| OSVDB ID | Disclosure Date | Title |
|---|
|
13019
Description:
(Description Provided by CVE) : Mozilla 1.6 and possibly other versions allows remote attackers to cause a denial of service (application crash) via a XBM (X BitMap) file with a large (1) height or (2) width value.
|
2005-01-08
|
Mozilla Malformed XBM Image DoS
|
|
24280
Description:
Unknown / Incomplete
|
2005-01-07
|
Condor Unauthorized condor_ Negotiator Announcement
|
|
15333
Description:
Unknown / Incomplete
|
2005-01-07
|
Microsoft Windows Server 2003 EFS File Copy LDAP Connection DoS
|
|
13037
Description:
Unknown / Incomplete
|
2005-01-07
|
vBulletin includes/init.php Unspecified Critical Security Issue
|
|
12791
Description:
(Description Provided by CVE) : Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.
|
2005-01-07
|
Linux Kernel sys_uselib Binary Format Loader Local Privilege Escalation
|
|
13240
Description:
Diebold Global Election Management System (GEMS) contains a flaw related to the local database as it allows arbitrary access. This may allow a local attacker to access the database file storing all cast votes to disclose or edit various data to e.g. manipulate election results.
|
2005-01-07
|
Diebold Global Election Management System (GEMS) Local Database Arbitrary Access
|
|
12836
Description:
A local overflow exists in the Linux kernel. The sg_scsi_ioctl() function fails to validate user-supplied integer values resulting in an integer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
|
2005-01-07
|
Linux Kernel scsi_ioctl.c sg_scsi_ioctl() Overflow
|
|
12837
Description:
A local overflow exists in the Linux kernel. The MoxaDriverIoctl() function fails to validate user-supplied data resulting in a buffer overflow. With a specially crafted request, an attacker can cause arbitrary code execution resulting in a loss of integrity.
|
2005-01-07
|
Linux Kernel MOXA Serial Driver Overflow
|
|
13021
Description:
Unknown / Incomplete
|
2005-01-07
|
Novell GroupWise WebAcces WebAccessUninstall.ini Information Disclosure
|
|
18563
Description:
Unknown / Incomplete
|
2005-01-07
|
SysCP Session Handling Bypass
|
|
12823
Description:
(Description Provided by CVE) : Directory traversal vulnerability in Simple PHP Blog (SPHPBlog) 0.3.7c allows remote attackers to read or create arbitrary files via a .. (dot dot) in the entry parameter.
|
2005-01-07
|
Simple PHP Blog (SPHPBlog) comments.php Traversal Arbitrary .txt File Access
|
|
12824
Description:
Unknown / Incomplete
|
2005-01-07
|
Simple PHP Blog (SPHPBlog) comment_add_cgi.php Traversal Arbitrary Directory Creation
|
|
12822
Description:
MyBulletinBoard contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate the 'Add Event' function upon submission to the 'calendar.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
|
2005-01-07
|
MyBulletinBoard (MyBB) calendar.php Add Event Function XSS
|
|
69926
Description:
MyBB contains a flaw that may allow a remote denial of service. The issue is triggered when Java code is input to the subject field in calendar.php occurs, and will result in loss of availability for the calendar.
|
2005-01-07
|
MyBulletinBoard (MyBB) calendar.php Subject Field Arbitrary Java Code DoS
|
|
12820
Description:
Unknown / Incomplete
|
2005-01-07
|
OCC theme Variable Arbitrary Command Execution
|
|
13047
Description:
Unknown / Incomplete
|
2005-01-07
|
Mozilla Firefox URL Wrap Obfuscation
|
|
12819
Description:
Unknown / Incomplete
|
2005-01-06
|
Symantec Norton Anti-Virus ccErrDsp.ErrorDisplay.1 Object DoS
|
|
18807
Description:
(Description Provided by CVE) : The find_target function in ptrace32.c in the Linux kernel 2.4.x before 2.4.29 does not properly handle a NULL return value from another function, which allows local users to cause a denial of service (kernel crash/oops) by running a 32-bit ltrace program with the -i option on a 64-bit executable program.
|
2005-01-06
|
Linux Kernel ptrace32.c ltrace find_task_by_pid Function Local DoS
|
|
20778
Description:
Unknown / Incomplete
|
2005-01-06
|
Exponent CMS BB Module view_board.php Path Disclosure
|
|
12725
Description:
Amp II engine contains a flaw that may allow a remote denial of service. The issue is triggered when an empty UDP datagram is sent to the listening socket on the server causing an infinite loop, and will result in loss of availability for the service.
|
2005-01-06
|
Amp II Engine Zero Length UDP Packet DoS
|
|
12738
Description:
Sugar Sales contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to index.php not properly sanitizing user input supplied to the moduleDefaultFile variable. This may allow an attacker to include a file from a remote host that contains arbitrary commands which will be executed by the vulnerable script.
|
2005-01-06
|
Sugar Sales index.php Arbitrary Command Execution
|
|
12722
Description:
(Description Provided by CVE) : Directory traversal vulnerability in WinHKI 1.4d allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a zip file.
|
2005-01-06
|
WinHKI Archive Extraction Traversal Arbitrary File Write
|
|
12723
Description:
Unknown / Incomplete
|
2005-01-06
|
WinACE Archive Extraction Traversal Arbitrary File Write
|
|
12724
Description:
A remote overflow exists in LibTIFF. LibTIFF fails to properly check into to the tiffdump utility resulting in a integer overflow. With a specially crafted request, an attacker can cause execution of arbitrary code resulting in a loss of integrity.
|
2005-01-06
|
LibTIFF tiffdump Utility Overflow
|
|
12726
Description:
A remote overflow exists in Exim. Exim fails to properly check input to host_aton() resulting in a buffer overflow. With a specially crafted request of an IPv6 address with more than 8 components, an attacker can cause execution of arbitrary code resulting in a loss of integrity.
|
2005-01-06
|
Exim -be Command Line Option host_aton Function Local Overflow
|
|
12727
Description:
A remote overflow exists in Exim. Exim fails to have sufficient boundary checks in the 'spa_base64_to_bits()' function resulting in a buffer overflow. With a specially crafted request, an attacker can execute arbitrary code in the context of the affected application resulting in a loss of integrity.
|
2005-01-06
|
Exim SPA Authentication spa_base64_to_bits Function Remote Overflow
|
|
12718
Description:
(Description Provided by CVE) : Directory traversal vulnerability in Jeuce Personal Web Server 2.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.
|
2005-01-06
|
Jeuce Personal Web Server Traversal Arbitrary File Access
|
|
12719
Description:
Personal Web Server contains a flaw that may allow a remote denial of service. The issue is triggered when a specially crafted URL occurs, and will result in loss of availability for the service.
|
2005-01-06
|
Jeuce Personal Web Server Malformed URL DoS
|
|
12717
Description:
b2evolution contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the 'title' parameter in the 'index.php' script is not verified properly and will allow an attacker to inject or manipulate SQL queries.
|
2005-01-06
|
b2evolution index.php title Parameter SQL Injection
|
|
12848
Description:
(Description Provided by CVE) : Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are few attack vectors which would lead to an escalation of privileges, unless htdigest is executed from a CGI program. Therefore this may not be a vulnerability.
|
2005-01-05
|
Apache HTTP Server htdigest realm Variable Overflow
|
|
12814
Description:
PHPKIT contains a flaw that will allow a remote attacker to inject arbitrary SQL code. The problem is that the 'id' parameter in the 'userinfo.php' script is not verified properly and will allow a remote attacker to inject or manipulate SQL queries.
|
2005-01-05
|
PHPKIT userinfo.php id Parameter SQL Injection
|
|
53439
Description:
Unknown / Incomplete
|
2005-01-05
|
VideoDB edit.php Database Editing Unspecified Unauthorized Access
|
|
53438
Description:
Unknown / Incomplete
|
2005-01-05
|
VideoDB Unspecified SQL Injection
|
|
12785
Description:
Unknown / Incomplete
|
2005-01-05
|
Dillo Web Browser Table HTML Tag Multiple Attribute DoS
|
|
12790
Description:
A buffer overflow exists in NetWare. The CIFS.NLM driver fails to validate unspecified data resulting in a stack overflow. With a specially crafted request, a remote attacker can cause arbitrary code execution resulting in a loss of integrity.
|
2005-01-05
|
Novell NetWare Unspecified CIFS.NLM Remote Overflow
|
|
12799
Description:
Unknown / Incomplete
|
2005-01-05
|
MyCart settings.ini Remote Information Disclosure
|
|
22312
Description:
(Description Provided by CVE) : NetSarang Xlpd 2.1 allows remote attackers to cause a denial of service (crash) via a large number of connections from the same IP address.
|
2005-01-05
|
Xlpd Connection Saturation Remote DoS
|
|
12796
Description:
Unknown / Incomplete
|
2005-01-05
|
VideoDB Unspecified XSS
|
|
12808
Description:
(Description Provided by CVE) : TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) via a GET request containing an MS-DOS device name.
|
2005-01-04
|
3Com 3CDaemon TFTP Reserved Device Name Remote DoS
|
|
12712
Description:
(Description Provided by CVE) : Directory traversal vulnerability in index.php in QwikiWiki allows remote attackers to read arbitrary files via a .. (dot dot) and a %00 at the end of the filename in the page parameter.
|
2005-01-04
|
QwikiWiki index.php Traversal Arbitrary File Retrieval
|
