describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly verify group membership when bug entry groups are used, which allows remote attackers to list component descriptions for otherwise restricted products. Date published : 2004-06-03...
votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote attackers to read a user’s voting page when that user has voted on a restricted bug, which allows remote attackers to read...
editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is enabled, does not properly remove group add privileges from a group that is being deleted, which allows users with those privileges to perform unauthorized additions...
SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, allows remote authenticated users with editkeywords privileges to execute arbitrary SQL via the id parameter to editkeywords.cgi. Date published : 2004-06-03 http://www.securityfocus.com/bid/8953...
SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and earlier allows remote authenticated users with editproducts privileges to execute arbitrary SQL via the product name. Date published : 2004-06-03 http://www.securityfocus.com/bid/8953 http://www.securityfocus.com/archive/1/343185
msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users to overwrite arbitrary files via a symlink attack on predictable temporary file names ("word$$.html"). Date published : 2004-06-03 http://www.securityfocus.com/bid/11560 http://bugs.debian.org/cgi-bin/bugreport.cgi?archive=no&bug=183525
Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute arbitrary code as root. Date published : 2004-06-03 http://www.securityfocus.com/bid/10448 http://marc.info/?l=bugtraq&m=108612325909496&w=2
SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown impact, probably via abook_database.php. Date published : 2004-06-03 http://www.securityfocus.com/advisories/7148 http://www.securityfocus.com/bid/10397
Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and script via the content-type mail header, as demonstrated using read_body.php. Date published : 2004-06-03 http://www.securityfocus.com/bid/10439 http://marc.info/?l=bugtraq&m=108611554415078&w=2
Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users and possibly steal authentication information via multiple attack vectors, including the mailbox parameter in compose.php. Date...
Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4, related to "the use of SSH and reporting errors," has unknown impact and attack vectors. Date published : 2004-06-03 http://lists.seifried.org/pipermail/security/2004-May/003743.html http://securitytracker.com/id?1010333
Unknown vulnerability in Mac OS X 10.3.4, related to "handling of process IDs during package installation," a different vulnerability than CVE-2004-0516. Date published : 2004-06-03 http://lists.seifried.org/pipermail/security/2004-May/003743.html http://www.securityfocus.com/bid/10432
Unknown vulnerability in Mac OS X 10.3.4, related to "package installation scripts," a different vulnerability than CVE-2004-0517. Date published : 2004-06-03 http://lists.seifried.org/pipermail/security/2004-May/003743.html http://www.securityfocus.com/bid/10432
Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to "handling of console log files." Date published : 2004-06-03 http://lists.seifried.org/pipermail/security/2004-May/003743.html http://www.securityfocus.com/bid/10432