Monthly Archive: July 2005

Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 allows remote attackers to cause a denial of service (memory consumption and restart) via crafted packets to...

Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before 4.0(2a)SR2b, and 4.1 4.1 before 4.1(3)SR1 does not quickly time out Realtime Information Server Data Collection (RISDC) sockets, which results in a "resource...

xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files via a symlink attack on the xpvm.trace.$user temporary file. Date published : 2005-07-12 http://www.securityfocus.com/bid/14228 http://www.debian.org/security/2006/dsa-1003

oftpd 0.3.7 allows remote attackers to cause a denial of service via a USER command with a large number of null () characters. Date published : 2005-07-12 http://securitytracker.com/id?1014413

ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to cause a denial of service (port exhaustion and memory consumption) by using all ephemeral ports. Date published : 2005-07-12 http://securitytracker.com/id?1014421

Format string vulnerability in the swcons command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via long command line arguments. Date published : 2005-07-12 http://www.securityfocus.com/bid/13921 http://www.caughq.org/advisories/CAU-2005-0007.txt

Format string vulnerability in the paginit command in IBM AIX 5.3, and possibly other versions, might allow local users to execute arbitrary code via format strings in command line arguments. Date published : 2005-07-12...

Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments. Date published : 2005-07-12 http://www.securityfocus.com/bid/13912 http://www.security-focus.com/advisories/8819

Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and 5.3, might allow local users to execute arbitrary code via long command line arguments. Date published : 2005-07-12 http://www.securityfocus.com/bid/13914 http://www.security-focus.com/advisories/8684

Buffer overflow in multiple "p" commands in IBM AIX 5.1, 5.2 and 5.3 might allow local users to execute arbitrary code via long command line arguments to (1) penable or other hard-linked files including...

Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow local users to execute arbitrary code via a long command line argument. Date published : 2005-07-12

High Availability Linux Project Heartbeat 1.2.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files. Date published : 2005-07-12 http://www.debian.org/security/2005/dsa-761 http://secunia.com/advisories/16039

Electronic Mail Operator (elmo) 1.3.2-r1 and earlier creates the elmostats temporary file insecurely, which allows local users to overwrite arbitrary files. Date published : 2005-07-12 http://www.securityfocus.com/bid/14235 http://www.zataz.net/adviso/elmo-06272005.txt

Blog Torrent 0.92 and earlier stores sensitive files under the web document root in the (1) data or (2) torrents directories with insufficient access control, which allows remote attackers to obtain sensitive information such...