[CLOSE] OSVDB ID : 19401 - Disclosed: 2005-09-03

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 19225 - Disclosed: 2005-09-03

Description:

Open WebMail contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the 'sessionid' variable upon submission to multiple scripts. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 19244 - Disclosed: 2005-09-03

Description:

(Description Provided by CVE) : Free SMTP Server 2.2 allows remote attackers to use the server as an open mail relay (spam proxy).

[CLOSE] OSVDB ID : 19212 - Disclosed: 2005-09-03

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in urban before 1.5.3 allow local users to gain privileges via a long HOME environment variable to (1) config.cc, (2) game.cc, (3) highscor.cc, or (4) meny.cc.

[CLOSE] OSVDB ID : 19213 - Disclosed: 2005-09-03

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in urban before 1.5.3 allow local users to gain privileges via a long HOME environment variable to (1) config.cc, (2) game.cc, (3) highscor.cc, or (4) meny.cc.

[CLOSE] OSVDB ID : 19214 - Disclosed: 2005-09-03

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in urban before 1.5.3 allow local users to gain privileges via a long HOME environment variable to (1) config.cc, (2) game.cc, (3) highscor.cc, or (4) meny.cc.

[CLOSE] OSVDB ID : 19215 - Disclosed: 2005-09-03

Description:

(Description Provided by CVE) : Multiple stack-based buffer overflows in urban before 1.5.3 allow local users to gain privileges via a long HOME environment variable to (1) config.cc, (2) game.cc, (3) highscor.cc, or (4) meny.cc.

[CLOSE] OSVDB ID : 19417 - Disclosed: 2005-09-02

Description:

(Description Provided by CVE) : ** DISPUTED ** NOTE: this issue has been disputed by the vendor. FileZilla 2.2.14b and 2.2.15, and possibly earlier versions, when "Use secure mode" is disabled, uses a weak encryption scheme to store the user's password in the configuration settings file, which allows local users to obtain sensitive information. NOTE: the vendor has disputed the issue, stating that "the problem is not a vulnerability at all, but infact a fundamental issue of every single program that can store passwords transparently."

[CLOSE] OSVDB ID : 19256 - Disclosed: 2005-09-02

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 19210 - Disclosed: 2005-09-02

Description:

MAXdev MD-Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input upon submission to the 'dl-search.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 19211 - Disclosed: 2005-09-02

Description:

MAXdev MD-Pro contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate user-supplied input upon submission to the 'wl-search.php' script. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

[CLOSE] OSVDB ID : 19264 - Disclosed: 2005-09-02

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 25413 - Disclosed: 2005-09-02

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 25414 - Disclosed: 2005-09-02

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 25415 - Disclosed: 2005-09-02

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 25416 - Disclosed: 2005-09-02

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 19381 - Disclosed: 2005-09-02

Description:

PunBB contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to an unspecified part of the administration interface not properly sanitizing user-supplied input to unspecified parameter(s)/field(s). This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 19382 - Disclosed: 2005-09-02

Description:

PunBB contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the BBCode 'url' tags. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

[CLOSE] OSVDB ID : 19383 - Disclosed: 2005-09-02

Description:

PunBB contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to unspecified parameter(s) and/or function(s) not properly sanitizing user-supplied input to the 'search' function. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.

[CLOSE] OSVDB ID : 19188 - Disclosed: 2005-09-02

Description:

mod_ssl contains a flaw that may allow a malicious user to bypass certain security restrictions. The issue is due to an error in enforcing client-based certificate authentication ("SSLVerifyClient require") in per-location context, if "SSLVerifyClient optional" was configured in the global virtual host configuration. It is possible that the flaw may allow an attacker to bypass client-based certificate authentication, resulting in a loss of confidentiality or integrity.

[CLOSE] OSVDB ID : 19393 - Disclosed: 2005-09-02

Description:

(Description Provided by CVE) : Race condition in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to corrupt files or create arbitrary files via unspecified attack vectors related to a temporary directory, possibly due to a symlink attack.

[CLOSE] OSVDB ID : 19394 - Disclosed: 2005-09-02

Description:

(Description Provided by CVE) : ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

[CLOSE] OSVDB ID : 19395 - Disclosed: 2005-09-02

Description:

(Description Provided by CVE) : Unspecified vulnerability in Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X allows local users to gain privileges via unspecified attack vectors relating to "the utility used to update Java shared archives."

[CLOSE] OSVDB ID : 19396 - Disclosed: 2005-09-02

Description:

(Description Provided by CVE) : Unspecified vulnerability in Java 1.3.1 before 1.3.1_16 on Apple Mac OS X allows an untrusted applet to gain privileges, related to "Mac OS X specific extensions."

[CLOSE] OSVDB ID : 19397 - Disclosed: 2005-09-02

Description:

(Description Provided by CVE) : Java 1.4.2 before 1.4.2 Release 2 on Apple Mac OS X does not prevent multiple programs from opening the same port as a Java ServerSocket, which allows local users to operate a Java program that intercepts network data intended for the ServerSocket of a different Java program.

[CLOSE] OSVDB ID : 25201 - Disclosed: 2005-09-02

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 91085 - Disclosed: 2005-09-02

Description:

IBM WebSphere Application Server contains a flaw related to the plugin-cfg.xml file. The issue is due to the file having unspecified permissions, which likely are too open. While the IBM APAR is not available, based on other "file permission" related APARS, the file may have permissions such as mode 777.

[CLOSE] OSVDB ID : 91084 - Disclosed: 2005-09-02

Description:

IBM WebSphere Application Server (WAS) contains a flaw that is due to the program not properly restricting users. This may allow a remote unauthorized attacker to call the bindingiterator.destory() function.

[CLOSE] OSVDB ID : 91083 - Disclosed: 2005-09-02

Description:

IBM WebSphere Application Server (WAS) contains a flaw that is due to the *=audit trace specification in PD tools not being properly logged by the server. This may allow a remote attacker to conduct attacks with less chance of being discovered.

[CLOSE] OSVDB ID : 91082 - Disclosed: 2005-09-02

Description:

IBM WebSphere Application Server (WAS) contains a flaw that may allow a denial of service. The issue is triggered during the handling of plug-in traffic for the WebSphere App server. This may allow a remote attacker to cause a crash for IHS.

[CLOSE] OSVDB ID : 19152 - Disclosed: 2005-09-01

Description:

(Description Provided by CVE) : Directory traversal vulnerability in the web server for 3Com Network Supervisor 5.0.2 allows remote attackers to read arbitrary files via ".." sequences in the URL to TCP port 21700.

[CLOSE] OSVDB ID : 19153 - Disclosed: 2005-09-01

Description:

(Description Provided by CVE) : Cross-site scripting (XSS) vulnerability in N-Stealth Commercial Edition before 5.8.0.38 and Free Edition before 5.8.1.03 allows remote attackers to inject arbitrary web script or HTML via the Server field in an HTTP response header, which is directly injected into an HTML report.

[CLOSE] OSVDB ID : 19168 - Disclosed: 2005-09-01

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 19169 - Disclosed: 2005-09-01

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 19170 - Disclosed: 2005-09-01

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 19171 - Disclosed: 2005-09-01

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 19172 - Disclosed: 2005-09-01

Description:

Unknown / Incomplete

[CLOSE] OSVDB ID : 19121 - Disclosed: 2005-09-01

Description:

SILC Server and Toolkit contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is due to the program creating temporary files insecurely. It is possible for a user to use a symlink style attack to manipulate arbitrary files, resulting in a loss of integrity.

[CLOSE] OSVDB ID : 19331 - Disclosed: 2005-09-01

Description:

(Description Provided by CVE) : frox 0.7.18, when running setuid root, does not properly drop privileges when reading a configuration file, which allows local users to read portions of arbitrary files via the -f command line option.

[CLOSE] OSVDB ID : 19141 - Disclosed: 2005-09-01

Description:

OpenSSH contains a flaw that may allow a remote user to gain elevated privileges. The issue occurs when GSSAPIDelegateCredentials is enabled and may delegate GSSAPI credentials to arbitrary users that authenticate using non-GSSAPI methods.