Monthly Archive: December 2005

Unspecified vulnerability in PEAR installer 1.4.2 and earlier allows user-assisted attackers to execute arbitrary code via a crafted package that can execute code when the pear command is executed or when the Web/Gtk frontend...

Mailman 2.1.4 through 2.1.6 allows remote attackers to cause a denial of service via a message that causes the server to "fail with an Overflow on bad date data in a processed message," a...

Soti Pocket Controller-Professional 5.0 allows remote attackers to turn off, reboot, or hard reset a PDA via a series of initialization, command, and reset packets sent to port 5492. Date published : 2005-12-10 http://www.securityfocus.com/bid/15775/discuss...

The Wipe Free Space utility in PGP Desktop Home 8.0 and Desktop Professional 9.0.3 Build 2932 and earlier does not clear file slack space in the last cluster for the file, which allows local...

Cross-site scripting (XSS) vulnerability in the portal login page in Computer Associates CleverPath 4.7 allows remote attackers to execute Javascript via unknown vectors. Date published : 2005-12-10 http://www.securityfocus.com/bid/15783 http://supportconnect.ca.com/sc/solcenter/solresults.jsp?aparno=QI70871

Lyris ListManager 8.8 through 8.9b allows remote attackers to obtain sensitive information by causing errors in TML scripts, such as via direct requests, which leaks the installation path, SQL queries, or product code in...

Lyris ListManager 8.5, and possibly other versions before 8.8, includes sensitive information in the env hidden variable, which allows remote attackers to obtain information such as the installation path by requesting a non-existent page...

The TCLHTTPd service in Lyris ListManager before 8.9b allows remote attackers to obtain source code for arbitrary .tml (TCL) files via (1) a request with a trailing null byte (%00), which might also require...

Lyris ListManager before 8.9b allows remote attackers to obtain sensitive information via a request to the TCLHTTPd status module, which provides sensitive server configuration information. Date published : 2005-12-10 http://www.securityfocus.com/bid/15788 http://www.securityfocus.com/archive/1/419077/100/0/threaded

The MSDE version of Lyris ListManager 5.0 through 8.9b configures the sa account in the database to use a password with a small search space ("lyris" and up to 5 digits, possibly from the...

Lyris ListManager 5.0 through 8.9a allows remote attackers to add "ORDER BY" columns to SQL queries via unusual whitespace characters in the orderby parameter, such as (1) newlines and (2) 0xFF (ASCII 255) characters,...

SQL injection vulnerability in Lyris ListManager 5.0 through 8.9a allows remote attackers to execute arbitrary SQL commands via SQL code after a numeric argument to a /read/attachment URL. Date published : 2005-12-10 http://www.securityfocus.com/bid/15787 http://www.securityfocus.com/archive/1/419077/100/0/threaded

The web interface for subscribing new users in Lyris ListManager 5.0 through 8.8b, in combination with a line wrap feature, allows remote attackers to execute arbitrary list administration commands via LFCR (%0A%0D) sequences in...

Stack-based buffer overflow in the dissect_ospf_v3_address_prefix function in the OSPF protocol dissector in Ethereal 0.10.12, and possibly other versions, allows remote attackers to execute arbitrary code via crafted packets. Date published : 2005-12-10 http://www.securityfocus.com/bid/15794...