objects.inc.php4 in BLNews 2.1.3 allows remote attackers to execute arbitrary PHP code via a Server[path] parameter that points to malicious code on an attacker-controlled web site. Date published : 2003-06-10 http://www.securityfocus.com/bid/7677 http://marc.info/?l=bugtraq&m=105379530927567&w=2
Privacyware Privatefirewall 3.0 does not block certain incoming packets when in "Filter Internet Traffic" or Deny Internet Traffic" modes, which allows remote attackers to identify running services via FIN scans or Xmas scans. Date...
Directory traversal vulnerability in ST FTP Service 3.0 allows remote attackers to list arbitrary directories via a CD command with a DoS drive letter argument (e.g. E:). Date published : 2003-06-10 http://marc.info/?l=bugtraq&m=105372353017778&w=2
Format string vulnerability in Magic WinMail Server 2.3, and possibly other 2.x versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in the...
Multiple buffer overflows in Options Parsing Tool (OPT) shared library 3.18 and earlier, when used in setuid programs, may allow local users to execute arbitrary code via long command line options that are fed...
OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP addresses and with VerifyReverseMapping disabled, allows remote attackers to bypass "from=" and "user@host" address restrictions by connecting to a host from a system...
Buffer overflow in xaos 3.0-23 and earlier, when running setuid, allows local users to gain root privileges via a long -language option. Date published : 2003-06-10 http://marc.info/?l=bugtraq&m=105491469815197&w=2 http://www.debian.org/security/2003/dsa-310
Buffer overflow in Eterm 0.9.2 allows local users to gain privileges via a long ETERMPATH environment variable. Date published : 2003-06-10 http://www.securityfocus.com/bid/7708 http://marc.info/?l=bugtraq&m=105427580626001&w=2
Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and possibly later versions, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long filename. Date published...
znew in the gzip package allows local users to overwrite arbitrary files via a symlink attack on temporary files. Date published : 2003-06-10 http://www.securityfocus.com/bid/7872 http://www.openpkg.org/security/OpenPKG-SA-2003.031-gzip.html
The Kerberos login authentication feature in Mac OS X, when used with an LDAPv3 server and LDAP bind authentication, may send cleartext passwords to the LDAP server when the AuthenticationAuthority attribute is not set....
SQL injection vulnerability in the web-based administration interface for iisPROTECT 2.2-r4, and possibly earlier versions, allows remote attackers to insert arbitrary SQL and execute code via certain variables, as demonstrated using the GroupName variable...
Buffer overflow in Eudora 5.2.1 allows remote attackers to cause a denial of service (crash and failed restart) and possibly execute arbitrary code via an Attachment Converted argument with a large number of ....
Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB 1.8.x (aka Partagium) allows remote attackers to insert arbitrary HTML and web script via the "member" parameter. Date published : 2003-06-06 http://www.securityfocus.com/bid/7662 http://marc.info/?l=bugtraq&m=105363936402228&w=2