Computer Security

Search:Vulnerability:25.08.2004
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Solaris dtmail format string bug
Published:25.08.2004
Source:FULL-DISCLOSURE
SecurityVulns ID:3930
Type:local
Level:5/10
Description:format string bug in argv[0] allows privilege escalation to gid group.
Affected:ORACLE : Solaris 8
 ORACLE : Solaris 9
Original documentdocumentIDEFENSE, [Full-Disclosure] iDEFENSE Security Advisory 08.24.04: CDE Mailer argv[0] Format String Vulnerability (25.08.2004)
Discuss:Read or add your comments to this news (0 comments)

Hafiye terminal characters injection
Published:25.08.2004
Source:AKPOLAT
SecurityVulns ID:3931
Type:client
Level:4/10
Description:It's possible to inject terminal ESC sequences.
Affected:HALFIYE : Hafiye 1.0
Original documentdocumentSerkan Akpolat, Hafiye 1.0 Terminal Escape Sequence Injection Vulnerability (25.08.2004)
Discuss:Read or add your comments to this news (0 comments)

Bird Chat DoS
Published:25.08.2004
Source:BUGTRAQ
SecurityVulns ID:3933
Type:client
Level:5/10
Affected:BIRDCHAT : Bird Chat 1.61
Original documentdocumentDonato Ferrante, DoS in Bird Chat 1.61 (25.08.2004)
Discuss:Read or add your comments to this news (0 comments)

CGI bugs
updated since 17.08.2004
Published:25.08.2004
Source:
SecurityVulns ID:3914
Type:remote
Level:5/10
Affected:PHPNUKE : Php-Nuke 7.1
 QUIXPLORER : QuiXplorer 2.3
 PHPMYWEBHOSTING : PHPMyWebHosting 0.3
 CATCI : Catci 0.8
 PHPFUSION : PHP-Fusion 4.0
 MERAK : Merak Webmail Server 5.2
 YAPIG : YaPiG 0.92
 PLAYSMS : PlaySMS 0.7
 NIHUO : Nihuo Web Log Analyzer 1.6
 SYMPA : Sympa 4.1
 MANTIS : Mantis 0.19
 MYDMS : MyDMS 1.4
 JSHOP : JShop 1.2
 EGROUPWARE : eGroupWare 1.0
 WEBARTFACTORY : WebArtFactory CMS
 WEBAPP : WebAPP 9.9
 HASTYMAIL : Hastymail 1.0
 HASTYMAIL : Hastymail 1.1
 HASTYMAIL : Hastymail 1.2
Original documentdocumentJason Munro, Hastymail security update (25.08.2004)
 documentJérôme ATHIAS, WebAPP directory traversal and ability to retrieve the DES encrypted password hash (25.08.2004)
 documentNoticias, WebArtFactory CMS Vulnerability (25.08.2004)
 documentJose Antonio, Bugs fixed in Version 1.4.3 (25.08.2004)
 documentJose Antonio, Multiple Cross Site Scripting Vulnerabilities in eGroupWare (25.08.2004)
 documentDr`Ponidi Haryanto, JShop Input Validation Hole in 'page.php' Permits Cross-Site Scripting Attacks (25.08.2004)
 documentJose Antonio, Multiple vulnerabilities in MyDMS (22.08.2004)
 documentJose Antonio, Mantis Bugtracker Remote PHP Code Execution Vulnerability (22.08.2004)
 documentJose Antonio, Cross Site Scripting Vulnerability in Sympa (22.08.2004)
 documentAudun Larsen, Cross-Site Scripting (XSS) in Nihuo Web Log Analyzer (22.08.2004)
 documentSECURITEAM, [UNIX] PlaySMS SQL Injection via Cookie (19.08.2004)
 documentSECURITEAM, [UNIX] YaPiG add_comment.php PHP Code Injection (19.08.2004)
 documentCriolabs, Vulnerabilities in Merak Webmail Server. (19.08.2004)
 documentahmad muammar, Multiple vulnerabilities in PHP-FUSION (19.08.2004)
 documentAbu Lafy, Cross-Site Scripting (XSS) in Php-Nuke 7.1.0 (19.08.2004)
 documentFernando Quintero, SQL Injection in CACTI (17.08.2004)
 documentMatias Neiff, Posible security bug in phpMyWebhosting (17.08.2004)
 documentCyrille Barthelemy, QuiXplorer directory traversal (17.08.2004)
Discuss:Read or add your comments to this news (0 comments)

MusicDaemon unauthorized access
Published:25.08.2004
Source:BUGTRAQ
SecurityVulns ID:3935
Type:remote
Level:5/10
Description:It's possible to obtain any file remotely.
Affected:MUSICDAEMON : MusicDaemon 0.0
Original documentdocumentTal0n, MusicDaemon <= 0.0.3 /etc/shadow Stealer / DoS Exploit (25.08.2004)
Discuss:Read or add your comments to this news (0 comments)

imwheel symbolic links problem
Published:25.08.2004
Source:BUGTRAQ
SecurityVulns ID:3936
Type:local
Level:5/10
Description:PID file is created in /tmp directory
Affected:IMWHEEL : imwheel 1.0
Original documentdocumentI)ruid, CAU-2004-0002 - imwheel Predictable PidFile Name Race Condition (25.08.2004)
Discuss:Read or add your comments to this news (0 comments)

icecast crossite scripting
Published:25.08.2004
Source:BUGTRAQ
SecurityVulns ID:3938
Type:remote
Level:5/10
Description:Crossite scripting in User-Agent.
Affected:ICECAST : icecasts 1.3
Original documentdocumentDEBIAN, [SECURITY] [DSA 541-1] New icecast-server packages fix cross site scripting (25.08.2004)
Discuss:Read or add your comments to this news (0 comments)

Netscape NSS libraries buffer overflow
updated since 25.08.2004
Published:30.08.2004
Source:X-FORCE
SecurityVulns ID:3932
Type:library
Level:9/10
Description:Buffer overflow during SSL negotiation.
Affected:HP : HP-UX 11.00
 SUN : iPlanet Web Server 4.1
 HP : HP-UX 11.11
 HP : HP-UX 11.23
 MOZILLA : nss 3.9
 NETSCAPE : Netscape Enterprise Server 3.6
 NETSCAPE : Netscape Directory Server 6.2
 NETSCAPE : Netscape Certificate Server 6.2
Original documentdocumentHP, [security bulletin] SSRT4779 - rev.0 HP-UX Netscape NSS Library Suite SSLv2 remote buffer overflow (30.08.2004)
 documentX-FORCE, ISS Protection Brief: Netscape NSS Library Remote Compromise (25.08.2004)
Discuss:Read or add your comments to this news (0 comments)

Multiple Axis products unauthorized access
updated since 25.08.2004
Published:11.09.2004
Source:BUGTRAQ
SecurityVulns ID:3934
Type:remote
Level:6/10
Description:It's possible to obtain or change administrative account anonymously.
Affected:AXIS : Axis 2100
 AXIS : Axis 2110
 AXIS : Axis 2120
 AXIS : Axis 2130
 AXIS : Axis 2400
 AXIS : Axis 2401
 AXIS : Axis 2420
Original documentdocumentAXIS, Axis Network Camera and Video Server Security Advisory (11.09.2004)
 documentmcw_(at)_wcd.se, [PoC] Nasty bug(s) found in Axis Network Camera/Video Servers (25.08.2004)
Discuss:Read or add your comments to this news (0 comments)

multiple browsers cookie spoofing
updated since 25.08.2004
Published:17.09.2004
Source:BUGTRAQ
SecurityVulns ID:3939
Type:library
Level:4/10
Description:It's possible to spoof cookies for few 3rd level domains.
Affected:MICROSOFT : Internet Explorer 6.0
 KDE : KDE 3.2
 MOZILLA : Firefox 0.9
 KDE : KDE 3.3
 KDE : Konqueror 3.1
Original documentdocumentPaul Johnston, wp-04-0001: Multiple Browser Cookie Injection Vulnerabilities (17.09.2004)
 documentKDE, KDE Security Advisory: Konqueror Cross-Domain Cookie Injection (25.08.2004)
 documentGENTOO, [ GLSA 200408-23 ] kdelibs: Cross-domain cookie injection vulnerability (25.08.2004)
Discuss:Read or add your comments to this news (0 comments)

Internet Explorer drag-n-drop vulnerability
updated since 25.08.2004
Published:04.07.2007
Source:BUGTRAQ
SecurityVulns ID:3937
Type:client
Level:6/10
Description:By using javaasript in conjunction with shell:startup it's possible to place executable into startup folder if user drags an object on the page or scrolls the page.
Affected:MICROSOFT : Internet Explorer 5.5
 MICROSOFT : Internet Explorer 6.0
Original documentdocumentLIUDIEYU dot COM, Two Unpublished IE Cases (04.07.2007)
 documenthttp-equiv@excite.com, What A Drag (25.08.2004)
 documenthttp-equiv@excite.com, What A Drag II XP SP2 (25.08.2004)
 documentmikx, What A Drag! -revisited- (25.08.2004)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server