| OSVDB ID | Disclosure Date | Title |
|---|
|
6949
Description:
VP-ASP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not properly validate variables upon submission to the shop$db.asp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2004-06-12
|
VP-ASP Shopping Cart shop$db.asp XSS
|
|
6950
Description:
NetBSD contains a flaw that may allow a local denial of service. The issue is due to a integer handling vulnerability in "swapctl()" system call. A local attacker can crash the server, resulting in loss of availability.
|
2004-06-12
|
NetBSD swapctl Integer Handling Local DoS
|
|
6947
Description:
Mandrake Linux contains a flaw that may allow a malicious user to perform a symlink attack. The issue is due to insecure tempotary file creation in the "/tmp" directory by the ksymoops-gznm script. It is possible that the flaw may allow a local attacker to delete arbitrary file on the system with a symlink pointing to an arbitrary file, resulting in a loss of integrity.
|
2004-06-12
|
Mandrake Linux ksymoops-gznm Arbitrary File Deletion
|
|
15548
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the web mail module for Usermin 1.070 allows remote attackers to insert arbitrary HTML and script via e-mail messages.
|
2004-06-11
|
Usermin Web Mail Module Unspecified XSS
|
|
44070
Description:
Unknown / Incomplete
|
2004-06-11
|
Phorum Multiple Scripts Unspecified Issues
|
|
23392
Description:
Unknown / Incomplete
|
2004-06-11
|
LinPHA File Management Object Rename Permission Modification
|
|
6957
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in signin.aspx for AspDotNetStorefront 3.3 allows remote attackers to inject arbitrary web script or HTML via the returnurl parameter.
|
2004-06-11
|
AspDotNetStorefront signin.aspx returnurl Parameter XSS
|
|
6997
Description:
PHP-Nuke contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "categories" variable upon submission to the FAQ module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2004-06-11
|
PHP-Nuke FAQ Module categories Parameter XSS
|
|
6998
Description:
PHP-Nuke contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate ltr, eid, and query variables upon submission to the Encyclopedia module. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2004-06-11
|
PHP-Nuke Encyclopedia Module Multiple Function XSS
|
|
7000
Description:
PHP-Nuke contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the order variable in the Reviews module is not verified properly and will allow an attacker to inject or manipulate SQL queries.
|
2004-06-11
|
PHP-Nuke Reviews Module order Parameter SQL Injection
|
|
7002
Description:
PHP-Nuke contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a user submits a score which is not between 0 and 10, which will generate an error which in turn discloses installation path information resulting in a loss of confidentiality.
|
2004-06-11
|
PHP-Nuke Score Subsystem Path Disclosure
|
|
7003
Description:
PHP-Nuke contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker submits a very long score which is not validated by the Score subsystem, and will result in loss of availability for the platform.
|
2004-06-11
|
PHP-Nuke Score Subsystem score Variable DoS
|
|
6960
Description:
Unknown / Incomplete
|
2004-06-11
|
IE Security Zone Bypass and Address Bar Spoofing
|
|
6844
Description:
Ignition server contains a flaw that may allow a malicious user to link to server without password. The issue is due to missing the password verfication when linking server. It is possible that the flaw may allow a remote attacker to link to a server, kill the clients on the server and crash the server, resulting in a loss of confidentiality, integrity, and/or availability.
|
2004-06-11
|
ignitionServer Server Linking Password Verification Bypass
|
|
7092
Description:
Webmatic contains a flaw related to the login function that may allow an unauthorized attacker to gain login privileges. No further details have been provided.
|
2004-06-11
|
Webmatic Unspecified Login Function Access
|
|
6843
Description:
Unknown / Incomplete
|
2004-06-10
|
BlackBoard Inc BlackBoard Learning System Digital Dropbox File Retrieval
|
|
6838
Description:
smtp.proxy contains a flaw that may allow a malicious user to perform format string attack. The issue is due to a format string error in "smtp.c" function. By sending a specially crafted message containing a format string in either the client hostname or the message-id, a remote attacker can crash the proxy server and execute arbitrary code on the compromised system, resulting in a loss of confidentiality, integrity, and/or availability.
|
2004-06-10
|
smtp.proxy smtp.c Format String Arbitrary Command Execution
|
|
6830
Description:
(Description Provided by CVE) : CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator from being used and may lead to a denial of service (crash), modification of critical program data, or arbitrary code execution.
|
2004-06-10
|
CVS Entry Line Null Termination DoS
|
|
6831
Description:
(Description Provided by CVE) : Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to execute arbitrary code.
|
2004-06-10
|
CVS error_prog_name Double-Free Command Execution
|
|
6832
Description:
(Description Provided by CVE) : Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.
|
2004-06-10
|
CVS Max-dotdot Overflow DoS
|
|
6835
Description:
(Description Provided by CVE) : serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote attackers to perform an "out-of-bounds" write for a single byte to execute arbitrary code or modify critical program data.
|
2004-06-10
|
CVS serve_notify Out-of-Bounds Arbitrary Code Execution
|
|
6969
Description:
Unknown / Incomplete
|
2004-06-10
|
Microsoft ISA Server 2000 Invalid DNS Request DoS
|
|
6970
Description:
Unknown / Incomplete
|
2004-06-10
|
Microsoft ISA Server 2000 Web Publishing Unencrypted Credentials Disclosure
|
|
6971
Description:
Unknown / Incomplete
|
2004-06-10
|
Microsoft ISA Server 2000 ICMP Rule Bypass During Startup
|
|
6845
Description:
Unknown / Incomplete
|
2004-06-10
|
Blosxom writeback Comment XSS
|
|
6829
Description:
Cisco CATOS contains a flaw that may allow a remote denial of service. The issue is triggered when an attacker initiates a TCP session but does not send the final ACK packet, but instead sends a malformed response which may cause the connection to enter an invalid TCP state and will result in loss of availability for the Cisco device.
|
2004-06-10
|
Cisco CatOS TCP-ACK Remote DoS
|
|
6849
Description:
Unknown / Incomplete
|
2004-06-10
|
Billion BIPAC-640 AE Administrative Web Interface User
Authentication Bypass
|
|
6968
Description:
Microsoft ISA Server 2000 contains a flaw that may lead to an information disclosure. The problem is that the FTP server does not validate IP addresses supplied via the PORT command while in passive(PASV) mode. It is possible for a remote attacker to establish a connection between the FTP server and an arbitrary port on a third-party system, essentially conducting a port-scan. This can be used to obscure the the source of the port-scan, as well as scan internal systems that may be protected by a screening device.
|
2004-06-10
|
Microsoft ISA Server 2000 FTP Port Scan Bounce Weakness
|
|
6839
Description:
Apache contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious user sends a "Content-Length:" header that contains a large negative value through the mod_proxy module, and will result in loss of availability for the service.
|
2004-06-10
|
Apache HTTP Server mod_proxy Content-Length Overflow
|
|
6851
Description:
(Description Provided by CVE) : Buffer overflow in Real Networks RealPlayer 10 allows remote attackers to execute arbitrary code via a URL with a large number of "." (period) characters.
|
2004-06-10
|
RealPlayer embd3260.dll URL Parsing Overflow
|
|
15727
Description:
(Description Provided by CVE) : Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.
|
2004-06-09
|
CVS Wrapper Line Format String
|
|
6958
Description:
aspdotnetstorefront contains a flaw that allows a remote broswer based attack. This flaw exists because the application does not validate sessions correctly. Successful exploitation requires submission of a specially crafted URL to the administrative script deleteicon.aspx. This could allow a user to delete images on the server leading to loss of integrity. This vulnerability requires the attacker to know or guess a Product number to succeed.
|
2004-06-09
|
AspDotNetStorefront deleteicon.aspx Unauthorized Image Delete
|
|
6959
Description:
AspDotNetStorefront contains a flaw that may allow a malicious user to upload and execute any file. The issue is triggered when a user uploads a file via /aspdotnetcart/admin/images.aspx which fails to check for correct mime types. It is possible that the flaw may allow remote code execution resulting in a loss of integrity. Successful exploitation requires knowledge of an administrative password.
|
2004-06-09
|
AspDotNetStorefront images.aspx Arbitrary Command Execution
|
|
6940
Description:
(Description Provided by CVE) : The modified suexec program in cPanel, when configured for mod_php and compiled for Apache 1.3.31 and earlier without mod_phpsuexec, allows local users to execute untrusted shared scripts and gain privileges, as demonstrated using untainted scripts such as (1) proftpdvhosts or (2) addalink.cgi, a different vulnerability than CVE-2004-0490.
|
2004-06-09
|
cPanel suEXEC Privilege Escalation
|
|
6840
Description:
Trend Micro OfficeScan contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when the help button on the OfficeScan Client window is depressed and winhlp32.exe is executed using the same account as the OfficeScan service, SYSTEM by default. Using this help utility, a local user can then launch any application with the same privileges.
|
2004-06-09
|
Trend Micro OfficeScan Help System Privilege Escalation
|
|
6833
Description:
CVS (Concurrent Versions System) contains a flaw that may allow a malicious user to execude code remotely. The issue is triggered when an Argumentx command is issued which is used to add more data to a previously stored argument which is freed on client exit without checking if this list is already empty. This flaw, known as Double-free allows remote code executing resulting in a loss of integrity.
|
2004-06-09
|
CVS Argumentx Arbitrary Command Execution
|
|
17940
Description:
Unknown / Incomplete
|
2004-06-09
|
Laffer get_pr Unspecified Security Issue
|
|
7006
Description:
cPanel contains a flaw that may allow a malicious user to overwrite database entries, including password information. The issue is triggered when the user passes special characters within the "password", "domain" and "user" variables to the password change script. It is possible that the flaw may allow privilege escalation resulting in a loss of integrity.
|
2004-06-09
|
cPanel passwd Script Unauthorized Database Password Change
|
|
6834
Description:
A remote overflow exists in Concurrent Versions System. The CVS fails to handle an empty data line input resulting in a potential single byte overflow. With a specially crafted request, an attacker can cause the execution of the supplied code resulting in a loss of confidentiality, integrity, and/or availability. Since the CVS system is used to version control source code, these flaws put the source code in the repository at risk of being changed. This could lead to future exploits of any software that was checked into the system. These problems were discovered after a system compromise. The subsequent CVS code audit discovered several issues. This should be considered a critical issue and any source code located on public CVS servers should be verified to be correct.
|
2004-06-09
|
CVS serve_notify Overflow Command Execution
|
|
6836
Description:
A local overflow exists in CVS stable and CVS feature. CVS fails to adequately handle configuration files stored in CVSROOT containing empty lines, resulting in a single byte underflow. By providing such a formatted configuration file, an attacker can trigger the issue, resulting in a loss of availability and possibly other effects. It should be noted that only users with the COMMIT privilege can properly exploit this issue. It is further reported that only big-endian architectures (eg, SPARC, as opposed to Intel) should be affected adversely by this problem.
|
2004-06-09
|
CVS CVSROOT Configuration File Empty Line Underflow
|
