Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 allows administrators to inject arbitrary web script or HTML by modifying the main screen message. Date published : 2005-08-31 http://www.debian.org/security/2005/dsa-798 http://savannah.gnu.org/bugs/?func=detailitem&item_id=13863
loadmodule in SunOS 4.1.x, as used by xnews, does not properly sanitize its environment, which allows local users to gain privileges, a different vulnerability than CVE-1999-1584. Date published : 2005-08-30 http://www.cert.org/advisories/CA-1995-12.html http://www.ciac.org/ciac/bulletins/g-02.shtml
The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly before 2.4, start a privileged shell on the system console if fsck fails while the system is booting, which allows attackers with...
Unknown vulnerability in (1) loadmodule, and (2) modload if modload is installed with setuid/setgid privileges, in SunOS 4.1.1 through 4.1.3c, and Open Windows 3.0, allows local users to gain root privileges via environment variables,...
lockmail in maildrop before 1.5.3 does not drop privileges before executing commands, which allows local users to gain privileges via command line arguments. Date published : 2005-08-30 http://www.debian.org/security/2005/dsa-791
phpldapadmin before 0.9.6c allows remote attackers to gain anonymous access to the LDAP server, even when disable_anon_bind is set, via an HTTP request to login.php with the anonymous_bind parameter set. Date published : 2005-08-30...
Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro 5.1 allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag. Date published : 2005-08-29 http://www.securityfocus.com/bid/14671 http://marc.info/?l=bugtraq&m=112511025414488&w=2
Cross-site scripting (XSS) vulnerability in YaPig 0.95 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag. Date published : 2005-08-29 http://www.securityfocus.com/bid/14670 http://marc.info/?l=bugtraq&m=112511025414488&w=2
Cross-site scripting (XSS) vulnerability in phpGraphy 0.9.9a and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag. Date published : 2005-08-29 http://www.securityfocus.com/bid/14669 http://marc.info/?l=bugtraq&m=112511025414488&w=2
Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag. Date published : 2005-08-29 http://www.securityfocus.com/bid/14668 http://marc.info/?l=bugtraq&m=112511025414488&w=2
upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not properly restrict file extensions of uploaded files, which could allow remote attackers to execute arbitrary code. Date published : 2005-08-29 http://www.securityfocus.com/bid/14667 http://marc.info/?l=bugtraq&m=112511159821143&w=2
AWStats 6.4, and possibly earlier versions, allows remote attackers to obtain sensitive information via a file that does not exist in the config parameter, which reveals the path in an error message. Date published...
Directory traversal vulnerability in Astaro Security Linux 6.0, when using Webmin, allows remote authenticated webmin users to read arbitrary files via a .. (dot dot) in the wfe_download parameter to index.fpl. Date published :...
The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to obtain sensitive information via an invalid request, which reveals a Proxy-authorization string in an error message. Date published : 2005-08-29 http://marc.info/?l=bugtraq&m=112501186602731&w=2 https://exchange.xforce.ibmcloud.com/vulnerabilities/22024