Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote attackers to cause a denial of service (router crash) via an HTTP request with large headers. Date published : 2005-03-13 http://www.securityfocus.com/bid/3834 http://www.kb.cert.org/vuls/id/968187
Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers to read configuration files without authorization. Date published : 2005-03-13 http://www.securityfocus.com/bid/3832 http://www.kb.cert.org/vuls/id/833459
Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a system as recommended in some AIX documentation, may allow local users to gain privileges via a long command line argument. Date...
mod_dav in Apache before 2.0.42 does not properly handle versioning hooks, which may allow remote attackers to kill a child process via a null dereference and cause a denial of service (CPU consumption) in...
The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI application encounters an error, sends error messages to the client that include the full path for the server, which allows remote attackers to...
AOL Instant Messenger (AIM) 4.7.2480 adds free.aol.com to the Trusted Sites Zone in Internet Explorer without user approval, which could allow code from free.aol.com to bypass intended access restrictions. Date published : 2005-03-13 http://www.kb.cert.org/vuls/id/744139...
PHP remote file inclusion vulnerability in initdb.php for WEBInsta Mailing list manager 1.3d allows remote attackers to execute arbitrary PHP code by modifying the absolute_path parameter to reference a URL on a remote web...
ApplyYourself i-Class allows remote attackers to obtain sensitive information about their own applications by reusing the hidden ID field, as demonstrated using the id parameter to ApplicantDecision.asp. Date published : 2005-03-13 http://securitytracker.com/id?1013400
The Mini FTP server in Novell iChain 2.2 and 2.3 SP2 and earlier allows remote unauthenticated attackers to obtain the full path of the server via the PWD command. Date published : 2005-03-13 http://www.securityfocus.com/bid/12766...
UTStarcom iAN-02EX VoIP Analog Terminal Adaptor (ATA) allows local users to bypass ATA access restrictions by dialing "*#26845#" and causing a device reset. Date published : 2005-03-13 http://seclists.org/lists/bugtraq/2005/Mar/0168.html http://secunia.com/advisories/14544
The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers to hijack sessions and gain administrator privileges by (1) sniffing the connection on TCP port 51100 and replaying the authentication...
The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 and earlier allows remote attackers to upload arbitrary PHP scripts, whose file extensions are not filtered. Date published : 2005-03-13 http://www.securityfocus.com/bid/12754 http://www.securityfocus.com/archive/1/392626
Cross-site scripting (XSS) vulnerability in Sun Java System Application Server 7 allows remote attackers to inject arbitrary web script or HTML via unknown vectors. Date published : 2005-03-13 http://www.securityfocus.com/bid/12775 http://sunsolve.sun.com/search/document.do?assetkey=1-66-200314-1
Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 allows remote attackers to inject arbitrary web script or HTML via the username parameter in a usersrecentposts action. Date published : 2005-03-13 http://www.securityfocus.com/bid/12756 http://securitytracker.com/id?1013420