Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6.0-pl2 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PmaAbsoluteUri parameter, (2) the zero_rows parameter in read_dump.php, (3) the confirm...
Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote malicious servers to execute arbitrary code via certain HTTP headers in an HTTP response, which lead to a buffer overflow. Date published :...
Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptors of open files, which allows local users to bypass access restrictions and read fcron.allow and fcron.deny via the EDITOR environment variable. Date published :...
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to delete arbitrary files or create arbitrary empty files via a target filename with a large number of leading slash (/) characters...
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to bypass access restrictions and load an arbitrary configuration file by starting an suid process and pointing the fcronsighup configuration file to...
fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allows local users to gain sensitive information by calling fcronsighup with an arbitrary file, which reveals the contents of the file that can not be...
The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4.2_01, 1.4.2_04, and possibly earlier versions, does not properly restrict access between Javascript and Java applets during data transfer, which allows remote attackers...
iCal before 1.5.4 on Mac OS X 10.2.3, and other later versions, does not alert the user when handling calendars that use alarms, which allows attackers to execute programs and send e-mail via alarms....
NetOp Host before 7.65 build 2004278 allows remote attackers to obtain sensitive hostname, username and local IP address information via (1) a NetOp HELO request, or (2) when responses are disabled, a "custom" HELO...
Buffer overflow in unarj before 2.63a-r2 allows remote attackers to execute arbitrary code via an arj archive that contains long filenames. Date published : 2004-11-24 http://www.securityfocus.com/bid/11665 http://www.debian.org/security/2005/dsa-652
Buffer overflow in Netopia Timbuktu 7.0.3 allows remote attackers to cause a denial of service (server process crash) via a certain data string that is sent to multiple simultaneous client connections to TCP port...
The search function in TWiki 20030201 allows remote attackers to execute arbitrary commands via shell metacharacters in a search string. Date published : 2004-11-19 http://www.securityfocus.com/bid/11674 http://marc.info/?l=bugtraq&m=110037207516456&w=2
Format string vulnerability in the log functions in dhcpd for dhcp 2.x allows remote DNS servers to execute arbitrary code via certain DNS messages, a different vulnerability than CVE-2002-0702. Date published : 2004-11-19 http://www.securityfocus.com/bid/11591...
Format string vulnerability in the -a option (daemon mode) in Proxytunnel before 1.2.3 allows remote attackers to execute arbitrary code via format string specifiers in an invalid proxy answer. Date published : 2004-11-19 http://www.securityfocus.com/bid/11592...