| OSVDB ID | Disclosure Date | Title |
|---|
|
22795
Description:
PHPCafe Tutorials Manager contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the index.php script not properly sanitizing user-supplied input to the 'id' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2005-10-31
|
PHPCafe Tutorials Manager index.php id Parameter SQL Injection
|
|
20435
Description:
The First4Internet XCP DRM software used to playback Sony copy-protected music CDs contains a flaw that may allow a malicious user to arbitrary manipulate local files and processes. The problem is that the 'aries.sys' driver hides any files, registry keys and/or processes with a name that starts with '$sys$', which may allow a malicious user to hide certain activities on a system that uses XCP resulting in a loss of integrity.
|
2005-10-31
|
Sony CD First4Internet XCP DRM aries.sys Local File/Process Manipulation
|
|
20398
Description:
ASP Fast Forum contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'error' parameter upon submission to the 'error.asp' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2005-10-31
|
ASP Fast Forum error.asp error Parameter XSS
|
|
20407
Description:
(Description Provided by CVE) : The parse_str function in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when called with only one parameter, allows remote attackers to enable the register_globals directive via inputs that cause a request to be terminated due to the memory_limit setting, which causes PHP to set an internal flag that enables register_globals and allows attackers to exploit vulnerabilities in PHP applications that would otherwise be protected.
|
2005-10-31
|
PHP parse_str() memory_limit Request Termination register_globals Manipulation
|
|
20897
Description:
PHP, when used as an Apache 2 module, contains an unspecified flaw in the virtual() function that may allow a malicious user to bypass certain configuration directives (e.g. "safe_mode" and "open_basedir"). This may allow the disclosure of sensitive information, resulting in a loss of confidentiality.
|
2005-10-31
|
PHP w/ Apache 2 SAPI virtual() Function Unspecified INI Setting Disclosure
|
|
20898
Description:
PHP contains a flaw in the "ext/curl" and "ext/gd" modules that may allow a malicious user to view sensitive files without authorization. It is possible that the flaw may allow the attacker to bypass the "safe_mode" or "open_basedir" restrictions. This may allow the disclosure of sensitive information, resulting in a loss of confidentiality.
|
2005-10-31
|
PHP Unspecified curl / gd Restriction Bypass
|
|
20386
Description:
phpBB contains a flaw that may allow a remote attacker to bypass the globals deregistration code. The issue is triggered due to an error where global variables defined by the user are not properly unset. It is possible that the flaw may allow cross site scripting and SQL injection attacks, and/or execution of arbitrary PHP code resulting in a loss of integrity.
|
2005-10-31
|
phpBB GPC Variable Set register_globals Bypass
|
|
20387
Description:
phpBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'error_msg' variables upon submission to the 'usercp_register.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-10-31
|
phpBB usercp_register.php error_msg Parameter XSS
|
|
20388
Description:
phpBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'forward_page' variable upon submission to the 'login.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-10-31
|
phpBB login.php forward_page Parameter XSS
|
|
20389
Description:
phpBB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'list_cat' variable upon submission to the 'search.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-10-31
|
phpBB search.php list_cat Parameter XSS
|
|
20390
Description:
phpBB contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'usercp_register.php' script not properly sanitizing user-supplied input to the 'signature_bbcode_uid' variable. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2005-10-31
|
phpBB usercp_register.php signature_bbcode_uid Parameter SQL Injection
|
|
20391
Description:
phpbb contains a flaw that allows remote code execution. This flaw exists because the application does not validate the 'signature_bbcode_uid' variable upon submission to the 'usercp_register.php' script. This could allow a user to execute remote code, leading to a loss of integrity.
|
2005-10-31
|
phpBB usercp_register.php signature_bbcode_uid Variable Arbitrary PHP Code Execution
|
|
20403
Description:
(Description Provided by CVE) : estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote attackers to read unauthorized files via a crafted search request for a filename that contains Unicode characters.
|
2005-10-31
|
Hyper Estraier estcmd Unicode Filename Privileged File Indexing
|
|
20404
Description:
(Description Provided by CVE) : estcmd in Hyper Estraier 1.0.1 on Windows systems allows remote attackers to read unauthorized files via a crafted search request for a filename that contains Unicode characters.
|
2005-10-31
|
Hyper Estraier Crafted Unicode Filename Indexing DoS
|
|
20413
Description:
phpBB contains a flaw that may allow a remote attacker to bypass the globals deregistration code (register_globals). The flaw exists because the application starts not knowing the values of the $_SESSION or $HTTP_SESSION_VARS variables. It is possible a user can supply arbitrary values to these variables which will cause the register_globals setting to be ignored, allowing for cross-site scripting or SQL injection attacks.
|
2005-10-31
|
phpBB Crafted HTTP_SESSION_VARS Variable register_globals Bypass
|
|
20414
Description:
phpBB contains a flaw that may allow a remote attacker to bypass the globals deregistration code (register_globals). The issue is triggered when the 'register_long_array' option is turned off making PHP not able to verify user-supplied input to the HTTP_* variables. It is possible that the flaw may result in cross site scripting and SQL injection attacks due to the lack of the register_globals function being honored.
|
2005-10-31
|
phpBB register_long_array register_globals Bypass
|
|
20449
Description:
(Description Provided by CVE) : Serv-U FTP Server before 6.1.0.4 allows attackers to cause a denial of service (crash) via (1) malformed packets and possibly other unspecified issues with unknown impact and attack vectors including (2) use of "~" in a pathname, and (3) memory consumption of the daemon. NOTE: it is not clear whether items (2) and above are vulnerabilities.
|
2005-10-31
|
Serv-U FTP Server Unspecified Malformed Packet Remote DoS
|
|
22673
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in Comersus BackOffice allows remote attackers to inject arbitrary web script or HTML via the error parameter to comersus_backoffice_supportError.asp. NOTE: the comersus_backoffice_message.asp/message vector is already covered by CVE-2005-2191 item 2.
|
2005-10-31
|
Comersus BackOffice comersus_backoffice_supportError.asp error Parameter XSS
|
|
20718
Description:
(Description Provided by CVE) : IPCop (aka IPCop Firewall) before 1.4.10 has world-readable permissions for the backup.key file, which might allow local users to overwrite system configuration files and gain privileges by creating a malicious encrypted backup archive owned by "nobody", then executing ipcoprscfg to restore from this backup.
|
2005-10-31
|
IPCop backup.key Private Key Disclosure
|
|
20719
Description:
(Description Provided by CVE) : Race condition in IPCop (aka IPCop Firewall) before 1.4.10 might allow local users to overwrite system configuration files and gain privileges by replacing a backup archive during the time window when the archive is owned by "nobody" but not yet encrypted, then executing ipcoprscfg to restore from this backup.
|
2005-10-31
|
IPCop Backup Race Condition File Modification
|
|
20415
Description:
OpenVPN Client contains a flaw that may allow a malicious server to perform a format string attack. The issue is triggered when using a specific value in the 'dhcp-option' parameter on a server. It is possible that the flaw may allow arbitrary code execution resulting in a loss of integrity.
|
2005-10-31
|
OpenVPN Client foreign_option() Function Format String
|
|
20410
Description:
eyeOS contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'motd' variable upon submission to the 'desktop.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-10-31
|
eyeOS desktop.php motd Parameter XSS
|
|
20411
Description:
eyeOS contains a flaw that may lead to an unauthorized information disclosure. The problem is that user credentials are stored in the 'usrinfo.xml' file, which will disclose usernames and encrypted passwords resulting in a loss of confidentiality.
|
2005-10-31
|
eyeOS usrinfo.xml Encrypted Credential Disclosure
|
|
20702
Description:
Unknown / Incomplete
|
2005-10-31
|
VanMail Malformed SMTP DATA Reply DoS
|
|
20697
Description:
Unknown / Incomplete
|
2005-10-31
|
Library Accounting System (LAS) Crafted URL Arbitrary File Access
|
|
49507
Description:
Unknown / Incomplete
|
2005-10-31
|
Comersus /comersus/database/comersus.mdb Direct Request Database Disclosure
|
|
49508
Description:
Unknown / Incomplete
|
2005-10-31
|
Comersus Database Default Key Decryption Weakness
|
|
49528
Description:
Unknown / Incomplete
|
2005-10-31
|
Comersus BackOffice comersus_backoffice_menu.asp Multiple Parameter SQL Injection
|
|
20406
Description:
PHP contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input (i.e. crafted URL with a stacked array assignment) passed to the phpinfo() function. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-10-31
|
PHP phpinfo() Function Stacked Array Assignment XSS
|
|
20725
Description:
NetBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when verified exec allows a malicious user to execute specially crafted binaries. This flaw may lead to a loss of integrity.
|
2005-10-31
|
NetBSD Verified exec Failure
|
|
20726
Description:
NetBSD contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when telnetd utilizes static variables, allowing a malicious user to cause a buffer overflow and change the flow of execution. This flaw may lead to a loss of integrity.
|
2005-10-31
|
NetBSD telnetd Static Local Variable Overflow
|
|
20727
Description:
NetBSD contains a flaw that may allow a malicious attacker to bypass IP Security (IPsec). The issue is triggered when a machine using IPsec with AH and the AES-XCBC-MAC algorithm incorrectly uses a fixed key instead of the provided one. It is possible that the flaw may allow the acceptance of forged packets, resulting in a loss of integrity.
|
2005-10-31
|
NetBSD IPsec-AH AES-XCBC-MAC Fixed Key Calculation Weakness
|
|
20728
Description:
NetBSD contains a flaw that may allow a remote denial of service. The issue is triggered when huft_build() of the zlib routines permits a malicious attacker to use a specially crafted, compressed file to cause a NULL deference, resulting in loss of availability for the platform.
|
2005-10-31
|
NetBSD libz Zero Length Code Incorrect Error DoS
|
|
20729
Description:
NetBSD contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when negative offsets are permitted while reading the message buffer, which will disclose arbitrary kernel memory segments resulting in a loss of confidentiality.
|
2005-10-31
|
NetBSD Message Buffer Negative Offset Arbitrary Kernel Memory Access
|
|
20730
Description:
NetBSD contains a flaw related to the process file system (procfs) that may allow a malicious user to cause a negative uio_offset. No further details have been provided.
|
2005-10-31
|
NetBSD procfs Negative uio_offset Unspecified Issue
|
|
20731
Description:
NetBSD contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to the imake program creating Makefiles in the /tmp directory insecurely. It is possible for a user to use a symlink style attack to overwrite arbitrary files, resulting in a loss of integrity.
|
2005-10-31
|
NetBSD imake file.0 Target Insecure /tmp File Creation
|
|
20755
Description:
NetBSD contains a flaw that may allow a local denial of service. The issue is triggered when a malicious user calls F_CLOSEM fnctl() with the parameter 0, causing an infinite loop in the kernel, resulting in a loss of availability for the platform.
|
2005-10-31
|
NetBSD F_CLOSEM fnctl() Local DoS
|
|
20756
Description:
NetBSD contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when the cryptographic device driver (cgd) fails to erase cryptographic keys before releasing memory back to the kernel memory pool, which can facilitate the disclosure of encryption keys resulting in a loss of confidentiality.
|
2005-10-31
|
NetBSD cgd(4) Kernel Memory Encryption Key Fragment Disclosure
|
|
20757
Description:
A local overflow exists in NetBSD. The emulation code for FreeBSD binaries fails to sufficiently check bounds, resulting in an integer overflow. With a specially crafted request, an attacker can change the flow of execution, resulting in a loss of integrity and/or availability.
|
2005-10-31
|
NetBSD FreeBSD Binary Emulation Compatibility Code Local Overflow
|
|
66488
Description:
Unknown / Incomplete
|
2005-10-31
|
PHP File Upload Unspecified safe_mode / open_basedir Bypass
|
