libpng 1.2.5 and earlier does not properly calculate certain buffer offsets, which could allow remote attackers to execute arbitrary code via a buffer overflow attack. Date published : 2004-08-19 http://www.debian.org/security/2004/dsa-536 https://bugzilla.fedora.us/show_bug.cgi?id=1943
The FileStore capability in CGI::Session for Ruby before 1.8.1, and possibly PStore, creates files with insecure permissions, which can allow local users to steal session information and hijack sessions. Date published : 2004-08-19 http://www.debian.org/security/2004/dsa-537...
KDE before 3.3.0 does not properly handle when certain symbolic links point to "stale" locations, which could allow local users to create or truncate arbitrary files. Date published : 2004-08-19 http://marc.info/?l=bugtraq&m=109225538901170&w=2 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000864
mah-jong before 1.6.2 allows remote attackers to cause a denial of service (server crash) via a missing argument, which triggers a null pointer dereference. Date published : 2004-08-19 http://www.securityfocus.com/bid/10343 http://www.debian.org/security/2004/dsa-503
The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the scp method from the mysql-server package, allows local users to overwrite arbitrary files via a symlink attack on temporary files. Date published :...
Buffer overflow in the child_service function in the ident2 ident daemon allows remote attackers to execute arbitrary code. Date published : 2004-08-19 http://www.securityfocus.com/bid/10192 http://www.debian.org/security/2004/dsa-494
Sygate Enforcer 4.0 earlier allows remote attackers to cause a denial of service (service hang) by replaying a malformed discovery packet to UDP port 39999. Date published : 2004-08-18 http://marc.info/?l=bugtraq&m=109215951022437&w=2 http://www.corsaire.com/advisories/c031120-001.txt
Clearswift MAILsweeper before 4.3.15 does not properly detect filenames in BinHex (HQX) encoded files, which allows remote attackers to bypass intended policy. Date published : 2004-08-18 http://marc.info/?l=bugtraq&m=109241692108678&w=2 http://www.corsaire.com/advisories/c030807-001.txt
Clearswift MAILsweeper before 4.3.15 does not properly detect and filter ZIP 6.0 encoded files, which allows remote attackers to bypass intended policy. Date published : 2004-08-18 http://marc.info/?l=bugtraq&m=109241692108678&w=2 http://www.corsaire.com/advisories/c030807-001.txt
Clearswift MAILsweeper before 4.3.15 does not properly detect and filter RAR 3.20 encoded files, which allows remote attackers to bypass intended policy. Date published : 2004-08-18 http://marc.info/?l=bugtraq&m=109241692108678&w=2 http://www.corsaire.com/advisories/c030807-001.txt
ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP Status Message, or (3) Allow HTTP responses, which could tell remote attackers that the web server is an IIS server. Date published :...
Directory traversal vulnerability in the sanitize_path function in util.c for rsync 2.6.2 and earlier, when chroot is disabled, allows attackers to read or write certain files. Date published : 2004-08-18 http://marc.info/?l=bugtraq&m=109268147522290&w=2 http://marc.info/?l=bugtraq&m=109277141223839&w=2
CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote attackers to determine the existence of arbitrary files and directories via the -X command for an alternate history file, which causes different error messages...
Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat 5.0.5 and Acrobat Reader, and possibly other versions, allows remote attackers to execute arbitrary code via a URI for a PDF file with a...