TEXutil in ConTEXt, when executed with the –silent option, allows local users to overwrite arbitrary files via a symlink attack on texutil.log. Date published : 2005-05-10 http://www.securityfocus.com/bid/10042 http://marc.info/?l=bugtraq&m=108118755923319&w=2
Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on Testing Server" is selected, uploads the mmhttpdb.asp script to the web site but does not require authentication, which allows remote attackers to...
Stack-based buffer overflow in DecodeBase16 function, as used in the (1) IRC module and (2) web server in eMule 0.42d, allows remote attackers to execute arbitrary code via a long string. Date published :...
The ftp_syslog function in ftpd in SGI IRIX 6.5.20 "doesn’t work with anonymous FTP," which has an unknown impact, possibly preventing the actions of anonymous users from being logged. Date published : 2005-05-10 ftp://patches.sgi.com/support/free/security/advisories/20040401-01-P.asc
Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows remote attackers to cause a denial of service (hang) via the PORT mode. Date published : 2005-05-10 http://www.securityfocus.com/bid/10037 ftp://patches.sgi.com/support/free/security/advisories/20040401-01-P.asc
Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows remote attackers to cause a denial of service (hang) via a link failure with Microsoft Windows. Date published : 2005-05-10 http://www.securityfocus.com/bid/10037 ftp://patches.sgi.com/support/free/security/advisories/20040401-01-P.asc
display.cgi in Aborior Encore WebForum allows remote to execute arbitrary commands via shell metacharacters in the file variable. Date published : 2005-05-10 http://www.securityfocus.com/bid/10040 http://marc.info/?l=bugtraq&m=108100973820868&w=2
Ada Image Server (ImgSvr) 0.4 allows remote attackers to view directories or download files via an HTTP request with a trailing %00 (null). Date published : 2005-05-10 http://www.securityfocus.com/bid/10026 http://www.securityfocus.com/bid/10027
Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to execute arbitrary programs as SYSTEM by using the SITE command to modify certain iFtpSvc options that are handled by iftpmgr.exe. Date published : 2005-05-10 http://www.securityfocus.com/bid/9953...
Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with a default password, which allows remote attackers to gain access. Date published : 2005-05-10 http://www.securityfocus.com/bid/9953 http://marc.info/?l=bugtraq&m=108006581418116&w=2
Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow remote authenticated users to execute arbitrary code by causing a large error string to be generated by the ALLO handler, or (2) may allow...
Cross-site scripting (XSS) vulnerability in popuplargeimage.asp in CactuShop 5.x allows remote attackers to inject arbitrary web script or HTML via the strImageTag parameter. Date published : 2005-05-10 http://www.securityfocus.com/bid/10020 http://marc.info/?l=bugtraq&m=108075059013762&w=2
SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp in CactuShop 5.x allows remote attackers to execute arbitrary SQL commands via the strItems parameter. Date published : 2005-05-10 http://www.securityfocus.com/bid/10019 http://marc.info/?l=bugtraq&m=108075059013762&w=2
Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier allows remote attackers to cause a denial of service (memory consumption). Date published : 2005-05-10 http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000685 http://www.osvdb.org/17000