| OSVDB ID | Disclosure Date | Title |
|---|
|
13395
Description:
(Description Provided by CVE) : Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions.
|
2003-03-26
|
PHP socket_recvfrom() Function Remote DoS
|
|
13396
Description:
(Description Provided by CVE) : Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions.
|
2003-03-26
|
PHP emalloc() Function Integer Overflow
|
|
56429
Description:
(Description Provided by CVE) : GoAhead WebServer before 2.1.6 allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via an invalid URL, related to the websSafeUrl function.
|
2003-03-25
|
GoAhead WebServer websSafeUrl Function Malformed URL NULL Dereference Remote DoS
|
|
20201
Description:
(Description Provided by CVE) : The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows remote attackers to cause a denial of service (crash) via a POST request without a Content-Type header.
|
2003-03-25
|
Monkey HTTP Daemon Post_Method Function Missing Content-Type Header DoS
|
|
13393
Description:
(Description Provided by CVE) : Integer signedness error in emalloc() function for PHP before 4.3.2 allow remote attackers to cause a denial of service (memory consumption) and possibly execute arbitrary code via negative arguments to functions such as (1) socket_recv, (2) socket_recvfrom, and possibly other functions.
|
2003-03-25
|
PHP socket_iovec_alloc() Remote Overflow DoS
|
|
14322
Description:
Unknown / Incomplete
|
2003-03-25
|
eMule Missing Nickname Remote DoS
|
|
43006
Description:
(Description Provided by CVE) : Absolute path traversal vulnerability in nukestyles.com viewpage.php addon for PHP-Nuke allows remote attackers to read arbitrary files via a full pathname in the file parameter. NOTE: This was originally reported as an issue in PHP-Nuke 6.5, but this is an independent addon.
|
2003-03-25
|
Nukestyles.com viewpage.php Addon for PHP-Nuke File Parameter Traversal Arbitrary File Access
|
|
93190
Description:
HP MPE/iX contains an unspecified flaw related to the FTP/iX implementation that may allow a remote attacker to gain access to privileged data. No further details have been provided by the vendor.
|
2003-03-25
|
HP MPE/iX FTP/iX Unspecified Remote Privileged Data Access
|
|
45772
Description:
Unknown / Incomplete
|
2003-03-24
|
IBM DB2 Universal Database Command Center Connect Error Message Incorrect Password Cleartext Disclosure
|
|
88471
Description:
Libxml2 contains an overflow condition in encoding.c. The issue is triggered as user-supplied input is not properly validated. This will cause an unspecified buffer overflow, resulting in a denial of service or potentially execution of arbitrary code.
|
2003-03-24
|
Libxml2 encoding.c Unspecified Overflow
|
|
88470
Description:
Libxml2 contains an overflow condition in the xmlValidDebug() function in valid.c. The issue is triggered as user-supplied input is not properly validated data is wrote to the xmlValidDebug() function. This will cause a buffer overflow, resulting in a denial of service or potentially execution of arbitrary code.
|
2003-03-24
|
Libxml2 valid.c xmlValidDebug() Function Overflow
|
|
90035
Description:
Libxml2 contains an unspecifeid flaw in xmlreader.c that may allow a denial of service. The issue is due to an unspecified error that occurs during prefix handling. This may allow a context-dependent attacker to cause a loss of availability.
|
2003-03-24
|
Libxml2 xmlreader.c Prefix Handling Unspecified DoS
|
|
90034
Description:
Libxml2 contains a flaw in tree.c that may allow a denial of service. The issue is triggered during the handling of attributes during a node dump. This may allow a context-dependent attacker to crash the program.
|
2003-03-24
|
Libxml2 tree.c Node Dump Attribute Handling DoS
|
|
50431
Description:
Unknown / Incomplete
|
2003-03-24
|
3Com SuperStack II RAS 1500 Crafted IP Packet Remote DoS
|
|
50430
Description:
Unknown / Incomplete
|
2003-03-24
|
3Com SuperStack II RAS 1500 user_settings.cfg Remote Information Disclosure
|
|
22514
Description:
(Description Provided by CVE) : Linksys BEFVP41 VPN Router 2.0 with firmware 1.01.04 allows remote attackers on the local network, to cause a denial of service via IP packets with a null IP option length.
|
2003-03-24
|
Linksys BEFVP41 Malfored IP Packet Option #0xE4 Null Length Remote DoS
|
|
50626
Description:
Unknown / Incomplete
|
2003-03-24
|
PHP Topsites counter.php count_log_file Parameter Arbitrary File Overwrite
|
|
4819
Description:
ThWboard contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "intavatar" variable upon submission to the "do_editprofile.php" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2003-03-24
|
ThWboard do_editprofile.php intavatar Variable Local XSS
|
|
58502
Description:
Unknown / Incomplete
|
2003-03-23
|
paFileDB pafiledb.php Multiple Parameter SQL Injection
|
|
57172
Description:
Unknown / Incomplete
|
2003-03-22
|
Samba-TNG Unspecified Remote Privilege Escalation
|
|
9023
Description:
SoX contains a flaw related to the 'resample effect' feature that may allow an attacker to cause a integer overflow. No further details have been provided.
|
2003-03-22
|
SoX Resample Effect Overflow
|
|
9022
Description:
SoX contains a flaw related to the 'compand effect' feature that may allow an attacker to cause an integer overflow. No further details have been provided.
|
2003-03-22
|
SoX Compand Effect Overflow
|
|
53387
Description:
Unknown / Incomplete
|
2003-03-22
|
VChat chat.php Message Field Overflow DoS
|
|
53386
Description:
Unknown / Incomplete
|
2003-03-22
|
VChat msg.txt Direct Request Message Disclosure
|
|
9294
Description:
Acrobat contains a flaw that may allow a malicious user to load unauthorized plugins. The issue is triggered by the digital signature verification code, which only validates the header of a plugin file. It is possible that the flaw may allow an attacker to submit a modified plugin which will be executed as "reader-enabled" resulting in a loss of integrity.
|
2003-03-21
|
Adobe Acrobat CTIsCertifiedMode Function Untrusted Plugin Loading
|
|
49874
Description:
(Description Provided by CVE) : PlanetMoon Guestbook tr3.a stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the admin script password, and other passwords, via a direct request to files/passwd.txt.
|
2003-03-21
|
PlanetMoon Guestbook files/passwd.txt Direct Request Admin Password Disclosure
|
|
1017
Description:
Unknown / Incomplete
|
2003-03-21
|
Check Point VPN-1/FireWall-1 Syslog Daemon Remote Overflow DoS
|
|
1087
Description:
Unknown / Incomplete
|
2003-03-21
|
Check Point VPN-1/Firewall-1 Syslog Daemon Malicious Character Injection
|
|
5465
Description:
Mozilla bonsai CVS query tool contains a flaw that may lead to an unauthorized information disclosure. Bonsai allows a remote attacker to obtain unauthorized access to the parameters page by accessing editparams.cgi directly without authentication. Information obtained may be used to launch further attacks against a system using Bonsai.
|
2003-03-21
|
Mozilla Bonsai editparams.cgi Authentication Bypass
|
|
14324
Description:
Edonkey2000 and overnet contain a flaw that may allow an attacker to consume all resources (CPU and memory). By sending a specially crafted request, the attacker can make the software open a new chat dialog window. By repeating this operation, the attacker can exhaust the resources of the targeted machine resulting in a loss of availability.
|
2003-03-21
|
Edonkey2000 Malformed Message Hash Saturation DoS
|
|
16022
Description:
(Description Provided by CVE) : Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2 allows remote attackers to execute arbitrary code via unknown vectors.
|
2003-03-20
|
IBM Tivoli Firewall Toolbox (TFST) Unspecified Remote Overflow
|
|
44695
Description:
Unknown / Incomplete
|
2003-03-20
|
Safeboot PC Security Local Account Enumeration
|
|
44696
Description:
Unknown / Incomplete
|
2003-03-20
|
Microsoft ActiveSync WideCharToMultiByte() Function NULL Dereference Remote DoS
|
|
9077
Description:
glFTPd contains a flaw related to the "site onel" feature that may allow an attacker to gain increased privileges due to the command not properly switching the EUID back from 0. No further details have been provided.
|
2003-03-20
|
glFTPd site onel Command Privilege Escalation
|
|
53304
Description:
Unknown / Incomplete
|
2003-03-20
|
SimpleChat /data/usr Active Chat User List Disclosure
|
|
4927
Description:
J Walk contains a flaw that allows a remote attacker to view files outside of the web path. The issue is due to the supplied web server not properly sanitizing user input, specifically traversal style attacks (../../) in the URL, when encoded in part as an escaped Unicode string.
|
2003-03-20
|
J Walk Application Server Encoded Traversal Arbitrary File Disclosure
|
|
18722
Description:
Unknown / Incomplete
|
2003-03-20
|
IBM Tivoli SecureWay WebSEAL Error Page XSS
|
|
7372
Description:
osCommerce contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'error_message' or 'info_message' variables upon submission to the any script which includes header.php. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2003-03-20
|
osCommerce header.php error_message Parameter XSS
|
|
7374
Description:
osCommerce contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate additional comments upon submission to the account_history_info script. The comments are saved with the order, but are not displayed when the record is viewed, so this flaw does not have an adverse consequence.
|
2003-03-20
|
osCommerce account_history_info.php XSS
|
|
7375
Description:
osCommerce contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate additional comments upon submission to the checkout_confirmation.php script. This additional code is not displayed when the record is viewed, and there is no adverse consequence to this flaw.
|
2003-03-20
|
osCommerce checkout_confirmation.php XSS
|
