[CLOSE] OSVDB ID : 12719 - Disclosed: 2005-01-06

Description:

Personal Web Server contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted URL occurs, and will result in loss of availability for the service.

[CLOSE] OSVDB ID : 12717 - Disclosed: 2005-01-06

Description:

b2evolution contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the 'title' parameter in the 'index.php' script is not verified properly and will allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 12848 - Disclosed: 2005-01-05

Description:

(Description Provided by CVE) : Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.

[CLOSE] OSVDB ID : 12814 - Disclosed: 2005-01-05

Description:

PHPKIT contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the 'id' parameter in the 'userinfo.php' script is not verified properly and will allow a remote attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 53439 - Disclosed: 2005-01-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 53438 - Disclosed: 2005-01-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 12785 - Disclosed: 2005-01-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 12790 - Disclosed: 2005-01-05

Description:

A buffer overflow exists in NetWare. The CIFS.NLM driver fails to validate unspecified data resulting in a stack overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 12799 - Disclosed: 2005-01-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 22312 - Disclosed: 2005-01-05

Description:

(Description Provided by CVE) : NetSarang Xlpd 2.1 allows remote attackers to cause a denial of service (crash) via a large number of connections from the same IP address.

[CLOSE] OSVDB ID : 12796 - Disclosed: 2005-01-05

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 12808 - Disclosed: 2005-01-04

Description:

(Description Provided by CVE) : TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) via a GET request containing an MS-DOS device name.

[CLOSE] OSVDB ID : 12712 - Disclosed: 2005-01-04

Description:

(Description Provided by CVE) : Directory traversal vulnerability in index.php in QwikiWiki allows remote attackers to read arbitrary files via a .. (dot dot) and a %00 at the end of the filename in the page parameter.

[CLOSE] OSVDB ID : 12720 - Disclosed: 2005-01-04

Description:

(Description Provided by CVE) : The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.

[CLOSE] OSVDB ID : 12714 - Disclosed: 2005-01-04

Description:

(Description Provided by CVE) : Soldner Secret Wars 30830 and earlier does not properly handle the "message too long" socket error, which allows remote attackers to cause a denial of service (socket termination) via a long UDP packet.

[CLOSE] OSVDB ID : 12715 - Disclosed: 2005-01-04

Description:

(Description Provided by CVE) : Format string vulnerability in Soldner Secret Wars 30830 and earlier allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in a message.

[CLOSE] OSVDB ID : 12716 - Disclosed: 2005-01-04

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in the web interface in Soldner Secret Wars 30830 allows remote attackers to inject arbitrary web script or HTML via a user message, which is not filtered or quoted when the administrator views the server logs.

[CLOSE] OSVDB ID : 14829 - Disclosed: 2005-01-04

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 13242 - Disclosed: 2005-01-04

Description:

(Description Provided by CVE) : A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users.

[CLOSE] OSVDB ID : 12783 - Disclosed: 2005-01-04

Description:

(Description Provided by CVE) : Format string vulnerability in the a_Interface_msg function in Dillo before 0.8.3-r4 allows remote attackers to execute arbitrary code via format string specifiers in a web page.

[CLOSE] OSVDB ID : 12809 - Disclosed: 2005-01-04

Description:

(Description Provided by CVE) : Multiple format string vulnerabilities in the FTP service in 3Com 3CDaemon 2.0 revision 10 allow remote attackers to cause a denial of service (application crash) via format string specifiers in (1) the username, (2) cd, (3) delete, (4) rename, (5) rmdir, (6) literal, (7) stat, or (8) CWD commands.

[CLOSE] OSVDB ID : 12810 - Disclosed: 2005-01-04

Description:

A remote overflow exists in 3CDaemon. The FTP application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing an overly long username, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 12811 - Disclosed: 2005-01-04

Description:

A remote overflow exists in 3CDaemon. Multiple FTP commands fail to perform proper bounds checking resulting in a buffer overflow. With a specially crafted request containing an overly long parameter, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.

[CLOSE] OSVDB ID : 12812 - Disclosed: 2005-01-04

Description:

(Description Provided by CVE) : Multiple format string vulnerabilities in the FTP service in 3Com 3CDaemon 2.0 revision 10 allow remote attackers to cause a denial of service (application crash) via format string specifiers in (1) the username, (2) cd, (3) delete, (4) rename, (5) rmdir, (6) literal, (7) stat, or (8) CWD commands.

[CLOSE] OSVDB ID : 12813 - Disclosed: 2005-01-04

Description:

(Description Provided by CVE) : The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to gain sensitive information via a cd command that contains an MS-DOS device name, which reveals the installation path in an error message.

[CLOSE] OSVDB ID : 12740 - Disclosed: 2005-01-04

Description:

(Description Provided by CVE) : Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long sub-domains or paths for display, which may allow remote malicious web sites to spoof legitimate sites and facilitate phishing attacks.

[CLOSE] OSVDB ID : 12798 - Disclosed: 2005-01-04

Description:

MyBB contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the 'uid' parameter in the 'member.php' script is not verified properly and will allow a remote attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 15341 - Disclosed: 2005-01-03

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 14627 - Disclosed: 2005-01-03

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 14625 - Disclosed: 2005-01-03

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 14626 - Disclosed: 2005-01-03

Description:

(Description Provided by CVE) : includer.cgi in The Includer allows remote attackers to read arbitrary files via a full pathname in the argument, a similar vulnerability to CVE-2005-0801.

[CLOSE] OSVDB ID : 12721 - Disclosed: 2005-01-03

Description:

Apache Tomcat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input upon submission to the /examples/jsp2/el/functions.jsp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 34878 - Disclosed: 2005-01-03

Description:

Apache Tomcat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input upon submission to the /examples/jsp2/el/implicit-objects.jsp script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 34879 - Disclosed: 2005-01-03

Description:

Apache Tomcat contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input upon submission to the /examples/jsp2/jspx/textRotate.jspx script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 12681 - Disclosed: 2005-01-03

Description:

HtmlHeadLine.sh contains a flaw that may allow a malicious user to overwrite arbitrary files. The issue is triggered when temp files are created insecurely. It is possible that the flaw may allow arbitrary files to be overwritten resulting in a loss of integrity.

[CLOSE] OSVDB ID : 12703 - Disclosed: 2005-01-03

Description:

ReviewPost PHP Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'si' variables upon submission to the 'showcat.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 12704 - Disclosed: 2005-01-03

Description:

ReviewPost PHP Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate multiple variables upon submission to the 'showproduct.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 12705 - Disclosed: 2005-01-03

Description:

ReviewPost PHP Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate 'report' variables upon submission to the 'reportproduct.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 12706 - Disclosed: 2005-01-03

Description:

ReviewPost PHP Pro contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the 'cat' parameter in the 'showcat.php' script is not verified properly and will allow an attacker to inject or manipulate SQL queries.

[CLOSE] OSVDB ID : 12707 - Disclosed: 2005-01-03

Description:

ReviewPost PHP Pro contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the 'product' parameter in the 'addfav.php' script is not verified properly and will allow an attacker to inject or manipulate SQL queries.