Monthly Archive: March 2005

PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is an image file, which allows remote attackers to inject arbitrary Javascript by uploading non-image files with an image extension such as...

Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP 5.0 RC3 allow remote attackers to inject arbitrary web script or HTML via (1) the check_tags function or (2) the editbio field in the user profile....

adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify administrative privileges before manipulating photos, which could allow remote attackers to manipulate other users’ photos. Date published : 2005-03-20 http://www.securityfocus.com/bid/12779 http://marc.info/?l=bugtraq&m=111065868402859&w=2

The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does not limit the logging data that is sent to the administrator, which allows remote attackers to send large amounts of email to the...

SQL injection vulnerability in member.php and possibly other scripts in PhotoPost PHP 5.0 RC3 allows remote attackers to execute arbitrary SQL commands via the uid parameter. Date published : 2005-03-20 http://www.securityfocus.com/bid/12779 http://marc.info/?l=bugtraq&m=111065868402859&w=2

Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4436 allows remote attackers to execute arbitrary code via a malformed LHA file with a type 2 header file name field, a variant...

Buffer overflow in McAfee Scan Engine 4320 with DAT version before 4357 allows remote attackers to execute arbitrary code via crafted LHA files. Date published : 2005-03-20 http://www.securityfocus.com/bid/10243 http://images.mcafee.com/misc/McAfee_Security_Bulletin_05-march-17.pdf

Servers Alive 4.1 and 5.0, when running as a service, does not drop SYSTEM privileges before loading local manual under the help menu, which allows local users to gain privileges. Date published : 2005-03-20...

vi.recover in OpenBSD before 3.1 allows local users to remove arbitrary zero-byte files such as device nodes. Date published : 2005-03-18 http://www.kb.cert.org/vuls/id/191675 ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.9/common/016_recover.patch

Format string vulnerability in DataRescue Interactive Disassembler and Debugger (IDA) Pro 4.7.0.830 allows remote attackers or local users to cause a denial of service (CPU consumption or application crash) and possibly execute arbitrary code...

Multiple buffer overflows in OpenSLP before 1.1.5 allow remote attackers to have an unknown impact via malformed SLP packets. Date published : 2005-03-18 http://www.securityfocus.com/bid/12792 http://www.gentoo.org/security/en/glsa/glsa-200503-25.xml

Buffer overflow in the administration web server for GoodTech Telnet Server 4.0 and 5.0, and possibly all versions before 5.0.7, allows remote attackers to execute arbitrary code via a long string to port 2380....

Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 allows local users with DRI privileges to execute arbitrary code as root. Date published : 2005-03-18 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000945 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10431

Unknown vulnerability in the sFlow dissector in Ethereal 0.9.14 through 0.10.9 allows remote attackers to cause a denial of service (application crash). Date published : 2005-03-18 http://www.securityfocus.com/bid/12762 http://www.ethereal.com/appnotes/enpa-sa-00018.html