Monthly Archive: December 2005

The addUser function in UserManager.java in Free Web Chat 2.0 allows remote attackers to cause a denial of service (uncaught NullPointerException) via unknown attack vectors that cause the usrName variable to be null. Date...

Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has unknown impact and attack vectors when processing "CHOICE" types with "indefinite length structures." Date published : 2005-12-04 http://www.securityfocus.com/bid/11370 http://sourceforge.net/project/shownotes.php?group_id=103893&release_id=274592

Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has unknown impact and attack vectors when processing "ANY" type tags. Date published : 2005-12-04 http://www.securityfocus.com/bid/11370 http://sourceforge.net/project/shownotes.php?group_id=103893&release_id=274592

Directory traversal vulnerability in Microsoft cabarc allows remote attackers to overwrite files via "../" sequences in file names in a CAB archive. Date published : 2005-12-04 http://www.securityfocus.com/bid/11376 http://marc.info/?l=bugtraq&m=109759710121018&w=2

Yeemp 0.9.9 and earlier does not properly encrypt inbound files, which allows remote attackers to spoof the identity of the sender. Date published : 2005-12-04 http://www.securityfocus.com/bid/11353 http://deekoo.net/technocracy/yeemp/#advisory

Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire V1280, and Netra 1280 allows remote attackers to cause a denial of service (system controller hang) via IP Packets With Type of Service (TOS) Bits set....

Directory traversal vulnerability in lstat.cgi in LinuxStat before 2.3.1 allows remote attackers to read arbitrary files via (1) .. (dot dot) sequences or (2) absolute paths to the template parameter. Date published : 2005-12-04...

Unspecified vulnerability in Journalness 3.0.7 and earlier allows remote attackers to create or modify posts via unknown attack vectors. Date published : 2005-12-04 https://sourceforge.net/project/shownotes.php?release_id=232566&group_id=101583 http://www.osvdb.org/5572

The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote attackers to access files in the "admin/" directory by modifying the in_login parameter to a non-zero value. Date published : 2005-12-04 http://www.securityfocus.com/bid/10235 http://secwatch.org/advisories/1007857

The NAT implementation in Zonet ZSR1104WE Wireless Router Runtime Code Version 2.41 converts IP addresses of inbound connections to the IP address of the router, which allows remote attackers to bypass intended security restrictions....

TinyWeb 1.9 allows remote attackers to read source code of scripts via "/./" in the URL. Date published : 2005-12-04 http://www.securityfocus.com/bid/10445/info http://www.osvdb.org/6517

An ActiveX control for McAfee Security Installer Control System 4.0.0.81 allows remote attackers to access the Windows registry via web pages that use the control’s RegQueryValue() method. Date published : 2005-12-04 http://www.securityfocus.com/bid/10236 http://archives.neohapsis.com/archives/ntbugtraq/2004-q2/0026.html

The (1) bos.rte.serv_aid or (2) bos.rte.console filesets in IBM AIX 5.1 and 5.2 allow local users to overwrite arbitrary files via a symlink attack on temporary files via unknown attack vectors. Date published :...

Unspecified vulnerability in Sesamie 1.0 allows remote anonymous attackers to gain access to repositories of other users via unknown vectors. Date published : 2005-12-04 http://www.securityfocus.com/bid/10239 http://sourceforge.net/project/shownotes.php?release_id=234477