CVE-2005-4823

Buffer overflow in the HP HTTP Server 5.0 through 5.95 of the HP Web-enabled Management Software allows remote attackers to execute arbitrary code via unknown vectors...

Lore 1.5.4/1.5.6 - 'article.php' SQL Injection

source: https://www.securityfocus.com/bid/15665/info Lore is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or...

security flaw

The RFC1867 file upload feature in PHP 4.x up to 4.4.0 and 5.x up to 5.0.5, when registerglobals is enabled, allows remote attackers to modify the GLOBALS array and bypass security protections of PHP applications via a multipart/form-data POST request with a "GLOBALS" fileupload field...

security flaw

Stack-based buffer overflow in the ntlmoutput function in http-ntlm.c for 1 wget 1.10, 2 curl 7.13.2, and 3 libcurl 7.13.2, and other products that use libcurl, when NTLM authentication is enabled, allows remote servers to execute arbitrary code via a long NTLM username...

security flaw

Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service crash via unknown vectors in 1 the IrDA dissector and 2 the SMB dissector when SMB transaction payload reassembly is enabled...

GLSA-200510-03 : Uim: Privilege escalation vulnerability

The remote host is affected by the vulnerability described in GLSA-200510-03 Uim: Privilege escalation vulnerability Masanari Yamamoto discovered that Uim uses environment variables incorrectly. This bug causes a privilege escalation if setuid/setgid applications are linked to libuim. This bug on...

DEBIAN-CVE-2005-2654

phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disableanonbind is set, via an HTTP request to login.php with the anonymousbind parameter set...

lglass20040427.txt

9.05 27/08/2005 Looking Glass v20040427 arbitrary commands execution / cross site scripting description: Looking Glass is a pretty extensive web based network querying tool for use on php enabled servers. site: http://de-neef.net/articles.php?id=2&page=1 download page:...

security flaw

vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the 1 glob or 2 expand commands of a foldexpr expression for calculating fold levels...

CVE-2004-2435

The vulnerability CVE-2004-2435 affects PeopleSoft HRMS 7.0 when “web enabled” via HTML Access, enabling Cross-site Scripting (XSS) . The issue arises from the handling of (1) debugging and (2) utility scripts, allowing remote attackers to inject arbitrary web script or HTML. Current connected so...

PT-2005-2520 · Awstats · Awstats

Name of the Vulnerable Software and Affected Versions: AWStats versions 6.4 and earlier Description: The issue allows remote attackers to execute arbitrary Perl code via the HTTP Referrer when a URLPlugin is enabled. This is achieved by inserting the $url parameter into an eval function call,...

Microsoft Windows Kerberos PKINIT Man In The Middle Vulnerability

Description The PKINIT implementation in Microsoft Windows is susceptible to a man in the middle vulnerability. This issue is due to a failure of the software to properly validate network data. This issue is only exploitable by attackers that have access to valid logon credentials. Attackers...

CVE-2005-2353

run-mozilla.sh in Thunderbird, with debugging enabled, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files...

CVE-2005-2353

run-mozilla.sh in Thunderbird, with debugging enabled, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files...

DEBIAN-CVE-2005-2368

vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the 1 glob or 2 expand commands of a foldexpr expression for calculating fold levels...

CVE-2005-2368

vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the 1 glob or 2 expand commands of a foldexpr expression for calculating fold levels...

CVE-2005-0757

The xattr file system code, as backported in Red Hat Enterprise Linux 3 on 64-bit systems, does not properly handle certain offsets, which allows local users to cause a denial of service system crash via certain actions on an ext3 file system with extended attributes enabled...

kernel -- information disclosure when using HTT

Problem description and impact When running on processors supporting Hyper-Threading Technology, it is possible for a malicious thread to monitor the execution of another thread. Information may be disclosed to local users, allowing in many cases for privilege escalation. For example, on a...

CVE-2004-1811

The CVE-2004-1811 entry concerns the SSL HTTP Server in HP Web-enabled Management Software (versions 5.0–5.92) where anonymous access enables remote attackers to replace trusted certificates by uploading their own. This could compromise certificate trust and related communications. The available ...

CVE-2004-1811

The SSL HTTP Server in HP Web-enabled Management Software 5.0 through 5.92, with anonymous access enabled, allows remote attackers to compromise the trusted certificates by uploading their own certificates...