CVEs

Buffer overflows in wmtv 0.6.5 and earlier may allow local users to gain privileges.

wmtv 0.6.5 and earlier allows local users to modify arbitrary files via a symlink attack on a configuration file.

PHP for Windows, when installed on Apache 2.0.28 beta as a standalone CGI module, allows remote attackers to obtain the physical path of the php.exe via a request with malformed arguments such as /123, which leaks the pathname in the error message.

Web configuration utility in HP AdvanceStack hubs J3200A through J3210A with firmware version A.03.07 and earlier, allows unauthorized users to bypass authentication via a direct HTTP request to the web_access.html file, which allows the user to change the switch's configuration…

Buffer overflow in licq 1.0.4 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string of format string characters such as "%d".

Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote web servers to execute arbitrary code via a response containing a long Content-Type MIME header.

PHP, when not configured with the "display_errors = Off" setting in php.ini, allows remote attackers to obtain the physical path for an include file via a trailing slash in a request to a directly accessible PHP program, which modifies the base path, causes the include directive…

ICQ 2001b Build 3659 allows remote attackers to cause a denial of service (crash) via a malformed picture that contains large height and width values, which causes the crash when viewed in Userdetails.

The default configuration of Arescom NetDSL 800 does not require authentication, which allows remote attackers to cause a denial of service or reconfigure the router.

The telnet port in Arescom NetDSL 1000 router allows remote attackers to cause a denial of service via a series of connections with long strings, which causes a large number of login failures and causes the telnet service to stop.

Cross-site scripting vulnerability in auction.pl of MakeBid Auction Deluxe 3.30 allows remote attackers to obtain information from other users via the form fields (1) TITLE, (2) DESCTIT, (3) DESC, (4) searchstring, (5) ALIAS, (6) EMAIL, (7) ADDRESS1, (8) ADDRESS2, (9) ADDRESS3,…

Merak Mail IceWarp Web Mail uses a static identifier as a user session ID that does not change across sessions, which could allow remote attackers with access to the ID to gain privileges as that user, e.g. by extracting the ID from the user's answer or forward URLs.

InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and account data in plaintext in (1) .pwd files in the miniportal/apache directory, or (2) mplog.txt, which could allow local users to gain privileges.

Buffer overflow in InstantServers MiniPortal 1.1.5 and earlier allows remote attackers to execute arbitrary code via a long login name, which is not properly handled by the logging utility.

Directory traversal vulnerability in InstantServers MiniPortal 1.1.5 and earlier allows remote authenticated users to read arbitrary files via a ... (modified dot dot) in the GET command.

Directory traversal vulnerability in netget for Sybex E-Trainer web server allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.

Buffer overflow in EasyBoard 2000 1.27 (aka EZboard) allows remote attackers to execute arbitrary code via a long boundary value in a multipart Content-Type header to (1) ezboard.cgi, (2) ezman.cgi, or (3) ezadmin.cgi.

PowerFTP Personal FTP Server 2.03 through 2.10 stores sensitive account information in plaintext in the ftpserver.ini file, which allows attackers with access to the file to gain privileges.

Sawmill for Solaris 6.2.14 and earlier creates the AdminPassword file with world-writable permissions, which allows local users to gain privileges by modifying the file.

Thunderstone Texis CGI script allows remote attackers to obtain the full path of the web root via a request for a nonexistent file, which generates an error message that includes the full pathname.

preferences.php in Simple Internet Publishing System (SIPS) before 0.3.1 allows remote attackers to gain administrative privileges via a linebreak in the "theme" field followed by the Status::admin command, which causes the Status line to be entered into the password file.

Identix BioLogon 3 allows users with physical access to the system to gain administrative privileges by using CTRL-ALT-DEL and running a "Browse" function, which runs Explorer with SYSTEM privileges.

Internet Explorer 5.x and 6 interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect, possibly through web applications that use a text/plain…

Opera, when configured with the "Determine action by MIME type" option disabled, interprets an object as an HTML document even when its MIME Content-Type is text/plain, which could allow remote attackers to execute arbitrary script in documents that the user does not expect,…

Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows local users to modify files of other users via a symlink attack on temporary files.

netstat in SGI IRIX before 6.5.12 allows local users to determine the existence of files on the system, even if the users do not have the appropriate permissions.

Vulnerability in XFS filesystem reorganizer (fsr_xfs) in SGI IRIX 6.5.10 and earlier allows local users to gain root privileges by overwriting critical system files.

Buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows remote attackers to execute arbitrary code via a long AddExternalApp request and a TLV type greater than 0x2711.

ghostscript before 6.53 allows attackers to execute arbitrary commands by using .locksafe or .setsafe to reset the current pagedevice.

Format string vulnerability in the logging function for the pam_ldap PAM LDAP module before version 144 allows attackers to execute arbitrary code via format strings in the configuration file name.

Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows remote attackers to execute arbitrary Javascript via a URL with the script in the HTNAME parameter.

Gaim 0.57 stores sensitive information in world-readable and group-writable files in the /tmp directory, which allows local users to access MSN web email accounts of other users who run Gaim by reading authentication information from the files.

Buffer overflow in the vpnclient program for UNIX VPN Client before 3.5.2 allows local users to gain administrative privileges via a long profile name in a connect argument.

Multiple buffer overflows in Oracle Web Cache for Oracle 9i Application Server (9iAS) allow remote attackers to execute arbitrary code via unknown vectors.

Beck GmbH IPC@Chip TelnetD service supports only one connection and does not disconnect a user who does not complete the login process, which allows remote attackers to lock out the administrator account by connecting to the service.

Block_render_url.class in PHPSlash 0.6.1 allows remote attackers with PHPSlash administrator privileges to read arbitrary files by creating a block and specifying the target file as the source URL.

Memory leak in RealSecure Event Collector 6.5 allows attackers to cause a denial of service (memory consumption and crash).

Buffer overflows in extended stored procedures for Microsoft SQL Server 7.0 and 2000 allow remote attackers to cause a denial of service or execute arbitrary code via a database query with certain long arguments.

Nautilus 1.0.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on the .nautilus-metafile.xml metadata file.

IRISconsole 2.0 may allow users to log into the icadmin account with an incorrect password in some circumstances, which could allow users to gain privileges.

/dev/ipfilter on SGI IRIX 6.5 is installed by /dev/MAKEDEV with insecure default permissions (644), which could allow a local user to cause a denial of service (traffic disruption).

Buffer overflow in cpr for the eoe.sw.cpr SGI Checkpoint-Restart Software package on SGI IRIX 6.5.10 and earlier may allow local users to gain root privileges.

Sudo before 1.6.6 contains an off-by-one error that can result in a heap-based buffer overflow that may allow local users to gain root privileges via special characters in the -p (prompt) argument, which are not properly expanded.

mod_python version 2.7.6 and earlier allows a module indirectly imported by a published module to then be accessed via the publisher, which allows remote attackers to call possibly dangerous functions from the imported module.

GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the server root is somewhere within the path, which could allow remote attackers to read or write files outside of the web root, in other directories whose path includes the web root.

psyBNC 2.3 beta and earlier allows remote attackers to spoof encrypted, trusted messages by sending lines that begin with the "[B]" sequence, which makes the message appear legitimate.

Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used in other programs such as xamime and inflex, allows remote attackers to execute arbitrary code via an attachment in a long filename.

Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an argument with a large number of backslashes.

Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service via an HTTP request for an MS-DOS device name.

Cyberstop Web Server for Windows 0.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long HTTP GET request, possibly triggering a buffer overflow.