Monthly Archive: August 2005

grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the password in plaintext in memory, which allows attackers to obtain the password using a debugger or another mechanism to read process memory. Date published...

The syscall32_setup_pages function in syscall32.c for Linux kernel 2.6.12 and later, on the 64-bit x86 platform, does not check the return value of the insert_vm_struct function, which allows local users to trigger a memory...

Multiple PHP file include vulnerabilities in ezUpload 2.2 allow remote attackers to execute arbitrary code via the path parameter to (1) initialize.php, (2) customize.php, (3) form.php, or (4) index.php. Date published : 2005-08-17 http://www.securityfocus.com/bid/14534...

Unknown vulnerability in session.php in EQdkp before 1.3.0 has unknown impact and attack vectors, possibly involving auto_login_id. Date published : 2005-08-17 http://www.securityfocus.com/bid/14541 http://eqdkp.com/?p=changelog

Discuz! 4.0 rc4 does not properly restrict types of files that are uploaded to the server, which allows remote attackers to execute arbitrary commands via a filename containing ".php.rar" or other multiple extensions that...

Unknown vulnerability in CPAINT Ajax Toolkit before 1.3-SP allows attackers to execute arbitrary PHP or ASP code or read files via unknown vectors. Date published : 2005-08-17 http://www.securityfocus.com/bid/14565 http://www.securityfocus.com/archive/1/408130

Direct code injection vulnerability in WordPress 1.5.1.3 and earlier allows remote attackers to execute arbitrary PHP code via the cache_lastpostdate[server] cookie. Date published : 2005-08-17 http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0234.html http://secunia.com/advisories/16386

VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec for NetWare Servers 9.0 and 9.1, and NetBackup for NetWare Media Server Option 4.5 through 5.1 uses a static password during authentication from...

Cross-site scripting (XSS) vulnerability in index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via the message parameter. Date published : 2005-08-17 http://www.securityfocus.com/bid/14538 http://vegadns.org/src/current/CHANGELOG

index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows remote attackers to obtain the full server path via an invalid VDNS_Sessid parameter. Date published : 2005-08-17 http://vegadns.org/src/current/CHANGELOG http://www.packetstormsecurity.org/0508-exploits/vegadns-dyn0.txt

SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS comments, which allows remote attackers to conduct cross-site scripting (XSS) attacks in vulnerable applications that use SafeHTML. Date published : 2005-08-17 http://www.securityfocus.com/bid/14574...

PHP file include vulnerability in download.php in PHPSimplicity Simplicity oF Upload before 1.3.1 allows remote attackers to include arbitrary local and remote files via the language parameter and a terminating null ("%00") characters. Date...

Unknown vulnerability in the "frontend authentication" in PHlyMail 3.02.00 has unknown impact and attack vectors. Date published : 2005-08-17 http://www.securityfocus.com/bid/14537 http://phlymail.de/forum/viewtopic.php?t=698

Unknown vulnerability in Lasso Professional Server8.0.4 and 8.0.5 allows attackers to bypass authentication, related to [Auth] tags. Date published : 2005-08-17 http://www.securityfocus.com/bid/14543 http://www.omnipilot.com/Software%20Updates.1747.8901.lasso