Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows Explorer with SYSTEM privileges, which allows local users to gain privileges. Date published : 2005-05-10 http://www.securityfocus.com/bid/8969 http://www.securityfocus.com/archive/1/343258
Buffer overflow in NIPrint 4.10 allows remote attackers to execute arbitrary code via a long string to TCP port 515. Date published : 2005-05-10 http://www.securityfocus.com/bid/8968 http://www.securityfocus.com/archive/1/343318
Buffer overflow in Musicqueue 1.2.0 allows local users to execute arbitrary code via a long language variable in the configuration file. Date published : 2005-05-10 http://www.securityfocus.com/bid/8903 http://www.securityfocus.com/archive/1/342476
Musicqueue 1.2.0 allows local users to overwrite arbitrary files by triggering a segmentation fault and using a symlink attack on the resulting musicqueue.crash file. Date published : 2005-05-10 http://www.securityfocus.com/bid/8899 http://www.securityfocus.com/archive/1/342476
The default configuration of Apache 2.0.40, as shipped with Red Hat Linux 9.0, allows remote attackers to list directory contents, even if auto indexing is turned off and there is a default web page...
Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to read files or execute arbitrary CGI scripts via a GET request that contains an asterisk (*) wildcard character. Date published : 2005-05-10 http://www.securityfocus.com/bid/8897 http://www.securityfocus.com/archive/1/342473
Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook 1.51 allows remote attackers to inject arbitrary web script or HTML via (1) HTML in a posted message or (2) Javascript in an onmouseover attribute...
Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to cause a denial of service (crash) via a file send request (sendfile) with a large number of "%" (percent) characters after the Yahoo ID....
Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial of service (JVM crash), possibly by calling the ClassDepth function with a null parameter, which causes a crash instead of generating...
Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts with insecure ACLs, which allows local users to read other users’ email messages. Date published : 2005-05-10 http://www.securityfocus.com/bid/8891 http://www.securityfocus.com/archive/1/342485
SQL injection vulnerability in controlpanel.php in Jaws Framework and Content Management System 0.4 allows remote attackers to execute arbitrary SQL and bypass authentication via the (1) user, (2) password, or (3) crypted_password parameters. Date...
SQL injection vulnerability in session.php in LinPHA 0.9.4 allows remote attackers to execute arbitrary SQL code and bypass authentication via the (1) linpha_userid or (2) linpha_password cookies. Date published : 2005-05-10 http://www.securityfocus.com/bid/10827 http://marc.info/?l=bugtraq&m=109112246805277&w=2
DansGuardian 2.8 and earlier allows remote attackers to bypass the extension filtering rule via a hex encoded extension or . in the filename. Date published : 2005-05-10 http://www.securityfocus.com/bid/10823 http://marc.info/?l=bugtraq&m=109113126217408&w=2
Cross-site scripting (XSS) vulnerability in lostBook 1.1 and earlier allows remote attackers to inject arbitrary web script via the (1) Email or (2) Website fields. Date published : 2005-05-10 http://www.securityfocus.com/bid/10825 http://marc.info/?l=bugtraq&m=109112282611808&w=2