Unknown vulnerability in HP ProLiant DL585 servers running Integrated Lights Out (ILO) firmware before 1.81 allows attackers to access server controls when the server is "powered down." Date published : 2005-08-12 http://www.securityfocus.com/bid/14540 http://marc.info/?l=bugtraq&m=112369495001738&w=2
Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 on Windows allows attackers to cause a denial of service (crash) and obtain access to files via unknown vectors. Date published : 2005-08-12 http://www.securityfocus.com/bid/14548...
Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the calendar entries such as task lists, which are not...
Multiple format string vulnerabilities in Evolution 1.5 through 2.3.6.1 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) full vCard data, (2) contact data from remote...
vlan_dev.c in the VLAN code for Linux kernel 2.6.8 allows remote attackers to cause a denial of service (kernel oops from null dereference) via certain UDP packets that lead to a function call with...
security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote attackers to execute arbitrary commands via shell metacharacters in the Bluetooth device name when invoking the PIN helper. Date published : 2005-08-12 http://www.securityfocus.com/bid/14572...
Arab Portal 2.0 allows remote attackers to obtain sensitive information via a long (1) username or (2) password, which reveals the path in an error message when the undefined "errmsg" function is called. Date...
Multiple cross-site scripting (XSS) vulnerabilities in PHPOpenChat 3.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) content parameter to profile.php and profile_misc.php, (3) the profile fields...
PHP remote file inclusion vulnerability in config.php in Comdev eCommerce 3.0 allows remote attackers to execute arbitrary PHP code via the path[docroot] parameter. Date published : 2005-08-10 http://www.securityfocus.com/bid/14478 http://marc.info/?l=bugtraq&m=112327556202520&w=2
Directory traversal vulnerability in wce.download.php in Comdev eCommerce 3.0 allows remote attackers to download arbitrary files via a .. (dot dot) in the download parameter. Date published : 2005-08-10 http://www.securityfocus.com/bid/14479 http://marc.info/?l=bugtraq&m=112327874920062&w=2
Invision Power Board (IPB) 1.0.3 allows remote attackers to inject arbitrary web script or HTML via an attachment, which is automatically downloaded and processed as HTML. Date published : 2005-08-10 http://www.securityfocus.com/bid/14492 http://marc.info/?l=bugtraq&m=112327712614854&w=2
Tar 1.15.1 does not properly warn the user when extracting setuid or setgid files, which may allow local users or remote attackers to gain privileges. Date published : 2005-08-10 http://marc.info/?l=bugtraq&m=112327628230258&w=2 https://lists.apache.org/thread.html/rc713534b10f9daeee2e0990239fa407e2118e4aa9e88a7041177497c@%3Cissues.guacamole.apache.org%3E
CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier versions allows remote attackers to execute arbitrary PHP commands via an ASCII char 13 (carriage return) in the signature field, which is injected into a...
Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 and possibly earlier versions allow remote attackers to inject arbitrary web script or HTML via the (1) bodycolor, (2) backimage, (3) theme, or (4) logo parameter...