Monthly Archive: May 2005

Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the memory size written in the BMP file instead of the actual BMP file size, which allows remote attackers to cause a denial of...

X-Micro WLAN 11b Broadband Router 1.6.0.1 has a hardcoded "1502" username and password, which could allow remote attackers to gain access. Date published : 2005-05-10 http://www.securityfocus.com/bid/10095 http://marc.info/?l=bugtraq&m=108223222519855&w=2

X-Micro WLAN 11b Broadband Router 1.2.2, 1.2.2.3, 1.2.2.4, and 1.6.0.0 has a hardcoded "super" username and password, which could allow remote attackers to gain access. Date published : 2005-05-10 http://www.securityfocus.com/bid/10095 http://marc.info/?l=bugtraq&m=108162529229947&w=2

The hash_strcmp function in hasch.c in Crackalaka 1.0.8 allows remote attackers to cause a denial of service (crash) via large malformed strings. Date published : 2005-05-10 http://www.securityfocus.com/bid/10092 http://marc.info/?l=bugtraq&m=108152479316967&w=2

RSniff 1.0 allows remote attackers to cause a denial of service (connection exhaustion) via a large number of connections with a command other than AUTHENTICATE, or without any data, which prevents the socket from...

Format string vulnerability in test_func_func in LCDProc 0.4.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the str variable. Date published : 2005-05-10 http://www.securityfocus.com/bid/10085 http://marc.info/?l=bugtraq&m=108146376315229&w=2

Multiple buffer overflows in LCDProc 0.4.1, and possibly other 0.4.x versions up to 0.4.4, allows remote attackers to execute arbitrary code via (1) a long invalid command to parse_all_client_messages function, or (2) long argv...

Buffer overflow in the parse_all_client_messages function in LCDproc 0.4.x up to 0.4.4 allows remote attackers to execute arbitrary code via a large number of arguments. Date published : 2005-05-10 http://www.securityfocus.com/bid/10085 http://marc.info/?l=bugtraq&m=108145722229810&w=2

SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to execute arbitrary SQL commands via the eid parameter. Date published : 2005-05-10 http://www.securityfocus.com/bid/10082 http://marc.info/?l=bugtraq&m=108144168932458&w=2

Cross-site scripting (XSS) vulnerability in modules.php in NukeCalendar 1.1.a, as used in PHP-Nuke, allows remote attackers to inject arbitrary web script or HTML via the eid parameter. Date published : 2005-05-10 http://www.securityfocus.com/bid/10082 http://marc.info/?l=bugtraq&m=108144168932458&w=2

The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, (4) block-Calendar_center.php scripts in NukeCalendar 1.1.a, as used in PHP-Nuke, allow remote attackers to obtain sensitive information via a URL with an invalid argument, which reveals the...

Cross-site scripting (XSS) vulnerability in AzDGDatingLite 2.1.1 allows remote attackers to inject arbitrary web script or HTML via the (1) l parameter (aka language variable) to index.php or (2) id parameter to view.php. Date...

rufsi.dll in Symantec Virus Detection allows remote attackers to cause a denial of service (crash) via a long string to the GetPrivateProfileString function. NOTE: this issue was originally reported as a buffer overflow, but...

Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to cause a denial of service (crash) via certain RAR archives, such as those generated by the Beagle/Bagle worm. Date published : 2005-05-10 http://www.securityfocus.com/bid/9897 http://freshmeat.net/projects/clamav/?branch_id=29355&release_id=154462