Monthly Archive: April 2005

Cross-site scripting (XSS) vulnerability in the ad.cgi script allows remote attackers to inject arbitrary web script or HTML via the argument. Date published : 2005-04-28 http://marc.info/?l=bugtraq&m=111446285915444&w=2

The ad.cgi script allows remote attackers to execute arbitrary commands via shell metacharacters in the argument. Date published : 2005-04-28 http://marc.info/?l=bugtraq&m=111446285915444&w=2

The ad.cgi script allows remote attackers to read arbitrary files via a full pathname in the argument. Date published : 2005-04-28 http://marc.info/?l=bugtraq&m=111446285915444&w=2

Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows remote attackers to execute arbitrary code via a malformed parameter to a read operation. Date published : 2005-04-28 http://www.securityfocus.com/bid/13401 http://www.gentoo.org/security/en/glsa/glsa-200504-26.xml

Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier and Professional 1.54 and earlier allows remote attackers to execute arbitrary code via a long HTTP Authorization header. Date published : 2005-04-28 http://marc.info/?l=bugtraq&m=111445834220015&w=2 http://www.x0n3-h4ck.org/upload/x0n3-h4ck_mailenable_https.pl

** UNVERIFIABLE ** NOTE: this issue describes a problem that can not be independently verified as of 20050421. Adobe Acrobat reader (AcroRd32.exe) 6.0 and earlier allows remote attackers to cause a denial of service...

Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 11.0.0, Web Security Web Security 3.0.1.72, Mail Security for SMTP 4.0.5.66, AntiVirus Scan Engine 4.3.7.27, SAV/Filter for Domino NT 3.1.1.87, and Mail Security for Exchange 4.5.4.743,...

Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it identifies missing or invalid ACLs in the http_access configuration, which could lead to less restrictive ACLs than intended by the administrator. Date...

The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter before 1.2.3-r1 create temporary files with predictable file names, which allows local users to overwrite arbitrary files via a symlink attack. Date published :...

Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow attackers to execute arbitrary code via a long user argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid,...

CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when a mapping for the current repository does not exist in the cvs-repouids file, which allows remote attackers to cause a denial of...

CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch, allows remote attackers to bypass authentication via the pserver access method. Date published : 2005-04-27 http://www.debian.org/security/2005/dsa-715

Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to execute arbitrary code via a long realm argument. NOTE: since htdigest is normally only locally accessible and not setuid or setgid, there are...

owOfflineCC.asp in OneWorldStore allows remote attackers to obtain sensitive information by modifying the idOrder parameter. Date published : 2005-04-27 http://www.securityfocus.com/bid/13361 http://www.oneworldstore.com/support_security_issue_updates.asp#April_24_2005_Lostmon