| OSVDB ID | Disclosure Date | Title |
|---|
|
8531
Description:
Web Mail contains a flaw related to file system security that may allow an attacker to create arbitrary directories. A valid user login is required. No further details have been provided.
|
2004-08-10
|
IceWarp WebMail Arbitrary Directory Creation
|
|
8532
Description:
Web Mail contains a flaw related to an information disclosure in that an attacker may view the full install path. This can be performed with guest access. No further details have been provided.
|
2004-08-10
|
IceWarp WebMail Path Disclosure
|
|
8533
Description:
Web Mail contains a flaw related to access rights that may allow an attacker to view or download any attachments. No further details have been provided.
|
2004-08-10
|
IceWarp WebMail Arbitrary Attachment Access
|
|
8534
Description:
Web Mail contains a flaw related to access rights that may allow an attacker to delete any file on a victim system. No further details have been provided.
|
2004-08-10
|
IceWarp WebMail Arbitrary File Deletion
|
|
8535
Description:
Web Mail contains a flaw related to access rights that may allow an attacker to move any file or directory on a victim system. This can be performed with guest access. No further details have been provided.
|
2004-08-10
|
IceWarp WebMail Arbitrary Unauthenticated File/Directory Moving
|
|
8536
Description:
Web Mail contains a flaw related to access rights that may allow an attacker to rename any file or directory on a victim system. A valid user account is required. No further details have been provided.
|
2004-08-10
|
IceWarp WebMail Arbitrary File/Directory Rename
|
|
8537
Description:
Web Mail contains a flaw related to sql injection that may allow an attacker to compromise Web Mail. No further details have been provided.
|
2004-08-10
|
IceWarp WebMail Unspecified SQL Injection
|
|
8538
Description:
Web Mail contains a flaw related to XSS that may allow an attacker to manipulate the calendar.html script through multiple variables. No further details have been provided.
|
2004-08-10
|
IceWarp WebMail calendar.html Multiple Parameter XSS
|
|
8539
Description:
Web Mail contains a flaw related to the attachment and schedule/calendar that may allow an attacker to execute these modules without a session ID. No further details have been provided.
|
2004-08-10
|
IceWarp WebMail No Session ID Multiple Module Execution
|
|
8523
Description:
Sygate Enforcer contains a flaw that may allow a remote denial of service. The issue is triggered when a remote attacker sends a specially crafted UDP packet from source port 39999 to destination source port 39999 on the Enforcer system, and will result in loss of availability for the Enforcer system.
|
2004-08-10
|
Sygate Enforcer Discovery Packet DoS
|
|
8524
Description:
Sygate Secure Enterprise contains a flaw that may allow a remote denial of service. The issue is a trigged by a lack of replay protection in fields and the use of static encryption keys for communication allowing the possibility of replay attacks. A remote attacker can use this to contiually replay sessions between the SSA and the Secure Enterprise Server and will result in loss of availability for the Server.
|
2004-08-10
|
Sygate Secure Enterprise Protocol Session Replay DoS
|
|
8525
Description:
Sygate Enforcer contains a flaw that may allow a malicious user to bypass authentication and pass broadcast traffic onto hosts. The issue is triggered when a malicious user sends broadcast traffic destined for a host protected by Sygate Enforcer. Sygate Enforcer does not limit and/or stop broadcast traffic prior to authentication. It is possible that the flaw may allow the remote attacker to send malicious broadcast traffic to the protected machine resulting in a loss of availability.
|
2004-08-10
|
Sygate Enforcer Broadcast Traffic Filter Bypass
|
|
8405
Description:
GeNUGate contains a flaw that may allow a remote denial of service. The issue is triggered when an unspecified error occurs within the processing of ISAKMP packets allowing an attacker to perform unauthorized deletion of ISAKMP Security Associations, and will result in loss of availability for clients.
|
2004-08-10
|
GeNUGate ISAKMP Packet Unspecified DoS
|
|
22697
Description:
(Description Provided by CVE) : Drivers for certain display adapters, including (1) an unspecified ATI driver and (2) an unspecified Intel driver, might allow remote attackers to cause a denial of service (system crash) via a large JPEG image, as demonstrated in Internet Explorer using stoopid.jpg with a width and height of 9999999.
|
2004-08-10
|
Microsoft Windows Unspecified Display Driver Large Image Processing DoS
|
|
8507
Description:
Symantec Clientless VPN Gateway contains a flaw related to the ActiveX file browser that may allow an attacker to gain unauthenticated access to shares that allow both anonymous and user logins. No further details have been provided.
|
2004-08-10
|
Symantec Clientless VPN Gateway ActiveX File Browser Mixed Login Share Credential Issue
|
|
8508
Description:
Symantec Clientless VPN Gateway contains a flaw related to the ActiveX file browser. No further details have been provided.
|
2004-08-10
|
Symantec Clientless VPN Gateway ActiveX Unspecified Multiple Issues
|
|
8509
Description:
Symantec Clientless VPN Gateway contains a flaw related to the end user UI (user interface) that may allow an attacker to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.. No further details have been provided.
|
2004-08-10
|
Symantec Clientless VPN Gateway User UI Multiple XSS
|
|
8510
Description:
Symantec Clientless VPN Gateway contains a flaw that may allow an attacker to change the single signon credentials of arbitrary users through the end user UI. No further details have been provided.
|
2004-08-10
|
Symantec Clientless VPN Gateway User UI Arbitrary SSO Modification
|
|
8511
Description:
Symantec Clientless VPN Gateway contains a flaw related to the HTML file browser. No further details have been provided.
|
2004-08-10
|
Symantec Clientless VPN Gateway HTML File Browser Multiple Unspecified
|
|
8512
Description:
Symantec Corporation Clientless VPN Gateway contains a flaw related to the ActiveX file browser that may allow an attacker to cause the browser to behave incorrectly when an empty username and password are supplied. No further details have been provided.
|
2004-08-10
|
Symantec Clientless VPN Gateway ActiveX File Browser Empty Value Issue
|
|
8430
Description:
Apple Safari contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a web form is sent to a server using a POST method which issues an HTTP redirect to a GET method url. If the user uses the back/forward buttons in the browser safari will re-post the form data to get the URL which will disclose the form information resulting in a loss of confidentiality.
|
2004-08-10
|
Apple Safari Navigation Button Form Submission
|
|
8431
Description:
The implementation of the TCP/IP stack of multiple vendors contains a flaw that may allow a remote denial of service. The issue is triggered when sending a specially crafted sequence of fragmented ICMP packets which will cause the system to consume all available CPU resources during the defragmentation process (a.k.a. the 'rose attack'), which will result in loss of availability for the platform.
|
2004-08-10
|
Multiple Vendor Fragmented TCP/IP Packet DoS (Rose)
|
|
9530
Description:
Unknown / Incomplete
|
2004-08-09
|
Microsoft Windows CRL File Digital Signature Verification Failure
|
|
8411
Description:
IBM Tivoli Access Manager contains a flaw related to HTTP Response that may allow an attacker to conduct a cross site scripting attack. No further details have been provided.
|
2004-08-09
|
IBM Tivoli Access Manager HTTP Response XSS
|
|
8410
Description:
HP Process Resource Manager (PRM) contains a flaw that may allow a local attacker to corrupt files. No further details have been provided.
|
2004-08-09
|
HP-UX PRM/WLM Arbitrary File Corruption
|
|
8398
Description:
A remote overflow exists in AOL Instant Messenger. Instant Messenger fails to correctly limit the size of the value passed to the goaway function in the away feature resulting in a buffer overflow. A malicous user can create a specially crafted URI link that uses the 'aim:' handler and a long message value for the goaway parameter and post the link to a webpage or email. When a victim clicks on this link, or views an html document that invokes this link (such as <iframe>), the code included in the malicious URI may overwrite a Structured Exception Handler pointer which may be used to insert arbitrary code onto the stack. Once on the stack, the arbitrary code could then be executed resulting in a loss of integrity.
|
2004-08-09
|
AOL Instant Messenger (AIM) aim:goaway URI Handler goaway Function Away Message Handling Remote Overflow
|
|
8412
Description:
Simple Form contains a flaw that may allow a malicious user to use the server as an open mail relay. The issue is triggered when input passed to "admin_email_to" and "admin_email_from" is not properly verified prior to submission. It is possible that the flaw may allow the server to act as an open relay resulting in a loss of availability.
|
2004-08-09
|
Simple Form Multiple Parameter Arbitrary Mail Relay
|
|
8404
Description:
Solaris X Display Manager contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious user issues an invalid X Display Manager Control Protocol (XDMCP) request via a UDP packet to port 177, and will result in loss of availability for the service.
|
2004-08-09
|
Solaris X Display Manager (xdm) Invalid XDMCP Request DoS
|
|
8406
Description:
Cfengine contains a flaw that may allow a remote denial of service. The problem is that the 'AuthenticationDialogue()' function does not properly check the return value of the 'ReceiveTransaction()' function. With a specially crafted request, a remote attacker could crash the daemon resulting in a loss of availability.
|
2004-08-09
|
Cfengine AuthenticationDialogue() Function Remote DoS
|
|
9273
Description:
(Description Provided by CVE) : Certain USB drivers in the Linux 2.4 kernel use the copy_to_user function on uninitialized structures, which could allow local users to obtain sensitive information by reading memory that was not cleared from previous usage.
|
2004-08-09
|
Linux Kernel USB Structure Kernel Memory Disclosure
|
|
14664
Description:
A remote overflow exists in Cfengine. The 'AuthenticationDialogue()' function fails to perform proper bounds checking resulting in a buffer overflow. With an overly long 'SAUTH' command during RSA authentication, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.
|
2004-08-09
|
Cfengine AuthenticationDialogue() Function Remote Overflow
|
|
61196
Description:
Unknown / Incomplete
|
2004-08-09
|
RealPlayer Unspecified Remote Code Execution (EEYEB-20040811)
|
|
5070
Description:
(Description Provided by CVE) : Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows remote attackers to execute arbitrary code via an HTTP request using chunked transfer encoding.
|
2004-08-08
|
Sun iPlanet Chunked Transfer Encoding Overflow
|
|
26538
Description:
Unknown / Incomplete
|
2004-08-08
|
WikkaWiki RSS Action Unspecified XSS
|
|
10910
Description:
Unknown / Incomplete
|
2004-08-08
|
grsecurity RBAC System Arbitrary Process Termination
|
|
43165
Description:
Unknown / Incomplete
|
2004-08-08
|
SafeSquid Response Header Parsing
|
|
8937
Description:
Gyach Enhanced contains several flaws. No further details have been provided.
|
2004-08-08
|
Gyach Enhanced Multiple Unspecified Issues
|
|
8938
Description:
Gyach Enhanced contains a flaw related to the handling of conference packets containing error messages that may allow an attacker to crash the application. No further details have been provided.
|
2004-08-08
|
Gyach Enhanced Malformed Conference Packet DoS
|
|
8409
Description:
(Description Provided by CVE) : Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and earlier allows remote attackers to execute arbitrary code via crafted playlists that result in a long vcd:// URL.
|
2004-08-08
|
Xine vcd: Input Source Remote Overflow
|
|
8936
Description:
According to the adivsory, the 'page.cgi' script apparently contains a flaw that may allow an attacker to execute arbitrary commands. However, the flaw could not confirmed.
|
2004-08-08
|
Andrew Kilpatrick page.cgi Arbitrary Command Execution
|
