Monthly Archive: February 2005

Format string vulnerability in the SetBaseURL function in AtHoc toolbar allows remote attackers to execute arbitrary code via format string specifiers in an invalid URL that is recorded in the debug log. Date published...

Stack-based buffer overflow in the SetSkin function in AtHoc toolbar allows remote attackers to execute arbitrary code via a long skin name. Date published : 2005-02-06 http://www.securityfocus.com/bid/11341 http://marc.info/?l=bugtraq&m=109710974324742&w=2

Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS Telephony Service (ITS), CallManager Express (CME) or Survivable Remote Site Telephony (SRST), allows remote attackers to cause a denial of service (device...

Stack-based buffer overflow in NodeManager Professional 2.00 allows remote attackers to execute arbitrary commands via a LinkDown-Trap packet that contains a long OCTET-STRING in the Trap variable-bindings field. Date published : 2005-02-06 http://www.securityfocus.com/bid/12283 http://marc.info/?l=bugtraq&m=110599796118583&w=2

Directory traversal vulnerability in ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allows local users to read arbitrary files via a .. (dot dot) in a get request. Date published : 2005-02-06...

ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allows local users to execute arbitrary commands via shell metacharacters in a command line argument. Date published : 2005-02-06 http://www.securityfocus.com/bid/12222 http://marc.info/?l=bugtraq&m=110549426300953&w=2

The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack. Date published : 2005-02-06 http://www.securityfocus.com/bid/12181 http://marc.info/?l=bugtraq&m=110547469530582&w=2

Multiple integer signedness errors in the sg_scsi_ioctl function in scsi_ioctl.c for Linux 2.6.x allow local users to read or modify kernel memory via negative integers in arguments to the scsi ioctl, which bypass a...

Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of service (CPU and memory consumption) and bypass RLIM_MEMLOCK limits via the mlockall call. Date published : 2005-02-06 http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930 http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030660.html

Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack. Date published : 2005-02-06 http://www.securityfocus.com/bid/12433 http://marc.info/?l=bugtraq&m=110780531820947&w=2

Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR)...

squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP...

PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote attackers to execute arbitrary code via "URL manipulation." Date published : 2005-02-06 http://www.kb.cert.org/vuls/id/203214 http://www.debian.org/security/2005/dsa-662

ClamAV 0.80 and earlier allows remote attackers to cause a denial of service (clamd daemon crash) via a ZIP file with malformed headers. Date published : 2005-02-06 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000928 http://sourceforge.net/project/shownotes.php?release_id=300116