Unknown vulnerability in the "ipopts decode" functionality in Firestorm IDS 0.4.0 through 0.4.2 allows remote attackers to cause a denial of service (crash) via certain IP options. Date published : 2005-06-28 http://www.securityfocus.com/bid/4871 http://www.scaramanga.co.uk/firestorm/NEWS
Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attackers to cause a denial of service (crash) via an invite request that contains hex-encoded spaces (%20) in the Invitation-Cookie field. Date published : 2005-06-28...
Open Bulletin Board (OpenBB) 1.0.0 RC3 allows remote attackers to bypass authentication and access modifier options via a direct request to moderator.php with the action and ismod parameters. Date published : 2005-06-28 http://www.securityfocus.com/bid/4823 http://marc.info/?l=vuln-dev&m=102221487407632&w=2
Cross-site scripting (XSS) vulnerability in codeparse.php in Open Bulletin Board (OpenBB) 1.0.0 RC3 allows remote attackers to inject arbitrary web script or HTML via (1) myhome.php, (2) an onerror attribute in an IMG tag...
Savant Webserver 3.1 allows remote attackers to cause a denial of service (crash) via an HTTP GET request with a negative Content-Length value. Date published : 2005-06-28 http://www.securityfocus.com/bid/5707 http://online.securityfocus.com/archive/1/291791
Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of service by obtaining an exclusive lock on the (1) alias, (2) map, (3) statistics, and (4) pid files. Date published : 2005-06-28...
grsecurity 1.9.4 for Linux kernel 2.4.18 allows local users to bypass read-only permissions by using mmap to directly map /dev/mem or /dev/kmem to kernel memory. Date published : 2005-06-28 http://www.securityfocus.com/bid/4762 http://online.securityfocus.com/archive/1/273002
Format string vulnerability in PerlRTE_example1.pl in WASD 7.1, 7.2.0 through 7.2.3, and 8.0.0 allows remote attackers to execute arbitrary commands or crash the server via format strings in the $name variable. Date published :...
Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a webserver’s certificate chain during a SSL/TLS handshake, does not prompt the user before searching for and finding a newer certificate, which may allow...
Buffer overflow in the HttpGetRequest function in Zeroo HTTP server 1.5 allows remote attackers to execute arbitrary code via a long HTTP request. Date published : 2005-06-28 http://www.securityfocus.com/bid/6190 http://online.securityfocus.com/archive/1/300066
IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain the path to the web root directory and other sensitive information, which is leaked in an error mesage when a request is made...
Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote authenticated users to gain privileges and perform unauthorized actions via direct requests to (1) admin_members.php, (2) admin_config.php, (3) admin_cat.php, or (4) admin_forum.php. Date published :...
register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an administrative account Admin with a capital "A," but allows a remote attacker to impersonate the administrator by registering an account name of admin...
Directory traversal vulnerability in TinyHTTPD 0.1 .0 allows remote attackers to read or execute arbitrary files via a ".." (dot dot) in the URL. Date published : 2005-06-28 http://www.securityfocus.com/bid/6158 http://online.securityfocus.com/archive/1/299287