Vulnerabilities (CVE)

Directory traversal vulnerability in ldacgi.exe in IBM Tivoli Directory Server 4.1 and earlier allows remote attackers to view arbitrary files via a .. (dot dot) in the Template parameter.

Denial of service in syslog by sending it a large number of superfluous messages.

Multiple SQL injection vulnerabilities in PunBB 1.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) language parameter to register.php, (2) change email feature in profile.php, (3) posts or (4) topics parameter to moderate.php.

Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.11.6-15, and possibly other versions after 8.11 from 5/19/1998, allows attackers to bypass the intended restrictions of smrsh by inserting additional commands after (1) "||" sequences or (2) "/" characters, which are not properly filtered or verified.

Buffer overflow in SCO mscreen allows local users to gain root privileges via a long terminal entry (TERM) in the .mscreenrc file.

Panda Platinum Internet Security 2006 10.02.01 and 2007 11.00.00 stores service executables under the product's installation directory with weak permissions, which allows local users to obtain LocalSystem privileges by modifying (1) WebProxy.exe or (2) PAVSRV51.EXE.

Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears phpCodeCabinet 0.4 and earlier allow remote attackers to inject arbitrary web script or HTML via multiple parameters, including (1) the sid parameter to comments.php, (2) the cid, cf, or rfd parameters to category.php, or the cid parameter to (3) input.php, (4) browse.php, (5) themes/facade/header.php, or (6) themes/phpcc/header.php.

Cross-site scripting vulnerability (XSS) in editform.php for w-Agora 4.1.5 allows remote attackers to execute arbitrary web script via an arbitrary form field name containing the script, which is echoed back to the user when displaying the form.

SQL injection vulnerability in article.php in PostNuke 0.62 through 0.64 allows remote attackers to bypass authentication via the user parameter.

Matt's Whois program whois.cgi allows remote attackers to execute commands via shell metacharacters in the domain entry.

VariCAD 7.0 is installed with world-writeable files, which allows local users to replace the VariCAD programs with a Trojan horse program.

SMS 1.9.2m and earlier allows local users to overwrite arbitrary files via a symlink attack on the (1) request1 or (2) request2 temporary files.

Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQL commands via the (1) tid parameter in the (a) todo/view (aka TODO List View), (b) todo/modify (aka TODO List Modify), or (c) todo/delete functionality; the (2) pid parameter in the (d) workflow/view or (e) workflow/print functionality; the (3) uid parameter in the (f) schedule/user_view, (g) phonemessage/add, (h) phonemessage/history, or (i) schedule/view functional ... Multiple SQL injection vulnerabilities in Cybozu Garoon 2.1.0 for Windows allow remote authenticated users to execute arbitrary SQL commands via the (1) tid parameter in the (a) todo/view (aka TODO List View), (b) todo/modify (aka TODO List Modify), or (c) todo/delete functionality; the (2) pid parameter in the (d) workflow/view or (e) workflow/print functionality; the (3) uid parameter in the (f) schedule/user_view, (g) phonemessage/add, (h) phonemessage/history, or (i) schedule/view functionality; the (4) cid parameter in (j) todo/index; the (5) iid parameter in the (k) memo/view or (l) memo/print functionality; or the (6) event parameter in the (m) schedule/view functionality.

Show More

Buffer overflow in the Mac OS X kernel 10.2.8 and earlier allows local users, and possibly remote attackers, to cause a denial of service (crash), access portions of memory, and possibly execute arbitrary code via a long command line argument (argv[]).

Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to store usernames and passwords in the SNMP MIB, which allows an attacker who knows the community name to crack the password and gain privileges.

Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when using recursive folder compression, allows remote attackers to execute arbitrary code via a ZIP file containing a long pathname.

Microsoft IIS 5.1 and 6 allows remote attackers to spoof the SERVER_NAME variable to bypass security checks and conduct various attacks via a GET request with an http://localhost URI, which makes it appear as if the request is coming from localhost.

The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and (2) linprocfs on FreeBSD 5.x through 5.3, do not properly validate a process argument vector, which allows local users to cause a denial of service (panic) or read portions of kernel memory. NOTE: this candidate might be SPLIT into 2 separate items in the future.

Mozilla Firefox before 0.10.1 allows remote attackers to delete arbitrary files in the download directory via a crafted data: URI that is not properly handled when the user clicks the Save button.

Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests (a.k.a. rewriting) when client browsers have cookies enabled, which allows remote attackers to obtain session IDs and hijack sessions via HTTP referrer fields or sniffing.

Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."

Buffer overflow in SNMP daemon (snmpd) on SGI IRIX 6.5 through 6.5.15m allows remote attackers to execute arbitrary code via an SNMP request.

ping.php in Russcom.Ping allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter.

Ethereal 0.9.15 and earlier, and Tethereal, allows remote attackers to cause a denial of service (crash) via certain malformed (1) ISAKMP or (2) MEGACO packets.

Buffer overflow in SMB (Server Message Block) protocol in Microsoft Windows NT, Windows 2000, and Windows XP allows attackers to cause a denial of service (crash) via a SMB_COM_TRANSACTION packet with a request for the (1) NetShareEnum, (2) NetServerEnum2, or (3) NetServerEnum3, aka "Unchecked Buffer in Network Share Provider Can Lead to Denial of Service".

Unknown vulnerability in Sun Java System Application Server 7.0 Update 2 and earlier, when a SOAP web service expects an array of objects as an argument, allows remote attackers to cause a denial of service (memory consumption).

Windows NT 4.0 allows local users to cause a denial of service (crash) via an illegal kernel mode address to the functions (1) GetThreadContext or (2) SetThreadContext.

MiniGal 2 (MG2) 0.5.1 allows remote attackers to list password protected images via a request to index.php with the list parameter set to * (wildcard) and the page parameter set to all.

Directory traversal vulnerability in wce.download.php in Comdev eCommerce 3.0 allows remote attackers to download arbitrary files via a .. (dot dot) in the download parameter.

Unknown vulnerability in (1) duplicates.cgi and (2) buglist.cgi in Bugzilla 2.16.x before 2.16.6, 2.18 before 2.18rc1, when configured to hide products, allows remote attackers to view hidden products.

tkdiff before 4.1.1 allows local users to overwrite arbitrary files via a symlink attack on temporary files.

nss_ldap earlier than 121, when run with nscd (name service caching daemon), allows remote attackers to cause a denial of service via a flood of LDAP requests.

Unrestricted file upload vulnerability in connectors/php/connector.php in FCKeditor mcpuk file manager, as used in (1) Geeklog 1.4.0 through 1.4.0sr3, (2) toendaCMS 1.0.0 Shizouka Stable and earlier, (3) WeBid 0.5.4, and possibly other products, when installed on Apache with mod_mime, allows remote attackers to upload and execute arbitrary PHP code via a filename with a .php extension and a trailing extension that is allowed, such as .zip.

SQL injection vulnerability in WEB//NEWS 1.4 allows remote attackers to execute arbitrary SQL commands via the (1) wn_userpw parameter to startup.php, (2) cat, (3) id, or (4) stof parameter to news.php, or (5) id parameter to print.php.

The FTP service in Zaurus PDAs SL-5000D and SL-5500 does not require authentication, which allows remote attackers to access the file system as root.

PHP remote file inclusion vulnerability in EasyPHPCalendar 6.1.5 and earlier allows remote attackers to execute arbitrary code via the serverPath parameter.

CDomain whois_raw.cgi whois CGI script allows remote attackers to execute arbitrary commands via shell metacharacters in the fqdn parameter.

TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) via a GET request containing an MS-DOS device name.

Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain type to prevent cross-site scripting attacks.

Directory traversal vulnerability in NetWin SurgeFTP 2.0a and 1.0b allows a remote attacker to list arbitrary files and directories via the 'nlist ...' command.