Internet Security Systems
Date Reported: 06/01/2004
Brief Description: Kerberos krb5_aname_to_localname library function
buffer overflow
Risk Factor: High
Attack Type: Network Based
Platforms: Any operating system Any version, Mandrake Linux
10.0, Mandrake Linux 9.1, Mandrake Linux 9.2,
Mandrake Linux Corporate Server 2.1, Mandrake Multi
Network Firewall 8.2, MIT Kerberos 5 krb5-1.3.3 and
prior
Vulnerability: Kerberos-krb5anametolocalname-bo
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16268
Date Reported: 05/30/2004
Brief Description: jftpgw log function format string
Risk Factor: High
Attack Type: Network Based
Platforms: Any operating system Any version, Debian Linux 3.0,
jftpgw prior to 0.13.4
Vulnerability: jftpgw-log-format-string
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16271
Date Reported: 05/27/2004
Brief Description: jPortal print.inc.php allows SQL injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: jPortal Any version, Linux Any version, Unix Any
version, Windows Any version
Vulnerability: jportal-printincphp-sql-injection
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16272
Date Reported: 05/30/2004
Brief Description: GATOS xatitv program allows elevated privileges
Risk Factor: High
Attack Type: Host Based
Platforms: GATOS Any version, Linux Any version
Vulnerability: gatos-xatitv-gain-privileges
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16273
Date Reported: 05/31/2004
Brief Description: Linksys WRT54G remote administration function
security bypass
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linksys WRT54G 2.02.7
Vulnerability: linksys-remote-bypass-security
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16274
Date Reported: 05/29/2004
Brief Description: e107 multiple scripts path disclosure
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, e107 prior to
0.616
Vulnerability: e107-multiplescripts-path-disclosure
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16277
Date Reported: 05/28/2004
Brief Description: spamGuard multiple buffer overflows
Risk Factor: High
Attack Type: Network Based
Platforms: Linux Any version, spamGuard prior to 1.7-BETA,
Unix Any version
Vulnerability: spamguard-multiple-bo
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16278
Date Reported: 05/29/2004
Brief Description: e107 clock_menu.php cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, e107 prior to
0.616
Vulnerability: e107-clock-menu-xss
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16279
Date Reported: 05/29/2004
Brief Description: e107 email to a friend feature cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, e107 prior to
0.616
Vulnerability: e107-email-friend-xss
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16280
Date Reported: 05/29/2004
Brief Description: e107 user settings.php script cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, e107 prior to
0.616
Vulnerability: e107-user-setting-xss
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16281
Date Reported: 05/29/2004
Brief Description: e107 secure_img_render.php PHP file include
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, e107 prior to
0.616
Vulnerability: e107-secure-img-render-file-include
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16282
Date Reported: 05/29/2004
Brief Description: e107 content.php news.php SQL injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, e107 prior to
0.616
Vulnerability: e107-content-news-sql-injection
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16283
Date Reported: 05/29/2004
Brief Description: Land Down Under BBcode cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, Land Down Under
prior to 700-06
Vulnerability: ldu-bbcode-xss
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16284
Date Reported: 05/30/2004
Brief Description: SquirrelMail From header cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, SquirrelMail prior to 1.4.3,
SquirrelMail prior to 1.5.1 dev, Unix Any version
Vulnerability: squirrelmail-from-header-xss
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16285
Date Reported: 06/01/2004
Brief Description: Sambar show.asp and showperf.asp scripts cross-site
scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Sambar Server Pro Server 6.1
Beta 2, Windows Any version
Vulnerability: sambar-show-showperf-xss
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16286
Date Reported: 06/01/2004
Brief Description: Sambar showlog.asp and showini.asp scripts
directory traversal
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Sambar Server Pro Server 6.1
Beta 2, Windows Any version
Vulnerability: sambar-multiple-directory-traversal
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16287
Date Reported: 06/01/2004
Brief Description: PHP-Nuke eregi function path disclosure
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, PHP-Nuke 7.3 and
prior
Vulnerability: phpnuke-eregi-path-disclosure
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16294
Date Reported: 05/30/2004
Brief Description: PHP-Nuke mainfile.php SQL injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, PHP-Nuke Any
version
Vulnerability: phpnuke-mainfilephp-sql-injection
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16295
Date Reported: 06/01/2004
Brief Description: osc2nuke eregi path disclosure
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, osc2nuke 7.x and prior, Unix Any
version, Windows Any version
Vulnerability: osc2nuke-eregi-path-disclosure
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16296
Date Reported: 06/01/2004
Brief Description: Oscnukelite eregi path disclosure
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Oscnukelite 3.1 and prior, Unix
Any version, Windows Any version
Vulnerability: oscnukelite-eregi-path-disclosure
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16297
Date Reported: 06/01/2004
Brief Description: Nuke Cops eregi path disclosure
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, Nuke Cops betaNC,
PHP-Nuke 6.5 and later
Vulnerability: nukecops-ergei-path-disclosure
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16298
Date Reported: 06/01/2004
Brief Description: Linksys BEFSR41 remote administration function
security bypass
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linksys EtherFast BEFSR41 any version
Vulnerability: linksys-befsr41-remote-bypass-security
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16300
Date Reported: 06/02/2004
Brief Description: Gallery user bypass authentication
Risk Factor: High
Attack Type: Network Based
Platforms: Debian Linux 3.0, Gallery 1.2 up to 1.4.3-pl2,
Linux Any version
Vulnerability: gallery-user-bypass-authentication
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16301
Date Reported: 06/03/2004
Brief Description: Linksys Gozila.cgi denial of service
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linksys EtherFast BEFSR11 any version, Linksys
EtherFast BEFSR41 3, Linksys EtherFast BEFSR81 2,
Linksys EtherFast BEFSR81 3, Linksys EtherFast
BEFSRU31 any version, Linksys EtherFast BEFSX41 any
version, Linksys EtherFast BEFW11S4 3, Linksys
EtherFast BEFW11S4 4
Vulnerability: linksys-gozila-dos
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16302
Date Reported: 06/03/2004
Brief Description: Linksys DomainName buffer overflow
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linksys EtherFast BEFSR11 any version, Linksys
EtherFast BEFSR41 any version, Linksys EtherFast
BEFSR81 2, Linksys EtherFast BEFSR81 3, Linksys
EtherFast BEFSRU31 any version, Linksys EtherFast
BEFSX41 any version, Linksys EtherFast BEFW11S4 3,
Linksys EtherFast BEFW11S4 4
Vulnerability: linksys-domainname-bo
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16305
Date Reported: 06/03/2004
Brief Description: Opera favicon address spoofing
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, Opera 7.50 and earlier, Windows
Any version
Vulnerability: opera-favicon-spoofing
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16307
Date Reported: 05/28/2004
Brief Description: Isoqlog multiple buffer overflows
Risk Factor: High
Attack Type: Network Based
Platforms: Isoqlog 2.2-BETA, Linux Any version, Unix Any
version
Vulnerability: isoqlog-multiple-bo
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16308
Date Reported: 06/02/2004
Brief Description: Tripwire fprintf format string
Risk Factor: High
Attack Type: Host Based
Platforms: Linux Any version, Tripwire - Commercial 4.0.1 and
earlier, Tripwire - open-source 2.3.1 and prior
Vulnerability: tripwire-fprintf-format-string
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16309
Date Reported: 06/03/2004
Brief Description: Slackware Linux PHP allows elevated privileges
Risk Factor: High
Attack Type: Host Based
Platforms: Slackware Linux 8.1, Slackware Linux 9.0, Slackware
Linux 9.1
Vulnerability: linux-php-gain-privileges
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16310
Date Reported: 06/03/2004
Brief Description: log2mail syslog format string
Risk Factor: High
Attack Type: Host Based
Platforms: Debian Linux 3.0, log2mail prior to 0.2.5.2
Vulnerability: log2mail-syslog-format-string
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16311
Date Reported: 06/03/2004
Brief Description: NETGEAR WG602 default account
Risk Factor: High
Attack Type: Host Based / Network Based
Platforms: NETGEAR WG602 Any version
Vulnerability: netgearwg602-default-account
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16312
Date Reported: 06/02/2004
Brief Description: UNIX mkdir utility buffer overflow
Risk Factor: High
Attack Type: Host Based
Platforms: Unix Any version, Unix Seventh Edition
Vulnerability: unix-mkdir-bo
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16313
Date Reported: 06/03/2004
Brief Description: Multiple IBM products cookie session hijack
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, IBM Tivoli Access
Manager for e-business 3.9, IBM Tivoli Access
Manager for e-business 4.1, IBM Tivoli Access
Manager for e-business 5.1, IBM Tivoli Access
Manager Identity 5.1, IBM Tivoli Config Manager for
AutoTeller 2.1.0, IBM Tivoli Configuration Manager
4.2, IBM WebSphere Everyplace Server 2.1.3, IBM
WebSphere Everyplace Server 2.1.4, IBM WebSphere
Everyplace Server 2.1.5, Tivoli SecureWay Policy
Director 3.8
Vulnerability: ibm-cookie-session-hijack
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16315
Date Reported: 06/03/2004
Brief Description: InterBase database allows execution of code
Risk Factor: High
Attack Type: Network Based
Platforms: InterBase 7.1, Linux Any version, Unix Any version
Vulnerability: interbase-database-name-bo
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16316
Date Reported: 06/03/2004
Brief Description: Mail Manage EX mmex.php file include
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, Mail Manage EX
3.1.8 and prior
Vulnerability: mailmanage-mmex-file-include
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16317
Date Reported: 06/03/2004
Brief Description: SurgeMail invalid HTTP request path disclosure
Risk Factor: Low
Attack Type: Network Based
Platforms: Linux Any version, SurgeMail 1.9 and earlier, Unix
Any version, Windows 2000 Any version, Windows NT
Any version
Vulnerability: surgemail-invalid-path-disclosure
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16319
Date Reported: 06/03/2004
Brief Description: SurgeMail username cross-site scripting
Risk Factor: Medium
Attack Type: Network Based
Platforms: Linux Any version, SurgeMail 1.9 and earlier, Unix
Any version, Windows 2000 Any version, Windows NT
Any version
Vulnerability: surgemail-username-xss
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16320
Date Reported: 06/04/2004
Brief Description: Oracle E-Business SQL injection
Risk Factor: Medium
Attack Type: Network Based
Platforms: Any operating system Any version, Oracle E-Business
Suite 11.0.x, Oracle E-Business Suite 11.5.1 -
11.5.8, Oracle E-Business Suite 11i
Vulnerability: oracle-ebusiness-sql-injection
X-Force URL:
http://xforce.iss.net/xforce/xfdb/16324