Monthly Archive: September 2005

Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs for avatar images, which allows remote attackers to monitor sensitive information of forum visitors such as IP address and user agent, as...

Cross-site scripting (XSS) vulnerability in Greymatter allows remote attackers to inject arbitrary web script or HTML via a post comment, which is recorded in a log file but not properly handled when the administrator...

print.php in FlatNuke 2.5.6 allows remote attackers to obtain sensitive information (path disclosure on error) or cause a denial of service (resource consumption) via an MS-DOS device name in the news parameter to print.php,...

Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows remote attackers to inject arbitrary web script or HTML via the usr parameter in a vis_reg operation to index.php. Date published : 2005-09-07 http://www.securityfocus.com/bid/14704 http://seclists.org/lists/bugtraq/2005/Aug/0440.html

Directory traversal vulnerability in FlatNuke 2.5.6 and possibly earlier allows remote attackers to read arbitrary files via ".." sequences and "%00" (trailing null byte) characters in the id parameter to the read mod in...

man2web allows remote attackers to execute arbitrary commands via -P arguments. Date published : 2005-09-07 http://www.securityfocus.com/bid/14747

Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, on Gentoo Linux, installs certain Perl modules with an insecure DT_RPATH, which could allow local users to gain privileges. Date published : 2005-09-07 http://www.gentoo.org/security/en/glsa/glsa-200509-05.xml

Multiple stack-based buffer overflows in urban before 1.5.3 allow local users to gain privileges via a long HOME environment variable to (1) config.cc, (2) game.cc, (3) highscor.cc, or (4) meny.cc. Date published : 2005-09-07...

silc daemon (silcd.c) in Secure Internet Live Conferencing (SILC) 1.0 and earlier allows local users to overwrite arbitrary files via a symlink attack on the silcd.[PID].stats temporary file. Date published : 2005-09-07 http://www.securityfocus.com/bid/14716 http://www.securityfocus.com/archive/1/409672

frox 0.7.16 and 0.7.17 does not properly parse certain Deny ACLs, which might allow attackers to bypass intended restrictions and access blocked hosts. Date published : 2005-09-07 http://sourceforge.net/mailarchive/forum.php?thread_id=6492850&forum_id=1822 http://www.osvdb.org/13615

frox 0.7.18, when running setuid root, does not properly drop privileges when reading a configuration file, which allows local users to read portions of arbitrary files via the -f command line option. Date published...

The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests. Date published : 2005-09-07 http://www.securityfocus.com/bid/14731 http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-sslConnectTimeout

store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING. Date published : 2005-09-07 http://www.securityfocus.com/bid/14761 http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE10-STORE_PENDING

client.cpp in BNBT EasyTracker 7.7r3.2004.10.27 and earlier allows remote attackers to cause a denial of service (application hang) via an HTTP header containing only a ":" (colon), possibly leading to an integer signedness error...