Monthly Archive: July 2005

zlib 1.2 and later versions allows remote attackers to cause a denial of service (crash) via a crafted compressed stream with an incomplete code description of a length greater than 1, which leads to...

linki.py in ekg 2005-06-05 and earlier allows local users to overwrite or create arbitrary files via a symlink attack on temporary files. Date published : 2005-07-06 http://marc.info/?l=bugtraq&m=112060146011122&w=2 http://marc.info/?l=bugtraq&m=112198499417250&w=2

CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as case sensitive, which allows attackers to bypass intended ACLs via a printer name containing uppercase or lowercase letters that are different from what is...

SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows Servers, uses insecure permissions when generating the Secure Shell host identification key, which allows local users to access the key and spoof...

The kernel driver in Prevx Pro 2005 1.0 does not verify the source of certain messages, which allows local users to bypass protection by sending certain messages to the driver, as demonstrated by sending...

Prevx Pro 2005 1.0 allows local users to bypass file protection and modify files by using MapViewOfFile to perform memory mapping on the file. Date published : 2005-07-05 http://securitytracker.com/id?1014346 http://secunia.com/advisories/15885

Microsoft Front Page allows attackers to cause a denial of service (crash) via a crafted style tag in a web page. Date published : 2005-07-05 http://www.freewebs.com/xxosfilexx/HungFPage.html http://securitytracker.com/id?1014352

Directory traversal vulnerability in Golden FTP Server 2.60 allows remote authenticated attackers to list arbitrary directories via a ".." (backslash dot dot) in an LS (LIST) command. Date published : 2005-07-05 http://secunia.com/advisories/15840

TCP Chat 1.0 allows remote attackers to cause a denial of service (crash) via a long string to the chat service, possibly triggering a buffer overflow. Date published : 2005-07-05 http://addict3d.org/index.php?page=viewarticle&type=security&ID=4377 http://k.domaindlx.com/shellcore/advisories.asp?bug_report=display&infamous_group=65

Directory traversal vulnerability in default.asp for FSboard 2.0 allows remote attackers to read arbitrary files via ".." sequences in the filename parameter. Date published : 2005-07-05 http://www.securityfocus.com/bid/14111

PHP remote file inclusion vulnerability in user_check.php for Pavsta Auto Site allows remote attackers to execute arbitrary PHP code via the sitepath parameter. Date published : 2005-07-05 http://www.osvdb.org/17631 http://securitytracker.com/id?1014321

Cross-site scripting (XSS) vulnerability in index.php in Comdev eCommerce 3.0 and 3.1 allows remote attackers to inject arbitrary web script or HTML via Javascript in the onMouseOver event of an "A" tag in a...

Unknown vulnerability in NateOn Messenger 3.0 allows remote attackers to list arbitrary directories via unknown attack vectors. Date published : 2005-07-05 http://www.securityfocus.com/bid/14100 http://www.osvdb.org/17619

Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, and DSXA-48 set (1) world-readable permissions for /etc/shadow and (2) world-writable permissions for /bin/busybox, which allows local users to obtain hashed passwords or execute...