 |
|
|
|
ColdFusion MX file uploading and error messages memory leak
updated since 17.04.2004 | | Published: |  | 19.04.2004 | | Source: |  | BUGTRAQ | | SecurityVulns ID: |  | 3618 | | Type: |  | remote | | Level: |  | 5/10 | | Description: |  | Memory leak on terminated file upload and oversized error message. |
| Affected: |  | MACROMEDIA : ColdFusion MX 6.1 |
| Original document |  | K. K. Mookhey, Network Intelligence Advisory - Denial of Service Vulnerability in ColdFusion MX (19.04.2004) |
| | | MACROMEDIA, MPSB04-06 - Security Patch available for ColdFusion MX 6.1 File Upload Denial of service (17.04.2004) |
| Squirrelmail chpasswd buffer overflow | | Published: | | 19.04.2004 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 3619 | | Type: | | local | | Level: | | 5/10 | | Description: | | Buffer overflow on oversized username. |
| Affected: | | SQUIRRELMAIL : SquirrelMail 1.5 |
| Original document | | Matias Neiff, Squirrelmail Chpasswod bof (19.04.2004) |
| Zaep crosssite scripting | | Published: | | 19.04.2004 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 3620 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Crossite scripting in message validation web interface. |
| Affected: | | ZAEP : Zaep AntiSpam 2.0 |
| Original document | | Aviram Jenik, [Full-Disclosure] Zaep AntiSpam Cross Site Scripting (19.04.2004) |
| Fastream NETFile DoS | | Published: | | 19.04.2004 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 3622 | | Type: | | remote | | Level: | | 5/10 | | Description: | | Server crashes on unknown FTP username/password. |
| Affected: | | FASTREAM : NETFile 6.5 |
| Original document | | Donato Ferrante, DoS in NETFile FTP/Web Server (19.04.2004) |
Serv-U buffer overflow
updated since 26.01.2004 | | Published: | | 19.04.2004 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 3394 | | Type: | | remote | | Level: | | 6/10 | | Description: | | Stack overflow in non-RFC 'chmod' and 'mdtm' and 'ls -l' commands. |
| Affected: | | RHINOSOFT : Serv-U 4.2 | | | | RHINOSOFT : Serv-U 5.0 |
| Original document | | SECURITEAM, [NT] Serv-U LIST -l Parameter Buffer Overflow (19.04.2004) |
| | | bkbll, [Full-Disclosure] [vulnwatch] Serv-U MDTM Command Buffer Overflow Vulnerability (26.02.2004) |
| | | Some Guy, [Full-Disclosure] Serv-U 4.1 Memory Corruption / Whatever (17.02.2004) |
| | | icbm, [SST]ServU MDTM command remote buffero verflow adv (26.01.2004) |
Symantec Security Check / Trend Micro HouseCall/ RAV online scanning/ Panda ActiveScan / Mcafee FreeScan / BitDefender ActiveX buffer overflow adn another problems
updated since 23.06.2003 | | Published: | | 19.04.2004 | | Source: | | FULL-DISCLOSURE | | SecurityVulns ID: | | 2922 | | Type: | | client | | Level: | | 5/10 | | Description: | | Multiple buffer overflows. File upload and execution. |
| Affected: | | SYMANTEC : Symantec RuFSI Utility Class | | | | TRENDMICRO : Trend Micro HouseCall ActiveX | | | | RAV : RAV Online Scanning ActiveX | | | | PANDA : ActiveScan 5.0 | | | | MCAFEE : Mcafee FreeScan |
| Original document | | Rafel Ivgi, [Full-Disclosure] BitDefender Scan Online(ActiveX) - Remote File Download & Execute & Private Information Disclosure (19.04.2004) |
| | | S G Masood, McAfee Freescan ActiveX Information Disclosure [Additional Details & PoC] (08.04.2004) |
| | | Rafel Ivgi, [Full-Disclosure] Symantec Virus Detection(Free ActiveX) - Remote Buffer Overflow (07.04.2004) |
| | | Rafel Ivgi, [Full-Disclosure] Mcafee FreeScan - Remote Buffer Overflow and Private Information Disclosure (07.04.2004) |
| | | Rafel Ivgi, Panda ActiveScan 5.0 - Remote Buffer Overflow and A Crash(D.O.S) (07.04.2004) |
| | | trihuynh_(at)_zeeup.com, RAV ActiveX Buffer overflow in ravupdt.dll file (01.08.2003) |
| | | trihuynh_(at)_zeeup.com, [Full-Disclosure] RAV Antivirus : Buffer Overflow in Online Scanning ActiveX (18.07.2003) |
| | | c c, [Full-Disclosure] Trend Micro ActiveX Multiple Overflows (13.07.2003) |
| | | c c, [Full-Disclosure] Symantec ActiveX control buffer overflow (23.06.2003) |
CGI bugs
updated since 19.04.2004 | | Published: | | 24.04.2004 | | Source: | | BUGTRAQ | | SecurityVulns ID: | | 3621 | | Type: | | remote | | Level: | | 5/10 |
| Affected: | | PHPBB : phpBB 2.0 | | | | POSTNUKE : PostNuke 0.7 | | | | PHORUM : Phorum 3.4 | | | | POSTNUKE : PostNuke 0.726 | | | | ADVANCEDGUESTBOO : Advanced Guestbook 2.2 | | | | POSTNUKE : phprofession 2.5 | | | | FUSIONPHP : Fusion News 3.6 | | | | PHPNUKE : PhpNuke Protector System 1.15 | | | | NQT : Network Query Tool 1.6 |
| Original document | | Janek Vind, [waraxe-2004-SA#024 - XSS and full path disclosure in Network Query Tool 1.6] (24.04.2004) |
| | | k1LL3r B0y, [Full-Disclosure] Cross Site Scripting fusion news (23.04.2004) |
| | | shr3kst3r_(at)_hushmail.com, [Full-Disclosure] pisg XSS (22.04.2004) |
| | | Janek Vind, [waraxe-2004-SA#021 - Multiple vulnerabilities in phprofession 2.5 module for PostNuke] (22.04.2004) |
| | | Janek Vind, [waraxe-2004-SA#022 - Multiple vulnerabilities in PostNuke 0.726 Phoenix - part 2] (22.04.2004) |
| | | JQ, Advanced Guestbook 2.2 -- SQL Injection Exploit (22.04.2004) |
| | | Valerio Santinelli, [PNSA 2004-2] PostNuke Security Advisory PNSA 2004-2 (22.04.2004) |
| | | Dariusz 'Officerrr' Kolasinski, phpBB modified by Przemo arbitary code execution (20.04.2004) |
| | | Ready Response, phpBB 2.0.8a and lower - IP spoofing vulnerability (20.04.2004) |
| | | Janek Vind, [Full-Disclosure] [waraxe-2004-SA#020 - Multiple vulnerabilities in PostNuke 0.726 Phoenix] (19.04.2004) |
| | | Janek Vind, [Full-Disclosure] [waraxe-2004-SA#019 - Critical sql injection bug in Phorum 3.4.7] (19.04.2004) |
|
|
|
|
|
| |
|
| |
