Monthly Archive: July 2005

The device file system (devfs) in FreeBSD 5.x does not properly check parameters of the node type when creating a device node, which makes hidden devices available to attackers, who can then bypass restrictions...

The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow...

Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 to 3.4.1, ekg before 1.6rc3, GNU Gadu, CenterICQ, Kadu, and other packages, allows remote attackers to cause a denial of service (crash)...

inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of service (application crash) via an invalid file that causes a large dynamic tree to be produced. Date published : 2005-07-26 http://lists.apple.com/archives/security-announce/2005/Aug/msg00000.html http://lists.apple.com/archives/security-announce/2005//Aug/msg00001.html

Directory traversal vulnerability in Internet Graphics Server in SAP before 6.40 Patch 11 allows remote attackers to read arbitrary files via ".." sequences in an HTTP GET request. Date published : 2005-07-26 http://www.corsaire.com/advisories/c050503-001.txt

Y.SAK allows remote attackers to execute arbitrary commands via shell metacharacters in the $no variable to (1) w_s3mbfm.cgi, (2) w_s3adix.cgi, or (3) w_s3sbfm.cgi. Date published : 2005-07-20 http://www.securityfocus.com/bid/14299 http://securitytracker.com/id?1014502

Cross-site scripting (XSS) vulnerability in smilies_popup.php in SEO-Board 1.0 allows remote attackers to inject arbitrary web script or HTML via the doc parameter. Date published : 2005-07-20 http://www.securityfocus.com/bid/14320 http://www.osvdb.org/18062

Cross-site scripting (XSS) vulnerability in PHPPageProtect 1.0.0a allows remote attackers to inject arbitrary web script or HTML via the username parameter to (1) admin.php or (2) login.php. Date published : 2005-07-20 http://www.securityfocus.com/bid/14314 http://www.securityfocus.com/bid/14318

PHP remote file inclusion vulnerability in display.php in MooseGallery allows remote attackers to execute arbitrary PHP code via the type parameter. Date published : 2005-07-20 http://www.securityfocus.com/bid/14280 http://securitytracker.com/id?1014487

Directory traversal vulnerability in extras/update.php in osCommerce 2.2 allows remote attackers to read arbitrary files via (1) .. sequences or (2) a full pathname in the readme_file parameter. Date published : 2005-07-20 http://www.securityfocus.com/bid/14294 http://www.securityfocus.com/archive/1/431068

MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S 3.5.0, when using SSH public key authentication, does not properly restrict access to ports, which allows remote authenticated users to access the consoles of other users. Date...

PHP remote file inclusion vulnerability in im.php in Laffer 0.3.2.6 and 0.3.2.7 allows remote attackers to execute arbitrary PHP code via the CFG_PATH variable. Date published : 2005-07-20 http://www.securityfocus.com/bid/14264 http://laffer.sourceforge.net/cgi-bin/index.pl?page=news&key=373747410

Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier allows remote attackers to inject arbitrary web script or HTML via nested [url] BBCode tags. Date published : 2005-07-20 https://www.exploit-db.com/exploits/1106 http://securitytracker.com/id?1014513

The read_list_from_file function in vacation.pl for OpenWebmail before 2.32 20040629 allows remote attackers to execute arbitrary commands via shell metacharacters in a filename argument. Date published : 2005-07-19 http://www.securityfocus.com/bid/10637 http://openwebmail.org/openwebmail/download/cert/advisories/SA-04:04.txt