Internet Security Systems
Date Reported: 04/23/2004
Brief Description: Network Query Tool Nqt.php cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Network Query Tool 1.6, Unix Any version
Vulnerability: nqt-nqtphp-xss
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15929
Date Reported: 04/23/2004
Brief Description: Network Query Tool pqt.php script discloses path information
Risk Factor: Low
Attack Type: Network Based
Platforms: Network Query Tool 1.6, Unix Any version
Vulnerability: nqt-nqtphp-path-disclosure
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15957
Date Reported: 04/24/2004
Brief Description: Apache HTTP Server authentication modules memory corruption
Risk Factor: High
Attack Type: Network Based
Platforms: Apache HTTP Server 1.3.29 and earlier, Linux Any version, Unix Any version
Vulnerability: apache-auth-memory-corruption
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15958
Date Reported: 04/26/2004
Brief Description: phpwsBB allows message label viewing
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, phpwsBB prior to 0.9.2
Vulnerability: phpwsbb-message-label-viewing
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15959
Date Reported: 04/26/2004
Brief Description: phpwsContacts allows CSV file viewing
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, phpwsContacts prior to 0.8.3
Vulnerability: phpwscontacts-csv-file-viewing
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15960
Date Reported: 04/26/2004
Brief Description: MSMS Core ver.asp information disclosure
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, MSMS Core 0.2.4a and earlier
Vulnerability: msms-ver-info-disclosure
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15962
Date Reported: 04/23/2004
Brief Description: Protector System blocker_querry.php path disclosure
Risk Factor: Low
Attack Type: Network Based
Platforms: Any operating system Any version, Protector System 1.15.b1
Vulnerability: protector-blockerquery-path-disclosure
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15963
Date Reported: 04/25/2004
Brief Description: OpenBB multiple scripts SQL injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, OpenBB 1.06 and earlier, Unix
Any version, Windows Any version
Vulnerability: openbb-multiplescripts-sql-injection
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15964
Date Reported: 04/23/2004
Brief Description: Protector System blocker_query.php cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, Protector System 1.15.b1
Vulnerability: protector-blockerquery-xss
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15965
Date Reported: 04/25/2004
Brief Description: OpenBB multiple scripts cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, OpenBB 1.06 and earlier, Unix
Any version, Windows Any version
Vulnerability: openbb-multiple-scripts-xss
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15966
Date Reported: 04/25/2004
Brief Description: OpenBB tags execute code
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, OpenBB 1.06 and earlier, Unix
Any version, Windows Any version
Vulnerability: openbb-tags-execute-code
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15967
Date Reported: 04/23/2004
Brief Description: Protector System GET SQL injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, Protector System 1.15.b1
Vulnerability: protector-get-sql-injection
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15968
Date Reported: 04/23/2004
Brief Description: Protector System SQL filter bypass
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, Protector System 1.15.b1
Vulnerability: protector-sql-filter-bypass
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15969
Date Reported: 04/25/2004
Brief Description: OpenBB myhome.php script allows attacker to obtain information
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, OpenBB 1.06 and earlier, Unix
Any version, Windows Any version
Vulnerability: openbb-myhomephp-obtain-information
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15970
Date Reported: 04/25/2004
Brief Description: OpenBB file upload
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, OpenBB 1.06 and earlier, Unix
Any version, Windows Any version
Vulnerability: openbb-file-upload
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15971
Date Reported: 04/22/2004
Brief Description: Linux kernel i810 undisclosed issue
Risk Factor: High
Attack Type: Host Based
Platforms: Fedora Core 1, Linux kernel 2.4.22
Vulnerability: linux-i810
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15972
Date Reported: 04/22/2004
Brief Description: Linux kernel framebuffer undisclosed issue
Risk Factor: Medium
Attack Type: Host Based
Platforms: Fedora Core 1, Linux kernel 2.4.22, Mandrake Linux
10.0, Mandrake Linux 9.1, Mandrake Linux 9.2,
Mandrake Linux Corporate Server 2.1, Mandrake Multi Network Firewall 8.2
Vulnerability: linux-framebuffer
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15974
Date Reported: 04/26/2004
Brief Description: IBM HTTP Server GSKIT denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: AIX Any version, HP-UX Any version, IBM HTTP Server
1.3.12.x, IBM HTTP Server 1.3.19.x, IBM HTTP Server
1.3.26.x, IBM HTTP Server 1.3.28, IBM HTTP Server
2.0.42.x, IBM HTTP Server 2.0.47, Linux Any
version, Solaris Any version, Windows 2000 Any
version, Windows NT Any version
Vulnerability: ibm-http-gskit-dos
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15975
Date Reported: 04/25/2004
Brief Description: Horde IMP database has default login
Risk Factor: High
Attack Type: Network Based
Platforms: Horde any version, Linux Any version
Vulnerability: imp-database-default-login
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15976
Date Reported: 04/26/2004
Brief Description: eXtremail logging format string
Risk Factor: High
Attack Type: Network Based
Platforms: eXtremail 1.5.9, Unix Any version
Vulnerability: extremail-logging-format-string
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15977
Date Reported: 04/26/2004
Brief Description: Video Gallery error message path disclosure
Risk Factor: Low
Attack Type: Network Based
Platforms: Any operating system Any version, Video Gallery 0.1 Beta 5
Vulnerability: video-gallery-error-path-disclosure
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15978
Date Reported: 04/26/2004
Brief Description: Video Gallery SQL injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, Video Gallery 0.1 Beta 5
Vulnerability: video-gallery-sql-injection
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15979
Date Reported: 04/27/2004
Brief Description: HP JetAdmin source disclosure
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, HP JetAdmin 6.2
and earlier, HP JetAdmin 6.5, HP JetAdmin 7.0
Vulnerability: hp-jetadmin-source-disclosure
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15980
Date Reported: 04/27/2004
Brief Description: HP JetAdmin path disclosure
Risk Factor: Low
Attack Type: Network Based
Platforms: Any operating system Any version, HP JetAdmin 6.2
and earlier, HP JetAdmin 6.5, HP JetAdmin 7.0
Vulnerability: hp-jetadmin-path-disclosure
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15981
Date Reported: 04/27/2004
Brief Description: HP JetAdmin information disclosure
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, HP JetAdmin 6.2
and earlier, HP JetAdmin 6.5, HP JetAdmin 7.0
Vulnerability: hp-jetadmin-view-framework
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15982
Date Reported: 04/27/2004
Brief Description: HP JetAdmin weak encryption
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, HP JetAdmin 6.2
and earlier, HP JetAdmin 6.5, HP JetAdmin 7.0
Vulnerability: hp-jetadmin-weak-encryption
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15984
Date Reported: 04/27/2004
Brief Description: HP JetAdmin password replay
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, HP JetAdmin 6.2
and earlier, HP JetAdmin 6.5, HP JetAdmin 7.0
Vulnerability: hp-admin-password-replay
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15985
Date Reported: 04/27/2004
Brief Description: HP JetAdmin password bypass
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, HP JetAdmin 6.2
and earlier, HP JetAdmin 6.5, HP JetAdmin 7.0
Vulnerability: hp-jetadmin-password-bypass
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15986
Date Reported: 04/27/2004
Brief Description: HP JetAdmin allows attackers to write to cache.ini
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, HP JetAdmin 6.2
and earlier, HP JetAdmin 6.5, HP JetAdmin 7.0
Vulnerability: hp-jetadmin-cache-write
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15988
Date Reported: 04/27/2004
Brief Description: HP JetAdmin could allow attackers to execute
programs
Risk Factor: High
Attack Type: Network Based
Platforms: Any operating system Any version, HP JetAdmin 6.2
and earlier, HP JetAdmin 6.5, HP JetAdmin 7.0
Vulnerability: hp-jetadmin-program-execution
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15989
Date Reported: 04/27/2004
Brief Description: paFileDB login.php path disclosure
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux Any version, paFileDB 3.1, Unix Any version,
Windows Any version
Vulnerability: pafiledb-loginphp-path-disclosure
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15990
Date Reported: 04/27/2004
Brief Description: paFileDB pafiledb.php cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, paFileDB 3.1, Unix Any version,
Windows Any version
Vulnerability: pafiledb-pafiledbphp-xss
X-Force URL:
http://xforce.iss.net/xforce/xfdb/15992
Date Reported: 04/22/2004
Brief Description: Linux Kernel do_fork memory leak
Risk Factor: Medium
Attack Type: Host Based
Platforms: Fedora Core 1, Linux kernel 2.4, Linux kernel 2.6,
Mandrake Linux 10.0, Mandrake Linux 9.1, Mandrake
Linux 9.2, Mandrake Linux Corporate Server 2.1,
Mandrake Multi Network Firewall 8.2
Vulnerability: linux-dofork-memory-leak
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16002
Date Reported: 04/28/2004
Brief Description: sysklogd denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Mandrake Linux 10.0, Mandrake Linux 9.1, Mandrake
Linux 9.2, Mandrake Linux Corporate Server 2.1,
Mandrake Multi Network Firewall 8.2
Vulnerability: sysklogd-dos
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16003
Date Reported: 04/29/2004
Brief Description: Sesame servlets could allow unauthorized access to repository
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, Sesame prior to 1.0.1
Vulnerability: sesame-servlets-repository-access
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16006
Date Reported: 04/29/2004
Brief Description: osCommerce Admin Access With Levels plug-in bypass security
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, osCommerce 1.5.1, Unix Any
version, Windows Any version
Vulnerability: oscommerce-plugin-bypass-security
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16009
Date Reported: 04/28/2004
Brief Description: JForum could allow unauthorized access to forums
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, JForum prior to RC3
Vulnerability: jforum-forum-gain-access
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16010
Date Reported: 04/30/2004
Brief Description: LHA multiple buffer overflows
Risk Factor: High
Attack Type: Network Based
Platforms: LHA Any version, Linux Any version, Red Hat Linux 9, Unix Any version
Vulnerability: lha-multiple-bo
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16012
Date Reported: 04/30/2004
Brief Description: LHA directory traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms: LHA Any version, Linux Any version, Red Hat Linux 9, Unix Any version
Vulnerability: lha-directory-traversal
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16013
Date Reported: 04/30/2004
Brief Description: Linux rsync allows files to be written outside a module's path
Risk Factor: Medium
Attack Type: Network Based
Platforms: Debian Linux 3.0, Linux Any version, rsync prior to 2.6.1, Trustix Secure
Enterprise Linux 2, Secure Linux 1.5, Trustix Secure Linux 2.0, Trustix Secure Linux 2.1
Vulnerability: rsync-write-files
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16014
Date Reported: 04/30/2004
Brief Description: Midnight Commander allows local elevation of privileges
Risk Factor: High
Attack Type: Host Based
Platforms: Debian Linux 3.0, Linux Any version, Mandrake
Linux
10.0, Mandrake Linux 9.1, Mandrake Linux 9.2,
Mandrake Linux Corporate Server 2.1, Midnight
Commander 4.x, Unix Any version
Vulnerability: midnight-commander-local-privileges
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16016
Date Reported: 04/30/2004
Brief Description: MPlayer and xine-lib long URL buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, MPlayer 1.0pre1 - pre3try2, Unix
Any version, xine-lib 1-beta1 - 1-rc3c
Vulnerability: mplayer-long-url-bo
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16017
Date Reported: 04/30/2004
Brief Description: MPlayer and xine-lib RTSP session buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, MPlayer 1.0pre1 - pre3try2, Unix
Any version, xine-lib 1-beta1 - 1-rc3c
Vulnerability: mplayer-rtsp-session-bo
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16018
Date Reported: 04/30/2004
Brief Description: MPlayer and xine-lib RTSP RDT buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, MPlayer 1.0pre1 - pre3try2, Unix
Any version, xine-lib 1-beta1 - 1-rc3c
Vulnerability: mplayer-rtsp-rdt-bo
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16019
Date Reported: 04/30/2004
Brief Description: Midnight Commander creates insecure files
Risk Factor: High
Attack Type: Host Based
Platforms: Debian Linux 3.0, Linux Any version, Mandrake Linux
10.0, Mandrake Linux 9.1, Mandrake Linux 9.2,
Mandrake Linux Corporate Server 2.1, Midnight
Commander 4.x, Red Hat Linux 9, Unix Any version
Vulnerability: midnight-commander-insecure-files
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16020
Date Reported: 04/30/2004
Brief Description: Midnight Commander format string
Risk Factor: High
Attack Type: Host Based
Platforms: Debian Linux 3.0, Linux Any version, Mandrake Linux
10.0, Mandrake Linux 9.1, Mandrake Linux 9.2,
Mandrake Linux Corporate Server 2.1, Midnight
Commander 4.x, Red Hat Linux 9, Unix Any version
Vulnerability: midnight-commander-format-string
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16021
Date Reported: 04/30/2004
Brief Description: libpng PNG image denial of service
Risk Factor: Low
Attack Type: Network Based
Platforms: Debian Linux 3.0, libpng Any version, Mandrake
Linux 10.0, Mandrake Linux 9.1, Mandrake Linux 9.2,
Mandrake Linux Corporate Server 2.1, Mandrake Multi Network Firewall 8.2, Trustix Secure
Enterprise Linux 2, Trustix Secure Linux 2.0, Trustix Secure Linux 2.1
Vulnerability: libpng-png-dos
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16022
Date Reported: 04/30/2004
Brief Description: Moodle help.php cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, Moodle prior to 1.3
Vulnerability: moodle-help-xss
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16023
Date Reported: 04/30/2004
Brief Description: ReciPants ID SQL injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, ReciPants prior to 1.2
Vulnerability: recipants-id-sql-injection
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16024
Date Reported: 04/29/2004
Brief Description: SquirrelMail compose.php script cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, SquirrelMail 1.4.2, Unix Any version
Vulnerability: squirrel-composephp-xss
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16025