Palace buffer overflow Published: 09.02.2004 Source: WINTER-SMITH SecurityVulns ID: 3425 Type: client Level: 5/10 Description: Buffer overflow on parsing palace:// URL Affected: THEPALACE : The Palace 3.5 Original document Peter Winter-Smith , The Palace 3.x (Client) Stack Overflow Vulnerability (09.02.2004 )
DreamFTP formatstring bug Published: 09.02.2004 Source: BUGTRAQ SecurityVulns ID: 3426 Type: remote Level: 5/10 Description: Format string bug in username. Affected: BOLINTECH : DreamFTP 1.02 CVE: CVE-2007-0338 (Heap-based buffer overflow in Dream FTP Server allows remote attackers to execute arbitrary code via a USER command with a large number of format string specifiers, which triggers the overflow during processing of the Server Log.) Original document badpack3t , [Full-Disclosure] DreamFTP Server 1.02 Buffer Overflow (09.02.2004 )
vserver virtual machine protection bypass Published: 09.02.2004 Source: BUGTRAQ SecurityVulns ID: 3427 Type: remote Level: 5/10 Description: it's possible to escape virtual root Catalog regardless of permission. Affected: VSERVER : vserver 1.24 Original document Markus Müller , Linux 2.4.24 with vserver 1.24 exploit (09.02.2004 )
ApacheSSL protection bypass Published: 09.02.2004 Source: BUGTRAQ SecurityVulns ID: 3428 Type: remote Level: 5/10 Description: In basic authentication emulation mode it's possible to access server without certificate. Affected: APACHE-SSL : Apache-SSL 1.3 Original document Adam Laurie , Apache-SSL security advisory - apache_1.3.28+ssl_1.52 and prior (09.02.2004 )
php.ini PHP protection bypass Published: 09.02.2004 Source: BUGTRAQ SecurityVulns ID: 3429 Type: remote Level: 5/10 Description: It's possible tyo bypass protection (register_globals = on for example) of virtual host by requestin host without protection in same HTTP keep-alive connection before. Affected: PHP : PHP 4.3 Original document GENTOO , Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.6b) Gecko/20040101 (09.02.2004 )
TrackMania DoS Published: 09.02.2004 Source: FULL-DISCLOSURE SecurityVulns ID: 3430 Type: remote Level: 5/10 Description: random data to TCP/2350 causes program to crash. Affected: TRACKMANIA : TrackMania Original document Securiteinfo.com , [Full-Disclosure] TrackMania Demo Denial of Service (09.02.2004 )
clamav integer overflow Published: 09.02.2004 Source: BUGTRAQ SecurityVulns ID: 3431 Type: remote Level: 6/10 Description: Integer overflow on UUENCODE parsing. Affected: CLAMAV : clamav 0.65 Original document Oliver Eikemeier , clamav 0.65 remote DOS exploit (09.02.2004 )
CGI bugs Published: 12.02.2004 Source: SecurityVulns ID: 3424 Type: remote Level: 5/10 Affected: GALLERY : Gallery 1.4 GROHOL : Open Journal 2.5 DOTNETNUKE : DotNetNuke 1.0 PHPNUKE : Php-Nuke 7.1 MAXWEBPORTAL : MaxWebPortal 1.31 PHPNUKE : PHP-Nuke 6.9 EZCONTENTS : ezContents 2.0 BOSDEV : BosDates Original document GENTOO , [ GLSA 200402-04 ] Gallery <= 1.4.1 and below remote exploit vulnerability (12.02.2004 ) ZetaLabs , ZH2004-05SA (security advisory): Sql Injection Vulnerability in BosDates (11.02.2004 ) Cedric Cochin , PHP Code Injection Vulnerabilities in ezContents 2.0.2 and prior (11.02.2004 ) pokleyzz , [SCAN Associates Sdn Bhd Security Advisory] PHPNuke 6.9 > and below SQL Injection in multiple module. (10.02.2004 ) Janek Vind , [waraxe-2004-SA#003] - SQL injection in Php-Nuke 7.1.0 (10.02.2004 ) Manuel López , XSS, Sql Injection and Avatar ScriptCode Injection in MaxWebPortal (10.02.2004 ) Janek Vind , [waraxe-2004-SA#002] - Cross-Site Scripting (XSS) in Php-Nuke 7.1.0 (09.02.2004 ) Himeur Nourredine , formmail (PHP) Upload file using CSS (09.02.2004 ) Ferruh Mavituna , Dotnetnuke Multiple Vulnerabilities (09.02.2004 ) trihuynh_(at)_zeeup.com , Open Journal Blog Authenticaion Bypassing Vulnerability (09.02.2004 )
