Perl-HTTPd contains a flaw that allows a remote user to traverse outside of a restricted path. The issue is due to the application not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the URI. This directory traversal attack would allow the attacker to view files outside of the web root directory.
PEEL contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'haut.php' script not properly sanitizing user input supplied to the 'dirroot' parameter. This may allow an attacker to include a file from a third-party remote host that contains commands or code that will be executed by the vulnerable script with the same privileges as the web server.
A remote overflow exists in John Frank's WN Server. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted GET request containing 1,600 or more characters, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.
(Description Provided by CVE) : The leafnode server in leafnode 1.9.20 to 1.9.29 allows remote attackers to cause a denial of service (infinite loop) when leafnode requests a cross-posted article to one group whose name is a prefix of another group.
Telindus ADSL Routers contain a flaw that may allow a remote attacker to gain administrative access. The issue is due to the use of weak encryption for remote management access. If an attacker can sniff the remote management traffic stream they could trivially decrypt the traffic to learn the administrative password.
(Description Provided by CVE) : PHP remote file inclusion vulnerability in publish_xp_docs.php for Gallery 1.3.2 allows remote attackers to inject arbitrary PHP code by specifying a URL to an init.php file in the GALLERY_BASEDIR parameter.
Microsoft Internet Explorer (IE) contains a flaw that allows a remote cross site scripting attack. This issue is due to IE inproperly sanitizing URL input when it generates a page to load a multimedia file. By creating a specially crafted URL for a multimedia file containing embedded script, a remote attacker can execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
Microsoft Internet Explorer contains a flaw in the 'plugin.ocx' file. This issue is triggered when it renders third party file types (such as .swf). The "EnableFullPage" parameter does not have sufficient sanity checking performed which allows an attacker to inject arbitrary script code. This can be exploited when a vulnerable browser loads a web document.
(Description Provided by CVE) : Windows File Protection (WFP) in Windows 2000 and XP does not remove old security catalog .CAT files, which could allow local users to replace new files with vulnerable old files that have valid hash codes.
(Description Provided by CVE) : Unknown vulnerability in the AUTH_DES authentication for RPC in Solaris 2.5.1, 2.6, and 7, SGI IRIX 6.5 to 6.5.19f, and possibly other platforms, allows remote attackers to gain privileges.
(Description Provided by CVE) : Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, and CUPS before 1.1.18, allows local users to execute arbitrary code via a ColorSpace entry with a large number of elements, as demonstrated by cups-pdf.
(Description Provided by CVE) : Untrusted search path vulnerability in Pedro Lineu Orso chetcpasswd 2.4.1 and earlier allows local users to gain privileges via a modified PATH that references a malicious cp binary. NOTE: this issue might overlap CVE-2006-6639.
(Description Provided by CVE) : Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 allow remote attackers to execute script as other web site visitors via (1) the printenv CGI (printenv.pl), which does not encode its output, (2) pages generated by the ap_send_error_response function such as a default 404, which does not add an explicit charset, or (3) various messages that are generated by certain Apache modules or core code. NOTE: the printenv issue might still exist for web browsers that can render text/plain content types as HTML, such as Internet Explorer, but CVE regards this as a design limitation of those browsers, not Apache. The printenv.pl/acuparam vector, discloser on 20070724, is one such variant.
Bugzilla contains a flaw that may lead to an unauthorized information disclosure. The default .htaccess scripts fail to properly prevent access to backups of the lcoalconfig file created by a text editor (typically with a .swp or ~ suffix). It is possible for a remote attacker to download a backup copy of the localconfig file and obtain a user's database password, resulting in a loss of confidentiality.
An unspecified overflow exists in several Axis Communications Products (Camera, DVR and Video Server). These products contain an unspecified flaw in the authentication code module resulting in a stack overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
SPGpartenaires contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the pass variable in the ident.php module is not verified properly and will allow an attacker to inject or manipulate SQL queries.
SPGpartenaires contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the SPGP variable in the delete.php module is not verified properly and will allow an attacker to inject or manipulate SQL queries.
RealNetworks Helix Universal Server and RealServer contain a flaw that may allow a remote attacker to execute arbitrary code. The issue is due to the server not properly handling multiple simultaneous HTTP GET requests. If an attacker sends two specially crafted requests it will overflow a buffer allowing execution of arbitrary code with the privileges of the server.
Real Networks Helix Universal Server and RealServer contain a flaw that may allow a remote attacker to execute arbitrary code. The issue is due to a flaw in the RTSP DESCRIBE request handling that doesn't properly sanitize user input. If an attacker sends a specially crafted RTSP DESCRIBE request with an overly long URL they may be able to overflow a buffer and execute arbitrary code with the same privilege as the server.
Real Networks Helix Universal Server and RealServer contain a flaw that may allow a remote attacker to execute arbitrary code. The issue is due to a flaw in the RTSP SETUP request handling that doesn't properly sanitize user input. If an attacker sends a specially crafted RTSP SETUP request with an overly long transport field they may be able to overflow a buffer and execute arbitrary code with the same privilege as the server.
(Description Provided by CVE) : Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quote certain parameters that are inserted into a shell command, which could allow remote attackers to execute arbitrary commands via (1) URLs, (2) filenames, or (3) e-mail addresses.
W-Agora contains a flaw that may allow an "admin" or "root" user to include php files. The issue is triggered when a specially crafted URL request to ediform.php3 occurs. It is possible that the flaw may allow execution of arbitrary code resulting in a loss of confidentiality, integrity, and/or availability.
(Description Provided by CVE) : Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local users with lp privileges to create or overwrite arbitrary files via file race conditions, as demonstrated by ice-cream.
(Description Provided by CVE) : Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote attackers to add printers without authentication via a certain UDP packet, which can then be used to perform unauthorized activities such as stealing the local root certificate for the administration server via a "need authorization" page, as demonstrated by new-coke.
The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO
warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright
holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.