| OSVDB ID | Disclosure Date | Title |
|---|
|
17632
Description:
crip contains a flaw that may allow a malicious local user to overwrite or create arbitrary files on the system. The issue is due to crip creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.
|
2005-06-30
|
crip Insecure Temporary File Creation
|
|
17673
Description:
The Hitachi Hibun Advanced Edition Server and Advanced Information Cypher products contain a flaw that may allow a malicious user to bypass access restrictions. The issue is triggered when a user accesses the view function of the Hibun Viewer from a client PC, resulting in the ability to operate beyond their privileges.
|
2005-06-30
|
Hitachi Multiple Hibun Product View Function Privilege Escalation
|
|
17674
Description:
The Hitachi Hibun Advanced Edition Server and Advanced Information Cypher products contain a flaw that may allow a malicious user to bypass access restrictions. The issue is triggered by an error that causes Hibun to recognize an external drive, that is connected to a computer through PCMCIA, as an internal disk and is unable to restrict files that are copied out to the hard disk. It is possible that the flaw may allow a local attacker to obtain sensitive information resulting in a loss of confidentiality.
|
2005-06-30
|
Hitachi Multiple Hibun Product PCMCIA Data Miscontrol Issue
|
|
17775
Description:
Unknown / Incomplete
|
2005-06-30
|
EFF Tor Unspecified Server Exit Policy Bypass
|
|
17650
Description:
Unknown / Incomplete
|
2005-06-30
|
Comdev News Publisher Admin Panel wce.addnews.php Multiple Field Arbitrary Script Injection
|
|
17651
Description:
Comdev News Publisher contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 's_type' variable upon submission to the wce.editnews.php script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity. This flaw requires administrative access to exploit.
|
2005-06-30
|
Comdev News Publisher wce.editnews.php s_type Parameter XSS
|
|
17675
Description:
Comdev eCommerce contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate input passed to the 'Add Your Review' section of the 'index.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-06-30
|
Comdev eCommerce index.php Review Field XSS
|
|
17685
Description:
SSH Tectia Server and SSH Secure Shell for Windows contains a flaw that may allow a malicious user to obtain the server host identification key caused by insufficient file permissions. It is possible that the flaw may allow an attacker to access the host identification key without the required administrative privileges. This key could then be copied and installed on a malicious server to masquerade as the original server.
|
2005-06-30
|
SSH Tectia Server Private Key Permission Weakness
|
|
17615
Description:
Adobe Reader for Linux contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when opening documents as temporary copies are created insecurely, which will disclose document contents to a local attacker.
|
2005-06-30
|
Adobe Reader for Linux Temp File Permission Weakness Arbitrary Document Disclosure
|
|
17681
Description:
NetBSD contains a flaw that may allow a local denial of service. The issue is triggered when a malicious attacker uses the set-parameters ioctl call on certain audio devices to change block size and set pause state to "unpaused" in the same ioctl, which will cause a divide-by-zero error resulting in loss of availability for the platform.
|
2005-06-30
|
NetBSD Multiple Audio Driver Malformed ioctl() Call Local DoS
|
|
17736
Description:
Jinzora contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to the include_path variable not properly sanitizing user input. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.
|
2005-06-30
|
Jinzora Unspecified Scripts include_path Parameter Remote File Inclusion
|
|
17828
Description:
(Description Provided by CVE) : Directory traversal vulnerability in default.asp for FSboard 2.0 allows remote attackers to read arbitrary files via ".." sequences in the filename parameter.
|
2005-06-30
|
FSboard default.asp filename Parameter Traversal Arbitrary File Access
|
|
17737
Description:
Unknown / Incomplete
|
2005-06-29
|
knock Unspecified Security Issues
|
|
20785
Description:
Unknown / Incomplete
|
2005-06-29
|
Exponent CMS File Upload Extension Validation Failure Arbitrary Code Execution
|
|
20784
Description:
Unknown / Incomplete
|
2005-06-29
|
Exponent CMS filemanager Module Arbitrary PHP File Access
|
|
17677
Description:
FreeBSD contains a flaw that may allow a malicious user to modify certain TCP options via a TCP packet with the SYN flag set for an already established session. It is possible that the flaw may allow an attacker to spoof the remote IP and port numbers of an established connection and stall the TCP communications resulting in a loss of availability.
|
2005-06-29
|
FreeBSD TCP Crafted SYN Packet Arbitrary Option Overwrite
|
|
17739
Description:
(Description Provided by CVE) : im_trbbs.cgi in imTRSET 1.02 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in the df parameter.
|
2005-06-29
|
imTRBBS im_trbbs.cgi df Variable Arbitrary Command Execution
|
|
27598
Description:
Unknown / Incomplete
|
2005-06-29
|
IBM WebSphere Form-based Authentication Multiple Variable Remote Overflow
|
|
17879
Description:
(Description Provided by CVE) : management.php in Realnode Emilda 1.2.2 and earlier allows remote attackers to perform actions as other users by modifying the user_id parameter.
|
2005-06-29
|
Emilda management.php user_id Parameter Arbitrary User Profile Modification
|
|
17645
Description:
ClamAV contains a flaw that may allow a remote denial of service. The issue is triggered when the ENSURE_BITS() function in the libclamav/mspack/mszipd.c fails to properly validate user supplied input. A remote attacker could send a specially crafted CAB file with a cffile_FolderOffset set to 0xff to cause the program to enter an infinite loop, resulting in a loss of availability of the anti-virus system.
|
2005-06-29
|
Clam AntiVirus Zero Length Cabinet File ENSURE_BITS() Macro DoS
|
|
17646
Description:
ClamAV contains a flaw that may allow a remote denial of service. The issue is triggered by a file descriptor leak in cli_msexpand() function, located in libclamav/scanners.c, which consumes all available file descriptors and/or memory on the target system. A remote attacker sends approximately 1,000 specially crafted archive files, either by email attachment or directly to a current HTTP session, resulting in a loss of availability of the anti-virus system.
|
2005-06-29
|
Clam AntiVirus MS-Expand File Handling DoS
|
|
17620
Description:
Dominion SX contains a flaw that may lead to an unauthorized information disclosure. The issue is due to the /etc/shadow file having world-readable permissions by default, which will disclose the root user's password hash resulting in a loss of confidentiality.
|
2005-06-29
|
Dominion SX /etc/shadow Permission Weakness Hashed Password Disclosure
|
|
17621
Description:
Dominion SX contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is due to the /bin/busybox file having default permissions of world-writable, which may allow an attacker replace the file causing arbitrary code execution with another user's privileges.
|
2005-06-29
|
Dominion SX /bin/busybox Permission Weakness Privilege Escalation
|
|
17619
Description:
(Description Provided by CVE) : Unknown vulnerability in NateOn Messenger 3.0 allows remote attackers to list arbitrary directories via unknown attack vectors.
|
2005-06-29
|
NateOn Messenger Arbitrary User Directory Listing Disclosure
|
|
17689
Description:
Emilda reportedly contains several security-related flaws. No further details have been provided.
|
2005-06-29
|
Emilda Unspecified Multiple Security Issues
|
|
17793
Description:
XML-RPC for PHP (PHPXMLRPC) contains a flaw that may allow a remote attacker to execute arbitrary PHP code. The issue is due to the 'parseRequest()' function not properly sanitizing user-supplied input. By creating an XML file that uses single quotes to escape into the 'eval()' call, a remote attacker can execute arbitrary PHP code resulting in a loss of integrity.
|
2005-06-29
|
XML-RPC for PHP (PHPXMLRPC) parseRequest() Function Arbitrary PHP Code Execution
|
|
17644
Description:
Cisco IOS's RADIUS server contains a flaw that may allow a malicious user to bypass authorization and accounting. The issue is triggered when no fallback method of AAA is configured and a long username is submitted. It is possible that the flaw may allow unauthorized users to authenticate, resulting in a loss of confidentiality.
|
2005-06-29
|
Cisco IOS AAA RADIUS Long Username Authentication Bypass
|
|
17649
Description:
(Description Provided by CVE) : Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause a denial of service (server crash) via a large ID value in the ignore command, which is used as an array index and causes an out-of-bounds operation.
|
2005-06-29
|
Soldier of Fortune II Ignore Command Overflow DoS
|
|
17672
Description:
(Description Provided by CVE) : login.cgi in Community Link Pro Web Editor allows remote attackers to execute arbitrary commands via the file parameter.
|
2005-06-29
|
Community Link Pro login.cgi file Parameter Arbitrary Command Execution
|
|
17647
Description:
(Description Provided by CVE) : Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 allows remote attackers to execute arbitrary PHP code via a public comment or posting.
|
2005-06-29
|
Drupal Public Comment/Posting Arbitrary PHP Code Execution
|
|
59221
Description:
(Description Provided by CVE) : The netlink subsystem in the Linux kernel 2.4.x before 2.4.37.6 and 2.6.x before 2.6.13-rc1 does not initialize certain padding fields in structures, which might allow local users to obtain sensitive information from kernel memory via unspecified vectors, related to the (1) tc_fill_qdisc, (2) tcf_fill_node, (3) neightbl_fill_info, (4) neightbl_fill_param_info, (5) neigh_fill_info, (6) rtnetlink_fill_ifinfo, (7) rtnetlink_fill_iwinfo, (8) vif_delete, (9) ipmr_destroy_unres, (10) ipmr_cache_alloc_unres, (11) ipmr_cache_resolve, (12) inet6_fill_ifinfo, (13) tca_get_fill, (14) tca_action_flush, (15) tcf_add_notify, (16) tc_dump_action, (17) cbq_dump_police, (18) __nlmsg_put, (19) __rta_fill, (20) __rta_reserve, (21) inet6_fill_prefix, (22) rsvp_dump, and (23) cbq_dump_ovl functions.
|
2005-06-29
|
Linux Kernel netlink Subsystem Multiple Function Local Kernel Memory Disclosure
|
|
17680
Description:
(Description Provided by CVE) : Internet Explorer 5.01 SP4 up to 6 on various Windows operating systems, including IE 6.0.2900.2180 on Windows XP, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a web page with embedded CLSIDs that reference certain COM objects that are not ActiveX controls, as demonstrated using the JVIEW Profiler (Javaprxy.dll). NOTE: the researcher says that the vendor could not reproduce this problem.
|
2005-06-29
|
Microsoft IE JVIEW javaprxy.dll Memory Manipulation Arbitrary Code Execution
|
|
17633
Description:
Xoops contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'order' variable upon submission to the 'edit.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-06-29
|
XOOPS newbb Module edit.php order Parameter XSS
|
|
17634
Description:
Xoops contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'cid' variable upon submission to the 'comment_edit.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-06-29
|
XOOPS comment_edit.php cid Parameter XSS
|
|
17635
Description:
(Description Provided by CVE) : SQL injection vulnerability in the loginUser function in the XMLRPC server in XOOPS 2.0.11 and earlier allows remote attackers to execute arbitrary SQL commands and bypass authentication via crafted values in an XML file, as demonstrated using the blogger.getPost method.
|
2005-06-29
|
XOOPS XMLRPC bloggerapi.php loginUser() Function SQL Injection
|
|
17636
Description:
WordPress contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'comment' and 'p' variables upon submission to the 'post.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-06-29
|
WordPress post.php Multiple Parameter XSS
|
|
17637
Description:
(Description Provided by CVE) : SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via input that is not filtered in the HTTP_RAW_POST_DATA variable, which stores the data in an XML file.
|
2005-06-29
|
WordPress XMLRPC Multiple Method SQL Injection
|
|
17638
Description:
(Description Provided by CVE) : wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers to change the content of the forgotten password e-mail message via the message variable, which is not initialized before use.
|
2005-06-29
|
WordPress wp-login.php Arbitrary User Forgotten Password E-Mail Modification
|
|
17639
Description:
(Description Provided by CVE) : WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensitive information via (1) a direct request to menu-header.php or a "1" value in the feed parameter to (2) wp-atom.php, (3) wp-rss.php, or (4) wp-rss2.php, which reveal the path in an error message. NOTE: vector [1] was later reported to also affect WordPress 2.0.1.
|
2005-06-29
|
WordPress menu-header.php Direct Request Path Disclosure
|
|
17640
Description:
(Description Provided by CVE) : WordPress 1.5.1.2 and earlier allows remote attackers to obtain sensitive information via (1) a direct request to menu-header.php or a "1" value in the feed parameter to (2) wp-atom.php, (3) wp-rss.php, or (4) wp-rss2.php, which reveal the path in an error message. NOTE: vector [1] was later reported to also affect WordPress 2.0.1.
|
2005-06-29
|
WordPress wp-atom.php Path Disclosure
|
