Monthly Archive: June 2005

Pirch and RusPirch, when auto-log is enabled, allows remote attackers to cause a denial of service (crash) via a nickname containing an MS-DOS device name such as AUX, which is inserted into a filename...

tip on multiple BSD-based operating systems allows local users to cause a denial of service (execution prevention) by using flock() to lock the /var/log/acculog file. Date published : 2005-06-28 http://www.securityfocus.com/bid/5265 http://online.securityfocus.com/archive/1/283033

dump 0.4 b10 through b29 allows local users to cause a denial of service (execution prevention) by using flock() to lock the /etc/dumpdates file. Date published : 2005-06-28 http://www.securityfocus.com/bid/5264 http://online.securityfocus.com/archive/1/283033

phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read arbitrary files via a full pathname in the filnavn variable. Date published : 2005-06-28 http://www.securityfocus.com/bid/5982 http://archives.neohapsis.com/archives/bugtraq/2002-10/0225.html

SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable the Ethernet interface when the buffers are full, which allows remote attackers to cause a denial of service (null pointer exception and kernel...

ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, allows remote attackers to cause a denial of service (CPU and memory consumption) via a large number of SYN packets (SYN flood). NOTE:...

Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak encryption for passwords (reversible algorithm), which allows attackers to obtain passwords. Date published : 2005-06-28 http://www.securityfocus.com/bid/5970 http://online.securityfocus.com/archive/1/295309

Click2Learn Ingenium Learning Management System 5.1 and 6.1 stores the hashed administrative password in a config.txt file under the htdocs directory, which allows remote attackers to obtain the administrative password. Date published : 2005-06-28...

Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of service (CPU consumption) via an HTTP request with a Host header that contains a large number of "/" (forward slash) characters....

TelCondex SimpleWebServer 2.06.20817 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request. Date published : 2005-06-28 http://www.securityfocus.com/bid/5961 http://online.securityfocus.com/archive/1/295149

The web server for Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (CPU consumption) by sending incomplete HTTP requests and leaving the connections open. Date published : 2005-06-28...

Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 allows remote attackers to cause a denial of service (crash) via a long HTTP GET request. Date published : 2005-06-28 http://www.securityfocus.com/bid/5964 http://online.securityfocus.com/archive/1/295146

Buffer overflow in the Log function in util.c in GazTek ghttpd 1.4 through 1.4.3 allows remote attackers to execute arbitrary code via a long HTTP GET request. Date published : 2005-06-28 http://www.securityfocus.com/bid/5960 http://online.securityfocus.com/archive/1/295141

Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: and X-Sender: headers, which could allow remote attackers to obtain sensitive information. Date published : 2005-06-28 http://www.securityfocus.com/bid/4963 http://online.securityfocus.com/archive/1/276029