phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configuration settings and gain unauthorized access to MySQL servers via modified $cfg[‘Servers’] variables. Date published : 2005-12-04 http://www.securityfocus.com/bid/10629 http://archives.neohapsis.com/archives/bugtraq/2004-06/0444.html
Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5.7, when LeftFrameLight is FALSE, allows remote attackers to execute arbitrary PHP code via a crafted table name. Date published : 2005-12-04 http://www.securityfocus.com/bid/10629 http://archives.neohapsis.com/archives/bugtraq/2004-06/0444.html
The MIME transformation system (transformations/text_plain__external.inc.php) in phpMyAdmin 2.5.0 up to 2.6.0-pl1 allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified vectors. Date published : 2005-12-04 http://www.securityfocus.com/bid/11391 http://marc.info/?l=bugtraq&m=109816584519779&w=2
Multiple vulnerabilities in the H.323 protocol implementation for First Virtual Communications Click to Meet Express (when used with H.323 conferencing endpoints), Click to Meet Premier, Conference Server, and V-Gate allow remote attackers to cause...
Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4, when running on Windows, allow remote attackers to read arbitrary files via a URL that contains (1) a hex-encoded backslash dot-dot sequence ("%5C..") or (2)...
Java 2 Micro Edition (J2ME) does not properly validate bytecode, which allows remote attackers to escape the Kilobyte Virtual Machine (KVM) sandbox and execute arbitrary code. Date published : 2005-12-04 http://archives.neohapsis.com/archives/bugtraq/2004-10/0231.html http://archives.neohapsis.com/archives/fulldisclosure/2004-10/0884.html
GUI overlay vulnerability in the Java API in Siemens S55 cellular phones allows remote attackers to send unauthorized SMS messages by overlaying a confirmation message with a malicious message. Date published : 2005-12-04 http://www.securityfocus.com/bid/10227...
Cross-site scripting (XSS) vulnerability in Outblaze Email allows remote attackers to inject arbitrary web script or HTML via Javascript in an attribute of an IMG tag. Date published : 2005-12-04 http://www.securityfocus.com/bid/10756 http://archives.neohapsis.com/archives/fulldisclosure/2004-07/0733.html
Cross-site scripting (XSS) vulnerability in "TextSearch" in WackoWiki 3.5 allows remote attackers to inject arbitrary web script or HTML via the "phrase" parameter. Date published : 2005-12-04 http://www.securityfocus.com/bid/10860 http://wackowiki.com/WackoDownload/VersionHistory?v=yrv
Unknown vulnerability in Rippy the Aggregator before 0.10, when register_globals is enabled, has unknown attack vectors and impact, possibly related to the "user-controlled filter." Date published : 2005-12-04 http://ansuz.sooke.bc.ca/rippy/ChangeLog http://freshmeat.net/projects/rippy/?branch_id=30091&release_id=173997
AClient.exe in Altiris Deployment Solution 6.x and 5.x does not require authentication from the first Deployment Server that it connects to, which allows remote malicious servers to gain administrator access. Date published : 2005-12-04...
Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when opening a VPN tunnel, does not check the gateway certificate until after a dialog box has been displayed to the user, which creates...
The MIMEH_read_headers function in ripMIME 1.3.1.0 does not properly handle trailing "r" and "n" characters in headers, which leads to a buffer underflow. Date published : 2005-12-04 http://www.pldaniels.com/ripmime/CHANGELOG http://www.osvdb.org/8731
ripMIME 1.3.2.3 and earlier allows remote attackers to bypass e-mail protection via a base64 MIME encoded attachment containing invalid characters that are not properly extracted. Date published : 2005-12-04 http://www.securityfocus.com/bid/10848 http://www.pldaniels.com/ripmime/CHANGELOG