Monthly Archive: July 2004

Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper (epmap) on HP-UX 11 allows remote attackers to execute arbitrary code via a request with a small fragment length and a large...

Sun Java System Portal Server 6.2 (formerly Sun ONE) allows remote authenticated users to obtain Calendar Server privileges and modify Calendar data by changing the display options to a non-default view. Date published :...

LionMax Software WWW File Share Pro 2.60 allows remote attackers to cause a denial of service (crash or hang) via a long URL, possibly triggering a buffer overflow. Date published : 2004-07-23 http://marc.info/?l=bugtraq&m=109035774701051&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/16754

The HTTP server in Lexmark T522 and possibly other models allows remote attackers to cause a denial of service (server crash, reload, or hang) via an HTTP header with a long Host field, possibly...

Buffer overflow in Whisper FTP Surfer 1.0.7 allows remote FTP servers to cause a denial of service (client crash) and possibly execute arbitrary code via a long filename. Date published : 2004-07-23 http://marc.info/?l=bugtraq&m=109035224715409&w=2 http://lists.grok.org.uk/pipermail/full-disclosure/2004-July/024087.html

Multiple SQL injection vulnerabilities in the Search module in Php-Nuke allow remote attackers to execute arbitrary SQL via the (1) min or (2) categ parameters. Date published : 2004-07-23 http://marc.info/?l=bugtraq&m=109026609504767&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/16737

Multiple cross-site scripting vulnerabilities in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary web script or HTML via the (1) sid, (2) max, (3) sel1, (4) sel2, (5) sel3,...

The search module in Php-Nuke allows remote attackers to gain sensitive information via the (1) "**" or (2) "+" search patterns, which reveals the path in an error message. Date published : 2004-07-23 http://marc.info/?l=bugtraq&m=109026609504767&w=2...

Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and earlier, (2) Breakthrough 2.40b and earlier, and (3) Spearhead 2.15 and earlier, when playing on a Local Area Network (LAN), allows remote attackers...

Web_Store.cgi allows remote attackers to execute arbitrary commands via shell metacharacters in the page parameter. Date published : 2004-07-23 http://www.securityfocus.com/bid/10744 http://marc.info/?l=bugtraq&m=109008402715874&w=2

Format string vulnerability in OllyDbg 1.10 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are directly provided to the OutputDebugString function call....

SQL injection vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to execute arbitrary SQL statements via the instory parameter. Date published : 2004-07-23 http://marc.info/?l=bugtraq&m=109002107329823&w=2 http://www.waraxe.us/index.php?modname=sa&id=35

Cross-site scripting (XSS) vulnerability in index.php in the Search module for Php-Nuke allows remote attackers to inject arbitrary script as other users via the input field. Date published : 2004-07-23 http://marc.info/?l=bugtraq&m=109002107329823&w=2 http://www.waraxe.us/index.php?modname=sa&id=35

Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 allow remote attackers to inject arbitrary web script or HTML via (1) the cat_title parameter in index.php, (2) the faq[0][0] parameter in lang_faq.php as accessible from...