[CLOSE] OSVDB ID : 8809 - Disclosed: 2003-03-11

Description:

(Description Provided by CVE) : Buffer overflow in the web interface for SOHO Routefinder 550 before firmware 4.63 allows remote attackers to cause a denial of service (reboot) and execute arbitrary code via a long GET /OPTIONS value.

[CLOSE] OSVDB ID : 10828 - Disclosed: 2003-03-11

Description:

(Description Provided by CVE) : Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.11, and early R6 allows remote attackers to execute arbitrary code via a long distinguished name (DN) during NotesRPC authentication and an outer field length that is less than that of the DN field.

[CLOSE] OSVDB ID : 13486 - Disclosed: 2003-03-11

Description:

(Description Provided by CVE) : The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, and possibly later versions, has a default "admin" account with a blank password, which could allow attackers on the LAN side to conduct unauthorized activities.

[CLOSE] OSVDB ID : 92823 - Disclosed: 2003-03-11

Description:

HP Jetdirect 310x Print Server for Fast Ethernet contains an unspecified flaw that may allow a remote attacker to cause a denial of service or gain unauthorized access. No further details have been provided by the vendor.

[CLOSE] OSVDB ID : 57015 - Disclosed: 2003-03-10

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 6196 - Disclosed: 2003-03-10

Description:

(Description Provided by CVE) : Directory traversal vulnerability in PeopleTools 8.10 through 8.18, 8.40, and 8.41 allows remote attackers to overwrite arbitrary files via the SchedulerTransfer servlet.

[CLOSE] OSVDB ID : 8930 - Disclosed: 2003-03-10

Description:

(Description Provided by CVE) : Directory traversal vulnerability in Cross-Referencing Linux (LXR) allows remote attackers to read arbitrary files via .. (dot dot) sequences in the v parameter.

[CLOSE] OSVDB ID : 9794 - Disclosed: 2003-03-10

Description:

A remote overflow exists in Qpopper. The server fails to properly check the length of macronames supplied to the pop_msg() function resulting in a buffer overflow. With a specially crafted request, an attacker can cause a denial of service or potentially execute arbitrary code. This attack requires valid user authentication credentials.

[CLOSE] OSVDB ID : 3371 - Disclosed: 2003-03-09

Description:

Invision Power Board allows remote attackers to include arbitrary PHP files. The issue is due to poor sanity checking on arguments supplied to the ad_member.php script. By specifying an arbitrary path, a remote attacker can include a custom configuration file from a remote system, allowing them to execute arbitrary code and more.

[CLOSE] OSVDB ID : 5505 - Disclosed: 2003-03-09

Description:

(Description Provided by CVE) : Directory traversal vulnerability in PostNuke 0.723 and earlier allows remote attackers to include arbitrary files named theme.php via the theme parameter to index.php.

[CLOSE] OSVDB ID : 14475 - Disclosed: 2003-03-09

Description:

(Description Provided by CVE) : Integer overflow in JsArrayFunctionHeapSort function used by Windows Script Engine for JScript (JScript.dll) on various Windows operating system allows remote attackers to execute arbitrary code via a malicious web page or HTML e-mail that uses a large array index value that enables a heap-based buffer overflow attack.

[CLOSE] OSVDB ID : 7982 - Disclosed: 2003-03-08

Description:

PunBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate variables upon submission to certain administratively functions. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. No further details have been provided.

[CLOSE] OSVDB ID : 53382 - Disclosed: 2003-03-08

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 9909 - Disclosed: 2003-03-08

Description:

(Description Provided by CVE) : MySQL 3.23.55 and earlier creates world-writeable files and allows mysql users to gain root privileges by using the "SELECT * INFO OUTFILE" operator to overwrite a configuration file and cause mysql to run as root upon restart, as demonstrated by modifying my.cnf.

[CLOSE] OSVDB ID : 7356 - Disclosed: 2003-03-07

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 4465 - Disclosed: 2003-03-07

Description:

(Description Provided by CVE) : Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code.

[CLOSE] OSVDB ID : 4466 - Disclosed: 2003-03-07

Description:

(Description Provided by CVE) : Format string vulnerability in packet-socks.c of the SOCKS dissector for Ethereal 0.8.7 through 0.9.9 allows remote attackers to execute arbitrary code via SOCKS packets containing format string specifiers.

[CLOSE] OSVDB ID : 8810 - Disclosed: 2003-03-07

Description:

(Description Provided by CVE) : Clearswift MAILsweeper 4.x allows remote attackers to bypass attachment detection via an attachment that does not specify a MIME-Version header field, which is processed by some mail clients.

[CLOSE] OSVDB ID : 58839 - Disclosed: 2003-03-07

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 28713 - Disclosed: 2003-03-06

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 53880 - Disclosed: 2003-03-06

Description:

PHP-Ping contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to index.php not properly sanitizing user input supplied to the 'pingto' variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 35878 - Disclosed: 2003-03-06

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 35879 - Disclosed: 2003-03-06

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 15147 - Disclosed: 2003-03-05

Description:

(Description Provided by CVE) : Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows local users to cause a denial of service (unknown impact) and possibly gain privileges via certain constructs in a .forward file.

[CLOSE] OSVDB ID : 58904 - Disclosed: 2003-03-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 63186 - Disclosed: 2003-03-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 54765 - Disclosed: 2003-03-05

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in ONEdotOH Simple File Manager (SFM) before 0.21 allows remote attackers to inject arbitrary web script or HTML via (1) file names and (2) directory names.

[CLOSE] OSVDB ID : 7549 - Disclosed: 2003-03-05

Description:

(Description Provided by CVE) : Buffer overflow in the lprm command in the lprold lpr package on SuSE 7.1 through 7.3, OpenBSD 3.2 and earlier, and possibly other operating systems, allows local users to gain root privileges via long command line arguments such as (1) request ID or (2) user name.

[CLOSE] OSVDB ID : 8202 - Disclosed: 2003-03-04

Description:

SAP server-side Remote Function Call (aka RFC) API contains a flaw that may allow a malicious user to undertake a brute-force attack against accounts without inducing a lock-out. The issue is due to insufficient checking placed on the Remote Function Call API which can be used in place of the GUI for authentication. It is possible that the flaw may allow account compromise, resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 7335 - Disclosed: 2003-03-04

Description:

IlohaMail contains a variable injection flaw that may allow an attacker to gain elevated privileges. No further details have been provided.

[CLOSE] OSVDB ID : 7400 - Disclosed: 2003-03-04

Description:

IlohaMail contains a flaw that allows a remote attacker to access files outside of the web path. The issue is due to the index.php script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the int_lang variable. This flaw will lead to a loss of confidentiality.

[CLOSE] OSVDB ID : 91078 - Disclosed: 2003-03-04

Description:

By default, phpWebSite installs with default admin credentials (username/password combination). The 'admin' account has a password of 'phpwebsite', which is publicly known and documented. This allows remote attackers to trivially access the program or system and gain privileged access.

[CLOSE] OSVDB ID : 3950 - Disclosed: 2003-03-04

Description:

The GNU Transport Layer Security Library contains a flaw that may allow a malicious user to disclose sensitive information about the information protected by the security features of the GNU Transport Layer Security Library. It is currently undocumented as to what exact conditions must be met to cause this condition. It is possible that the flaw may allow and attackers the ability to decrypted protected data resulting in a loss of information confidentiality.

[CLOSE] OSVDB ID : 4502 - Disclosed: 2003-03-04

Description:

(Description Provided by CVE) : Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to execute arbitrary code via certain formatted address fields, related to sender and recipient header comments as processed by the crackaddr function of headers.c.

[CLOSE] OSVDB ID : 6456 - Disclosed: 2003-03-04

Description:

(Description Provided by CVE) : Buffer overflow in tryelf() in readelf.c of the file command allows attackers to execute arbitrary code as the user running file, possibly via a large entity size value in an ELF header (elfhdr.e_shentsize).

[CLOSE] OSVDB ID : 14743 - Disclosed: 2003-03-04

Description:

(Description Provided by CVE) : Unknown vulnerability in the "Automatic File Content Type Recognition (AFCTR) Tool version of the file package before 3.41, related to "a memory allocation problem," has unknown impact.

[CLOSE] OSVDB ID : 62224 - Disclosed: 2003-03-04

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in LoganPro allows remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header.

[CLOSE] OSVDB ID : 62225 - Disclosed: 2003-03-04

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in WebExpert allows remote attackers to inject arbitrary web script or HTML via a crafted User-Agent HTTP header.

[CLOSE] OSVDB ID : 62226 - Disclosed: 2003-03-04

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in WebLogExpert allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.

[CLOSE] OSVDB ID : 62227 - Disclosed: 2003-03-04

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in SurfStats allows remote attackers to inject arbitrary web script or HTML via a crafted client domain name, related to an "Inverse Lookup Log Corruption (ILLC)" issue.