Monthly Archive: November 2005

Safari in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows remote attackers to cause files to be downloaded to locations outside the download directory via a long file name. Date published...

Unspecified vulnerability in passwordserver in Mac OS X Server 10.3.9 and 10.4.3, when creating an Open Directory master server, allows local users to gain privileges via unknown attack vectors. Date published : 2005-11-30 http://docs.info.apple.com/article.html?artnum=302847...

Unknown vulnerability in iodbcadmintool in the ODBC Administrator utility in Mac OS X and OS X Server 10.3.9 and 10.4.3 allows local users to execute arbitrary code via unknown attack vectors. Date published :...

Heap-based buffer overflow in CoreFoundation in Mac OS X and OS X Server 10.4 through 10.4.3 allows remote attackers to execute arbitrary code via unknown attack vectors involving "validation of URLs." Date published :...

Cross-site scripting (XSS) vulnerability in gui/errordocs/index.php in Virtual Hosting Control System (VHCS) 2.2.0 through 2.4.6.2 allows remote attackers to inject arbitrary web script or HTML via query strings that are included in an error...

Macromedia Flash Communication Server MX 1.0 and 1.5 does not sufficiently validate certain RTMP data, which allows attackers to cause a denial of service (instability or crash), as demonstrated using an alpha release build...

Macromedia Breeze Communication Server and Breeze Live Server does 5.1 and earlier not sufficiently validate certain RTMP data, which allows attackers to cause a denial of service (instability or crash), as demonstrated using an...

The automatic update feature in Google Talk allows remote attackers to cause a denial of service (CPU and memory consumption) by poisoning a target’s DNS cache and causing a large update file to be...

Apple Safari 2.0.2 allows remote attackers to cause a denial of service (system slowdown) via a Javascript BODY onload event that calls the window function. Date published : 2005-11-29 http://marc.info/?l=bugtraq&m=113278010907401&w=2

Mozilla allows remote attackers to cause a denial of service (CPU consumption) via a Javascript BODY onload event that calls the window function. Date published : 2005-11-29 http://marc.info/?l=bugtraq&m=113262115201500&w=2 http://www.computerterrorism.com/research/ie/ct21-11-2005

Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3, when AttachmentDownloadType is set to inline, renders text/html e-mail attachments as HTML in the browser when the queue moderator attempts to download...

Multiple cross-site scripting (XSS) vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote authenticated users to inject arbitrary web script or HTML via (1) hex-encoded...

Multiple SQL injection vulnerabilities in index.pl in Open Ticket Request System (OTRS) 1.0.0 through 1.3.2 and 2.0.0 through 2.0.3 allow remote attackers to execute arbitrary SQL commands and bypass authentication via the (1) user...

Gadu-Gadu 7.20 allows remote attackers to eavesdrop on a user via a web page that accesses the EasycallLite.oce ActiveX control, which can initiate an outgoing phone call and listen to the microphone. Date published...