SNAP Innovation's PrimeBase Database 4.2 employs a poor use of file creation and default file permissions that could allow a local attacker to gain administrative privileges.
126d4fc6faa462a7f475dbaf8949f35c75b0233ca041cf7689ed0d082e73ec95
Three vulnerabilities lie in the ASN.1 parsing for OpenSSL versions up to 0.9.6j and 0.9.7b and all versions of SSLeay. All of the vulnerabilities result in a denial of service and there is still speculation as to whether possible arbitrary code execution is possible.
b3a054a80e183ee9996bf23fe17f411cffbc53822ce4c45df525f230abf2d795
The Gamespy 3d IRC client allows for remote code execution through memory corruption caused by excessive data from the IRC server.
8cf32072b303eedbcd8201c186b0ca5191445694e091925bdd9526edc263b229
CERT Advisory notice that clarifies the slew of recent vulnerabilities in OpenSSH. It covers the buffer management errors, PAM challenge authentication failures, and the PAM conversion stack corruption.
8449aa3e99be0546fbd8e7e2af73625b1196bbdd34a3db0ff39bbc6bb7a4050a
Debian Security Advisory DSA 392-1 - webfs has been found vulnerable to buffer overflows and multiple directory traversal attacks.
9443b8e1123e6cdc03ed05065c4960fe80ad9286e2141b58396091a3b511d50b
SGI Security Advisory 20030902-01-P - It has been reported that certain Microsoft RPC scanning can cause the DCE daemon dced to abort, causing a denial of service vulnerability.
aff987ebea44700e772f00905cc18391b6bb9872ff70d9c1c6d4a9fb41d1b8d0
MPlayer versions 0.90pre to 1.0pre1 are susceptible to a remotely exploitable buffer overflow vulnerability. A malicious host can craft a harmful ASX header, and trick MPlayer into executing arbitrary code upon parsing that header.
2af2556fcb1380006342d2625cc0b7b5db7a48e6698ee3f1c1fe8ae31e1793d5
The cfservd daemon in Cfengine 2.x prior to version 2.08 has an exploitable stack overflow in the network I/O code used.
4f06f3f2f02b486dfdd217a7ff03223f7424d241ec1afc4a509699b4844b8187
sbox version 1.04, the CGI wrapper that allows for safer execution of scripts, has a path disclosure vulnerability.
fc5c9dad742ebccdda421f6976490552abe905fc46a6e3f379b4330516de256a
Macromedia's ColdFusion is susceptible to a cross site scripting attack under certain conditions.
a735d602394b50e656bc281563c0a6fa0a3b76a6ea07c95001ca5055469a229a
Re-Boot Design ASP Forum is vulnerable to a SQL injection attack that allows remote accessing of a user account without prior knowledge of their password.
e678d70617cc30fc5813f731c6760853903497a982dccceee63e02e782e18f04
Thread-ITSQL is susceptible to cross site scripting attacks in its Topic Title, Name and Message fields.
a8673828a2c183f9ff8049970d8dbf6c66a148d78e082ca0072c4acc741f989a
The Thread-IT Message board is vulnerable to cross site scripting injection via the Topic Title, Name and Message fields.
10e3db50f48b3886d5c8ae6c8e46cadf3fa8ec612cab4d818e88e79ee5f0385f
Comment Board is susceptible to cross site scripting attacks in the Topic Title, Name, and Message fields.
827dc62fdf35b1cc001920e7959315e067206ab13b453f97e6841f66fd718d36
FreeBSD Security Advisory FreeBSD-SA-03:14.arp - Under certain circumstances, it is possible for an attacker to flood a FreeBSD system with spoofed ARP requests, causing resource starvation which eventually results in a system panic.
dde29ce8a88cf20ce908f5b73c17ed056e549898e79d57c425cc8cd42cc921c5
Guardian Digital Security Advisory - The Guardian Digital WebTool mistakingly uses a GET method instead of a POST method when passing along a user passphrase for SSH keys being generated allowing for the passphrases to get logged in /var/log/userpass.log along with the rest of the query string.
f3c7790699c2de28eff06ee5c00de602e489b1a387068cec05c864ef10156833
TCLHttpd version 3.4.2 is susceptible to arbitrary directory browsing when an absolute path is entered against Dirlist.tcl even though it does prevent and filter basic URL attacks. This release also suffers from multiple cross site scripting vulnerabilities.
cd7f1d11b3ca6f5557a7089d0ad41c6cfe112cbae11c131b99ae3ae789457d9e
The Oracle-Proxy aka SQL-Gateway of Gauntlet Firewall version 6 crashes when invalid data is sent over any defined SQL-gw disallowing any future connections.
a0e10a92d97abbd19d53edba384816435d156b0d725e5b27d36f4936aab82bbe
NULLhttpd version 0.5.1 and below is vulnerable to a simple cross-site scripting attack.
9bd9eaaee3c3e86fe3542b65ecfc1b31fb82cef2f2febf220de60c32a9c33f01
NULLhttpd version 0.5.1 and below is vulnerable to a remote denial of service attack that utilizes 100% of the CPU and consumes any unused memory.
5e460644a7de9fa6951e7addf77a7867790c8a4a7e60614db8e8431f63fde7dc
PROTEGO Security Advisory #PSA200302 - MondoSearch versions 4.4, 5.0, and 5.1 are all susceptible to having arbitrary ASP code executed on the server via the Msmsetup.exe binary.
dd2110920726df2b84f352c14daafac87f04aa60c0693776f805424930b8f0f7
ISS Security Advisory - A flaw in the ProFTPD Unix FTP server versions 1.2.7 through 1.2.9rc2 allows an attacker capable of uploading files the ability to trigger a buffer overflow and execute arbitrary code.
0b7e33b20eb6e39707bf6f99835e0d7b6a4c02fe435aa0e95c32fea7585d8dee
AppScan 4 Audit Edition has a flaw where the Explore stage of the utility has an automatic scan option. When a reference to a URL in an href tag is made using a wrapper function instead of directly calling window.open or document.location javascript functions, AppScan will not detect the link and the URL will not be tested against any attack.
738c67afd76910eef51c248ffef68d21df6238a1d7277ac9314af039a2a5aabe
Moozatech Advisory - wzdftpd FTP server version 0.1rc5 is vulnerable to a remote denial of service when an internal check during the login process verifies the input. Sending a single CRLF sequence at login will cause an Unhandled exception.
9dc709a32ecc61f75ab26f3b3ad333db8c02afd077bd2ccd557d391336f40994
Both OpenSSH portable versions 3.7p1 and 3.7.1p1 contain multiple vulnerabilities in the new PAM code with at least one of the bugs being remotely exploitable.
6039997a0d3920e9ec4076fc04dcbce3949da71808527bf29c18e4ad183aa448