Monthly Archive: May 2005

Cross-site scripting (XSS) vulnerability in modules.php in NukeJokes 1.7 and 2 Beta allows remote attackers to inject arbitrary HTML or web script via the (1) cat parameter in a CatView function or (2) jokeid...

Trend Micro OfficeScan 3.0 – 6.0 has default permissions of "Everyone Full Control" on the installation directory and registry keys, which allows local users to disable virus protection. Date published : 2005-05-10 http://www.securityfocus.com/bid/10300 http://marc.info/?l=bugtraq&m=108395366909344&w=2

Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows remote attackers to execute arbitrary code via an e-mail with (1) a link to a long URL to the C drive or (2)...

The Live CD in SUSE LINUX 9.1 Personal edition is configured without a password for root, which allows remote attackers to gain privileges via SSH. Date published : 2005-05-10 http://www.securityfocus.com/bid/10297 http://www.suse.de/de/security/2004_11_live_cd_91.html

Buffer overflow in the ssl_prcert function in the SSLway filter (sslway.c) for DeleGate 8.9.2 and earlier allows remote attackers to execute arbitrary code via a certificate with a long (1) subject or (2) issuer...

Unknown vulnerability in SGI IRIX 6.5 through 6.5.22m allows remote attackers to cause a denial of service via a certain UDP packet. Date published : 2005-05-10 http://www.securityfocus.com/bid/10287 ftp://patches.sgi.com/support/free/security/advisories/20040502-01-P.asc

ifconfig "-arp" in SGI IRIX 6.5 through 6.5.22m does not properly disable ARP requests from being sent or received. Date published : 2005-05-10 http://www.securityfocus.com/bid/10289 ftp://patches.sgi.com/support/free/security/advisories/20040502-01-P.asc

SQL injection vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to execute arbitrary SQL via the (1) orderby or (2) sid parameters to modules.php. Date published : 2005-05-10 http://www.securityfocus.com/bid/10282...

Cross-site scripting (XSS) vulnerability in the Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to inject arbitrary HTML and web script via the (1) ttitle or (2) sid parameters to modules.php. Date...

The Downloads module in Php-Nuke 6.x through 7.2 allows remote attackers to gain sensitive information via an invalid show parameter to modules.php, which reveals the full path in a PHP error message. Date published...

Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, which may be installed world-readable, which allows local users to gain privileges. Date published : 2005-05-10 http://www.securityfocus.com/bid/10277 http://www.erfrakon.de/projects/kolab/download/kolab-server-1.0/src/Changelog

Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF) 1.0 allows remote attackers to inject arbitrary web script via the size tag. Date published : 2005-05-10 http://www.securityfocus.com/bid/10281 http://marc.info/?l=bugtraq&m=108377364615934&w=2

Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows remote attackers to create arbitrary accounts via a link to adduser.cfm. Date published : 2005-05-10 http://www.securityfocus.com/bid/10276 http://marc.info/?l=bugtraq&m=108377423825478&w=2

FuseTalk 4.0 allows remote attackers to ban other users via a direct request to banning.cfm. Date published : 2005-05-10 http://www.securityfocus.com/bid/10278 http://marc.info/?l=bugtraq&m=108377423825478&w=2