Dr.Web for OpenBSD failure Published: 03.07.2004 Source: SECURITYFOCUS SecurityVulns ID: 3809 Type: remote Level: 3/10 Description: Small stack size causes daemon fail to start if LocalScan = no configured whth message stack overflow in function int scanMail(int, time_t *, int, int, const char *) Affected: SALD : Dr.Web 4.31
Multiple linux kernel bugs Published: 03.07.2004 Source: BUGTRAQ SecurityVulns ID: 3810 Type: local Level: 7/10 Description: chown: users can change the group affiliation of arbitrary files to the group they belong to, missing DAC check in chown(2): local privilege escalation, overflow with signals: local denial-of-service, pss, mpu401 sound driver: read/write to complete memory, airo driver: read/write to complete memory, ALSA: copy_from_user/copy_to_user confused, acpi_asus: read from random memory, decnet: write to memory without checking, e1000 driver: read complete memory
Affected: LINUX : kernel 2.4 LINUX : kernel 2.6 Original document SUSE , SUSE Security Announcement: kernel (SUSE-SA:2004:020) (03.07.2004 )
IBM WebSphere Edge DoS Published: 03.07.2004 Source: BUGTRAQ SecurityVulns ID: 3811 Type: remote Level: 5/10 Description: Server crashes on incomlete HTTP request. Affected: IBM : WebSphere Edge Components Caching Proxy 5.02 Original document Leandro Meiners , [Full-Disclosure] CYBSEC - Security Advisory: Denial of Service in IBM WebSphere Edge Server (03.07.2004 )
BrightMail information leak Published: 03.07.2004 Source: BUGTRAQ SecurityVulns ID: 3812 Type: remote Level: 4/10 Description: Message classified as SPAM are available without authentication. Affected: BRUGHTMAIL : Brightmail Spamfilter 6.0 Original document Thomas Springer , Brightmail leaks other user's spam (03.07.2004 )
Multiple Netegrity products crossite scripting Published: 03.07.2004 Source: BUGTRAQ SecurityVulns ID: 3813 Type: remote Level: 5/10 Description: Web interface crossite scripting. Affected: NETEGRITY : IdentityMinder 5.6 NETEGRITY : Netegrity Policy Server 5.5 Original document vuln_(at)_hexview.com , [HW-MED] XSS in Netegrity IdentityMinder (03.07.2004 )
Esearch symbolic links problem Published: 03.07.2004 Source: BUGTRAQ SecurityVulns ID: 3815 Type: local Level: 5/10 Description: eupdatedb creates files in /tmp without checking for symbolic links. Affected: ESEARCH : esearch 0.6 Original document GENTOO , [ GLSA 200407-01 ] Esearch: Insecure temp file handling (03.07.2004 )
CGI bugs Published: 03.07.2004 Source: SecurityVulns ID: 3792 Type: remote Level: 5/10 Affected: CART32 : Cart32 3.5 PHPMYADMIN : phpMyAdmin 2.5 CUTEPHP : CuteNews 1.3 WEBSOFT : Infinity WEB 1.0 POWERPORTAL : PowerPortal 1.0 CGI : csFAQ CART32 : Cart32 4.5 CART32 : Cart32 5.0 ARTMEDIC : Artmedic Links 5.0 MILLERGROUP : Centre 1.0 SIMMCOMM : SCI Photo Chat Server 3.4 ECHATSERVER : Easy Chat Server 1.2 Original document Donato Ferrante , Multiple Vulnerabilities in Easy Chat Server 1.2 (03.07.2004 ) Donato Ferrante , [Full-Disclosure] XSS in SCI Photo Chat Server 3.4.9 (02.07.2004 ) Manip , [Full-Disclosure] Centre 1.0 PHP injection, bypass authentication + possible SQL injection. (02.07.2004 ) Nasir Simbolon , php codes injection in phpMyAdmin version 2.5.7. (30.06.2004 ) SECURITEAM , [UNIX] Artmedic Links File Inclusion Vulnerability (29.06.2004 ) SECURITEAM , [NT] Cart32 Cross-Site Scripting (29.06.2004 ) DarkBicho , Full path disclosure csFAQ (29.06.2004 ) DarkBicho , [Full-Disclosure] Multiple vulnerabilities PowerPortal (28.06.2004 ) DarkBicho , [Full-Disclosure] Cross-Site Scripting CuteNews (28.06.2004 ) D'Amato Luigi , [Full-Disclosure] ZH2004-14SA (security advisory):Sql Injection in Infinity WEB (28.06.2004 )
D-Link DI-624/NetworkEverywhere NR041 crossite scripting Published: 27.08.2004 Source: BUGTRAQ SecurityVulns ID: 3814 Type: remote Level: 4/10 Description: Information from DFHCP request is shown on web administration page without filtering.
