xdm, with the authComplain variable set to false, allows arbitrary attackers to connect to the X server if the xdm auth directory does not exist. Date published : 2004-09-01 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000533 http://wuarchive.wustl.edu/mirrors/NetBSD/NetBSD-current/xsrc/xfree/xc/programs/Xserver/hw/xfree86/CHANGELOG
A patch for shadow-utils 20000902 causes the useradd command to create a mail spool files with read/write privileges of the new user’s group (mode 660), which allows other users in the same group to...
SQL injection vulnerability in board.php for WoltLab Burning Board (wBB) 2.0 RC 1 and earlier allows remote attackers to modify the database and possibly gain privileges via the boardid parameter. Date published : 2004-09-01...
Symbolic link vulnerability in xbreaky before 0.5.5 allows local users to overwrite arbitrary files via a symlink from the user’s .breakyhighscores file to the target file. Date published : 2004-09-01 http://www.securityfocus.com/bid/5700 http://archives.neohapsis.com/archives/bugtraq/2002-09/0131.html
The MPS functionality in Enterasys SSR8000 (Smart Switch Router) before firmware 8.3.0.10 allows remote attackers to cause a denial of service (crash) via multiple port scans to ports 15077 and 15078. Date published :...
Cross-site scripting (XSS) vulnerability in Null HTTP Server 0.5.0 and earlier allows remote attackers to insert arbitrary HTML into a "404 Not Found" response. Date published : 2004-09-01 http://www.securityfocus.com/bid/5603
Heap-based buffer overflow in Null HTTP Server 0.5.0 and earlier allows remote attackers to execute arbitrary code via a negative value in the Content-Length HTTP header. Date published : 2004-09-01 http://www.securityfocus.com/bid/5774 http://archives.neohapsis.com/archives/bugtraq/2002-09/0284.html
Cross-site scripting (XSS) vulnerabilities in Aestiva HTML/OS allows remote attackers to insert arbitrary HTML or script by inserting the script after a trailing / character, which inserts the script into the resulting error message....
Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook allows remote attackers to inject arbitrary script via (1) STYLE attributes or (2) SRC attributes in an IMG tag. Date published : 2004-09-01 http://www.securityfocus.com/bid/5728 http://archives.neohapsis.com/archives/bugtraq/2002-09/0198.html
The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most recently used login password in plaintext when saving "Default Connection" settings, which could allow local users to gain privileges. Date published :...
NetBSD 1.4 through 1.6 beta allows local users to cause a denial of service (kernel panic) via a series of calls to the TIOCSCTTY ioctl, which causes an integer overflow in a structure counter...
Cacti before 0.6.8 stores a MySQL username and password in plaintext in config.php, which has world-readable permissions, which allows local users to modify databases as the Cacti user and possibly gain privileges. Date published...
Cacti before 0.6.8 allows attackers to execute arbitrary commands via the "Data Input" option in console mode. Date published : 2004-09-01 http://www.securityfocus.com/bid/5630 http://archives.neohapsis.com/archives/bugtraq/2002-09/0028.html
graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti administrators to execute arbitrary commands via shell metacharacters in the title during edit mode. Date published : 2004-09-01 http://www.securityfocus.com/bid/5627 http://archives.neohapsis.com/archives/bugtraq/2002-09/0028.html