[CLOSE] OSVDB ID : 12121 - Disclosed: 2004-08-19

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 42087 - Disclosed: 2004-08-19

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 9019 - Disclosed: 2004-08-19

Description:

Gallery contains a flaw inside save_photos.php that will allow an attacker to upload arbitrary PHP script. The problem is that if the temporary directory is web-accessible, authenticated users with upload privileges may upload arbitrary PHP scripts which may then be executed. The script times out in 30 seconds if no more data is uploaded but in that 30 seconds an attacker can execute their uploaded PHP file.

[CLOSE] OSVDB ID : 9011 - Disclosed: 2004-08-19

Description:

A remote overflow exists in SoftCart. SoftCart fails to properly sanitize CGI parameters resulting in a buffer overflow. With a specially crafted request, an attacker can gain system level access and execute arbitrary code resulting in a loss of confidentiality and/or integrity.

[CLOSE] OSVDB ID : 9012 - Disclosed: 2004-08-19

Description:

Windows contains a flaw that may allow a malicious user to bypass firewall protection. The issue is triggered when a specially crafted packet is sent which is not blocked by the firewall. It is possible that the flaw may allow unauthorized access resulting in a loss of confidentiality and integrity.

[CLOSE] OSVDB ID : 9015 - Disclosed: 2004-08-19

Description:

mysqlhotcopy within MySQL contains a flaw that may allow a malicious user to overwrite arbitrary files. The issue is triggered when mysqlhotcopy creates insecure temporary files. It is possible that the flaw may allow a malicious user to use specially crafted symlinks to arbitrarily ovewrite files resulting in a loss of confidentiality and/or integrity.

[CLOSE] OSVDB ID : 9072 - Disclosed: 2004-08-19

Description:

A remote overflow exists in aGSM. The program fails to validate the responses from Half-Life servers resulting in a buffer overflow condition. With a specially crafted request, an attacker can cause an overflow and execute arbitrary code on the system, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 9035 - Disclosed: 2004-08-19

Description:

Qt contains a flaw that may allow a remote denial of service. The issue is triggered when a NULL derefernce occurs in the GIF parser, and will result in loss of availability for the system running Qt. No further details have been provided.

[CLOSE] OSVDB ID : 9036 - Disclosed: 2004-08-19

Description:

Qt contains a flaw that may allow a remote denial of service. The issue is triggered when a NULL derefernce occurs in the XPM parser, and will result in loss of availability for the system running Qt. No further details have been provided.

[CLOSE] OSVDB ID : 9108 - Disclosed: 2004-08-19

Description:

(Description Provided by CVE) : ZixForum 1.14 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download a database containing passwords via a direct request for Zixforum.mdb. NOTE: a followup post suggests that this issue only occurs if the administrator does not properly follow installation directions.

[CLOSE] OSVDB ID : 9109 - Disclosed: 2004-08-19

Description:

AWStats contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered when unexpected parameters are passed to the rawlog.pm module. It is possible that the flaw may allow an attacker to read files on the system, or execute commands as the webserver user resulting in a loss of integrity.

[CLOSE] OSVDB ID : 9140 - Disclosed: 2004-08-19

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 9141 - Disclosed: 2004-08-19

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 45127 - Disclosed: 2004-08-18

Description:

The MD5 Message-Digest Algorithm contains a flaw in the hash table implementation. The issue is due the algorithm not providing enough collision resistance when hashing keys. This flaw may allow a context-dependent attacker to create malicious applications or conduct other spoofing attacks.

[CLOSE] OSVDB ID : 9013 - Disclosed: 2004-08-18

Description:

Courier IMAP contains a flaw that may allow a malicious user to execute arbitrary code. The issue is triggered by a user being able to inject format strings into a 'buf' variable within fprintf(). It is possible that the flaw may allow a remote attacker to execute a format string attack resulting in a loss of confidentiality and/or integrity.

[CLOSE] OSVDB ID : 8989 - Disclosed: 2004-08-18

Description:

Cacti contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that the username and password variables in the auth_login.php module is not verified properly and will allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 8990 - Disclosed: 2004-08-18

Description:

Cacti contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious user sends a specially crafted URL or tries to access the auth.php script directly, which causes the server to display an error page which discloses path information resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 8991 - Disclosed: 2004-08-18

Description:

Cacti contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a malicious user sends specially crafted URL requests or attempts to directly access the auth_login.php script on the web server, which will disclose path information resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 8992 - Disclosed: 2004-08-18

Description:

A Path Disclosure Vulnerability has been found in Cacti, which can result, if exploited, in the disclosure of Cacti's instalation path.

[CLOSE] OSVDB ID : 8994 - Disclosed: 2004-08-18

Description:

Multiple ftpd contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered due to improper signal handler operations. By providing a USER command during an established FTP session, a remote attacker could gain access to unauthorized privileges, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 9026 - Disclosed: 2004-08-18

Description:

A remote overflow exists in Trolltech Qt. The read_dib() fails to check user supplied d resulting in a buffer overflow in at least three blocks of code. With a specially crafted request, an attacker can execute arbitrary code with the privelege of the current user resulting in a loss of confidentiality, integrity, and/or availability.

[CLOSE] OSVDB ID : 9014 - Disclosed: 2004-08-18

Description:

The GNU less utility has been reported to contain a remotely exploitable format string condition. According to the report, the LESSOPEN environment in filename.c may allow an attacker to execute arbitrary commands remotely. Further examination revealed this is not the case.

[CLOSE] OSVDB ID : 9009 - Disclosed: 2004-08-18

Description:

Cisco IOS contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted OSPF packet is sent to a device running IOS. The attack requires OSPF to be enabled and knowledge of the device's OSPF area number, netmask, hello, and dead timers, and will result in loss of availability for the platform.

[CLOSE] OSVDB ID : 9070 - Disclosed: 2004-08-18

Description:

Microsoft IE contains a flaw that may allow an attacker to upload a malicious file. The issue is triggered when a user attempts a drag and drop action on a malicious html page. It is possible that the flaw may allow the saving of an arbitrary file in the startup folder which will be executed after the next reboot resulting in a loss of integrity.

[CLOSE] OSVDB ID : 9071 - Disclosed: 2004-08-18

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 57543 - Disclosed: 2004-08-18

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 8984 - Disclosed: 2004-08-18

Description:

PlaySMS contains a flaw that will allow an attacker to inject arbitrary SQL code. The problem is that if the magic_quotes_gpc option is disabled, the "vc2" variable in the cookie is not verified properly and will allow an attacker to inject or manipulate SQL queries. (NOTE: Note that setting "magic_quotes_gpc" to "Off" is discouraged by the author of the program in the INSTALL file).

[CLOSE] OSVDB ID : 15063 - Disclosed: 2004-08-17

Description:

(Description Provided by CVE) : The (1) function.php or (2) function.view.php scripts in Merak Mail Server 5.2.7 allow remote attackers to read arbitrary PHP files via a direct HTTP request to port 32000.

[CLOSE] OSVDB ID : 11532 - Disclosed: 2004-08-17

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 9139 - Disclosed: 2004-08-17

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 45126 - Disclosed: 2004-08-17

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 45125 - Disclosed: 2004-08-17

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 9016 - Disclosed: 2004-08-17

Description:

Opera contains a design flaw related to the Third Party Cookie Handling when Opera is set to refuse all third party cookies. This allows an attacker to replay session information of any network community which is relying on cookies alone for session management such as web based email and chat room.

[CLOSE] OSVDB ID : 9017 - Disclosed: 2004-08-17

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 9032 - Disclosed: 2004-08-17

Description:

PHP-Fusion contains a flaw that may lead to an unauthorized information disclosure. Attacker can download or view database backup files due to the fact that they are stored in publicly accessable directories and use predictable naming schemes in the format: "backup_year-month-day_time.sql" or "backup_year-month-day_time.sql.gz".

[CLOSE] OSVDB ID : 9033 - Disclosed: 2004-08-17

Description:

PHP-Fusion contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker accesses the updateuser.php script without any arguments, which will disclose the full install path resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 9034 - Disclosed: 2004-08-17

Description:

PHP-Fusion contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when an attacker accesses the forums_prune.php script without any arguments, which will disclose the full install path resulting in a loss of confidentiality.

[CLOSE] OSVDB ID : 9037 - Disclosed: 2004-08-17

Description:

Merak Mail Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple variables upon submission to the address.html script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 9038 - Disclosed: 2004-08-17

Description:

Merak Mail Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple variables upon submission to the settings.html script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 9039 - Disclosed: 2004-08-17

Description:

Merak Mail Server contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the "folder" variable upon submission to the "readmail.html" script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.