Buffer overflow in Sun Java System Web Proxy Server (aka Sun ONE Proxy Server) 3.6 SP6 allows remote attackers to execute arbitrary code via unknown vectors. Date published : 2005-04-24 http://www.securityfocus.com/bid/82356 http://sunsolve.sun.com/search/document.do?assetkey=1-26-57763-1
Cross-site scripting (XSS) vulnerability in the NewTerm function in GlossaryModel.php in JAWS 0.4 allows remote attackers to inject arbitrary web script or HTML via the (1) term or (2) description. Date published : 2005-04-24...
Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code. Date published : 2005-04-24 http://www.securityfocus.com/bid/13313 http://marc.info/?l=bugtraq&m=111419664411051&w=2
Linux kernel 2.6 on Itanium (ia64) architectures allows local users to cause a denial of service via a "missing Itanium syscall table entry." Date published : 2005-04-24 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11039 http://www.redhat.com/support/errata/RHSA-2005-284.html
The unw_unwind_to_user function in unwind.c on Itanium (ia64) architectures in Linux kernel 2.6 allows local users to cause a denial of service (system crash). Date published : 2005-04-24 http://www.securityfocus.com/bid/13266 http://linux.bkbits.net:8080/linux-2.6/cset@41f2beablXVnAs_6fznhhITh1j5hZg
PostgreSQL uses the username for a salt when generating passwords, which makes it easier for remote attackers to guess passwords via a brute force attack. Date published : 2005-04-22 http://marc.info/?l=bugtraq&m=111402558115859&w=2 http://marc.info/?l=bugtraq&m=111403050902165&w=2
Directory traversal vulnerability in Yawcam 0.2.5 allows remote attackers to read arbitrary files via ".." (dot dot backslash) sequences in a GET request. Date published : 2005-04-22 http://marc.info/?l=bugtraq&m=111410564915961&w=2 http://www.autistici.org/fdonato/advisory/Yawcam0.2.5-adv.txt
Directory traversal vulnerability in cpio 2.6 and earlier allows remote attackers to write to arbitrary directories via a .. (dot dot) in a cpio file. Date published : 2005-04-22 http://www.securityfocus.com/bid/13291 http://marc.info/?l=bugtraq&m=111403177526312&w=2
Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file. Date published...
Cross-site scripting (XSS) vulnerability in PHProjekt 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the chatroom text submission form. Date published : 2005-04-22 http://marc.info/?l=bugtraq&m=111402374504496&w=2 http://www.osvdb.org/15720
Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which allows remote attackers to obtain sensitive information. Date published : 2005-04-22 http://marc.info/?l=bugtraq&m=111402186304179&w=2 http://www.waraxe.us/advisory-42.html
SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows remote attackers to execute arbitrary SQL commands via the favs parameter to (1) init.inc.php or (2) zipdownload.php. Date published : 2005-04-22 http://marc.info/?l=bugtraq&m=111402186304179&w=2 http://www.waraxe.us/advisory-42.html
Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) nChannel parameter to default.asp, cat.asp, or detail.asp, (2) the iChannel parameter to search.asp, default.asp,...
Multiple SQL injection vulnerabilities in Ocean12 Calendar manager 1.01 allow remote attackers to execute arbitrary SQL commands via the Admin_id field. Date published : 2005-04-22 http://marc.info/?l=bugtraq&m=111401502007772&w=2 http://www.securitytracker.com/alerts/2005/Apr/1013762.html