard

mimicboard2 (Mimic2) 086 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database via a direct request for mimic2.dat.

6.4
2005-12-31 CVE-2005-4828 Kolab Remote Security vulnerability in Kolab Groupware Server 2.0.0/2.0.1

Kolab Server 2.0.0 and 2.0.1 does not properly handle when a large email is sent with a "." in the wrong place, which causes kolabfilter to add another ".", which might break clear-text signatures and attachments.

6.4
2005-12-31 CVE-2005-4772 Suse Unspecified vulnerability in Suse products

liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 20051007 preserves permissions and ownerships when copying a remote repository, which might allow local users to read or modify sensitive files, possibly giving local users the ability to exploit CVE-2005-3013.

6.4
2005-12-31 CVE-2005-4734 RSA Remote Stack Based Buffer Overflow vulnerability in RSA Authentication Agent IISWebAgentIF.DLL

Stack-based buffer overflow in IISWebAgentIF.dll in RSA Authentication Agent for Web (aka SecurID Web Agent) 5.2 and 5.3 for IIS allows remote attackers to execute arbitrary code via a long url parameter in the Redirect method.

6.4
2005-12-31 CVE-2005-4702 Ipbproarcade Remote SQL Injection vulnerability in Ipbproarcade 2.5.2

SQL injection vulnerability in the favorites module in index.php in IPBProArcade 2.5.2 allows remote attackers to inject arbitrary SQL commands via the gameid parameter.

6.4
2005-12-31 CVE-2005-4685 Mozilla Unspecified vulnerability in Mozilla Firefox and Mozilla

Firefox and Mozilla can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site.

6.4
2005-12-31 CVE-2005-4684 KDE Unspecified vulnerability in KDE Konqueror

Konqueror can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site.

6.4
2005-12-31 CVE-2005-4654 HP Remote Security vulnerability in HP Oracle for Openview 8.1.7/9.1.01/9.2

Multiple unspecified vulnerabilities in Oracle for OpenView (OfO) 8.1.7, 9.1.01, and 9.2, and OfO for Linux, allow remote attackers to have an unknown impact via unknown attack vectors.

6.4
2005-12-31 CVE-2005-4652 Phlymail Input Validation vulnerability in Phlymail 3.02.01

SQL injection vulnerability in PHlyMail 3.02.01 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors.

6.4
2005-12-31 CVE-2005-4651 Alstrasoft SQL-Injection vulnerability in Alstrasoft Epay 2.0

SQL injection vulnerability in index.php in AlstraSoft EPay Pro 2.0 allows remote attackers to execute arbitrary SQL commands via the pmodule parameter.

6.4
2005-12-31 CVE-2005-4600 Moxiecode Path Traversal vulnerability in Moxiecode Tinymce Compressor PHP

Directory traversal vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to read or include arbitrary files via a trailing null byte (%00) in the (1) theme, (2) language, (3) plugins, or (4) lang parameter.

6.4
2005-12-31 CVE-2005-3706 Apple Multiple vulnerability in Apple Mac OS X Security Update 2006-001

Heap-based buffer overflow in LibSystem in Mac OS X 10.4 through 10.4.5 allows context-dependent attackers to execute arbitrary code by causing an application that uses LibSystem to request a large amount of memory.

6.4
2005-12-31 CVE-2005-2468 Mysql SQL Injection vulnerability in MySQL Eventum

Multiple SQL injection vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) isCorrectPassword or (2) userExist function in class.auth.php, getCustomFieldReport function in (4) custom_fields.php, (5) custom_fields_graph.php, or (6) class.report.php, or the insert function in (7) releases.php or (8) class.release.php.

6.4
2005-12-31 CVE-2005-2466 Openbook SQL Injection vulnerability in Openbook 1.2.2

Multiple SQL injection vulnerabilities in the auth_user function in admin.php in OpenBook 1.2.2 allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password parameter.

6.4
2005-12-31 CVE-2005-2463 Kayako Input Validation vulnerability in Kayako Liveresponse 2.0

Kayako liveResponse 2.x allows remote attackers to obtain sensitive information via a direct request to addressbook.php and other include scripts, which reveals the path in an error message.

6.4
2005-12-31 CVE-2005-2461 Kayako Input Validation vulnerability in Kayako Liveresponse 2.0

Multiple SQL injection vulnerabilities in the calendar feature in Kayako liveResponse 2.x allow remote attackers to execute arbitrary SQL commands via the (1) year or (2) date parameter.

6.4
2005-12-31 CVE-2005-1755 PHP Poll Creator Remote Security vulnerability in PHP Poll Creator PHP Poll Creator 1.01

PHP remote file inclusion vulnerability in poll_vote.php in PHP Poll Creator 1.01 allows remote attackers to execute arbitrary PHP code via the relativer_pfad parameter.

6.4
2005-12-31 CVE-2005-1752 Gforge Remote Arbitrary Command Execution vulnerability in GForge

viewFile.php in the scm component of Gforge before 4.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the file_name parameter.

6.4
2005-12-31 CVE-2005-4826 Cisco Denial Of Service vulnerability in Cisco IOS 12.1(22)Ea3

Unspecified vulnerability in the VLAN Trunking Protocol (VTP) feature in Cisco IOS 12.1(22)EA3 on Catalyst 2950T switches allows remote attackers to cause a denial of service (device reboot) via a crafted Subset-Advert message packet, a different issue than CVE-2006-4774, CVE-2006-4775, and CVE-2006-4776.

6.1
2005-12-31 CVE-2005-2467 Mysql Cross-Site Scripting vulnerability in MySQL Eventum

Multiple cross-site scripting (XSS) vulnerabilities in MySQL Eventum 1.5.5 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to view.php, (2) release parameter to list.php, or (3) F parameter to get_jsrs_data.php.

5.8
2005-12-31 CVE-2005-2465 PC Experience
Toppe
Cross-Site Scripting vulnerability in PC-Experience/Toppe PM.PHP MSG Parameter

Cross-site scripting (XSS) vulnerability in pm.php in PCXP/TOPPE CMS allows remote attackers to inject arbitrary web script or HTML via the msg variable.

5.8
2005-12-31 CVE-2005-2460 Kayako Input Validation vulnerability in Kayako Liveresponse 2.0

Multiple cross-site scripting (XSS) vulnerabilities in Kayako liveResponse 2.x allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter or (2) name field when entering a session or sending a message.

5.8
2005-12-29 CVE-2005-4567 Floosietek Remote vulnerability in Floosietek Ftgate 4.4Build4.4.000

Multiple cross-site scripting (XSS) vulnerabilities in FTGate Technology (formerly known as Floosietek) FTGate 4.4 (Build 4.4.000 Oct 26 2005) allow remote attackers to inject arbitrary web script or HTML by sending (1) the href parameter to index.fts, or the param1 parameter to (2) /domains/index.fts, (3) /config/licence.fts, or (4) /config/systemacl.fts.

5.8
2005-12-31 CVE-2005-4825 Cisco Denial-Of-Service vulnerability in Cisco Clean Access (CCA)

Cisco Clean Access 3.5.5 and earlier on the Secure Smart Manager allows remote attackers to bypass authentication and cause a denial of service (disk consumption), or make unauthorized files accessible, by uploading files through requests to certain JSP scripts, a related issue to CVE-2005-4332.

5.7
2005-12-31 CVE-2005-4784 Austin Group Buffer Overflow vulnerability in Multiple Vendor ReadDir_R

Multiple buffer overflows in the POSIX readdir_r function, as used in multiple packages, allow local users to cause a denial of service and possibly execute arbitrary code via (1) a symlink attack that exploits a race condition between opendir and pathcon calls and changes the filesystem to one with a larger maximum directory-entry name length, or (2) possibly via programmer-introduced errors on operating systems with a small struct dirent, such as Solaris or BeOS, as demonstrated in packages including (a) gcj, (b) KDE, (c) libwww, (d) the Rudiments library, (e) teTeX, (f) xmail, (g) bfbtester, (h) ncftp, (i) netwib, (j) OpenOffice.org, (k) Pike, (l) reprepro, (m) Tcl, and (n) xgsmlib.

5.6
2005-12-31 CVE-2005-4766 BEA Multiple vulnerability in BEA Weblogic Server 7.0/8.1

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP5 and earlier, do not encrypt multicast traffic, which might allow remote attackers to read sensitive cluster synchronization messages by sniffing the multicast traffic.

5.4
2005-12-31 CVE-2005-4799 Yapig Cross-Site Scripting vulnerability in Yapig

Multiple cross-site scripting (XSS) vulnerabilities in Yet Another PHP Image Gallery (YaPIG) 0.95b and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the Homepage field (aka the Website field) in an "image-related comment" and (2) the img_size field in view.php.

5.1
2005-12-31 CVE-2005-4767 BEA Multiple vulnerability in BEA Weblogic Server 7.0/8.1

BEA WebLogic Server and WebLogic Express 8.1 SP5 and earlier, and 7.0 SP6 and earlier, when using username/password authentication, does not lock out a username after the maximum number of invalid login attempts, which makes it easier for remote attackers to guess the password.

5.1
2005-12-31 CVE-2005-4760 BEA Multiple vulnerability in BEA Weblogic Server 7.0/8.1

BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier, and 7.0 SP5 and earlier, when fullyDelegatedAuthorization is enabled for a servlet, does not cause servlet deployment to fail when failures occur in authorization or role providers, which might prevent the servlet from being "fully protected."

5.1
2005-12-31 CVE-2005-4727 Martin Bauer Cross-Site Scripting vulnerability in Gbook 1.0/1.0.1

Cross-site scripting (XSS) vulnerability in gbook.cgi in gBook before 1.0.2 allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header field.

5.1
2005-12-31 CVE-2005-4648 Illustrate Denial-Of-Service vulnerability in dbPowerAmp Music Converter

Buffer overflow in Illustrate dBpowerAMP Music Converter 11.5 and earlier, possibly including (1) MusicConverter.exe, (2) playlist.exe, and (3) amp.exe, allows user-assisted attackers to cause a denial of service or execute arbitrary code via a .m3u playlist with a long entry, possibly involving large field names, as demonstrated by SecuBox.Labs.m3u.

5.1
2005-12-31 CVE-2005-3240 Microsoft Race Condition vulnerability in Microsoft IE and Internet Explorer

Race condition in Microsoft Internet Explorer allows user-assisted attackers to overwrite arbitrary files and possibly execute code by tricking a user into performing a drag-and-drop action from certain objects, such as file objects within a folder view, then predicting the drag action, and re-focusing to a malicious window.

5.1
2005-12-28 CVE-2005-4530 Alstrasoft HTML Injection vulnerability in Alstrasoft Epay 3.0

Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay Enterprise 3.0 (formerly DoPays) allow remote attackers to inject arbitrary web script or HTML via multiple unspecified parameters in (1) profile.htm, (2) card.htm, (3) bank.htm, (4) subscriptions.htm, (5) send.htm, (6) request.htm, (7) forgot.htm, (8) escrow.htm, (9) donations.htm, and (10) products.htm.

5.1
2005-12-31 CVE-2005-4862 Xwiki Credentials Management vulnerability in Xwiki 0.9.793

The search functionality in XWiki 0.9.793 indexes cleartext user passwords, which allows remote attackers to obtain sensitive information via a search string that matches a password.

5.0
2005-12-31 CVE-2005-4856 EZ Data Processing Errors vulnerability in EZ Publish

The admin interface in eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051110 does not properly handle authorization errors, which allows remote attackers to obtain sensitive information and see the admin pagelayout and associated templates via a request with (1) "anything after the url" or (2) a "wrong url".

5.0
2005-12-31 CVE-2005-4854 EZ Permissions, Privileges, and Access Controls vulnerability in EZ Publish

eZ publish 3.5 through 3.7 before 20050830 does not use a folder's read permissions to restrict notifications, which allows remote authenticated users to obtain sensitive information about changes to content in arbitrary folders.

5.0
2005-12-31 CVE-2005-4852 EZ Permissions, Privileges, and Access Controls vulnerability in EZ Publish

The siteaccess URIMatching implementation in eZ publish 3.5 through 3.8 before 20050812 converts all non-alphanumeric characters in a URI to '_' (underscore), which allows remote attackers to bypass access restrictions by inserting certain characters in a URI, as demonstrated by a request for /admin:de, which matches a rule allowing only /admin_de to access /admin.

5.0
2005-12-31 CVE-2005-4850 EZ Permissions, Privileges, and Access Controls vulnerability in EZ Publish

eZ publish 3.5 through 3.7 before 20050608 requires both edit and create permissions in order to submit data, which allows remote attackers to edit data submitted by arbitrary anonymous users.

5.0
2005-12-31 CVE-2005-4849 Apache Information Exposure vulnerability in Apache Derby 10.0.2.1/10.1.1.0

Apache Derby before 10.1.2.1 exposes the (1) user and (2) password attributes in cleartext via (a) the RDBNAM parameter of the ACCSEC command and (b) the output of the DatabaseMetaData.getURL function, which allows context-dependent attackers to obtain sensitive information.

5.0
2005-12-31 CVE-2005-4845 SUN Configuration vulnerability in SUN Java Plug-In 1.4.203/1.4.204

The Java Plug-in 1.4.2_03 and 1.4.2_04 controls, and the 1.4.2_03 and 1.4.2_04 <applet> redirector controls, allow remote attackers to cause a denial of service (Internet Explorer crash) by creating a COM object of the class associated with the control's CLSID, which is not intended for use within Internet Explorer.

5.0
2005-12-31 CVE-2005-4839 Claymore Systems INC Remote Security vulnerability in PureTLS

PureTLS before 0.9b5 does not clear optional Extensions and Algorithm.Parameters values before parsing, which might trigger an information leak of values from earlier certificates.

5.0
2005-12-31 CVE-2005-4834 IBM Unspecified vulnerability in IBM Websphere Application Server

IBM WebSphere Application Server (WAS) 5.0.2.5 through 5.1.1.3 allows remote attackers to obtain JSP source code and other sensitive information, related to incorrect request processing by the web container.

5.0
2005-12-31 CVE-2005-4820 SMC Networks Remote Denial Of Service vulnerability in SMC SMC7904WBRA Wireless Router

SMC Wireless Router model SMC7904WBRA allows remote attackers to cause a denial of service (reboot) by flooding the router with traffic.

5.0
2005-12-31 CVE-2005-4813 Businessobjects Denial Of Service vulnerability in Business Objects Enterprise/Crystal Reports Server

Unspecified vulnerability in Report Application Server (Crystalras.exe) before 11.0.0.1370, as used in Business Objects Crystal Reports XI, Crystal Reports Server XI, and BusinessObjects Enterprise XI, allows remote attackers to cause a denial of service (application hang) via certain network traffic, possibly involving multiple simultaneous TCP connections.

5.0
2005-12-31 CVE-2005-4810 Microsoft Unspecified vulnerability in Microsoft Internet Explorer 7.0

Microsoft Internet Explorer 7.0 Beta3 and earlier allows remote attackers to cause a denial of service (crash) via a "text/html" HTML Content-type header sent in response to an XMLHttpRequest (AJAX).

5.0
2005-12-31 CVE-2005-4809 Mozilla Unspecified vulnerability in Mozilla Firefox, Mozilla and Thunderbird

Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag.

5.0
2005-12-31 CVE-2005-4806 SUN Denial-Of-Service vulnerability in SUN Java System web Proxy Server 3.6

Multiple unspecified vulnerabilities in Sun Java System Web Proxy Server 3.6 SP7 and earlier allow remote attackers to cause a denial of service (unresponsive service) via unknown vectors.

5.0
2005-12-31 CVE-2005-4805 SUN Unspecified vulnerability in SUN Java System Application Server 6.0/7.0

Unspecified vulnerability in Sun Java System Application Server 7 Standard and Platform Edition 6 and earlier, and 2004Q2 Standard and Platform Edition Update 2 and earlier, allows remote attackers to obtain the source code for Java Server pages (JSP) via unknown vectors.

5.0
2005-12-31 CVE-2005-4804 SUN Unspecified vulnerability in SUN Java System Application Server 8.1

Unspecified vulnerability in Sun Java System Application Server Platform Edition and Enterprise Edition 8.1 2005 Q1, and Platform Edition UR1, allows remote attackers to read .jar files via unknown vectors related to deployed web applications.

5.0
2005-12-31 CVE-2005-4797 SUN Unspecified vulnerability in SUN Solaris and Sunos

Directory traversal vulnerability in printd line printer daemon (lpd) in Solaris 7 through 10 allows remote attackers to delete arbitrary files via ".." sequences in an "Unlink data file" command.

5.0
2005-12-31 CVE-2005-4794 Cisco Remote Denial of Service vulnerability in Multiple Vendor DNS Message Decompression

Cisco IP Phones 7902/7905/7912, ATA 186/188, Unity Express, ACNS, and Subscriber Edge Services Manager (SESM) allows remote attackers to cause a denial of service (crash or instability) via a compressed DNS packet with a label length byte with an incorrect offset.

5.0
2005-12-31 CVE-2005-4781 Sergids SQL Injection vulnerability in Sergids TOP Music Module 3.0Pr3

Multiple SQL injection vulnerabilities in SergiDs Top Music module 3.0 PR3 and earlier for PHP-Nuke allow remote attackers to execute arbitrary SQL commands via the (1) idartist, (2) idsong, and (3) idalbum parameters to modules.php.

5.0
2005-12-31 CVE-2005-4775 Michael Scholz Remote Security vulnerability in Michael Scholz Contineo 2.0

Michael Scholz and Sebastian Stein Contineo 2.0, when the admin account lacks an e-mail address attribute, displays the password hash in a warning upon page reload, which might allow remote attackers to view the hash.

5.0
2005-12-31 CVE-2005-4759 BEA Multiple vulnerability in BEA Weblogic Server 7.0/8.1

BEA WebLogic Server and WebLogic Express 8.1 and 7.0, during a migration across operating system platforms, do not warn the administrative user about platform differences in URLResource case sensitivity, which might cause local users to inadvertently lose protection of Web Application pages.

5.0
2005-12-31 CVE-2005-4754 BEA Multiple vulnerability in BEA Weblogic Server 8.1

BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allow remote attackers to obtain sensitive information (intranet IP addresses) via unknown attack vectors involving "network address translation."

5.0
2005-12-31 CVE-2005-4753 BEA Multiple vulnerability in BEA Weblogic Server 7.0/8.1

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, in certain "heavy usage" scenarios, report incorrect severity levels for an audit event, which might allow attackers to perform unauthorized actions and avoid detection.

5.0
2005-12-31 CVE-2005-4749 BEA Multiple vulnerability in BEA Weblogic Server 6.1/7.0/8.1

HTTP request smuggling vulnerability in BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP6 and earlier, and 6.1 SP7 and earlier allows remote attackers to inject arbitrary HTTP headers via unspecified attack vectors.

5.0
2005-12-31 CVE-2005-4743 Nelogic Technologies SQL-Injection vulnerability in Nephp Publisher

Multiple SQL injection vulnerabilities in index.php in NeLogic Nephp Publisher 4.5.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) nnet_catid parameters.

5.0
2005-12-31 CVE-2005-4731 THE PHP Group Remote Security vulnerability in the PHP Group Pear Html Quickform Controller 1.0.4

The Next action in PEAR HTML_QuickForm_Controller 1.0.4 includes the SID in the URL even when session.use_only_cookies is configured, which allows remote attackers to obtain the SID via an HTTP Referer field and possibly other vectors.

5.0
2005-12-31 CVE-2005-4726 Mute Information Disclosure vulnerability in Mute 0.4

MUTE 0.4 uses improper flood protection algorithms, which allows remote attackers to obtain sensitive information (privacy leak and search result data) by controlling a drop chain neighbor that is near the end of a message chain.

5.0
2005-12-31 CVE-2005-4722 THE Media Shoppe Berhad Information Disclosure vulnerability in Tmspublisher 3.0/3.3

_Request_Message.cfm in tmsPUBLISHER 3.3 allows remote attackers to obtain sensitive information via an invalid id argument to pagename.cfm, which reveals the installation path in an error message.

5.0
2005-12-31 CVE-2005-4720 Mozilla Denial Of Service vulnerability in Mozilla Firefox IFRAME Handling

Mozilla Firefox 1.0.7 and earlier on Linux allows remote attackers to cause a denial of service (client crash) via an IFRAME element with a large value of the WIDTH attribute, which triggers a problem related to representation of floating-point numbers, leading to an infinite loop of widget resizes and a corresponding large number of function calls on the stack.

5.0
2005-12-31 CVE-2005-4718 Opera Unspecified vulnerability in Opera Browser

Opera 8.02 and earlier allows remote attackers to cause a denial of service (client crash) via (1) a crafted HTML file with a "content: url(0);" style attribute, a "bodyA" tag, a long string, and a "u" tag with a long attribute, as demonstrated by opera.html; and (2) a BGSOUND element with a "margin:-99;" STYLE attribute.

5.0
2005-12-31 CVE-2005-4717 Microsoft Unspecified vulnerability in Microsoft products

Microsoft Internet Explorer 6.0 on Windows NT 4.0 SP6a, Windows 2000 SP4, Windows XP SP1, Windows XP SP2, and Windows Server 2003 SP1 allows remote attackers to cause a denial of service (client crash) via a certain combination of a malformed HTML file and a CSS file that triggers a null dereference, probably related to rendering of a DIV element that contains a malformed IMG tag, as demonstrated by IEcrash.htm and IEcrash.rar.

5.0
2005-12-31 CVE-2005-4716 Hitachi Denial-Of-Service vulnerability in Hitachi TP1/Server Base

Hitachi TP1/Server Base and TP1/NET/Library 2 on IBM AIX allow remote attackers to (1) cause a denial of service (OpenTP1 system outage) via invalid data to a port used by a system-server process, and (2) cause a denial of service (process failure) via invalid data to a port used by any of certain other processes.

5.0
2005-12-31 CVE-2005-4713 PAM Mysql Denial Of Service vulnerability in PAM-MySQL Code Execution And

Unspecified vulnerability in the SQL logging facility in PAM-MySQL 0.6.x before 0.6.2 and 0.7.x before 0.7pre3 allows remote attackers to cause a denial of service (segmentation fault) via unspecified vectors, probably involving the pam_mysql_sql_log function when being used in vsftpd, which does not include the IP address argument to an sprintf call.

5.0
2005-12-31 CVE-2005-4712 PHP Handicapper Remote Security vulnerability in PHP Handicapper

CRLF injection vulnerability in process_signup.php in PHP Handicapper allows remote attackers to inject arbitrary HTTP headers via CRLF sequences in the login parameter.

5.0
2005-12-31 CVE-2005-4709 Jboss The popSubjectContext method in the SecurityAssociation class in JBoss Enterprise Java Beans (EJB) 3.0 RC3 maintains the threadPrincipal and threadCredential values from a previous client's authentication after termination of a client session, which allows remote attackers to gain the roles of an arbitrary previous client who had the same JBoss server thread.
5.0
2005-12-31 CVE-2005-4705 BEA Remote Security vulnerability in BEA Weblogic Server 6.1/7.0/8.1

BEA WebLogic Server and WebLogic Express 8.1 through SP4, 7.0 through SP6, and 6.1 through SP7, when a Java client application creates an SSL connection to the server after it has already created an insecure connection, will use the insecure connection, which allows remote attackers to sniff the connection.

5.0
2005-12-31 CVE-2005-4704 BEA Remote Security vulnerability in BEA Weblogic Server 6.1/7.0/8.1

Unspecified vulnerability in BEA WebLogic Server and WebLogic Express 8.1 through SP3, 7.0 through SP6, and 6.1 through SP7, when SSL is intended to be used, causes an unencrypted protocol to be used in certain unspecified circumstances, which causes user credentials to be sent across the network in cleartext and allows remote attackers to gain privileges.

5.0
2005-12-31 CVE-2005-4700 Tellme Information Disclosure vulnerability in Tellme 1.2

TellMe 1.2 and earlier, when the Server (o_Server) and HEAD (o_Head) options are enabled, allows remote attackers to obtain sensitive information via an invalid q_Host parameter, which reveals the full pathname of the application in an fsockopen error message.

5.0
2005-12-31 CVE-2005-4695 Symantec Denial Of Service vulnerability in Symantec Brightmail Antispam 6.0/6.0.1/6.0.2

Symantec Brightmail AntiSpam 6.0 build 1 and 2 allows remote attackers to cause a denial of service (bmserver component termination) via malformed MIME messages.

5.0
2005-12-31 CVE-2005-4693 Gaim Encryption Denial-Of-Service vulnerability in Gaim-Encryption 2.381

Gaim-Encryption 2.38-1 on Debian Linux allows remote attackers to cause a denial of service (crash) via a crafted message from an ICQ buddy, possibly involving the GE_received_key function in keys.c.

5.0
2005-12-31 CVE-2005-4689 SIX Apart Remote Security vulnerability in Six Apart Movable Type

Six Apart Movable Type 3.16 stores account names and password hashes in a cookie, which allows remote attackers to login to an account by sniffing the cookie.

5.0
2005-12-31 CVE-2005-4688 Punbb Denial-Of-Service vulnerability in Punbb 1.2.9

PunBB 1.2.9 does not require password entry when changing the e-mail address in an account's profile, which might allow an attacker to make an address change via a hijacked login session.

5.0
2005-12-31 CVE-2005-4687 F ART Agency
Punbb
PunBB 1.2.9, used alone or with F-ART BLOG:CMS, may trust a client's IP address as specified in the X-Forwarded-For HTTP header rather than the TCP/IP stack, which allows remote attackers to misrepresent their IP address by sending a modified header.
5.0
2005-12-31 CVE-2005-4686 Punbb Information Disclosure vulnerability in PunBB/BLOG:CMS

PunBB 1.2.9, when used alone or with F-ART BLOG:CMS, includes config.php before calling the unregister_globals function, which allows attackers to obtain unspecified sensitive information.

5.0
2005-12-31 CVE-2005-4680 Sophos Remote Security vulnerability in Sophos Anti-Virus

Sophos Anti-Virus before 4.02, 4.5.x before 4.5.9, 4.6.x before 4.6.9, and 5.x before 5.1.4 allow remote attackers to hide arbitrary files and data via crafted ARJ archives, which are not properly scanned.

5.0
2005-12-31 CVE-2005-4679 Microsoft Remote Security vulnerability in Microsoft IE 6

Internet Explorer 6 for Windows XP Service Pack 2 allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site.

5.0
2005-12-31 CVE-2005-4678 Apple Remote Security vulnerability in Apple Safari 2.0.2

Apple Safari 2.0.2 (aka 416.12) allows remote attackers to spoof the URL in the status bar via the title in an image in a link to a trusted site within a form to the malicious site.

5.0
2005-12-31 CVE-2005-4676 Andreas Huggel Denial Of Service vulnerability in Exiv2 Corrupted EXIF Data

Buffer overflow in Andreas Huggel Exiv2 before 0.9 does not null terminate strings before calling the sscanf function, which allows remote attackers to cause a denial of service (application crash) via images with crafted IPTC metadata.

5.0
2005-12-31 CVE-2005-4673 Inicom Networks Unspecified vulnerability in Inicom Networks Ioftpd 5.8.4U

ioFTPD 0.5.84 u responds with different messages depending on whether or not a username exists, which allows remote attackers to enumerate valid usernames.

5.0
2005-12-31 CVE-2005-4664 Ocomon SQL-Injection vulnerability in Ocomon 1.21

SQL injection vulnerability in OcoMon 1.21, and possibly other versions, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the logon page, a different vulnerability than CVE-2005-4662.

5.0
2005-12-31 CVE-2005-4662 Ocomon SQL Injection vulnerability in OcoMon

Multiple SQL injection vulnerabilities in OcoMon 1.20, and possibly earlier versions, allow remote attackers to execute arbitrary SQL commands via unknown attack vectors in an unspecified input form, a different vulnerability than CVE-2005-4664.

5.0
2005-12-31 CVE-2005-4661 Campware ORG Remote Security vulnerability in Campware.Org Campsite 2.2.2

The notifyendsubs cron job in Campsite before 2.3.3 sends an e-mail message containing a certain unencrypted MySQL password, which allows remote attackers to sniff the password.

5.0
2005-12-31 CVE-2005-4656 Triggertg SQL Injection vulnerability in Triggertg Tclanportal 1.1.3

SQL injection vulnerability in index.php in TClanPortal 1.1.3 and earlier allows remote attackers to execute arbitrary SQL commands, and retrieve all usernames and passwords, via the id parameter.

5.0
2005-12-31 CVE-2005-4653 AL Caricatier Authentication Bypass vulnerability in AL-Caricatier 1.0/2.5

Unspecified vulnerability in ss.php in AL-Caricatier 2.5 and earlier allows remote attackers to bypass login authentication by requesting view_caricatier.php, and then requesting any file in the admin directory with a cookie_username=admin argument.

5.0
2005-12-31 CVE-2005-4646 Pearlinger Local File Include vulnerability in Pearl Forums 2.0/2.4

Unspecified vulnerability in index.php in PEARLINGER Pearl Forums 2.4 allows remote attackers to include arbitrary files via the mode parameter, possibly due to a directory traversal vulnerability.

5.0
2005-12-31 CVE-2005-4638 Kayako Remote Security vulnerability in SupportSuite

index.php in Kayako SupportSuite 3.00.26 and earlier allow remote attackers to obtain the full path via (1) _a and (2) newsid parameters in the news module, (3) downloaditemid parameter in the downloads module, and (4) kbarticleid parameter in the knowledgebase module.

5.0
2005-12-31 CVE-2005-4626 Recruitment Software SQL-Injection vulnerability in Recruitment Software

The default configuration of Recruitment Software installs admin/site.xml under the web document root with insufficient access control, which might allow remote attackers to obtain sensitive information (MySQL database credentials) via a direct request.

5.0
2005-12-31 CVE-2005-4624 Ptnet Remote Denial of Service vulnerability in PTnet Ircd 1.5/1.6

The m_join function in channel.c for PTnet ircd 1.5 and 1.6 allows remote attackers to cause a denial of service (memory exhaustion that triggers a daemon restart) via a large number of requests to join a "charmed channel" such as PTnet, #PTnoticias and #*.log, which causes ircd to open the channel even though it does not have any valid users.

5.0
2005-12-31 CVE-2005-4623 Efilego Input Validation vulnerability in Efilego 3.01

upload.exe in eFileGo 3.01 allows remote attackers to cause a denial of service (CPU consumption) via an argument with an invalid directory name.

5.0
2005-12-31 CVE-2005-4609 Incogen Information Disclosure vulnerability in BugPort

index.php in BugPort 1.147 and earlier allows remote attackers to obtain sensitive information such as full path and system configuration via an invalid action parameter.

5.0
2005-12-31 CVE-2005-4347 Debian Unspecified vulnerability in Debian Linux and Kernel-Patch-Vserver

The Linux 2.4 kernel patch in kernel-patch-vserver before 1.9.5.5 and 2.x before 2.3 for Debian GNU/Linux does not correctly set the "chroot barrier" with util-vserver, which allows attackers to access files on the host system that are outside of the vserver.

5.0
2005-12-31 CVE-2005-3714 Apple Resource Management Errors vulnerability in Apple Airport Express and Airport Extreme

The network interface for Apple AirPort Express 6.x before Firmware Update 6.3, and AirPort Extreme 5.x before Firmware Update 5.7, allows remote attackers to cause a denial of service (unresponsive interface) via malformed packets.

5.0
2005-12-31 CVE-2005-3659 EMC Resource Management Errors vulnerability in EMC Legato Networker 7.2/7.2.1/7.2Build172

nsrd.exe in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allows remote attackers to cause a denial of service (nsrd service crash) via a malformed RPC request to RPC program number 390109, which triggers a null dereference.

5.0
2005-12-31 CVE-2005-3630 Redhat Information Disclosure vulnerability in Redhat Fedora Core 1.0

Fedora Directory Server before 10 allows remote attackers to obtain sensitive information, such as the password from adm.conf via an IFRAME element, probably involving an Apache httpd.conf configuration that orders "allow" directives before "deny" directives.

5.0
2005-12-31 CVE-2005-3626 Easy Software Products
KDE
Libextractor
Poppler
SGI
Tetex
Xpdf
Conectiva
Debian
Gentoo
Mandrakesoft
Redhat
SCO
Slackware
Suse
Trustix
Turbolinux
Ubuntu
Resource Management Errors vulnerability in multiple products

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

5.0
2005-12-31 CVE-2005-3624 Easy Software Products
KDE
Libextractor
Poppler
SGI
Tetex
Xpdf
Conectiva
Debian
Gentoo
Mandrakesoft
Redhat
SCO
Slackware
Suse
Trustix
Turbolinux
Ubuntu
Numeric Errors vulnerability in multiple products

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

5.0
2005-12-31 CVE-2005-3187 Bluecoat Remote Denial Of Service vulnerability in Bluecoat Winproxy 6.0

The listening daemon in Blue Coat Systems Inc.

5.0
2005-12-31 CVE-2005-2738 SUN Unspecified vulnerability in SUN Java 1.4.2

Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not prevent multiple programs from opening the same port as a Java ServerSocket, which allows local users to operate a Java program that intercepts network data intended for the ServerSocket of a different Java program.

5.0
2005-12-31 CVE-2005-2344 RIM Buffer Errors vulnerability in RIM Blackberry Enterprise Server 4.0/4.0Sp1/4.0Sp2

The BlackBerry Attachment Service in Research in Motion (RIM) BlackBerry Enterprise Server (BES) 4.0 to version 4.0 Service Pack 2 allows attackers to cause a denial of service via a malformed Portable Network Graphics (PNG) file that triggers a heap-based buffer overflow.

5.0
2005-12-31 CVE-2005-2316 Dnrd Denial-Of-Service vulnerability in dnrd

Domain Name Relay Daemon (DNRD) before 2.19.1 allows remote attackers to cause a denial of service (infinite recursion) via a DNS packet that uses message compression in the QNAME and two pointers that point to each other (circular buffer).

5.0
2005-12-31 CVE-2005-2194 Apple TCP/IP Remote Denial Of Service vulnerability in Apple Mac OSX

Unspecified vulnerability in the Apple Mac OS X kernel before 10.4.2 allows remote attackers to cause a denial of service (kernel panic) via a crafted TCP packet, possibly related to source routing or loose source routing.

5.0
2005-12-31 CVE-2005-1939 Ipswitch Directory Traversal vulnerability in Ipswitch Whatsup Small Business 2004

Directory traversal vulnerability in Ipswitch WhatsUp Small Business 2004 allows remote attackers to read arbitrary files via ".." (dot dot) sequences in a request to the Report service (TCP 8022).

5.0
2005-12-31 CVE-2005-0038 Powerdns Remote Denial of Service vulnerability in Multiple Vendor DNS Message Decompression

The DNS implementation of PowerDNS 2.9.16 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop.

5.0
2005-12-31 CVE-2005-0037 Dnrd Remote Denial of Service vulnerability in Multiple Vendor DNS Message Decompression

The DNS implementation of DNRD before 2.10 allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop.

5.0
2005-12-31 CVE-2005-0036 Delegate
ETL
Remote Denial of Service vulnerability in Multiple Vendor DNS Message Decompression

The DNS implementation in DeleGate 8.10.2 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop.

5.0
2005-12-29 CVE-2005-4579 Hitachi Input Validation vulnerability in Hitachi Business Logic

Multiple HTTP response splitting vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary HTTP headers via unknown attack vectors in an unspecified input form.

5.0
2005-12-29 CVE-2005-4575 Paperthin Information Disclosure vulnerability in CommonSpot Content Server

PaperThin CommonSpot Content Server 4.5 and earlier allow remote attackers to obtain sensitive information via an invalid errmsg parameter to loader.cfm with a url parameter set to email-login-info.cfm, which leaks the full pathname in the resulting error message.

5.0
2005-12-29 CVE-2005-4564 Adtran Multiple Unspecified vulnerability in ADTRAN NetVanta Products IKE Traffic

The Internet Key Exchange version 1 (IKEv1) implementation in ADTRAN NetVanta before 10.03.03.E might allow remote attackers to cause a denial of service via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1.

5.0
2005-12-28 CVE-2005-4559 Deerfield
Icewarp
Merak
Input Validation vulnerability in IceWarp Universal WebMail

mail/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, does not properly initialize the default_layout and layout_settings variables when an unrecognized HTTP_USER_AGENT string is provided, which allows remote attackers to access arbitrary files via a request with an unrecognized User Agent that also specifies the desired default_layout and layout_settings parameters.

5.0
2005-12-28 CVE-2005-4557 Deerfield
Icewarp
Merak
Input Validation vulnerability in IceWarp Universal WebMail

dir/include.html in IceWarp Web Mail 5.5.1, as used by Merak Mail Server 8.3.0r and VisNetic Mail Server version 8.3.0 build 1, allows remote attackers to include arbitrary local files via a null byte (%00) in the lang parameter, possibly due to a directory traversal vulnerability.

5.0
2005-12-28 CVE-2005-4550 Oracle Remote vulnerability in Oracle Application Server Discussion Forum Portlet

The PORTAL schema in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to obtain the source code for arbitrary JSP and other files via a df_next_page parameter with a trailing null byte (%00).

5.0
2005-12-28 CVE-2005-4524 Mantis Mantis 1.0.0rc3 does not properly handle "Make note private" when a bug is being resolved, which has unknown impact and attack vectors, probably related to an information leak.
5.0
2005-12-28 CVE-2005-4523 Mantis Unspecified vulnerability in Mantis

Mantis 1.0.0rc3 and earlier discloses private bugs via public RSS feeds, which allows remote attackers to obtain sensitive information.

5.0
2005-12-28 CVE-2005-4521 Mantis CRLF injection vulnerability in Mantis 1.0.0rc3 and earlier allows remote attackers to modify HTTP headers and conduct HTTP response splitting attacks via (1) the return parameter in login_cookie_test.php and (2) ref parameter in login_select_proj_page.php.
5.0
2005-12-28 CVE-2005-4520 Mantis Unspecified vulnerability in Mantis

Unspecified "port injection" vulnerabilities in filters in Mantis 1.0.0rc3 and earlier have unknown impact and attack vectors.

5.0
2005-12-31 CVE-2005-4811 Linux Local Denial of Service vulnerability in Linux Kernel UnMap_HugePage_Area

The hugepage code (hugetlb.c) in Linux kernel 2.6, possibly 2.6.12 and 2.6.13, in certain configurations, allows local users to cause a denial of service (crash) by triggering an mmap error before a prefault, which causes an error in the unmap_hugepage_area function.

4.9
2005-12-31 CVE-2005-4782 Netbsd Local Denial of Service vulnerability in NetBSD SO_LINGER DIAGNOSTIC Checking

NetBSD 2.0 before 2.0.4, 2.1 before 2.1.1, and 3, when the kernel is compiled with "options DIAGNOSTIC," allows local users to cause a denial of service (kernel assertion panic) via a negative linger time in the SO_LINGER socket option.

4.9
2005-12-31 CVE-2005-4777 Tashcom Local Security vulnerability in Tashcom Aspedit 2.9

Tashcom ASPEdit 2.9 stores the administration password (aka the FTP password) in cleartext in the registry, which might allow local users to view the password.

4.9
2005-12-31 CVE-2005-4742 Pavel Kankovsky Local Security vulnerability in Pavel Kankovsky Echelog 0.6.2

Unspecified vulnerability in Echelog 0.6.2 allows attackers to "exploit function stacks on some architectures," with unknown impact and attack vectors.

4.9
2005-12-31 CVE-2005-4733 Netbsd Denial-Of-Service vulnerability in Netbsd 2.0

NetBSD 2.0 before 20050316 and NetBSD-current before 20050112 allow local users to cause a denial of service (infinite loop and system hang) by calling the F_CLOSEM fcntl with a parameter value of 0.

4.9
2005-12-31 CVE-2005-0489 Linux Local Denial of Service vulnerability in Linux Kernel Invalid Proc Memory Access

The /proc handling (proc/base.c) Linux kernel 2.4 before 2.4.17 allows local users to cause a denial of service via unknown vectors that cause an invalid access of free memory.

4.9
2005-12-31 CVE-2005-4802 Flexbackup Local Security vulnerability in Flexbackup

Flexbackup 1.2.1 and earlier allows local users to overwrite files and execute code via a symlink attack on temporary files.

4.6
2005-12-31 CVE-2005-4771 Trust Digital Authentication Bypass vulnerability in Trust Digital Trusted Mobility Suite

Trusted Mobility Agent PC Policy in Trust Digital Trusted Mobility Suite provides a cancel button that bypasses the domain-authentication prompt, which allows local users to sync a handheld (PDA) device despite a policy setting that sync is unauthorized.

4.6
2005-12-31 CVE-2005-4752 BEA Multiple vulnerability in BEA Weblogic Server 7.0/8.1

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, and 7.0 SP6 and earlier, might allow local users to gain privileges by using the run-as deployment descriptor element to change the privileges of a web application or EJB from the Deployer security role to the Admin security role.

4.6
2005-12-31 CVE-2005-4728 Debian Local Code Execution vulnerability in Debian Amaya 9.2.1.6

Untrusted search path vulnerability (RPATH) in amaya 9.2.1 on Debian GNU/Linux allows local users to gain privileges via a malicious Mesa library in the /home/anand directory.

4.6
2005-12-31 CVE-2005-4710 Autodesk Products Remote Unauthorized Access vulnerability in Autodesk

Unspecified vulnerability in multiple Autodesk and AutoCAD products and product families from 2006 and earlier allows remote attackers to "gain inappropriate access to another local user's computer," aka ID DL5549329.

4.6
2005-12-31 CVE-2005-4668 Parosproxy Local Security vulnerability in Parosproxy

The embedded HSQLDB in ParosProxy before 3.2.7, when running with JDK 1.4.2 before 1.4.2_08, allows local users to execute arbitrary comands via crafted SQL commands that interact with HSQLDB through JDBC, a similar vulnerability to CVE-2003-0845.

4.6
2005-12-31 CVE-2005-4639 Linux Local Buffer Overflow vulnerability in Linux Kernel DVB Driver

Buffer overflow in the CA-driver (dst_ca.c) for TwinHan DST Frontend/Card in Linux kernel 2.6.12 and other versions before 2.6.15 allows local users to cause a denial of service (crash) and possibly execute arbitrary code by "reading more than 8 bytes into an 8 byte long array".

4.6
2005-12-31 CVE-2005-4636 Openoffice Local Security vulnerability in Openoffice

OpenOffice.org 2.0 and earlier, when hyperlinks has been disabled, does not prevent the user from clicking the WWW-browser button in the Hyperlink dialog, which makes it easier for attackers to trick the user into bypassing intended security settings.

4.6
2005-12-31 CVE-2005-4620 Rarlab Buffer Overflow vulnerability in RARLAB WinRAR Command Line Processing

Buffer overflow in WinRAR 3.50 and earlier allows local users to execute arbitrary code via a long command-line argument.

4.6
2005-12-31 CVE-2005-2454 IBM Permissions, Privileges, and Access Controls vulnerability in IBM Lotus Notes

IBM Lotus Notes 6.5.4 and 6.5.5, and 7.0.0 and 7.0.1, uses insecure default permissions (Everyone/Full Control) for the "Notes" folder and all children, which allows local users to gain privileges and modify, add, or delete files in that folder.

4.6
2005-12-31 CVE-2005-1726 Apple Multiple vulnerability in Apple mac OS X 10.4.1

The CoreGraphics Window Server in Mac OS X 10.4.1 allows local users with console access to gain privileges by "launching commands into root sessions."

4.6
2005-12-30 CVE-2005-4590 SPB Security Bypass vulnerability in SPB Kiosk Engine 1.0.0.1

Spb Kiosk Engine 1.0.0.1 allows local users to bypass restrictions on allowed applications via (1) removable media containing a program that will execute because of the autorun setting and (2) applications that are able to invoke other applications, as demonstrated by a file: URL specifying a .exe file.

4.6
2005-12-29 CVE-2005-4581 Scott Draves Local Security vulnerability in Scott Draves Electric Sheep 2.6.3

Buffer overflow in Electric Sheep 2.6.3 client allows local users to execute arbitrary code via a long window-id parameter.

4.6
2005-12-28 CVE-2005-4525 Sygate Technologies Unspecified vulnerability in Sygate Technologies Protection Agent 5.0Build6144

SmcGui.exe in Sygate Protection Agent 5.0 build 6144 allows local users to obtain management control over the agent by executing the GUI (SmcGui.exe) and then killing the process, which causes the privileged management GUI to launch.

4.6
2005-12-27 CVE-2005-3343 Tkdiff Unspecified vulnerability in Tkdiff

tkdiff before 4.1.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

4.6
2005-12-31 CVE-2005-4877 Ignite Realtime Cross-Site Scripting vulnerability in Ignite Realtime Openfire 2.3.0

Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.3.0 Beta 2 allows remote attackers to inject arbitrary web script or HTML via Javascript events in the username parameter, a different vulnerability than CVE-2005-4876.

4.3
2005-12-31 CVE-2005-4876 Ignite Realtime Cross-Site Scripting vulnerability in Ignite Realtime Openfire 2.2.2

Cross-site scripting (XSS) vulnerability in the login form (login.jsp) of the admin console in Openfire (formerly Wildfire) 2.2.2, and possibly other versions before 2.3.0 Beta 2, allows remote attackers to inject arbitrary web script or HTML via the username parameter, a different vulnerability than CVE-2005-4877.

4.3
2005-12-31 CVE-2005-4874 Mozilla Code Injection vulnerability in Mozilla 1.7.8

The XMLHttpRequest object in Mozilla 1.7.8 supports the HTTP TRACE method, which allows remote attackers to obtain (1) proxy authentication passwords via a request with a "Max-Forwards: 0" header or (2) arbitrary local passwords on the web server that hosts this object.

4.3
2005-12-31 CVE-2005-4871 IBM Permissions, Privileges, and Access Controls vulnerability in IBM DB2 8.1

Certain XML functions in IBM DB2 8.1 run with the privileges of DB2 instead of the logged-in user, which allows remote attackers to create or overwrite files via (1) XMLFileFromVarchar or (2) XMLFileFromClob, or read files via (3) XMLVarcharFromFile or (4) XMLClobFromFile.

4.3
2005-12-31 CVE-2005-4870 IBM Buffer Errors vulnerability in IBM DB2 8.1

Stack-based buffer overflows in the (1) xmlvarcharfromfile, (2) xmlclobfromfile, (3) xmlfilefromvarchar, and (4) xmlfilefromclob function calls in IBM DB2 8.1 allow remote attackers to execute arbitrary code via a 94-byte second argument, which causes the return address to be overwritten with a pointer to the argument.

4.3
2005-12-31 CVE-2005-4858 Chitta HTML Injection vulnerability in Mimicboard2

Multiple cross-site scripting (XSS) vulnerabilities in mimic2.cgi in mimicboard2 (Mimic2) 086 and earlier allow remote attackers to inject arbitrary web script or HTML via unspecified parameters associated with the (1) name, (2) title, and (3) comment sections, as demonstrated by referencing a remote document through the SRC attribute of an IFRAME element.

4.3
2005-12-31 CVE-2005-4846 Spey Improper Input Validation vulnerability in Spey 0.3.3

Format string vulnerability in Logger.cc for Spey 0.3.3 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a syslog call.

4.3
2005-12-31 CVE-2005-4840 Microsoft Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Microsoft Outlook Express Book Control

The Outlook Express Address Book control, when using Internet Explorer 6, allows remote attackers to cause a denial of service (NULL dereference and browser crash) by creating the OutlookExpress.AddressBook COM object, which is not intended for use within Internet Explorer.

4.3
2005-12-31 CVE-2005-4833 IBM Unspecified vulnerability in IBM Websphere Application Server 6.0

IBM WebSphere Application Server (WAS) 6.0 before 20050201, when serving pages in an Application WAR or an Extended Document Root, allows remote attackers to obtain the JSP source code and other sensitive information via "a specific JSP URL," related to lack of normalization of the URL format.

4.3
2005-12-31 CVE-2005-4831 Viewcvs Cross-Site Scripting vulnerability in Viewcvs 0.9.2

viewcvs in ViewCVS 0.9.2 allows remote attackers to set the Content-Type header to arbitrary values via the content-type parameter, which can be leveraged for cross-site scripting (XSS) and other attacks, as demonstrated using (1) "text/html", or (2) "image/jpeg" with an image that is rendered as HTML by Internet Explorer, a different vulnerability than CVE-2004-1062.

4.3
2005-12-31 CVE-2005-4785 JL Webworks HTML Injection vulnerability in JL Webworks Quickblogger 1.4

Cross-site scripting (XSS) vulnerability in QuickBlogger 1.4 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) author ("your name") and (2) "comment" section.

4.3
2005-12-31 CVE-2005-4774 Xerver Input Validation vulnerability in Xerver 4.17

Cross-site scripting (XSS) vulnerability in Xerver 4.17 allows remote attackers to inject arbitrary web script or HTML after a /%00/ sequence at the end of the URI.

4.3
2005-12-31 CVE-2005-4732 TUX Racer Cross-Site Scripting vulnerability in Tuxbank

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Tux Racer TuxBank 0.7x and 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) name and (2) description parameters.

4.3
2005-12-31 CVE-2005-4721 THE Media Shoppe Berhad Cross-Site Scripting vulnerability in the Media Shoppe Berhad Tmspublisher 3.3

Cross-site scripting (XSS) vulnerability in search.cfm in tmsPUBLISHER 3.3 allows remote attackers to inject arbitrary web script or HTML via the q parameter.

4.3
2005-12-31 CVE-2005-4707 PHP GEN Cross-Site Scripting vulnerability in PHP GEN

Multiple cross-site scripting (XSS) vulnerabilities in PHP GEN before 1.3 allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

4.3
2005-12-31 CVE-2005-4698 Tellme Cross-Site Scripting vulnerability in Tellme 1.2

Cross-site scripting (XSS) vulnerability in TellMe 1.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the 91) q_IP (IP) or (2) q_Host (HOST) parameters.

4.3
2005-12-31 CVE-2005-4682 Audienceview Cross-Site Scripting vulnerability in AudienceView

Cross-site scripting (XSS) vulnerability in error.asp in AudienceView allows remote attackers to inject arbitrary web script or HTML via the TSerrorMessage parameter.

4.3
2005-12-31 CVE-2005-4675 Complete PHP Counter Cross-Site Scripting vulnerability in Complete PHP Counter

Cross-site scripting (XSS) vulnerability in list.php in Complete PHP Counter allows remote attackers to inject arbitrary web script or HTML via the c parameter.

4.3
2005-12-31 CVE-2005-4672 Citypost Cross-Site Scripting vulnerability in Citypost Simple Image Editor 0.52

Cross-site scripting (XSS) vulnerability in image-editor-52/index.php in CityPost Simple Image-Editor 0.52 allows remote attackers to inject arbitrary web script or HTML via the (1) m1, (2) m2, (3) m3, (4) imgsrc, and (5) m4 parameter.

4.3
2005-12-31 CVE-2005-4671 Citypost Cross-Site Scripting vulnerability in Citypost Simple PHP Upload 5.3

Cross-site scripting (XSS) vulnerability in simple-upload-53.php in CityPost Simple PHP Upload 5.3 allows remote attackers to inject arbitrary web script or HTML via the message parameter.

4.3
2005-12-31 CVE-2005-4670 Citypost Cross-Site Scripting vulnerability in Citypost PHP Lnkx 52.0

Cross-site scripting (XSS) vulnerability in message.php in CityPost Automated Link Exchange (LNKX) allows remote attackers to inject arbitrary web script or HTML via the msg parameter.

4.3
2005-12-31 CVE-2005-4666 Phlymail Input Validation vulnerability in Phlymail 3.02.00/3.02.01

Cross-site scripting (XSS) vulnerability in PHlyMail before 3.3 Beta1 allows remote attackers to inject arbitrary Javascript via unknown attack vectors.

4.3
2005-12-31 CVE-2005-4665 Punbb HTML Injection vulnerability in PunBB BBCode URL Tag

Cross-site scripting (XSS) vulnerability in PunBB 1.2.6 and earlier allows remote attackers to inject arbitrary web script or HTML via Javascript contained in nested, malformed BBcode url tags.

4.3
2005-12-31 CVE-2005-4663 Ocomon Cross-Site Scripting vulnerability in OcoMon

Cross-site scripting (XSS) vulnerability in OcoMon 1.20, and possibly earlier versions, allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors.

4.3
2005-12-31 CVE-2005-4655 PHP Fusion Unspecified vulnerability in PHP Fusion PHP Fusion 6.00.204

Cross-site scripting (XSS) vulnerability in submit.php in PHP-Fusion 6.0.204 allows remote attackers to inject arbitrary web script or HTML via nested tags in the news_body parameter, as demonstrated by elements such as "<me<meta>ta" and "<sc<script>ript>".

4.3
2005-12-31 CVE-2005-4649 Advanced Guestbook Cross-Site Scripting vulnerability in Advanced Guestbook Advanced Guestbook 2.2/2.3.1

Multiple cross-site scripting (XSS) vulnerabilities in Advanced Guestbook 2.2 and 2.3.1 allow remote attackers to inject arbitrary web script or HTML via (1) the entry parameter in index.php and (2) the gb_id parameter in comment.php.

4.3
2005-12-31 CVE-2005-4644 Edgewall Software HTML Injection vulnerability in Edgewall Software Trac 0.9.2

Cross-site scripting (XSS) vulnerability in the HTML WikiProcessor in Edgewall Trac 0.9.2 allows remote attackers to inject arbitrary web script or HTML via javascript in the SRC attribute of an IMG tag.

4.3
2005-12-31 CVE-2005-4642 Hydrobb Cross-Site Scripting vulnerability in Hydrobb 1.0.0Beta2

Multiple cross-site scripting (XSS) vulnerabilities in HydroBB 1.0.0 Beta 2 allow remote attackers to inject arbitrary web script or HTML via the s parameter to (1) search.php, (2) members.php, (3) stats.php, (4) viewforum.php, (5) register.php, (6) usercp.php, (7) groups.php, (8) pms.php, and (9) calendar.php.

4.3
2005-12-31 CVE-2005-4637 Kayako Cross-Site Scripting vulnerability in Kayako SupportSuite

Multiple cross-site scripting (XSS) vulnerabilities in index.php in Kayako SupportSuite 3.00.26 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) nav parameter in the downloads module, (2) Full Name and (3) Email fields in the core module, (4) Full Name, (5) Email, and (6) Subject fields in the tickets module, or (7) Registered Email field in the lostpassword feature in the core module.

4.3
2005-12-31 CVE-2005-4627 Gfhost
Gmailsite
Cross-Site Scripting vulnerability in GMailSite

Cross-site scripting (XSS) vulnerability in index.php in (1) GmailSite 1.0 through 1.0.4 and (2) GFHost 0.1.1 through 0.4.2 allows remote attackers to inject arbitrary web script or HTML via the lng parameter.

4.3
2005-12-31 CVE-2005-4621 Jelsoft Cross-Site Scripting vulnerability in VBulletin

Cross-site scripting (XSS) vulnerability in the editavatar page in vBulletin 3.5.1 allows remote attackers to inject arbitrary web script or HTML via a URL in the remote avatar url field, in which the URL generates a parsing error, and possibly requiring a trailing extension such as .jpg.

4.3
2005-12-31 CVE-2005-4613 Vubb Cross-Site Scripting vulnerability in Vubb Alpharc1

Cross-site scripting (XSS) vulnerability in VUBB alpha rc1 allows remote attackers to inject arbitrary web script or HTML via unspecified fields in the user edit profile.

4.3
2005-12-31 CVE-2005-4607 Incogen Cross-Site Scripting vulnerability in INCOGEN Bugport

Cross-site scripting (XSS) vulnerability in index.php in BugPort 1.147 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) ids[0], (2) action, (3) report_id, (4) devWherePair[1][1], and (5) binds[0] parameters.

4.3
2005-12-31 CVE-2005-4603 Mybulletinboard HTML Injection vulnerability in MyBB Print Thread Script

Cross-site scripting (XSS) vulnerability in printthread.php in MyBB 1.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a thread message, which is not properly sanitized in the print view of the thread.

4.3
2005-12-31 CVE-2005-4599 Moxiecode Multiple vulnerability in TinyMCE Compressor

Cross-site scripting (XSS) vulnerability in tiny_mce_gzip.php in TinyMCE Compressor PHP before 1.06 allows remote attackers to inject arbitrary web script or HTML via the index parameter.

4.3
2005-12-31 CVE-2005-4598 Ooapp Cross-Site Scripting vulnerability in Ooapp Guestbook 2.1

Cross-site scripting (XSS) vulnerability in home.php in OoApp Guestbook 2.1 allows remote attackers to inject arbitrary web script or HTML via the page parameter.

4.3
2005-12-31 CVE-2005-4597 Epistream Cross-Site Scripting vulnerability in Epistream Ipei Guestbook 1.7

Cross-site scripting (XSS) vulnerability in index.php in iPei Guestbook 1.7 allows remote attackers to inject arbitrary web script or HTML via the email parameter, as used by the email field, when signing a guestbook.

4.3
2005-12-31 CVE-2005-4596 Ades Design Cross-Site Scripting vulnerability in Ades Design Adesguestbook 2.0

Cross-site scripting (XSS) vulnerability in read.php in AdesGuestbook 2.0 allows remote attackers to inject arbitrary web script or HTML via the totalRows_rsRead parameter.

4.3
2005-12-31 CVE-2005-4351 Dragonfly
Freebsd
Linux
Openbsd
Local Security vulnerability in kernel

The securelevels implementation in FreeBSD 7.0 and earlier, OpenBSD up to 3.8, DragonFly up to 1.2, and Linux up to 2.6.15 allows root users to bypass immutable settings for files by mounting another filesystem that masks the immutable files while the system is running.

4.3
2005-12-30 CVE-2005-4588 Dream4 Unspecified vulnerability in Dream4 Koobi 5.0

Cross-site scripting (XSS) vulnerability in Koobi 5 allows remote attackers to inject arbitrary web script or HTML via nested, malformed url BBCode tags.

4.3
2005-12-29 CVE-2005-4583 Vmware Cross-Site Scripting vulnerability in VMWare ESX

Unspecified vulnerability in the Management Interface in VMware ESX Server 2.x up to 2.5.x before 24 December 2005 allows "remote code execution in the Web browser" via unspecified attack vectors, probably related to cross-site scripting (XSS).

4.3
2005-12-29 CVE-2005-4580 DAY Cross-Site Scripting vulnerability in DAY Communique 4

Cross-site scripting (XSS) vulnerability in Day Communique 4 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a search.

4.3
2005-12-29 CVE-2005-4577 Hitachi Input Validation vulnerability in Hitachi Business Logic

Multiple cross-site scripting (XSS) vulnerabilities in Hitachi Business Logic - Container (BLC) P-2443-9114 01-00 through 02-06 on Windows, and P-1M43-9111 01-01 through 02-00 on AIX, allow remote attackers to inject arbitrary web script or HTML via unknown attack vectors in an unspecified input form.

4.3
2005-12-29 CVE-2005-4576 Fatwire Cross-Site Scripting vulnerability in FatWire UpdateEngine

Multiple cross-site scripting (XSS) vulnerabilities in the UpdateEngine program in Fatwire UpdateEngine 6.2 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) COUNTRYNAME, (2) EMAIL, and (3) FUELAP_TEMPLATENAME parameters.

4.3
2005-12-29 CVE-2005-4574 Paperthin Cross-Site Scripting vulnerability in PaperThin CommonSpot Content Server

Cross-site scripting (XSS) vulnerability in loader.cfm in PaperThin CommonSpot Content Server 4.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the bNewWindow parameter.

4.3
2005-12-29 CVE-2005-4571 Myezshop Input Validation vulnerability in myEZshop Shopping Cart

Cross-site scripting (XSS) vulnerability in myEZshop Shopping Cart allows remote attackers to inject arbitrary web script or HTML via the Keyword parameter.

4.3
2005-12-28 CVE-2005-4555 DEV Input Validation vulnerability in DEV web Management System 1.5

Cross-site scripting (XSS) vulnerability in add.php in DEV web management system 1.5 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) ENTER_ARTICLE_TITLE, (2) SPECIFY_ZONE, (3) ENTER_ARTICLE_HEADER, and (4) ENTER_ARTICLE_BODY indices in the language array parameter.

4.3
2005-12-28 CVE-2005-4551 Simpbook HTML Injection vulnerability in Simpbook 1.0

Cross-site scripting (XSS) vulnerability in sign.php in codegrrl SimpBook 1.0, when html_enable is on, allows remote attackers to inject arbitrary web script or HTML via the message parameter to index.php.

4.3
2005-12-28 CVE-2005-4549 Oracle Remote vulnerability in Oracle Application Server Discussion Forum Portlet

Cross-site scripting (XSS) vulnerability in Oracle Application Server (OracleAS) Discussion Forum Portlet allows remote attackers to inject arbitrary web script or HTML via the (1) RowKeyValue parameter in the PORTAL schema; and the (2) title and (3) content input fields when creating an forum article.

4.3
2005-12-28 CVE-2005-4547 Epic Designs Cross-Site Scripting vulnerability in eggblog

Cross-site scripting (XSS) vulnerability in home/search.php in eggblog 2.0 allows remote attackers to execute arbitrary SQL commands via the q parameter, as used by the Keyword and Search fields.

4.3
2005-12-28 CVE-2005-4545 Netdirect Cross-Site Scripting vulnerability in ShopCentrik ShopEngine EXPS Parameter

Cross-site scripting (XSS) vulnerability in search.asp in NetDirect ShopEngine allows remote attackers to inject arbitrary web script or HTML via the EXPS parameter.

4.3
2005-12-28 CVE-2005-4522 Mantis Unspecified vulnerability in Mantis

Multiple cross-site scripting (XSS) vulnerabilities in the view_filters_page.php filters script in Mantis 1.0.0rc3 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) view_type and (2) target_field parameters.

4.3
2005-12-28 CVE-2005-4516 PHP Fusion Cross-Site Scripting vulnerability in PHP-Fusion Members.PHP

Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion 6.00.200 through 6.00.300 allow remote attackers to inject arbitrary web script or HTML via (1) the sortby parameter in members.php and (2) IMG tags.

4.3
2005-12-31 CVE-2005-4857 EZ Resource Management Errors vulnerability in EZ Publish

eZ publish 3.5 before 3.5.7, 3.6 before 3.6.5, 3.7 before 3.7.3, and 3.8 before 20051128 allows remote authenticated users to cause a denial of service (Apache httpd segmentation fault) via a request to content/advancedsearch.php with an empty SearchContentClassID parameter, reportedly related to a "memory addressing error".

4.0
2005-12-31 CVE-2005-4851 EZ Improper Authentication vulnerability in EZ Publish

eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects.

4.0
2005-12-31 CVE-2005-4786 Hauri Remote Buffer Overflow vulnerability in Hauri Livecall, Virobot and Vrazmain.Dll

Buffer overflow in the archive decompression library (vrAZMain.dll 5.8.22.137), as used in HAURI anti-virus products including (1) ViRobot Expert 4.0, (2) ViRobot Advanced Server, and (3) HAURI LiveCall, allows user-assisted attackers to execute arbitrary code via an ALZ archive containing a file with a long filename.

4.0
2005-12-31 CVE-2005-4758 BEA Multiple vulnerability in BEA Weblogic Server 8.1

Unspecified vulnerability in the Administration server in BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier allows remote authenticated Admin users to read arbitrary files via unknown attack vectors related to an "internal servlet" accessed through HTTP.

4.0
2005-12-31 CVE-2005-4740 IBM Multiple vulnerability in IBM DB2 Universal Database

IBM DB2 Universal Database (UDB) 810 before version 8 FixPak 10 allows remote authenticated users to cause a denial of service (db2jd service crash) by "connecting from a downlevel client."

4.0

38 Low Vulnerabilities

DATE CVE VENDOR VULNERABILITY CVSS
2005-12-31 CVE-2005-4667 Info ZIP Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Info-Zip Unzip

Buffer overflow in UnZip 5.50 and earlier allows user-assisted attackers to execute arbitrary code via a long filename command line argument.

3.7
2005-12-31 CVE-2005-4803 Graphviz Unspecified vulnerability in Graphviz

graphviz before 2.2.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

3.6
2005-12-31 CVE-2005-4796 SUN Local Arbitrary File Corruption vulnerability in Sun Solaris XView

Unspecified vulnerability in the XView library (libxview.so) in Solaris 2.5 to 10 allows local users to corrupt files via unknown vectors related to the handling of the clipboard selection while an XView application exits.

3.6
2005-12-31 CVE-2005-4779 Netbsd Local Security vulnerability in Netbsd 2.0/2.0.1/2.0.2

verifiedexecioctl in verified_exec.c in NetBSD 2.0.2 calls NDINIT with UIO_USERSPACE rather than UID_SYSSPACE, which removes the functionality of the verified exec kernel subsystem and might allow local users to execute Trojan horse programs.

3.6
2005-12-31 CVE-2005-4855 EZ Permissions, Privileges, and Access Controls vulnerability in EZ Publish

Unrestricted file upload vulnerability in eZ publish 3.5 before 3.5.5, 3.6 before 3.6.2, 3.7 before 3.7.0rc2, and 3.8 before 20050922 does not restrict Image datatype uploads to image content types, which allows remote authenticated users to upload certain types of files, as demonstrated by .js files, which may enable cross-site scripting (XSS) attacks or other attacks.

3.5
2005-12-31 CVE-2005-2343 RIM Denial Of Service vulnerability in RIM products

Research in Motion (RIM) BlackBerry Handheld web browser for BlackBerry Handheld before 4.0.2 allows remote attackers to cause a denial of service (hang) via a Java Application Description (JAD) file with a long application name and vendor string, which prevents a browser dialog from being properly dismissed.

2.6
2005-12-31 CVE-2005-1918 GNU
Redhat
Path Traversal vulnerability in multiple products

The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/".

2.6
2005-12-31 CVE-2005-4869 IBM Denial Of Service vulnerability in IBM DB2 8.1

The (1) to_char and (2) to_date function in IBM DB2 8.1 allows local users to cause a denial of service (application crash) via an empty string in the second parameter, which causes a null pointer dereference.

2.1
2005-12-31 CVE-2005-4791 Novell Local Privilege Escalation vulnerability in Novell Suse Linux 10.0

Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee.

2.1
2005-12-31 CVE-2005-4789 Suse Unspecified vulnerability in Suse Linux 9.2/9.3

resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, does not properly enforce class-specific exclude rules in some situations, which allows local users to bypass intended access restrictions for USB devices that set their class ID at the interface level.

2.1
2005-12-31 CVE-2005-4788 Suse Unspecified vulnerability in Suse Linux 9.2/9.3

resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, allows local users to bypass access control rules for USB devices via "alternate syntax for specifying USB devices."

2.1
2005-12-31 CVE-2005-4783 Netbsd Local Security vulnerability in NetBSD

kernfs_xread in kernfs_vnops.c in NetBSD before 20050831 does not check for a negative offset when reading the message buffer, which allows local users to read arbitrary kernel memory.

2.1
2005-12-31 CVE-2005-4778 Suse Local Denial Of Service vulnerability in SUSE Linux PowerSave Daemon

The powersave daemon in SUSE Linux 10.0 before 20051007 has an unspecified "configuration problem," which allows local users to suspend the computer and possibly perform certain other unauthorized actions.

2.1
2005-12-31 CVE-2005-4755 BEA Multiple vulnerability in BEA Weblogic Server 8.1

BEA WebLogic Server and WebLogic Express 8.1 SP3 and earlier (1) stores the private key passphrase (CustomTrustKeyStorePassPhrase) in cleartext in nodemanager.config; or, during domain creation with the Configuration Wizard, renders an SSL private key passphrase in cleartext (2) on a terminal or (3) in a log file, which might allow local users to obtain cryptographic keys.

2.1
2005-12-31 CVE-2005-4706 SUN Local vulnerability in SUN Solaris 10.0

Unspecified vulnerability in the "privilege management" feature of Sun Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors that trigger a null dereference in the secpolicy_fs_common function.

2.1
2005-12-31 CVE-2005-4701 SUN Information Disclosure vulnerability in SUN Solaris 10.0

Unspecified vulnerability in Process File System (procfs) in Sun Solaris 10 allows local users to obtain sensitive information such as process working directories via unknown attack vectors, possibly pwdx.

2.1
2005-12-31 CVE-2005-4697 Microsoft Information Disclosure vulnerability in Microsoft Windows Wireless Zero Configuration Service

The Microsoft Wireless Zero Configuration system (WZCS) allows local users to access WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key via certain calls to the WZCQueryInterface API function in wzcsapi.dll.

2.1
2005-12-31 CVE-2005-4696 Microsoft Information Disclosure vulnerability in Microsoft Windows Wireless Zero Configuration Service

The Microsoft Wireless Zero Configuration system (WZCS) stores WEP keys and pair-wise Master Keys (PMK) of the WPA pre-shared key in plaintext in memory of the explorer process, which allows attackers with access to process memory to steal the keys and access the network.

2.1
2005-12-31 CVE-2005-4691 Netbsd Unspecified vulnerability in Netbsd

imake in NetBSD before 2.0.3, NetBSD-current before 12 September 2005, certain versions of X.Org, and certain versions of XFree86 allows local users to overwrite arbitrary files via a symlink attack on the temporary file for the file.0 target, which is used for a pre-formatted manual page.

2.1
2005-12-31 CVE-2005-4690 SIX Apart Unspecified vulnerability in SIX Apart Movable Type 3.16

Six Apart Movable Type 3.16 allows local users with blog-creation privileges to create or overwrite arbitrary files of certain types (such as HTML and image files) by selecting an arbitrary directory as a blog's top-level directory.

2.1
2005-12-31 CVE-2005-4683 Padl Software Information Disclosure vulnerability in Padl Software Migrationtools 46

PADL MigrationTools 46, when a failure occurs, stores contents of /etc/shadow in a world-readable /tmp/nis.$$.ldif file, and possibly other sensitive information in other temporary files, which are not properly managed by (1) migrate_all_online.sh, (2) migrate_all_offline.sh, (3) migrate_all_netinfo_online.sh, (4) migrate_all_netinfo_offline.sh, (5) migrate_all_nis_online.sh, (6) migrate_all_nis_offline.sh, (7) migrate_all_nisplus_online.sh, and (8) migrate_all_nisplus_offline.sh.

2.1
2005-12-31 CVE-2005-4659 Ipcop Information Disclosure vulnerability in IPCop Backup Key

IPCop (aka IPCop Firewall) before 1.4.10 has world-readable permissions for the backup.key file, which might allow local users to overwrite system configuration files and gain privileges by creating a malicious encrypted backup archive owned by "nobody", then executing ipcoprscfg to restore from this backup.

2.1
2005-12-31 CVE-2005-4536 Debian Unspecified vulnerability in Debian Libmail-Audit-Perl 2.15

Mail::Audit module in libmail-audit-perl 2.1-5, when logging is enabled without a default log file specified, uses predictable log filenames, which allows local users to overwrite arbitrary files via a symlink attack on the [PID]-audit.log temporary file.

2.1
2005-12-31 CVE-2005-4352 Linux
Netbsd
The securelevels implementation in NetBSD 2.1 and earlier, and Linux 2.6.15 and earlier, allows local users to bypass time setting restrictions and set the clock backwards by setting the clock ahead to the maximum unixtime value (19 Jan 2038), which then wraps around to the minimum value (13 Dec 1901), which can then be set ahead to the desired time, aka "settimeofday() time wrap."
2.1
2005-12-31 CVE-2005-3782 Apple Denial-Of-Service vulnerability in Apple Mac OS X Server

Mac OS X 10.4.3 up to 10.4.6, when loginwindow uses the "Name and password" setting, and the "Show the Restart, Sleep, and Shut Down buttons" option is disabled, allows users with physical access to bypass login and reboot the system by entering ">restart", ">power", or ">shutdown" sequences after the username.

2.1
2005-12-31 CVE-2005-3620 Vmware Information Disclosure vulnerability in VMware ESX

The management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 records passwords in cleartext in URLs that are stored in world-readable web server log files, which allows local users to gain privileges.

2.1
2005-12-31 CVE-2005-2762 Avaya Local Security vulnerability in Vpnremote

Avaya VPNRemote before 4.2.33 stores credentials in cleartext in process memory, which allows attackers to obtain the VPN user's credentials.

2.1
2005-12-31 CVE-2005-2462 Kayako Input Validation vulnerability in Kayako Liveresponse 2.0

Kayako liveResponse 2.x, when logging in a user, records the password in plaintext in the URL, which allows local users and possibly remote attackers to gain privileges.

2.1
2005-12-31 CVE-2005-0985 Apple Denial-Of-Service vulnerability in Apple Mac OS X

Unspecified vulnerability in the Mac OS X kernel before 10.3.8 allows local users to cause a denial of service (temporary hang) via unspecified attack vectors related to the fan control unit (FCU) driver.

2.1
2005-12-31 CVE-2005-0136 Linux Unspecified vulnerability in Linux Kernel

The Linux kernel before 2.6.11 on the Itanium IA64 platform has certain "ptrace corner cases" that allow local users to cause a denial of service (crash) via crafted syscalls, possibly related to MCA/INIT, a different vulnerability than CVE-2005-1761.

2.1
2005-12-30 CVE-2005-4589 SPB Local Security vulnerability in SPB Kiosk Engine 1.0.0.1

Spb Kiosk Engine 1.0.0.1 stores the administrator's passcode in the registry in plaintext, which allows local users to obtain the passcode.

2.1
2005-12-27 CVE-2005-3341 Dhis Tools Unspecified vulnerability in Dhis Tools DNS Package

DHIS tools DNS package (dhis-tools-dns) before 5.0 allows local users to overwrite arbitrary files via a symlink attack on temporary files created by (1) register-q.sh and (2) register-p.sh.

2.1
2005-12-31 CVE-2005-3126 Antiword Link Following vulnerability in Antiword 0.32/0.35

The (1) kantiword (kantiword.sh) and (2) gantiword (gantiword.sh) scripts in antiword 0.35 and earlier allow local users to overwrite arbitrary files via a symlink attack on temporary (a) output and (b) error files.

1.9
2005-12-31 CVE-2005-1976 Novell Unspecified vulnerability in Novell Netmail 3.5.2

Novell NetMail 3.5.2a, 3.5.2b, and 3.5.2c, when running on Linux, sets the owner and group ID to 500 for certain files, which could allow users or groups with that ID to execute arbitrary code or cause a denial of service by modifying those files.

1.7
2005-12-31 CVE-2005-4761 BEA Multiple vulnerability in BEA Weblogic Server 6.1/7.0/8.1

BEA WebLogic Server and WebLogic Express 8.1 SP4 and earlier, 7.0 SP5 and earlier, and 6.1 SP7 and earlier log the Java command line at server startup, which might include sensitive information (passwords or keyphrases) in the server log file when the -D option is used.

1.2
2005-12-31 CVE-2005-4660 Ipcop Unspecified vulnerability in Ipcop

Race condition in IPCop (aka IPCop Firewall) before 1.4.10 might allow local users to overwrite system configuration files and gain privileges by replacing a backup archive during the time window when the archive is owned by "nobody" but not yet encrypted, then executing ipcoprscfg to restore from this backup.

1.2
2005-12-31 CVE-2005-3342 Norman Ramsey Unspecified vulnerability in Norman Ramsey Noweb 2.10C/2.9A

noweb 2.10c and earlier allows local users to overwrite arbitrary files via symlink attacks on temporary files in (1) lib/toascii.nw and (2) shell/roff.mm.

1.2
2005-12-31 CVE-2005-2527 SUN Link Following vulnerability in SUN Java

Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to corrupt files or create arbitrary files via unspecified attack vectors related to a temporary directory, possibly due to a symlink attack.

1.2