Buffer overflow in the sql_escape_func function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote attackers to cause a denial of service (crash). Date published : 2005-05-19 http://www.securityfocus.com/bid/13541 http://www.freeradius.org/security.html
SQL injection vulnerability in the radius_xlat function in the SQL module for FreeRADIUS 1.0.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via (1) group_membership_query, (2) simul_count_query, or (3) simul_verify_query configuration...
bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb"). Date published : 2005-05-19 http://lists.apple.com/archives/security-announce/2007/Nov/msg00002.html http://www.securityfocus.com/bid/13657
ppxp does not drop root privileges before opening log files, which allows local users to execute arbitrary commands. Date published : 2005-05-19 http://www.securityfocus.com/bid/13681 http://www.debian.org/security/2005/dsa-725
Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke before 3.0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) register a new user page, (2) User-Agent, or (3) Username, which is...
YusASP Web Asset Manager 1.0 allows remote attackers to gain privileges via a direct request to assetmanager.asp. Date published : 2005-05-18 http://www.securityfocus.com/bid/13501 http://www.securiteam.com/windowsntfocus/5OP0115FPQ.html
DataTrac Activity Console 1.1 allows remote attackers to cause a denial of service via a long HTTP GET request. Date published : 2005-05-18 http://www.securityfocus.com/bid/13558 https://www.exploit-db.com/exploits/983
Multiple buffer overflows in Orenosv HTTP/FTP Server 0.8.1 allow remote authenticated users to cause a denial of service (server crash) and possibly execute arbitrary code via long arguments to FTP commands such as MKD,...
The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not cryptographically signed, allows remote attackers to cause a denial of service (CPU consumption) via deeply nested markup. Date published : 2005-05-18 http://marc.info/?l=bugtraq&m=111513127704270&w=2 http://scottonwriting.net/sowblog/posts/3747.aspx
The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote attackers to conduct replay attacks to (1) apply a ViewState generated from one view to a different view, (2) reuse ViewState information after the application’s...
Jeuce Personal Web Server 2.13 allows remote attackers to cause a denial of service (server crash) via a GET request beginning with "://". Date published : 2005-05-18 http://www.securityfocus.com/bid/12183 http://www.securiteam.com/windowsntfocus/5JP011PEKY.html
Directory traversal vulnerability in Jeuce Personal Web Server 2.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL. Date published : 2005-05-18 http://www.securityfocus.com/bid/12183 http://www.securiteam.com/windowsntfocus/5JP011PEKY.html
Jeuce Personal Webserver 2.13 allows remote attackers to cause a denial of service (server crash) via a long GET request, possibly triggering a buffer overflow. Date published : 2005-05-18 http://users.pandora.be/bratax/advisories/b005.html http://www.osvdb.org/16453
HTMLJunction EZGuestbook stores the guestbook.mdb file under the web document root with insufficient access control, which allows remote attackers to obtain sensitive information such as the administrative password. Date published : 2005-05-18 http://www.osvdb.org/16444 http://securitytracker.com/id?1013912