| OSVDB ID | Disclosure Date | Title |
|---|
|
21583
Description:
(Description Provided by CVE) : Eval injection vulnerability in bvh_import.py in Blender 2.36 allows attackers to execute arbitrary Python code via a hierarchy element in a .bvh file, which is supplied to an eval function call.
|
2005-09-30
|
Blender bvh_import.py Eval Injection Arbitrary Command Execution
|
|
19822
Description:
(Description Provided by CVE) : The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and earlier allows user-assisted attackers to execute arbitrary commands via a crafted SVG file.
|
2005-09-30
|
Dia SVG File Import Arbitrary Code Execution
|
|
19823
Description:
(Description Provided by CVE) : Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions sends the NIS password map (passwd.nis) as a file attachment in diagnostic e-mail messages, which allows remote attackers to obtain the cleartext NIS password hashes.
|
2005-09-30
|
NetFORCE NAS NIS Password Cleartext Transmission
|
|
19729
Description:
(Description Provided by CVE) : Unspecified vulnerability in the Mailbox Server for 4D WebStar before 5.3.5 allows attackers to cause a denial of service (crash) via IMAP clients on Mac OS X 10.4 Mail 2.
|
2005-09-30
|
4D WebSTAR IMAP MacOS Client Unspecified Potential DoS
|
|
19814
Description:
(Description Provided by CVE) : Citrix Metaframe Presentation Server 3.0 and 4.0 allows remote attackers to bypass policy restrictions by downloading the launch.ica file and changing the client device name (ClientName).
|
2005-09-30
|
Citrix Metaframe Presentation Server User Client Name Policy Filtering Bypass
|
|
19815
Description:
A remote overflow exists in Virtools Web Player. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted file containing an overly long filename, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.
|
2005-09-30
|
Virtools Web Player Filename Processing Overflow
|
|
19816
Description:
(Description Provided by CVE) : Directory traversal vulnerability in Virtools Web Player 3.0.0.100 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a filename.
|
2005-09-30
|
Virtools Web Player Filename Traversal Arbitrary File Overwrite
|
|
19821
Description:
Apache Tomcat contains a flaw that may allow an attacker to gain access to privileged information. The issue occurs when a client specifies a Content-Length but disconnects before sending the request body. This is handled by the deprecated AJP connector by processing the request using the request body of the previous request. This may cause the server to return sensitive information.
|
2005-09-30
|
Apache Tomcat Malformed Post Request Information Disclosure
|
|
21001
Description:
(Description Provided by CVE) : Buffer overflow in the SVG importer (style.cpp) of inkscape 0.41 through 0.42.2 might allow remote attackers to execute arbitrary code via a SVG file with long CSS style property values.
|
2005-09-30
|
Inkspace SVG Importer Overflow
|
|
22502
Description:
Unknown / Incomplete
|
2005-09-30
|
phpGraphy Protected Directory Name Disclosure
|
|
19811
Description:
(Description Provided by CVE) : Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows remote attackers to obtain sensitive information such as the list of installed products via the config.cgi file, which is accessible even when the requirelogin parameter is set.
|
2005-09-30
|
Bugzilla config.cgi Unauthenticated Product Name Disclosure
|
|
19812
Description:
(Description Provided by CVE) : Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on in substring mode, allows attackers to list all users whose names match an arbitrary substring, even when the usevisibilitygroups parameter is set.
|
2005-09-30
|
Bugzilla usevisibilitygroups Setting User Matching Bypass
|
|
20078
Description:
Unknown / Incomplete
|
2005-09-30
|
Hitachi JP1/Cm2/Network Node Manager Multiple Unspecified Issues
|
|
20079
Description:
(Description Provided by CVE) : Multiple unspecified vulnerabilities in the web utility function in Hitachi Cm2/Network Node Manager and JP1/Cm2/Network Node Manager before 20050930 allow attackers to execute arbitrary commands, disable services, and "exploit vulnerabilities."
|
2005-09-30
|
Hitachi JP1/Cm2/Network Node Manager Unspecified Services DoS
|
|
20080
Description:
(Description Provided by CVE) : Multiple SQL injection vulnerabilities in icerik.asp in TualBLOG 1.0 allow remote attackers to execute arbitrary SQL commands, as demonstrated by the icerikno parameter.
|
2005-09-30
|
Hitachi JP1/Cm2/Network Node Manager Unspecified Arbitrary Code Execution
|
|
19983
Description:
Unknown / Incomplete
|
2005-09-29
|
ZoneAlarm Pro DDE-IPC Method Ruleset Bypass
|
|
19885
Description:
Lucid CMS contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the login form script not properly sanitizing user-supplied input to the 'login' field. This may allow an attacker to inject or manipulate SQL queries in the back-end database.
|
2005-09-29
|
lucidCMS Login Form login: Field SQL Injection
|
|
19886
Description:
Unknown / Incomplete
|
2005-09-29
|
lucidCMS Template Modification Arbitrary Command Execution
|
|
19726
Description:
A local overflow exists in Blender. The 'blenderplayer' command line fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted filename, a malicious user can cause arbitrary code execution resulting in a loss of integrity.
|
2005-09-29
|
Blender Command Line Filename Overflow
|
|
19746
Description:
(Description Provided by CVE) : Buffer overflow in the ActiveX control for NateOn Messenger (NateonDownloadManager.ocx) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long third argument to the GotNate.Excute method.
|
2005-09-29
|
NateOn NateonDownloadManager.ocx ActiveX Overflow DoS
|
|
19747
Description:
(Description Provided by CVE) : The ActiveX control for NateOn Messenger (NateonDownloadManager.ocx) allows remote attackers to download and execute arbitrary programs by setting the arguments to the GotNate.Excute method.
|
2005-09-29
|
NateOn NateonDownloadManager.ocx ActiveX Arbitrary File Download
|
|
19825
Description:
IceWarp Web Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'id' variable upon submission to the 'blank.html' page. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-09-29
|
IceWarp WebMail blank.html id Parameter XSS
|
|
19826
Description:
IceWarp Web Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'createdataCX' variable upon submission to the 'calendar_d.html' page. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-09-29
|
IceWarp WebMail calendar_d.html createdataCX Parameter XSS
|
|
19827
Description:
IceWarp Web Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'createdataCX' variable upon submission to the 'calendar_m.html' page. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-09-29
|
IceWarp WebMail calendar_m.html createdataCX Parameter XSS
|
|
19828
Description:
IceWarp Web Mail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'createdataCX' variable upon submission to the 'calendar_w.html' page. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.
|
2005-09-29
|
IceWarp WebMail calendar_w.html createdataCX Parameter XSS
|
|
19829
Description:
IceWarp Web Mail contains a flaw that may lead to an unauthorized information disclosure. The issue is triggered when a remote attacker makes a direct request to the 'bwlist_inc.html' page, which will disclose the software's installation path resulting in a loss of confidentiality. While such information is relatively low risk, it is often useful in carrying out additional, more focused attacks.
|
2005-09-29
|
IceWarp WebMail bwlist_inc.html Direct Request Path Disclosure
|
|
19830
Description:
IceWarp Web Mail contains a flaw that allows a remote attacker to delete arbitrary files and directories. The issue is due to the 'logout.html' page not properly sanitizing user input supplied via the 'id' variable.
|
2005-09-29
|
IceWarp WebMail logout.html Traversal Arbitrary File/Directory Deletion
|
|
19831
Description:
IceWarp Web Mail contains a flaw that allows a remote attacker to access arbitrary files outside of the web path. The issue is due to the 'help.html' page not properly sanitizing user input, specifically traversal style attacks (../../) supplied via the 'helpid' variable.
|
2005-09-29
|
IceWarp WebMail help.html Traversal Arbitrary File Access
|
|
19749
Description:
Multiple AntiVirus products contains a flaw that may allow a remote attacker to bypass antivirus protection. The problem is that these products do not scan filenames that contain extended ASCII characters, which may allow a remote attacker to execute arbitrary code resulting in a loss of integrity.
|
2005-09-29
|
Multiple Anti-Virus Extended ASCII Filename Scan Bypass
|
|
19730
Description:
(Description Provided by CVE) : Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 and earlier allows remote attackers to perform unauthorized actions as a logged in user via a link or IMG tag to serendipity_admin.php.
|
2005-09-29
|
Serendipity serendipity_admin.php CSRF
|
|
19727
Description:
(Description Provided by CVE) : The "reset password" feature in Macromedia Breeze 5.0 stores passwords in plaintext in the database instead of the hash, which allows attackers with access to the database to obtain the passwords.
|
2005-09-29
|
Macromedia Breeze Password Reset Encryption Issue
|
|
19728
Description:
(Description Provided by CVE) : The handler code for backupninja 0.8 and earlier creates temporary files with predictable filenames, which allows local users to modify arbitrary files via a symlink attack.
|
2005-09-29
|
backupninja Symlink Arbitrary File Overwrite
|
|
19717
Description:
A local buffer overflow exists in Abiword. The RTF importer fails to properly bound check user-supplied data resulting in a stack buffer overflow. With a specially crafted RTF file, an attacker can execute arbitrary code resulting in a loss of confidentiality.
|
2005-09-29
|
AbiWord RTF Document Importer Overflow
|
|
19716
Description:
(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.
|
2005-09-28
|
TWiki %INCLUDE Parameter Arbitrary Command Injection
|
|
19723
Description:
(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in add.php in Address Add Plugin 1.9 and 2.0 for Squirrelmail allows remote attackers to inject arbitrary web script or HTML via the IMG tag.
|
2005-09-28
|
SquirrelMail Address Add Plugin add.php first Parameter XSS
|
|
22995
Description:
PAM-MySQL contains a flaw that may allow a malicious user to cause a double-free in the pam_get_item function. The issue is triggered when a malicious user sends crafted authentication credentials. It is possible that the flaw may cause the PAM-MySQL process to crash or allow arbitrary code execution resulting in a loss of integrity or availability.
|
2005-09-28
|
PAM-MySQL Authentication pam_get_item() Function Unspecified Privilege Escalation
|
|
22692
Description:
OpenSSH contains a flaw that may allow an attacker to execute arbitrary commands. The flaw is due to the way OpenSSH's scp utility handles file names during local-to-local copies. During the file name expansion, the utility does not properly sanitize filenames allowing a crafted file name with shell meta-characters. This can be used to trick a user into executing arbitrary commands under with a different set of (potentially higher) privileges.
|
2005-09-28
|
OpenSSH scp Command Line Filename Processing Command Injection
|
|
19745
Description:
Unknown / Incomplete
|
2005-09-28
|
log4sh Unspecified Temporary File Creation Issue
|
|
19742
Description:
Unknown / Incomplete
|
2005-09-28
|
WordPress post.php User Privilege Escalation
|
|
19718
Description:
PHP-Fusion contains a flaw that may allow a remote attacker to carry out an SQL injection attack. The issue is due to the 'messages.php' script not properly sanitizing user-supplied input to the 'msg_send' variable. This may allow a remote attacker to inject or manipulate SQL queries in the back-end database.
|
2005-09-28
|
PHP-Fusion messages.php msg_send Parameter SQL Injection
|
