[CLOSE] OSVDB ID : 19855 - Disclosed: 2004-01-31

Description:

HTTP Server 2.0.47 contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when an attacker exploits the ErrorDocument directive, in order to bypass .htaccess file restrictions, as specified in httpd.conf where directives such as Deny From All occurs, allowing a local attacker to gain the same kind of privileges they otherwise would have had on the server. Apache disputes this vulnerability on the grounds that .htaccess is intended to control remote access to the server, and that the local user exploiting the vulnerability already has the privileges sought to be obtained through this exploit.

[CLOSE] OSVDB ID : 10859 - Disclosed: 2004-01-31

Description:

Aprox PHP Portal contains a flaw that allows a remote attacker to view arbitrary files outside of the web path. The issue is due to the 'index.php' script not properly sanitizing user input supplied via the 'show' variable, which could allow a remote attacker to view any file on the system resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 19833 - Disclosed: 2004-01-31

Description:

SqWebMail contains a flaw related to the way SqWebMail generates error messages on-non-mail-enabled accounts, such as root, generating different error messages for incorrect passwords versus correct passwords. The issue is triggered when a remote or local attacker attempts to brute force the root or other password. This may allow an attacker to gain unauthorized access as root.

[CLOSE] OSVDB ID : 3883 - Disclosed: 2004-01-31

Description:

Marauroa contains a flaw related to the JDBCPlayersDatabase. No further details have been provided.

[CLOSE] OSVDB ID : 3884 - Disclosed: 2004-01-31

Description:

MCal contains a flaw that allows a remote attacker to add events to the Admin section. The flaw is due to the application not properly handling expired cookies. No further details have been provided.

[CLOSE] OSVDB ID : 3771 - Disclosed: 2004-01-30

Description:

Inlook contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when "/.inlook/.crypt" is created with insecure default permissions, allowing anyone to read the content. occurs. This flaw may lead to a loss of confidentiality, integrity and/or availability.

[CLOSE] OSVDB ID : 3813 - Disclosed: 2004-01-30

Description:

IRIX contains a flaw that may allow a malicious user to run commands as the lp user. The issue is triggered when unsanitized input is passed to html2ps. It is possible that the flaw may allow arbitrary code execution resulting in a loss of confidentiality, integrity, and/or availability.

[CLOSE] OSVDB ID : 3798 - Disclosed: 2004-01-30

Description:

Chatterbox contains a flaw that may allow a remote denial of service. The issue is triggered when an invalid request is sent to the server, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 3764 - Disclosed: 2004-01-30

Description:

Solaris pfexec command contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a local unprivileged user with a custom rights profile has an invalid entry for that custom rights profile in the execution profiles database exec_attr(4). The modification of the exec_attr(4) file requires "root" privileges. This flaw may lead to a loss of Confidentiality, Integrity and/or Availability.

[CLOSE] OSVDB ID : 3763 - Disclosed: 2004-01-30

Description:

Kietu web statistics program contains a flaw that may allow a malicious user to include malicious PHP files from other locations. The issue is triggered when an attacker sends a specially-crafted URL request to the index.php script with the parameter kietu[url_hit] set to specify a malicious file. It is possible that the flaw may allow arbitrary command excution resulting in a loss of confidentiality, integrity, and/or availability.

[CLOSE] OSVDB ID : 3770 - Disclosed: 2004-01-30

Description:

Bodington contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered because the upload area is not properly secured in all configurations, which will disclose file information resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 4016 - Disclosed: 2004-01-30

Description:

JForum contains a flaw related to the Moderation Panel. No further details have been provided.

[CLOSE] OSVDB ID : 6727 - Disclosed: 2004-01-30

Description:

thePHOTOtool contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the login variable in the login.asp module is not verified properly and will allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 39840 - Disclosed: 2004-01-30

Description:

(Description Provided by CVE) : Directory traversal vulnerability in browser.php in JBrowser 1.0 through 2.1 allows remote attackers to read arbitrary files via the directory parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

[CLOSE] OSVDB ID : 3744 - Disclosed: 2004-01-29

Description:

McAfee ePolicy Orchestrator contains a flaw that may allow a remote denial of service. The issue is triggered when McAfee ePolicy Orchestrator recieves a HTTP POST request containing an invalid value in the "Content-Length:" header occurs, and will result in loss of availability for the the Orchestrator Agent.

[CLOSE] OSVDB ID : 3793 - Disclosed: 2004-01-29

Description:

Web Blog contains a flaw that may allow a malicious user to execute arbitrary commands. The issue is triggered when a specially crafted URL is sent to the server. It is possible that the flaw may allow arbitrary code execution resulting in a loss of confidentiality, integrity, and/or availability.

[CLOSE] OSVDB ID : 3745 - Disclosed: 2004-01-29

Description:

PHPix contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when an attacker sends a specially crafted URL. It is possible that the flaw may allow arbitrary code execution resulting in a loss of confidentiality, integrity, and/or availability.

[CLOSE] OSVDB ID : 3752 - Disclosed: 2004-01-29

Description:

Macromedia ColdFusion MX and Macromedia ColdFusion MX J2EE contains a flaw that may allow a malicious local user to bypass the sandbox restrictions. The issue is triggered when creating Java objects without using CreateObject() or <cfobject> even if these features are disabled occurs. It is possible that the flaw may allow local users to bypass the sandbox restrictions.

[CLOSE] OSVDB ID : 3816 - Disclosed: 2004-01-29

Description:

An unspecified overflow exists in IRIX. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of confidentiality, integrity, and/or availability.

[CLOSE] OSVDB ID : 3748 - Disclosed: 2004-01-29

Description:

Kerio Personal Firewall contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when a user launches an application from the KPF Administration window. This flaw may lead to a loss of confidentiality, integrity and/or availability.

[CLOSE] OSVDB ID : 3746 - Disclosed: 2004-01-29

Description:

PJ CGI Neo contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker sends a specially crafted URL which uses directory traversal characters, which will disclose arbitrary file information resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 3747 - Disclosed: 2004-01-29

Description:

trr19 contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered because the program does not drop privileges. This flaw may lead to a loss of confidentiality, integrity and/or availability.

[CLOSE] OSVDB ID : 3769 - Disclosed: 2004-01-29

Description:

PhpGedView contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered because remote users may influence the 'PGV_BASE_DIRECTORY' variable in the [GED_File]_conf.php module, which specifies an include path. It is possible that the flaw may allow an attacker to execute arbitrary code resulting in a loss of confidentiality, integrity, and/or availability.

[CLOSE] OSVDB ID : 3742 - Disclosed: 2004-01-29

Description:

MAILsweeper for SMTP contains a flaw that may allow a remote denial of service. The issue is triggered when scanning attached RAR files causes the Security service to enter an endless loop and will result in loss of availability for the vulnerable system.

[CLOSE] OSVDB ID : 3914 - Disclosed: 2004-01-29

Description:

ezContents contains a flaw that may allow a malicious user to bypass authentication. It is possible that the flaw may allow an attacker to bypass login and access restricted functions resulting in a loss of confidentiality, integrity, and/or availability.

[CLOSE] OSVDB ID : 3741 - Disclosed: 2004-01-29

Description:

BRS WebWeaver contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application "ISAPISkeleton.dll" returns input unfiltered. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 45014 - Disclosed: 2004-01-29

Description:

(Description Provided by CVE) : Certain third-party packages for CVSup 16.1h, such as SuSE Linux, contain untrusted paths in the ELF RPATH fields of certain executables, which could allow local users to execute arbitrary code by causing cvsup to link against malicious libraries that are created in world-writable directories such as /usr/src/packages.

[CLOSE] OSVDB ID : 34287 - Disclosed: 2004-01-28

Description:

(Description Provided by CVE) : SurfNOW 2.2 allows remote attackers to cause a denial of service (crash) via a series of long HTTP GET requests, possibly triggering a buffer overflow.

[CLOSE] OSVDB ID : 7454 - Disclosed: 2004-01-28

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 3739 - Disclosed: 2004-01-28

Description:

Web Blog contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker sends a URL which utilizes directory traversal character to escape the server root, which will disclose arbitrary file information resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 3753 - Disclosed: 2004-01-28

Description:

ColdFusion MX contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted URL is sent to the server, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 3754 - Disclosed: 2004-01-28

Description:

BremsServer contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate usersupplied input. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 3740 - Disclosed: 2004-01-28

Description:

ISS BlackICE for PC's contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when .ini file, which are writable by any user, are modified supplying an overly long value in the packetLog.fileprefix parameter. This flaw may result in execution of arbitrary commands with system privilages, leading to a loss of confidentiality, integrity, and availability.

[CLOSE] OSVDB ID : 3749 - Disclosed: 2004-01-28

Description:

DotNetNuke contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker uses a specially crafted GET request to download the Web.config file, which will disclose sql account information resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 3750 - Disclosed: 2004-01-28

Description:

DotNetNuke contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that "table" and "field" variable in the "LinkClick.aspx" module is not verified properly and will allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 3751 - Disclosed: 2004-01-28

Description:

DotNetNuke contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input variables upon submission to the EditModule.aspx script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 3757 - Disclosed: 2004-01-28

Description:

IBM Informix Dynamic Server and IBM Informix Extended Parallel Server contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when setting the INFORMIXDIR variable to a directory containing malicious files. This flaw may lead to privilege escalation.

[CLOSE] OSVDB ID : 3759 - Disclosed: 2004-01-28

Description:

A local overflow exists in IBM's Informix Database. The "ontape" binary contains a boundary error resulting in a buffer overflow. With a specially crafted request, an attacker can cause gain root privileges resulting in a loss of confidentiality, integrity, and/or availability.

[CLOSE] OSVDB ID : 3760 - Disclosed: 2004-01-28

Description:

IBM Informix contains a flaw in the onecdu binary that may allow a malicious user to overwrite arbitrary files through symbolic links, which may lead to a loss of data integrity

[CLOSE] OSVDB ID : 3768 - Disclosed: 2004-01-28

Description:

PhpGedView contains a flaw that may allow a malicious user with administrative rights to include malicious PHP files. The issue is triggered when an attacker sends a specially-crafted URL request to the editconfig_gedcom.php script to specify a malicious file from a remote system. It is possible that the flaw may allow arbitrary code execution resulting in a loss of confidentiality, integrity, and/or availability.