Monthly Archive: June 2005

Cross-site scripting (XSS) vulnerability in kmMail 1.0, 1.0a, and 1.0b allows remote attackers to inject arbitrary web script or HTML via (1) javascript in onmouseover or other attributes in "safe" HTML tags such as...

Buffer overflow in the netlog function in pen.c for Pen 0.9.1 and 0.9.2 allows remote attackers to execute arbitrary commands via malformed log messages. Date published : 2005-06-28 http://www.securityfocus.com/bid/5152 http://siag.nu/pen/news-0.9.3.shtml

ROX Filer 1.1.9 and 1.2 is installed with world writable permissions, which allows local users to write to arbitrary files. Date published : 2005-06-28 http://www.securityfocus.com/bid/5172 http://www.iss.net/security_center/static/9504.php

Iomega NAS A300U uses cleartext LANMAN authentication when mounting CIFS/SMB drives, which allows remote attackers to perform a man-in-the-middle attack. Date published : 2005-06-28 http://www.securityfocus.com/bid/6093 http://archives.neohapsis.com/archives/bugtraq/2002-10/0440.html

Cross-site scripting (XSS) vulnerability in the phpinfo function in PHP 4.2.3 allows remote attackers to inject arbitrary web script or HTML via the query string argument, as demonstrated using soinfo.php. Date published : 2005-06-28...

Heap-based buffer overflow in the goim handler of AOL Instant Messenger (AIM) 4.4 through 4.8.2616 allows remote attackers to cause a denial of service (crash) via escaping of the screen name parameter, which triggers...

phpRank 1.8 does not properly check the return codes for MySQL operations when authenticating users, which could allow remote attackers to authenticate using a NULL password when database errors occur or if the database...

Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to execute arbitrary code via a long HTTP GET request with a large number of subdirectories. Date published : 2005-06-28 http://www.securityfocus.com/bid/5464 http://freecode.com/projects/embedthis-goahead-webserver/releases/343539

Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote attackers to inject arbitrary web script or HTML via the (1) the email parameter of add.php or (2) the banner URL (banurl parameter) in the...

The Network Attached Storage (NAS) Administration Web Page for Iomega NAS A300U transmits passwords in cleartext, which allows remote attackers to sniff the administrative password. Date published : 2005-06-28 http://www.securityfocus.com/bid/6092 http://archives.neohapsis.com/archives/bugtraq/2002-10/0440.html

Multiple buffer overflows in Gringotts 0.5.9 allows local users to execute arbitrary commands via unknown attack vectors. Date published : 2005-06-28 http://www.securityfocus.com/bid/5488 http://www.iss.net/security_center/static/9882.php

Webmin 0.21 through 1.0 uses the same built-in SSL key for all installations, which allows remote attackers to eavesdrop or highjack the SSL session. Date published : 2005-06-28 http://www.securityfocus.com/bid/5936 http://www.webmin.com/changes.html

Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software 1.2.000, when the "Save Password" option is used, stores the password with a weak encryption scheme (one-to-one mapping) in a registry key, which allows local users...

Buffer overflow in SmartMail Server 1.0 Beta 10 allows remote attackers to cause a denial of service (crash) via a long request to (1) TCP port 25 (SMTP) or (2) TCP port 110 (POP3)....