Monthly Archive: February 2005

KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to...

cmd5checkpw, when running setuid, does not properly drop privileges before calling the execvp function, which allows local users to read the poppasswd file. Date published : 2005-02-27 http://security.gentoo.org/glsa/glsa-200502-30.xml

nxagent in FreeNX before 0.2.8 does not properly handle when the XAUTHORITY environment variable is not set, which allows local users to access the X server without X authentication. Date published : 2005-02-27 http://mail.kde.org/pipermail/freenx-knx/2005-February/000734.html...

Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable filename for the plugin temporary directory, which allows local users to delete arbitrary files of other users via a symlink attack on the...

Format string vulnerability in DNA MKBold-MKItalic 0.06_1 and earlier allows remote attackers to execute arbitrary code via crafted BDF font files. Date published : 2005-02-27 http://www.freshports.org/x11-fonts/mkbold-mkitalic/ http://www.vuxml.org/freebsd/32d4f0f1-85c3-11d9-b6dc-0007e900f747.html

Unknown vulnerability in Standard Type Services Framework (STSF) Font Server Daemon (stfontserverd) in Solaris 9 allows local users to modify or delete arbitrary files. Date published : 2005-02-27 http://www.securityfocus.com/bid/12656 http://secunia.com/advisories/14381

Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long HTTP GET request. Date published : 2005-02-27 http://www.securityfocus.com/bid/12671...

Directory traversal vulnerability in CIS WebServer 3.5.13 allows remote attackers to read arbitrary files via .. (dot dot) sequences in the URL. Date published : 2005-02-27 http://www.securityfocus.com/bid/12662 http://www.securityfocus.com/archive/1/391560

Gaim 1.1.3 on Windows systems allows remote attackers to cause a denial of service (client crash) via a file transfer in which the filename contains "(" or ")" (parenthesis) characters. Date published : 2005-02-27...

index.php in phpWebSite 0.10.0 and earlier allows remote attackers to obtain sensitive information via an invalid SEA_search_module parameter, which reveals the path in a PHP error message. Date published : 2005-02-27 http://marc.info/?l=bugtraq&m=110935172116369&w=2 http://www.gentoo.org/security/en/glsa/glsa-200503-04.xml

admin_loader.php in PunBB 1.2.1 allows remote attackers to read arbitrary files via the plugin parameter. Date published : 2005-02-27 http://marc.info/?l=bugtraq&m=110927754230666&w=2 http://www.punbb.org/changelogs/1.2.1_to_1.2.2.txt

profile.php in PunBB 1.2.1 allows remote attackers to cause a denial of service (account lockout) by setting the user’s password to NULL. Date published : 2005-02-27 http://www.securityfocus.com/bid/12652 http://marc.info/?l=bugtraq&m=110927754230666&w=2

Multiple SQL injection vulnerabilities in PunBB 1.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) language parameter to register.php, (2) change email feature in profile.php, (3) posts or (4) topics parameter...

Soldier of Fortune II 1.03 gold allows remote attackers to cause a denial of service (application crash) via a large cl_guid value, which results in an invalid pointer dereference. Date published : 2005-02-27 http://www.securityfocus.com/bid/12650...