[CLOSE] OSVDB ID : 12830 - Disclosed: 2005-01-10

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 24367 - Disclosed: 2005-01-09

Description:

Mailman contains a flaw that may allow a remote denial of service. The issue is triggered when a multipart MIME message with a malformed part is received by the 'Scrubber.py' script, and will result in loss of availability for the list.

[CLOSE] OSVDB ID : 12817 - Disclosed: 2005-01-09

Description:

(Description Provided by CVE) : SQL injection vulnerability in index.php in Invision Community Blog allows remote attackers to execute arbitrary SQL commands via the eid parameter.

[CLOSE] OSVDB ID : 12888 - Disclosed: 2005-01-09

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 13235 - Disclosed: 2005-01-09

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 12794 - Disclosed: 2005-01-09

Description:

CitrusDB contains a flaw that may allow a remote attacker to execute arbritary commands. The issue is due to main.php not properly comparing the user input used to specify a file against the path_to_citrus variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 12795 - Disclosed: 2005-01-09

Description:

CitrusDB contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'path_to_citrus' variable upon submission to the 'tools.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 13104 - Disclosed: 2005-01-08

Description:

A local overflow exists in Mac OS X. The parse_machfile() function declares nmcmds and offset variables as signed integers, but they are stored as unsigned when read from the file resulting in an integer overflow. With a specially crafted request, an attacker can cause a denial of service resulting in a loss of availability.

[CLOSE] OSVDB ID : 14196 - Disclosed: 2005-01-08

Description:

(Description Provided by CVE) : Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the HTTP Authentication dialog, do not change the focus to the tab that generated the prompt, which could facilitate spoofing and phishing attacks.

[CLOSE] OSVDB ID : 14195 - Disclosed: 2005-01-08

Description:

(Description Provided by CVE) : String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption.

[CLOSE] OSVDB ID : 16474 - Disclosed: 2005-01-08

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 12816 - Disclosed: 2005-01-08

Description:

(Description Provided by CVE) : The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference.

[CLOSE] OSVDB ID : 13114 - Disclosed: 2005-01-08

Description:

Squid contains a flaw that may allow a remote denial of service. The issue is triggered by a memory leak in fakeauth_auth helper which may cause it to run out of memory if put under a high load, and can result in loss of availability for the service.

[CLOSE] OSVDB ID : 13019 - Disclosed: 2005-01-08

Description:

(Description Provided by CVE) : Mozilla 1.6 and possibly other versions allows remote attackers to cause a denial of service (application crash) via a XBM (X BitMap) file with a large (1) height or (2) width value.

[CLOSE] OSVDB ID : 24280 - Disclosed: 2005-01-07

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 15333 - Disclosed: 2005-01-07

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 13037 - Disclosed: 2005-01-07

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 12791 - Disclosed: 2005-01-07

Description:

(Description Provided by CVE) : Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.

[CLOSE] OSVDB ID : 13240 - Disclosed: 2005-01-07

Description:

Diebold Global Election Management System (GEMS) contains a flaw related to the local database as it allows arbitrary access. This may allow a local attacker to access the database file storing all cast votes to disclose or edit various data to e.g. manipulate election results.

[CLOSE] OSVDB ID : 12836 - Disclosed: 2005-01-07

Description:

A local overflow exists in the Linux kernel. The sg_scsi_ioctl() function fails to validate user-supplied integer values resulting in an integer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 12837 - Disclosed: 2005-01-07

Description:

A local overflow exists in the Linux kernel. The MoxaDriverIoctl() function fails to validate user-supplied data resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 13021 - Disclosed: 2005-01-07

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 18563 - Disclosed: 2005-01-07

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 12823 - Disclosed: 2005-01-07

Description:

(Description Provided by CVE) : Directory traversal vulnerability in Simple PHP Blog (SPHPBlog) 0.3.7c allows remote attackers to read or create arbitrary files via a .. (dot dot) in the entry parameter.

[CLOSE] OSVDB ID : 12824 - Disclosed: 2005-01-07

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 12822 - Disclosed: 2005-01-07

Description:

MyBulletinBoard contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'Add Event' function upon submission to the 'calendar.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 69926 - Disclosed: 2005-01-07

Description:

MyBB contains a flaw that may allow a remote denial of service. The issue is triggered when Java code is input to the subject field in calendar.php occurs, and will result in loss of availability for the calendar.

[CLOSE] OSVDB ID : 12820 - Disclosed: 2005-01-07

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 13047 - Disclosed: 2005-01-07

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 12819 - Disclosed: 2005-01-06

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 18807 - Disclosed: 2005-01-06

Description:

(Description Provided by CVE) : The find_target function in ptrace32.c in the Linux kernel 2.4.x before 2.4.29 does not properly handle a NULL return value from another function, which allows local users to cause a denial of service (kernel crash/oops) by running a 32-bit ltrace program with the -i option on a 64-bit executable program.

[CLOSE] OSVDB ID : 20778 - Disclosed: 2005-01-06

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 12725 - Disclosed: 2005-01-06

Description:

Amp II engine contains a flaw that may allow a remote denial of service. The issue is triggered when an empty UDP datagram is sent to the listening socket on the server causing an infinite loop, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 12738 - Disclosed: 2005-01-06

Description:

Sugar Sales contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to index.php not properly sanitizing user input supplied to the moduleDefaultFile variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.

[CLOSE] OSVDB ID : 12722 - Disclosed: 2005-01-06

Description:

(Description Provided by CVE) : Directory traversal vulnerability in WinHKI 1.4d allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a zip file.

[CLOSE] OSVDB ID : 12723 - Disclosed: 2005-01-06

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 12724 - Disclosed: 2005-01-06

Description:

A remote overflow exists in LibTIFF. LibTIFF fails to properly check into to the tiffdump utility resulting in a integer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code resulting in a loss of integrity.

[CLOSE] OSVDB ID : 12726 - Disclosed: 2005-01-06

Description:

A remote overflow exists in Exim. Exim fails to properly check input to host_aton() resulting in a buffer overflow. With a specially crafted request of an IPv6 address with more than 8 components, an attacker can cause execution of arbitrary code resulting in a loss of integrity.

[CLOSE] OSVDB ID : 12727 - Disclosed: 2005-01-06

Description:

A remote overflow exists in Exim. Exim fails to have sufficient boundary checks in the 'spa_base64_to_bits()' function resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code in the context of the affected application resulting in a loss of integrity.

[CLOSE] OSVDB ID : 12718 - Disclosed: 2005-01-06

Description:

(Description Provided by CVE) : Directory traversal vulnerability in Jeuce Personal Web Server 2.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.