Vulnerabilities - Ax3 Software

Sax2 Network Intrusion Detection System

A professional intrusion detection and prevention system (NIDS) which excels at real-time packet capture, 24/7 network monitor, advanced protocol analysis and automatic expert detection.

CAN-2005

Name: CVE-2005-0001

Description:
Race condition in the page fault handler (fault.c) for Linux kernel 2.2.x to 2.2.7, 2.4 to 2.4.29, and 2.6 to 2.6.10, when running on multiprocessor machines, allows local users to execute arbitrary code via concurrent threads that share the same virtual memory space and simultaneously request stack expansion.

Status: Candidate
Phase: Assigned (20050103)
Reference: BUGTRAQ:20050112 Linux kernel i386 SMP page fault handler privilege escalation
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110554694522719&w=2
Reference: FULLDISC:20050112 Linux kernel i386 SMP page fault handler privilege escalation
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030826.html
Reference: MISC:http://isec.pl/vulnerabilities/isec-0022-pagefault.txt
Reference: CONECTIVA:CLA-2005:930
Reference: URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
Reference: DEBIAN:DSA-1070
Reference: URL:http://www.debian.org/security/2006/dsa-1070
Reference: DEBIAN:DSA-1067
Reference: URL:http://www.debian.org/security/2006/dsa-1067
Reference: DEBIAN:DSA-1069
Reference: URL:http://www.debian.org/security/2006/dsa-1069
Reference: DEBIAN:DSA-1082
Reference: URL:http://www.debian.org/security/2006/dsa-1082
Reference: FEDORA:FLSA:2336
Reference: URL:https://bugzilla.fedora.us/show_bug.cgi?id=2336
Reference: MANDRAKE:MDKSA-2005:022
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:022
Reference: REDHAT:RHSA-2005:043
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-043.html
Reference: REDHAT:RHSA-2005:092
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
Reference: REDHAT:RHSA-2005:016
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-016.html
Reference: REDHAT:RHSA-2005:017
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-017.html
Reference: TRUSTIX:2005-0001
Reference: URL:http://www.trustix.org/errata/2005/0001/
Reference: BUGTRAQ:20050114 [USN-60-0] Linux kernel vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110581146702951&w=2
Reference: BID:12244
Reference: URL:http://www.securityfocus.com/bid/12244
Reference: SECTRACK:1012862
Reference: URL:http://securitytracker.com/id?1012862
Reference: SECUNIA:13822
Reference: URL:http://secunia.com/advisories/13822
Reference: SECUNIA:20163
Reference: URL:http://secunia.com/advisories/20163
Reference: SECUNIA:20202
Reference: URL:http://secunia.com/advisories/20202
Reference: SECUNIA:20338
Reference: URL:http://secunia.com/advisories/20338
Reference: XF:linux-fault-handler-gain-privileges(18849)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18849

Votes:

Name: CVE-2005-0002

Description:
poppassd_pam 1.0 and earlier, when changing a user password, does not verify that the user entered the old password correctly, which allows remote attackers to change passwords for arbitrary users.

Status: Candidate
Phase: Assigned (20050103)
Reference: GENTOO:GLSA-200501-22
Reference: URL:http://security.gentoo.org/glsa/glsa-200501-22.xml
Reference: SECTRACK:1012840
Reference: URL:http://securitytracker.com/id?1012840
Reference: SECUNIA:13865
Reference: URL:http://secunia.com/advisories/13865

Votes:

Name: CVE-2005-0003

Description:
The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file.

Status: Candidate
Phase: Assigned (20050103)
Reference: CONFIRM:http://linux.bkbits.net:8080/linux-2.4/cset@41c36fb6q1Z68WUzKQFjJR-40Ev3tw
Reference: DEBIAN:DSA-1070
Reference: URL:http://www.debian.org/security/2006/dsa-1070
Reference: DEBIAN:DSA-1067
Reference: URL:http://www.debian.org/security/2006/dsa-1067
Reference: DEBIAN:DSA-1069
Reference: URL:http://www.debian.org/security/2006/dsa-1069
Reference: DEBIAN:DSA-1082
Reference: URL:http://www.debian.org/security/2006/dsa-1082
Reference: MANDRAKE:MDKSA-2005:022
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:022
Reference: REDHAT:RHSA-2005:043
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-043.html
Reference: REDHAT:RHSA-2005:017
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-017.html
Reference: SUSE:SUSE-SA:2005:018
Reference: URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
Reference: TRUSTIX:2005-0001
Reference: URL:http://www.trustix.org/errata/2005/0001/
Reference: MISC:http://linux.bkbits.net:8080/linux-2.6/cset@41a6721cce-LoPqkzKXudYby_3TUmg
Reference: BID:12261
Reference: URL:http://www.securityfocus.com/bid/12261
Reference: SECTRACK:1012885
Reference: URL:http://securitytracker.com/id?1012885
Reference: SECUNIA:20163
Reference: URL:http://secunia.com/advisories/20163
Reference: SECUNIA:20202
Reference: URL:http://secunia.com/advisories/20202
Reference: SECUNIA:20338
Reference: URL:http://secunia.com/advisories/20338
Reference: XF:linux-vma-gain-privileges(18886)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18886

Votes:

Name: CVE-2005-0004

Description:
The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before 4.1.10, 5.0.x before 5.0.3, and other versions including 3.x, allows local users to overwrite arbitrary files or read temporary files via a symlink attack on temporary files.

Status: Candidate
Phase: Assigned (20050103)
Reference: CONFIRM:http://lists.mysql.com/internals/20600
Reference: CONFIRM:http://mysql.osuosl.org/doc/mysql/en/News-4.1.10.html
Reference: CONECTIVA:CLA-2005:947
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000947
Reference: DEBIAN:DSA-647
Reference: URL:http://www.debian.org/security/2005/dsa-647
Reference: MANDRAKE:MDKSA-2005:036
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:036
Reference: BUGTRAQ:20050118 [USN-63-1] MySQL client vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110608297217224&w=2
Reference: SUNALERT:101864
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101864-1
Reference: BID:12277
Reference: URL:http://www.securityfocus.com/bid/12277
Reference: SECUNIA:13867
Reference: URL:http://secunia.com/advisories/13867
Reference: XF:mysql-mysqlaccess-symlink(18922)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18922

Votes:

Name: CVE-2005-0005

Description:
Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.

Status: Candidate
Phase: Assigned (20050103)
Reference: IDEFENSE:20050117 Multiple Vendor ImageMagick .psd Image File Decode Heap Overflow Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=184&type=vulnerabilities
Reference: DEBIAN:DSA-646
Reference: URL:http://www.debian.org/security/2005/dsa-646
Reference: GENTOO:GLSA-200501-37
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200501-37.xml
Reference: REDHAT:RHSA-2005:071
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-071.html
Reference: BUGTRAQ:20050118 [USN-62-1] imagemagick vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110608222117215&w=2
Reference: REDHAT:RHSA-2005:070
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-070.html

Votes:

Name: CVE-2005-0006

Description:
The COPS dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service (infinite loop).

Status: Candidate
Phase: Assigned (20050103)
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00017.html
Reference: FEDORA:FLSA-2006:152922
Reference: URL:http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html
Reference: GENTOO:GLSA-200501-27
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200501-27.xml
Reference: MANDRAKE:MDKSA-2005:013
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:013
Reference: REDHAT:RHSA-2005:037
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-037.html
Reference: REDHAT:RHSA-2005:011
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-011.html
Reference: CIAC:P-106
Reference: URL:http://www.ciac.org/ciac/bulletins/p-106.shtml
Reference: BID:12326
Reference: URL:http://www.securityfocus.com/bid/12326
Reference: SECUNIA:13946
Reference: URL:http://secunia.com/advisories/13946/
Reference: XF:ethereal-cops-dos(18999)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18999

Votes:

Name: CVE-2005-0007

Description:
Unknown vulnerability in the DLSw dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service (application crash from assertion).

Status: Candidate
Phase: Assigned (20050103)
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00017.html
Reference: FEDORA:FLSA-2006:152922
Reference: URL:http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html
Reference: GENTOO:GLSA-200501-27
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200501-27.xml
Reference: MANDRAKE:MDKSA-2005:013
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:013
Reference: REDHAT:RHSA-2005:037
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-037.html
Reference: REDHAT:RHSA-2005:011
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-011.html
Reference: CIAC:P-106
Reference: URL:http://www.ciac.org/ciac/bulletins/p-106.shtml
Reference: BID:12326
Reference: URL:http://www.securityfocus.com/bid/12326
Reference: SECUNIA:13946
Reference: URL:http://secunia.com/advisories/13946/
Reference: XF:ethereal-dlsw-dos(19000)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19000

Votes:

Name: CVE-2005-0008

Description:
Unknown vulnerability in the DNP dissector in Ethereal 0.10.5 through 0.10.8 allows remote attackers to cause "memory corruption."

Status: Candidate
Phase: Assigned (20050103)
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00017.html
Reference: FEDORA:FLSA-2006:152922
Reference: URL:http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html
Reference: GENTOO:GLSA-200501-27
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200501-27.xml
Reference: MANDRAKE:MDKSA-2005:013
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:013
Reference: REDHAT:RHSA-2005:037
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-037.html
Reference: REDHAT:RHSA-2005:011
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-011.html
Reference: CIAC:P-106
Reference: URL:http://www.ciac.org/ciac/bulletins/p-106.shtml
Reference: BID:12326
Reference: URL:http://www.securityfocus.com/bid/12326
Reference: SECUNIA:13946
Reference: URL:http://secunia.com/advisories/13946/
Reference: XF:ethereal-dnp-memory-corruption(19001)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19001

Votes:

Name: CVE-2005-0009

Description:
Unknown vulnerability in the Gnutella dissector in Ethereal 0.10.6 through 0.10.8 allows remote attackers to cause a denial of service (application crash).

Status: Candidate
Phase: Assigned (20050103)
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00017.html
Reference: FEDORA:FLSA-2006:152922
Reference: URL:http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html
Reference: GENTOO:GLSA-200501-27
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200501-27.xml
Reference: MANDRAKE:MDKSA-2005:013
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:013
Reference: REDHAT:RHSA-2005:037
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-037.html
Reference: REDHAT:RHSA-2005:011
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-011.html
Reference: CIAC:P-106
Reference: URL:http://www.ciac.org/ciac/bulletins/p-106.shtml
Reference: BID:12326
Reference: URL:http://www.securityfocus.com/bid/12326
Reference: SECUNIA:13946
Reference: URL:http://secunia.com/advisories/13946/
Reference: XF:ethereal-gnutella-dos(19002)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19002

Votes:

Name: CVE-2005-0010

Description:
Unknown vulnerability in the MMSE dissector in Ethereal 0.10.4 through 0.10.8 allows remote attackers to cause a denial of service by triggering a free of statically allocated memory.

Status: Candidate
Phase: Assigned (20050103)
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00017.html
Reference: FEDORA:FLSA-2006:152922
Reference: URL:http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html
Reference: GENTOO:GLSA-200501-27
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200501-27.xml
Reference: MANDRAKE:MDKSA-2005:013
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:013
Reference: REDHAT:RHSA-2005:037
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-037.html
Reference: REDHAT:RHSA-2005:011
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-011.html
Reference: CIAC:P-106
Reference: URL:http://www.ciac.org/ciac/bulletins/p-106.shtml
Reference: BID:12326
Reference: URL:http://www.securityfocus.com/bid/12326
Reference: SECUNIA:13946
Reference: URL:http://secunia.com/advisories/13946/
Reference: XF:ethereal-mmse-free-memory(19003)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19003

Votes:

Name: CVE-2005-0011

Description:
Multiple vulnerabilities in fliccd, when installed setuid root as part of the kdeedu Kstars support for Instrument Neutral Distributed Interface (INDI) in KDE 3.3 to 3.3.2, allow local users and remote attackers to execute arbitrary code via stack-based buffer overflows.

Status: Candidate
Phase: Assigned (20050104)
Reference: BUGTRAQ:20050215 [KDE Security Advisory] Buffer overflow in fliccd of kdeedu/kstars/indi
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20050215-1.txt
Reference: FEDORA:FEDORA-2005-148
Reference: URL:http://www.redhat.com/archives/fedora-announce-list/2005-February/msg00044.html
Reference: GENTOO:GLSA-200502-23
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200502-23.xml
Reference: SECUNIA:14306
Reference: URL:http://secunia.com/advisories/14306

Votes:

Name: CVE-2005-0012

Description:
Format string vulnerability in the a_Interface_msg function in Dillo before 0.8.3-r4 allows remote attackers to execute arbitrary code via format string specifiers in a web page.

Status: Candidate
Phase: Assigned (20050104)
Reference: GENTOO:GLSA-200501-11
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200501-11.xml
Reference: BID:12203
Reference: URL:http://www.securityfocus.com/bid/12203
Reference: SECUNIA:13760
Reference: URL:http://secunia.com/advisories/13760/
Reference: SECUNIA:13764
Reference: URL:http://secunia.com/advisories/13764
Reference: XF:dillo-capi-format-string(18807)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18807

Votes:

Name: CVE-2005-0013

Description:
nwclient.c in ncpfs before 2.2.6 does not drop root privileges before executing utilities using the NetWare client functions, which allows local users to gain privileges.

Status: Candidate
Phase: Assigned (20050104)
Reference: CONFIRM:ftp://platan.vc.cvut.cz/pub/linux/ncpfs/Changes-2.2.6
Reference: DEBIAN:DSA-665
Reference: URL:http://www.debian.org/security/2005/dsa-665
Reference: FEDORA:FLSA:152904
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/433927/100/0/threaded
Reference: GENTOO:GLSA-200501-44
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200501-44.xml
Reference: MANDRAKE:MDKSA-2005:028
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:028
Reference: REDHAT:RHSA-2005:371
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-371.html
Reference: BID:12400
Reference: URL:http://www.securityfocus.com/bid/12400
Reference: OSVDB:13297
Reference: URL:http://www.osvdb.org/13297
Reference: SECTRACK:1013019
Reference: URL:http://securitytracker.com/id?1013019

Votes:

Name: CVE-2005-0014

Description:
Buffer overflow in ncplogin in ncpfs before 2.2.6 allows remote malicious NetWare servers to execute arbitrary code on the NetWare client.

Status: Candidate
Phase: Assigned (20050104)
Reference: CONFIRM:ftp://platan.vc.cvut.cz/pub/linux/ncpfs/Changes-2.2.6
Reference: FEDORA:FLSA:152904
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/433927/100/0/threaded
Reference: GENTOO:GLSA-200501-44
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200501-44.xml
Reference: MANDRAKE:MDKSA-2005:028
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:028
Reference: BID:12400
Reference: URL:http://www.securityfocus.com/bid/12400
Reference: OSVDB:13298
Reference: URL:http://www.osvdb.org/13298
Reference: SECTRACK:1013019
Reference: URL:http://securitytracker.com/id?1013019

Votes:

Name: CVE-2005-0015

Description:
diatheke.pl in Sword 1.5.7a allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

Status: Candidate
Phase: Assigned (20050104)
Reference: DEBIAN:DSA-650
Reference: URL:http://www.debian.org/security/2005/dsa-650
Reference: BID:12320
Reference: URL:http://www.securityfocus.com/bid/12320
Reference: SECTRACK:1012955
Reference: URL:http://securitytracker.com/id?1012955
Reference: SECUNIA:13897
Reference: URL:http://secunia.com/advisories/13897
Reference: SECUNIA:13941
Reference: URL:http://secunia.com/advisories/13941
Reference: XF:sword-diatheke-command-execution(18997)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18997

Votes:

Name: CVE-2005-0016

Description:
Buffer overflow in the exported_display function in xatitv in gatos before 0.0.5 allows local users to execute arbitrary code.

Status: Candidate
Phase: Assigned (20050104)
Reference: DEBIAN:DSA-640
Reference: URL:http://www.debian.org/security/2005/dsa-640
Reference: SECUNIA:13884
Reference: URL:http://secunia.com/advisories/13884/
Reference: XF:gatos-xatitv-bo(18930)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18930

Votes:

Name: CVE-2005-0017

Description:
The f2c translator in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files.

Status: Candidate
Phase: Assigned (20050104)
Reference: DEBIAN:DSA-661
Reference: URL:http://www.debian.org/security/2005/dsa-661
Reference: GENTOO:GLSA-200501-43
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200501-43.xml
Reference: BID:12380
Reference: URL:http://www.securityfocus.com/bid/12380
Reference: SECTRACK:1013028
Reference: URL:http://securitytracker.com/id?1013028
Reference: SECUNIA:14041
Reference: URL:http://secunia.com/advisories/14041
Reference: SECUNIA:14052
Reference: URL:http://secunia.com/advisories/14052
Reference: SECUNIA:14067
Reference: URL:http://secunia.com/advisories/14067

Votes:

Name: CVE-2005-0018

Description:
The f2 shell script in the f2c package 3.1 allows local users to read arbitrary files via a symlink attack on temporary files.

Status: Candidate
Phase: Assigned (20050104)
Reference: DEBIAN:DSA-661
Reference: URL:http://www.debian.org/security/2005/dsa-661
Reference: BID:12380
Reference: URL:http://www.securityfocus.com/bid/12380
Reference: SECTRACK:1013028
Reference: URL:http://securitytracker.com/id?1013028
Reference: SECUNIA:14041
Reference: URL:http://secunia.com/advisories/14041
Reference: SECUNIA:14052
Reference: URL:http://secunia.com/advisories/14052

Votes:

Name: CVE-2005-0019

Description:
Unknown vulnerability in hztty 2.0 and earlier allows local users to execute arbitrary commands.

Status: Candidate
Phase: Assigned (20050104)
Reference: DEBIAN:DSA-675
Reference: URL:http://www.debian.org/security/2005/dsa-675
Reference: BID:12518
Reference: URL:http://www.securityfocus.com/bid/12518
Reference: SECTRACK:1013154
Reference: URL:http://securitytracker.com/id?1013154
Reference: SECUNIA:14236
Reference: URL:http://secunia.com/advisories/14236
Reference: XF:hztty-command-execution(19297)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19297

Votes:

Name: CVE-2005-0020

Description:
Buffer overflow in playmidi before 2.4 allows local users to execute arbitrary code.

Status: Candidate
Phase: Assigned (20050104)
Reference: DEBIAN:DSA-641
Reference: URL:http://www.debian.org/security/2005/dsa-641
Reference: MANDRAKE:MDKSA-2005:010
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:010
Reference: BID:12274
Reference: URL:http://www.securityfocus.com/bid/12274
Reference: OSVDB:13049
Reference: URL:http://www.osvdb.org/13049
Reference: SECTRACK:1012957
Reference: URL:http://securitytracker.com/id?1012957
Reference: SECUNIA:13828
Reference: URL:http://secunia.com/advisories/13828
Reference: SECUNIA:13890
Reference: URL:http://secunia.com/advisories/13890
Reference: SECUNIA:13898
Reference: URL:http://secunia.com/advisories/13898
Reference: XF:playmidi-bo(18933)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18933

Votes:

Name: CVE-2005-0021

Description:
Multiple buffer overflows in Exim before 4.43 may allow attackers to execute arbitrary code via (1) an IPv6 address with more than 8 components, as demonstrated using the -be command line option, which triggers an overflow in the host_aton function, or (2) the -bh command line option or dnsdb PTR lookup, which triggers an overflow in the dns_build_reverse function.

Status: Candidate
Phase: Assigned (20050104)
Reference: IDEFENSE:20050107 Exim host_aton() Buffer Overflow Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=179&type=vulnerabilities
Reference: IDEFENSE:20050114 Exim dns_buld_reverse() Buffer Overflow Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=183&type=vulnerabilities
Reference: MLIST:[exim] 20050104 2 smallish security issues
Reference: URL:http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050103/msg00028.html
Reference: CONFIRM:http://ftp6.us.freebsd.org/pub/mail/exim/ChangeLogs/ChangeLog-4.44
Reference: DEBIAN:DSA-635
Reference: URL:http://www.debian.org/security/2005/dsa-635
Reference: DEBIAN:DSA-637
Reference: URL:http://www.debian.org/security/2005/dsa-637
Reference: GENTOO:GLSA-200501-23
Reference: URL:http://security.gentoo.org/glsa/glsa-200501-23.xml
Reference: REDHAT:RHSA-2005:025
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-025.html
Reference: CERT-VN:VU#132992
Reference: URL:http://www.kb.cert.org/vuls/id/132992

Votes:

Name: CVE-2005-0022

Description:
Buffer overflow in the spa_base64_to_bits function in Exim before 4.43, as originally obtained from Samba code, and as called by the auth_spa_client function, may allow attackers to execute arbitrary code during SPA authentication.

Status: Candidate
Phase: Assigned (20050104)
Reference: IDEFENSE:20050107 Exim auth_spa_server() Buffer Overflow Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=178&type=vulnerabilities
Reference: BUGTRAQ:20050212 exim auth_spa_server() PoC exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110824870908614&w=2
Reference: MLIST:[exim] 20050104 2 smallish security issues
Reference: URL:http://www.exim.org/mail-archives/exim-users/Week-of-Mon-20050103/msg00028.html
Reference: CONFIRM:http://ftp6.us.freebsd.org/pub/mail/exim/ChangeLogs/ChangeLog-4.44
Reference: GENTOO:GLSA-200501-23
Reference: URL:http://security.gentoo.org/glsa/glsa-200501-23.xml
Reference: REDHAT:RHSA-2005:025
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-025.html
Reference: BID:12188
Reference: URL:http://www.securityfocus.com/bid/12188

Votes:

Name: CVE-2005-0023

Description:
gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to spoof the logon hostname via a modified DISPLAY environment variable. NOTE: the severity of this issue has been disputed.

Status: Candidate
Phase: Assigned (20050105)
Reference: BUGTRAQ:20051007 gnome-pty-helper writes arbitrary utmp records
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=112879572407250&w=2
Reference: MISC:http://bugzilla.gnome.org/show_bug.cgi?id=317312
Reference: MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=330907
Reference: BID:15004
Reference: URL:http://www.securityfocus.com/bid/15004
Reference: FRSIRT:ADV-2005-1931
Reference: URL:http://www.frsirt.com/english/advisories/2005/1931
Reference: SECUNIA:17023
Reference: URL:http://secunia.com/advisories/17023
Reference: XF:libzvt-gnomeptyhelper-spoof(22496)
Reference: URL:http://xforce.iss.net/xforce/xfdb/22496

Votes:

Name: CVE-2005-0024

Description:
** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided.

Status: Candidate
Phase: Assigned (20050105)

Votes:

Name: CVE-2005-0025

Status: Candidate
Phase: Assigned (20050105)

Votes:

Name: CVE-2005-0026

Status: Candidate
Phase: Assigned (20050105)

Votes:

Name: CVE-2005-0027

Status: Candidate
Phase: Assigned (20050105)

Votes:

Name: CVE-2005-0028

Status: Candidate
Phase: Assigned (20050105)

Votes:

Name: CVE-2005-0029

Status: Candidate
Phase: Assigned (20050105)

Votes:

Name: CVE-2005-0030

Status: Candidate
Phase: Assigned (20050105)

Votes:

Name: CVE-2005-0031

Status: Candidate
Phase: Assigned (20050105)

Votes:

Name: CVE-2005-0032

Status: Candidate
Phase: Assigned (20050105)

Votes:

Name: CVE-2005-0033

Description:
Buffer overflow in the code for recursion and glue fetching in BIND 8.4.4 and 8.4.5 allows remote attackers to cause a denial of service (crash) via queries that trigger the overflow in the q_usedns array that tracks nameservers and addresses.

Status: Candidate
Phase: Assigned (20050107)
Reference: MISC:http://www.uniras.gov.uk/niscc/docs/al-20050125-00059.html
Reference: CONFIRM:http://www.isc.org/index.pl?/sw/bind/bind-security.php
Reference: CONFIRM:http://www.isc.org/index.pl?/sw/bind/bind8.php
Reference: SCO:SCOSA-2006.1
Reference: URL:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.1/SCOSA-2006.1.txt
Reference: CERT-VN:VU#327633
Reference: URL:http://www.kb.cert.org/vuls/id/327633
Reference: BID:12364
Reference: URL:http://www.securityfocus.com/bid/12364
Reference: SECTRACK:1012996
Reference: URL:http://securitytracker.com/id?1012996
Reference: SECUNIA:14009
Reference: URL:http://secunia.com/advisories/14009
Reference: SECUNIA:18291
Reference: URL:http://secunia.com/advisories/18291
Reference: XF:bind-qusedns-bo(19063)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19063

Votes:

Name: CVE-2005-0034

Description:
An "incorrect assumption" in the authvalidated validator function in BIND 9.3.0, when DNSSEC is enabled, allows remote attackers to cause a denial of service (named server exit) via crafted DNS packets that cause an internal consistency test (self-check) to fail.

Status: Candidate
Phase: Assigned (20050107)
Reference: MISC:http://www.uniras.gov.uk/niscc/docs/al-20050125-00060.html
Reference: CERT-VN:VU#938617
Reference: URL:http://www.kb.cert.org/vuls/id/938617
Reference: CONFIRM:http://www.isc.org/index.pl?/sw/bind/bind-security.php
Reference: CONFIRM:http://www.isc.org/index.pl?/sw/bind/bind9.php
Reference: TRUSTIX:2005-0003
Reference: URL:http://www.trustix.org/errata/2005/0003/
Reference: BID:12365
Reference: URL:http://www.securityfocus.com/bid/12365
Reference: SECTRACK:1012995
Reference: URL:http://securitytracker.com/id?1012995
Reference: SECUNIA:14008
Reference: URL:http://secunia.com/advisories/14008
Reference: XF:bind-named-dns-dos(19062)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19062

Votes:

Name: CVE-2005-0035

Description:
The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and earlier, when used with Internet Explorer, allows remote attackers to determine the existence of arbitrary files via the LoadFile ActiveX method.

Status: Candidate
Phase: Assigned (20050107)
Reference: MISC:http://www.hyperdose.com/advisories/H2005-06.txt
Reference: CONFIRM:http://www.adobe.com/support/techdocs/331465.html
Reference: MISC:http://www.niscc.gov.uk/niscc/docs/re-20050401-00264.pdf
Reference: BID:12989
Reference: URL:http://www.securityfocus.com/bid/12989
Reference: FRSIRT:ADV-2005-0310
Reference: URL:http://www.frsirt.com/english/advisories/2005/0310
Reference: OSVDB:15242
Reference: URL:http://www.osvdb.org/15242
Reference: SECUNIA:14813
Reference: URL:http://secunia.com/advisories/14813

Votes:

Name: CVE-2005-0036

Description:
The DNS implementation in DeleGate 8.10.2 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop.

Status: Candidate
Phase: Assigned (20050107)
Reference: MISC:http://www.niscc.gov.uk/niscc/docs/re-20050524-00432.pdf?lang=en
Reference: MISC:http://www.niscc.gov.uk/niscc/docs/al-20050524-00433.html
Reference: BID:13729
Reference: URL:http://www.securityfocus.com/bid/13729
Reference: OSVDB:25291
Reference: URL:http://www.osvdb.org/25291

Votes:

Name: CVE-2005-0037

Description:
The DNS implementation of DNRD before 2.10 allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop.

Votes:

Name: CVE-2005-0038

Description:
The DNS implementation of PowerDNS 2.9.16 and earlier allows remote attackers to cause a denial of service via a compressed DNS packet with a label length byte with an incorrect offset, which could trigger an infinite loop.

Votes:

Name: CVE-2005-0039

Description:
Certain configurations of IPsec, when using Encapsulating Security Payload (ESP) in tunnel mode, integrity protection at a higher layer, or Authentication Header (AH), allow remote attackers to decrypt IPSec communications by modifying the outer packet in ways that cause plaintext data from the inner packet to be returned in ICMP messages, as demonstrated using bit-flipping attacks and (1) Destination Address Rewriting, (2) a modified header length that causes portions of the packet to be interpreted as IP Options, or (3) a modified protocol field and source address.

Status: Candidate
Phase: Assigned (20050107)
Reference: MISC:http://www.niscc.gov.uk/niscc/docs/al-20050509-00386.html?lang=en
Reference: BUGTRAQ:20050509 NISCC Vulnerability Advisory IPSEC - 004033
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111566201610350&w=2
Reference: HP:HPSBTU01217
Reference: URL:http://www.securityfocus.com/archive/1/407774
Reference: HP:SSRT5957
Reference: URL:http://www.securityfocus.com/archive/1/407774
Reference: CERT-VN:VU#302220
Reference: URL:http://www.kb.cert.org/vuls/id/302220
Reference: BID:13562
Reference: URL:http://www.securityfocus.com/bid/13562
Reference: FRSIRT:ADV-2005-0507
Reference: URL:http://www.frsirt.com/english/advisories/2005/0507
Reference: FRSIRT:ADV-2005-2806
Reference: URL:http://www.frsirt.com/english/advisories/2005/2806
Reference: SECTRACK:1015320
Reference: URL:http://securitytracker.com/id?1015320
Reference: SECUNIA:17938
Reference: URL:http://secunia.com/advisories/17938

Votes:

Name: CVE-2005-0040

Description:
Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke before 3.0.12 allow remote attackers to inject arbitrary web script or HTML via the (1) register a new user page, (2) User-Agent, or (3) Username, which is not properly quoted before sending to the error log.

Status: Candidate
Phase: Assigned (20050107)
Reference: BUGTRAQ:20050516 DotNetNuke (Multiple XSS)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111627180518591&w=2
Reference: MISC:http://www.woany.co.uk/advisories/dotnetnukexss.txt
Reference: BID:13644
Reference: URL:http://www.securityfocus.com/bid/13644
Reference: BID:13646
Reference: URL:http://www.securityfocus.com/bid/13646
Reference: BID:13647
Reference: URL:http://www.securityfocus.com/bid/13647
Reference: SECUNIA:15397
Reference: URL:http://secunia.com/advisories/15397

Votes:

Name: CVE-2005-0041

Status: Candidate
Phase: Assigned (20050107)

Votes:

Name: CVE-2005-0042

Status: Candidate
Phase: Assigned (20050107)

Votes:

Name: CVE-2005-0043

Description:
Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute arbitrary code via a long URL in (1) .m3u or (2) .pls playlist files.

Status: Candidate
Phase: Assigned (20050110)
Reference: IDEFENSE:20050113 Apple iTunes Playlist Parsing Buffer Overflow Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=180&type=vulnerabilities
Reference: APPLE:APPLE-SA-2005-01-11
Reference: URL:http://lists.apple.com/archives/security-announce/2005/Jan/msg00000.html
Reference: CERT-VN:VU#377368
Reference: URL:http://www.kb.cert.org/vuls/id/377368
Reference: BID:12238
Reference: URL:http://www.securityfocus.com/bid/12238
Reference: OSVDB:12833
Reference: URL:http://www.osvdb.org/12833
Reference: SECTRACK:1012839
Reference: URL:http://securitytracker.com/id?1012839
Reference: SECUNIA:13804
Reference: URL:http://secunia.com/advisories/13804
Reference: XF:itunes-m3u-pls-bo(18851)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18851

Votes:

Name: CVE-2005-0044

Description:
The OLE component in Windows 98, 2000, XP, and Server 2003, and Exchange Server 5.0 through 2003, does not properly validate the lengths of messages for certain OLE data, which allows remote attackers to execute arbitrary code, aka the "Input Validation Vulnerability."

Status: Candidate
Phase: Assigned (20050111)
Reference: MS:MS05-012
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms05-012.mspx
Reference: CERT:TA05-039A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA05-039A.html
Reference: CERT-VN:VU#927889
Reference: URL:http://www.kb.cert.org/vuls/id/927889
Reference: OVAL:oval:org.mitre.oval:def:1180
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1180
Reference: OVAL:oval:org.mitre.oval:def:2917
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2917
Reference: OVAL:oval:org.mitre.oval:def:3568
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3568
Reference: OVAL:oval:org.mitre.oval:def:4499
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4499
Reference: XF:win-ole-code-execution(19109)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19109

Votes:

Name: CVE-2005-0045

Description:
The Server Message Block (SMB) implementation for Windows NT 4.0, 2000, XP, and Server 2003 does not properly validate certain SMB packets, which allows remote attackers to execute arbitrary code via Transaction responses containing (1) Trans or (2) Trans2 commands, aka the "Server Message Block Vulnerability," and as demonstrated using Trans2 FIND_FIRST2 responses with large file name length fields.

Status: Candidate
Phase: Assigned (20050111)
Reference: BUGTRAQ:20050209 EEYE: Windows SMB Client Transaction Response Handling Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110792638401852&w=2
Reference: NTBUGTRAQ:20050209 EEYE: Windows SMB Client Transaction Response Handling Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=ntbugtraq&m=110795643831169&w=2
Reference: BUGTRAQ:20050309 Update: MS05-011 EEYE: Windows SMB Client Transaction Response Handling Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111040962600205&w=2
Reference: MS:MS05-011
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms05-011.mspx
Reference: CERT:TA05-039A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA05-039A.html
Reference: CERT-VN:VU#652537
Reference: URL:http://www.kb.cert.org/vuls/id/652537
Reference: BID:12484
Reference: URL:http://www.securityfocus.com/bid/12484
Reference: OVAL:oval:org.mitre.oval:def:1606
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1606
Reference: OVAL:oval:org.mitre.oval:def:1847
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1847
Reference: OVAL:oval:org.mitre.oval:def:1889
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1889
Reference: OVAL:oval:org.mitre.oval:def:4043
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4043
Reference: XF:win-smb-code-execution(19089)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19089

Votes:

Name: CVE-2005-0046

Status: Candidate
Phase: Assigned (20050111)

Votes:

Name: CVE-2005-0047

Description:
Windows 2000, XP, and Server 2003 does not properly "validate the use of memory regions" for COM structured storage files, which allows attackers to execute arbitrary code, aka the "COM Structured Storage Vulnerability."

Status: Candidate
Phase: Assigned (20050111)
Reference: BUGTRAQ:20050530 [Argeniss] MS05-012 Exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111755870828817&w=2
Reference: MISC:http://www.argeniss.com/research/SSExploit.c
Reference: MS:MS05-012
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms05-012.mspx
Reference: CERT:TA05-039A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA05-039A.html
Reference: CERT-VN:VU#597889
Reference: URL:http://www.kb.cert.org/vuls/id/597889
Reference: OVAL:oval:org.mitre.oval:def:1159
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1159
Reference: OVAL:oval:org.mitre.oval:def:2351
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2351
Reference: OVAL:oval:org.mitre.oval:def:2892
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2892
Reference: OVAL:oval:org.mitre.oval:def:901
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:901
Reference: XF:win-com-gain-privileges(19105)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19105

Votes:

Name: CVE-2005-0048

Description:
Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, and older operating systems allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IP packets with malformed options, aka the "IP Validation Vulnerability."

Status: Candidate
Phase: Assigned (20050111)
Reference: ISS:20050412 Windows IP Options Remote Compromise
Reference: URL:http://xforce.iss.net/xforce/alerts/id/192
Reference: MS:MS05-019
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms05-019.mspx
Reference: CERT:TA05-102A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA05-102A.html
Reference: CERT-VN:VU#233754
Reference: URL:http://www.kb.cert.org/vuls/id/233754
Reference: OVAL:oval:org.mitre.oval:def:3824
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3824
Reference: OVAL:oval:org.mitre.oval:def:1744
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1744
Reference: OVAL:oval:org.mitre.oval:def:4549
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4549

Votes:

Name: CVE-2005-0049

Description:
Windows SharePoint Services and SharePoint Team Services for Windows Server 2003 does not properly validate an HTTP redirection query, which allows remote attackers to inject arbitrary HTML and web script via a cross-site scripting (XSS) attack, or to spoof the web cache.

Status: Candidate
Phase: Assigned (20050111)
Reference: MS:MS05-006
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms05-006.mspx
Reference: CERT:TA05-039A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA05-039A.html
Reference: CERT-VN:VU#340409
Reference: URL:http://www.kb.cert.org/vuls/id/340409
Reference: XF:win-sharepoint-services-xss(19091)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19091

Votes:

Name: CVE-2005-0050

Description:
The License Logging service for Windows NT Server, Windows 2000 Server, and Windows Server 2003 does not properly validate the length of messages, which leads to an "unchecked buffer" and allows remote attackers to cause a denial of service (crash) and possibly execute arbtirary code, aka the "License Logging Service Vulnerability."

Status: Candidate
Phase: Assigned (20050111)
Reference: MS:MS05-010
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms05-010.mspx
Reference: CERT:TA05-039A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA05-039A.html
Reference: CERT-VN:VU#130433
Reference: URL:http://www.kb.cert.org/vuls/id/130433
Reference: OVAL:oval:org.mitre.oval:def:2568
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2568
Reference: OVAL:oval:org.mitre.oval:def:3582
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3582
Reference: OVAL:oval:org.mitre.oval:def:4786
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4786
Reference: OVAL:oval:org.mitre.oval:def:644
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:644
Reference: XF:win-license-code-execution(19101)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19101

Votes:

Name: CVE-2005-0051

Description:
The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows remote attackers to obtain sensitive information (users who are accessing resources) via an anonymous logon using a named pipe, which is not properly authenticated, aka the "Named Pipe Vulnerability."

Status: Candidate
Phase: Assigned (20050111)
Reference: MS:MS05-007
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms05-007.mspx
Reference: CERT:TA05-039A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA05-039A.html
Reference: CERT-VN:VU#939074
Reference: URL:http://www.kb.cert.org/vuls/id/939074
Reference: BID:12486
Reference: URL:http://www.securityfocus.com/bid/12486
Reference: OVAL:oval:org.mitre.oval:def:2292
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2292
Reference: OVAL:oval:org.mitre.oval:def:3055
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3055
Reference: SECTRACK:1013112
Reference: URL:http://securitytracker.com/id?1013112
Reference: SECUNIA:14189
Reference: URL:http://secunia.com/advisories/14189
Reference: XF:win-named-pipe-information-disclosure(19093)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19093

Votes:

Name: CVE-2005-0052

Status: Candidate
Phase: Assigned (20050111)

Votes:

Name: CVE-2005-0053

Description:
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute arbitrary code via drag and drop events, aka the "Drag-and-Drop Vulnerability."

Status: Candidate
Phase: Assigned (20050111)
Reference: MS:MS05-014
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms05-014.mspx
Reference: MS:MS05-008
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms05-008.mspx
Reference: CERT:TA05-039A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA05-039A.html
Reference: CERT-VN:VU#698835
Reference: URL:http://www.kb.cert.org/vuls/id/698835
Reference: OVAL:oval:org.mitre.oval:def:1334
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1334
Reference: OVAL:oval:org.mitre.oval:def:2046
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2046
Reference: OVAL:oval:org.mitre.oval:def:2953
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2953
Reference: OVAL:oval:org.mitre.oval:def:3006
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3006
Reference: OVAL:oval:org.mitre.oval:def:4726
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4726
Reference: OVAL:oval:org.mitre.oval:def:4864
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4864
Reference: OVAL:oval:org.mitre.oval:def:1015
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1015
Reference: XF:ie-dragdrop-gain-privileges(19117)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19117
Reference: BID:11466
Reference: URL:http://www.securityfocus.com/bid/11466

Votes:

Name: CVE-2005-0054

Description:
Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a less restrictive security zone and execute arbitrary code via an HTML page containing URLs that contain hostnames that have been double hex encoded, which are decoded twice to generate a malicious hostname, aka the "URL Decoding Zone Spoofing Vulnerability."

Status: Candidate
Phase: Assigned (20050111)
Reference: BUGTRAQ:20050209 Internet Explorer zone spoofing with encoded URLs
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110796851002781&w=2
Reference: FULLDISC:20050209 Internet Explorer zone spoofing with encoded URLs
Reference: MS:MS05-014
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms05-014.mspx
Reference: CERT:TA05-039A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA05-039A.html
Reference: CERT-VN:VU#580299
Reference: URL:http://www.kb.cert.org/vuls/id/580299
Reference: OVAL:oval:org.mitre.oval:def:1308
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1308
Reference: OVAL:oval:org.mitre.oval:def:1736
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1736
Reference: OVAL:oval:org.mitre.oval:def:3060
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3060
Reference: OVAL:oval:org.mitre.oval:def:3196
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3196
Reference: OVAL:oval:org.mitre.oval:def:3586
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3586
Reference: XF:ie-file-url-encode(19214)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19214

Votes:

Name: CVE-2005-0055

Description:
Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers when handling certain DHTML methods including the createControlRange Javascript function, which allows remote attackers to execute arbitrary code, aka the "DHTML Method Heap Memory Corruption Vulnerability."

Status: Candidate
Phase: Assigned (20050111)
Reference: VULNWATCH:20050211 Secunia Research: Microsoft Internet Explorer "createControlRange()" Memory Corruption
Reference: MISC:http://secunia.com/secunia_research/2004-12/advisory/
Reference: MS:MS05-014
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms05-014.mspx
Reference: CERT:TA05-039A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA05-039A.html
Reference: CERT-VN:VU#843771
Reference: URL:http://www.kb.cert.org/vuls/id/843771
Reference: BID:12427
Reference: URL:http://www.securityfocus.com/bid/12427
Reference: OVAL:oval:org.mitre.oval:def:1005
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1005
Reference: OVAL:oval:org.mitre.oval:def:2692
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2692
Reference: OVAL:oval:org.mitre.oval:def:3137
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3137
Reference: OVAL:oval:org.mitre.oval:def:3910
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3910
Reference: OVAL:oval:org.mitre.oval:def:710
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:710
Reference: SECTRACK:1013125
Reference: URL:http://securitytracker.com/id?1013125
Reference: SECUNIA:11165
Reference: URL:http://secunia.com/advisories/11165/
Reference: XF:ie-cdf-execute-code(19137)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19137

Votes:

Name: CVE-2005-0056

Description:
Internet Explorer 5.01, 5.5, and 6 does not properly validate certain URLs in Channel Definition Format (CDF) files, which allows remote attackers to obtain sensitive information or execute arbitrary code, aka the "Channel Definition Format (CDF) Cross Domain Vulnerability."

Status: Candidate
Phase: Assigned (20050111)
Reference: MS:MS05-014
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms05-014.mspx
Reference: CERT:TA05-039A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA05-039A.html
Reference: CERT-VN:VU#823971
Reference: URL:http://www.kb.cert.org/vuls/id/823971
Reference: OVAL:oval:org.mitre.oval:def:2385
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2385
Reference: OVAL:oval:org.mitre.oval:def:2817
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2817
Reference: OVAL:oval:org.mitre.oval:def:3318
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3318
Reference: OVAL:oval:org.mitre.oval:def:4085
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4085
Reference: OVAL:oval:org.mitre.oval:def:4947
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4947
Reference: SECTRACK:1013126
Reference: URL:http://securitytracker.com/id?1013126
Reference: XF:ie-cdf-execute-code(19137)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19137
Reference: BID:12427
Reference: URL:http://www.securityfocus.com/bid/12427

Votes:

Name: CVE-2005-0057

Description:
The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 allows remote attackers to execute arbitrary code via a crafted link that triggers an "unchecked buffer" in the library, possibly due to a buffer overflow.

Status: Candidate
Phase: Assigned (20050111)
Reference: MS:MS05-015
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms05-015.mspx
Reference: CERT:TA05-039A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA05-039A.html
Reference: CERT-VN:VU#820427
Reference: URL:http://www.kb.cert.org/vuls/id/820427
Reference: BID:12479
Reference: URL:http://www.securityfocus.com/bid/12479
Reference: OVAL:oval:org.mitre.oval:def:2570
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2570
Reference: OVAL:oval:org.mitre.oval:def:3203
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3203
Reference: OVAL:oval:org.mitre.oval:def:713
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:713
Reference: SECTRACK:1013119
Reference: URL:http://securitytracker.com/id?1013119
Reference: SECUNIA:14195
Reference: URL:http://secunia.com/advisories/14195
Reference: XF:win-hyperlink-code-execution(19110)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19110

Votes:

Name: CVE-2005-0058

Description:
Buffer overflow in the Telephony Application Programming Interface (TAPI) for Microsoft Windows 98, Windows 98 SE, Windows ME, Windows 2000, Windows XP, and Windows Server 2003 allows attackers elevate privileges or execute arbitrary code via a crafted message.

Status: Candidate
Phase: Assigned (20050111)
Reference: MS:MS05-040
Reference: URL:http://www.microsoft.com/technet/Security/bulletin/ms05-040.mspx
Reference: BID:14518
Reference: URL:http://www.securityfocus.com/bid/14518
Reference: OVAL:oval:org.mitre.oval:def:100084
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100084
Reference: OVAL:oval:org.mitre.oval:def:100085
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100085
Reference: OVAL:oval:org.mitre.oval:def:100086
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100086
Reference: OVAL:oval:org.mitre.oval:def:100088
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100088
Reference: OVAL:oval:org.mitre.oval:def:1075
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1075
Reference: OVAL:oval:org.mitre.oval:def:1213
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1213
Reference: OVAL:oval:org.mitre.oval:def:1297
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1297
Reference: SECTRACK:1014639
Reference: URL:http://securitytracker.com/id?1014639
Reference: SECUNIA:16354
Reference: URL:http://secunia.com/advisories/16354/

Votes:

Name: CVE-2005-0059

Description:
Buffer overflow in the Message Queuing component of Microsoft Windows 2000 and Windows XP SP1 allows remote attackers to execute arbitrary code via a crafted message.

Status: Candidate
Phase: Assigned (20050111)
Reference: MS:MS05-017
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms05-017.mspx
Reference: OVAL:oval:org.mitre.oval:def:4384
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4384
Reference: OVAL:oval:org.mitre.oval:def:4988
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4988

Votes:

Name: CVE-2005-0060

Description:
Buffer overflow in the font processing component of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via a specially-designed application.

Status: Candidate
Phase: Assigned (20050111)
Reference: BUGTRAQ:20050413 Windows kernel overflow fixed
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111343529426926&w=2
Reference: VULNWATCH:20050413 Windows kernel overflow fixed
Reference: MISC:http://www.ngssoftware.com/advisories/ms-01.txt
Reference: MS:MS05-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms05-018.mspx
Reference: OVAL:oval:org.mitre.oval:def:2562
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2562
Reference: OVAL:oval:org.mitre.oval:def:2731
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2731
Reference: OVAL:oval:org.mitre.oval:def:3941
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3941
Reference: OVAL:oval:org.mitre.oval:def:4797
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4797

Votes:

Name: CVE-2005-0061

Description:
The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and Windows Server 2003 allows local users to gain privileges via certain access requests.

Status: Candidate
Phase: Assigned (20050111)
Reference: MS:MS05-018
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms05-018.mspx
Reference: OVAL:oval:org.mitre.oval:def:1656
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1656
Reference: OVAL:oval:org.mitre.oval:def:1761
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1761
Reference: OVAL:oval:org.mitre.oval:def:3994
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3994
Reference: OVAL:oval:org.mitre.oval:def:4593
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4593

Votes:

Name: CVE-2005-0062

Status: Candidate
Phase: Assigned (20050111)

Votes:

Name: CVE-2005-0063

Description:
The document processing application used by the Windows Shell in Microsoft Windows 2000, Windows XP, and Windows Server 2003 allows remote attackers to execute arbitrary code by modifying the CLSID stored in a file so that it is processed by HTML Application Host (MSHTA), as demonstrated using a Microsoft Word document.

Status: Candidate
Phase: Assigned (20050111)
Reference: IDEFENSE:20050412 Microsoft MSHTA Script Execution Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=231&type=vulnerabilities
Reference: BUGTRAQ:20050529 Spam exploiting MS05-016
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111755356016155&w=2
Reference: MS:MS05-016
Reference: URL:http://www.microsoft.com/technet/security/bulletin/ms05-016.mspx
Reference: MISC:http://www.securiteam.com/exploits/5YP0T0AFFW.html
Reference: BID:13132
Reference: URL:http://www.securityfocus.com/bid/13132
Reference: FRSIRT:ADV-2005-0335
Reference: URL:http://www.frsirt.com/english/advisories/2005/0335
Reference: OVAL:oval:org.mitre.oval:def:2184
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:2184
Reference: OVAL:oval:org.mitre.oval:def:3456
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:3456
Reference: OVAL:oval:org.mitre.oval:def:407
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:407
Reference: OVAL:oval:org.mitre.oval:def:4710
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:4710
Reference: OVAL:oval:org.mitre.oval:def:573
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:573
Reference: OVAL:oval:org.mitre.oval:def:587
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:587

Votes:

Name: CVE-2005-0064

Description:
Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.

Status: Candidate
Phase: Assigned (20050113)
Reference: IDEFENSE:20050118 Multiple Unix/Linux Vendor Xpdf makeFileKey2 Stack Overflow
Reference: URL:http://www.idefense.com/application/poi/display?id=186&type=vulnerabilities
Reference: CONFIRM:ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl3.patch
Reference: CONECTIVA:CLA-2005:921
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000921
Reference: DEBIAN:DSA-645
Reference: URL:http://www.debian.org/security/2005/dsa-645
Reference: DEBIAN:DSA-648
Reference: URL:http://www.debian.org/security/2005/dsa-648
Reference: FEDORA:FLSA:2352
Reference: URL:https://bugzilla.fedora.us/show_bug.cgi?id=2352
Reference: FEDORA:FLSA:2353
Reference: URL:https://bugzilla.fedora.us/show_bug.cgi?id=2353
Reference: GENTOO:GLSA-200502-10
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200501-28.xml
Reference: MANDRAKE:MDKSA-2005:016
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:016
Reference: MANDRAKE:MDKSA-2005:017
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:017
Reference: MANDRAKE:MDKSA-2005:018
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:018
Reference: MANDRAKE:MDKSA-2005:019
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:019
Reference: MANDRAKE:MDKSA-2005:020
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:020
Reference: MANDRAKE:MDKSA-2005:021
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:021
Reference: REDHAT:RHSA-2005:034
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-034.html
Reference: REDHAT:RHSA-2005:053
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-053.html
Reference: REDHAT:RHSA-2005:057
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-057.html
Reference: REDHAT:RHSA-2005:059
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-059.html
Reference: REDHAT:RHSA-2005:066
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-066.html
Reference: REDHAT:RHSA-2005:026
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-026.html
Reference: SCO:SCOSA-2005.42
Reference: URL:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/SCOSA-2005.42.txt
Reference: TRUSTIX:2005-0003
Reference: URL:http://www.trustix.org/errata/2005/0003/
Reference: BUGTRAQ:20050119 [USN-64-1] xpdf, CUPS vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110625368019554&w=2
Reference: SECUNIA:17277
Reference: URL:http://secunia.com/advisories/17277

Votes:

Name: CVE-2005-0065

Description:
The original design of TCP does not check that the TCP sequence number in an ICMP error message is within the range of sequence numbers for data that has been sent but not acknowledged (aka "TCP sequence number checking"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged "Destination Unreachable" messages, (2) blind throughput-reduction attacks with forged "Source Quench" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.

Status: Candidate
Phase: Assigned (20050113)
Reference: MISC:http://www.gont.com.ar/drafts/icmp-attacks-against-tcp.html
Reference: BID:13124
Reference: URL:http://www.securityfocus.com/bid/13124

Votes:

Name: CVE-2005-0066

Description:
The original design of TCP does not check that the TCP Acknowledgement number in an ICMP error message generated by an intermediate router is within the range of possible values for data that has already been acknowledged (aka "TCP acknowledgement number checking"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged "Destination Unreachable" messages, (2) blind throughput-reduction attacks with forged "Source Quench" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.

Votes:

Name: CVE-2005-0067

Description:
The original design of TCP does not require that port numbers be assigned randomly (aka "Port randomization"), which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged "Destination Unreachable" messages, (2) blind throughput-reduction attacks with forged "Source Quench" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.

Votes:

Name: CVE-2005-0068

Description:
The original design of ICMP does not require authentication for host-generated ICMP error messages, which makes it easier for attackers to forge ICMP error messages for specific TCP connections and cause a denial of service, as demonstrated using (1) blind connection-reset attacks with forged "Destination Unreachable" messages, (2) blind throughput-reduction attacks with forged "Source Quench" messages, or (3) blind throughput-reduction attacks with forged ICMP messages that cause the Path MTU to be reduced. NOTE: CVE-2004-0790, CVE-2004-0791, and CVE-2004-1060 have been SPLIT based on different attacks; CVE-2005-0065, CVE-2005-0066, CVE-2005-0067, and CVE-2005-0068 are related identifiers that are SPLIT based on the underlying vulnerability. While CVE normally SPLITs based on vulnerability, the attack-based identifiers exist due to the variety and number of affected implementations and solutions that address the attacks instead of the underlying vulnerabilities.

Votes:

Name: CVE-2005-0069

Description:
The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local users to overwrite or create arbitrary files via a symlink attack on temporary files.

Status: Candidate
Phase: Assigned (20050114)
Reference: FEDORA:FLSA:2343
Reference: URL:https://bugzilla.fedora.us/show_bug.cgi?id=2343
Reference: REDHAT:RHSA-2005:036
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-036.html
Reference: REDHAT:RHSA-2005:122
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-122.html
Reference: BUGTRAQ:20050118 [USN-61-1] vim vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110608387001863&w=2
Reference: SECTRACK:1012938
Reference: URL:http://securitytracker.com/id?1012938
Reference: SECUNIA:13841
Reference: URL:http://secunia.com/advisories/13841/
Reference: XF:vim-symlink(18870)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18870

Votes:

Name: CVE-2005-0070

Description:
Synaesthesia 2.1 and earlier, and possibly other versions, when installed setuid root, does not drop privileges before processing configuration and mixer files, which allows local users to read arbitrary files.

Status: Candidate
Phase: Assigned (20050114)
Reference: DEBIAN:DSA-681
Reference: URL:http://www.debian.org/security/2005/dsa-681
Reference: BID:12546
Reference: URL:http://www.securityfocus.com/bid/12546
Reference: SECTRACK:1013206
Reference: URL:http://securitytracker.com/id?1013206
Reference: SECUNIA:14300
Reference: URL:http://secunia.com/advisories/14300

Votes:

Name: CVE-2005-0071

Description:
vdr before 1.2.6 does not securely create files, which allows attackers to overwrite arbitrary files.

Status: Candidate
Phase: Assigned (20050114)
Reference: DEBIAN:DSA-656
Reference: URL:http://www.debian.org/security/2005/dsa-656
Reference: GENTOO:GLSA-200501-42
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200501-42.xml
Reference: BID:12356
Reference: URL:http://www.securityfocus.com/bid/12356
Reference: SECUNIA:13930
Reference: URL:http://secunia.com/advisories/13930
Reference: SECUNIA:13995
Reference: URL:http://secunia.com/advisories/13995
Reference: SECUNIA:14066
Reference: URL:http://secunia.com/advisories/14066
Reference: XF:vdr-dvdapi-file-overwrite(19066)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19066

Votes:

Name: CVE-2005-0072

Description:
zhcon before 0.2 does not drop privileges before reading a user configuration file, which allows local users to read arbitrary files.

Status: Candidate
Phase: Assigned (20050114)
Reference: DEBIAN:DSA-655
Reference: URL:http://www.debian.org/security/2005/dsa-655
Reference: MANDRAKE:MDKSA-2005:012
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:012
Reference: BID:12343
Reference: URL:http://www.securityfocus.com/bid/12343
Reference: SECTRACK:1012977
Reference: URL:http://securitytracker.com/id?1012977
Reference: SECUNIA:13977
Reference: URL:http://secunia.com/advisories/13977
Reference: SECUNIA:13982
Reference: URL:http://secunia.com/advisories/13982
Reference: SECUNIA:13987
Reference: URL:http://secunia.com/advisories/13987
Reference: XF:zhcon-information-disclosure(19045)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19045

Votes:

Name: CVE-2005-0073

Description:
Buffer overflow in queue.c in a support script for sympa 3.3.3, when running setuid, allows local users to execute arbitrary code.

Status: Candidate
Phase: Assigned (20050114)
Reference: DEBIAN:DSA-677
Reference: URL:http://www.debian.org/security/2005/dsa-677
Reference: SECTRACK:1013163
Reference: URL:http://securitytracker.com/id?1013163
Reference: SECUNIA:14217
Reference: URL:http://secunia.com/advisories/14217
Reference: SECUNIA:14224
Reference: URL:http://secunia.com/advisories/14224

Votes:

Name: CVE-2005-0074

Description:
Buffer overflow in pcdsvgaview in xpcd 2.08 allows local users to execute arbitrary code.

Status: Candidate
Phase: Assigned (20050114)
Reference: DEBIAN:DSA-676
Reference: URL:http://www.debian.org/security/2005/dsa-676
Reference: BID:12523
Reference: URL:http://www.securityfocus.com/bid/12523
Reference: SECTRACK:1013162
Reference: URL:http://securitytracker.com/id?1013162
Reference: SECUNIA:14248
Reference: URL:http://secunia.com/advisories/14248
Reference: SECUNIA:14250
Reference: URL:http://secunia.com/advisories/14250

Votes:

Name: CVE-2005-0075

Description:
prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, allows remote attackers to inject local code into the SquirrelMail code via custom preference handlers.

Status: Candidate
Phase: Assigned (20050114)
Reference: BUGTRAQ:20050129 SquirrelMail Security Advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110702772714662&w=2
Reference: CONFIRM:http://www.squirrelmail.org/security/issue/2005-01-14
Reference: APPLE:APPLE-SA-2005-03-21
Reference: URL:http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
Reference: GENTOO:GLSA-200501-39
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200501-39.xml
Reference: REDHAT:RHSA-2005:099
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-099.html
Reference: REDHAT:RHSA-2005:135
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-135.html
Reference: SECUNIA:13962
Reference: URL:http://secunia.com/advisories/13962/

Votes:

Name: CVE-2005-0076

Description:
Multiple buffer overflows in the XView library 3.2 may allow local users to execute arbitrary code via setuid applications that use the library.

Status: Candidate
Phase: Assigned (20050114)
Reference: DEBIAN:DSA-672
Reference: URL:http://www.debian.org/security/2005/dsa-672
Reference: XF:xview-xvparseone-bo(19271)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19271

Votes:

Name: CVE-2005-0077

Description:
The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.

Status: Candidate
Phase: Assigned (20050114)
Reference: DEBIAN:DSA-658
Reference: URL:http://www.debian.org/security/2005/dsa-658
Reference: FEDORA:FLSA-2006:178989
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/426530/30/6600/threaded
Reference: GENTOO:GLSA-200501-38
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200501-38.xml
Reference: MANDRAKE:MDKSA-2005:030
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:030
Reference: REDHAT:RHSA-2005:072
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-072.html
Reference: BUGTRAQ:20050125 [USN-70-1] Perl DBI module vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110667936707597&w=2
Reference: BID:12360
Reference: URL:http://www.securityfocus.com/bid/12360
Reference: SECTRACK:1013007
Reference: URL:http://securitytracker.com/id?1013007
Reference: SECUNIA:14015
Reference: URL:http://secunia.com/advisories/14015
Reference: SECUNIA:14050
Reference: URL:http://secunia.com/advisories/14050
Reference: XF:dbi-library-file-overwrite(19068)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19068

Votes:

Name: CVE-2005-0078

Description:
The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session.

Status: Candidate
Phase: Assigned (20050114)
Reference: DEBIAN:DSA-660
Reference: URL:http://www.debian.org/security/2005/dsa-660
Reference: REDHAT:RHSA-2005:009
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-009.html
Reference: XF:kdebase-screensaver-security-bypass(19084)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19084

Votes:

Name: CVE-2005-0079

Description:
Buffer overflow in xtrlock 2.0 allows local users to cause a denial of service (application crash) and hijack the desktop session.

Status: Candidate
Phase: Assigned (20050114)
Reference: DEBIAN:DSA-649
Reference: URL:http://www.debian.org/security/2005/dsa-649
Reference: BID:12316
Reference: URL:http://www.securityfocus.com/bid/12316
Reference: SECUNIA:13938
Reference: URL:http://secunia.com/advisories/13938
Reference: XF:xtrlock-screen-lock-bypass(18991)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18991

Votes:

Name: CVE-2005-0080

Description:
The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address.

Status: Candidate
Phase: Assigned (20050114)
Reference: BUGTRAQ:20050110 [USN-59-1] mailman vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110549296126351&w=2
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=285839
Reference: MISC:http://qa.debian.org/bts-security.html

Votes:

Name: CVE-2005-0081

Description:
MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote attackers to cause a denial of service (crash) via an HTTP request with invalid headers.

Status: Candidate
Phase: Assigned (20050118)
Reference: IDEFENSE:20050119 MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities
Reference: URL:http://www.idefense.com/application/poi/display?id=187&type=vulnerabilities

Votes:

Name: CVE-2005-0082

Description:
The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote attackers to cause a denial of service (crash) via invalid parameters to the WebDAV handler code, which triggers a null dereference that causes the SAP DB Web Agent to crash.

Votes:

Name: CVE-2005-0083

Description:
MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and other platforms, allows remote attackers to cause a denial of service (application crash) via invalid parameters to the (1) DBMCli_String::ReallocString, (2) DBMCli_String::operator, (3) DBMCli_Buffer::ForceResize, (4) DBMCli_Wizard::InstallDatabase, (5) DBMCli_Devspaces::Complete, (6) DBMWeb_TemplateWizard::askForWriteCountStep5, or (7) DBMWeb_DBMWeb::wizardDB functions, which triggers a null dereference.

Status: Candidate
Phase: Assigned (20050118)
Reference: IDEFENSE:20050314 MySQL MaxDB Web Agent Multiple Denial of Service Vulnerabilities
Reference: URL:http://www.idefense.com/application/poi/display?id=218&type=vulnerabilities
Reference: XF:maxdb-null-pointer-dos(19687)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19687

Votes:

Name: CVE-2005-0084

Description:
Buffer overflow in the X11 dissector in Ethereal 0.8.10 through 0.10.8 allows remote attackers to execute arbitrary code via a crafted packet.

Status: Candidate
Phase: Assigned (20050118)
Reference: CONFIRM:http://www.ethereal.com/appnotes/enpa-sa-00017.html
Reference: DEBIAN:DSA-653
Reference: URL:http://www.debian.org/security/2005/dsa-653
Reference: FEDORA:FLSA-2006:152922
Reference: URL:http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00003.html
Reference: GENTOO:GLSA-200501-27
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200501-27.xml
Reference: MANDRAKE:MDKSA-2005:013
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:013
Reference: REDHAT:RHSA-2005:037
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-037.html
Reference: CIAC:P-106
Reference: URL:http://www.ciac.org/ciac/bulletins/p-106.shtml
Reference: BID:12326
Reference: URL:http://www.securityfocus.com/bid/12326
Reference: SECUNIA:13946
Reference: URL:http://secunia.com/advisories/13946/
Reference: XF:ethereal-x11-bo(19004)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19004

Votes:

Name: CVE-2005-0085

Description:
Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.

Status: Candidate
Phase: Assigned (20050118)
Reference: DEBIAN:DSA-680
Reference: URL:http://www.debian.org/security/2005/dsa-680
Reference: FEDORA:FLSA-2006:152907
Reference: URL:http://www.redhat.com/archives/fedora-legacy-announce/2006-January/msg00002.html
Reference: GENTOO:GLSA-200502-16
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200502-16.xml
Reference: MANDRAKE:MDKSA-2005:063
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:063
Reference: REDHAT:RHSA-2005:073
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-073.html
Reference: REDHAT:RHSA-2005:090
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-090.html
Reference: SCO:SCOSA-2005.46
Reference: URL:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.46/SCOSA-2005.46.txt
Reference: BID:12442
Reference: URL:http://www.securityfocus.com/bid/12442
Reference: SECTRACK:1013078
Reference: URL:http://securitytracker.com/id?1013078
Reference: SECUNIA:14255
Reference: URL:http://secunia.com/advisories/14255
Reference: SECUNIA:17414
Reference: URL:http://secunia.com/advisories/17414
Reference: SECUNIA:17415
Reference: URL:http://secunia.com/advisories/17415
Reference: SECUNIA:14276
Reference: URL:http://secunia.com/advisories/14276
Reference: SECUNIA:14303
Reference: URL:http://secunia.com/advisories/14303
Reference: SECUNIA:14795
Reference: URL:http://secunia.com/advisories/14795
Reference: SECUNIA:15007
Reference: URL:http://secunia.com/advisories/15007
Reference: XF:htdig-config-xss(19223)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19223

Votes:

Name: CVE-2005-0086

Description:
Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 allows attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted file, as demonstrated using the UTF-8 locale.

Status: Candidate
Phase: Assigned (20050118)
Reference: FEDORA:FLSA:2404
Reference: URL:https://bugzilla.fedora.us/show_bug.cgi?id=2404
Reference: REDHAT:RHSA-2005:068
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-068.html
Reference: CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=145527
Reference: XF:less-file-bo(19131)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19131

Votes:

Name: CVE-2005-0087

Description:
The alsa-lib package in Red Hat Linux 4 disables stack protection for the libasound.so library, which makes it easier for attackers to execute arbitrary code if there are other vulnerabilities in the library.

Status: Candidate
Phase: Assigned (20050118)
Reference: REDHAT:RHSA-2005:033
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-033.html

Votes:

Name: CVE-2005-0088

Description:
The publisher handler for mod_python 2.7.8 and earlier allows remote attackers to obtain access to restricted objects via a crafted URL.

Status: Candidate
Phase: Assigned (20050118)
Reference: CONECTIVA:CLA-2005:926
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000926
Reference: DEBIAN:DSA-689
Reference: URL:http://www.debian.org/security/2005/dsa-689
Reference: FEDORA:FLSA:152896
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/430286/100/0/threaded
Reference: GENTOO:GLSA-200502-14
Reference: URL:http://security.gentoo.org/glsa/glsa-200502-14.xml
Reference: REDHAT:RHSA-2005:100
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-100.html
Reference: REDHAT:RHSA-2005:104
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-104.html
Reference: TRUSTIX:2005-0003
Reference: URL:http://www.trustix.org/errata/2005/0003/
Reference: BUGTRAQ:20050211 [USN-80-1] mod_python vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110815313218389&w=2
Reference: CERT-VN:VU#356409
Reference: URL:http://www.kb.cert.org/vuls/id/356409
Reference: BID:12519
Reference: URL:http://www.securityfocus.com/bid/12519
Reference: SECTRACK:1013156
Reference: URL:http://securitytracker.com/id?1013156

Votes:

Name: CVE-2005-0089

Description:
The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes.

Status: Candidate
Phase: Assigned (20050118)
Reference: BUGTRAQ:20050203 Python Security Advisory PSF-2005-001 - SimpleXMLRPCServer.py
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110746469728728&w=2
Reference: CONFIRM:http://www.python.org/security/PSF-2005-001/
Reference: CONFIRM:http://python.org/security/PSF-2005-001/patch-2.2.txt
Reference: DEBIAN:DSA-666
Reference: URL:http://www.debian.org/security/2005/dsa-666
Reference: MANDRAKE:MDKSA-2005:035
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:035
Reference: REDHAT:RHSA-2005:108
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-108.html
Reference: TRUSTIX:2005-0003
Reference: URL:http://www.trustix.org/errata/2005/0003/
Reference: BID:12437
Reference: URL:http://www.securityfocus.com/bid/12437
Reference: SECTRACK:1013083
Reference: URL:http://securitytracker.com/id?1013083
Reference: SECUNIA:14128
Reference: URL:http://secunia.com/advisories/14128
Reference: XF:python-simplexmlrpcserver-bypass(19217)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19217

Votes:

Name: CVE-2005-0090

Description:
A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch omits an "access check," which allows local users to cause a denial of service (crash).

Status: Candidate
Phase: Assigned (20050118)
Reference: REDHAT:RHSA-2005:092
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
Reference: BID:12599
Reference: URL:http://www.securityfocus.com/bid/12599
Reference: XF:red-hat-regression-dos(20618)
Reference: URL:http://xforce.iss.net/xforce/xfdb/20618

Votes:

Name: CVE-2005-0091

Description:
Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when using the hugemem kernel, allows local users to read and write to arbitrary kernel memory and gain privileges via certain syscalls.

Status: Candidate
Phase: Assigned (20050118)
Reference: REDHAT:RHSA-2005:092
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
Reference: BID:12599
Reference: URL:http://www.securityfocus.com/bid/12599
Reference: XF:red-hat-patch-gain-privileges(20619)
Reference: URL:http://xforce.iss.net/xforce/xfdb/20619

Votes:

Name: CVE-2005-0092

Description:
Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB split patch, when running on x86 with the hugemem kernel, allows local users to cause a denial of service (crash).

Status: Candidate
Phase: Assigned (20050118)
Reference: REDHAT:RHSA-2005:092
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
Reference: BID:12599
Reference: URL:http://www.securityfocus.com/bid/12599
Reference: XF:red-hat-patch-dos(20620)
Reference: URL:http://xforce.iss.net/xforce/xfdb/20620

Votes:

Name: CVE-2005-0093

Description:
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Status: Candidate
Phase: Assigned (20050118)

Votes:

Name: CVE-2005-0094

Description:
Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses.

Status: Candidate
Phase: Assigned (20050118)
Reference: CONFIRM:http://www.squid-cache.org/Advisories/SQUID-2005_1.txt
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-gopher_html_parsing.patch
Reference: CONECTIVA:CLA-2005:923
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923
Reference: DEBIAN:DSA-651
Reference: URL:http://www.debian.org/security/2005/dsa-651
Reference: FEDORA:FLSA-2006:152809
Reference: URL:http://fedoranews.org/updates/FEDORA--.shtml
Reference: GENTOO:GLSA-200501-25
Reference: URL:http://security.gentoo.org/glsa/glsa-200501-25.xml
Reference: MANDRAKE:MDKSA-2005:014
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:014
Reference: REDHAT:RHSA-2005:060
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-060.html
Reference: REDHAT:RHSA-2005:061
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-061.html
Reference: SUSE:SUSE-SA:2005:006
Reference: URL:http://www.novell.com/linux/security/advisories/2005_06_squid.html
Reference: TRUSTIX:2005-0003
Reference: URL:http://www.trustix.org/errata/2005/0003/
Reference: BID:12276
Reference: URL:http://www.securityfocus.com/bid/12276
Reference: SECUNIA:13825
Reference: URL:http://secunia.com/advisories/13825

Votes:

Name: CVE-2005-0095

Description:
The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers.

Status: Candidate
Phase: Assigned (20050118)
Reference: CONFIRM:http://www.squid-cache.org/Advisories/SQUID-2005_2.txt
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_denial_of_service.patch
Reference: CONECTIVA:CLA-2005:923
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923
Reference: DEBIAN:DSA-651
Reference: URL:http://www.debian.org/security/2005/dsa-651
Reference: FEDORA:FLSA-2006:152809
Reference: URL:http://fedoranews.org/updates/FEDORA--.shtml
Reference: GENTOO:GLSA-200501-25
Reference: URL:http://security.gentoo.org/glsa/glsa-200501-25.xml
Reference: MANDRAKE:MDKSA-2005:014
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:014
Reference: REDHAT:RHSA-2005:060
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-060.html
Reference: REDHAT:RHSA-2005:061
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-061.html
Reference: SUSE:SUSE-SA:2005:006
Reference: URL:http://www.novell.com/linux/security/advisories/2005_06_squid.html
Reference: TRUSTIX:2005-0003
Reference: URL:http://www.trustix.org/errata/2005/0003/
Reference: BID:12275
Reference: URL:http://www.securityfocus.com/bid/12275
Reference: OSVDB:12886
Reference: URL:http://www.osvdb.org/12886
Reference: SECTRACK:1012882
Reference: URL:http://securitytracker.com/id?1012882
Reference: SECUNIA:13825
Reference: URL:http://secunia.com/advisories/13825

Votes:

Name: CVE-2005-0096

Description:
Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption).

Status: Candidate
Phase: Assigned (20050118)
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth
Reference: CONECTIVA:CLA-2005:923
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923
Reference: FEDORA:FLSA-2006:152809
Reference: URL:http://fedoranews.org/updates/FEDORA--.shtml
Reference: GENTOO:GLSA-200501-25
Reference: URL:http://security.gentoo.org/glsa/glsa-200501-25.xml
Reference: REDHAT:RHSA-2005:060
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-060.html
Reference: REDHAT:RHSA-2005:061
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-061.html
Reference: SUSE:SUSE-SA:2005:006
Reference: URL:http://www.novell.com/linux/security/advisories/2005_06_squid.html
Reference: TRUSTIX:2005-0003
Reference: URL:http://www.trustix.org/errata/2005/0003/
Reference: BID:12324
Reference: URL:http://www.securityfocus.com/bid/12324
Reference: SECTRACK:1012818
Reference: URL:http://securitytracker.com/id?1012818

Votes:

Name: CVE-2005-0097

Description:
The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference.

Status: Candidate
Phase: Assigned (20050118)
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-fakeauth_auth
Reference: FEDORA:FLSA-2006:152809
Reference: URL:http://fedoranews.org/updates/FEDORA--.shtml
Reference: GENTOO:GLSA-200501-25
Reference: URL:http://security.gentoo.org/glsa/glsa-200501-25.xml
Reference: REDHAT:RHSA-2005:060
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-060.html
Reference: REDHAT:RHSA-2005:061
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-061.html
Reference: SUSE:SUSE-SA:2005:006
Reference: URL:http://www.novell.com/linux/security/advisories/2005_06_squid.html
Reference: TRUSTIX:2005-0003
Reference: URL:http://www.trustix.org/errata/2005/0003/
Reference: BID:12220
Reference: URL:http://www.securityfocus.com/bid/12220
Reference: SECTRACK:1012818
Reference: URL:http://securitytracker.com/id?1012818
Reference: SECUNIA:13789
Reference: URL:http://secunia.com/advisories/13789

Votes:

Name: CVE-2005-0098

Description:
Multiple buffer overflows in the SDL port of abuse (abuse-SDL) before 2.00 allow local users to execute arbitrary code via the command line.

Status: Candidate
Phase: Assigned (20050118)
Reference: DEBIAN:DSA-691
Reference: URL:http://www.debian.org/security/2005/dsa-691
Reference: SECUNIA:14495
Reference: URL:http://secunia.com/advisories/14495

Votes:

Name: CVE-2005-0099

Description:
The SDL port of abuse (abuse-SDL) before 2.00 does not properly drop privileges before creating certain files, which allows local users to create or overwrite arbitrary files.

Status: Candidate
Phase: Assigned (20050118)
Reference: DEBIAN:DSA-691
Reference: URL:http://www.debian.org/security/2005/dsa-691
Reference: OSVDB:14610
Reference: URL:http://www.osvdb.org/14610
Reference: SECUNIA:14495
Reference: URL:http://secunia.com/advisories/14495

Votes:

Name: CVE-2005-0100

Description:
Format string vulnerability in the movemail utility in (1) Emacs 20.x, 21.3, and possibly other versions, and (2) XEmacs 21.4 and earlier, allows remote malicious POP3 servers to execute arbitrary code via crafted packets.

Status: Candidate
Phase: Assigned (20050118)
Reference: DEBIAN:DSA-670
Reference: URL:http://www.debian.org/security/2005/dsa-670
Reference: DEBIAN:DSA-671
Reference: URL:http://www.debian.org/security/2005/dsa-671
Reference: DEBIAN:DSA-685
Reference: URL:http://www.debian.org/security/2005/dsa-685
Reference: FEDORA:FLSA-2006:152898
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/433928/30/5010/threaded
Reference: MANDRAKE:MDKSA-2005:038
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:038
Reference: REDHAT:RHSA-2005:110
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-110.html
Reference: REDHAT:RHSA-2005:112
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-112.html
Reference: REDHAT:RHSA-2005:133
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-133.html
Reference: BUGTRAQ:20050207 [USN-76-1] Emacs vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110780416112719&w=2
Reference: BID:12462
Reference: URL:http://www.securityfocus.com/bid/12462
Reference: XF:xemacs-movemail-format-string(19246)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19246

Votes:

Name: CVE-2005-0101

Description:
Buffer overflow in the socket_getline function in Newspost 2.1.1 and earlier allows remote malicious NNTP servers to execute arbitrary code via a long string without a newline character.

Status: Candidate
Phase: Assigned (20050118)
Reference: BUGTRAQ:20050202 RE: SECURITEY.NNOV.RU NewsPost buffer overflow [EXPLOIT]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110746336728781&w=2
Reference: MISC:http://people.freebsd.org/~niels/issues/newspost-20050114.txt
Reference: CONFIRM:http://www.vuxml.org/freebsd/7f13607b-6948-11d9-8937-00065be4b5b6.html
Reference: GENTOO:GLSA-200502-05
Reference: URL:http://security.gentoo.org/glsa/glsa-200502-05.xml
Reference: BID:12418
Reference: URL:http://www.securityfocus.com/bid/12418
Reference: SECTRACK:1013056
Reference: URL:http://securitytracker.com/id?1013056
Reference: SECUNIA:14092
Reference: URL:http://secunia.com/advisories/14092/
Reference: SECUNIA:14098
Reference: URL:http://secunia.com/advisories/14098
Reference: XF:newspost-socketgetline-bo(19178)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19178

Votes:

Name: CVE-2005-0102

Description:
Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1, which leads to a zero byte memory allocation and a buffer overflow.

Status: Candidate
Phase: Assigned (20050118)
Reference: CONECTIVA:CLA-2005:925
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000925
Reference: DEBIAN:DSA-673
Reference: URL:http://www.debian.org/security/2005/dsa-673
Reference: GENTOO:GLSA-200501-35
Reference: URL:http://security.gentoo.org/glsa/glsa-200501-35.xml
Reference: MANDRAKE:MDKSA-2005:024
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:024
Reference: REDHAT:RHSA-2005:238
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-238.html
Reference: REDHAT:RHSA-2005:397
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-397.html
Reference: UBUNTU:USN-69-1
Reference: URL:http://www.ubuntulinux.org/support/documentation/usn/usn-69-1
Reference: BID:12354
Reference: URL:http://www.securityfocus.com/bid/12354
Reference: SECTRACK:1012981
Reference: URL:http://securitytracker.com/id?1012981
Reference: SECUNIA:13830
Reference: URL:http://secunia.com/advisories/13830
Reference: XF:evolution-camellockhelper-bo(19031)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19031

Votes:

Name: CVE-2005-0103

Description:
PHP remote file inclusion vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to execute arbitrary PHP code by modifying a URL parameter to reference a URL on a remote web server that contains the code.

Status: Candidate
Phase: Assigned (20050118)
Reference: BUGTRAQ:20050129 SquirrelMail Security Advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110702772714662&w=2
Reference: CONFIRM:http://www.squirrelmail.org/security/issue/2005-01-19?PHPSESSID=8af117822fb1ca3aa966a64248b5d223
Reference: APPLE:APPLE-SA-2005-03-21
Reference: URL:http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
Reference: GENTOO:GLSA-200501-39
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200501-39.xml
Reference: REDHAT:RHSA-2005:099
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-099.html
Reference: REDHAT:RHSA-2005:135
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-135.html
Reference: SECUNIA:13962
Reference: URL:http://secunia.com/advisories/13962/
Reference: XF:squirrelmail-frame-file-include(19037)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19037

Votes:

Name: CVE-2005-0104

Description:
Cross-site scripting (XSS) vulnerability in webmail.php in SquirrelMail before 1.4.4 allows remote attackers to inject arbitrary web script or HTML via certain integer variables.

Status: Candidate
Phase: Assigned (20050118)
Reference: BUGTRAQ:20050129 SquirrelMail Security Advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110702772714662&w=2
Reference: CONFIRM:http://www.squirrelmail.org/security/issue/2005-01-20
Reference: APPLE:APPLE-SA-2005-03-21
Reference: URL:http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
Reference: DEBIAN:DSA-662
Reference: URL:http://www.debian.org/security/2005/dsa-662
Reference: GENTOO:GLSA-200501-39
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200501-39.xml
Reference: REDHAT:RHSA-2005:099
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-099.html
Reference: REDHAT:RHSA-2005:135
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-135.html
Reference: SECUNIA:13962
Reference: URL:http://secunia.com/advisories/13962/
Reference: SECUNIA:14096
Reference: URL:http://secunia.com/advisories/14096
Reference: XF:squirrelmail-webmailphp-xss(19036)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19036

Votes:

Name: CVE-2005-0105

Description:
Unknown vulnerability in typespeed 0.4.1 and earlier allows local users to gain privileges.

Status: Candidate
Phase: Assigned (20050118)
Reference: DEBIAN:DSA-684
Reference: URL:http://www.debian.org/security/2005/dsa-684

Votes:

Name: CVE-2005-0106

Description:
SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGD_PATH variable, which allows local users to reduce the cryptographic strength of certain operations by modifying the file.

Status: Candidate
Phase: Assigned (20050118)
Reference: MANDRIVA:MDKSA-2006:023
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2006:023
Reference: UBUNTU:USN-113-1
Reference: URL:http://www.ubuntulinux.org/support/documentation/usn/usn-113-1
Reference: BID:13471
Reference: URL:http://www.securityfocus.com/bid/13471
Reference: SECUNIA:18639
Reference: URL:http://secunia.com/advisories/18639

Votes:

Name: CVE-2005-0107

Description:
bsmtpd 2.3 and earlier does not properly sanitize e-mail addresses, which allows remote attackers to execute arbitrary commands.

Status: Candidate
Phase: Assigned (20050118)
Reference: DEBIAN:DSA-690
Reference: URL:http://www.debian.org/security/2005/dsa-690

Votes:

Name: CVE-2005-0108

Description:
Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote malicious RADIUS servers to cause a denial of service (crash) via a RADIUS_REPLY_MESSAGE with a RADIUS attribute length of 1, which leads to a memcpy operation with a -1 length argument.

Status: Candidate
Phase: Assigned (20050118)
Reference: BUGTRAQ:20050111 Apache mod_auth_radius remote integer overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110548193312050&w=2
Reference: MISC:http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-01-02
Reference: DEBIAN:DSA-659
Reference: URL:http://www.debian.org/security/2005/dsa-659
Reference: BID:12217
Reference: URL:http://www.securityfocus.com/bid/12217
Reference: SECTRACK:1012829
Reference: URL:http://securitytracker.com/id?1012829
Reference: SECUNIA:13773
Reference: URL:http://secunia.com/advisories/13773
Reference: SECUNIA:14046
Reference: URL:http://secunia.com/advisories/14046
Reference: XF:modauthradius-dos(18841)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18841

Votes:

Name: CVE-2005-0109

Description:
Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.

Status: Candidate
Phase: Assigned (20050118)
Reference: MISC:http://www.daemonology.net/papers/htt.pdf
Reference: MISC:http://www.daemonology.net/hyperthreading-considered-harmful/
Reference: MLIST:[openbsd-misc] 20050304 Re: FreeBSD hiding security stuff
Reference: URL:http://marc.theaimsgroup.com/?l=openbsd-misc&m=110995101417256&w=2
Reference: MLIST:[freebsd-security] 20050304 [Fwd: Re: FW:FreeBSD hiding security stuff]
Reference: URL:http://marc.theaimsgroup.com/?l=freebsd-security&m=110994370429609&w=2
Reference: MLIST:[freebsd-hackers] 20050304 Re: FW:FreeBSD hiding security stuff
Reference: URL:http://marc.theaimsgroup.com/?l=freebsd-hackers&m=110994026421858&w=2
Reference: MISC:http://www-1.ibm.com/support/docview.wss?uid=isg1SSRVHMCHMC_C081516_754
Reference: FREEBSD:FreeBSD-SA-05:09
Reference: REDHAT:RHSA-2005:476
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-476.html
Reference: REDHAT:RHSA-2005:800
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-800.html
Reference: SCO:SCOSA-2005.24
Reference: URL:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.24/SCOSA-2005.24.txt
Reference: SUNALERT:101739
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101739-1
Reference: CERT-VN:VU#911878
Reference: URL:http://www.kb.cert.org/vuls/id/911878
Reference: BID:12724
Reference: URL:http://www.securityfocus.com/bid/12724
Reference: FRSIRT:ADV-2005-0540
Reference: URL:http://www.frsirt.com/english/advisories/2005/0540
Reference: FRSIRT:ADV-2005-3002
Reference: URL:http://www.frsirt.com/english/advisories/2005/3002
Reference: SECTRACK:1013967
Reference: URL:http://securitytracker.com/id?1013967
Reference: SECUNIA:15348
Reference: URL:http://secunia.com/advisories/15348
Reference: SECUNIA:18165
Reference: URL:http://secunia.com/advisories/18165

Votes:

Name: CVE-2005-0110

Description:
Internet Explorer 6 on Windows XP SP2 allows remote attackers to bypass the file download warning dialog and possibly trick an unknowledgeable user into executing arbitrary code via a web page with a body element containing an onclick tag, as demonstrated using the createElement function.

Status: Candidate
Phase: Assigned (20050118)
Reference: FULLDISC:20050114 Internet Explorer (SP2) - Remote File Download
Reference: URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110569119106172&w=2

Votes:

Name: CVE-2005-0111

Description:
Stack-based buffer overflow in the websql CGI program in MySQL MaxDB 7.5.00 allows remote attackers to execute arbitrary code via a long password parameter.

Status: Candidate
Phase: Assigned (20050118)
Reference: IDEFENSE:20050113 MySQL MaxDB WebAgent websql logon Buffer Overflow Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=181&type=vulnerabilities
Reference: BID:12265
Reference: URL:http://www.securityfocus.com/bid/12265
Reference: SECTRACK:1012893
Reference: URL:http://securitytracker.com/id?1012893

Votes:

Name: CVE-2005-0112

Description:
The web-based administrative interface for 3Com OfficeConnect Wireless 11g Access Point (AP) 1.00.08, and possibly earlier versions before 1.03.07A, allows remote attackers to bypass authentication and obtain sensitive information by directly accessing the (1) config.bin (2) profile.wlp?PN=ggg or (3) event.logs URLs.

Status: Candidate
Phase: Assigned (20050118)
Reference: IDEFENSE:20050120 3Com OfficeConnect Wireless 11g AP Information Disclosure Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=188&type=vulnerabilities
Reference: BID:12322
Reference: URL:http://www.securityfocus.com/bid/12322
Reference: SECTRACK:1012958
Reference: URL:http://securitytracker.com/id?1012958
Reference: SECUNIA:13942
Reference: URL:http://secunia.com/advisories/13942
Reference: XF:3com-officeconnect-information-disclosure(18994)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18994

Votes:

Name: CVE-2005-0113

Description:
inpview in SGI IRIX allows local users to execute arbitrary commands via the SUN_TTSESSION_CMD environment variable, which is executed by inpview without dropping privileges.

Status: Candidate
Phase: Assigned (20050118)
Reference: IDEFENSE:20050113 SGI IRIX inpview Design Error Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=182&type=vulnerabilities
Reference: BID:12259
Reference: URL:http://www.securityfocus.com/bid/12259
Reference: OSVDB:12915
Reference: URL:http://www.osvdb.org/12915
Reference: SECTRACK:1012894
Reference: URL:http://securitytracker.com/id?1012894
Reference: SECUNIA:13858
Reference: URL:http://secunia.com/advisories/13858
Reference: XF:irix-inpview-gain-privileges(18894)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18894

Votes:

Name: CVE-2005-0114

Description:
vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm Wireless before 5.5.080.000, Check Point Integrity Client 4.x before 4.5.122.000 and 5.x before 5.1.556.166 do not properly verify that the ServerPortName argument to the NtConnectPort function is a valid memory address, which allows local users to cause a denial of service (system crash) when ZoneAlarm attempts to dereference an invalid pointer.

Status: Candidate
Phase: Assigned (20050118)
Reference: IDEFENSE:20050211 ZoneAlarm 5.1 Invalid Pointer Dereference Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=199&type=vulnerabilities
Reference: CONFIRM:http://download.zonelabs.com/bin/free/securityAlert/19.html
Reference: BID:12531
Reference: URL:http://www.securityfocus.com/bid/12531
Reference: SECUNIA:14256
Reference: URL:http://secunia.com/advisories/14256

Votes:

Name: CVE-2005-0115

Description:
Stack-based buffer overflow in DataRescue Interactive Disassembler (IDA) Pro 4.7 allows attackers to execute arbitrary code via a PE file with an Import Address Table containing a long import library name.

Status: Candidate
Phase: Assigned (20050118)
Reference: IDEFENSE:20050124 DataRescue Interactive Disassembler Pro Buffer Overflow Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=189&type=vulnerabilities
Reference: CONFIRM:http://www.datarescue.com/ubb/ultimatebb.php?/topic/2/146.html
Reference: BID:12353
Reference: URL:http://www.securityfocus.com/bid/12353
Reference: SECTRACK:1012975
Reference: URL:http://securitytracker.com/id?1012975
Reference: SECUNIA:13980
Reference: URL:http://secunia.com/advisories/13980
Reference: XF:database-ida-portable-executable-bo(19042)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19042

Votes:

Name: CVE-2005-0116

Description:
AWStats 6.1, and other versions before 6.3, allows remote attackers to execute arbitrary commands via shell metacharacters in the configdir parameter to aswtats.pl.

Status: Candidate
Phase: Assigned (20050118)
Reference: IDEFENSE:20050117 AWStats Remote Command Execution Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=185&type=vulnerabilities&flashstatus=false
Reference: MISC:http://packetstormsecurity.org/0501-exploits/AWStatsVulnAnalysis.pdf
Reference: CONFIRM:http://awstats.sourceforge.net/docs/awstats_changelog.txt
Reference: CERT-VN:VU#272296
Reference: URL:http://www.kb.cert.org/vuls/id/272296
Reference: BID:12298
Reference: URL:http://www.securityfocus.com/bid/12298
Reference: OSVDB:13002
Reference: URL:http://www.osvdb.org/13002
Reference: SECUNIA:13893
Reference: URL:http://secunia.com/advisories/13893/

Votes:

Name: CVE-2005-0117

Description:
Buffer overflow in XShisen before 1.36 allows local users to execute arbitrary code via a long GECOS field.

Status: Candidate
Phase: Assigned (20050119)
Reference: MISC:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=289784
Reference: CONFIRM:http://www.vuxml.org/freebsd/56971fa6-641c-11d9-a097-000854d03344.html

Votes:

Name: CVE-2005-0118

Description:
helvis 1.8h2_1 and earlier stores recovery files in world readable directories with world readable permissions, which allows local users to read the recovered files of other users.

Status: Candidate
Phase: Assigned (20050119)
Reference: CONFIRM:http://www.vuxml.org/freebsd/bb99f803-5fde-11d9-b721-00065be4b5b6.html

Votes:

Name: CVE-2005-0119

Description:
helvis 1.8h2_1 and earlier allows local users to recover and read the files of other users via the elvrec setuid program.

Status: Candidate
Phase: Assigned (20050119)
Reference: CONFIRM:http://www.vuxml.org/freebsd/bb99f803-5fde-11d9-b721-00065be4b5b6.html

Votes:

Name: CVE-2005-0120

Description:
helvis 1.8h2_1 and earlier allows local users to delete arbitrary files via the elvprsv setuid program.

Status: Candidate
Phase: Assigned (20050119)
Reference: MISC:http://people.freebsd.org/~niels/ports/korean/helvis/issues.txt

Votes:

Name: CVE-2005-0121

Description:
Multiple buffer overflows in golddig 2.0 and earlier allow local users to execute arbitrary code via (1) a long map name command line argument or (2) a long username as recorded in the USER environment variable.

Status: Candidate
Phase: Assigned (20050119)
Reference: CONFIRM:http://www.vuxml.org/freebsd/949c470e-528f-11d9-ac20-00065be4b5b6.html
Reference: XF:golddig-long-mapname-bo(19039)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19039
Reference: XF:golddig-long-username-bo(19040)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19040

Votes:

Name: CVE-2005-0122

Description:
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-0975. Reason: This candidate is a duplicate of CVE-2005-0975. Notes: All CVE users should reference CVE-2005-0975 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Status: Candidate
Phase: Assigned (20050119)

Votes:

Name: CVE-2005-0123

Status: Candidate
Phase: Assigned (20050119)

Votes:

Name: CVE-2005-0124

Description:
The coda_pioctl function in the coda functionality (pioctl.c) for Linux kernel 2.6.9 and 2.4.x before 2.4.29 may allow local users to cause a denial of service (crash) or execute arbitrary code via negative vi.in_size or vi.out_size values, which may trigger a buffer overflow.

Status: Candidate
Phase: Assigned (20050119)
Reference: MLIST:[linux-kernel] 20041216 [Coverity] Untrusted user data in kernel
Reference: URL:http://seclists.org/lists/linux-kernel/2004/Dec/3914.html
Reference: MLIST:[linux-kernel] 20050105 Re: [Coverity] Untrusted user data in kernel
Reference: URL:http://seclists.org/lists/linux-kernel/2005/Jan/1089.html
Reference: MLIST:[linux-kernel] 20050107 [PATCH 2.4.29-pre3-bk4] fs/coda Re: [Coverity] Untrusted user data in kernel
Reference: URL:http://seclists.org/lists/linux-kernel/2005/Jan/2018.html
Reference: MLIST:[linux-kernel] 20050107 [PATCH 2.6.10-mm2] fs/coda Re: [Coverity] Untrusted user data in kernel
Reference: URL:http://seclists.org/lists/linux-kernel/2005/Jan/2020.html
Reference: DEBIAN:DSA-1017
Reference: URL:http://www.debian.org/security/2006/dsa-1017
Reference: DEBIAN:DSA-1070
Reference: URL:http://www.debian.org/security/2006/dsa-1070
Reference: DEBIAN:DSA-1067
Reference: URL:http://www.debian.org/security/2006/dsa-1067
Reference: DEBIAN:DSA-1069
Reference: URL:http://www.debian.org/security/2006/dsa-1069
Reference: DEBIAN:DSA-1082
Reference: URL:http://www.debian.org/security/2006/dsa-1082
Reference: FEDORA:FLSA:157459-1
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/428028/100/0/threaded
Reference: REDHAT:RHSA-2006:0191
Reference: URL:http://www.redhat.com/support/errata/RHSA-2006-0191.html
Reference: REDHAT:RHSA-2005:663
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-663.html
Reference: BID:14967
Reference: URL:http://www.securityfocus.com/bid/14967
Reference: FRSIRT:ADV-2005-1878
Reference: URL:http://www.frsirt.com/english/advisories/2005/1878
Reference: SECTRACK:1013018
Reference: URL:http://securitytracker.com/id?1013018
Reference: SECUNIA:18684
Reference: URL:http://secunia.com/advisories/18684
Reference: SECUNIA:19374
Reference: URL:http://secunia.com/advisories/19374
Reference: SECUNIA:17002
Reference: URL:http://secunia.com/advisories/17002
Reference: SECUNIA:20163
Reference: URL:http://secunia.com/advisories/20163
Reference: SECUNIA:20202
Reference: URL:http://secunia.com/advisories/20202
Reference: SECUNIA:20338
Reference: URL:http://secunia.com/advisories/20338

Votes:

Name: CVE-2005-0125

Description:
The "at" commands on Mac OS X 10.3.7 and earlier do not properly drop privileges, which allows local users to (1) delete arbitrary files via atrm, (2) execute arbitrary programs via the -f argument to batch, or (3) read arbitrary files via the -f argument to batch, which generates a job file that is readable by the local user.

Status: Candidate
Phase: Assigned (20050120)
Reference: BUGTRAQ:20050127 DMA[2005-0127a] - 'Apple OSX batch family poor use of setuid'
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110685027017411&w=2
Reference: FULLDISC:20050127 DMA[2005-0127a] - 'Apple OSX batch family poor use of setuid'
Reference: MISC:http://www.digitalmunition.com/DMA[2005-0127a].txt
Reference: APPLE:APPLE-SA-2005-01-25
Reference: URL:http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html
Reference: CERT-VN:VU#678150
Reference: URL:http://www.kb.cert.org/vuls/id/678150
Reference: XF:macos-at-gain-privileges(18981)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18981

Votes:

Name: CVE-2005-0126

Description:
ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute arbitrary code via malformed ICC color profiles that modify the heap.

Status: Candidate
Phase: Assigned (20050120)
Reference: APPLE:APPLE-SA-2005-01-25
Reference: URL:http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html
Reference: CERT-VN:VU#980078
Reference: URL:http://www.kb.cert.org/vuls/id/980078
Reference: BID:12367
Reference: URL:http://www.securityfocus.com/bid/12367
Reference: SECTRACK:1013000
Reference: URL:http://securitytracker.com/id?1013000
Reference: XF:macos-icc-profile-bo(19083)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19083

Votes:

Name: CVE-2005-0127

Description:
Mail in Mac OS X 10.3.7, when generating a Message-ID header, generates a GUUID that includes information that identifies the Ethernet hardware being used, which allows remote attackers to link mail messages to a particular machine.

Status: Candidate
Phase: Assigned (20050120)
Reference: APPLE:APPLE-SA-2005-01-25
Reference: URL:http://lists.apple.com/archives/security-announce/2005/Jan/msg00001.html
Reference: CERT-VN:VU#464662
Reference: URL:http://www.kb.cert.org/vuls/id/464662
Reference: SECTRACK:1013001
Reference: URL:http://securitytracker.com/id?1013001
Reference: SECUNIA:14005
Reference: URL:http://secunia.com/advisories/14005
Reference: XF:macos-ethernet-address-disclosure(19085)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19085

Votes:

Name: CVE-2005-0128

Status: Candidate
Phase: Assigned (20050120)

Votes:

Name: CVE-2005-0129

Description:
The Quick Buttons feature in Konversation 0.15 allows remote attackers to execute certain IRC commands via a channel name containing "%" variables, which are recursively expanded by the Server::parseWildcards function when the Part Button is selected.

Status: Candidate
Phase: Assigned (20050120)
Reference: FULLDISC:20050119 Multiple vulnerabilities in Konversation
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/031033.html
Reference: BUGTRAQ:20050119 Multiple vulnerabilities in Konversation
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110626383310742&w=2
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20050121-1.txt
Reference: GENTOO:GLSA-200501-34
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200501-34.xml
Reference: BID:12312
Reference: URL:http://www.securityfocus.com/bid/12312
Reference: SECTRACK:1012972
Reference: URL:http://securitytracker.com/id?1012972
Reference: SECUNIA:13919
Reference: URL:http://secunia.com/advisories/13919
Reference: SECUNIA:13989
Reference: URL:http://secunia.com/advisories/13989
Reference: XF:konversation-expansion-execute-code(19025)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19025

Votes:

Name: CVE-2005-0130

Description:
Certain Perl scripts in Konversation 0.15 allow remote attackers to execute arbitrary commands via shell metacharacters in (1) channel names or (2) song names that are not properly quoted when the user runs IRC sripts.

Status: Candidate
Phase: Assigned (20050120)
Reference: FULLDISC:20050119 Multiple vulnerabilities in Konversation
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/031033.html
Reference: BUGTRAQ:20050119 Multiple vulnerabilities in Konversation
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110626383310742&w=2
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20050121-1.txt
Reference: GENTOO:GLSA-200501-34
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200501-34.xml
Reference: BID:12312
Reference: URL:http://www.securityfocus.com/bid/12312
Reference: SECTRACK:1012972
Reference: URL:http://securitytracker.com/id?1012972
Reference: SECUNIA:13919
Reference: URL:http://secunia.com/advisories/13919
Reference: SECUNIA:13989
Reference: URL:http://secunia.com/advisories/13989
Reference: XF:konversation-perlscript-execute-code(19008)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19008

Votes:

Name: CVE-2005-0131

Description:
The Quick Connection dialog in Konversation 0.15 inadvertently uses the user-provided password as the nickname instead of the user-provided nickname when connecting to the IRC server, which could leak the password to other users.

Status: Candidate
Phase: Assigned (20050120)
Reference: FULLDISC:20050119 Multiple vulnerabilities in Konversation
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/031033.html
Reference: BUGTRAQ:20050119 Multiple vulnerabilities in Konversation
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110626383310742&w=2
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20050121-1.txt
Reference: GENTOO:GLSA-200501-34
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200501-34.xml
Reference: BID:12312
Reference: URL:http://www.securityfocus.com/bid/12312
Reference: SECTRACK:1012972
Reference: URL:http://securitytracker.com/id?1012972
Reference: SECUNIA:13919
Reference: URL:http://secunia.com/advisories/13919
Reference: SECUNIA:13989
Reference: URL:http://secunia.com/advisories/13989
Reference: XF:konversation-nick-password-information-disclosure(19038)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19038

Votes:

Name: CVE-2005-0132

Status: Candidate
Phase: Assigned (20050120)

Votes:

Name: CVE-2005-0133

Description:
ClamAV 0.80 and earlier allows remote attackers to cause a denial of service (clamd daemon crash) via a ZIP file with malformed headers.

Status: Candidate
Phase: Assigned (20050121)
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=300116
Reference: CONECTIVA:CLA-2005:928
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000928
Reference: GENTOO:GLSA-200501-46
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200501-46.xml
Reference: MANDRAKE:MDKSA-2005:025
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:025
Reference: TRUSTIX:2005-0003
Reference: URL:http://www.trustix.org/errata/2005/0003/

Votes:

Name: CVE-2005-0134

Description:
The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not properly create socket directories in /tmp, which could allow attackers to hijack local sockets.

Status: Candidate
Phase: Assigned (20050121)
Reference: FRSIRT:ADV-2005-0077
Reference: URL:http://www.frsirt.com/english/advisories/2005/0077
Reference: SCO:SCOSA-2005.8
Reference: URL:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.8/SCOSA-2005.8.txt

Votes:

Name: CVE-2005-0135

Description:
The unw_unwind_to_user function in unwind.c on Itanium (ia64) architectures in Linux kernel 2.6 allows local users to cause a denial of service (system crash).

Status: Candidate
Phase: Assigned (20050125)
Reference: DEBIAN:DSA-1070
Reference: URL:http://www.debian.org/security/2006/dsa-1070
Reference: DEBIAN:DSA-1067
Reference: URL:http://www.debian.org/security/2006/dsa-1067
Reference: DEBIAN:DSA-1069
Reference: URL:http://www.debian.org/security/2006/dsa-1069
Reference: DEBIAN:DSA-1082
Reference: URL:http://www.debian.org/security/2006/dsa-1082
Reference: REDHAT:RHSA-2005:284
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-284.html
Reference: REDHAT:RHSA-2005:366
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-366.html
Reference: CONFIRM:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=148868
Reference: CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@41f2beablXVnAs_6fznhhITh1j5hZg
Reference: REDHAT:RHSA-2005:293
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-293.html
Reference: BID:13266
Reference: URL:http://www.securityfocus.com/bid/13266
Reference: SECUNIA:15019
Reference: URL:http://secunia.com/advisories/15019
Reference: SECUNIA:20163
Reference: URL:http://secunia.com/advisories/20163
Reference: SECUNIA:20202
Reference: URL:http://secunia.com/advisories/20202
Reference: SECUNIA:20338
Reference: URL:http://secunia.com/advisories/20338

Votes:

Name: CVE-2005-0136

Description:
The Linux kernel before 2.6.11 on the Itanium IA64 platform has certain "ptrace corner cases" that allow local users to cause a denial of service (crash) via crafted syscalls, possibly related to MCA/INIT, a different vulnerability than CVE-2005-1761.

Status: Candidate
Phase: Assigned (20050125)
Reference: MLIST:[kernel-svn-changes] 20050816 r3920 - in branches/dist/sarge-security: . kernel kernel/i386 kernel/source kernel/source/kernel-source-2.6.8-2.6.8/debian
Reference: URL:http://lists.alioth.debian.org/pipermail/kernel-svn-changes/2005-August/002597.html
Reference: MLIST:[linux-ia64] 20040916 Re: [Patch] Per CPU MCA/INIT data save areas
Reference: URL:http://www.gelato.unsw.edu.au/archives/linux-ia64/0409/11073.html
Reference: MISC:http://openvz.org/news/updates/kernel-022stab045.1-released
Reference: MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=148862
Reference: MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=155283
Reference: CONFIRM:http://www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11
Reference: REDHAT:RHSA-2005:420
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-420.html
Reference: REDHAT:RHSA-2005:663
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-663.html
Reference: FRSIRT:ADV-2005-1878
Reference: URL:http://www.frsirt.com/english/advisories/2005/1878
Reference: SECUNIA:17002
Reference: URL:http://secunia.com/advisories/17002

Votes:

Name: CVE-2005-0137

Description:
Linux kernel 2.6 on Itanium (ia64) architectures allows local users to cause a denial of service via a "missing Itanium syscall table entry."

Status: Candidate
Phase: Assigned (20050125)
Reference: REDHAT:RHSA-2005:284
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-284.html
Reference: REDHAT:RHSA-2005:293
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-293.html

Votes:

Name: CVE-2005-0138

Description:
rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not correctly allow access to anonymous clients that connect from a system whose hostname can not be determined. NOTE: while this issue occurs in a security mechanism, there is no apparent attacker role and probably does not satisfy the CVE definition of a vulnerability.

Status: Candidate
Phase: Assigned (20050125)
Reference: SGI:20050601-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20050601-01-U
Reference: CIAC:P-214
Reference: URL:http://www.ciac.org/ciac/bulletins/p-214.shtml
Reference: FRSIRT:ADV-2005-0702
Reference: URL:http://www.frsirt.com/english/advisories/2005/0702
Reference: SECUNIA:15619
Reference: URL:http://secunia.com/advisories/15619

Votes:

Name: CVE-2005-0139

Description:
Unknown vulnerability in rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not sufficiently restrict access rights for read-mostly exports, which allows attackers to conduct unauthorized activities.

Votes:

Name: CVE-2005-0140

Description:
Buffer overflow in PeID allows attackers to execute arbitrary code via a PE file with an Import Address Table containing a long import library name.

Status: Candidate
Phase: Assigned (20050125)
Reference: IDEFENSE:20050124 DataRescue Interactive Disassembler Pro Buffer Overflow Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=189&type=vulnerabilities
Reference: BID:12355
Reference: URL:http://www.securityfocus.com/bid/12355
Reference: SECUNIA:13984
Reference: URL:http://secunia.com/advisories/13984
Reference: XF:database-ida-portable-executable-bo(19042)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19042

Votes:

Name: CVE-2005-0141

Description:
Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to load local files via links "with a custom getter and toString method" that are middle-clicked by the user to be opened in a new tab.

Status: Candidate
Phase: Assigned (20050125)
Reference: CONFIRM:http://www.mozilla.org/security/announce/mfsa2005-01.html
Reference: CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=249332
Reference: REDHAT:RHSA-2005:323
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-323.html
Reference: REDHAT:RHSA-2005:335
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-335.html
Reference: BID:12407
Reference: URL:http://www.securityfocus.com/bid/12407
Reference: OVAL:oval:org.mitre.oval:def:100057
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100057
Reference: XF:mozilla-firefox-file-upload(19168)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19168

Votes:

Name: CVE-2005-0142

Description:
Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and Mozilla 1.7 before 1.7.5 save temporary files with world-readable permissions, which allows local users to read certain web content or attachments that belong to other users, e.g. content that is managed by helper applications such as PDF.

Status: Candidate
Phase: Assigned (20050125)
Reference: CONFIRM:http://www.mozilla.org/security/announce/mfsa2005-02.html
Reference: CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=251297
Reference: REDHAT:RHSA-2005:335
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-335.html
Reference: REDHAT:RHSA-2005:384
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-384.html
Reference: SUSE:SUSE-SA:2006:022
Reference: URL:http://www.novell.com/linux/security/advisories/2006_04_25.html
Reference: SUSE:SUSE-SA:2006:004
Reference: URL:http://www.novell.com/linux/security/advisories/2006_04_25.html
Reference: OVAL:oval:org.mitre.oval:def:100056
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100056
Reference: SECUNIA:19823
Reference: URL:http://secunia.com/advisories/19823
Reference: XF:mozilla-world-readable(17832)
Reference: URL:http://xforce.iss.net/xforce/xfdb/17832

Votes:

Name: CVE-2005-0143

Description:
Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon when an insecure page loads a binary file from a trusted site, which could facilitate phishing attacks.

Status: Candidate
Phase: Assigned (20050125)
Reference: CONFIRM:http://www.mozilla.org/security/announce/mfsa2005-03.html
Reference: CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=257308
Reference: REDHAT:RHSA-2005:335
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-335.html
Reference: REDHAT:RHSA-2005:384
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-384.html
Reference: BID:12407
Reference: URL:http://www.securityfocus.com/bid/12407
Reference: OVAL:oval:org.mitre.oval:def:100055
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100055
Reference: XF:mozilla-ssl-spoofing(19166)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19166

Votes:

Name: CVE-2005-0144

Description:
Firefox before 1.0 and Mozilla before 1.7.5 display the secure site lock icon when a view-source: URL references a secure SSL site while an insecure page is being loaded, which could facilitate phishing attacks.

Status: Candidate
Phase: Assigned (20050125)
Reference: CONFIRM:http://www.mozilla.org/security/announce/mfsa2005-04.html
Reference: CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=262689
Reference: REDHAT:RHSA-2005:323
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-323.html
Reference: REDHAT:RHSA-2005:335
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-335.html
Reference: BID:12407
Reference: URL:http://www.securityfocus.com/bid/12407
Reference: OVAL:oval:org.mitre.oval:def:100054
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100054
Reference: XF:mozilla-ssl-view-source-spoofing(19169)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19169

Votes:

Name: CVE-2005-0145

Description:
Firefox before 1.0 does not properly distinguish between user-generated and synthetic click events, which allows remote attackers to use Javascript to bypass the file download prompt when the user uses the Alt-click feature.

Status: Candidate
Phase: Assigned (20050125)
Reference: CONFIRM:http://www.mozilla.org/security/announce/mfsa2005-07.html
Reference: CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=265176
Reference: BID:12407
Reference: URL:http://www.securityfocus.com/bid/12407
Reference: OVAL:oval:org.mitre.oval:def:100051
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100051
Reference: XF:mozilla-script-click-event-bypass(19170)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19170

Votes:

Name: CVE-2005-0146

Description:
Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to obtain sensitive data from the clipboard via Javascript that generates a middle-click event on systems for which a middle-click performs a paste operation.

Status: Candidate
Phase: Assigned (20050125)
Reference: CONFIRM:http://www.mozilla.org/security/announce/mfsa2005-08.html
Reference: CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=265728
Reference: REDHAT:RHSA-2005:335
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-335.html
Reference: REDHAT:RHSA-2005:384
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-384.html
Reference: BID:12407
Reference: URL:http://www.securityfocus.com/bid/12407
Reference: XF:mozilla-middle-click-information-disclosure(19171)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19171

Votes:

Name: CVE-2005-0147

Description:
Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a proxy, respond to 407 proxy auth requests from arbitrary servers, which allows remote attackers to steal NTLM or SPNEGO credentials.

Status: Candidate
Phase: Assigned (20050125)
Reference: CONFIRM:http://www.mozilla.org/security/announce/mfsa2005-09.html
Reference: CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=267263
Reference: REDHAT:RHSA-2005:323
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-323.html
Reference: BID:12407
Reference: URL:http://www.securityfocus.com/bid/12407
Reference: OVAL:oval:org.mitre.oval:def:100049
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100049
Reference: XF:mozilla-407-proxy-obtain-information(19174)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19174

Votes:

Name: CVE-2005-0148

Description:
Thunderbird before 0.9, when running on Windows systems, uses the default handler when processing javascript: links, which invokes Internet Explorer and may expose the Thunderbird user to vulnerabilities in the version of Internet Explorer that is installed on the user's system. NOTE: since the invocation between multiple products is a common practice, and the vulnerabilities inherent in multi-product interactions are not easily enumerable, this issue might be REJECTED in the future.

Status: Candidate
Phase: Assigned (20050125)
Reference: CONFIRM:http://www.mozilla.org/security/announce/mfsa2005-10.html
Reference: CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=263546
Reference: BID:12407
Reference: URL:http://www.securityfocus.com/bid/12407
Reference: OVAL:oval:org.mitre.oval:def:100048
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100048
Reference: XF:thunderbird-javascript-handler-launch(19173)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19173

Votes:

Name: CVE-2005-0149

Description:
Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not obey the network.cookie.disableCookieForMailNews preference, which could allow remote attackers bypass the user's intended privacy and security policy by using cookies in e-mail messages.

Status: Candidate
Phase: Assigned (20050125)
Reference: CONFIRM:http://www.mozilla.org/security/announce/mfsa2005-11.html
Reference: CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=268107
Reference: REDHAT:RHSA-2005:094
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-094.html
Reference: REDHAT:RHSA-2005:323
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-323.html
Reference: REDHAT:RHSA-2005:335
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-335.html
Reference: SUSE:SUSE-SA:2006:022
Reference: URL:http://www.novell.com/linux/security/advisories/2006_04_25.html
Reference: SUSE:SUSE-SA:2006:004
Reference: URL:http://www.novell.com/linux/security/advisories/2006_04_25.html
Reference: BID:12407
Reference: URL:http://www.securityfocus.com/bid/12407
Reference: OVAL:oval:org.mitre.oval:def:100047
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100047
Reference: SECUNIA:19823
Reference: URL:http://secunia.com/advisories/19823
Reference: XF:mozilla-cookie-policy-bypass(19172)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19172

Votes:

Name: CVE-2005-0150

Description:
Firefox before 1.0 allows the user to store a (1) javascript: or (2) data: URLs as a Livefeed bookmark, then executes it in the security context of the currently loaded page when the user later accesses the bookmark, which could allow remote attackers to execute arbitrary code.

Status: Candidate
Phase: Assigned (20050125)
Reference: CONFIRM:http://www.mozilla.org/security/announce/mfsa2005-12.html
Reference: CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=265668
Reference: BID:12407
Reference: URL:http://www.securityfocus.com/bid/12407
Reference: OVAL:oval:org.mitre.oval:def:100046
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100046
Reference: XF:mozilla-firefox-livefeed-xss(19187)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19187

Votes:

Name: CVE-2005-0151

Description:
Unknown vulnerability in the installation of Adobe License Management Service, as used in Adobe Photoshop CS, Adobe Creative Suite 1.0, and Adobe Premiere Pro 1.5, allows attackers to gain administrator privileges.

Status: Candidate
Phase: Assigned (20050125)
Reference: CONFIRM:http://www.adobe.com/support/techdocs/331688.html
Reference: SECTRACK:1014168
Reference: URL:http://securitytracker.com/id?1014168
Reference: SECTRACK:1014169
Reference: URL:http://securitytracker.com/id?1014169
Reference: SECTRACK:1014170
Reference: URL:http://securitytracker.com/id?1014170

Votes:

Name: CVE-2005-0152

Description:
PHP remote file inclusion vulnerability in Squirrelmail 1.2.6 allows remote attackers to execute arbitrary code via "URL manipulation."

Status: Candidate
Phase: Assigned (20050127)
Reference: DEBIAN:DSA-662
Reference: URL:http://www.debian.org/security/2005/dsa-662
Reference: MISC:http://ftp.debian.org/debian/dists/stable-proposed-updates/squirrelmail_1.2.6-2_i386.changes
Reference: CERT-VN:VU#203214
Reference: URL:http://www.kb.cert.org/vuls/id/203214
Reference: SECUNIA:14096
Reference: URL:http://secunia.com/advisories/14096

Votes:

Name: CVE-2005-0153

Status: Candidate
Phase: Assigned (20050127)

Votes:

Name: CVE-2005-0154

Status: Candidate
Phase: Assigned (20050127)

Votes:

Name: CVE-2005-0155

Description:
The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable.

Status: Candidate
Phase: Assigned (20050127)
Reference: FULLDISC:20050207 DMA[2005-0131a] - 'Setuid Perl PERLIO_DEBUG root owned file creation'
Reference: URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110779723332339&w=2
Reference: MISC:http://www.digitalmunition.com/DMA[2005-0131a].txt
Reference: CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-163.htm
Reference: CONECTIVA:CLSA-2006:1056
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056
Reference: FEDORA:FLSA-2006:152845
Reference: URL:http://fedoranews.org/updates/FEDORA--.shtml
Reference: GENTOO:GLSA-200502-13
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200502-13.xml
Reference: MANDRAKE:MDKSA-2005:031
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:031
Reference: REDHAT:RHSA-2005:103
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-103.html
Reference: REDHAT:RHSA-2005:105
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-105.html
Reference: TRUSTIX:2005-0003
Reference: URL:http://www.trustix.org/errata/2005/0003/
Reference: BUGTRAQ:20050202 [USN-72-1] Perl vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110737149402683&w=2
Reference: BID:12426
Reference: URL:http://www.securityfocus.com/bid/12426
Reference: SECUNIA:14120
Reference: URL:http://secunia.com/advisories/14120
Reference: SECUNIA:21646
Reference: URL:http://secunia.com/advisories/21646
Reference: XF:perl-perliodebug-file-overwrite(19207)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19207

Votes:

Name: CVE-2005-0156

Description:
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.

Status: Candidate
Phase: Assigned (20050127)
Reference: FULLDISC:20050207 DMA[2005-0131b] - 'Setuid Perl PERLIO_DEBUG
Reference: URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110779721503111&w=2
Reference: MISC:http://www.digitalmunition.com/DMA[2005-0131b].txt
Reference: CONECTIVA:CLSA-2006:1056
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=001056
Reference: FEDORA:FLSA-2006:152845
Reference: URL:http://fedoranews.org/updates/FEDORA--.shtml
Reference: GENTOO:GLSA-200502-13
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200502-13.xml
Reference: MANDRAKE:MDKSA-2005:031
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:031
Reference: REDHAT:RHSA-2005:103
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-103.html
Reference: REDHAT:RHSA-2005:105
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-105.html
Reference: TRUSTIX:2005-0003
Reference: URL:http://www.trustix.org/errata/2005/0003/
Reference: BUGTRAQ:20050202 [USN-72-1] Perl vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110737149402683&w=2
Reference: BID:12426
Reference: URL:http://www.securityfocus.com/bid/12426
Reference: SECUNIA:14120
Reference: URL:http://secunia.com/advisories/14120
Reference: XF:perl-perliodebug-bo(19208)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19208

Votes:

Name: CVE-2005-0157

Description:
The confirm add-on in SmartList 3.15 and earlier allows attackers to subscribe arbitrary e-mail addresses by using a valid cookie that specifies an address other than the address for which the cookie was assigned.

Status: Candidate
Phase: Assigned (20050127)
Reference: DEBIAN:DSA-720
Reference: URL:http://www.debian.org/security/2005/dsa-720

Votes:

Name: CVE-2005-0158

Description:
Format string vulnerability in bidwatcher before 1.3.17 allows remote malicious web servers from eBay, or a spoofed eBay server, to cause a denial of service and possibly execute arbitrary code via certain responses.

Status: Candidate
Phase: Assigned (20050127)
Reference: DEBIAN:DSA-687
Reference: URL:http://www.debian.org/security/2005/dsa-687
Reference: GENTOO:GLSA-200503-06
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200503-06.xml

Votes:

Name: CVE-2005-0159

Description:
The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian GNU/Linux 3.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files.

Status: Candidate
Phase: Assigned (20050127)
Reference: DEBIAN:DSA-679
Reference: URL:http://www.debian.org/security/2005/dsa-679
Reference: BID:12540
Reference: URL:http://www.securityfocus.com/bid/12540
Reference: SECUNIA:14277
Reference: URL:http://secunia.com/advisories/14277
Reference: XF:toolchain-source-symlink(19317)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19317

Votes:

Name: CVE-2005-0160

Description:
Multiple buffer overflows in unace 1.2b allow attackers to execute arbitrary code via (1) 2 overflows in ACE archives, (2) a long command line argument, or (3) certain "Ready for next volume" messages.

Status: Candidate
Phase: Assigned (20050127)
Reference: FULLDISC:20050222 unace-1.2b multiple buffer overflows and directory traversal bugs
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031908.html
Reference: SUSE:SUSE-SR:2005:016
Reference: URL:http://www.novell.com/linux/security/advisories/2005_16_sr.html
Reference: CERT-VN:VU#215006
Reference: URL:http://www.kb.cert.org/vuls/id/215006
Reference: BID:12630
Reference: URL:http://www.securityfocus.com/bid/12630
Reference: SECUNIA:14359
Reference: URL:http://secunia.com/advisories/14359

Votes:

Name: CVE-2005-0161

Description:
Multiple directory traversal vulnerabilities in unace 1.2b allow attackers to overwrite arbitrary files via an ACE archive containing (1) ../ sequences or (2) absolute pathnames.

Status: Candidate
Phase: Assigned (20050127)
Reference: FULLDISC:20050222 unace-1.2b multiple buffer overflows and directory traversal bugs
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031908.html
Reference: SUSE:SUSE-SR:2005:016
Reference: URL:http://www.novell.com/linux/security/advisories/2005_16_sr.html
Reference: BID:12628
Reference: URL:http://www.securityfocus.com/bid/12628
Reference: SECUNIA:14359
Reference: URL:http://secunia.com/advisories/14359

Votes:

Name: CVE-2005-0162

Description:
Stack-based buffer overflow in the get_internal_addresses function in the pluto application for Openswan 1.x before 1.0.9, and Openswan 2.x before 2.3.0, when compiled with XAUTH and PAM enabled, allows remote authenticated attackers to execute arbitrary code.

Status: Candidate
Phase: Assigned (20050127)
Reference: IDEFENSE:20050126 Openswan XAUTH/PAM Buffer Overflow Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=190&type=vulnerabilities
Reference: CONFIRM:http://www.openswan.org/support/vuln/IDEF0785/
Reference: FEDORA:FEDORA-2005-082
Reference: URL:http://www.redhat.com/archives/fedora-announce-list/2005-January/msg00103.html
Reference: BID:12377
Reference: URL:http://www.securityfocus.com/bid/12377
Reference: OSVDB:13195
Reference: URL:http://www.osvdb.org/13195
Reference: SECTRACK:1013014
Reference: URL:http://securitytracker.com/id?1013014
Reference: SECUNIA:14038
Reference: URL:http://secunia.com/advisories/14038
Reference: SECUNIA:14062
Reference: URL:http://secunia.com/advisories/14062
Reference: XF:openswan-xauth-pam-bo(19078)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19078

Votes:

Name: CVE-2005-0163

Status: Candidate
Phase: Assigned (20050127)

Votes:

Name: CVE-2005-0164

Status: Candidate
Phase: Assigned (20050127)

Votes:

Name: CVE-2005-0165

Status: Candidate
Phase: Assigned (20050127)

Votes:

Name: CVE-2005-0166

Status: Candidate
Phase: Assigned (20050127)

Votes:

Name: CVE-2005-0167

Status: Candidate
Phase: Assigned (20050127)

Votes:

Name: CVE-2005-0168

Status: Candidate
Phase: Assigned (20050127)

Votes:

Name: CVE-2005-0169

Status: Candidate
Phase: Assigned (20050127)

Votes:

Name: CVE-2005-0170

Status: Candidate
Phase: Assigned (20050127)

Votes:

Name: CVE-2005-0171

Status: Candidate
Phase: Assigned (20050127)

Votes:

Name: CVE-2005-0172

Status: Candidate
Phase: Assigned (20050127)

Votes:

Name: CVE-2005-0173

Description:
squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated users to bypass username-based Access Control Lists (ACLs) via a username with a space at the beginning or end, which is ignored by the LDAP server.

Status: Candidate
Phase: Assigned (20050127)
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-ldap_spaces
Reference: CONFIRM:http://www.squid-cache.org/bugs/show_bug.cgi?id=1187
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-ldap_spaces.patch
Reference: CONECTIVA:CLA-2005:923
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923
Reference: DEBIAN:DSA-667
Reference: URL:http://www.debian.org/security/2005/dsa-667
Reference: FEDORA:FLSA-2006:152809
Reference: URL:http://fedoranews.org/updates/FEDORA--.shtml
Reference: MANDRAKE:MDKSA-2005:034
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:034
Reference: REDHAT:RHSA-2005:060
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-060.html
Reference: REDHAT:RHSA-2005:061
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-061.html
Reference: SUSE:SUSE-SA:2005:006
Reference: URL:http://www.novell.com/linux/security/advisories/2005_06_squid.html
Reference: CERT-VN:VU#924198
Reference: URL:http://www.kb.cert.org/vuls/id/924198
Reference: BUGTRAQ:20050207 [USN-77-1] Squid vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110780531820947&w=2
Reference: BID:12431
Reference: URL:http://www.securityfocus.com/bid/12431

Votes:

Name: CVE-2005-0174

Description:
Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache or conduct certain attacks via headers that do not follow the HTTP specification, including (1) multiple Content-Length headers, (2) carriage return (CR) characters that are not part of a CRLF pair, and (3) header names containing whitespace characters.

Status: Candidate
Phase: Assigned (20050127)
Reference: CONFIRM:http://www3.br.squid-cache.org/Advisories/SQUID-2005_4.txt
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-header_parsing
Reference: CONECTIVA:CLA-2005:931
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931
Reference: FEDORA:FEDORA-2005-373
Reference: URL:http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html
Reference: FEDORA:FLSA-2006:152809
Reference: URL:http://fedoranews.org/updates/FEDORA--.shtml
Reference: MANDRAKE:MDKSA-2005:034
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:034
Reference: REDHAT:RHSA-2005:060
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-060.html
Reference: REDHAT:RHSA-2005:061
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-061.html
Reference: SUSE:SUSE-SA:2005:006
Reference: URL:http://www.novell.com/linux/security/advisories/2005_06_squid.html
Reference: BUGTRAQ:20050207 [USN-77-1] Squid vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110780531820947&w=2
Reference: CERT-VN:VU#768702
Reference: URL:http://www.kb.cert.org/vuls/id/768702
Reference: BID:12412
Reference: URL:http://www.securityfocus.com/bid/12412

Votes:

Name: CVE-2005-0175

Description:
Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the cache via an HTTP response splitting attack.

Status: Candidate
Phase: Assigned (20050127)
Reference: CONFIRM:http://www.squid-cache.org/Advisories/SQUID-2005_5.txt
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-response_splitting
Reference: CONECTIVA:CLA-2005:931
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931
Reference: DEBIAN:DSA-667
Reference: URL:http://www.debian.org/security/2005/dsa-667
Reference: FEDORA:FEDORA-2005-373
Reference: URL:http://www.redhat.com/archives/fedora-announce-list/2005-May/msg00025.html
Reference: FEDORA:FLSA-2006:152809
Reference: URL:http://fedoranews.org/updates/FEDORA--.shtml
Reference: MANDRAKE:MDKSA-2005:034
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:034
Reference: REDHAT:RHSA-2005:060
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-060.html
Reference: REDHAT:RHSA-2005:061
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-061.html
Reference: SUSE:SUSE-SA:2005:006
Reference: URL:http://www.novell.com/linux/security/advisories/2005_06_squid.html
Reference: BUGTRAQ:20050207 [USN-77-1] Squid vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110780531820947&w=2
Reference: CERT-VN:VU#625878
Reference: URL:http://www.kb.cert.org/vuls/id/625878
Reference: BID:12433
Reference: URL:http://www.securityfocus.com/bid/12433

Votes:

Name: CVE-2005-0176

Description:
The shmctl function in Linux 2.6.9 and earlier allows local users to unlock the memory of other processes, which could cause sensitive memory to be swapped to disk, which could allow it to be read by other users once it has been released.

Status: Candidate
Phase: Assigned (20050128)
Reference: BUGTRAQ:20050215 [USN-82-1] Linux kernel vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846102231365&w=2
Reference: CONECTIVA:CLA-2005:930
Reference: URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
Reference: REDHAT:RHSA-2005:092
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
Reference: REDHAT:RHSA-2005:472
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-472.html
Reference: SGI:20060402-01-U
Reference: URL:ftp://patches.sgi.com/support/free/security/advisories/20060402-01-U
Reference: BID:12598
Reference: URL:http://www.securityfocus.com/bid/12598
Reference: OVAL:oval:org.mitre.oval:def:1225
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1225
Reference: SECUNIA:19607
Reference: URL:http://secunia.com/advisories/19607

Votes:

Name: CVE-2005-0177

Description:
nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, which allows attackers to cause a denial of service (kernel crash) via a buffer overflow.

Status: Candidate
Phase: Assigned (20050128)
Reference: CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@41e2bfbeOiXFga62XrBhzm7Kv9QDmQ
Reference: CONECTIVA:CLA-2005:930
Reference: URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
Reference: REDHAT:RHSA-2005:092
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
Reference: BUGTRAQ:20050215 [USN-82-1] Linux kernel vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846102231365&w=2
Reference: BID:12598
Reference: URL:http://www.securityfocus.com/bid/12598

Votes:

Name: CVE-2005-0178

Description:
Race condition in the setsid function in Linux before 2.6.8.1 allows local users to cause a denial of service (crash) and possibly access portions of kernel memory, related to TTY changes, locking, and semaphores.

Status: Candidate
Phase: Assigned (20050128)
Reference: CONFIRM:http://linux.bkbits.net:8080/linux-2.6/cset@41ddda70CWJb5nNL71T4MOlG2sMG8A
Reference: CONECTIVA:CLA-2005:930
Reference: URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
Reference: REDHAT:RHSA-2005:092
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
Reference: BUGTRAQ:20050215 [USN-82-1] Linux kernel vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110846102231365&w=2
Reference: BID:12598
Reference: URL:http://www.securityfocus.com/bid/12598

Votes:

Name: CVE-2005-0179

Description:
Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of service (CPU and memory consumption) and bypass RLIM_MEMLOCK limits via the mlockall call.

Status: Candidate
Phase: Assigned (20050128)
Reference: FULLDISC:20050107 grsecurity 2.1.0 release / 5 Linux kernel advisories
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030660.html
Reference: CONECTIVA:CLA-2005:930
Reference: URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
Reference: REDHAT:RHSA-2005:092
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
Reference: REDHAT:RHSA-2005:663
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-663.html
Reference: FRSIRT:ADV-2005-1878
Reference: URL:http://www.frsirt.com/english/advisories/2005/1878
Reference: SECUNIA:17002
Reference: URL:http://secunia.com/advisories/17002

Votes:

Name: CVE-2005-0180

Description:
Multiple integer signedness errors in the sg_scsi_ioctl function in scsi_ioctl.c for Linux 2.6.x allow local users to read or modify kernel memory via negative integers in arguments to the scsi ioctl, which bypass a maximum length check before calling the copy_from_user and copy_to_user functions.

Status: Candidate
Phase: Assigned (20050128)
Reference: BUGTRAQ:20050107 grsecurity 2.1.0 release / 5 Linux kernel advisories
Reference: URL:http://www.securityfocus.com/archive/1/386374
Reference: FULLDISC:20050107 grsecurity 2.1.0 release / 5 Linux kernel advisories
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030660.html
Reference: CONECTIVA:CLA-2005:930
Reference: URL:http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000930
Reference: MANDRAKE:MDKSA-2005:218
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:218
Reference: MANDRAKE:MDKSA-2005:219
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:219
Reference: MANDRIVA:MDKSA-2005:219
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:219
Reference: REDHAT:RHSA-2005:092
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
Reference: BID:12198
Reference: URL:http://www.securityfocus.com/bid/12198
Reference: SECUNIA:17826
Reference: URL:http://secunia.com/advisories/17826

Votes:

Name: CVE-2005-0181

Status: Candidate
Phase: Assigned (20050128)

Votes:

Name: CVE-2005-0182

Description:
The mod_dosevasive module 1.9 and earlier for Apache creates temporary files with predictable filenames, which could allow remote attackers to overwrite arbitrary files via a symlink attack.

Status: Candidate
Phase: Assigned (20050128)
Reference: BUGTRAQ:20050111 Mod_dosevasive symlink and race vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110547469530582&w=2
Reference: MISC:http://security.lss.hr/index.php?page=details&ID=LSS-2005-01-01
Reference: BID:12181
Reference: URL:http://www.securityfocus.com/bid/12181
Reference: SECUNIA:13725
Reference: URL:http://secunia.com/advisories/13725
Reference: XF:moddosevasive-symlink(18765)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18765

Votes:

Name: CVE-2005-0183

Description:
ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allows local users to execute arbitrary commands via shell metacharacters in a command line argument.

Status: Candidate
Phase: Assigned (20050128)
Reference: BUGTRAQ:20050111 Squirrelmail vacation v0.15 local root exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110549426300953&w=2
Reference: MISC:http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-01-03
Reference: CONFIRM:http://www.squirrelmail.org/plugin_view.php?id=51
Reference: BID:12222
Reference: URL:http://www.securityfocus.com/bid/12222
Reference: SECTRACK:1012866
Reference: URL:http://securitytracker.com/id?1012866
Reference: SECUNIA:13791
Reference: URL:http://secunia.com/advisories/13791
Reference: XF:vacation-ftpfile-command-execution(18855)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18855

Votes:

Name: CVE-2005-0184

Description:
Directory traversal vulnerability in ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail allows local users to read arbitrary files via a .. (dot dot) in a get request.

Status: Candidate
Phase: Assigned (20050128)
Reference: BUGTRAQ:20050111 Squirrelmail vacation v0.15 local root exploit
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110549426300953&w=2
Reference: MISC:http://security.lss.hr/en/index.php?page=details&ID=LSS-2005-01-03
Reference: CONFIRM:http://www.squirrelmail.org/plugin_view.php?id=51
Reference: BID:12222
Reference: URL:http://www.securityfocus.com/bid/12222
Reference: SECTRACK:1012866
Reference: URL:http://securitytracker.com/id?1012866
Reference: SECUNIA:13791
Reference: URL:http://secunia.com/advisories/13791
Reference: XF:vacation-ftpfile-directory-traversal(18856)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18856

Votes:

Name: CVE-2005-0185

Description:
Stack-based buffer overflow in NodeManager Professional 2.00 allows remote attackers to execute arbitrary commands via a LinkDown-Trap packet that contains a long OCTET-STRING in the Trap variable-bindings field.

Status: Candidate
Phase: Assigned (20050128)
Reference: BUGTRAQ:20050117 [SIG^2 G-TEC] NodeManager Professional V2.00 Buffer Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110599796118583&w=2
Reference: MISC:http://www.security.org.sg/vuln/nodemanager200.html
Reference: BID:12283
Reference: URL:http://www.securityfocus.com/bid/12283
Reference: SECTRACK:1012915
Reference: URL:http://securitytracker.com/id?1012915
Reference: SECUNIA:13881
Reference: URL:http://secunia.com/advisories/13881/
Reference: XF:nodemanager-linkdown-bo(18937)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18937

Votes:

Name: CVE-2005-0186

Description:
Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS Telephony Service (ITS), CallManager Express (CME) or Survivable Remote Site Telephony (SRST), allows remote attackers to cause a denial of service (device reboot) via a malformed packet to the SCCP port.

Status: Candidate
Phase: Assigned (20050128)
Reference: CISCO:20050119 Vulnerability in Cisco IOS Embedded Call Processing Solutions
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20050119-itscme.shtml
Reference: SECTRACK:1012945
Reference: URL:http://securitytracker.com/id?1012945
Reference: SECUNIA:13913
Reference: URL:http://secunia.com/advisories/13913
Reference: XF:cisco-ios-sccp-dos(18956)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18956

Votes:

Name: CVE-2005-0187

Description:
Stack-based buffer overflow in the SetSkin function in AtHoc toolbar allows remote attackers to execute arbitrary code via a long skin name.

Status: Candidate
Phase: Assigned (20050128)
Reference: BUGTRAQ:20041006 Patch available for high risk flaws in the AtHoc Toolbar
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=109710974324742&w=2
Reference: BUGTRAQ:20050119 Multiple vulnerabilities in the AtHoc Toolbar (#NISR19012005c)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110616363415176&w=2
Reference: MISC:http://www.ngssoftware.com/advisories/athoc-01full.txt
Reference: BID:11341
Reference: URL:http://www.securityfocus.com/bid/11341
Reference: XF:athoc-toolbar-bo(17627)
Reference: URL:http://xforce.iss.net/xforce/xfdb/17627

Votes:

Name: CVE-2005-0188

Description:
Format string vulnerability in the SetBaseURL function in AtHoc toolbar allows remote attackers to execute arbitrary code via format string specifiers in an invalid URL that is recorded in the debug log.

Status: Candidate
Phase: Assigned (20050128)
Reference: BUGTRAQ:20041006 Patch available for high risk flaws in the AtHoc Toolbar
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=109710974324742&w=2
Reference: BUGTRAQ:20050119 Multiple vulnerabilities in the AtHoc Toolbar (#NISR19012005c)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110616363415176&w=2
Reference: MISC:http://www.ngssoftware.com/advisories/athoc-01full.txt
Reference: BID:11341
Reference: URL:http://www.securityfocus.com/bid/11341
Reference: XF:athoc-toolbar-format-string(17628)
Reference: URL:http://xforce.iss.net/xforce/xfdb/17628

Votes:

Name: CVE-2005-0189

Description:
Stack-based buffer overflow in the HandleAction function in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to execute arbitrary code via a long ShowPreferences argument.

Status: Candidate
Phase: Assigned (20050128)
Reference: BUGTRAQ:20041006 Patch available for multiple high risk vulnerabilities in RealPlayer
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=109707741022291&w=2
Reference: BUGTRAQ:20050119 RealPlayer 'ShowPreferences' Buffer Overflow Vulnerability (#NISR19012005e)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110616636318261&w=2
Reference: NTBUGTRAQ:20050119 RealPlayer 'ShowPreferences' Buffer Overflow Vulnerability (#NISR19012005e)
Reference: URL:http://archives.neohapsis.com/archives/ntbugtraq/2005-q1/0046.html
Reference: MISC:http://service.real.com/help/faq/security/040928_player/EN/
Reference: CERT-VN:VU#698390
Reference: URL:http://www.kb.cert.org/vuls/id/698390
Reference: BID:12311
Reference: URL:http://www.securityfocus.com/bid/12311

Votes:

Name: CVE-2005-0190

Description:
Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to delete arbitrary files via a Real Metadata Packages (RMP) file with a FILENAME tag containing .. (dot dot) sequences in a filename that ends with a ? (question mark) and an allowed file extension (e.g. .mp3), which bypasses the check for the file extension.

Status: Candidate
Phase: Assigned (20050128)
Reference: BUGTRAQ:20041006 Patch available for multiple high risk vulnerabilities in RealPlayer
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=109707741022291&w=2
Reference: BUGTRAQ:20050119 RealPlayer Arbitrary File Deletion Vulnerability (#NISR19012005f)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110616160228843&w=2
Reference: MISC:http://www.ngssoftware.com/advisories/real-02full.txt
Reference: CONFIRM:http://service.real.com/help/faq/security/040928_player/EN/
Reference: BID:11308
Reference: URL:http://www.securityfocus.com/bid/11308
Reference: SECUNIA:12672
Reference: URL:http://secunia.com/advisories/12672/
Reference: XF:realplayer-media-file-deletion(17551)
Reference: URL:http://xforce.iss.net/xforce/xfdb/17551

Votes:

Name: CVE-2005-0191

Description:
Off-by-one buffer overflow in the processing of tags in Real Metadata Package (RMP) files in RealPlayer 10.5 (6.0.12.1040) and earlier could allow remote attackers to execute arbitrary code via a long tag.

Status: Candidate
Phase: Assigned (20050128)
Reference: BUGTRAQ:20041006 Patch available for multiple high risk vulnerabilities in RealPlayer
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=109707741022291&w=2
Reference: BUGTRAQ:20050119 RealPlayer Miscellaneous Vulnerabilities (#NISR19012005g)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110616302008401&w=2
Reference: MISC:http://www.ngssoftware.com/advisories/real-03full.txt
Reference: CONFIRM:http://service.real.com/help/faq/security/040928_player/EN/
Reference: XF:realplayer-long-filename-offbyone-bo(18982)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18982

Votes:

Name: CVE-2005-0192

Description:
Directory traversal vulnerability in the parsing of Skin file names in RealPlayer 10.5 (6.0.12.1040) and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in an RJS filename.

Status: Candidate
Phase: Assigned (20050128)
Reference: BUGTRAQ:20041006 Patch available for multiple high risk vulnerabilities in RealPlayer
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=109707741022291&w=2
Reference: BUGTRAQ:20050119 RealPlayer Miscellaneous Vulnerabilities (#NISR19012005g)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110616302008401&w=2
Reference: MISC:http://www.ngssoftware.com/advisories/real-03full.txt
Reference: MISC:http://service.real.com/help/faq/security/040928_player/EN/
Reference: XF:realplayer-rjs-filenane-directory-traversal(18984)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18984

Votes:

Name: CVE-2005-0193

Description:
Buffer overflow in the (1) -v and (2) -a switches in mRouter in iSync 1.5 in Mac OS X 10.3.7 and earlier allows local users to execute arbitrary code.

Status: Candidate
Phase: Assigned (20050128)
Reference: BUGTRAQ:20050122 Mac OS X 10.3 iSync Privilege Escalation
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110642400018425&w=2
Reference: APPLE:APPLE-SA-2005-04-19
Reference: URL:http://lists.apple.com/archives/security-announce/2005/Apr/msg00001.html
Reference: BID:12334
Reference: URL:http://www.securityfocus.com/bid/12334
Reference: SECTRACK:1012974
Reference: URL:http://securitytracker.com/id?1012974
Reference: SECUNIA:13965
Reference: URL:http://secunia.com/advisories/13965
Reference: XF:isync-mrouter-bo(19011)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19011

Votes:

Name: CVE-2005-0194

Description:
Squid 2.5, when processing the configuration file, parses empty Access Control Lists (ACLs), including proxy_auth ACLs without defined auth schemes, in a way that effectively removes arguments, which could allow remote attackers to bypass intended ACLs if the administrator ignores the parser warnings.

Status: Candidate
Phase: Assigned (20050131)
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-empty_acls.patch
Reference: CONFIRM:http://www.squid-cache.org/bugs/show_bug.cgi?id=1166
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-empty_acls
Reference: CONECTIVA:CLA-2005:923
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000923
Reference: DEBIAN:DSA-667
Reference: URL:http://www.debian.org/security/2005/dsa-667
Reference: BUGTRAQ:20050221 [USN-84-1] Squid vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110901183320453&w=2
Reference: FEDORA:FLSA-2006:152809
Reference: URL:http://fedoranews.org/updates/FEDORA--.shtml
Reference: CERT-VN:VU#260421
Reference: URL:http://www.kb.cert.org/vuls/id/260421

Votes:

Name: CVE-2005-0195

Description:
Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a denial of service (device restart) via a crafted IPv6 packet.

Status: Candidate
Phase: Assigned (20050131)
Reference: CISCO:20050126 Multiple Crafted IPv6 Packets Cause Reload
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20050126-ipv6.shtml
Reference: CERT:TA05-026A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA05-026A.html
Reference: CERT-VN:VU#472582
Reference: URL:http://www.kb.cert.org/vuls/id/472582
Reference: XF:cisco-ios-ipv6-dos(19072)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19072

Votes:

Name: CVE-2005-0196

Description:
Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp log-neighbor-changes command, allows remote attackers to cause a denial of service (device reload) via a malformed BGP packet.

Status: Candidate
Phase: Assigned (20050131)
Reference: CISCO:20050126 Cisco IOS Misformed BGP Packet Causes Reload
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20050126-bgp.shtml
Reference: CERT:TA05-026A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA05-026A.html
Reference: CERT-VN:VU#689326
Reference: URL:http://www.kb.cert.org/vuls/id/689326
Reference: SECTRACK:1013013
Reference: URL:http://securitytracker.com/id?1013013
Reference: SECUNIA:14034
Reference: URL:http://secunia.com/advisories/14034
Reference: XF:cisco-ios-bgp-packetdos(19074)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19074

Votes:

Name: CVE-2005-0197

Description:
Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol Label Switching (MPLS) installed but disabled, allows remote attackers to cause a denial of service (device reload) via a crafted packet sent to the disabled interface.

Status: Candidate
Phase: Assigned (20050131)
Reference: CISCO:20050126 Crafted Packet Causes Reload on Cisco Routers
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sa-20050126-les.shtml
Reference: CERT:TA05-026A
Reference: URL:http://www.us-cert.gov/cas/techalerts/TA05-026A.html
Reference: CERT-VN:VU#583638
Reference: URL:http://www.kb.cert.org/vuls/id/583638
Reference: BID:12369
Reference: URL:http://www.securityfocus.com/bid/12369
Reference: SECTRACK:1013015
Reference: URL:http://securitytracker.com/id?1013015
Reference: SECUNIA:14031
Reference: URL:http://secunia.com/advisories/14031
Reference: XF:cisco-ios-mpls-dos(19071)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19071

Votes:

Name: CVE-2005-0198

Description:
A logic error in the CRAM-MD5 code for the University of Washington IMAP (UW-IMAP) server, when Challenge-Response Authentication Mechanism with MD5 (CRAM-MD5) is enabled, does not properly enforce all the required conditions for successful authentication, which allows remote attackers to authenticate as arbitrary users.

Status: Candidate
Phase: Assigned (20050131)
Reference: CERT-VN:VU#702777
Reference: URL:http://www.kb.cert.org/vuls/id/702777
Reference: CONFIRM:http://www.kb.cert.org/vuls/id/CRDY-68QSL5
Reference: GENTOO:GLSA-200502-02
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200502-02.xml
Reference: MANDRAKE:MDKSA-2005:026
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:026
Reference: REDHAT:RHSA-2005:128
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-128.html
Reference: BID:12391
Reference: URL:http://www.securityfocus.com/bid/12391
Reference: SECTRACK:1013037
Reference: URL:http://securitytracker.com/id?1013037
Reference: SECUNIA:14057
Reference: URL:http://secunia.com/advisories/14057
Reference: SECUNIA:14097
Reference: URL:http://secunia.com/advisories/14097

Votes:

Name: CVE-2005-0199

Description:
Integer underflow in the Lists_MakeMask() function in lists.c in ngIRCd before 0.8.2 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long MODE line that causes an incorrect length calculation, which leads to a buffer overflow.

Status: Candidate
Phase: Assigned (20050131)
Reference: MLIST:[ngIRCd-ML] 20050126 ngIRCd 0.8.2
Reference: URL:http://arthur.ath.cx/pipermail/ngircd-ml/2005-January/000228.html
Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=79705
Reference: GENTOO:GLSA-200501-40
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200501-40.xml
Reference: BID:12397
Reference: URL:http://www.securityfocus.com/bid/12397
Reference: SECTRACK:1013047
Reference: URL:http://securitytracker.com/id?1013047
Reference: SECUNIA:14056
Reference: URL:http://secunia.com/advisories/14056
Reference: SECUNIA:14059
Reference: URL:http://secunia.com/advisories/14059
Reference: XF:ngircd-listmakemask-bo(19143)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19143

Votes:

Name: CVE-2005-0200

Description:
TikiWiki before 1.8.5 does not properly validate files that have been uploaded to the temp directory, which could allow remote attackers to upload and execute arbitrary PHP scripts, a different vulnerability than CVE-2004-1386.

Status: Candidate
Phase: Assigned (20050131)
Reference: GENTOO:GLSA-200501-41
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200501-41.xml
Reference: CONFIRM:http://tikiwiki.org/art102
Reference: SECUNIA:13948
Reference: URL:http://secunia.com/advisories/13948

Votes:

Name: CVE-2005-0201

Description:
D-BUS (dbus) before 0.22 does not properly restrict access to a socket, if the socket address is known, which allows local users to listen or send arbitrary messages on another user's per-user session bus via that socket.

Status: Candidate
Phase: Assigned (20050201)
Reference: MANDRAKE:MDKSA-2005:105
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:105
Reference: REDHAT:RHSA-2005:102
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-102.html
Reference: UBUNTU:USN-144-1
Reference: URL:http://www.ubuntulinux.org/support/documentation/usn/usn-144-1
Reference: AUSCERT:ESB-2005.0435
Reference: URL:http://www.auscert.org.au/render.html?it=5156
Reference: BID:12435
Reference: URL:http://www.securityfocus.com/bid/12435
Reference: SECTRACK:1013075
Reference: URL:http://securitytracker.com/id?1013075
Reference: SECUNIA:14119
Reference: URL:http://secunia.com/advisories/14119
Reference: SECUNIA:15638
Reference: URL:http://secunia.com/advisories/15638
Reference: SECUNIA:15833
Reference: URL:http://secunia.com/advisories/15833
Reference: SECUNIA:15844
Reference: URL:http://secunia.com/advisories/15844

Votes:

Name: CVE-2005-0202

Description:
Directory traversal vulnerability in the true_path function in private.py for Mailman 2.1.5 and earlier allows remote attackers to read arbitrary files via ".../....///" sequences, which are not properly cleansed by regular expressions that are intended to remove "../" and "./" sequences.

Status: Candidate
Phase: Assigned (20050201)
Reference: FULLDISC:20050209 Administrivia: List Compromised due to Mailman Vulnerability
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031562.html
Reference: APPLE:APPLE-SA-2005-03-21
Reference: URL:http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
Reference: DEBIAN:DSA-674
Reference: URL:http://www.debian.org/security/2005/dsa-674
Reference: GENTOO:GLSA-200502-11
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200502-11.xml
Reference: MANDRAKE:MDKSA-2005:037
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:037
Reference: REDHAT:RHSA-2005:136
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-136.html
Reference: REDHAT:RHSA-2005:137
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-137.html
Reference: BUGTRAQ:20050209 [USN-78-1] Mailman vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110805795122386&w=2
Reference: SUSE:SUSE-SA:2005:007
Reference: URL:http://www.novell.com/linux/security/advisories/2005_07_mailman.html
Reference: SECTRACK:1013145
Reference: URL:http://securitytracker.com/id?1013145
Reference: SECUNIA:14211
Reference: URL:http://secunia.com/advisories/14211

Votes:

Name: CVE-2005-0203

Description:
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate has been revoked by its Candidate Numbering Authority (CNA) because it was initially assigned to a problem that was not a security issue. Notes: none.

Status: Candidate
Phase: Assigned (20050201)

Votes:

Name: CVE-2005-0204

Description:
Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T architectures, allows local users to write to privileged IO ports via the OUTS instruction.

Status: Candidate
Phase: Assigned (20050201)
Reference: REDHAT:RHSA-2005:092
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-092.html
Reference: REDHAT:RHSA-2005:293
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-293.html
Reference: TRUSTIX:2006-0006
Reference: URL:http://www.trustix.org/errata/2006/0006
Reference: BID:12598
Reference: URL:http://www.securityfocus.com/bid/12598
Reference: SECUNIA:18784
Reference: URL:http://secunia.com/advisories/18784

Votes:

Name: CVE-2005-0205

Description:
KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to /etc/hosts and /etc/resolv.conf and gain control over DNS name resolution by opening a number of file descriptors before executing kppp.

Status: Candidate
Phase: Assigned (20050201)
Reference: IDEFENSE:20050228 KPPP Privileged File Descriptor Leak Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=208&type=vulnerabilities
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20050228-1.txt
Reference: CONECTIVA:CLA-2005:934
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000934
Reference: DEBIAN:DSA-692
Reference: URL:http://www.debian.org/security/2005/dsa-692
Reference: REDHAT:RHSA-2005:175
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-175.html

Votes:

Name: CVE-2005-0206

Description:
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.

Status: Candidate
Phase: Assigned (20050201)
Reference: MANDRAKE:MDKSA-2005:041
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:041
Reference: MANDRAKE:MDKSA-2005:042
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:042
Reference: MANDRAKE:MDKSA-2005:043
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:043
Reference: MANDRAKE:MDKSA-2005:044
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:044
Reference: MANDRAKE:MDKSA-2005:052
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:052
Reference: MANDRAKE:MDKSA-2005:056
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:056
Reference: REDHAT:RHSA-2005:034
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-034.html
Reference: REDHAT:RHSA-2005:053
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-053.html
Reference: REDHAT:RHSA-2005:057
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-057.html
Reference: REDHAT:RHSA-2005:132
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-132.html
Reference: REDHAT:RHSA-2005:213
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-213.html
Reference: BID:11501
Reference: URL:http://www.securityfocus.com/bid/11501
Reference: XF:xpdf-pdf-bo(17818)
Reference: URL:http://xforce.iss.net/xforce/xfdb/17818

Votes:

Name: CVE-2005-0207

Description:
Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT.

Status: Candidate
Phase: Assigned (20050201)
Reference: CONECTIVA:CLA-2005:930
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000930
Reference: REDHAT:RHSA-2005:366
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-366.html
Reference: SUSE:SUSE-SA:2005:003
Reference: URL:http://www.securityfocus.com/advisories/7880
Reference: BID:12330
Reference: URL:http://www.securityfocus.com/bid/12330

Votes:

Name: CVE-2005-0208

Description:
The HTML parsing functions in Gaim before 1.1.4 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0473.

Status: Candidate
Phase: Assigned (20050201)
Reference: CONFIRM:http://gaim.sourceforge.net/security/?id=12
Reference: CONECTIVA:CLA-2005:933
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000933
Reference: FEDORA:FLSA:158543
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/426078/100/0/threaded
Reference: GENTOO:GLSA-200503-03
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200503-03.xml
Reference: MANDRAKE:MDKSA-2005:049
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:049
Reference: REDHAT:RHSA-2005:215
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-215.html
Reference: BUGTRAQ:20050225 [USN-85-1] Gaim vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110935655500670&w=2
Reference: SUSE:SUSE-SA:2005:036
Reference: URL:http://www.novell.com/linux/security/advisories/2005_36_sudo.html
Reference: CERT-VN:VU#795812
Reference: URL:http://www.kb.cert.org/vuls/id/795812
Reference: BID:12660
Reference: URL:http://www.securityfocus.com/bid/12660
Reference: SECUNIA:14386
Reference: URL:http://secunia.com/advisories/14386

Votes:

Name: CVE-2005-0209

Description:
Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via crafted IP packet fragments.

Votes:

Name: CVE-2005-0210

Description:
Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a denial of service (memory consumption) via certain packet fragments that are reassembled twice, which causes a data structure to be allocated twice.

Status: Candidate
Phase: Assigned (20050201)
Reference: BUGTRAQ:20050315 [USN-95-1] Linux kernel vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111091402626556&w=2
Reference: CONECTIVA:CLA-2005:945
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000945
Reference: MANDRAKE:MDKSA-2005:218
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:218
Reference: MANDRAKE:MDKSA-2005:219
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:219
Reference: MANDRIVA:MDKSA-2005:219
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:219
Reference: REDHAT:RHSA-2005:366
Reference: URL:http://rhn.redhat.com/errata/RHSA-2005-366.html
Reference: REDHAT:RHSA-2005:663
Reference: URL:http://rhn.redhat.com/errata/RHSA-2005-663.html
Reference: SUSE:SUSE-SA:2005:018
Reference: URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
Reference: BID:12816
Reference: URL:http://www.securityfocus.com/bid/12816
Reference: FRSIRT:ADV-2005-1878
Reference: URL:http://www.frsirt.com/english/advisories/2005/1878
Reference: OSVDB:14966
Reference: URL:http://www.osvdb.org/14966
Reference: SECUNIA:14295
Reference: URL:http://secunia.com/advisories/14295
Reference: SECUNIA:17826
Reference: URL:http://secunia.com/advisories/17826
Reference: SECUNIA:17002
Reference: URL:http://secunia.com/advisories/17002

Votes:

Name: CVE-2005-0211

Description:
Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter.

Status: Candidate
Phase: Assigned (20050201)
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-wccp_buffer_overflow
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-wccp_buffer_overflow.patch
Reference: DEBIAN:DSA-667
Reference: URL:http://www.debian.org/security/2005/dsa-667
Reference: FEDORA:FLSA-2006:152809
Reference: URL:http://fedoranews.org/updates/FEDORA--.shtml
Reference: MANDRAKE:MDKSA-2005:034
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:034
Reference: REDHAT:RHSA-2005:060
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-060.html
Reference: REDHAT:RHSA-2005:061
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-061.html
Reference: SUSE:SUSE-SA:2005:006
Reference: URL:http://www.novell.com/linux/security/advisories/2005_06_squid.html
Reference: BUGTRAQ:20050207 [USN-77-1] Squid vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110780531820947&w=2
Reference: CERT-VN:VU#886006
Reference: URL:http://www.kb.cert.org/vuls/id/886006
Reference: BID:12432
Reference: URL:http://www.securityfocus.com/bid/12432
Reference: OSVDB:13319
Reference: URL:http://www.osvdb.org/13319
Reference: SECTRACK:1013045
Reference: URL:http://securitytracker.com/id?1013045
Reference: SECUNIA:14076
Reference: URL:http://secunia.com/advisories/14076

Votes:

Name: CVE-2005-0212

Description:
The Amp II engine as used by Gore: Ultimate Soldier 1.50 and earlier allows remote attackers to cause a denial of service (infinite loop) via a zero byte UDP packet.

Status: Candidate
Phase: Assigned (20050201)
Reference: BUGTRAQ:20050106 Socket unreacheable in Amp II engine
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110503597505648&w=2
Reference: MISC:http://aluigi.altervista.org/adv/amp2zero-adv.txt
Reference: BID:12192
Reference: URL:http://www.securityfocus.com/bid/12192
Reference: SECUNIA:13754
Reference: URL:http://secunia.com/advisories/13754
Reference: XF:amp-3d-socket-dos(18789)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18789

Votes:

Name: CVE-2005-0213

Description:
Directory traversal vulnerability in WinHKI 1.4d allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a zip file.

Status: Candidate
Phase: Assigned (20050201)
Reference: BUGTRAQ:20050106 WinAc AND WinHKI ZIP File Directory Transversal
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110505334903257&w=2
Reference: BID:12176
Reference: URL:http://www.securityfocus.com/bid/12176
Reference: SECTRACK:1012798
Reference: URL:http://securitytracker.com/id?1012798
Reference: SECUNIA:13738
Reference: URL:http://secunia.com/advisories/13738
Reference: XF:winhki-zip-directory-traversal(18798)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18798

Votes:

Name: CVE-2005-0214

Description:
Directory traversal vulnerability in Simple PHP Blog (SPHPBlog) 0.3.7c allows remote attackers to read or create arbitrary files via a .. (dot dot) in the entry parameter.

Status: Candidate
Phase: Assigned (20050201)
Reference: BUGTRAQ:20050107 Simple PHP Blog directory traversal vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110512850603989&w=2
Reference: FULLDISC:20050107 Simple PHP Blog directory traversal vulnerability
Reference: URL:http://archives.neohapsis.com/archives/fulldisclosure/2005-01/0210.html
Reference: BID:12193
Reference: URL:http://www.securityfocus.com/bid/12193
Reference: XF:sphp-dotdot-directory-traversal(18802)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18802

Votes:

Name: CVE-2005-0215

Description:
Mozilla 1.6 and possibly other versions allows remote attackers to cause a denial of service (application crash) via a XBM (X BitMap) file with a large (1) height or (2) width value.

Status: Candidate
Phase: Assigned (20050201)
Reference: BUGTRAQ:20050107 Mozilla XBM Image Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110512665029209&w=2
Reference: XF:mozilla-xbm-dos(18803)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18803

Votes:

Name: CVE-2005-0216

Description:
Cross-site scripting (XSS) vulnerability in formmail.php in Woltlab Burning Board Lite 1.0.0, 1.0.1e, and possibly other versions, allows remote attackers to inject arbitrary web sript and HTML via the userid parameter.

Status: Candidate
Phase: Assigned (20050201)
Reference: BUGTRAQ:20050108 Security Advisory: Woltlab Burning Board Lite formmail.php XSS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110537385427004&w=2
Reference: BID:12199
Reference: URL:http://www.securityfocus.com/bid/12199
Reference: SECUNIA:13782
Reference: URL:http://secunia.com/advisories/13782
Reference: XF:wbb-formmail-userid-xss(18814)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18814

Votes:

Name: CVE-2005-0217

Description:
SQL injection vulnerability in index.php in Invision Community Blog allows remote attackers to execute arbitrary SQL commands via the eid parameter.

Status: Candidate
Phase: Assigned (20050201)
Reference: BUGTRAQ:20050109 SQL Injection Vulnerability in Invision Community Blog
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110538277223800&w=2
Reference: BID:12205
Reference: URL:http://www.securityfocus.com/bid/12205
Reference: OSVDB:12817
Reference: URL:http://www.osvdb.org/12817
Reference: SECTRACK:1012831
Reference: URL:http://securitytracker.com/id?1012831
Reference: SECUNIA:13783
Reference: URL:http://secunia.com/advisories/13783
Reference: XF:icb-sql-injection(18815)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18815

Votes:

Name: CVE-2005-0218

Description:
ClamAV 0.80 and earlier allows remote attackers to bypass virus scanning via a base64 encoded image in a data: (RFC 2397) URL.

Status: Candidate
Phase: Assigned (20050205)
Reference: FULLDISC:20050110 Multi-vendor AV gateway image inspection bypass vulnerability
Reference: URL:http://seclists.org/lists/fulldisclosure/2005/Jan/0332.html
Reference: FULLDISC:20050114 Re: Multi-vendor AV gateway image inspection bypass vulnerability
Reference: URL:http://seclists.org/lists/fulldisclosure/2005/Jan/0537.html
Reference: CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=300116
Reference: GENTOO:GLSA-200501-46
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200501-46.xml
Reference: MANDRAKE:MDKSA-2005:025
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:025
Reference: SECUNIA:13900
Reference: URL:http://secunia.com/advisories/13900/

Votes:

Name: CVE-2005-0219

Description:
Multiple cross-site scripting (XSS) vulnerabilities in Gallery 1.3.4-pl1 allow remote attackers to inject arbitrary web script or HTML via (1) the index field in add_comment.php, (2) set_albumName, (3) slide_index, (4) slide_full, (5) slide_loop, (6) slide_pause, (7) slide_dir fields in slideshow_low.php, or (8) username field in search.php.

Status: Candidate
Phase: Assigned (20050205)
Reference: BUGTRAQ:20050117 Gallery v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Cross Site Scripting Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110608459222364&w=2
Reference: VULNWATCH:20050117 Gallery v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Cross Site Scripting Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0031.html
Reference: MISC:http://theinsider.deep-ice.com/texts/advisory69.txt
Reference: CONFIRM:http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=147
Reference: XF:gallery-multiple-xss(18938)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18938
Reference: XF:gallery-multiple-scripts-xss(43473)
Reference: URL:http://xforce.iss.net/xforce/xfdb/43473

Votes:

Name: CVE-2005-0220

Description:
Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 allows remote attackers to inject arbitrary web script or HTML via the username field.

Status: Candidate
Phase: Assigned (20050205)
Reference: BUGTRAQ:20050117 Gallery v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Cross Site Scripting Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110608459222364&w=2
Reference: VULNWATCH:20050117 Gallery v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Cross Site Scripting Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0031.html
Reference: MISC:http://theinsider.deep-ice.com/texts/advisory69.txt
Reference: GENTOO:GLSA-200501-45
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200501-45.xml
Reference: CONFIRM:http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=147
Reference: SECUNIA:13887
Reference: URL:http://secunia.com/advisories/13887/
Reference: XF:gallery-multiple-xss(18938)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18938

Votes:

Name: CVE-2005-0221

Description:
Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 Alpha allows remote attackers to inject arbitrary web script or HTML via the g2_form[subject] field.

Status: Candidate
Phase: Assigned (20050205)
Reference: BUGTRAQ:20050117 Gallery v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Cross Site Scripting Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110608459222364&w=2
Reference: VULNWATCH:20050117 [VulnWatch] Gallery v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Cross Site Scripting Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0031.html
Reference: MISC:http://theinsider.deep-ice.com/texts/advisory69.txt
Reference: CONFIRM:http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=147
Reference: XF:gallery-multiple-xss(18938)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18938
Reference: XF:gallery-g2formsubject-xss(43472)
Reference: URL:http://xforce.iss.net/xforce/xfdb/43472

Votes:

Name: CVE-2005-0222

Description:
main.php in Gallery 2.0 Alpha allows remote attackers to gain sensitive information by changing the value of g2_subView parameter, which reveals the path in an error message.

Status: Candidate
Phase: Assigned (20050205)
Reference: BUGTRAQ:20050117 Gallery v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Cross Site Scripting Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110608459222364&w=2
Reference: VULNWATCH:20050117 [VulnWatch] Gallery v1.3.4-pl1, v1.4.4-pl2, 2.0 Alpha Cross Site Scripting Vulnerability
Reference: URL:http://archives.neohapsis.com/archives/vulnwatch/2005-q1/0031.html
Reference: MISC:http://theinsider.deep-ice.com/texts/advisory69.txt
Reference: CONFIRM:http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=147
Reference: XF:gallery-mainphp-obtain-information(18940)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18940

Votes:

Name: CVE-2005-0223

Description:
The Software Development Kit (SDK) and Run Time Environment (RTE) 1.4.1 and 1.4.2 for Tru64 UNIX allows remote attackers to cause a denial of service (Java Virtual Machine hang) via object deserialization.

Status: Candidate
Phase: Assigned (20050205)
Reference: HP:SSRT4875
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110719624029320&w=2

Votes:

Name: CVE-2005-0224

Description:
Unknown vulnerability in HP-UX B.11.04 running Virtualvault 4.5 through 4.7, when running the TGA daemon, allows remote attackers to cause a denial of service via certain network traffic.

Status: Candidate
Phase: Assigned (20050205)
Reference: HP:SSRT5900
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110726808700080&w=2
Reference: SECUNIA:14082
Reference: URL:http://secunia.com/advisories/14082/

Votes:

Name: CVE-2005-0225

Description:
firehol.sh in FireHOL before 1.224 creates temporary files with predictable file names, which could allow local users to overwrite arbitrary files via a symlink attack.

Status: Candidate
Phase: Assigned (20050205)
Reference: GENTOO:GLSA-200502-01
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200502-01.xml
Reference: CONFIRM:http://cvs.sourceforge.net/viewcvs.py/firehol/firehol/firehol.sh
Reference: BID:12336
Reference: URL:http://www.securityfocus.com/bid/12336
Reference: OSVDB:13137
Reference: URL:http://www.osvdb.org/13137
Reference: SECTRACK:1012969
Reference: URL:http://securitytracker.com/id?1012969
Reference: SECUNIA:13970
Reference: URL:http://secunia.com/advisories/13970
Reference: SECUNIA:14102
Reference: URL:http://secunia.com/advisories/14102
Reference: XF:firehol-symlink(19032)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19032

Votes:

Name: CVE-2005-0226

Description:
Format string vulnerability in the Log_Resolver function in log.c for ngIRCd 0.8.2 and earlier, when compiled with IDENT, logging to SYSLOG, and with DEBUG enabled, allows remote attackers to execute arbitrary code.

Status: Candidate
Phase: Assigned (20050205)
Reference: BUGTRAQ:20050203 ngIRCd <= v0.8.2 Format String Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110746413108183&w=2
Reference: MISC:http://www.nosystem.com.ar/advisories/advisory-11.txt
Reference: BID:12434
Reference: URL:http://www.securityfocus.com/bid/12434
Reference: SECUNIA:14114
Reference: URL:http://secunia.com/advisories/14114/

Votes:

Name: CVE-2005-0227

Description:
PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users to load arbitrary shared libraries and execute code via the LOAD extension.

Status: Candidate
Phase: Assigned (20050205)
Reference: MLIST:[pgsql-bugs] 20050121 Privilege escalation via LOAD
Reference: URL:http://archives.postgresql.org/pgsql-bugs/2005-01/msg00269.php
Reference: MLIST:[pgsql-announce] 20050201 PostgreSQL Security Release
Reference: URL:http://archives.postgresql.org/pgsql-announce/2005-02/msg00000.php
Reference: DEBIAN:DSA-668
Reference: URL:http://www.debian.org/security/2005/dsa-668
Reference: GENTOO:200502-08
Reference: URL:http://security.gentoo.org/glsa/glsa-200502-08.xml
Reference: MANDRAKE:MDKSA-2005:040
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:040
Reference: REDHAT:RHSA-2005:138
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-138.html
Reference: REDHAT:RHSA-2005:150
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-150.html
Reference: SUSE:SUSE-SA:2005:036
Reference: URL:http://www.novell.com/linux/security/advisories/2005_36_sudo.html
Reference: TRUSTIX:2005-0003
Reference: URL:http://www.trustix.org/errata/2005/0003/
Reference: BUGTRAQ:20050201 [USN-71-1] PostgreSQL vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110726899107148&w=2
Reference: BID:12411
Reference: URL:http://www.securityfocus.com/bid/12411
Reference: SECUNIA:12948
Reference: URL:http://secunia.com/advisories/12948

Votes:

Name: CVE-2005-0228

Description:
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2004-1388. Reason: This candidate is a duplicate of CVE-2004-1388. Notes: All CVE users should reference CVE-2004-1388 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Status: Candidate
Phase: Assigned (20050205)

Votes:

Name: CVE-2005-0229

Description:
CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file under the web root, which allows remote attackers to steal credit card information via a direct request to newfile.txt.

Status: Candidate
Phase: Assigned (20050205)
Reference: FULLDISC:20050212 Credit Card data disclosure in CitrusDB
Reference: URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110824766519417&w=2
Reference: MISC:http://www.redteam-pentesting.de/advisories/rt-sa-2005-001.txt
Reference: CONFIRM:http://www.citrusdb.org/forums/viewtopic.php?t=49
Reference: BID:12402
Reference: URL:http://www.securityfocus.com/bid/12402
Reference: SECTRACK:1013040
Reference: URL:http://securitytracker.com/id?1013040
Reference: XF:citrus-information-disclosure(19145)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19145

Votes:

Name: CVE-2005-0230

Description:
Firefox 1.0 does not prevent the user from dragging an executable file to the desktop when it has an image/gif content type but has a dangerous extension such as .bat or .exe, which allows remote attackers to bypass the intended restriction and execute arbitrary commands via malformed GIF files that can still be parsed by the Windows batch file parser, aka "firedragging."

Status: Candidate
Phase: Assigned (20050207)
Reference: BUGTRAQ:20050207 Firedragging [Firefox 1.0]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110780995232064&w=2
Reference: MISC:http://www.mikx.de/firedragging/
Reference: CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=279945
Reference: CONFIRM:http://www.mozilla.org/security/announce/mfsa2005-25.html
Reference: GENTOO:GLSA-200503-10
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml
Reference: GENTOO:GLSA-200503-30
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml
Reference: SUSE:SUSE-SA:2006:022
Reference: URL:http://www.novell.com/linux/security/advisories/2006_04_25.html
Reference: SUSE:SUSE-SA:2006:004
Reference: URL:http://www.novell.com/linux/security/advisories/2006_04_25.html
Reference: OVAL:oval:org.mitre.oval:def:100033
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100033
Reference: SECUNIA:19823
Reference: URL:http://secunia.com/advisories/19823

Votes:

Name: CVE-2005-0231

Description:
Firefox 1.0 does not invoke the Javascript Security Manager when a user drags a javascript: or data: URL to a tab, which allows remote attackers to bypass the security model, aka "firetabbing."

Status: Candidate
Phase: Assigned (20050207)
Reference: BUGTRAQ:20050207 Firetabbing [Firefox 1.0]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110781134617144&w=2
Reference: MISC:http://www.mikx.de/firetabbing/
Reference: CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=280056
Reference: CONFIRM:http://www.mozilla.org/security/announce/mfsa2005-26.html
Reference: GENTOO:GLSA-200503-10
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml
Reference: GENTOO:GLSA-200503-30
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml
Reference: REDHAT:RHSA-2005:176
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-176.html
Reference: REDHAT:RHSA-2005:384
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-384.html
Reference: SUSE:SUSE-SA:2005:016
Reference: URL:http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html
Reference: OVAL:oval:org.mitre.oval:def:100032
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100032
Reference: XF:mozilla-firefox-tab-gain-access(19264)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19264

Votes:

Name: CVE-2005-0232

Description:
Firefox 1.0 allows remote attackers to modify Boolean configuration parameters for the about:config site by using a plugin such as Flash, and the -moz-opacity filter, to display the about:config site then cause the user to double-click at a certain screen position, aka "Fireflashing."

Status: Candidate
Phase: Assigned (20050207)
Reference: BUGTRAQ:20050207 Fireflashing [Firefox 1.0]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110781055630856&w=2
Reference: MISC:http://www.mikx.de/fireflashing/
Reference: CONFIRM:https://bugzilla.mozilla.org/show_bug.cgi?id=280664
Reference: CONFIRM:http://www.mozilla.org/security/announce/mfsa2005-27.html
Reference: GENTOO:GLSA-200503-10
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml
Reference: GENTOO:GLSA-200503-30
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml
Reference: REDHAT:RHSA-2005:323
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-323.html
Reference: REDHAT:RHSA-2005:176
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-176.html
Reference: REDHAT:RHSA-2005:384
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-384.html
Reference: SUSE:SUSE-SA:2005:016
Reference: URL:http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html
Reference: XF:mozilla-firefox-aboutconfig-modify(19266)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19266

Votes:

Name: CVE-2005-0233

Description:
The International Domain Name (IDN) support in Firefox 1.0, Camino .8.5, and Mozilla before 1.7.6 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

Status: Candidate
Phase: Assigned (20050207)
Reference: FULLDISC:20050206 state of homograph attacks
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html
Reference: BUGTRAQ:20050208 International Domain Name [IDN] support in modern browsers allows attackers to spoof domain name URLs + SSL certs.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110782704923280&w=2
Reference: MISC:http://www.shmoo.com/idn
Reference: MISC:http://www.shmoo.com/idn/homograph.txt
Reference: CONFIRM:http://www.mozilla.org/security/announce/mfsa2005-29.html
Reference: GENTOO:GLSA-200503-10
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml
Reference: GENTOO:GLSA-200503-30
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml
Reference: REDHAT:RHSA-2005:176
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-176.html
Reference: REDHAT:RHSA-2005:384
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-384.html
Reference: SUSE:SUSE-SA:2005:016
Reference: URL:http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html
Reference: BID:12461
Reference: URL:http://www.securityfocus.com/bid/12461
Reference: OVAL:oval:org.mitre.oval:def:100029
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100029
Reference: XF:multiple-browsers-idn-spoof(19236)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19236

Votes:

Name: CVE-2005-0234

Description:
The International Domain Name (IDN) support in Safari 1.2.5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

Votes:

Name: CVE-2005-0235

Description:
The International Domain Name (IDN) support in Opera 7.54 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

Votes:

Name: CVE-2005-0236

Description:
The International Domain Name (IDN) support in Omniweb 5 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

Votes:

Name: CVE-2005-0237

Description:
The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

Status: Candidate
Phase: Assigned (20050207)
Reference: FULLDISC:20050206 state of homograph attacks
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html
Reference: FULLDISC:20050206 Re: state of homograph attacks
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031460.html
Reference: MISC:http://www.shmoo.com/idn
Reference: MISC:http://www.shmoo.com/idn/homograph.txt
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20050316-2.txt
Reference: FEDORA:FLSA:178606
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/427976/100/0/threaded
Reference: MANDRAKE:MDKSA-2005:058
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:058
Reference: REDHAT:RHSA-2005:325
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-325.html
Reference: BID:12461
Reference: URL:http://www.securityfocus.com/bid/12461
Reference: SECUNIA:14162
Reference: URL:http://secunia.com/advisories/14162
Reference: XF:multiple-browsers-idn-spoof(19236)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19236

Votes:

Name: CVE-2005-0238

Description:
The International Domain Name (IDN) support in Epiphany allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks.

Status: Candidate
Phase: Assigned (20050207)
Reference: FULLDISC:20050206 state of homograph attacks
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html
Reference: MISC:http://www.shmoo.com/idn
Reference: MISC:http://www.shmoo.com/idn/homograph.txt
Reference: CONFIRM:https://bugzilla.redhat.com/beta/show_bug.cgi?id=147399
Reference: BID:12461
Reference: URL:http://www.securityfocus.com/bid/12461
Reference: XF:multiple-browsers-idn-spoof(19236)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19236

Votes:

Name: CVE-2005-0239

Description:
viewcert.php in the S/MIME plugin 0.4 and 0.5 for Squirrelmail allows remote attackers to execute arbitrary commands via shell metacharacters in the cert parameter.

Status: Candidate
Phase: Assigned (20050207)
Reference: IDEFENSE:20050207 SquirrelMail S/MIME Plugin Command Injection Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=191&type=vulnerabilities&flashstatus=false
Reference: CONFIRM:http://www.squirrelmail.org/plugin_view.php?id=54
Reference: CERT-VN:VU#502328
Reference: URL:http://www.kb.cert.org/vuls/id/502328
Reference: XF:squirrelmail-smime-command-execution(19242)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19242

Votes:

Name: CVE-2005-0240

Description:
Format string vulnerability in chdev on IBM AIX 5.2 allows local users to execute arbitrary code via format string specifiers in a command line argument, which is not properly handled when printing an error message.

Status: Candidate
Phase: Assigned (20050207)
Reference: IDEFENSE:20050207 IBM AIX chdev Local Format String Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?type=vulnerabilities
Reference: AIXAPAR:IY67455
Reference: URL:http://www-1.ibm.com/support/docview.wss?uid=isg1IY67455
Reference: AIXAPAR:IY67654
Reference: URL:http://www-1.ibm.com/support/docview.wss?uid=isg1IY67654
Reference: XF:aix-chdev-format-string(19244)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19244

Votes:

Name: CVE-2005-0241

Description:
The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 and earlier does not properly set the debug context when it is handling "oversized" HTTP reply headers, which might allow remote attackers to poison the cache or bypass access controls based on header size.

Status: Candidate
Phase: Assigned (20050208)
Reference: CONFIRM:http://www.squid-cache.org/bugs/show_bug.cgi?id=1216
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.5/bugs/#squid-2.5.STABLE7-oversize_reply_headers
Reference: CONFIRM:http://www.squid-cache.org/Versions/v2/2.5/bugs/squid-2.5.STABLE7-oversize_reply_headers.patch
Reference: CONECTIVA:CLA-2005:931
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000931
Reference: FEDORA:FLSA-2006:152809
Reference: URL:http://fedoranews.org/updates/FEDORA--.shtml
Reference: REDHAT:RHSA-2005:060
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-060.html
Reference: REDHAT:RHSA-2005:061
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-061.html
Reference: SUSE:SUSE-SA:2005:006
Reference: URL:http://www.novell.com/linux/security/advisories/2005_06_squid.html
Reference: CERT-VN:VU#823350
Reference: URL:http://www.kb.cert.org/vuls/id/823350
Reference: BID:12412
Reference: URL:http://www.securityfocus.com/bid/12412
Reference: SECUNIA:14091
Reference: URL:http://secunia.com/advisories/14091
Reference: XF:squid-http-cache-poisoning(19060)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19060

Votes:

Name: CVE-2005-0242

Description:
The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and possibly other versions, allows attackers to arbitrary code by placing a malicious ping.exe program into the Messenger program directory, which is installed with weak default permissions.

Status: Candidate
Phase: Assigned (20050208)
Reference: VULNWATCH:20050218 Yahoo! Messenger Audio Setup Wizard Privilege Escalation
Reference: MISC:http://secunia.com/secunia_research/2004-6/advisory/
Reference: CONFIRM:http://messenger.yahoo.com/security/update6.html
Reference: SECUNIA:11815
Reference: URL:http://secunia.com/advisories/11815

Votes:

Name: CVE-2005-0243

Description:
Yahoo! Messenger 6.0.0.1750, and possibly other versions before 6.0.0.1921, does not properly display long filenames in file dialog boxes, which could allow remote attackers to trick users into downloading and executing programs via file names containing a large number of spaces and multiple file extensions.

Status: Candidate
Phase: Assigned (20050208)
Reference: VULNWATCH:20050218 Yahoo! Messenger File Transfer Filename Spoofing
Reference: MISC:http://secunia.com/secunia_research/2005-2/advisory/
Reference: SECUNIA:13712
Reference: URL:http://secunia.com/advisories/13712

Votes:

Name: CVE-2005-0244

Description:
PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE permission check for functions by using the CREATE AGGREGATE command.

Status: Candidate
Phase: Assigned (20050208)
Reference: MLIST:[pgsql-hackers] 20050127 Permissions on aggregate component functions
Reference: URL:http://archives.postgresql.org/pgsql-hackers/2005-01/msg00922.php
Reference: MANDRAKE:MDKSA-2005:040
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:040
Reference: REDHAT:RHSA-2005:138
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-138.html
Reference: BUGTRAQ:20050210 [USN-79-1] PostgreSQL vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110806034116082&w=2
Reference: SUSE:SUSE-SA:2005:036
Reference: URL:http://www.novell.com/linux/security/advisories/2005_36_sudo.html
Reference: BID:12417
Reference: URL:http://www.securityfocus.com/bid/12417
Reference: SECUNIA:12948
Reference: URL:http://secunia.com/advisories/12948
Reference: XF:postgresql-security-bypass(19184)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19184

Votes:

Name: CVE-2005-0245

Description:
Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow attackers to execute arbitrary code via a large number of arguments to a refcursor function (gram.y), which leads to a heap-based buffer overflow, a different vulnerability than CVE-2005-0247.

Status: Candidate
Phase: Assigned (20050208)
Reference: MLIST:[pgsql-patches] 20050120 Re: WIP: pl/pgsql cleanup
Reference: URL:http://archives.postgresql.org/pgsql-patches/2005-01/msg00216.php
Reference: MLIST:[pgsql-committers] 20050121 pgsql: Prevent overrunning a heap-allocated buffer is more than 1024
Reference: URL:http://archives.postgresql.org/pgsql-committers/2005-01/msg00298.php
Reference: MLIST:[pgsql-committers] 20050207 pgsql: Prevent 4 more buffer overruns in the PL/PgSQL parser.
Reference: URL:http://archives.postgresql.org/pgsql-committers/2005-02/msg00049.php
Reference: DEBIAN:DSA-683
Reference: URL:http://www.debian.org/security/2005/dsa-683
Reference: MANDRAKE:MDKSA-2005:040
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:040
Reference: REDHAT:RHSA-2005:138
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-138.html
Reference: REDHAT:RHSA-2005:150
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-150.html
Reference: BUGTRAQ:20050210 [USN-79-1] PostgreSQL vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110806034116082&w=2
Reference: SUSE:SUSE-SA:2005:036
Reference: URL:http://www.novell.com/linux/security/advisories/2005_36_sudo.html
Reference: BID:12417
Reference: URL:http://www.securityfocus.com/bid/12417
Reference: SECUNIA:12948
Reference: URL:http://secunia.com/advisories/12948
Reference: XF:postgresql-cursor-bo(19188)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19188

Votes:

Name: CVE-2005-0246

Description:
The intagg contrib module for PostgreSQL 8.0.0 and earlier allows attackers to cause a denial of service (crash) via crafted arrays.

Status: Candidate
Phase: Assigned (20050208)
Reference: MLIST:[pgsql-committers] 20050127 pgsql: Fix security and 64-bit issues in contrib/intagg.
Reference: URL:http://archives.postgresql.org/pgsql-committers/2005-01/msg00401.php
Reference: MANDRAKE:MDKSA-2005:040
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:040
Reference: REDHAT:RHSA-2005:138
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-138.html
Reference: BUGTRAQ:20050210 [USN-79-1] PostgreSQL vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110806034116082&w=2
Reference: SUSE:SUSE-SA:2005:036
Reference: URL:http://www.novell.com/linux/security/advisories/2005_36_sudo.html
Reference: BID:12417
Reference: URL:http://www.securityfocus.com/bid/12417
Reference: SECUNIA:12948
Reference: URL:http://secunia.com/advisories/12948
Reference: XF:postgresql-contribintagg-dos(19185)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19185

Votes:

Name: CVE-2005-0247

Description:
Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier may allow attackers to execute arbitrary code via (1) a large number of variables in a SQL statement being handled by the read_sql_construct function, (2) a large number of INTO variables in a SELECT statement being handled by the make_select_stmt function, (3) a large number of arbitrary variables in a SELECT statement being handled by the make_select_stmt function, and (4) a large number of INTO variables in a FETCH statement being handled by the make_fetch_stmt function, a different set of vulnerabilities than CVE-2005-0245.

Status: Candidate
Phase: Assigned (20050208)
Reference: MLIST:[pgsql-committers] 20050207 pgsql: Prevent 4 more buffer overruns in the PL/PgSQL parser.
Reference: URL:http://archives.postgresql.org/pgsql-committers/2005-02/msg00049.php
Reference: DEBIAN:DSA-683
Reference: URL:http://www.debian.org/security/2005/dsa-683
Reference: GENTOO:GLSA-200502-19
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200502-19.xml
Reference: MANDRAKE:MDKSA-2005:040
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:040
Reference: REDHAT:RHSA-2005:138
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-138.html
Reference: REDHAT:RHSA-2005:150
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-150.html
Reference: SUSE:SUSE-SA:2005:027
Reference: URL:http://www.novell.com/linux/security/advisories/2005_27_postgresql.html
Reference: BUGTRAQ:20050210 [USN-79-1] PostgreSQL vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110806034116082&w=2
Reference: SUSE:SUSE-SA:2005:036
Reference: URL:http://www.novell.com/linux/security/advisories/2005_36_sudo.html
Reference: BID:12417
Reference: URL:http://www.securityfocus.com/bid/12417
Reference: XF:postgresql-fetch-makefetchstmt-bo(19378)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19378
Reference: XF:postgresql-makeselectstmt-arbitrary-bo(19377)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19377
Reference: XF:postgresql-makeselectstmt-input-bo(19376)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19376
Reference: XF:postgresql-readsqlconstruct-bo(19375)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19375

Votes:

Name: CVE-2005-0248

Description:
The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when creating user accounts that are configured for password aging, creates the accounts with a blank password, which allows remote or local attackers to break into those accounts.

Status: Candidate
Phase: Assigned (20050208)
Reference: SUNALERT:57717
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-57717-1
Reference: CIAC:P-096
Reference: URL:http://www.ciac.org/ciac/bulletins/p-096.shtml
Reference: BID:12260
Reference: URL:http://www.securityfocus.com/bid/12260
Reference: SECTRACK:1012860
Reference: URL:http://securitytracker.com/id?1012860
Reference: SECUNIA:13803
Reference: URL:http://secunia.com/advisories/13803/
Reference: XF:solaris-smc-blank-password(18868)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18868

Votes:

Name: CVE-2005-0249

Description:
Heap-based buffer overflow in the DEC2EXE module for Symantec AntiVirus Library allows remote attackers to execute arbitrary code via a UPX compressed file containing a negative virtual offset to a crafted PE header.

Status: Candidate
Phase: Assigned (20050208)
Reference: ISS:20050208 Symantec AntiVirus Library Heap Overflow
Reference: URL:http://xforce.iss.net/xforce/alerts/id/187
Reference: CONFIRM:http://www.symantec.com/avcenter/security/Content/2005.02.08.html
Reference: CERT-VN:VU#107822
Reference: URL:http://www.kb.cert.org/vuls/id/107822
Reference: SECTRACK:1013133
Reference: URL:http://securitytracker.com/id?1013133
Reference: XF:upx-engine-gain-control(18869)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18869

Votes:

Name: CVE-2005-0250

Description:
Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via format string specifiers in a command line argument.

Status: Candidate
Phase: Assigned (20050208)
Reference: IDEFENSE:20050208 IBM AIX auditselect Local Format String Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=193&type=vulnerabilities&flashstatus=false
Reference: AIXAPAR:IY67519
Reference: URL:http://www-1.ibm.com/support/docview.wss?uid=isg1IY67519
Reference: AIXAPAR:IY67472
Reference: URL:http://www-1.ibm.com/support/docview.wss?uid=isg1IY67472
Reference: AIXAPAR:IY67802
Reference: URL:http://www-1.ibm.com/support/docview.wss?uid=isg1IY67802
Reference: CERT-VN:VU#896729
Reference: URL:http://www.kb.cert.org/vuls/id/896729
Reference: BID:12496
Reference: URL:http://www.securityfocus.com/bid/12496
Reference: SECTRACK:1013103
Reference: URL:http://securitytracker.com/id?1013103
Reference: SECUNIA:14198
Reference: URL:http://secunia.com/advisories/14198
Reference: XF:aix-auditselect-format-string(19255)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19255

Votes:

Name: CVE-2005-0251

Description:
Cross-site scripting (XSS) vulnerability in bibindex.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to inject arbitrary HTML and web script via the search parameter.

Status: Candidate
Phase: Assigned (20050209)
Reference: BUGTRAQ:20050217 Advisory: Multiple Vulnerabilities in BibORB
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110868948719773&w=2
Reference: FULLDISC:20050217 Advisory: Multiple Vulnerabilities in BibORB
Reference: URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110864983905770&w=2
Reference: BID:12583
Reference: URL:http://www.securityfocus.com/bid/12583

Votes:

Name: CVE-2005-0252

Description:
SQL injection vulnerability in BibORB 1.3.2, and possibly earlier versions, allows remote attackers to execute arbitrary SQL commands via the (1) Username or (2) Password.

Votes:

Name: CVE-2005-0253

Description:
Directory traversal vulnerability in index.php for BibORB 1.3.2, and possibly earlier versions, allows remote attackers to delete arbitrary files via a Delete action and .. (dot dot) sequences in the database_name parameter.

Votes:

Name: CVE-2005-0254

Description:
BibORB 1.3.2, and possibly earlier versions, does not properly enforce a restriction for uploading only PDF and PS files, which allows remote attackers to upload arbitrary files that are presented to other users with PDF or PS icons, which may trick some users into downloading and executing those files.

Votes:

Name: CVE-2005-0255

Description:
String handling functions in Mozilla 1.7.3, Firefox 1.0, and Thunderbird before 1.0.2, such as the nsTSubstring_CharT::Replace function, do not properly check the return values of other functions that resize the string, which allows remote attackers to cause a denial of service and possibly execute arbitrary code by forcing an out-of-memory state that causes a reallocation to fail and return a pointer to a fixed address, which leads to heap corruption.

Status: Candidate
Phase: Assigned (20050209)
Reference: IDEFENSE:20050228 Mozilla Firefox and Mozilla Browser Out Of Memory Heap Corruption Design Error
Reference: URL:http://www.idefense.com/application/poi/display?id=200&type=vulnerabilities
Reference: CONFIRM:http://www.mozilla.org/security/announce/mfsa2005-18.html
Reference: GENTOO:GLSA-200503-10
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200503-10.xml
Reference: GENTOO:GLSA-200503-30
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml
Reference: REDHAT:RHSA-2005:277
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-277.html
Reference: REDHAT:RHSA-2005:337
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-337.html
Reference: REDHAT:RHSA-2005:176
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-176.html
Reference: SUSE:SUSE-SA:2005:016
Reference: URL:http://www.novell.com/linux/security/advisories/2005_16_mozilla_firefox.html
Reference: SUSE:SUSE-SA:2006:022
Reference: URL:http://www.novell.com/linux/security/advisories/2006_04_25.html
Reference: SUSE:SUSE-SA:2006:004
Reference: URL:http://www.novell.com/linux/security/advisories/2006_04_25.html
Reference: BID:12659
Reference: URL:http://www.securityfocus.com/bid/12659
Reference: OVAL:oval:org.mitre.oval:def:100040
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100040
Reference: SECUNIA:19823
Reference: URL:http://secunia.com/advisories/19823

Votes:

Name: CVE-2005-0256

Description:
The wu_fnmatch function in wu_fnmatch.c in wu-ftpd 2.6.1 and 2.6.2 allows remote attackers to cause a denial of service (CPU exhaustion by recursion) via a glob pattern with a large number of * (wildcard) characters, as demonstrated using the dir command.

Status: Candidate
Phase: Assigned (20050209)
Reference: IDEFENSE:20050225 WU-FTPD File Globbing Denial of Service Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=207&type=vulnerabilities
Reference: DEBIAN:DSA-705
Reference: URL:http://www.debian.org/security/2005/dsa-705
Reference: HP:HPSBUX02110
Reference: URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00637342
Reference: HP:SSRT061110
Reference: URL:http://itrc.hp.com/service/cki/docDisplay.do?docId=c00637342
Reference: SCO:SCOSA-2005.63
Reference: URL:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.63/SCOSA-2005.63.txt
Reference: SUNALERT:57795
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-57795-1
Reference: SUNALERT:101699
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101699-1
Reference: FRSIRT:ADV-2005-0588
Reference: URL:http://www.frsirt.com/english/advisories/2005/0588
Reference: FRSIRT:ADV-2006-1271
Reference: URL:http://www.frsirt.com/english/advisories/2006/1271
Reference: OSVDB:14203
Reference: URL:http://www.osvdb.org/14203
Reference: OVAL:oval:org.mitre.oval:def:1265
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1265
Reference: OVAL:oval:org.mitre.oval:def:1333
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1333
Reference: OVAL:oval:org.mitre.oval:def:1762
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:1762
Reference: SECUNIA:18210
Reference: URL:http://secunia.com/advisories/18210
Reference: SECUNIA:14411
Reference: URL:http://secunia.com/advisories/14411
Reference: SECUNIA:19561
Reference: URL:http://secunia.com/advisories/19561

Votes:

Name: CVE-2005-0257

Status: Candidate
Phase: Assigned (20050209)

Votes:

Name: CVE-2005-0258

Description:
Directory traversal vulnerability in (1) usercp_register.php and (2) usercp_avatar.php for phpBB 2.0.11, and possibly other versions, with gallery avatars enabled, allows remote attackers to delete (unlink) arbitrary files via "/../" sequences in the avatarselect parameter.

Status: Candidate
Phase: Assigned (20050209)
Reference: IDEFENSE:20050222 phpBB Group phpBB2 Arbitrary File Unlink Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=205&type=vulnerabilities
Reference: CONFIRM:http://www.phpbb.com/support/documents.php?mode=changelog
Reference: GENTOO:GLSA-200503-02
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200503-02.xml

Votes:

Name: CVE-2005-0259

Description:
phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file.

Status: Candidate
Phase: Assigned (20050209)
Reference: IDEFENSE:20050222 phpBB Group phpBB Arbitrary File Disclosure Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=204&type=vulnerabilities
Reference: CONFIRM:http://www.phpbb.com/support/documents.php?mode=changelog
Reference: GENTOO:GLSA-200503-02
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200503-02.xml
Reference: CERT-VN:VU#774686
Reference: URL:http://www.kb.cert.org/vuls/id/774686
Reference: SECUNIA:14362
Reference: URL:http://secunia.com/advisories/14362/

Votes:

Name: CVE-2005-0260

Description:
Stack-based buffer overflow in the Discovery Service for BrightStor ARCserve Backup 11.1 and earlier allows remote attackers to execute arbitrary code via a long packet to UDP port 41524, which is not properly handled in a recvfrom call.

Status: Candidate
Phase: Assigned (20050210)
Reference: IDEFENSE:20050209 Computer Associates BrightStor ARCserve Backup v11 Discovery Service Remote Buffer Overflow Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=194&type=vulnerabilities
Reference: CONFIRM:http://supportconnectw.ca.com/public/enews/BrightStor/brigcurrent.asp#news1
Reference: SECTRACK:1013138
Reference: URL:http://securitytracker.com/id?1013138
Reference: SECUNIA:14183
Reference: URL:http://secunia.com/advisories/14183
Reference: XF:brightstor-discovery-bo(19251)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19251

Votes:

Name: CVE-2005-0261

Description:
lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop privileges before processing the -f option, which allows local users to read one line of arbitrary files.

Status: Candidate
Phase: Assigned (20050210)
Reference: IDEFENSE:20050210 IBM AIX lspath Local File Access Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=195&type=vulnerabilities
Reference: AIXAPAR:IY67457
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY67457&apar=only
Reference: AIXAPAR:IY67655
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY67655&apar=only
Reference: BID:12513
Reference: URL:http://www.securityfocus.com/bid/12513
Reference: SECUNIA:14232
Reference: URL:http://secunia.com/advisories/14232
Reference: XF:ibm-aix-ispath-information-disclosure(19281)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19281

Votes:

Name: CVE-2005-0262

Description:
Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -d argument.

Status: Candidate
Phase: Assigned (20050210)
Reference: IDEFENSE:20050210 IBM AIX ipl_varyon Local Buffer Overflow Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=196&type=vulnerabilities
Reference: AIXAPAR:IY67812
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY67812&apar=only
Reference: AIXAPAR:IY67750
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY67750&apar=only
Reference: AIXAPAR:IY66933
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY66933&apar=only
Reference: BID:12516
Reference: URL:http://www.securityfocus.com/bid/12516
Reference: SECUNIA:14231
Reference: URL:http://secunia.com/advisories/14231
Reference: XF:ibm-aix-iplvaryon-bo(19282)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19282

Votes:

Name: CVE-2005-0263

Description:
Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local users to execute arbitrary code via a long -O argument.

Status: Candidate
Phase: Assigned (20050210)
Reference: IDEFENSE:20050210 IBM AIX netpmon Local Buffer Overflow Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=197&type=vulnerabilities
Reference: AIXAPAR:IY67807
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY67807&apar=only
Reference: AIXAPAR:IY67136
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY67136&apar=only
Reference: AIXAPAR:IY67124
Reference: URL:http://www-1.ibm.com/support/search.wss?rs=0&q=IY67124&apar=only
Reference: BID:12517
Reference: URL:http://www.securityfocus.com/bid/12517
Reference: SECUNIA:14237
Reference: URL:http://secunia.com/advisories/14237
Reference: XF:ibm-aix-netpmon-bo(19278)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19278

Votes:

Name: CVE-2005-0264

Description:
Multiple cross-site scripting (XSS) vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) expand or (2) order parameter.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050101 Various Vulnerabilities in OWL Intranet Engine
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110461644407935&w=2
Reference: BID:12114
Reference: URL:http://www.securityfocus.com/bid/12114
Reference: SECUNIA:13695
Reference: URL:http://secunia.com/advisories/13695
Reference: XF:owl-intranet-engine-xss(18705)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18705

Votes:

Name: CVE-2005-0265

Description:
Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and 0.8 allow remote attackers to execute arbitrary SQL commands via the (1) parent or (2) sortposted parameter.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050101 Various Vulnerabilities in OWL Intranet Engine
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110461644407935&w=2
Reference: BID:12114
Reference: URL:http://www.securityfocus.com/bid/12114
Reference: SECUNIA:13695
Reference: URL:http://secunia.com/advisories/13695
Reference: XF:owl-intranet-engine-sql-injection(18704)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18704

Votes:

Name: CVE-2005-0266

Description:
Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X allows remote attackers to inject arbitrary web script or HTML via the (1) return_module, (2) return_action, (3) name, (4) module, or (5) record parameter.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050101 Cross Site Scripting Vulnerabilities and Possible Code Execution
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110461706232174&w=2
Reference: BID:12113
Reference: URL:http://www.securityfocus.com/bid/12113
Reference: XF:sugar-sales-index-xss(18719)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18719

Votes:

Name: CVE-2005-0267

Description:
index.php in FlatNuke 2.5.1 allows remote attackers to create an andministrator account via carriage returns and #10 in the url_avatar field, which is interpreted as a sensitive directive.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050102 Multiple Vulnerabilities in FlatNuke
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110477752916772&w=2
Reference: BID:12150
Reference: URL:http://www.securityfocus.com/bid/12150
Reference: XF:flatnuke-indexphp-gain-access(18741)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18741

Votes:

Name: CVE-2005-0268

Description:
Direct code injection vulnerability in FlatNuke 2.5.1 allows remote attackers to execute arbitrary PHP code by placing the code into the url_avatar field.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050102 Multiple Vulnerabilities in FlatNuke
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110477752916772&w=2
Reference: BID:12150
Reference: URL:http://www.securityfocus.com/bid/12150
Reference: XF:flatnuke-indexphp-xss(18746)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18746

Votes:

Name: CVE-2005-0269

Description:
The file extension check in GNUBoard 3.40 and earlier only verifies extensions that contain all lowercase letters, which allows remote attackers to upload arbitrary files via file extensions that include uppercase letters.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050103 STG Security Advisory: [SSA-20041224-21] File extensions
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110477648219738&w=2
Reference: SECUNIA:13711
Reference: URL:http://secunia.com/advisories/13711
Reference: XF:gnuboard-gbupdate-file-upload(18729)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18729
Reference: BID:12149
Reference: URL:http://www.securityfocus.com/bid/12149

Votes:

Name: CVE-2005-0270

Description:
Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to inject arbitrary web script or HTML via the (1) si parameter to showcat.php, (2) cat or (3) page parameter to showproduct.php, or (4) report parameter to reportproduct.php.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050103 Serious Vulnerabilities In PhotoPost ReviewPost
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110485682424110&w=2
Reference: MISC:http://www.gulftech.org/?node=research&article_id=00062-01022005
Reference: SECUNIA:13697
Reference: URL:http://secunia.com/advisories/13697/
Reference: XF:reviewpost-php-xss(18731)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18731

Votes:

Name: CVE-2005-0271

Description:
Multiple SQL injection vulnerabilities in ReviewPost PHP Pro before 2.84 allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to showcat.php or (2) product parameter to addfav.php.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050103 Serious Vulnerabilities In PhotoPost ReviewPost
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110485682424110&w=2
Reference: MISC:http://www.gulftech.org/?node=research&article_id=00062-01022005
Reference: SECUNIA:13697
Reference: URL:http://secunia.com/advisories/13697/
Reference: XF:reviewpost-php-sql-injection(18732)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18732

Votes:

Name: CVE-2005-0272

Description:
ReviewPost PHP Pro before 2.84 allows remote attackers to upload and execute arbitrary PHP files by posting a review file with multiple extensions, which bypasses the intended restrictions.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050103 Serious Vulnerabilities In PhotoPost ReviewPost
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110485682424110&w=2
Reference: MISC:http://www.gulftech.org/?node=research&article_id=00062-01022005
Reference: SECUNIA:13697
Reference: URL:http://secunia.com/advisories/13697/
Reference: XF:reviewpost-php-file-upload(18735)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18735

Votes:

Name: CVE-2005-0273

Description:
Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to execute arbitrary SQL commands via the (1) cat or (2) ppuser parameter.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050103 Multiple PhotoPost Pro Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110486165802196&w=2
Reference: MISC:http://www.gulftech.org/?node=research&article_id=00063-01032005
Reference: BID:12156
Reference: URL:http://www.securityfocus.com/bid/12156
Reference: SECUNIA:13680
Reference: URL:http://secunia.com/advisories/13680/
Reference: XF:photopost-php-showgallery-xss(18744)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18744

Votes:

Name: CVE-2005-0274

Description:
Multiple cross-site scripting (XSS) vulnerabilities in showgallery.php in PhotoPost before 4.86 allow remote attackers to inject arbitrary web script or HTML via the (1) cat, (2) si, (3) page, or (4) ppuser parameters.

Votes:

Name: CVE-2005-0275

Description:
TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) via a GET request containing an MS-DOS device name.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050104 3Com 3CDaemon Multiple Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110485674622696&w=2
Reference: XF:3cdaemon-reserved-name-dos(18750)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18750

Votes:

Name: CVE-2005-0276

Description:
Multiple format string vulnerabilities in the FTP service in 3Com 3CDaemon 2.0 revision 10 allow remote attackers to cause a denial of service (application crash) via format string specifiers in (1) the username, (2) cd, (3) delete, (4) rename, (5) rmdir, (6) literal, (7) stat, or (8) CWD commands.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050104 3Com 3CDaemon Multiple Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110485674622696&w=2
Reference: BID:12155
Reference: URL:http://www.securityfocus.com/bid/12155
Reference: XF:3cdaemon-login-dos(18751)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18751

Votes:

Name: CVE-2005-0277

Description:
Buffer overflow in the FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause a denial of service (application crash) and execute arbitrary code via (1) a long username in the USER command or (2) an FTP command that contains a long argument, such as cd, send, or ls.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050104 3Com 3CDaemon Multiple Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110485674622696&w=2
Reference: BUGTRAQ:20050218 3com 3CDaemon FTP Unauthorized "USER" Remote BOverflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110886719528518&w=2
Reference: BID:12155
Reference: URL:http://www.securityfocus.com/bid/12155
Reference: XF:3cdaemon-long-command-dos(18754)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18754

Votes:

Name: CVE-2005-0278

Description:
The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to gain sensitive information via a cd command that contains an MS-DOS device name, which reveals the installation path in an error message.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050104 3Com 3CDaemon Multiple Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110485674622696&w=2
Reference: BID:12155
Reference: URL:http://www.securityfocus.com/bid/12155
Reference: XF:3cdaemon-command-obtain-information(18756)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18756

Votes:

Name: CVE-2005-0279

Description:
Soldner Secret Wars 30830 and earlier does not properly handle the "message too long" socket error, which allows remote attackers to cause a denial of service (socket termination) via a long UDP packet.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050104 Socket termination, format string and XSS in Soldner Secret Wars
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110486654213504&w=2
Reference: BID:12162
Reference: URL:http://www.securityfocus.com/bid/12162
Reference: SECUNIA:13716
Reference: URL:http://secunia.com/advisories/13716
Reference: XF:soldner-secret-wars-dos(18749)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18749

Votes:

Name: CVE-2005-0280

Description:
Format string vulnerability in Soldner Secret Wars 30830 and earlier allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via format string specifiers in a message.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050104 Socket termination, format string and XSS in Soldner Secret Wars
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110486654213504&w=2
Reference: BID:12162
Reference: URL:http://www.securityfocus.com/bid/12162
Reference: SECUNIA:13716
Reference: URL:http://secunia.com/advisories/13716
Reference: XF:soldner-secret-wars-format-string(18752)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18752

Votes:

Name: CVE-2005-0281

Description:
Cross-site scripting (XSS) vulnerability in the web interface in Soldner Secret Wars 30830 allows remote attackers to inject arbitrary web script or HTML via a user message, which is not filtered or quoted when the administrator views the server logs.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050104 Socket termination, format string and XSS in Soldner Secret Wars
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110486654213504&w=2
Reference: BID:12162
Reference: URL:http://www.securityfocus.com/bid/12162
Reference: SECUNIA:13716
Reference: URL:http://secunia.com/advisories/13716
Reference: XF:soldner-secret-wars-xss(18753)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18753

Votes:

Name: CVE-2005-0282

Description:
SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) allows remote attackers to execute arbitrary SQL commands via the uid parameter.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050104 MyBB SQL Injection
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110486566600980&w=2
Reference: BID:12161
Reference: URL:http://www.securityfocus.com/bid/12161
Reference: XF:mybb-member-sql-injection(18755)
Reference: URL:http://xforce.iss.net/xforce/xfdb/187

Votes:

Name: CVE-2005-0283

Description:
Directory traversal vulnerability in index.php in QwikiWiki allows remote attackers to read arbitrary files via a .. (dot dot) and a %00 at the end of the filename in the page parameter.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050104 QWikiwiki directory traversal vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110486832621053&w=2
Reference: CONFIRM:http://www.qwikiwiki.com/index.php?page=QwikiVulnerability
Reference: BID:12163
Reference: URL:http://www.securityfocus.com/bid/12163
Reference: SECUNIA:12044
Reference: URL:http://secunia.com/advisories/12044
Reference: XF:qwikiwiki-directory-traversal(18748)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18748

Votes:

Name: CVE-2005-0284

Description:
SQL injection vulnerability in addentry.php in Woltlab Burning Book 1.0 Gold, 1.1.1e, and possibly other versions, allows remote attackers to execute arbitrary SQL commands via the user-agent parameter.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050110 Woltlab Burning Book addentry.php SQL Injection
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110548032401506&w=2
Reference: XF:woltlab-book-addentry-sql-injection(18859)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18859

Votes:

Name: CVE-2005-0285

Description:
Webseries Payment Application does not properly restrict privileged operations, which allows remote authenticated users to gain privileges by directly accessing certain URLs.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050110 Portcullis Security Advisory 05-001
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110547396124885&w=2
Reference: BID:12216
Reference: URL:http://www.securityfocus.com/bid/12216
Reference: SECTRACK:1012854
Reference: URL:http://securitytracker.com/id?1012854
Reference: SECUNIA:13821
Reference: URL:http://secunia.com/advisories/13821
Reference: XF:webseries-pa-url-security-bypass(18848)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18848

Votes:

Name: CVE-2005-0286

Description:
eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to obtain sensitive information via an HTTP request for a .bhtml file that contains a (1) . (dot) or (2) + (plus sign) at the end, which returns the source code for that file.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050110 Portcullis Security Advisory 05-004
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110547824902053&w=2
Reference: BID:12236
Reference: URL:http://www.securityfocus.com/bid/12236
Reference: SECTRACK:1012855
Reference: URL:http://securitytracker.com/id?1012855
Reference: SECUNIA:13820
Reference: URL:http://secunia.com/advisories/13820
Reference: XF:mediapartner-bhtml-source-disclosure(18861)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18861

Votes:

Name: CVE-2005-0287

Description:
Bottomline Webseries Payment Application allows remote attackers to read arbitrary files on the network via a report template with modified ReportPath or ReportName values.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050110 Portcullis Security Advisory 05-009
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110548383812462&w=2
Reference: SECTRACK:1012854
Reference: URL:http://securitytracker.com/id?1012854
Reference: SECUNIA:13821
Reference: URL:http://secunia.com/advisories/13821
Reference: XF:webseries-report-execution(18862)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18862

Votes:

Name: CVE-2005-0288

Description:
The change password functionality in Bottomline Webseries Payment Application does not require the old password when users enter a new password, which could allow remote authenticated users to change other users' passwords.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050110 Portcullis Security Advisory 05-008
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110549684319400&w=2
Reference: BID:12231
Reference: URL:http://www.securityfocus.com/bid/12231
Reference: SECTRACK:1012854
Reference: URL:http://securitytracker.com/id?1012854
Reference: SECUNIA:13821
Reference: URL:http://secunia.com/advisories/13821
Reference: XF:webseries-pa-password-gain-access(18860)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18860

Votes:

Name: CVE-2005-0289

Description:
Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1, configured as a Wireless Data Service (WDS), allows remote attackers to cause a denial of service (device freeze) by connecting to UDP port 161 and before link-state change occurs.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050115 Apple Airport WDS DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110582124528867&w=2
Reference: FULLDISC:20050111 Apple Airport WDS DoS
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030832.html
Reference: BID:12152
Reference: URL:http://www.securityfocus.com/bid/12152
Reference: SECUNIA:13753
Reference: URL:http://secunia.com/advisories/13753
Reference: XF:apple-airport-dos(18865)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18865

Votes:

Name: CVE-2005-0290

Description:
NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to bypass the filters using hex encoded URLs, as demonstrated using a hex encoded file extension.

Status: Candidate
Phase: Assigned (20050210)
Reference: FULLDISC:20050117 Multiple Vulnerabilities in Netgear FVS318 Router
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030984.html
Reference: BUGTRAQ:20050117 Multiple Vulnerabilities in Netgear FVS318 Router
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110599727631560&w=2
Reference: MISC:http://www.securinews.com/vuln.htm?vulnid=103
Reference: BID:12278
Reference: URL:http://www.securityfocus.com/bid/12278
Reference: SECTRACK:1012913
Reference: URL:http://securitytracker.com/id?1012913
Reference: SECUNIA:13787
Reference: URL:http://secunia.com/advisories/13787
Reference: XF:netgear-fvs318-filter-bypass(18920)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18920

Votes:

Name: CVE-2005-0291

Description:
Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR FVS318 running firmware 2.4, and possibly other versions, allows remote attackers to inject arbitrary web script or HTML via a blocked URL phrase.

Status: Candidate
Phase: Assigned (20050210)
Reference: FULLDISC:20050117 Multiple Vulnerabilities in Netgear FVS318 Router
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030984.html
Reference: BUGTRAQ:20050117 Multiple Vulnerabilities in Netgear FVS318 Router
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110599727631560&w=2
Reference: MISC:http://www.securinews.com/vuln.htm?vulnid=103
Reference: BID:12278
Reference: URL:http://www.securityfocus.com/bid/12278
Reference: OSVDB:13012
Reference: URL:http://www.osvdb.org/13012
Reference: SECTRACK:1012913
Reference: URL:http://securitytracker.com/id?1012913
Reference: SECUNIA:13787
Reference: URL:http://secunia.com/advisories/13787
Reference: XF:netgear-fvs318-log-xss(18921)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18921

Votes:

Name: CVE-2005-0292

Description:
Multiple SQL injection vulnerabilities in index.php in PHP Gift Registry (phpGiftReg) 1.4.0, and possibly other versions before 1.5.0b1, allow remote attackers to execute arbitrary SQL commands via the (1) messageid, (2) shopper, (3) shopfor, or (4) itemid parameters.

Status: Candidate
Phase: Assigned (20050210)
Reference: FULLDISC:20050116 phpGiftReq SQL Injection
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030965.html
Reference: BUGTRAQ:20050116 phpGiftReq SQL Injection
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110599710017066&w=2
Reference: BUGTRAQ:20050307 Re: phpGiftReq SQL Injection
Reference: URL:http://www.securityfocus.com/archive/1/392485
Reference: BID:12289
Reference: URL:http://www.securityfocus.com/bid/12289
Reference: SECTRACK:1012910
Reference: URL:http://securitytracker.com/id?1012910
Reference: SECUNIA:13873
Reference: URL:http://secunia.com/advisories/13873
Reference: XF:phpgiftregistry-sql-injection(18925)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18925

Votes:

Name: CVE-2005-0293

Description:
Directory traversal vulnerability in minis.php in Minis 0.2.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the month parameter.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050116 Minis directory traversal vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110599953704025&w=2
Reference: FULLDISC:20050116 Minis directory traversal vulnerability
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030966.html
Reference: BID:12279
Reference: URL:http://www.securityfocus.com/bid/12279
Reference: SECTRACK:1012911
Reference: URL:http://securitytracker.com/id?1012911
Reference: SECUNIA:13866
Reference: URL:http://secunia.com/advisories/13866
Reference: XF:minis-month-directory-traversal(18928)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18928

Votes:

Name: CVE-2005-0294

Description:
minis.php in Minis 0.2.1 allows remote attackers to cause a denial of service (infinite loop) via an HTTP request for a file that the web server does not have permission to read, as demonstrated using the month parameter.

Status: Candidate
Phase: Assigned (20050210)
Reference: FULLDISC:20050116 Minis directory traversal vulnerability
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030966.html
Reference: BUGTRAQ:20050116 Minis directory traversal vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110599953704025&w=2
Reference: SECTRACK:1012911
Reference: URL:http://securitytracker.com/id?1012911
Reference: SECUNIA:13866
Reference: URL:http://secunia.com/advisories/13866
Reference: XF:minis-month-dos(18929)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18929

Votes:

Name: CVE-2005-0295

Description:
npptnt2.sys in nProtect Gameguard provides unrestricted I/O to any process that calls it, which allows local users to gain privileges.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050116 Unrestricted I/O access vulnerability in INCA Gameguard
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110608422029555&w=2
Reference: BID:12280
Reference: URL:http://www.securityfocus.com/bid/12280
Reference: SECUNIA:13928
Reference: URL:http://secunia.com/advisories/13928
Reference: XF:nprotect-npptnt2-gain-access(18952)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18952

Votes:

Name: CVE-2005-0296

Description:
** DISPUTED ** NOTE: this issue has been disputed by the vendor. The error module in Novell GroupWise WebAccess allows remote attackers who have not authenticated to read potentially sensitive information, such as the version, via an incorrect login and a modified (1) error or (2) modify parameter that returns template files or the "about" information page. NOTE: the vendor has disputed this issue.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050117 Novell GroupWise WebAccess error modules loading
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110608203729814&w=2
Reference: FULLDISC:20050121 NOVL-2005-10096251 GroupWise WebAccess error handling modules (report)
Reference: URL:http://www.derkeiler.com/Mailing-Lists/Full-Disclosure/2005-01/0771.html
Reference: BUGTRAQ:20050127 NOVL-2005-10096251 GroupWise WebAccess error handling modules (report)
Reference: URL:http://www.derkeiler.com/Mailing-Lists/securityfocus/bugtraq/2005-01/0341.html
Reference: MISC:http://support.novell.com/servlet/tidfinder/10096251
Reference: BID:12285
Reference: URL:http://www.securityfocus.com/bid/12285
Reference: OSVDB:13135
Reference: URL:http://www.osvdb.org/13135
Reference: XF:groupwise-error-auth-bypass(18954)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18954

Votes:

Name: CVE-2005-0297

Description:
SQL injection vulnerability in Oracle Database 9i and 10g allows remote attackers to execute arbitrary SQL commands and gain privileges.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050118 Multiple high risk vulnerabilities in Oracle RDBMS 10g/9i
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110606477308492&w=2

Votes:

Name: CVE-2005-0298

Description:
The DIRECTORY objects in Oracle 8i through Oracle 10g contain the location of a specific operating system directory, which allows users with read privileges to a DIRECTORY object to obtain sensitive information.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050118 PeteFinnigan.com - Oracle security advisory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110608912525883&w=2
Reference: MISC:http://www.petefinnigan.com/directory_traversal.pdf
Reference: MISC:http://www.oracle.com/technology/deploy/security/pdf/cpu-jan-2005_advisory.pdf
Reference: XF:oracle-directory-lob-obtain-info(18947)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18947

Votes:

Name: CVE-2005-0299

Description:
Directory traversal vulnerability in GForge 3.3 and earlier allows remote attackers to list arbitrary directories via a .. (dot dot) in the (1) dir parameter to controller.php or (2) dir_name parameter to controlleroo.php.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050120 STG Security Advisory: [SSA-20050120-24] GForge 3.x directory
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110627132209963&w=2
Reference: BID:12318
Reference: URL:http://www.securityfocus.com/bid/12318
Reference: SECTRACK:1012950
Reference: URL:http://securitytracker.com/id?1012950
Reference: XF:gforge-dir-dirname-directory-traversal(18988)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18988

Votes:

Name: CVE-2005-0300

Description:
Directory traversal vulnerability in session.php in JSBoard 2.0.9 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the table parameter.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050120 STG Security Advisory: [SSA-20050120-22] JSBoard file disclosure
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110627201120011&w=2
Reference: BID:12319
Reference: URL:http://www.securityfocus.com/bid/12319
Reference: SECTRACK:1012949
Reference: URL:http://securitytracker.com/id?1012949
Reference: SECUNIA:13920
Reference: URL:http://secunia.com/advisories/13920
Reference: XF:jsboard-session-file-include(18990)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18990

Votes:

Name: CVE-2005-0301

Description:
comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to bypass authentication and gain privileges via a direct request to the program.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050121 bug report comersus Back Office Lite 6.0 and 6.0.1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110636597832556&w=2
Reference: CONFIRM:http://www.comersus.org/forum/displayMessage.asp?mid=32753
Reference: MISC:http://www.securiteam.com/windowsntfocus/5TP0Q0UEKI.html
Reference: XF:backoffice-lite-administrative-bypass(19010)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19010

Votes:

Name: CVE-2005-0302

Description:
SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and 6.01 allows remote attackers to execute arbitrary SQL commands via the referer field in the HTTP header.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050121 bug report comersus Back Office Lite 6.0 and 6.0.1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110636597832556&w=2
Reference: MISC:http://www.securiteam.com/windowsntfocus/5TP0Q0UEKI.html
Reference: XF:backoffice-lite-sql-injection(19013)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19013

Votes:

Name: CVE-2005-0303

Description:
Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_supportError.asp or (2) comersus_backofficelite_supportError.asp in BackOffice Lite 6.0 and 6.01 allow remote attackers to inject arbitrary web script or HTML via the error parameter.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050121 bug report comersus Back Office Lite 6.0 and 6.0.1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110636597832556&w=2
Reference: MISC:http://www.securiteam.com/windowsntfocus/5TP0Q0UEKI.html
Reference: XF:backoffice-lite-xss(19014)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19014

Votes:

Name: CVE-2005-0304

Description:
Directory traversal vulnerability in DivX Player 2.6 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a filename in a ZIP file for a skin.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050121 Arbitrary files overwriting through skins in DivX Player 2.6
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110642748517854&w=2
Reference: MISC:http://aluigi.altervista.org/adv/divxplayer-adv.txt
Reference: BID:12332
Reference: URL:http://www.securityfocus.com/bid/12332
Reference: SECUNIA:13969
Reference: URL:http://secunia.com/advisories/13969
Reference: XF:divx-player-directory-traversal(19030)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19030

Votes:

Name: CVE-2005-0305

Description:
CRLF injection vulnerability in users.php in Siteman 1.1.10 and earlier allows remote attackers to add arbitrary users and gain privileges via the line parameter in a docreate operation.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050120 God Admin Injection Vulnerability in Siteman 1.0.x,
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110627350616949&w=2
Reference: BUGTRAQ:20050122 Siteman User Database Line Insertion Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110643320814371&w=2
Reference: BID:12304
Reference: URL:http://www.securityfocus.com/bid/12304
Reference: OSVDB:13131
Reference: URL:http://www.osvdb.org/13131
Reference: SECTRACK:1012951
Reference: URL:http://securitytracker.com/id?1012951
Reference: XF:siteman-gain-access(18998)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18998

Votes:

Name: CVE-2005-0306

Description:
MercuryBoard 1.1.1 allows remote attackers to gain sensitive information via an HTTP request with the n parameter set to 0, which causes a divide-by-zero error and reveals the path in the resulting error message.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050124 Multiple vulnerabilities in MercuryBoard 1.1.1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110661795632354&w=2
Reference: BID:12359
Reference: URL:http://www.securityfocus.com/bid/12359
Reference: XF:mercuryboard-multiple-script-path-disclosure(19048)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19048

Votes:

Name: CVE-2005-0307

Description:
Multiple cross-site scripting (XSS) vulnerabilities in index.php in MercuryBoard 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) s, (2) l, (3) a, (4) t, (5) to, or (6) re parameters.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050124 Multiple vulnerabilities in MercuryBoard 1.1.1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110661795632354&w=2
Reference: BID:12359
Reference: URL:http://www.securityfocus.com/bid/12359
Reference: XF:mercuryboard-multiple-scripts-xss(19050)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19050

Votes:

Name: CVE-2005-0308

Description:
Buffer overflow in the wsprintf function in W32Dasm 8.93 and earlier allows remote attackers to execute arbitrary code via a large import or export function name.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050124 Local buffer-overflow in W32Dasm 8.93
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110661194108205&w=2
Reference: BID:12352
Reference: URL:http://www.securityfocus.com/bid/12352
Reference: SECTRACK:1012997
Reference: URL:http://securitytracker.com/id?1012997
Reference: SECUNIA:13986
Reference: URL:http://secunia.com/advisories/13986
Reference: XF:w32dasm-wsprintf-bo(19044)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19044

Votes:

Name: CVE-2005-0309

Description:
Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php or (2) mod.php in Exponent 0.95 allow remote attackers to inject arbitrary web script or HTML via the module parameter.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050125 Vulnerabilities in eXponent 0.95
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110666998407073&w=2
Reference: BID:12358
Reference: URL:http://www.securityfocus.com/bid/12358
Reference: OSVDB:13188
Reference: URL:http://www.osvdb.org/13188
Reference: OSVDB:13190
Reference: URL:http://www.osvdb.org/13190
Reference: XF:exponent-module-xss(19061)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19061

Votes:

Name: CVE-2005-0310

Description:
Exponent 0.95 allows remote attackers to obtain sensitive information via a direct HTTP request to (1) search.info.php, (2) permissions.info.php, (3) security.info.php, (4) formcontrol.php, or (5) file_modules.php, which reveals the path in an error message because the pathos_core_version variable is undefined.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050125 Vulnerabilities in eXponent 0.95
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110666998407073&w=2
Reference: XF:exponent-pathoscoreversion-path-disclosure(19064)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19064

Votes:

Name: CVE-2005-0311

Description:
Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session for an active user when the administrator disables that user from a resource, which could allow remote authenticated users to retain unauthorized access to resources.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050127 Ingate Firewall: Removed PPTP tunnels not deactivated
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110684375429946&w=2
Reference: CONFIRM:http://www.ingate.com/relnote-422.php
Reference: BID:12383
Reference: URL:http://www.securityfocus.com/bid/12383
Reference: SECTRACK:1013022
Reference: URL:http://securitytracker.com/id?1013022
Reference: SECUNIA:14060
Reference: URL:http://secunia.com/advisories/14060
Reference: XF:ingate-firewall-unath-access(19123)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19123

Votes:

Name: CVE-2005-0312

Description:
WarFTPD 1.82 RC9, when running as an NT service, allows remote authenticated users to cause a denial of service (access violation) via a CWD command with a crafted pathname, as demonstrated using a large string of "%s" sequences, possibly indicating a format string vulnerability.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050127 WarFTPD 1.82 RC9 DoS
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110687202332039&w=2
Reference: CONFIRM:http://support.jgaa.com/index.php?cmd=ShowReport&ID=02643
Reference: BID:12384
Reference: URL:http://www.securityfocus.com/bid/12384
Reference: XF:warftpd-cwd-dos(19129)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19129

Votes:

Name: CVE-2005-0313

Description:
Multiple directory traversal vulnerabilities in Magic Winmail Server 4.0 Build 1112 allow remote attackers to (1) upload arbitrary files via certain parameters to upload.php or (2) read arbitrary files via certain parameters to download.php, and remote authenticated users to read, create, or delete arbitrary directories and files via the IMAP commands (3) CREATE, (4) EXAMINE, (5) SELECT, or (6) DELETE.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050127 [SIG^2 G-TEC] Magic Winmail Server v4.0 Multiple Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110685011825461&w=2
Reference: BID:12388
Reference: URL:http://www.securityfocus.com/bid/12388
Reference: SECTRACK:1013017
Reference: URL:http://securitytracker.com/id?1013017
Reference: SECUNIA:14053
Reference: URL:http://secunia.com/advisories/14053
Reference: XF:magic-winmail-command-directory-traversal(19114)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19114
Reference: XF:magicwinmail-uploadphp-file-upload(19108)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19108

Votes:

Name: CVE-2005-0314

Description:
Cross-site scripting (XSS) vulnerability in user.php in Magic Winmail Server 4.0 Build 1112 allows remote attackers to inject arbitrary web script or HTML via the personal information fields.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050127 [SIG^2 G-TEC] Magic Winmail Server v4.0 Multiple Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110685011825461&w=2
Reference: BID:12388
Reference: URL:http://www.securityfocus.com/bid/12388
Reference: SECTRACK:1013017
Reference: URL:http://securitytracker.com/id?1013017
Reference: SECUNIA:14053
Reference: URL:http://secunia.com/advisories/14053
Reference: XF:magic-winmail-userphp-xss(19113)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19113

Votes:

Name: CVE-2005-0315

Description:
The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify that the IP address in a PORT command is the same as the IP address of the user of the FTP session, which allows remote authenticated users to use the server as an intermediary for port scanning.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050127 [SIG^2 G-TEC] Magic Winmail Server v4.0 Multiple Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110685011825461&w=2
Reference: BID:12388
Reference: URL:http://www.securityfocus.com/bid/12388
Reference: SECTRACK:1013017
Reference: URL:http://securitytracker.com/id?1013017
Reference: SECUNIA:14053
Reference: URL:http://secunia.com/advisories/14053
Reference: XF:magicwinmail-ftp-obtain-information(19115)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19115

Votes:

Name: CVE-2005-0316

Description:
WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not properly drop CONNECT requests to the localhost from external systems, which could allow remote attackers to bypass intended access restrictions.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050128 WebWasher Classic - HTTP CONNECT weakness
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110693045507245&w=2
Reference: MISC:http://www.oliverkarow.de/research/WebWasherCONNECT.txt
Reference: BID:12394
Reference: URL:http://www.securityfocus.com/bid/12394
Reference: SECTRACK:1013036
Reference: URL:http://securitytracker.com/id?1013036
Reference: SECUNIA:14058
Reference: URL:http://secunia.com/advisories/14058
Reference: XF:webwasher-classic-connect-gain-access(19144)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19144

Votes:

Name: CVE-2005-0317

Description:
Cross-site scripting (XSS) vulnerability in useredit_account.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to inject arbitrary web script or HTML via the user parameter.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050128 Multiple vulnerabilities in Alt-N WebAdmin <= 3.0.2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110692897003614&w=2
Reference: BID:12395
Reference: URL:http://www.securityfocus.com/bid/12395
Reference: SECTRACK:1013038
Reference: URL:http://securitytracker.com/id?1013038
Reference: SECUNIA:14079
Reference: URL:http://secunia.com/advisories/14079
Reference: XF:webadmin-usereditaccountwdm-xss(19161)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19161

Votes:

Name: CVE-2005-0318

Description:
useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly validate account edits by the logged in user, which allows remote authenticated users to edit other users' account information via a modified user parameter.

Votes:

Name: CVE-2005-0319

Description:
Direct remote injection vulnerability in modalfram.wdm in Alt-N WebAdmin 3.0.4 allows remote attackers to load external webpages that appear to come from the WebAdmin server, which allows remote attackers to inject arbitrary HTML or web script to facilitate cross-site scripting (XSS) and phishing attacks.

Votes:

Name: CVE-2005-0320

Description:
Multiple cross-site scripting vulnerabilities in MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) username parameter to login.html, (2) accountid parameter to accountsettings_add.html, or the (3) note, (4) title, and (5) location fields to calendar.html.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050128 Multiple vulnerabilities in Icewarp Web Mail 5.3.0: New holes
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110693950205007&w=2
Reference: BID:12396
Reference: URL:http://www.securityfocus.com/bid/12396
Reference: XF:merak-icewarp-multiple-xss(19147)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19147

Votes:

Name: CVE-2005-0321

Description:
MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote authenticated users to gain sensitive information via an HTTP request to (1) calendar_d.html, (2) calendar_m.html, (3) calendar_w.html, or (4) calendar_y.html, which reveal the installation path.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050128 Multiple vulnerabilities in Icewarp Web Mail 5.3.0: New holes
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110693950205007&w=2
Reference: XF:merak-icewarp-user-path-disclosure(19152)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19152

Votes:

Name: CVE-2005-0322

Description:
MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server 7.6.4r with Icewarp Mail Server 5.3.2 uses weak encryption in the (1) users.cfg, (2) settings.cfg, (3) users.dat or (4) user.dat files, which allows local users to extract the passwords.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050128 Multiple vulnerabilities in Icewarp Web Mail 5.3.0: New holes
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110693950205007&w=2
Reference: XF:merak-icewarp-weak-password-encryption(19153)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19153

Votes:

Name: CVE-2005-0323

Description:
Cross-site scripting (XSS) vulnerability in Infinite Mobile Delivery Webmail 2.6 allows remote attackers to inject arbitrary web script or HTML via the URL.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050129 XSS in Infinite Mobile Delivery v2.6 Webmail
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110703630922262&w=2
Reference: MISC:http://www.lovebug.org/imd_advisory.txt
Reference: BID:12399
Reference: URL:http://www.securityfocus.com/bid/12399
Reference: SECTRACK:1013044
Reference: URL:http://securitytracker.com/id?1013044
Reference: SECUNIA:14075
Reference: URL:http://secunia.com/advisories/14075
Reference: XF:infinite-mobile-delivery-xss(19151)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19151

Votes:

Name: CVE-2005-0324

Description:
Infinite Mobile Delivery Webmail 2.6 allows remote attackers to gain sensitive information via an HTTP request that contains invalid characters for a Windows foldername, which reveals the path in an error message.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050129 XSS in Infinite Mobile Delivery v2.6 Webmail
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110703630922262&w=2
Reference: MISC:http://www.lovebug.org/imd_advisory.txt
Reference: BID:12399
Reference: URL:http://www.securityfocus.com/bid/12399
Reference: SECTRACK:1013044
Reference: URL:http://securitytracker.com/id?1013044
Reference: SECUNIA:14075
Reference: URL:http://secunia.com/advisories/14075
Reference: XF:infinite-mobile-delivery-path-disclosure(19154)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19154

Votes:

Name: CVE-2005-0325

Description:
Xpand Rally 1.0.0.0 allows remote attackers or remote malicious game servers to cause a denial of service (application crash) via a packet with large values that are not properly handled in certain malloc or memcpy operations.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050130 Broadcast crash in Xpand Rally 1.0.0.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110720064811485&w=2
Reference: FULLDISC:20050130 Broadcast crash in Xpand Rally 1.0.0.0
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/031336.html
Reference: MISC:http://aluigi.altervista.org/adv/xprallyboom-adv.txt
Reference: BID:12409
Reference: URL:http://www.securityfocus.com/bid/12409
Reference: SECTRACK:1013043
Reference: URL:http://securitytracker.com/id?1013043
Reference: SECUNIA:14073
Reference: URL:http://secunia.com/advisories/14073
Reference: XF:xpand-rally-memory-dos(19150)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19150

Votes:

Name: CVE-2005-0326

Description:
pafiledb.php in PaFileDB 3.1 allows remote attackers to gain sensitive information via an invalid or missing action parameter, which reveals the path in an error message when it cannot include a login.php script.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050131 [PersianHacker.net] Full Path Disclosure and PHP Injection In Pafiledb 3.1 Final
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110720365923818&w=2
Reference: XF:pafiledb-login-path-disclosure(19175)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19175

Votes:

Name: CVE-2005-0327

Description:
pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute arbitrary PHP code via a modified action parameter that is used in an include statement for login.php.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050131 [PersianHacker.net] Full Path Disclosure and PHP Injection In Pafiledb 3.1 Final
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110720365923818&w=2
Reference: XF:pafiledb-login-file-include(19176)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19176

Votes:

Name: CVE-2005-0328

Description:
Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest firmware, allows remote attackers on the WAN to obtain the IP address of the LAN side interface by pinging a valid LAN IP address, which generates an ARP reply from the WAN address side that maps the LAN IP address to the WAN's MAC address.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050131 Zyxel / Netgear and probably other routers leaking information.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110720465527599&w=2
Reference: XF:zyxel-netgear-ping-information-disclosure(20609)
Reference: URL:http://xforce.iss.net/xforce/xfdb/20609

Votes:

Name: CVE-2005-0329

Description:
Directory traversal vulnerability in ZipGenius 5.5 and earlier allows remote attackers to create and possibly modify arbitrary files via a ZIP file with a file whose name includes .. (dot dot) sequences.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050202 7a69Adv#19 - ZipGenius unpack path disclosure
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110736990230696&w=2
Reference: MISC:http://www.7a69ezine.org/node/view/195
Reference: BID:12419
Reference: URL:http://www.securityfocus.com/bid/12419
Reference: SECTRACK:1013542
Reference: URL:http://securitytracker.com/id?1013542
Reference: SECUNIA:14123
Reference: URL:http://secunia.com/advisories/14123
Reference: XF:zipgenius-path-disclosure(19203)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19203

Votes:

Name: CVE-2005-0330

Description:
Buffer overflow in Painkiller 1.35 and earlier, and possibly other versions before 1.61, allows remote authenticated users to cause a denial of service and possibly execute arbitrary code via a long cd-key hash.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050202 Limited buffer-overflow in Painkiller 1.35
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110736915015707&w=2
Reference: MISC:http://aluigi.altervista.org/adv/painkkeybof-adv.txt
Reference: BID:12423
Reference: URL:http://www.securityfocus.com/bid/12423
Reference: SECTRACK:1013066
Reference: URL:http://securitytracker.com/id?1013066
Reference: SECUNIA:14113
Reference: URL:http://secunia.com/advisories/14113/
Reference: XF:painkiller-long-cdkey-bo(19205)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19205

Votes:

Name: CVE-2005-0331

Description:
Directory traversal vulnerability in WinRAR 3.42 and earlier, when the user clicks on the ZIP file to extract it, allows remote attackers to create arbitrary files via a ... (triple dot) in the filename of the ZIP file.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050202 7a69Adv#21 - WinRAR unpack one-folder path disclosure
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110737609604210&w=2
Reference: BID:12422
Reference: URL:http://www.securityfocus.com/bid/12422
Reference: XF:winrar-dotdotdotdirectory-traversal(20585)
Reference: URL:http://xforce.iss.net/xforce/xfdb/20585

Votes:

Name: CVE-2005-0332

Description:
Directory traversal vulnerability in DeskNow Mail and Collaboration Server 2.5.12 allows remote attackers to (1) upload and possibly execute files outside the directory via the AttachmentsKey parameter to attachment.do, as demonstrated using JSP pages, or (2) delete arbitrary files via the select_file parameter to file.do.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050202 [SIG^2 G-TEC] DeskNow Mail and Collaboration Server Directory Traversal Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110737616324614&w=2
Reference: MISC:http://www.security.org.sg/vuln/desknow2512.html
Reference: BID:12421
Reference: URL:http://www.securityfocus.com/bid/12421
Reference: SECTRACK:1013060
Reference: URL:http://securitytracker.com/id?1013060
Reference: SECUNIA:14116
Reference: URL:http://secunia.com/advisories/14116
Reference: XF:desknow-attachmentkey-file-upload(19206)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19206
Reference: XF:desknow-jsp-gain-access(19211)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19211
Reference: XF:desknow-filedo-file-deletion(19212)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19212

Votes:

Name: CVE-2005-0333

Description:
LANChat Pro Revival 1.666c allows remote attackers to cause a denial of service (application crash) via a malformed UDP packet.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050203 DoS in LANChat Pro Revival 1.666c
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110746524021133&w=2
Reference: MISC:http://www.autistici.org/fdonato/advisory/LANChatRevival1.666c-adv.txt
Reference: BID:12439
Reference: URL:http://www.securityfocus.com/bid/12439
Reference: XF:lanchatpro-udp-packet-dos(19213)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19213

Votes:

Name: CVE-2005-0334

Description:
Linksys PSUS4 running firmware 6032 allows remote attackers to cause a denial of service (device crash) via an HTTP POST request containing an unknown parameter without a value.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050203 [ RSTACK Public Security Advisory ] Remote DOS against Linksys PSUS4
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110747234701646&w=2
Reference: BID:12443
Reference: URL:http://www.securityfocus.com/bid/12443
Reference: SECUNIA:14136
Reference: URL:http://secunia.com/advisories/14136
Reference: XF:linksys-psus4-dos(19222)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19222

Votes:

Name: CVE-2005-0335

Description:
Directory traversal vulnerability in EMotion MediaPartner Web Server 5.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the URL.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050110 Portcullis Security Advisory 05-010
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110547214224714&w=2
Reference: BID:12236
Reference: URL:http://www.securityfocus.com/bid/12236
Reference: SECTRACK:1012838
Reference: URL:http://securitytracker.com/id?1012838
Reference: SECUNIA:13820
Reference: URL:http://secunia.com/advisories/13820
Reference: XF:mediapartner-dotdot-directory-traversal(18842)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18842

Votes:

Name: CVE-2005-0336

Description:
Cross-site scripting (XSS) vulnerability in EMotion MediaPartner Web Server 5.0 allows remote attackers to inject arbitrary HTML or web script, as demonstrated using a URL containing .. sequences and HTML, which results in a directory browsing page that does not properly filter the HTML.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050110 Portcullis Security Advisory 05-010
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110547214224714&w=2
Reference: BID:12236
Reference: URL:http://www.securityfocus.com/bid/12236
Reference: SECTRACK:1012838
Reference: URL:http://securitytracker.com/id?1012838
Reference: SECUNIA:13820
Reference: URL:http://secunia.com/advisories/13820
Reference: XF:mediapartner-url-xss(18845)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18845

Votes:

Name: CVE-2005-0337

Description:
Postfix 2.1.3, when /proc/net/if_inet6 is not available and permit_mx_backup is enabled in smtpd_recipient_restrictions, allows remote attackers to bypass e-mail restrictions and perform mail relaying by sending mail to an IPv6 hostname.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050204 [USN-74-1] Postfix vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110763358832637&w=2
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=267837
Reference: REDHAT:RHSA-2005:152
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-152.html
Reference: BID:12445
Reference: URL:http://www.securityfocus.com/bid/12445
Reference: SECUNIA:14137
Reference: URL:http://secunia.com/advisories/14137/
Reference: XF:postfix-ipv6-security-bypass(19218)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19218

Votes:

Name: CVE-2005-0338

Description:
Buffer overflow in Savant Web Server 3.1 allows remote attackers to execute arbitrary code via a long HTTP request.

Status: Candidate
Phase: Assigned (20050210)
Reference: FULLDISC:20050201 Remotely exploitable buffer overflow vulnerability in Savant Web Server 3.1
Reference: URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110725682327452&w=2
Reference: FULLDISC:20050201 Remotely exploitable buffer overflow vulnerability in Savant Web Server 3.1
Reference: URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=110728448025559&w=2
Reference: BUGTRAQ:20050204 Exploit For Savant Web Server 3.1 (tested on win2003)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110756234611259&w=2
Reference: BID:12429
Reference: URL:http://www.securityfocus.com/bid/12429
Reference: XF:savant-bo(19177)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19177

Votes:

Name: CVE-2005-0339

Description:
Buffer overflow in Foxmail 2.0 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long MAIL FROM command.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050205 Foxmail Server Remote Buffer Overflow Vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110763204301080&w=2
Reference: BID:12454
Reference: URL:http://www.securityfocus.com/bid/12454
Reference: XF:foxmail-mailfrom-bo(19229)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19229

Votes:

Name: CVE-2005-0340

Description:
Integer signedness error in Apple File Service (AFP Server) allows remote attackers to cause a denial of service (application crash) via a negative UAM string length in a FPLoginExt packet.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050208 AppleFileServer Denial of Service.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110791369419784&w=2
Reference: APPLE:APPLE-SA-2005-03-21
Reference: URL:http://lists.apple.com/archives/security-announce/2005/Mar/msg00000.html
Reference: BID:12478
Reference: URL:http://www.securityfocus.com/bid/12478
Reference: XF:Applefileserver-fploginext-dos(19263)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19263

Votes:

Name: CVE-2005-0341

Description:
Apple Safari 1.2.4 does not obey the Content-type field in the HTTP header and renders text as HTML, which allows remote attackers to inject arbitrary web script or HTML and perform cross-site scripting (XSS) attacks.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050204 Input Validation Vulnerability in Apple Safari version 1.2.4 v125.12
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110756965213819&w=2
Reference: MISC:http://tigger.uic.edu/~jrockw2/safari_20050204.txt
Reference: SECTRACK:1013087
Reference: URL:http://securitytracker.com/id?1013087
Reference: XF:safari-contenttype-xss(19227)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19227

Votes:

Name: CVE-2005-0342

Description:
The Finder in Mac OS X and earlier allows local users to overwrite arbitrary files and gain privileges by creating a hard link from the .DS_Store file to an arbitrary file.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050207 [OSX Finder] DS_Store arbitrary file overwrite vulnerability.
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110780124707975&w=2
Reference: APPLE:APPLE-SA-2005-05-03
Reference: URL:http://lists.apple.com/archives/security-announce/2005/May/msg00001.html
Reference: BID:12458
Reference: URL:http://www.securityfocus.com/bid/12458
Reference: SECUNIA:14188
Reference: URL:http://secunia.com/advisories/14188
Reference: XF:finder-dsstore-file-overwrite(19253)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19253

Votes:

Name: CVE-2005-0343

Description:
SQL injection vulnerability in PerlDesk 1.x allows remote attackers to inject arbitrary SQL commands via the view parameter.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050207 [SePro Bugtraq] SQL-Injection in PerlDesk 1.x
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110782042532295&w=2
Reference: MISC:http://www.security-project.org/projects/board/showthread.php?p=5172#post5172
Reference: BID:12471
Reference: URL:http://www.securityfocus.com/bid/12471
Reference: SECUNIA:12512
Reference: URL:http://secunia.com/advisories/12512
Reference: XF:perldesk-view-sql-injection(19245)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19245

Votes:

Name: CVE-2005-0344

Description:
Directory traversal vulnerability in 602LAN SUITE 2004.0.04.1221 allows remote authenticated users to upload and execute arbitrary files via a .. (dot dot) in the filename parameter.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050208 [SIG^2 G-TEC] 602LAN SUITE Web Mail Vulnerability Allows File Upload to Arbitrary Directories
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110793103506620&w=2
Reference: MISC:http://www.security.org.sg/vuln/602lansuite1221.html
Reference: SECTRACK:1013106
Reference: URL:http://securitytracker.com/id?1013106
Reference: SECUNIA:14169
Reference: URL:http://secunia.com/advisories/14169/
Reference: XF:602lansuite-webmail-directory-traversal(19258)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19258

Votes:

Name: CVE-2005-0345

Description:
viewthread.php in php-fusion 4.x does not check the (1) forum_id or (2) forum_cat parameters, which allows remote attackers to view protected forums via the thread_id parameter.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050208 php-fusion 4.x vuln
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110788267311132&w=2
Reference: BID:12482
Reference: URL:http://www.securityfocus.com/bid/12482
Reference: XF:phpfusion-viewthread-obtain-information(19257)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19257

Votes:

Name: CVE-2005-0346

Description:
SafeNet SoftRemote VPN Client stores the VPN password (pre-shared key) in cleartext in memory of the IreIKE.exe process, which allows local users to gain sensitive information if they have access to that process.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050208 SafeNet SoftRemote VPN Client Issue: Clear-text password
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110791865522076&w=2
Reference: MISC:http://www.nta-monitor.com/news/vpn-flaws/safenet/index.htm
Reference: SECTRACK:1013134
Reference: URL:http://securitytracker.com/id?1013134
Reference: XF:softremote-vpn-password-disclosure(19256)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19256

Votes:

Name: CVE-2005-0347

Description:
Integer overflow in RealArcade 1.2.0.994 and earlier allows remote attackers to execute arbitrary code via an RGS file with an invalid size string for the GUID and game name, which leads to a buffer overflow.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050208 Integer overflow and arbitrary files deletion in RealArcade
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110792779115794&w=2
Reference: SECTRACK:1013128
Reference: URL:http://securitytracker.com/id?1013128
Reference: SECUNIA:14187
Reference: URL:http://secunia.com/advisories/14187/
Reference: XF:realarcade-rgs-bo(19259)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19259

Votes:

Name: CVE-2005-0348

Description:
Directory traversal vulnerability in RealArcade 1.2.0.994 allows remote attackers to delete arbitrary files via an RGP file with a .. (dot dot) in the FILENAME tag.

Status: Candidate
Phase: Assigned (20050210)
Reference: BUGTRAQ:20050208 Integer overflow and arbitrary files deletion in RealArcade
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110792779115794&w=2
Reference: BID:12494
Reference: URL:http://www.securityfocus.com/bid/12494
Reference: SECTRACK:1013128
Reference: URL:http://securitytracker.com/id?1013128
Reference: SECUNIA:14187
Reference: URL:http://secunia.com/advisories/14187/
Reference: XF:realarcade-rgp-file-deletion(19260)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19260

Votes:

Name: CVE-2005-0349

Description:
The production release of the UniversalAgent for UNIX in BrightStor ARCserve Backup 11.1 contains hard-coded credentials, which allows remote attackers to access the file system and possibly execute arbitrary commands.

Status: Candidate
Phase: Assigned (20050211)
Reference: CONFIRM:http://supportconnect.ca.com/sc/solcenter/sol_detail.jsp?aparno=QO63672&os=UNIX&returninput=0
Reference: IDEFENSE:20050210 Computer Associates BrightStor ARCserve Backup UniversalAgent Backdoor Vulnerability
Reference: URL:http://www.idefense.com/application/poi/display?id=198&type=vulnerabilities
Reference: BID:12522
Reference: URL:http://www.securityfocus.com/bid/12522
Reference: FRSIRT:ADV-2005-0145
Reference: URL:http://www.frsirt.com/english/advisories/2005/0145
Reference: OSVDB:13706
Reference: URL:http://www.osvdb.org/13706
Reference: SECTRACK:1013144
Reference: URL:http://securitytracker.com/id?1013144
Reference: SECUNIA:14233
Reference: URL:http://secunia.com/advisories/14233

Votes:

Name: CVE-2005-0350

Description:
Heap-based buffer overflow in multiple F-Secure Anti-Virus and Internet Security products allows remote attackers to execute arbitrary code via a crafted ARJ archive.

Status: Candidate
Phase: Assigned (20050211)
Reference: ISS:20050210 F-Secure AntiVirus Library Heap Overflow
Reference: URL:http://xforce.iss.net/xforce/alerts/id/188
Reference: CONFIRM:http://www.f-secure.com/security/fsc-2005-1.shtml

Votes:

Name: CVE-2005-0351

Description:
Buffer overflow in (1) termsh, (2) atcronsh, and (3) auditsh in SCO OpenServer 5.0.6 and 5.0.7 might allow local users to execute arbitrary code via a long HOME environment variable.

Status: Candidate
Phase: Assigned (20050211)
Reference: SCO:SCOSA-2005.15
Reference: URL:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.15/SCOSA-2005.15.txt
Reference: BID:13062
Reference: URL:http://www.securityfocus.com/bid/13062

Votes:

Name: CVE-2005-0352

Description:
Servers Alive 4.1 and 5.0, when running as a service, does not drop SYSTEM privileges before loading local manual under the help menu, which allows local users to gain privileges.

Status: Candidate
Phase: Assigned (20050211)
Reference: BUGTRAQ:20050316 Servers Alive: Local Privilege Escalation
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111100364513513&w=2
Reference: BID:12822
Reference: URL:http://www.securityfocus.com/bid/12822
Reference: SECUNIA:14616
Reference: URL:http://secunia.com/advisories/14616/
Reference: XF:serversalive-gain-privileges(19715)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19715

Votes:

Name: CVE-2005-0353

Description:
Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel License Manager 7.2.0.2 allows remote attackers to execute arbitrary code by sending a large amount of data to UDP port 5093.

Status: Candidate
Phase: Assigned (20050211)
Reference: BUGTRAQ:20050307 CIRT.DK Advisory - SafeNet Inc Sentinel License Manager 7.2.0.2 Buffer Overflow
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111022094326772&w=2
Reference: MISC:http://www.cirt.dk/advisories/cirt-30-advisory.pdf
Reference: FULLDISC:20050313 [HAT-SQUAD] SafeNet Sentinel LM, UDP License Manager Exploit
Reference: URL:http://marc.theaimsgroup.com/?l=full-disclosure&m=111072872816405&w=2
Reference: CERT-VN:VU#108790
Reference: URL:http://www.kb.cert.org/vuls/id/108790
Reference: BID:12742
Reference: URL:http://www.securityfocus.com/bid/12742
Reference: SECUNIA:14511
Reference: URL:http://secunia.com/advisories/14511
Reference: XF:sentinel-license-manager-bo(19621)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19621

Votes:

Name: CVE-2005-0354

Status: Candidate
Phase: Assigned (20050211)

Votes:

Name: CVE-2005-0355

Status: Candidate
Phase: Assigned (20050211)

Votes:

Name: CVE-2005-0356

Description:
Multiple TCP implementations with Protection Against Wrapped Sequence Numbers (PAWS) with the timestamps option enabled allow remote attackers to cause a denial of service (connection loss) via a spoofed packet with a large timer value, which causes the host to discard later packets because they appear to be too old.

Status: Candidate
Phase: Assigned (20050211)
Reference: CONFIRM:http://support.avaya.com/elmodocs2/security/ASA-2006-032.htm
Reference: CISCO:20050518 Vulnerability in a Variant of the TCP Timestamps Option
Reference: URL:http://www.cisco.com/warp/public/707/cisco-sn-20050518-tcpts.shtml
Reference: FREEBSD:FreeBSD-SA-05:15
Reference: URL:ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-05:15.tcp.asc
Reference: SCO:SCOSA-2005.64
Reference: URL:ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.64/SCOSA-2005.64.txt
Reference: CERT-VN:VU#637934
Reference: URL:http://www.kb.cert.org/vuls/id/637934
Reference: BID:13676
Reference: URL:http://www.securityfocus.com/bid/13676
Reference: SECUNIA:15417
Reference: URL:http://secunia.com/advisories/15417/
Reference: SECUNIA:15393
Reference: URL:http://secunia.com/advisories/15393
Reference: SECUNIA:18222
Reference: URL:http://secunia.com/advisories/18222
Reference: SECUNIA:18662
Reference: URL:http://secunia.com/advisories/18662
Reference: XF:tcp-ip-timestamp-dos(20635)
Reference: URL:http://xforce.iss.net/xforce/xfdb/20635

Votes:

Name: CVE-2005-0357

Description:
EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 rely on AUTH_UNIX authentication, which relies on user ID for authentication and allows remote attackers to bypass authentication and gain privileges by spoofing a username or UID.

Status: Candidate
Phase: Assigned (20050211)
Reference: CONFIRM:http://www.legato.com/support/websupport/product_alerts/081605_NW_authentication.htm
Reference: SUNALERT:101886
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1
Reference: CERT-VN:VU#606857
Reference: URL:http://www.kb.cert.org/vuls/id/606857
Reference: BID:14582
Reference: URL:http://www.securityfocus.com/bid/14582
Reference: OSVDB:18800
Reference: URL:http://www.osvdb.org/18800
Reference: SECTRACK:1014713
Reference: URL:http://securitytracker.com/id?1014713
Reference: SECUNIA:16470
Reference: URL:http://secunia.com/advisories/16470
Reference: SECUNIA:16464
Reference: URL:http://secunia.com/advisories/16464
Reference: XF:legato-authunix-bypass-authentication(21887)
Reference: URL:http://xforce.iss.net/xforce/xfdb/21887

Votes:

Name: CVE-2005-0358

Description:
EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 6.0 through 7.2 do not properly verify authentication tokens, which allows remote attackers to gain privileges by modifying an authentication token.

Status: Candidate
Phase: Assigned (20050211)
Reference: CONFIRM:http://www.legato.com/support/websupport/product_alerts/081605_NW_token_authentication.htm
Reference: SUNALERT:101886
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1
Reference: CERT-VN:VU#407641
Reference: URL:http://www.kb.cert.org/vuls/id/407641
Reference: BID:14582
Reference: URL:http://www.securityfocus.com/bid/14582
Reference: OSVDB:18801
Reference: URL:http://www.osvdb.org/18801
Reference: SECTRACK:1014713
Reference: URL:http://securitytracker.com/id?1014713
Reference: SECUNIA:16470
Reference: URL:http://secunia.com/advisories/16470
Reference: SECUNIA:16464
Reference: URL:http://secunia.com/advisories/16464
Reference: XF:legato-token-gain-privileges(21892)
Reference: URL:http://xforce.iss.net/xforce/xfdb/21892

Votes:

Name: CVE-2005-0359

Description:
The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge Enterprise Backup 7.0 through 7.2 does not restrict access to the pmap_set and pmap_unset commands, which allows remote attackers to (1) cause a denial of service by using pmap_unset to un-register a NetWorker service, or (2) obtain sensitive information from NetWorker services by using pmap_set to register a new service.

Status: Candidate
Phase: Assigned (20050211)
Reference: CONFIRM:http://www.legato.com/support/websupport/product_alerts/081605_NW_port_mapper.htm
Reference: SUNALERT:101886
Reference: URL:http://sunsolve.sun.com/search/document.do?assetkey=1-26-101886-1
Reference: CERT-VN:VU#801089
Reference: URL:http://www.kb.cert.org/vuls/id/801089
Reference: BID:14582
Reference: URL:http://www.securityfocus.com/bid/14582
Reference: OSVDB:18802
Reference: URL:http://www.osvdb.org/18802
Reference: SECTRACK:1014713
Reference: URL:http://securitytracker.com/id?1014713
Reference: SECUNIA:16470
Reference: URL:http://secunia.com/advisories/16470
Reference: SECUNIA:16464
Reference: URL:http://secunia.com/advisories/16464
Reference: XF:legato-portmapper-obtain-information(21893)
Reference: URL:http://xforce.iss.net/xforce/xfdb/21893

Votes:

Name: CVE-2005-0360

Description:
The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked as "safe for scripting" for Internet Explorer, which allows remote attackers to create or append to arbitrary files.

Status: Candidate
Phase: Assigned (20050211)
Reference: CERT-VN:VU#165022
Reference: URL:http://www.kb.cert.org/vuls/id/165022

Votes:

Name: CVE-2005-0361

Status: Candidate
Phase: Assigned (20050211)

Votes:

Name: CVE-2005-0362

Description:
awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) "pluginmode", (2) "loadplugin", or (3) "noloadplugin" parameters.

Status: Candidate
Phase: Assigned (20050211)
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=294488
Reference: OSVDB:16089
Reference: URL:http://www.osvdb.org/16089

Votes:

Name: CVE-2005-0363

Description:
awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the config parameter.

Status: Candidate
Phase: Assigned (20050211)
Reference: DEBIAN:DSA-682
Reference: URL:http://www.debian.org/security/2005/dsa-682
Reference: CONFIRM:http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=294488

Votes:

Name: CVE-2005-0364

Description:
Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11, and B.11.23 allows remote attackers to cause a denial of service.

Status: Candidate
Phase: Assigned (20050211)
Reference: HP:HPSBUX01117
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110805105200470&w=2
Reference: SECUNIA:14220
Reference: URL:http://secunia.com/advisories/14220/
Reference: XF:hpux-bind-dos(19276)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19276

Votes:

Name: CVE-2005-0365

Description:
The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack.

Status: Candidate
Phase: Assigned (20050211)
Reference: BUGTRAQ:20050211 insecure temporary file creation in kdelibs 3.3.2
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110814653804757&w=2
Reference: CONFIRM:http://bugs.kde.org/show_bug.cgi?id=97608
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20050316-2.txt
Reference: FEDORA:FEDORA-2005-245
Reference: URL:http://fedoranews.org/updates/FEDORA-2005-245.shtml
Reference: GENTOO:GLSA-200503-14
Reference: URL:http://security.gentoo.org/glsa/glsa-200503-14.xml
Reference: MANDRAKE:MDKSA-2005:045
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:045
Reference: MANDRAKE:MDKSA-2005:058
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:058
Reference: REDHAT:RHSA-2005:325
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-325.html
Reference: SECTRACK:1013525
Reference: URL:http://securitytracker.com/id?1013525
Reference: SECUNIA:14254
Reference: URL:http://secunia.com/advisories/14254

Votes:

Name: CVE-2005-0366

Description:
The integrity check feature in OpenPGP, when handling a message that was encrypted using cipher feedback (CFB) mode, allows remote attackers to recover part of the plaintext via a chosen-ciphertext attack when the first 2 bytes of a message block are known, and an oracle or other mechanism is available to determine whether an integrity check failed.

Status: Candidate
Phase: Assigned (20050211)
Reference: MISC:http://eprint.iacr.org/2005/033
Reference: CONFIRM:http://www.pgp.com/library/ctocorner/openpgp.html
Reference: MISC:http://eprint.iacr.org/2005/033.pdf
Reference: GENTOO:GLSA-200503-29
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200503-29.xml
Reference: MANDRAKE:MDKSA-2005:057
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:057
Reference: SUSE:SUSE-SR:2005:007
Reference: URL:http://www.novell.com/linux/security/advisories/2005_07_sr.html
Reference: CERT-VN:VU#303094
Reference: URL:http://www.kb.cert.org/vuls/id/303094
Reference: BID:12529
Reference: URL:http://www.securityfocus.com/bid/12529
Reference: OSVDB:13775
Reference: URL:http://www.osvdb.org/13775
Reference: SECTRACK:1013166
Reference: URL:http://securitytracker.com/id?1013166

Votes:

Name: CVE-2005-0367

Description:
Multiple directory traversal vulnerabilities in ArGoSoft Mail Server 1.8.7.3 allow remote authenticated users to read, delete, or upload arbitrary files via a .. (dot dot) in (1) the filename of an e-mail attachment, (2) the _msgatt.rec file, (3) and the /msg, /delete, /folderadd, and /folderdelete operations for the Folder parameter.

Status: Candidate
Phase: Assigned (20050211)
Reference: BUGTRAQ:20050209 [SIG^2 G-TEC] ArGoSoft Mail Server Webmail Multiple Directory Traversal Vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110796956011699&w=2
Reference: MISC:http://www.security.org.sg/vuln/argosoftmail1873.html

Votes:

Name: CVE-2005-0368

Description:
Multiple SQL injection vulnerabilities in CMScore allow remote attackers to execute arbitrary SQL commands via the (1) EntryID or (2) searchterm parameter to index.php, or (3) username parameter to authenticate.php.

Status: Candidate
Phase: Assigned (20050211)
Reference: BUGTRAQ:20050209 CMS Core SQL injection
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110803385223054&w=2
Reference: BID:12457
Reference: URL:http://www.securityfocus.com/bid/12457
Reference: SECUNIA:14142
Reference: URL:http://secunia.com/advisories/14142/
Reference: XF:cmscore-multiple-sql-injection(19235)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19235

Votes:

Name: CVE-2005-0369

Description:
Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 earlier allows remote attackers to cause a denial of service (application crash) via a packet with a large (1) descriptor ID or (2) claim_id, which exceeds the boundaries of an array.

Status: Candidate
Phase: Assigned (20050211)
Reference: BUGTRAQ:20050210 Crashes and socket unreacheable in Armagetron Advanced 0.2.7.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110811699206052&w=2

Votes:

Name: CVE-2005-0370

Description:
Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and earlier allow remote attackers to cause a denial of service (network disconnection) via an empty UDP packet, which is not properly distinguished from the "no new packets" state of the associated socket.

Votes:

Name: CVE-2005-0371

Description:
Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and earlier allow remote attackers to cause a denial of service (freeze) via a large number of player connections that do not send any data.

Votes:

Name: CVE-2005-0372

Description:
Directory traversal vulnerability in gftp before 2.0.18 for GTK+ allows remote malicious FTP servers to read arbitrary files via .. (dot dot) sequences in filenames returned from a LIST command.

Status: Candidate
Phase: Assigned (20050213)
Reference: CONECTIVA:CLSA-2005:957
Reference: URL:http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000957
Reference: DEBIAN:DSA-686
Reference: URL:http://www.debian.org/security/2005/dsa-686
Reference: FEDORA:FEDORA-2005-309
Reference: URL:http://www.securityfocus.com/advisories/8379
Reference: FEDORA:FEDORA-2005-310
Reference: URL:http://www.securityfocus.com/advisories/8380
Reference: GENTOO:GLSA-200502-27
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200502-27.xml
Reference: MANDRAKE:MDKSA-2005:050
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:050
Reference: REDHAT:RHSA-2005:410
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-410.html
Reference: BID:12539
Reference: URL:http://www.securityfocus.com/bid/12539
Reference: OVAL:oval:org.mitre.oval:def:717
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:717

Votes:

Name: CVE-2005-0373

Description:
Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as digestmda5.c), as used in the DIGEST-MD5 SASL plugin for Cyrus-SASL but not in any official releases, allows remote attackers to execute arbitrary code.

Status: Candidate
Phase: Assigned (20050213)
Reference: CONFIRM:https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c?rev=1.171&content-type=text/x-cvsweb-markup
Reference: CONFIRM:https://bugzilla.andrew.cmu.edu/cgi-bin/cvsweb.cgi/src/sasl/plugins/digestmd5.c.diff?r1=1.170&r2=1.171
Reference: MLIST:[openbsd-ports] 20040717 UPDATE: cyrus-sasl-2.1.19
Reference: URL:http://www.monkey.org/openbsd/archive/ports/0407/msg00265.html
Reference: GENTOO:GLSA-200410-05
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200410-05.xml
Reference: MANDRAKE:MDKSA-2005:054
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:054
Reference: SUSE:SUSE-SR:2005:006
Reference: URL:http://www.linuxcompatible.org/print42495.html
Reference: BID:11347
Reference: URL:http://www.securityfocus.com/bid/11347
Reference: XF:cyrus-sasl-digestmda5-bo(17642)
Reference: URL:http://xforce.iss.net/xforce/xfdb/17642

Votes:

Name: CVE-2005-0374

Description:
Cross-site scripting (XSS) vulnerability in Bitboard 2.5 and earlier allows remote attackers to inject arbitrary web script or HTML via an [img] bbcode image tag with an event such as mouseover.

Status: Candidate
Phase: Assigned (20050213)
Reference: BUGTRAQ:20050112 Security Advisory: BiTBOARD xss
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110555988111899&w=2
Reference: BID:12248
Reference: URL:http://www.securityfocus.com/bid/12248
Reference: SECTRACK:1012864
Reference: URL:http://securitytracker.com/id?1012864
Reference: XF:bitshifters-bitboard-xss(18871)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18871

Votes:

Name: CVE-2005-0375

Description:
imageview.php in SGallery 1.01 allows remote attackers to obtain sensitive information via an HTTP request with (1) idalbum and (2) idimage unset, which reveals the installation path in an error message for the sql_fetch_row function.

Status: Candidate
Phase: Assigned (20050213)
Reference: BUGTRAQ:20050112 [waraxe-2005-SA#039] - Critical Sql Injection in Sgallery module for PhpNuke
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110557050700947&w=2
Reference: FULLDISC:20050112 [waraxe-2005-SA#039] - Critical Sql Injection in Sgallery module for PhpNuke
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030844.html
Reference: MISC:http://www.waraxe.us/advisory-39.html
Reference: SECTRACK:1012868
Reference: URL:http://securitytracker.com/id?1012868
Reference: XF:sgallery-path-disclosure(18877)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18877

Votes:

Name: CVE-2005-0376

Description:
PHP remote file inclusion vulnerability in SGallery 1.01 allows local and possibly remote attackers to execute arbitrary PHP code by modifying the DOCUMENT_ROOT parameter to reference a URL on a remote web server that contains (1) config.php or (2) sql_layer.php.

Status: Candidate
Phase: Assigned (20050213)
Reference: BUGTRAQ:20050112 [waraxe-2005-SA#039] - Critical Sql Injection in Sgallery module for PhpNuke
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110557050700947&w=2
Reference: FULLDISC:20050112 [waraxe-2005-SA#039] - Critical Sql Injection in Sgallery module for PhpNuke
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030844.html
Reference: MISC:http://www.waraxe.us/advisory-39.html
Reference: SECTRACK:1012868
Reference: URL:http://securitytracker.com/id?1012868
Reference: SECUNIA:13824
Reference: URL:http://secunia.com/advisories/13824
Reference: XF:sgallery-file-include(18878)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18878

Votes:

Name: CVE-2005-0377

Description:
SQL injection vulnerability in imageview.php for SGallery 1.01 allows remote attackers to execute arbitrary SQL commands via the (1) idalbum or (2) idimage parameters.

Status: Candidate
Phase: Assigned (20050213)
Reference: BUGTRAQ:20050112 [waraxe-2005-SA#039] - Critical Sql Injection in Sgallery module for PhpNuke
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110557050700947&w=2
Reference: FULLDISC:20050112 [waraxe-2005-SA#039] - Critical Sql Injection in Sgallery module for PhpNuke
Reference: URL:http://lists.grok.org.uk/pipermail/full-disclosure/2005-January/030844.html
Reference: MISC:http://www.waraxe.us/advisory-39.html
Reference: BID:12249
Reference: URL:http://www.securityfocus.com/bid/12249
Reference: SECTRACK:1012868
Reference: URL:http://securitytracker.com/id?1012868
Reference: SECUNIA:13824
Reference: URL:http://secunia.com/advisories/13824
Reference: XF:sgallery-imageview-sql-injection(18876)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18876

Votes:

Name: CVE-2005-0378

Description:
Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) group parameter to prefs.php or (2) url parameter to index.php.

Status: Candidate
Phase: Assigned (20050213)
Reference: BUGTRAQ:20050113 Cross Site Scripting holes found in Horde 3.0
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110564059322774&w=2
Reference: MISC:http://www.hyperdose.com/advisories/H2005-01.txt
Reference: BID:12255
Reference: URL:http://www.securityfocus.com/bid/12255
Reference: SECTRACK:1012892
Reference: URL:http://securitytracker.com/id?1012892
Reference: XF:horde-prefs-index-xss(18881)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18881

Votes:

Name: CVE-2005-0379

Description:
Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5 and earlier allow remote attackers to read arbitrary files via a .. (dot dot) in the _zb_path parameter to (1) _head.php or (2) outlogin.php, or the dir parameter to (3) write.php.

Votes:

Name: CVE-2005-0380

Description:
Multiple PHP remote file inclusion vulnerabilities in (1) print_category.php, (2) login.php, (3) setup.php, (4) ask_password.php, or (5) error.php in ZeroBoard 4.1pl5 and earlier allow remote attackers to execute arbitrary PHP code by modifying the dir parameter to reference a URL on a remote web server that contains the code.

Status: Candidate
Phase: Assigned (20050213)
Reference: BUGTRAQ:20050113 STG Security Advisory: [SSA-20050113-25] ZeroBoard multiple vulnerabilities
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110565373407474&w=2
Reference: BID:12206
Reference: URL:http://www.securityfocus.com/bid/12206
Reference: BID:12258
Reference: URL:http://www.securityfocus.com/bid/12258
Reference: OSVDB:12928
Reference: URL:http://www.osvdb.org/12928
Reference: OSVDB:12930
Reference: URL:http://www.osvdb.org/12930
Reference: OSVDB:12931
Reference: URL:http://www.osvdb.org/12931
Reference: OSVDB:12932
Reference: URL:http://www.osvdb.org/12932
Reference: OSVDB:12929
Reference: URL:http://www.osvdb.org/12929
Reference: SECTRACK:1012884
Reference: URL:http://securitytracker.com/id?1012884
Reference: SECUNIA:13769
Reference: URL:http://secunia.com/advisories/13769
Reference: XF:zeroboard-printcategory-file-include(18892)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18892
Reference: XF:zeroboard-zero-vote-file-include(18893)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18893

Votes:

Name: CVE-2005-0381

Description:
Cross-site scripting (XSS) vulnerability in f.aspx in forumKIT 1.0 allows remote attackers to inject arbitrary web script or HTML via the members parameter.

Status: Candidate
Phase: Assigned (20050213)
Reference: BUGTRAQ:20050113 XSS Vulnerability in ForumKIT
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110563769413994&w=2
Reference: BID:12256
Reference: URL:http://www.securityfocus.com/bid/12256
Reference: SECTRACK:1012895
Reference: URL:http://securitytracker.com/id?1012895
Reference: XF:forumkit-members-xss(18880)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18880

Votes:

Name: CVE-2005-0382

Description:
Breed patch 1 and earlier allows remote attackers to cause a denial of service (application crash) via an empty UDP packet, which triggers a null dereference.

Status: Candidate
Phase: Assigned (20050213)
Reference: BUGTRAQ:20050113 Server crash in Breed patch #1
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110565587010998&w=2
Reference: BID:12262
Reference: URL:http://www.securityfocus.com/bid/12262
Reference: SECUNIA:13211
Reference: URL:http://secunia.com/advisories/13211
Reference: XF:breed-udp-datagram-dos(18890)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18890

Votes:

Name: CVE-2005-0383

Description:
Trend Micro Control Manager 3.0 Enterprise Edition allows remote attackers to gain privileges via a replay attack of the encrypted username and password.

Status: Candidate
Phase: Assigned (20050213)
Reference: BUGTRAQ:20050113 Trend Micro Control Manager - Enterprise Edition 3.0 Web application Replay attack
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110564369316593&w=2
Reference: BUGTRAQ:20050113 Trend Micro Control Manager - Enterprise Edition 3.0 Web application Replay attack
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110565281205427&w=2
Reference: MISC:http://www.cirt.dk/advisories/cirt-28-advisory.pdf
Reference: XF:control-manager-replay-attack(18887)
Reference: URL:http://xforce.iss.net/xforce/xfdb/18887

Votes:

Name: CVE-2005-0384

Description:
Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via a pppd client.

Status: Candidate
Phase: Assigned (20050214)
Reference: DEBIAN:DSA-1070
Reference: URL:http://www.debian.org/security/2006/dsa-1070
Reference: DEBIAN:DSA-1067
Reference: URL:http://www.debian.org/security/2006/dsa-1067
Reference: DEBIAN:DSA-1069
Reference: URL:http://www.debian.org/security/2006/dsa-1069
Reference: DEBIAN:DSA-1082
Reference: URL:http://www.debian.org/security/2006/dsa-1082
Reference: FEDORA:FLSA:152532
Reference: URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
Reference: REDHAT:RHSA-2005:283
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-283.html
Reference: REDHAT:RHSA-2005:284
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-284.html
Reference: REDHAT:RHSA-2005:293
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-293.html
Reference: REDHAT:RHSA-2005:366
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-366.html
Reference: SUSE:SUSE-SA:2005:018
Reference: URL:http://www.novell.com/linux/security/advisories/2005_18_kernel.html
Reference: TRUSTIX:2005-0009
Reference: URL:http://www.trustix.org/errata/2005/0009/
Reference: UBUNTU:USN-95-1
Reference: URL:http://www.ubuntulinux.org/support/documentation/usn/usn-95-1
Reference: BID:12810
Reference: URL:http://www.securityfocus.com/bid/12810
Reference: SECUNIA:20163
Reference: URL:http://secunia.com/advisories/20163
Reference: SECUNIA:20202
Reference: URL:http://secunia.com/advisories/20202
Reference: SECUNIA:20338
Reference: URL:http://secunia.com/advisories/20338

Votes:

Name: CVE-2005-0385

Description:
Buffer overflow in luxman before 0.41, if used with certain insecure svgalib libraries, allows local users to execute arbitrary code via a long -f command line argument.

Status: Candidate
Phase: Assigned (20050214)
Reference: BUGTRAQ:20050314 DMA[2005-0310a] - 'Frank McIngvale LuxMan buffer overflow'
Reference: URL:http://www.securityfocus.com/archive/1/393195/2005-03-13/2005-03-19/0
Reference: MISC:http://www.digitalmunition.com/DMA[2005-0310a].txt
Reference: DEBIAN:DSA-693
Reference: URL:http://www.debian.org/security/2005/dsa-693
Reference: BID:12797
Reference: URL:http://www.securityfocus.com/bid/12797
Reference: SECUNIA:14582
Reference: URL:http://secunia.com/advisories/14582
Reference: XF:luxman-bo-execute-commands(19680)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19680

Votes:

Name: CVE-2005-0386

Description:
Cross-site scripting (XSS) vulnerability in network.cgi in mailreader before 2.3.29 earlier allows remote attackers to inject arbitrary web script or HTML via MIME text/enriched or text/richtext messages.

Status: Candidate
Phase: Assigned (20050214)
Reference: DEBIAN:DSA-700
Reference: URL:http://www.debian.org/security/2005/dsa-700
Reference: SECUNIA:14777
Reference: URL:http://secunia.com/advisories/14777

Votes:

Name: CVE-2005-0387

Description:
remstats 1.0.13 and earlier, when processing uptime data, allows local users to create or overwrite arbitrary files via a symlink attack on temporary files.

Status: Candidate
Phase: Assigned (20050214)
Reference: DEBIAN:DSA-704
Reference: URL:http://www.debian.org/security/2005/dsa-704

Votes:

Name: CVE-2005-0388

Description:
Unknown vulnerability in the remoteping service in remstats 1.0.13 and earlier allows remote attackers to execute arbitrary commands "due to missing input sanitising."

Status: Candidate
Phase: Assigned (20050214)
Reference: DEBIAN:DSA-704
Reference: URL:http://www.debian.org/security/2005/dsa-704

Votes:

Name: CVE-2005-0389

Description:
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2005-0814. Reason: This candidate is a duplicate of CVE-2005-0814. Notes: All CVE users should reference CVE-2005-0814 instead of this candidate. All references and descriptions in this candidate have been removed to prevent accidental usage.

Status: Candidate
Phase: Assigned (20050214)

Votes:

Name: CVE-2005-0390

Description:
Buffer overflow in the HTTP redirection capability in conn.c for Axel before 1.0b may allow remote attackers to execute arbitrary code.

Status: Candidate
Phase: Assigned (20050214)
Reference: CONFIRM:http://www.mail-archive.com/debian-devel-changes@lists.debian.org/msg118978.html
Reference: DEBIAN:DSA-706
Reference: URL:http://www.debian.org/security/2005/dsa-706
Reference: GENTOO:GLSA-200504-09
Reference: URL:http://security.gentoo.org/glsa/glsa-200504-09.xml
Reference: BID:13059
Reference: URL:http://www.securityfocus.com/bid/13059
Reference: SECUNIA:14831
Reference: URL:http://secunia.com/advisories/14831

Votes:

Name: CVE-2005-0391

Description:
geneweb 4.10 and earlier does not properly check file permissions and content during conversion, which allows attackers to modify arbitrary files.

Status: Candidate
Phase: Assigned (20050214)
Reference: DEBIAN:DSA-712
Reference: URL:http://www.debian.org/security/2005/dsa-712
Reference: XF:geneweb-insecure-file-permission(20176)
Reference: URL:http://xforce.iss.net/xforce/xfdb/20176

Votes:

Name: CVE-2005-0392

Description:
ppxp does not drop root privileges before opening log files, which allows local users to execute arbitrary commands.

Status: Candidate
Phase: Assigned (20050214)
Reference: DEBIAN:DSA-725
Reference: URL:http://www.debian.org/security/2005/dsa-725

Votes:

Name: CVE-2005-0393

Description:
The helper scripts for crip 3.5 do not properly use temporary files, which allows local users to have an unknown impact with unknown attack vectors.

Status: Candidate
Phase: Assigned (20050214)
Reference: DEBIAN:DSA-733
Reference: URL:http://www.debian.org/security/2005/dsa-733

Votes:

Name: CVE-2005-0394

Status: Candidate
Phase: Assigned (20050214)

Votes:

Name: CVE-2005-0395

Status: Candidate
Phase: Assigned (20050214)

Votes:

Name: CVE-2005-0396

Description:
Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in KDE before 3.4 allows local users to cause a denial of service (dcopserver consumption) by "stalling the DCOP authentication process."

Status: Candidate
Phase: Assigned (20050214)
Reference: BUGTRAQ:20050316 Multiple KDE Security Advisories (2005-03-16)
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111099766716483&w=2
Reference: CONFIRM:http://www.kde.org/info/security/advisory-20050316-1.txt
Reference: FEDORA:FLSA:178606
Reference: URL:http://www.securityfocus.com/archive/1/archive/1/427976/100/0/threaded
Reference: GENTOO:GLSA-200503-22
Reference: URL:http://security.gentoo.org/glsa/glsa-200503-22.xml
Reference: MANDRAKE:MDKSA-2005:058
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:058
Reference: REDHAT:RHSA-2005:307
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-307.html
Reference: REDHAT:RHSA-2005:325
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-325.html
Reference: BID:12820
Reference: URL:http://www.securityfocus.com/bid/12820

Votes:

Name: CVE-2005-0397

Description:
Format string vulnerability in the SetImageInfo function in image.c for ImageMagick before 6.0.2.5 may allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a filename argument to convert, which may be called by other web applications.

Status: Candidate
Phase: Assigned (20050214)
Reference: BUGTRAQ:20050303 [USN-90-1] Imagemagick vulnerability
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=110987256010857&w=2
Reference: DEBIAN:DSA-702
Reference: URL:http://www.debian.org/security/2005/dsa-702
Reference: GENTOO:GLSA-200503-11
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200503-11.xml
Reference: CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=83542
Reference: REDHAT:RHSA-2005:320
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-320.html
Reference: REDHAT:RHSA-2005:070
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-070.html
Reference: SUSE:SUSE-SA:2005:017
Reference: URL:http://www.novell.com/linux/security/advisories/2005_17_imagemagick.html
Reference: XF:imagemagick-filename-format-string(19586)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19586

Votes:

Name: CVE-2005-0398

Description:
The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets.

Status: Candidate
Phase: Assigned (20050214)
Reference: MLIST:[ipsec-tools-devel] 20050312 potential remote crash in racoon
Reference: URL:http://sourceforge.net/mailarchive/forum.php?thread_id=6787713&forum_id=32000
Reference: GENTOO:GLSA-200503-33
Reference: URL:http://security.gentoo.org/glsa/glsa-200503-33.xml
Reference: MANDRAKE:MDKSA-2005:062
Reference: URL:http://www.mandriva.com/security/advisories?name=MDKSA-2005:062
Reference: REDHAT:RHSA-2005:232
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-232.html
Reference: MISC:https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=109966&action=view
Reference: FRSIRT:ADV-2005-0264
Reference: URL:http://www.frsirt.com/english/advisories/2005/0264
Reference: BID:12804
Reference: URL:http://www.securityfocus.com/bid/12804
Reference: SECTRACK:1013433
Reference: URL:http://securitytracker.com/id?1013433
Reference: SECUNIA:14584
Reference: URL:http://secunia.com/advisories/14584
Reference: XF:racoon-isakmp-header-dos(19707)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19707

Votes:

Name: CVE-2005-0399

Description:
Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, Mozilla before to 1.7.6, and Thunderbird before 1.0.2, and possibly other applications that use the same library, allows remote attackers to execute arbitrary code via a GIF image with a crafted Netscape extension 2 block and buffer size.

Status: Candidate
Phase: Assigned (20050214)
Reference: ISS:20050323 Mozilla Foundation GIF Overflow
Reference: URL:http://xforce.iss.net/xforce/alerts/id/191
Reference: CONFIRM:http://www.mozilla.org/security/announce/mfsa2005-30.html
Reference: MISC:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=150877
Reference: GENTOO:GLSA-200503-30
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml
Reference: HP:HPSBUX01133
Reference: HP:SSRT5940
Reference: REDHAT:RHSA-2005:323
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-323.html
Reference: REDHAT:RHSA-2005:335
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-335.html
Reference: REDHAT:RHSA-2005:336
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-336.html
Reference: REDHAT:RHSA-2005:337
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-337.html
Reference: SCO:SCOSA-2005.49
Reference: URL:ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.49/SCOSA-2005.49.txt
Reference: SUSE:SUSE-SA:2006:022
Reference: URL:http://www.novell.com/linux/security/advisories/2006_04_25.html
Reference: SUSE:SUSE-SA:2006:004
Reference: URL:http://www.novell.com/linux/security/advisories/2006_04_25.html
Reference: CERT-VN:VU#557948
Reference: URL:http://www.kb.cert.org/vuls/id/557948
Reference: CIAC:P-160
Reference: URL:http://www.ciac.org/ciac/bulletins/p-160.shtml
Reference: BID:12881
Reference: URL:http://www.securityfocus.com/bid/12881
Reference: BID:15495
Reference: URL:http://www.securityfocus.com/bid/15495
Reference: FRSIRT:ADV-2005-0296
Reference: URL:http://www.frsirt.com/english/advisories/2005/0296
Reference: OVAL:oval:org.mitre.oval:def:100028
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100028
Reference: SECUNIA:14654
Reference: URL:http://secunia.com/advisories/14654
Reference: SECUNIA:19823
Reference: URL:http://secunia.com/advisories/19823
Reference: XF:gif-extension-overflow(19269)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19269

Votes:

Name: CVE-2005-0400

Description:
The ext2_make_empty function call in the Linux kernel before 2.6.11.6 does not properly initialize memory when creating a block for a new directory entry, which allows local users to obtain potentially sensitive information by reading the block.

Status: Candidate
Phase: Assigned (20050214)
Reference: BUGTRAQ:20050401 Information leak in the Linux kernel ext2 implementation
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111238764720696&w=2
Reference: MISC:http://arkoon.net/advisories/ext2-make-empty-leak.txt
Reference: FEDORA:FLSA:152532
Reference: URL:https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=152532
Reference: REDHAT:RHSA-2006:0190
Reference: URL:http://www.redhat.com/support/errata/RHSA-2006-0190.html
Reference: REDHAT:RHSA-2006:0191
Reference: URL:http://www.redhat.com/support/errata/RHSA-2006-0191.html
Reference: REDHAT:RHSA-2005:366
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-366.html
Reference: REDHAT:RHSA-2005:663
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-663.html
Reference: UBUNTU:USN-103-1
Reference: URL:http://www.ubuntulinux.org/support/documentation/usn/usn-103-1
Reference: BID:12932
Reference: URL:http://www.securityfocus.com/bid/12932
Reference: FRSIRT:ADV-2005-1878
Reference: URL:http://www.frsirt.com/english/advisories/2005/1878
Reference: SECUNIA:18684
Reference: URL:http://secunia.com/advisories/18684
Reference: SECUNIA:17002
Reference: URL:http://secunia.com/advisories/17002
Reference: XF:kernel-ext2-information-disclosure(19866)
Reference: URL:http://xforce.iss.net/xforce/xfdb/19866
Reference: CONFIRM:http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.11.6
Reference: SECUNIA:14713
Reference: URL:http://secunia.com/advisories/14713/

Votes:

Name: CVE-2005-0401

Description:
FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all attack vectors for loading chrome files and hijacking drag and drop events, which allows remote attackers to execute arbitrary XUL code by tricking a user into dragging a scrollbar, a variant of CVE-2005-0527, aka "Firescrolling 2."

Status: Candidate
Phase: Assigned (20050214)
Reference: BUGTRAQ:20050324 Firescrolling 2 [Firefox 1.0.1]
Reference: URL:http://marc.theaimsgroup.com/?l=bugtraq&m=111168413007891&w=2
Reference: MISC:http://mikx.de/firescrolling2/
Reference: CONFIRM:http://www.mozilla.org/security/announce/mfsa2005-32.html
Reference: GENTOO:GLSA-200503-30
Reference: URL:http://www.gentoo.org/security/en/glsa/glsa-200503-30.xml
Reference: HP:HPSBUX01133
Reference: HP:SSRT5940
Reference: REDHAT:RHSA-2005:335
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-335.html
Reference: REDHAT:RHSA-2005:336
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-336.html
Reference: REDHAT:RHSA-2005:384
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-384.html
Reference: FRSIRT:ADV-2005-0296
Reference: URL:http://www.frsirt.com/english/advisories/2005/0296
Reference: OVAL:oval:org.mitre.oval:def:100026
Reference: URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:100026
Reference: SECUNIA:14654
Reference: URL:http://secunia.com/advisories/14654
Reference: BID:12885
Reference: URL:http://www.securityfocus.com/bid/12885

Votes:

Name: CVE-2005-0402

Description:
Firefox before 1.0.2 allows remote attackers to execute arbitrary code by tricking a user into saving a page as a Firefox sidebar panel, then using the sidebar panel to inject Javascript into a privileged page.

Status: Candidate
Phase: Assigned (20050214)
Reference: CONFIRM:http://www.mozilla.org/security/announce/mfsa2005-31.html
Reference: MISC:https://bugzilla.mozilla.org/show_bug.cgi?id=284627
Reference: REDHAT:RHSA-2005:336
Reference: URL:http://www.redhat.com/support/errata/RHSA-2005-336.html
Reference: FRSIRT:ADV-2005-0296