Format string vulnerability in Deception Finger Daemon, decfingerd, 0.7 may allow remote attackers to execute arbitrary code via the username of a finger request. Date published : 2005-08-05 http://www.securityfocus.com/bid/5105 http://archives.neohapsis.com/archives/bugtraq/2002-06/0314.html
Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers to obtain server’s root path via requests for MS-DOS device names such as lpt9.xtp. Date published : 2005-08-05 http://www.securityfocus.com/bid/5252 http://seclists.org/bugtraq/2002/Jul/0186.html
Buffer overflow in rcp in Solaris 9.0 allows local users to execute arbitrary code via a long command line argument. Date published : 2005-08-05 http://www.securityfocus.com/bid/5085 http://cert.uni-stuttgart.de/archive/vuln-dev/2002/06/msg00262.html
The MOSIX Project clump/os 5.4 creates a default VNC account without a password, which allows remote attackers to gain root access. Date published : 2005-08-05 http://www.securityfocus.com/bid/4581 http://archives.neohapsis.com/archives/bugtraq/2002-04/0327.html
Buffer overflow in Borland InterBase 6.0 allows local users to execute arbitrary code via a long INTERBASE environment variable when calling (1) gds_drop, (2) gds_lock_mgr, or (3) gds_inet_server. Date published : 2005-08-05 http://www.securityfocus.com/bid/5044 http://www.securityfocus.com/bid/5046
Eudora before 6.1.1 allows remote attackers to cause a denial of service (crash) via an e-mail with a long "To:" field, possibly due to a buffer overflow. Date published : 2005-08-05 http://www.securityfocus.com/bid/10398 http://www.eudora.com/download/eudora/windows/6.1.1/RelNotes.txt
Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed setuid root, allows local users to execute arbitrary code via a long -p command line argument. NOTE: it is not clear whether there...
Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows remote attackers to execute arbitrary code via an HTTP GET request with a long Range header. Date published : 2005-08-05 http://www.securityfocus.com/bid/10376 http://www.securityfocus.com/archive/1/363651
Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 and 3.5, is installed with a default NMAP authentication credential, which allows remote attackers to read and write mail store data if the...
ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive information via an invalid fuseaction parameter, which leaks the full server path in an error message, as demonstrated using the "?" (question mark) character. Date...
Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 allows remote attackers to inject arbitrary web script or HTML via the fuseaction parameter, which is not quoted in an error page, as demonstrated using index.cfm....
Quick ‘n Easy FTP Server 3.0 allows remote attackers to cause a denial of service (application crash or CPU consumption) via a long USER command. Date published : 2005-08-05 http://www.securityfocus.com/bid/14451 http://marc.info/?l=bugtraq&m=112300508617889&w=2
SQL injection vulnerability in SilverNews 2.0.3 allows remote attackers to execute arbitrary SQL commands via the user field on the login page in the Admin control panel. Date published : 2005-08-05 http://www.securityfocus.com/bid/14466 http://marc.info/?l=bugtraq&m=112309780321088&w=2
shop_display_products.php in Naxtor Shopping Cart 1.0 allows remote attackers to obtain sensitive information via a cat_id with a "’" (single quote), which reveals the path in an error message, possibly due to an SQL...