Multiple cross-site scripting (XSS) vulnerabilities in review.php in phpMyDirectory 10.1.3-rel allow remote attackers to inject arbitrary web script or HTML via the (1) subcat, (2) page, or (3) subsubcat parameter. Date published : 2005-03-29...
Netcomm 1300NB DSL Modem allows remote attackers to cause a denial of service (device hang) via a large number of ping packets. Date published : 2005-03-29 http://www.securityfocus.com/bid/12901 http://marc.info/?l=bugtraq&m=111177093020587&w=2
OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local users to overwrite or delete arbitrary files via a symlink attack on (1) temporary files in the openmosixcollector directory or (2) nodes.tmp. Date published : 2005-03-29...
modes.c in smail 3.2.0.120 implements signal handlers with certain unsafe library calls, which may allow attackers to execute arbitrary code via signal handler race conditions, possibly using xmalloc. Date published : 2005-03-29 http://marc.info/?l=bugtraq&m=111177045217717&w=2
Buffer overflow in smail 3.2.0.120 allows remote attackers or local users to execute arbitrary code via a long string in the MAIL FROM command and possibly other SMTP commands. Date published : 2005-03-29 http://marc.info/?l=bugtraq&m=111177045217717&w=2...
Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may allow attackers to execute arbitrary code. Date published : 2005-03-29 http://www.debian.org/security/2005/dsa-698 http://www.redhat.com/support/errata/RHSA-2005-512.html
X-News (x_news) 1.1 and earlier allows attackers to authenticate as other users by obtaining the MD5 checksum of the password, e.g. via sniffing or the users.txt data file, and providing it in a cookie....
The Web Publishing feature in Netscape Enterprise Server 3.x and iPlanet Web Server 4.x allows remote attackers to cause a denial of service (crash) via a wp-html-rend request. Date published : 2005-03-28 http://www.securityfocus.com/bid/3826 http://www.kb.cert.org/vuls/id/191763
iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4.0 and 4.1 allows remote attackers to conduct HTTP Basic Authentication via the wp-force-auth Web Publisher command, which provides a distinct attack vector and may...
Farm9 Cryptcat, when started in server mode with the -e option, does not enable encryption, which allows clients to communicate without encryption despite intended configuration, and may allow remote attackers to sniff sensitive information....
Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long query parameter. Date published : 2005-03-28 http://www.securityfocus.com/bid/6141 http://www.kb.cert.org/vuls/id/185251
Cross-site scripting (XSS) vulnerability in Verity Search97 allows remote attackers to insert arbitrary web content and steal sensitive information from other clients, possibly due to certain error messages from template pages that use the...
The spell checker plugin (check_me.mod.php) for SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary commands via a modified sqspell_command parameter. Date published : 2005-03-28 http://archives.neohapsis.com/archives/bugtraq/2002-01/0306.html http://archives.neohapsis.com/archives/bugtraq/2002-01/0296.html
Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelMail before 1.2.3 allows remote attackers to execute arbitrary Javascript via a javascript: URL in an IMG tag. Date published : 2005-03-28 http://www.securityfocus.com/bid/3956 http://archives.neohapsis.com/archives/bugtraq/2002-01/0310.html