Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 and earlier allow remote attackers to inject arbitrary web script or HTML via the bsid parameter to (1) groupcp.php, (2) index.php, (3) portal.php, (4) viewforum.php,...
IBM WebSphere Application Server 6.0 and earlier, when sharing the document root of the web server, allows remote attackers to obtain the source code for Java Server Pages (.jsp) via an HTTP request with...
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by...
Stack-based buffer overflow in the RespondeHTTPPendiente function in the HTTP server for SUMUS 0.2.2 allows remote attackers to execute arbitrary code via a large packet sent to TCP port 81. Date published : 2005-04-16...
The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via heap corruption. Date published : 2005-04-16 http://www.securityfocus.com/bid/13146 http://www.debian.org/security/2005/dsa-713
The ij_untrusted_url function in JunkBuster 2.0.2-r2, with single-threaded mode enabled, allows remote attackers to overwrite the referrer field via a crafted HTTP request. Date published : 2005-04-16 http://www.securityfocus.com/bid/13147 http://www.debian.org/security/2005/dsa-713
Lucent/ORiNOCO WaveLAN cards generate predictable Initialization Vector (IV) values for the Wireless Encryption Protocol (WEP) which allows remote attackers to quickly compile information that will let them decrypt messages. Date published : 2005-04-15 http://www.cs.jhu.edu/~seny/pubs/wince802.pdf
Directory traversal vulnerability in TYPSoft FTP Server 0.99.8 allows local users to list the contents of arbitrary directories via a … (dot dot dot) in the cd/CWD command. Date published : 2005-04-15 http://securitytracker.com/id?1005832 http://secunia.com/advisories/7737/
Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc file, which allows local users to execute arbitrary commands. Date published : 2005-04-15 http://lists.kde.org/?l=kde-announce&m=106296509815092&w=2 http://lists.debian.org/debian-devel-changes/2003/09/msg00767.html
Integer signedness error in the Linux Socket Filter implementation (filter.c) in Linux 2.4.3-pre3 to 2.4.22-pre10 allows attackers to cause a denial of service (crash). Date published : 2005-04-15 http://gentoo.kems.net/gentoo-x86-portage/sys-kernel/gentoo-sources/ChangeLog http://mirror.clarkson.edu/pub/distributions/gentoo-portage/sys-kernel/wolk-sources/ChangeLog
Format string vulnerability in LICQ 1.2.6, 1.0.3 and possibly other versions allows remote attackers to perform unknown actions via format string specifiers. Date published : 2005-04-15 http://csdl.computer.org/comp/proceedings/hicss/2004/2056/09/205690277.pdf
Buffer overflow in passwd for HP UX B.10.20 allows local users to execute arbitrary commands with root privileges via a long LANG environment variable. Date published : 2005-04-15 http://www.idefense.com/application/poi/display?id=87&type=vulnerabilities&flashstatus=true
Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 through 10.3.2 does not "shutdown properly," which has unknown impact and attack vectors. Date published : 2005-04-15 http://lists.apple.com/archives/security-announce/2004/Jan/msg00000.html http://www.auscert.org.au/render.html?it=3791&cid=1
Cisco AP340 base station produces predictable TCP Initial Sequence Numbers (ISNs), which allows remote attackers to spoof or hijack TCP connections. Date published : 2005-04-14 http://www.cs.jhu.edu/~seny/pubs/wince802.pdf