ArticleLive 2005 allows remote attackers to gain privileges by modifying the (1) auth and (2) userId fields in a cookie. Date published : 2005-05-11 http://www.securityfocus.com/bid/13493 http://marc.info/?l=bugtraq&m=111530871724865&w=2
Multiple SQL injection vulnerabilities in Aaron Outpost ASP Inline Corporate Calendar allow remote attackers to execute arbitrary SQL commands via the Event_ID parameter to (1) defer.asp or (2) details.asp. Date published : 2005-05-11 http://marc.info/?l=bugtraq&m=111530675909673&w=2...
Directory traversal vulnerability in RaidenFTPD before 2.4.2241 allows remote attackers to read arbitrary files via a "..\" (dot dot backslash) in the urlget site command. Date published : 2005-05-11 http://www.securityfocus.com/bid/13292 http://marc.info/?l=bugtraq&m=111507556127582&w=2
SQL injection vulnerability in jgs_portal.php in JGS-Portal 3.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. Date published : 2005-05-11 http://www.securityfocus.com/bid/13451 http://marc.info/?l=bugtraq&m=111506870504598&w=2
Format string vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a allows remote attackers to execute arbitrary code via format string specifiers in the xtellmail command. Date published : 2005-05-11 http://www.securityfocus.com/bid/13505 http://marc.info/?l=bugtraq&m=111531804617905&w=2
The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to 2.2.27-rc2, 2.4.x to 2.4.31-pre1, and 2.6.x to 2.6.12-rc4 allows local users to execute arbitrary code via an ELF binary that, in certain conditions involving...
Gaim 1.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a malformed MSN message. Date published : 2005-05-11 http://www.securityfocus.com/bid/13591 http://gaim.sourceforge.net/security/index.php?id=17
Stack-based buffer overflow in the URL parsing function in Gaim before 1.3.0 allows remote attackers to execute arbitrary code via an instant message (IM) with a large URL. Date published : 2005-05-11 http://www.securityfocus.com/bid/13590 http://gaim.sourceforge.net/security/index.php?id=16
The Domain gateway in BEA Tuxedo 7.1 does not perform authorization checks for imported services and qspaces on remote domains, even when an ACL exists, which allows users to access services in a remote...
calendar.php in vBulletin before 2.2.0 allows remote attackers to execute arbitrary commands via shell metacharacters in the command parameter. Date published : 2005-05-10 http://www.securityfocus.com/bid/5820 http://www.securiteam.com/exploits/5QP0P158AC.html
user_profile.asp in PortalApp 2.2 allows local users to gain privileges by modifying the user_id variable. Date published : 2005-05-10 http://securitytracker.com/id?1005541 http://secunia.com/advisories/10465
The checklogin function in omail.pl for omail webmail 0.98.4 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a (1) password, (2) domainname, or (3) username. Date published : 2005-05-10...
ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for OpenLDAP 2.1.12 and earlier, when the slap_passwd_parse function does not return LDAP_SUCCESS, attempts to free an uninitialized pointer, which allows remote attackers to cause a denial...
Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 through 6.8.5 allows remote attackers to execute arbitrary code via a long From parameter to Form2Raw.cgi. Date published : 2005-05-10 http://www.securityfocus.com/bid/9317 http://www.securityfocus.com/archive/1/348454