apachetop 0.12.5 and earlier, when running in debug mode, allows local users to create or append to arbitrary files via a symlink attack on atop.debug. Date published : 2005-09-30 http://www.securityfocus.com/bid/14982 http://bugs.gentoo.org/show_bug.cgi?id=104473
mt-comments.cgi in Movable Type before 3.2 allows attackers to redirect users to other web sites via URLs in comments. Date published : 2005-09-28 http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0091.html http://secunia.com/advisories/16899
Cross-site scripting (XSS) vulnerability in Movable Type before 3.2 allows remote attackers to inject arbitrary web script or HTML via the (1) title, (2) category, (3) body, (4) extended body, and (5) excerpt form...
The administrative interface in Movable Type allows attackers to upload files with arbitrary extensions under the web root. Date published : 2005-09-28 http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0091.html http://secunia.com/advisories/16899
The password reset feature in Movable Type before 3.2 generates different error messages depending on whether a user exists or not, which allows remote attackers to determine valid usernames. Date published : 2005-09-28 http://www.securityfocus.com/bid/14911...
Unspecified "PPTP Remote DoS Vulnerability" in Astaro Security Linux 4.027 allows attackers to cause a denial of service. Date published : 2005-09-28 http://www.securityfocus.com/bid/14950 http://www.astaro.org/showflat.php?Cat=&Number=62289&Main=62289
Unspecified vulnerability in the (1) Xsun and (2) Xprt commands in Solaris 7, 8, 9, and 10 allows local users to execute arbitrary code. Date published : 2005-09-28 http://support.avaya.com/elmodocs2/security/ASA-2005-220.pdf http://www.osvdb.org/19699
poppassd in Qualcomm qpopper 4.0.8 allows local users to modify arbitrary files and gain privileges via the -t (trace file) command line argument. Date published : 2005-09-28 http://www.securityfocus.com/bid/14944 http://seclists.org/lists/fulldisclosure/2005/Sep/0652.html
Directory traversal vulnerability in Avi Alkalay contribute.cgi (aka contribute.pl), dated 16 Jun 2002, allows remote attackers to overwrite arbitrary files via ".." sequences in the contribdir variable. Date published : 2005-09-28 http://www.cirt.net/advisories/alkalay.shtml http://www.osvdb.org/19522
Avi Alkalay nslookup.cgi program, dated 16 June 2002, allows remote attackers to execute arbitrary commands via shell metacharacters in the query parameter. Date published : 2005-09-28 http://www.securityfocus.com/bid/14893 http://www.alkalay.net/software
Avi Alkalay notify program, dated 19 Aug 2001, allows remote attackers to execute arbitrary commands via shell metacharacters in the from parameter. Date published : 2005-09-28 http://www.securityfocus.com/bid/14893 http://www.alkalay.net/software
Avi Alkalay man-cgi script allows remote attackers to execute arbitrary code via shell metacharacters in the topic parameter. Date published : 2005-09-28 http://www.securityfocus.com/bid/14893 http://www.alkalay.net/software
Nokia 7610 and 3210 phones allows attackers to cause a denial of service via certain characters in the filename of a Bluetooth OBEX transfer. Date published : 2005-09-28 http://www.securityfocus.com/bid/14948
Heap-based buffer overflow in Image-Line Software FL Studio 5.0.1 allows remote attackers to execute arbitrary code via a .flp file that contains a long path to a (1) .mid or (2) .wav file. Date...