Buffer overflow in the HTTP redirection capability in conn.c for Axel before 1.0b may allow remote attackers to execute arbitrary code. Date published : 2005-04-12 http://www.securityfocus.com/bid/13059 http://www.mail-archive.com/debian-devel-changes@lists.debian.org/msg118978.html
Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop 9 allow local users to gain root privileges, related to "User input [being] passed to network scripts without verification." Date published : 2005-04-10 http://lists.suse.com/archive/suse-security-announce/2005-Apr/0002.html
Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, (2) mknod, or (3) mkfifo is running with the -m switch, allows local users to modify permissions of other files. Date published : 2005-04-10...
crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is...
Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, allows remote attackers to gain root privileges. Date published : 2005-04-10 http://www-1.ibm.com/support/search.wss?rs=0&q=IY68825&apar=only http://www.niscc.gov.uk/niscc/docs/br-20050405-00278.html?lang=en
FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, which allows local users to bypass intended access restrictions to cause a...
Multiple buffer overflows in Pavuk before 0.9.32 have unknown attack vectors and impact. Date published : 2005-04-10 http://sourceforge.net/project/shownotes.php?release_id=313436 http://secunia.com/advisories/14571
SurgeFTP 2.2m1 allows remote attackers to cause a denial of service (application hang) via the LEAK command. Date published : 2005-04-09 http://www.securityfocus.com/bid/13054 http://marc.info/?l=bugtraq&m=111289226204780&w=2
CubeCart 2.0.6 allows remote attackers to obtain sensitive information via an invalid (1) language parameter to index.php, (2) PHPSESSID parameter to index.php, (3) product parameter to tellafriend.php, (4) add parameter to view_cart.php, or (5)...
RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), when "Allow custom avatar upload" is enabled, does not properly verify uploaded files, which allows remote attackers to upload arbitrary files. Date published :...
Multiple cross-site scripting (XSS) vulnerabilities in Active Auction House allow remote attackers to inject arbitrary web script or HTML via the (1) ReturnURL, (2) password, (3) username parameter, (4) ReturnURL parameter to account.asp, (5)...
Multiple SQL injection vulnerabilities in Active Auction House allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) SortDir, or (3) Sortby parameter to default.asp, (4) itemID parameter to ItemInfo.asp, or...
PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive information via a direct request to (1) index.php with the forum_admin parameter set, (2) the Surveys module, or (3) the Your_Account module, which reveals...
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x through 7.6 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter in the Your_Account module, (2) avatarcategory parameter in the...