| OSVDB ID | Disclosure Date | Title |
|---|
|
17681
Description:
NetBSD contains a flaw that may allow a local denial of service. The issue is triggered when a malicious attacker uses the set-parameters ioctl call on certain audio devices to change block size and set pause state to "unpaused" in the same ioctl, which will cause a divide-by-zero error resulting in loss of availability for the platform.
|
2005-06-30
|
NetBSD Multiple Audio Driver Malformed ioctl() Call Local DoS
|
|
17736
Description:
Jinzora contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the include_path variable not properly sanitizing user input. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.
|
2005-06-30
|
Jinzora include_path Variable Remote File Inclusion
|
|
17828
Description:
(Description Provided by CVE) : Directory traversal vulnerability in default.asp for FSboard 2.0 allows remote attackers to read arbitrary files via ".." sequences in the filename parameter.
|
2005-06-30
|
FSboard default.asp filename Variable Traversal Arbitrary File Access
|
|
17737
Description:
Unknown / Incomplete
|
2005-06-29
|
knock Unspecified Security Issues
|
|
20785
Description:
Unknown / Incomplete
|
2005-06-29
|
Exponent CMS File Upload Extension Validation Failure Arbitrary Code Execution
|
|
20784
Description:
Unknown / Incomplete
|
2005-06-29
|
Exponent CMS filemanager Module Arbitrary PHP File Access
|
|
17739
Description:
(Description Provided by CVE) : im_trbbs.cgi in imTRSET 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the df parameter.
|
2005-06-29
|
imTRBBS im_trbbs.cgi df Variable Arbitrary Command Execution
|
|
27598
Description:
Unknown / Incomplete
|
2005-06-29
|
IBM WebSphere Form-based Authentication Multiple Variable Remote Overflow
|
|
17677
Description:
FreeBSD contains a flaw that may allow a malicious user to modify certain TCP options via a TCP packet with the SYN flag set for an already established session. It is possible that the flaw may allow an attacker to spoof the remote IP and port numbers of an established connection and stall the TCP communications resulting in a loss of availability.
|
2005-06-29
|
FreeBSD TCP Crafted SYN Packet Arbitrary Option Overwrite
|
|
17879
Description:
(Description Provided by CVE) : management.php in Realnode Emilda 1.2.2 and earlier allows remote attackers to perform actions as other users by modifying the user_id parameter.
|
2005-06-29
|
Emilda management.php user_id Parameter Arbitrary User Profile Modification
|
|
17645
Description:
ClamAV contains a flaw that may allow a remote denial of service. The issue is triggered when the ENSURE_BITS() function in the libclamav/mspack/mszipd.c fails to properly validate user supplied input. A remote attacker could send a specially crafted CAB file with a cffile_FolderOffset set to 0xff to cause the program to enter an infinite loop, resulting in a loss of availability of the anti-virus system.
|
2005-06-29
|
Clam AntiVirus Zero Length Cabinet File ENSURE_BITS() Macro DoS
|
|
17646
Description:
ClamAV contains a flaw that may allow a remote denial of service. The issue is triggered by a file descriptor leak in cli_msexpand() function, located in libclamav/scanners.c, which consumes all available file descriptors and/or memory on the target system. A remote attacker sends approximately 1,000 specially crafted archive files, either by email attachment or directly to a current HTTP session, resulting in a loss of availability of the anti-virus system.
|
2005-06-29
|
Clam AntiVirus MS-Expand File Handling DoS
|
|
17620
Description:
Dominion SX contains a flaw that may lead to an unauthorized information disclosure. The issue is due to the /etc/shadow file having world-readable permissions by default, which will disclose the root user's password hash resulting in a loss of confidentiality.
|
2005-06-29
|
Dominion SX /etc/shadow Permission Weakness Hashed Password Disclosure
|
|
17621
Description:
Dominion SX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to the /bin/busybox file having default permissions of world-writable, which may allow an attacker replace the file causing arbitrary code execution with another user's privileges.
|
2005-06-29
|
Dominion SX /bin/busybox Permission Weakness Privilege Escalation
|
|
17619
Description:
(Description Provided by CVE) : Unknown vulnerability in NateOn Messenger 3.0 allows remote attackers to list arbitrary directories via unknown attack vectors.
|
2005-06-29
|
NateOn Messenger Arbitrary User Directory Listing Disclosure
|
|
17689
Description:
Emilda reportedly contains several security-related flaws. No further details have been provided.
|
2005-06-29
|
Emilda Unspecified Multiple Security Issues
|
|
17615
Description:
(Description Provided by CVE) : The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris, HP-UX, and AIX creates temporary files with the permissions as specified in a user's umask, which could allow local users to read PDF documents of that user if the umask allows it.
|
2005-06-29
|
Adobe Reader for Linux Temp File Permission Weakness Arbitrary Document Disclosure
|
|
17793
Description:
XML-RPC for PHP (PHPXMLRPC) contains a flaw that may allow a remote attacker to execute arbitrary PHP code. The issue is due to the 'parseRequest()' function not properly sanitizing user-supplied input. By creating an XML file that uses single quotes to escape into the 'eval()' call, a remote attacker can execute arbitrary PHP code resulting in a loss of integrity.
|
2005-06-29
|
XML-RPC for PHP (PHPXMLRPC) parseRequest() Function Arbitrary PHP Code Execution
|
|
17644
Description:
Cisco IOS's RADIUS server contains a flaw that may allow a malicious user to bypass authorization and accounting. The issue is triggered when no fallback method of AAA is configured and a long username is submitted. It is possible that the flaw may allow unauthorized users to authenticate, resulting in a loss of confidentiality.
|
2005-06-29
|
Cisco IOS AAA RADIUS Long Username Authentication Bypass
|
|
17649
Description:
(Description Provided by CVE) : Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause a denial of service (server crash) via a large ID value in the ignore command, which is used as an array index and causes an out-of-bounds operation.
|
2005-06-29
|
Soldier of Fortune II Ignore Command Overflow DoS
|
|
17672
Description:
(Description Provided by CVE) : login.cgi in Community Link Pro Web Editor allows remote attackers to execute arbitrary commands via the file parameter.
|
2005-06-29
|
Community Link Pro login.cgi file Parameter Arbitrary Command Execution
|
|
17647
Description:
(Description Provided by CVE) : Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 allows remote attackers to execute arbitrary PHP code via a public comment or posting.
|
2005-06-29
|
Drupal Public Comment/Posting Arbitrary PHP Code Execution
|
|
17680
Description:
(Description Provided by CVE) : Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem.
|
2005-06-29
|
Microsoft IE JVIEW javaprxy.dll Memory Manipulation Arbitrary Code Execution
|
|
17633
Description:
Xoops contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'order' variable upon submission to the 'edit.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-06-29
|
XOOPS newbb Module edit.php order Variable XSS
|
|
17634
Description:
Xoops contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cid' variable upon submission to the 'comment_edit.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-06-29
|
XOOPS comment_edit.php cid Variable XSS
|
|
17635
Description:
(Description Provided by CVE) : SQL injection vulnerability in the loginUser function in the XMLRPC server in XOOPS 2.0.11 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via crafted values in an XML file, as demonstrated using the blogger.getPost method.
|
2005-06-29
|
XOOPS XMLRPC bloggerapi.php loginUser() Function SQL Injection
|
|
17636
Description:
WordPress contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'comment' and 'p' variables upon submission to the 'post.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-06-29
|
WordPress post.php Multiple Variable XSS
|
|
17637
Description:
(Description Provided by CVE) : SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file.
|
2005-06-29
|
WordPress XMLRPC Multiple Method SQL Injection
|
|
17638
Description:
(Description Provided by CVE) : wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use.
|
2005-06-29
|
WordPress wp-login.php Arbitrary User Forgotten Password E-Mail Modification
|
|
17639
Description:
(Description Provided by CVE) : WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensitive information via (1) a direct request to menu-header.php or a "1" value in the feed parameter to (2) wp-atom.php, (3) wp-rss.php, or (4) wp-rss2.php, which reveal the path in an error message. NOTE: vector [1] was later reported to also affect WordPress 2.0.1.
|
2005-06-29
|
WordPress menu-header.php Direct Request Path Disclosure
|
|
17640
Description:
(Description Provided by CVE) : WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensitive information via (1) a direct request to menu-header.php or a "1" value in the feed parameter to (2) wp-atom.php, (3) wp-rss.php, or (4) wp-rss2.php, which reveal the path in an error message. NOTE: vector [1] was later reported to also affect WordPress 2.0.1.
|
2005-06-29
|
WordPress wp-atom.php Path Disclosure
|
|
17641
Description:
(Description Provided by CVE) : WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensitive information via (1) a direct request to menu-header.php or a "1" value in the feed parameter to (2) wp-atom.php, (3) wp-rss.php, or (4) wp-rss2.php, which reveal the path in an error message. NOTE: vector [1] was later reported to also affect WordPress 2.0.1.
|
2005-06-29
|
WordPress wp-rss.php Path Disclosure
|
|
17642
Description:
(Description Provided by CVE) : WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensitive information via (1) a direct request to menu-header.php or a "1" value in the feed parameter to (2) wp-atom.php, (3) wp-rss.php, or (4) wp-rss2.php, which reveal the path in an error message. NOTE: vector [1] was later reported to also affect WordPress 2.0.1.
|
2005-06-29
|
WordPress wp-rss2.php Path Disclosure
|
|
45589
Description:
(Description Provided by CVE) : eZ publish 3.4.4 through 3.7 before 20050722 applies certain permissions on the node level, which allows remote authenticated users to bypass the original permissions on embedded objects in XML fields and read these objects.
|
2005-06-29
|
eZ publish XML Field Embedded Object Node Level Permission Bypass
|
|
23664
Description:
Unknown / Incomplete
|
2005-06-29
|
PEAR XML_RPC Unspecified Security Issue
|
|
17631
Description:
(Description Provided by CVE) : PHP remote file inclusion vulnerability in user_check.php for Pavsta Auto Site allows remote attackers to execute arbitrary PHP code via the sitepath parameter.
|
2005-06-29
|
Pavsta Auto Site user_check.php sitepath Remote File Inclusion
|
|
17676
Description:
FreeBSD ipfw on Symmetric Multi-Processor (SMP) systems and Uni Processor (UP) systems compiled with the PREEMPTION kernel option contains a flaw that may allow a malicious user to bypass ipfw lookup table rulesets. The issue is triggered when the kernel performs concurrent ipfw table lookups using cached results that have become corrupted due to insufficient locking. This could result in an incoming packet being treated contrary to a defined packet filtering ruleset. It is possible that the flaw may allow unauthorized access.
|
2005-06-29
|
FreeBSD ipfw Cached Entry Packet Matching Issue
|
|
17730
Description:
(Description Provided by CVE) : BisonFTP Server V4R1 allows remote authenticated users to cause a denial of service via an invalid command with a long argument.
|
2005-06-29
|
SofoTex BisonFTP Command Line Overflow
|
|
17603
Description:
(Description Provided by CVE) : SQL injection vulnerability in verify.asp in EtoShop Dynamic Biz Website Builder (QuickWeb) 1.0 allows remote attackers to execute arbitrary SQL commands via the (1) T1 or (2) T2 parameters.
|
2005-06-28
|
Dynamic Biz Website Builder logon.asp Password Field SQL Injection
|
|
17613
Description:
(Description Provided by CVE) : PHP remote file inclusion vulnerability in viewtopic.php in phpBB 2.0.15 and earlier allows remote attackers to execute arbitrary PHP code.
|
2005-06-28
|
phpBB viewtopic.php Highlighting Feature Arbitrary PHP Code Execution
|
