Buffer overflow in DameWare Mini Remote Control before 3.73 allows remote attackers to execute arbitrary code via a long pre-authentication request to TCP port 6129. Date published : 2004-01-15 http://www.securityfocus.com/bid/9213 http://marc.info/?l=bugtraq&m=107152094119279&w=2
The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote attackers to cause a denial of service (infinite loop and memory consumption) via a packet with invalid data to UDP port 1701, which...
Cross-site scripting (XSS) vulnerability in the create CGI script for Mailman before 2.1.3 allows remote attackers to steal cookies of other users. Date published : 2004-01-15 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842 http://mail.python.org/pipermail/mailman-announce/2003-September/000061.html
tcpdump before 3.8.1 allows remote attackers to cause a denial of service (infinite loop) via certain ISAKMP packets, a different vulnerability than CVE-2004-0057. Date published : 2004-01-15 http://lists.apple.com/archives/security-announce/2004/Feb/msg00000.html http://www.securityfocus.com/bid/9507
Cross-site scripting (XSS) vulnerability in the admin CGI script for Mailman before 2.1.4 allows remote attackers to steal session cookies and conduct unauthorized activities. Date published : 2004-01-15 http://www.securityfocus.com/bid/9336 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000842
Buffer overflow in the H.323 filter of Microsoft Internet Security and Acceleration Server 2000 allows remote attackers to execute arbitrary code in the Microsoft Firewall Service via certain H.323 traffic, as demonstrated by the...
PHP remote file inclusion vulnerability in (1) config.php and (2) config_page.php for EasyDynamicPages 2.0 allows remote attackers to execute arbitrary PHP code by modifying the edp_relative_path parameter to reference a URL on a remote...
Directory traversal vulnerability in Accipiter Direct Server 6.0 allows remote attackers to read arbitrary files via encoded .. (backslash .., "%5c%2e%2e") sequences in an HTTP request. Date published : 2004-01-15 http://www.securityfocus.com/bid/9389 http://marc.info/?l=bugtraq&m=107392576215418&w=2
Directory traversal vulnerability in buildManPage in class.manpagelookup.php for PHP Man Page Lookup 1.2.0 allows remote attackers to read arbitrary files via the command parameter ($cmd variable) to index.php. Date published : 2004-01-15 http://www.securityfocus.com/bid/9395 http://marc.info/?l=bugtraq&m=107392764118403&w=2
Format string vulnerability in HD Soft Windows FTP Server 1.6 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the username, which is processed by the wscanf function. Date...
Multiple cross-site scripting (XSS) vulnerabilities in phpGedView before 2.65 allow remote attackers to inject arbitrary HTML or web script via (1) descendancy.php, (2) index.php, (3) individual.php, (4) login.php, (5) relationship.php, (6) source.php, (7) imageview.php,...
phpGedView before 2.65 allows remote attackers to obtain the absolute path of the web server via malformed parameters to (1) indilist.php, (2) famlist.php, (3) placelist.php, (4) imageview.php, (5) timeline.php, (6) clippings.php, (7) login.php, and...
Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow remote attackers to execute arbitrary SQL via (1) timeline.php and (2) placelist.php. Date published : 2004-01-15 http://www.securityfocus.com/bid/11910 http://www.securityfocus.com/bid/11925
The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows local users to overwrite arbitrary files via a symlink attack on files within the tmp.SuSEconfig.gnome-filesystem.$RANDOM temporary directory. Date published : 2004-01-15 http://www.securityfocus.com/bid/9411 http://marc.info/?l=bugtraq&m=107402658600437&w=2