Monthly Archive: May 2005

The patch to the checklogin function in omail.pl for omail webmail 0.98.5 is incomplete, which allows remote attackers to execute arbitrary commands via shell metacharacters such as "`" (backticks) in the password. Date published...

Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote attackers to cause a denial of service (crash) via a long -l parameter, which triggers an out-of-bounds read. Date published : 2005-05-10 http://www.securityfocus.com/bid/10181 http://marc.info/?l=bugtraq&m=108360377119290&w=2

Directory traversal vulnerability in Aldo’s Web Server (aweb) 1.5 allows remote attackers to view arbitrary files via a .. (dot dot) in an HTTP GET request. Date published : 2005-05-10 http://www.securityfocus.com/bid/10262 http://marc.info/?l=bugtraq&m=108360629031227&w=2

Aldo’s Web Server (aweb) 1.5 allows remote attackers to gain sensitive information via an arbitrary character, which reveals the full path and the user running the aweb process, possibly due to a malformed request....

PHP remote file inclusion vulnerability in theme.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to execute arbitrary PHP code by modifying the THEME_DIR parameter to reference a URL on a remote web server...

PHP remote file inclusion vulnerability in init.inc.php in Coppermine Photo Gallery 1.2.0 RC4 allows remote attackers to execute arbitrary PHP code by modifying the CPG_M_DIR to reference a URL on a remote web server...

picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to execute arbitrary commands via shell metacharacters in the (1) $CONFIG[‘impath’] or (2) $CONFIG[‘jpeg_qual’] parameters. Date published : 2005-05-10...

Directory traversal vulnerability in modules.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers with administrative privileges to read arbitrary files via a .. (dot dot) in the startdir parameter. Date published...

Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine Photo Gallery 1.2.2b allows remote attackers to inject arbitrary HTML or web script via the CPG_URL parameter. Date published : 2005-05-10 http://www.securityfocus.com/bid/10253 http://marc.info/?l=bugtraq&m=108360247732014&w=2

Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) phpinfo.php, (2) addpic.php, (3) config.php, (4) db_input.php, (5) displayecard.php, (6) ecard.php, (7) crop.inc.php,...

The arch_get_unmapped_area function in mmap.c in the PaX patches for Linux kernel 2.6, when Address Space Layout Randomization (ASLR) is enabled, allows local users to cause a denial of service (infinite loop) via unknown...

Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify records in the board’s .txt file via carriage return characters in the subject field. Date published : 2005-05-10 http://www.securityfocus.com/bid/10263 http://marc.info/?l=bugtraq&m=108360430703935&w=2

The web interface for Crystal Reports allows remote attackers to cause a denial of service (disk exhaustion) by repeatedly requesting reports without retrieving the associated image files, which are not cleared from the image...

Directory traversal vulnerability in glossary.php in PROPS 0.6.1 allows remote attackers to view arbitrary files via a .. (dot dot) in (1) module or (2) format variables. Date published : 2005-05-10 http://marc.info/?l=bugtraq&m=108342671616155&w=2 http://sourceforge.net/project/shownotes.php?group_id=29581&release_id=234433