Internet Explorer cookie spoofing Published: 15.11.2004 Source: BUGTRAQ SecurityVulns ID: 4189 Type: remote Level: 4/10 Description: Under certain conditions it's possible to change cookie path.
Original document snsadv_(at)_lac.co.jp , [SNS Advisory No.79] A Possibility of Cookie Overwrite in Microsoft Internet Explorer (15.11.2004 )
Webroot Spy Sweeper weak encryption Published: 15.11.2004 Source: BUGTRAQ SecurityVulns ID: 4190 Type: local Level: 5/10 Description: Password is stored in registry uencrypted. Affected: WEBROOT : Spy Sweeper 3.2 CVE: CVE-2006-6959 (WebRoot Spy Sweeper 4.5.9 and earlier allows local users to bypass the "Startup-Shield" security restrictions by modifying certain registry keys.) Original document Frank Mileto , [Full-Disclosure] Webroot Spy Sweeper Enterprise Adminpassord open to the world (15.11.2004 )
NetNote DoS Published: 15.11.2004 Source: BUGTRAQ SecurityVulns ID: 4191 Type: remote Level: 5/10 Description: Malcrafted string to TCP/6123 causes program to crash. Affected: ALSHARE : NetNote Server 2.2 Original document class 101 , [Full-Disclosure] [Advisory + Exploit] NetNote Server 2.2, Remote Crafted String Vulnerability (15.11.2004 )
Attachment spoofing code execution in Eudora Published: 15.11.2004 Source: BUGTRAQ SecurityVulns ID: 2847 Type: client Level: 5/10 Description: If "attach" and "attach.exe" co-exist in message and "attach" is clicked, "attach.exe" will be silently executed instead. Affected: QUALCOMM : Eudora 5.2 QUALCOMM : Eudora 6.0 QUALCOMM : Eudora 6.1 EUDORA : Eudora 6.2 Original document Paul Szabo , Eudora 6.2 attachment spoof (15.11.2004 ) Paul Szabo , Eudora 6.2.0.7 attachment spoof (11.10.2004 ) Paul Szabo , Eudora 6.1.2 attachment spoof (08.07.2004 ) Paul Szabo , Eudora 6.0.1 LaunchProtect (26.11.2003 ) Paul Szabo , Eudora 6.0 attachment spoof, exploit (16.09.2003 ) Paul Szabo , Re: Eudora 5.2.1 attachment spoof (28.05.2003 )
SAMBA buffer overflow Published: 16.11.2004 Source: FULL-DISCLOSURE SecurityVulns ID: 4192 Type: remote Level: 5/10 Description: By setting small buffer in TRANSACT2_QFILEPATHINFO it's possible to cause dynamic memory buffer overflow on oversized path. Affected: SAMBA : Samba 3.0 Original document SAMBA , [SAMBA] CAN-2004-0882: Possiebl Buffer Overrun in smbd (16.11.2004 ) Stefan Esser , [Full-Disclosure] Advisory 13/2004: Samba 3.x QFILEPATHINFO unicode filename buffer overflow (15.11.2004 )
CGI bugs Published: 19.11.2004 Source: SecurityVulns ID: 4188 Type: remote Level: 5/10 Affected: INVISION : Invision Power Board 2.0 PHPSCHEDULEIT : phpScheduleIt 1.0 PHPMYADMIN : phpMyAdmin 2.6 THEFACEBOOK : TheFaceBook AZTEK : Aztek PUNBB : PunBB 1.3 PHPNUKE : Event Calendar 2.13 APPSERV : AppServ 2.5 DUWARE : DUGallery CLICKANDBUILD : ClickandBuild Original document SECUNIA , [SA13236] ClickandBuild Constructed Store "listPos" Cross-Site Scripting Vulnerability (19.11.2004 ) SECUNIA , [SA13241] phpMyAdmin Cross-Site Scripting Vulnerabilities (19.11.2004 ) SECURITEAM , [NT] DUGallery Database disclosure (19.11.2004 ) saudi linux , AppServ 2.5.x and Prior Exploit (19.11.2004 ) Alexander Anisimov , [MaxPatrol] SQL-injection in Invision Power Board 2.x (19.11.2004 ) Andrew Smith , [Full-Disclosure] Click and Build eCommerce Platform Cross Site Scripting (18.11.2004 ) SECUNIA , [SA13206] phpScheduleIt Reservation Manipulation Vulnerability (17.11.2004 ) Janek Vind , [waraxe-2004-SA#038 - Multiple vulnerabilities in Event Calendar module for PhpNuke] (17.11.2004 ) SECUNIA , [SA13201] PunBB Private Message System Module Two Vulnerabilities (16.11.2004 ) SECUNIA , [SA13202] Aztek Forum Cross-Site Scripting Vulnerabilities (16.11.2004 ) Alex Lanstein , XSS in TheFaceBook round 2 (16.11.2004 ) Alex Lanstein , Multiple XSS holes in TheFaceBook (15.11.2004 ) Jérôme ATHIAS , SQL Injection in phpBT (bug.php - Add) (15.11.2004 )
IPSwitch IMAIL Mail server IMAP buffer overflow Published: 11.03.2005 Source: BUGTRAQ SecurityVulns ID: 4193 Type: remote Level: 5/10 Description: Buffer overflow in IMAP DELETE and EXAMINE commands.
