Microsoft Internet Explorer contains a flaw that may allow a remote attacker to execute arbitrary commands. Internet Explorer allows remote attackers to obtain the physical location of cached content and open the content in the Local Computer Zone, then use compiled HTML help (.chm) files to execute arbitrary programs.
(Description Provided by CVE) : The installation of AdCycle banner management system leaves the build.cgi program in a web-accessible directory, which allows remote attackers to execute the program and view passwords or delete databases.
(Description Provided by CVE) : WinVNC installs the WinVNC3 registry key with permissions that give Special Access (read and modify) to the Everybody group, which allows users to read and modify sensitive information such as passwords and gain access to the system.
NetcPlus SmartServer and BrowseGate contain a flaw that is triggered by the applications storing user credential information in the dialsrv.ini file, which is accessible by all windows authenticated users. This may make it easier for an attacker to gain access to a user's password information.
DCForum contains a flaw that allows a remote attacker to view any arbitrary file on the web server. The issue is due to a lack of sanity checking on the "$r_in" variable in the dcboard.cgi and dcadmin.cgi scripts. Further, if an attacker attempts to view the source code of the dcforum.cgi script, it deletes itself.
(Description Provided by CVE) : Real Networks RealServer 7 and earlier allows remote attackers to obtain portions of RealServer's memory contents, possibly including sensitive information, by accessing the /admin/includes/ URL.
(Description Provided by CVE) : Netopia ISDN Router 650-ST before 4.3.5 allows remote attackers to read system logs without authentication by directly connecting to the login screen and typing certain control characters.
WatchGuard Firebox II contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker floods the server with FTP or SMTP requests, disabling subsequent proxy handling.
By default, Exchange creates a user account with a default password. The EUSR_EXSTOREEVENT account has a password of xyxx1x#y which is publicly known and documented. This allows attackers to trivially access the program or system.
(Description Provided by CVE) : Joe text editor follows symbolic links when creating a rescue copy called DEADJOE during an abnormal exit, which allows local users to overwrite the files of other users whose joe session crashes.
(Description Provided by CVE) : crontab by Paul Vixie uses predictable file names for a temporary file and does not properly ensure that the file is owned by the user executing the crontab -e command, which allows local users with write access to the crontab spool directory to execute arbitrary commands by creating world-writeable temporary files and modifying them while the victim is editing the file.
International Components for Unicode for Java (ICU4J) contains a flaw related to the TimeZone.java file. While a cursory review of the code commit does not suggest a security fix, the note with this specifically indicates it fixes a security bug. No further details are available.
AnalogX Proxy contains a flaw that allows a remote attacker to crash the service. The issue is due to poor sanity checking of user supplied input to the FTP, SMTP or POP3 services. If an attacker sends "multiple abnormal strings" to these services, it can crash the entire proxy service.
(Description Provided by CVE) : Small HTTP Server 2.03 and earlier allows remote attackers to cause a denial of service by repeatedly requesting a URL that references a directory that does not contain an index.html file, which consumes memory that is not released after the request is completed.
FreeBSD contains a flaw that may allow a malicious user to bypass the nat gateway. The issue was triggered because code was added to permit certain types of data through the nat gateway. It is possible that the flaw may allow all traffic to pass through, despite the "deny_incoming" directive, resulting in a loss of integrity.
(Description Provided by CVE) : AV Option for MS Exchange Server option for InoculateIT 4.53, and possibly other versions, only scans the Inbox folder tree of a Microsoft Exchange server, which could allow viruses to escape detection if a user's rules cause the message to be moved to a different mailbox.
FreeBSD contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious user submits a request for an arbitrary large file in the TERMCAP environment variable to telnetd, which consumes cpu resources as the server processes the request, and will result in loss of availability for the platform.
(Description Provided by CVE) : Small HTTP Server 2.01 does not properly process Server Side Includes (SSI) tags that contain null values, which allows local users, and possibly remote attackers, to cause the server to crash by inserting the SSI into an HTML file.
(Description Provided by CVE) : Small HTTP Server 2.01 allows remote attackers to cause a denial of service by connecting to the server and sending out multiple GET, HEAD, or POST requests and closing the connection before the server responds to the requests.
The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO
warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright
holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.