CGI bugs updated since 08.04.2003
Published:		12.04.2003
Source:		BUGTRAQ
SecurityVulns ID:		2722
Type:		remote
Level:		5/10

Affected:		CHEZGREG : Coppermine 1.0
		VIGNETTE : Vignette Story Server 4.1
		VIGNETTE : Vignette Story Server 6
		INVISION : Invision Power Board 1.1
		BITSTRIKE : SignHere guestbook
		ORPLEX : Orplex guestbook
		LASOURCE : GuestBook 4
		LASOURCE : Super GuestBook 1.0
		PHPAY : Phpay 2.02
		ISCONLINE : ISC guestbook
		OCEAN12 : Ocean12 ASP Guestbook Manager 1.00

Original document		drG4njubas, Ocean12 ASP Guestbook Manager v1.00 (12.04.2003)
		drG4njubas, ISC guestbook script injection vulnerability. (10.04.2003)
		Ahmet Sabri ALPER, [ARL03-A16] Multiple Security Issues in phPay (10.04.2003)
		Over_G, Disclosing information in Super GuestBook (10.04.2003)
		Over_G, Admin access in GuestBook r4 (10.04.2003)
		drG4njubas, Orplex guestbook script injection. (09.04.2003)
		drG4njubas, SignHere guestbook vulnerability. (08.04.2003)
		Gossi The Dog , Two Invision Power Board 1.1.x vulns (08.04.2003)
		L0PHT, Vignette Story Server sensitive information disclosure (a040703-1) (08.04.2003)
		skylined_(at)_edup.tudelft.nl, Coppermine Photo Gallery remote compromise (08.04.2003)

Files:		Coppermine PHP upload exploit
Discuss:		Read or add your comments to this news (0 comments)

Gaim buffer overflow DoS
Published:		12.04.2003
Source:		BUGTRAQ
SecurityVulns ID:		2731
Type:		remote
Level:		5/10
Description:		Insuficient message length check leads to heap corruption.

Affected:

GAIM : gaim-encryption 1.15

Original document

Rapid 7 Security Advisories, R7-0013: Heap Corruption in Gaim-Encryption Plugin (12.04.2003)

Discuss:

Read or add your comments to this news (0 comments)

MacOS X DirectoryService privelege escalation
Published:		12.04.2003
Source:		BUGTRAQ
SecurityVulns ID:		2733
Type:		local
Level:		6/10
Description:		External touch command is executed without full path.

Affected:

APPLE : MacOS X 10.2

Original document

L0PHT, MacOS X DirectoryService Privilege Escalation (a041003-1) (12.04.2003)

Discuss:

Read or add your comments to this news (0 comments)

Unauthorized access to filemaker
Published:		12.04.2003
Source:		BUGTRAQ
SecurityVulns ID:		2735
Type:		remote
Level:		6/10
Description:		During authentication server sends full password list to client.

Affected:		FILEMAKER : FileMaker Pro 5.0
		FILEMAKER : FileMaker Pro 5.5
		FILEMAKER : FileMaker Pro 6.0
		FILEMAKER : FileMaker Server 5.0
		FILEMAKER : FileMaker Server 5.5
		FILEMAKER : FileMaker Server 6.0

Original document

Stephen White, FileMaker Pro network protocol sends passwords to any client attempting to connect to a shared database. (12.04.2003)

Discuss:

Read or add your comments to this news (0 comments)

Unauthorized file access via Oracle fndfs
Published:		12.04.2003
Source:		BUGTRAQ
SecurityVulns ID:		2732
Type:		remote
Level:		6/10

Affected:		ORACLE : Oracle E-Business Suite 10.7
		ORACLE : Oracle E-Business Suite 11.0
		ORACLE : Oracle E-Business Suite 11.5

Original document

Integrigy Security Alerts, Integrigy Security Advisory - Oracle Applications FNDFS Vulnerability (12.04.2003)

Discuss:

Read or add your comments to this news (1 comments)

Symbolic links in xfsdump
Published:		12.04.2003
Source:		BUGTRAQ
SecurityVulns ID:		2734
Type:		remote
Level:		5/10
Description:		File is created insecurely in the root of given file system.

Affected:

XFSDUMP : xfsdump 2.0

Original document

DEBIAN, [SECURITY] [DSA 283-1] New xfsdump packages fix insecure file creation (12.04.2003)

Discuss:

Read or add your comments to this news (0 comments)

SmartMax MailMax buffer overflow updated since 12.04.2003
Published:		17.05.2003
Source:		BUGTRAQ
SecurityVulns ID:		2736
Type:		remote
Level:		6/10
Description:		Buffer overflow on oversized LOGIN or SELECT IMAP command.

Affected:

SMARTMAX : MailMax 5.0

Original document		0x36, Buffer overflow vulnerability found in MailMax version 5 (17.05.2003)
		Dennis Rand, Buffer Overflow Vulnerability Found in MailMax Version 5 (12.04.2003)

Discuss:

Read or add your comments to this news (0 comments)