Mac OS X before 10.3.8 users world-writable permissions for certain directories, which may allow local users to gain privileges, possibly via the receipt cache or ColorSync profiles. Date published : 2005-03-22 http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
Advanced Poll before 1.61, when using a flat file database, allows remote attackers to gain privileges by setting the logged_in parameter. Date published : 2005-03-20 http://www.kb.cert.org/vuls/id/140723 http://securitytracker.com/id?1002516
WinVNC 3.3.3 and earlier generates the same challenge string for multiple connections, which allows remote attackers to bypass VNC authentication by sniffing the challenge and response of other users. Date published : 2005-03-20 http://www.securityfocus.com/bid/2275...
AOL Instant Messenger (AIM) 4.7 and earlier allows remote attackers to cause a denial of service (application crash) via a large number of different fonts followed by an HTML HR tag. Date published :...
AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application crash) via a long filename, possibly caused by a buffer overflow. Date published : 2005-03-20 http://www.securityfocus.com/bid/3407 http://www.securityfocus.com/archive/1/218920
AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote attackers to cause a denial of service (application crash) via an instant message that contains a large amount of "
AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application crash) via a malformed WAV file. Date published : 2005-03-20 http://www.securityfocus.com/archive/1/218920 http://www.kb.cert.org/vuls/id/990451
AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a denial of service (application hang or crash) via a buddy icon GIF file whose length and width values are larger than the actual...
Multiple cross-site scripting (XSS) vulnerabilities in the log messages in certain Alpha versions of AOL Instant Messenger (AIM) 4.4 allow remote attackers to execute arbitrary web script or HTML via an image in the...
The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the Adobe directory to the CLASSPATH environment variable, which allows applets to run with higher privileges and remote attackers to gain privileges via an HTML e-mail...
PHP remote file inclusion vulnerability in index.php in KnowledgeBuilder, referred to as KnowledgeBase, allows remote attackers to execute arbitrary PHP code by modifying the page parameter to reference a URL on a remote web...
ThePoolClub (1) iPool and (2) iSnooker 1.6.81 and earlier stores usernames and passwords in cleartext in the MyDetails.txt file, which allows local users to gain privileges. Date published : 2005-03-20 http://www.securityfocus.com/bid/12830 http://securitytracker.com/id?1013458
Citrix Metaframe Password Manager 2.5 and earlier stores a password in cleartext although it is obfuscated when presented to a user, which allows users to view their secondary passwords even if it is not...
Unknown vulnerability in Citrix MetaFrame Conferencing Manager 3.0 allows conference members to bypass organizer restrictions to control the keyboard and mouse. Date published : 2005-03-20 http://www.securityfocus.com/bid/12821 http://support.citrix.com/kb/entry.jspa?externalID=CTX105574