| OSVDB ID | Disclosure Date | Title |
|---|
|
42884
Description:
Unknown / Incomplete
|
2004-04-30
|
Sambar Server with IndigoPerl /cgi-bin/com1.pl Arbitrary Command Execution
|
|
44069
Description:
Unknown / Incomplete
|
2004-04-30
|
Phorum common.php Unspecified Issue
|
|
5750
Description:
Web Wiz Forum contains a flaw that may allow a remote attacker to manipulate the topic status. The issue is triggered due to a logical error in "pop_up_topic_admin.asp" input validation. It is possible that the flaw may allow a remote attacker to manipulate the topic status without authentification, resulting in a loss of integrity.
|
2004-04-30
|
Web Wiz Forums pop_up_topic_admin.asp Unauthenticated Title Modification
|
|
5752
Description:
Web Wiz Forum contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the "laryCheckedIPAddrID" parameter in the "pop_up_ip_blocking.asp" script is not verified properly and will allow a remote attacker to inject or manipulate SQL queries.
|
2004-04-30
|
Web Wiz Forums pop_up_ip_blocking.asp laryCheckedIPAddrID Parameter SQL Injection
|
|
5719
Description:
(Description Provided by CVE) : 3com NBX IP VOIP NetSet Configuration Manager allows remote attackers to cause a denial of service (crash) via a Nessus scan in safeChecks mode.
|
2004-04-30
|
3com NBX IP VOIP NetSet Configuration Manager Remote DoS
|
|
5747
Description:
Moodle contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'text' variables upon submission to the help.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2004-04-30
|
Moodle help.php text Parameter XSS
|
|
23242
Description:
(Description Provided by CVE) : Multiple SQL injection vulnerabilities in ReciPants 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) user id, (2) recipe id, (3) category id, and (4) other ID number fields.
|
2004-04-30
|
ReciPants Multiple Parameter SQL Injection
|
|
5744
Description:
ProFTPD contains a flaw that may allow a malicious user to bypass access control lists. The issue is triggered when an ACL is created using CIDR format, which is treated as AllowAll. It is possible that the flaw may allow unauthorized access resulting in a loss of integrity.
|
2004-04-30
|
ProFTPD CIDR IP Subnet ACL Bypass
|
|
5720
Description:
GNU Midnight Commander contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the program fails to validate input of non-descript format strings. No further details have been provided. This flaw may lead to a loss of integrity and/or availability.
|
2004-04-30
|
Midnight Commander Unspecified Format String
|
|
5721
Description:
GNU Midnight Commander contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to insecure temporary file and directory creations. This flaw may lead to a loss of integrity. No further details are available.
|
2004-04-30
|
Midnight Commander Insecure Temporary File Creation
|
|
5726
Description:
libpng contains a flaw that may allow a remote denial of service. The issue is triggered when the library process a malformed PNG image and attempts to use memory it has not allocated for an error message. The application using the libpng library will crash resulting in loss of availability.
|
2004-04-30
|
libpng Malformed PNG Image Error Handling DoS
|
|
5732
Description:
Network Appliances Data ONTAB and NetCache contains a flaw that may allow a remote denial of service. Client machines infected with an unspecified worm caused Network Applicance devices to panic and reboot, resulting in a loss of availability for the devices. No further details have been provided.
|
2004-04-30
|
NetApp NetCache / ONTAP Unspecified Remote DoS
|
|
61165
Description:
Unknown / Incomplete
|
2004-04-30
|
web2ldap IOError Exception Error Message Path Disclosure
|
|
5731
Description:
A remote unchecked input exists in rsync. The program fails to check write inputs resulting in file write access outside the intended path. With a specially crafted request, an attacker can write files outside the module path, resulting in a loss of integrity.
|
2004-04-29
|
rsync Traversal Arbitrary File Creation
|
|
5717
Description:
osCommerce contains a flaw in Admin Access With Levels plugin that may allow a malicious user to gain access to administrative functions. The issue is triggered when an attacker accesses scripts in the "admin/" directory by supplying any non-zero value to the "in_login" parameter. This flaw may lead to a loss of Confidentiality.
|
2004-04-29
|
osCommerce Admin Access With Levels plugin in_login Authenticatin Bypass
|
|
5722
Description:
Midnight Commander contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to multiple non-descript overflows. No further details have been provided.
|
2004-04-29
|
Midnight Commander Unspecified Buffer Overflows
|
|
5710
Description:
Arjohn Kampman's Sesame contains a flaw that may allow a malicious user to gain unauthorized repository access. The issue is triggered when the application fails to properly secure repository contents in memory once they have been accessed. It is possible that the flaw may allow a remote authenticated attacker to obtain sensitive information resulting in a loss of confidentiality.
|
2004-04-29
|
Sesame Anonymous User Unspecified Repository Access
|
|
5713
Description:
McAfee Security Installer Control System contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker lures a user into visiting a malicious website where values in user accessible registry keys can be read via the "RegQueryValue()" method in the "McAfee.com Registry Class" object, which will disclose sensitive information resulting in a loss of confidentiality.
|
2004-04-29
|
McAfee Security Installer Control System mcinsctl.dll Information Disclosure
|
|
5756
Description:
Coppermine Photo Gallery contains a flaw that may lead to an unauthorized information disclosure. By sending specially crafted URL requests to the phpinfo.php script the program will return an error message, which will disclose the installation path resulting in a loss of confidentiality.
|
2004-04-29
|
Coppermine Photo Gallery phpinfo.php Path Disclosure
|
|
5757
Description:
Coppermine Photo Gallery contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "CPG_URL" variable upon submission to the menu.inc.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2004-04-29
|
Coppermine Photo Gallery menu.inc.php CPG_URL Parameter XSS
|
|
5758
Description:
Coppermine Photo Gallery contains a flaw that allows a remote attacker to view arbitrary files outside of the web path. The issue is due to the 'modules.php' script not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'startdir' variable.
|
2004-04-29
|
Coppermine Photo Gallery modules.php startdir Parameter Traversal Arbitrary File Access
|
|
5759
Description:
Coppermine Photo Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands. By supplying specially crafted "impath" or "jpeg_equal" configuration parameters, a remote attacker could execute arbitrary shell commands on the system, resulting in a loss of integrity.
|
2004-04-29
|
Coppermine Photo Gallery picmgmtbatch.inc.php Arbitrary Command Execution
|
|
5761
Description:
Coppermine Photo Gallery contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is triggered when sending a specially crafted URL request to the init.inc.php script using the CPG_M_DIR variable to specify a malicious file from a remote system as a parameter. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.
|
2004-04-29
|
Coppermine Photo Gallery init.inc.php Remote File Inclusion
|
|
5912
Description:
Coppermine Photo Gallery contains a flaw that may allow a remote attacker to execute arbitrary code. The issue is triggered when sending a specially crafted URL request to the theme.php script using the THEME_DIR variable to specify a malicious file from a remote system as a parameter. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.
|
2004-04-29
|
Coppermine Photo Gallery theme.php Multiple Parameter Remote File Inclusion
|
|
5938
Description:
CMSimple contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker requests the "[basedir]/html/cmsimple/config.php" file, which will disclose the unencrypted password for the CMSimple site resulting in a loss of confidentiality.
|
2004-04-29
|
CMSimple config.php Password Exposure
|
|
6036
Description:
phpShop contains a flaw that may allow a malicious user to execute user provided remote code. The issue is triggered when the $base_dir variable is overwritten. It is possible that the flaw may allow remote access, resulting in a loss of confidentiality and integrity.
|
2004-04-29
|
phpShop index.php base_dir Parameter Remote File Inclusion
|
|
6495
Description:
Coppermine Photo Gallery contains a flaw that may lead to an unauthorized information disclosure. By sending specially crafted URL requests to the addpic.php script the program will return an error message, which will disclose the installation path resulting in a loss of confidentiality.
|
2004-04-29
|
Coppermine Photo Gallery addpic.php Path Disclosure
|
|
6496
Description:
Coppermine Photo Gallery contains a flaw that may lead to an unauthorized information disclosure. By sending specially crafted URL requests to the config.php script the program will return an error message, which will disclose the installation path resulting in a loss of confidentiality.
|
2004-04-29
|
Coppermine Photo Gallery config.php Path Disclosure
|
|
6497
Description:
Coppermine Photo Gallery contains a flaw that may lead to an unauthorized information disclosure. By sending specially crafted URL requests to the db_input.php script the program will return an error message, which will disclose the installation path resulting in a loss of confidentiality.
|
2004-04-29
|
Coppermine Photo Gallery db_input.php Path Disclosure
|
|
6498
Description:
Coppermine Photo Gallery contains a flaw that may lead to an unauthorized information disclosure. By sending specially crafted URL requests to the displayecard.php script the program will return an error message, which will disclose the installation path resulting in a loss of confidentiality.
|
2004-04-29
|
Coppermine Photo Gallery displayecard.php Path Disclosure
|
|
6499
Description:
Coppermine Photo Gallery contains a flaw that may lead to an unauthorized information disclosure. By sending specially crafted URL requests to the ecard.php script the program will return an error message, which will disclose the installation path resulting in a loss of confidentiality.
|
2004-04-29
|
Coppermine Photo Gallery ecard.php Path Disclosure
|
|
6500
Description:
Coppermine Photo Gallery contains a flaw that may lead to an unauthorized information disclosure. By sending specially crafted URL requests to the crop.inc.php script the program will return an error message, which will disclose the installation path resulting in a loss of confidentiality.
|
2004-04-29
|
Coppermine Photo Gallery crop.inc.php Path Disclosure
|
|
7219
Description:
The Linux kernel contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered due to an error in the error path of the do_fork function; if an error exists after the allocation of the mm_struct for a child process, the do_fork function fails to free the process. This memory leak will disclose sensitive information, resulting in a loss of confidentiality, and consume system memory, resulting in a loss of availability through resource exhaustion.
|
2004-04-29
|
Linux Kernel do_fork Memory Leak Information Disclosure
|
|
12774
Description:
A remote overflow exists in Sphiro HTTPD. The application fails to perform proper bounds checking resulting in a heap overflow. With a specially crafted request, a remote attacker can cause the daemon to crash or execute arbitrary code resulting in a loss of integrity, and/or availability.
|
2004-04-29
|
Sphiro HTTPD Remote Overflow
|
|
16901
Description:
(Description Provided by CVE) : SMC Barricade broadband router 7008ABR and 7004VBR enable remote administration by default, which allows remote attackers to gain access by connecting to port 1900.
|
2004-04-28
|
Barricade SMC700* Unauthenticated Remote Admin Access
|
|
7116
Description:
Unknown / Incomplete
|
2004-04-28
|
SMC Broadband Router Default WAN Remote Administration
|
|
5697
Description:
Linux kernel framebuffer driver contains a flaw that may allow a local denial of service. The function fb_copy_cmap() allows data to be copied directly to userspace instead of using correct interface. The issue is triggered when the copied data violates the userspace boundary, and will result in loss of availability.
|
2004-04-28
|
Linux Kernel Framebuffer Driver fb_copy_cmap DoS
|
|
5942
Description:
Meteo contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the meteobrowser.php script not properly escaping arguments passed to the system() call. With a specially crafted URL, a remote attacker may be able to execute arbitrary commands under the privilege of the web server.
|
2004-04-28
|
Meteo meteobrowser.php Arbitrary Command Execution
|
|
8093
Description:
Unknown / Incomplete
|
2004-04-28
|
MPlayer Matroska Demuxer Overflow
|
|
8094
Description:
Unknown / Incomplete
|
2004-04-28
|
MPlayer CDDB TOC Overflow
|
