SQL injection vulnerability in login.asp in ASPjar Guestbook allows remote attackers to execute arbitrary SQL commands via the password field. Date published : 2005-02-15 http://www.securityfocus.com/bid/12521 http://marc.info/?l=bugtraq&m=110809687921701&w=2
DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores usernames and passwords in the Codebank registry key, which allows local users to gain privileges. Date published : 2005-02-15 http://securitytracker.com/id?1013139 https://exchange.xforce.ibmcloud.com/vulnerabilities/19248
DelphiTurk FTP 1.0 stores usernames and passwords in the profile.dat file, which allows local users to gain privileges. Date published : 2005-02-15 http://securitytracker.com/id?1013139 https://exchange.xforce.ibmcloud.com/vulnerabilities/19248
Microsoft Outlook Web Access (OWA), when used with Exchange, allows remote attackers to redirect users to arbitrary URLs for login via a link to the owalogon.asp application. Date published : 2005-02-15 http://www.securityfocus.com/bid/12459 http://seclists.org/lists/fulldisclosure/2005/Feb/0106.html
Multiple heap-based buffer overflows in 3Com 3CServer allow remote authenticated users to execute arbitrary code via long FTP commands, as demonstrated using the STAT command. Date published : 2005-02-15 http://marc.info/?l=bugtraq&m=110780306326130&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/19250
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original...
The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian GNU/Linux 3.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files. Date published : 2005-02-15 http://www.securityfocus.com/bid/12540 http://www.debian.org/security/2005/dsa-679
The alsa-lib package in Red Hat Linux 4 disables stack protection for the libasound.so library, which makes it easier for attackers to execute arbitrary code if there are other vulnerabilities in the library. Date...
Cross-site scripting (XSS) vulnerability in (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error...
Unknown vulnerability in hztty 2.0 and earlier allows local users to execute arbitrary commands. Date published : 2005-02-15 http://www.securityfocus.com/bid/12518 http://www.debian.org/security/2005/dsa-675
Unknown "high risk" vulnerability in DB2 Universal Database 8.1 and earlier has unknown impact and attack vectors. NOTE: due to the delayed disclosure of details for this issue, this candidate may be SPLIT in...
The Windows Animated Cursor (ANI) capability in Windows NT, Windows 2000 through SP4, Windows XP through SP1, and Windows 2003 allows remote attackers to execute arbitrary code via the AnimationHeaderBlock length field, which leads...
Multiple memory leaks in the MQL parser in Emdros before 1.1.22 allow remote attackers to cause a denial of service (memory consumption) via malformed MQL statements. Date published : 2005-02-14 http://sourceforge.net/project/shownotes.php?release_id=303465 http://sourceforge.net/tracker/index.php?func=detail&aid=1116935&group_id=37219&atid=419458
SQL injection vulnerability in post.php for MercuryBoard 1.1.1 allows remote attackers to execute arbitrary SQL commands via a reply post action for index.php with (1) the t parameter or (2) the qu parameter. Date...