[CLOSE] OSVDB ID : 2762 - Disclosed: 2003-10-31

Description:

Citrix MetaFrame XP version 1.0 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "NFuse_Message" variable parameters when generating error messages. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 25743 - Disclosed: 2003-10-31

Description:

(Description Provided by CVE) : Xscreensaver before 4.15 creates temporary files insecurely in (1) driver/passwd-kerberos.c, (2) driver/xscreensaver-getimage-video, (3) driver/xscreensaver.kss.in, and the (4) vidwhacker and (5) webcollage screensavers, which allows local users to overwrite arbitrary files via a symlink attack.

[CLOSE] OSVDB ID : 2739 - Disclosed: 2003-10-31

Description:

LedForums contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "top_message" variable upon submission to the index.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 18724 - Disclosed: 2003-10-31

Description:

Tivoli SecureWay WebSEAL contains a flaw that may allow a malicious user to perform cross-site scripting attacks without detection. The issue is triggered when WebSEAL fails to log cross-site scripting attacks when there is a "?" in the URI. It is possible that the flaw may allow cross-site scripting attacks to be undetected resulting in a loss of integrity.

[CLOSE] OSVDB ID : 2764 - Disclosed: 2003-10-31

Description:

The Plug and Play Software Web Server Proxy Service contains a flaw that may allow a remote denial of service. The issue is triggered when specially crafted GET request is sent to TCP port 8080, and will result in loss of availability for the Proxy Service.

[CLOSE] OSVDB ID : 3417 - Disclosed: 2003-10-31

Description:

BEA WebLogic contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "person" variable upon submission to the InteractiveQuery.jsp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 2740 - Disclosed: 2003-10-30

Description:

Booby prior to version 0.2.4 contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user input upon submission. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 2741 - Disclosed: 2003-10-30

Description:

The Bea Tuxedo and WebLogic Enterprise administration console contains a flaw that allows an unauthenticated remote user to determine whether a given local file exists, perform a XSS attack, and potentially crash the server process. This flaw exists because the application does not validate the INIFILE variable upon submission to the admin console CGI script. This could allow a user to create a specially crafted URL that would execute arbitrary code in an administrative user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 2783 - Disclosed: 2003-10-30

Description:

Microsoft Internet Explorer contains flaws that may allow a malicious user to access any resource that is in the Local Zone. The issue is triggered when Internet Explorer accesses a malicious HTML document. It is possible that the flaw may allow resource access in the Local Zone resulting in a loss of confidentiality, integrity, and/or availability.

[CLOSE] OSVDB ID : 2738 - Disclosed: 2003-10-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 2742 - Disclosed: 2003-10-30

Description:

Kpopup contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicous user changes the PATH environment variable to include a hostile 'killall' binary before the system path. This flaws may be abused to execute arbitrary code as the root user.

[CLOSE] OSVDB ID : 3290 - Disclosed: 2003-10-30

Description:

Kpopup contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicous user passes a carefully crafted format string argument to the kpopup executable. This flaws may be abused to execute arbitrary code as the root user.

[CLOSE] OSVDB ID : 2737 - Disclosed: 2003-10-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 2736 - Disclosed: 2003-10-30

Description:

(Description Provided by CVE) : Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare 6 SP3 and ZenWorks for Desktops 3.2 SP2 through 4.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via unknown attack vectors.

[CLOSE] OSVDB ID : 2735 - Disclosed: 2003-10-30

Description:

(Description Provided by CVE) : Buffer overflow in Musicqueue 1.2.0 allows local users to execute arbitrary code via a long language variable in the configuration file.

[CLOSE] OSVDB ID : 45124 - Disclosed: 2003-10-30

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 7910 - Disclosed: 2003-10-30

Description:

Microsoft Internet Explorer contains a flaw that may allow a malicious user to execute arbitrary files. By placing a malicious file into the cache directory and adding a double slash ("\\") to the CODEBASE function, the program will execute the file within the trusted MYCOMPUTER zone. It is possible that the flaw may allow execution of arbitrary files resulting in a loss of integrity.

[CLOSE] OSVDB ID : 60323 - Disclosed: 2003-10-30

Description:

(Description Provided by CVE) : The (1) ipq_read and (2) ipulog_read functions in iptables allow local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.

[CLOSE] OSVDB ID : 7365 - Disclosed: 2003-10-29

Description:

thttpd contains a flaw that may allow a remote denial of service. The issue is triggered due to an unknown sockaddr type, and will result in loss of availability for the daemon. No further details have been provided.

[CLOSE] OSVDB ID : 2753 - Disclosed: 2003-10-29

Description:

e107 contains a flaw that may allow a remote denial of service. The issue is triggered when invalid input is supplied in the "Name:" field of the Chatbox.php script, and will result in loss of availability for certain pages.

[CLOSE] OSVDB ID : 57530 - Disclosed: 2003-10-29

Description:

(Description Provided by CVE) : Buffer overflow in TelCondex SimpleWebServer 2.12.30210 Build3285 allows remote attackers to execute arbitrary code via a long HTTP Referer header.

[CLOSE] OSVDB ID : 2733 - Disclosed: 2003-10-29

Description:

A local overflow exists in Apache. The mod_rewrite module fails to handle regular expressions containing more than 9 captures (stored strings matching a particular pattern) resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code or cause a denial of service resulting in a loss of integrity and/or confidentiality.

[CLOSE] OSVDB ID : 7611 - Disclosed: 2003-10-29

Description:

A local overflow exists in Apache. The mod_alias module fails to handle regular expressions containing more than 9 captures (stored strings matching a particular pattern) resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code or cause a denial of service resulting in a loss of integrity and/or confidentiality.

[CLOSE] OSVDB ID : 2732 - Disclosed: 2003-10-29

Description:

NetFile contains a flaw that allows a remote cross site scripting attack. This flaw exists because because the application does not validate URLs that are returned in error messages for non-existant pages. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 2700 - Disclosed: 2003-10-29

Description:

byteHoard contains a flaw that allows a remote attacker to browse arbitrary directories outside of the web path. The issue is due to the files.inc.php script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via an unknown variable.

[CLOSE] OSVDB ID : 2730 - Disclosed: 2003-10-29

Description:

(Description Provided by CVE) : The NFS Server for Solaris 7, 8, and 9 allows remote attackers to cause a denial of service (UFS panic) via certain invalid UFS requests, which triggers a null dereference.

[CLOSE] OSVDB ID : 2728 - Disclosed: 2003-10-29

Description:

Mac OS X contains an unspecified flaw in its Quicktime Java implementation. The flaw could allow unauthorized access to the system, leading to a loss of integrity. No further details have been provided.

[CLOSE] OSVDB ID : 90036 - Disclosed: 2003-10-29

Description:

Libxml2 contains a flaw in the parser.c that may allow a denial of service. The issue is due to an unspecified error in compression saving, which may result in a crash for galeon.

[CLOSE] OSVDB ID : 2724 - Disclosed: 2003-10-29

Description:

(Description Provided by CVE) : Unknown vulnerability in Nokia IPSO 3.7, configured as IP Clusters, allows remote attackers to cause a denial of service via unknown attack vectors.

[CLOSE] OSVDB ID : 2725 - Disclosed: 2003-10-29

Description:

A remote overflow exists in mod_security Apache module for Apache version 2. The sec_filter_out() function of mod_security fails to perform proper bounds checking on data transfered from server-side scripts, resulting in a buffer overflow. With a specially crafted request, an attacker can cause execute arbitrary code on the server resulting in a loss of confidentiality, integrity, and/or availability.

[CLOSE] OSVDB ID : 2723 - Disclosed: 2003-10-29

Description:

(Description Provided by CVE) : Centrinity FirstClass 7.1 allows remote attackers to access sensitive information by appending search to the end of the URL and checking all of the search option checkboxes and leaving the text field blank, which will return all files in the searched directory.

[CLOSE] OSVDB ID : 2720 - Disclosed: 2003-10-28

Description:

Yahoo! Messenger contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted file transfer occurs, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 2719 - Disclosed: 2003-10-28

Description:

(Description Provided by CVE) : WebTide 7.04 allows remote attackers to list arbitrary directories via an HTTP request for %3f.jsp (encoded "?").

[CLOSE] OSVDB ID : 2731 - Disclosed: 2003-10-28

Description:

Mac OS X contains a flaw that may allow a malicious user to bypass screen locking. The issue is triggered when the screen effect is active, and keys pressed before the authentication window appears will be sent to the general user environment. It is possible that the flaw may allow a malicious user to launch applications in spite of screen locking resulting in a loss of integrity.

[CLOSE] OSVDB ID : 2727 - Disclosed: 2003-10-28

Description:

(Description Provided by CVE) : The WebCache component in Oracle Files 9.0.3.1.0, 9.0.3.2.0, and 9.0.3.3.0 of Oracle Collaboration Suite Release 1 caches files despite the cacheability rules imposed by Oracle Files, which allows local users to gain access.

[CLOSE] OSVDB ID : 2716 - Disclosed: 2003-10-28

Description:

Libnids contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is due to an unchecked buffer in the TCP reassembly module. If an attacker sends a specially crafted packet, they may be able to overflow the buffer and execute arbitrary privileges as root.

[CLOSE] OSVDB ID : 2734 - Disclosed: 2003-10-28

Description:

IRIX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a malicious user bypasses Network File System (NFS) access checks when the root,rw or access options in /etc/exports contain only wildcards (IP addresses or domain suffixes) and no explicit hostnames or netgroups. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 6686 - Disclosed: 2003-10-28

Description:

Mac OS X contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered because the TCP timestamp is triggered by a constant number, which will disclose uptime information resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 6687 - Disclosed: 2003-10-28

Description:

Mac OS X contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an administrator authenticates to access secure Preferences Panes, and allows any local user to access secure Preference Panes for a limited time. This flaw may lead to a loss of integrity.

[CLOSE] OSVDB ID : 6690 - Disclosed: 2003-10-28

Description:

A local overflow exists in Mac OS X. The kernel fails to validate arguments resulting in a buffer overflow. With a specially crafted request, an attacker can cause the kernel to crash resulting in a loss of availability.